@f2a/network 0.1.3 → 0.2.0

package/dist/core/identity/identity-manager.js

@@ -0,0 +1,454 @@
+/**
+ * Identity Manager
+ * Manages libp2p PeerId (Ed25519) and E2EE key pair (X25519)
+ * Persists identity to local filesystem
+ */
+import { promises as fs } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { generateKeyPair, unmarshalPrivateKey, marshalPrivateKey } from '@libp2p/crypto/keys';
+import { peerIdFromKeys } from '@libp2p/peer-id';
+import { x25519 } from '@noble/curves/ed25519.js';
+import { Logger } from '../../utils/logger.js';
+import { success, failure, failureFromError, createError } from '../../types/index.js';
+import { encryptIdentity, decryptIdentity } from './encrypted-key-store.js';
+import { DEFAULT_DATA_DIR, IDENTITY_FILE } from './types.js';
+import { isValidBase64, secureWipe } from '../../utils/crypto-utils.js';
+/**
+ * Type guard to validate EncryptedIdentity structure
+ * P2 修复：使用类型守卫替代类型断言链
+ */
+function isEncryptedIdentity(obj) {
+    if (typeof obj !== 'object' || obj === null) {
+        return false;
+    }
+    const record = obj;
+    return (record.encrypted === true &&
+        typeof record.salt === 'string' &&
+        typeof record.iv === 'string' &&
+        typeof record.authTag === 'string' &&
+        typeof record.ciphertext === 'string');
+}
+/**
+ * Identity Manager
+ *
+ * Responsibilities:
+ * - Manage libp2p PeerId (Ed25519 key pair)
+ * - Manage E2EE key pair (X25519)
+ * - Persist identity to local filesystem
+ * - Support password-encrypted storage
+ */
+export class IdentityManager {
+    dataDir;
+    password;
+    peerId = null;
+    privateKey = null;
+    e2eePublicKey = null;
+    e2eePrivateKey = null;
+    createdAt = null;
+    logger;
+    /** P0 修复：并发锁，防止 loadOrCreate 重复调用 */
+    loadPromise = null;
+    /** P1-2 修复：exportIdentity 调用计数器，用于频率限制 */
+    exportCallCount = 0;
+    /** P2 修复：滑动窗口 - 记录所有导出调用的时间戳 */
+    exportTimestamps = [];
+    /** P2 修复：滑动窗口大小（毫秒）- 1分钟窗口 */
+    static EXPORT_WINDOW_MS = 60000;
+    /** P2 修复：窗口内最大调用次数 */
+    static EXPORT_MAX_IN_WINDOW = 5;
+    /** P1-2 修复：exportIdentity 最大调用次数警告阈值 */
+    static EXPORT_MAX_CALLS_WARN = 10;
+    constructor(options = {}) {
+        this.dataDir = options.dataDir || join(homedir(), DEFAULT_DATA_DIR);
+        this.password = options.password;
+        this.logger = new Logger({ component: 'Identity' });
+    }
+    /**
+     * Get identity data file path
+     */
+    getIdentityFilePath() {
+        return join(this.dataDir, IDENTITY_FILE);
+    }
+    /**
+     * Ensure data directory exists with secure permissions
+     */
+    async ensureDataDir() {
+        try {
+            await fs.mkdir(this.dataDir, { recursive: true });
+            // Set directory permissions to 700 (owner only)
+            await fs.chmod(this.dataDir, 0o700);
+        }
+        catch (error) {
+            this.logger.error('Failed to create data directory', { error });
+            throw error;
+        }
+    }
+    /**
+     * Load or create identity
+     *
+     * - If identity file exists, load it
+     * - If not, create new identity
+     * - P0 修复：添加并发保护，防止重复调用
+     * - P1 修复：已加载时直接返回现有身份
+     */
+    async loadOrCreate() {
+        // P1 修复：如果已加载，直接返回现有身份
+        if (this.isLoaded()) {
+            return success(this.exportIdentityInternal());
+        }
+        // P0 修复：并发保护 - 如果正在加载，等待现有操作完成
+        if (this.loadPromise) {
+            return this.loadPromise;
+        }
+        // 创建新的加载操作
+        this.loadPromise = this.doLoadOrCreate();
+        try {
+            const result = await this.loadPromise;
+            return result;
+        }
+        finally {
+            // 清除锁，允许后续调用
+            this.loadPromise = null;
+        }
+    }
+    /**
+     * 实际的加载或创建逻辑（内部方法）
+     */
+    async doLoadOrCreate() {
+        try {
+            await this.ensureDataDir();
+            const identityFile = this.getIdentityFilePath();
+            try {
+                // Try to read existing identity
+                const data = await fs.readFile(identityFile, 'utf-8');
+                // P1 修复：安全解析 JSON，处理文件损坏
+                let parsed;
+                try {
+                    parsed = JSON.parse(data);
+                }
+                catch (parseError) {
+                    this.logger.error('Identity file is corrupted - invalid JSON', {
+                        error: parseError instanceof Error ? parseError.message : String(parseError)
+                    });
+                    return failure(createError('IDENTITY_CORRUPTED', 'Identity file is corrupted and cannot be parsed. The file may need to be deleted and a new identity created.'));
+                }
+                // P1 修复：类型安全检查 - 验证解析结果是否为有效对象
+                if (typeof parsed !== 'object' || parsed === null) {
+                    this.logger.error('Identity file is corrupted - not an object');
+                    return failure(createError('IDENTITY_CORRUPTED', 'Identity file is corrupted: invalid data structure.'));
+                }
+                // Check if file is encrypted
+                const parsedObj = parsed;
+                // P2 修复：类型守卫验证 - 检查 encrypted 字段是否为布尔值
+                const encryptedValue = parsedObj.encrypted;
+                const isEncrypted = typeof encryptedValue === 'boolean' && encryptedValue === true;
+                if (isEncrypted) {
+                    // File is encrypted, password is required
+                    if (this.password === undefined || this.password === '') {
+                        this.logger.error('Identity file is encrypted but no password provided');
+                        return failure(createError('IDENTITY_PASSWORD_REQUIRED', 'Identity file is encrypted but no password was provided. Please provide a password to decrypt.'));
+                    }
+                    // Attempt decryption
+                    try {
+                        // P2 修复：使用类型守卫验证 EncryptedIdentity 结构
+                        if (!isEncryptedIdentity(parsedObj)) {
+                            this.logger.error('Identity file is corrupted - invalid encrypted identity structure');
+                            return failure(createError('IDENTITY_CORRUPTED', 'Identity file is corrupted: invalid encrypted identity structure.'));
+                        }
+                        const persisted = decryptIdentity(parsedObj, this.password);
+                        await this.loadPersistedIdentity(persisted);
+                        // Update last used time
+                        await this.saveIdentity();
+                        this.logger.info('Loaded existing encrypted identity', {
+                            peerId: this.peerId?.toString().slice(0, 16),
+                            createdAt: this.createdAt?.toISOString()
+                        });
+                        return success(this.exportIdentityInternal());
+                    }
+                    catch (decryptError) {
+                        this.logger.error('Failed to decrypt identity with provided password', {
+                            error: decryptError instanceof Error ? decryptError.message : String(decryptError)
+                        });
+                        return failure(createError('IDENTITY_DECRYPT_FAILED', 'Failed to decrypt identity. The password may be incorrect.'));
+                    }
+                }
+                // Plaintext identity data (backward compatible)
+                const persisted = parsed;
+                await this.loadPersistedIdentity(persisted);
+                // Update last used time
+                await this.saveIdentity();
+                this.logger.info('Loaded existing plaintext identity', {
+                    peerId: this.peerId?.toString().slice(0, 16),
+                    createdAt: this.createdAt?.toISOString()
+                });
+                // Warn about plaintext storage
+                this.logger.warn('Identity is stored in plaintext. Consider setting a password for encryption.');
+                return success(this.exportIdentityInternal());
+            }
+            catch (readError) {
+                // File doesn't exist or parse failed, create new identity
+                if (readError.code === 'ENOENT') {
+                    this.logger.info('No existing identity found, creating new one');
+                    return await this.createNewIdentity();
+                }
+                throw readError;
+            }
+        }
+        catch (error) {
+            return failureFromError('IDENTITY_LOAD_FAILED', 'Failed to load or create identity', error);
+        }
+    }
+    /**
+     * Load identity from persisted data
+     */
+    async loadPersistedIdentity(persisted) {
+        // P4 修复：验证字段是否为有效的 base64
+        if (!isValidBase64(persisted.peerId)) {
+            throw new Error('Invalid persisted identity: peerId is not valid base64');
+        }
+        if (!isValidBase64(persisted.e2eePrivateKey)) {
+            throw new Error('Invalid persisted identity: e2eePrivateKey is not valid base64');
+        }
+        if (!isValidBase64(persisted.e2eePublicKey)) {
+            throw new Error('Invalid persisted identity: e2eePublicKey is not valid base64');
+        }
+        // Restore private key and PeerId
+        const privateKeyBytes = Buffer.from(persisted.peerId, 'base64');
+        this.privateKey = await unmarshalPrivateKey(privateKeyBytes);
+        this.peerId = await peerIdFromKeys(this.privateKey.public.bytes, this.privateKey.bytes);
+        // Securely wipe temporary private key bytes after use
+        secureWipe(privateKeyBytes);
+        // Restore E2EE key pair
+        this.e2eePrivateKey = Buffer.from(persisted.e2eePrivateKey, 'base64');
+        this.e2eePublicKey = Buffer.from(persisted.e2eePublicKey, 'base64');
+        // P1-1 修复：验证 createdAt 日期格式有效性
+        const parsedDate = new Date(persisted.createdAt);
+        if (isNaN(parsedDate.getTime())) {
+            throw new Error('Invalid persisted identity: createdAt is not a valid date format');
+        }
+        this.createdAt = parsedDate;
+    }
+    /**
+     * Create new identity
+     */
+    async createNewIdentity() {
+        try {
+            // Generate Ed25519 key pair for libp2p PeerId
+            this.privateKey = await generateKeyPair('Ed25519');
+            this.peerId = await peerIdFromKeys(this.privateKey.public.bytes, this.privateKey.bytes);
+            // Generate X25519 key pair for E2EE
+            this.e2eePrivateKey = x25519.utils.randomSecretKey();
+            this.e2eePublicKey = x25519.getPublicKey(this.e2eePrivateKey);
+            this.createdAt = new Date();
+            // Save identity
+            await this.saveIdentity();
+            this.logger.info('Created new identity', {
+                peerId: this.peerId.toString().slice(0, 16),
+                createdAt: this.createdAt.toISOString()
+            });
+            return success(this.exportIdentityInternal());
+        }
+        catch (error) {
+            return failureFromError('IDENTITY_CREATE_FAILED', 'Failed to create new identity', error);
+        }
+    }
+    /**
+     * Save identity to file
+     */
+    async saveIdentity() {
+        if (!this.privateKey || !this.peerId || !this.e2eePrivateKey || !this.e2eePublicKey || !this.createdAt) {
+            throw new Error('Identity not initialized');
+        }
+        const persisted = {
+            peerId: Buffer.from(marshalPrivateKey(this.privateKey)).toString('base64'),
+            e2eePrivateKey: Buffer.from(this.e2eePrivateKey).toString('base64'),
+            e2eePublicKey: Buffer.from(this.e2eePublicKey).toString('base64'),
+            createdAt: this.createdAt.toISOString(),
+            lastUsedAt: new Date().toISOString()
+        };
+        // Medium 修复：提取公共文件写入逻辑，避免重复代码
+        const shouldEncrypt = this.password !== undefined && this.password !== '';
+        if (!shouldEncrypt) {
+            // Warn about plaintext storage
+            this.logger.warn('Saving identity without encryption. Consider setting a password for better security.');
+        }
+        const data = shouldEncrypt
+            ? JSON.stringify(encryptIdentity(persisted, this.password))
+            : JSON.stringify(persisted, null, 2);
+        await this.writeIdentityFile(data);
+    }
+    /**
+     * 写入身份文件（内部方法）
+     * @param data 要写入的数据
+     */
+    async writeIdentityFile(data) {
+        const identityFile = this.getIdentityFilePath();
+        await fs.writeFile(identityFile, data, 'utf-8');
+        // Set file permissions to 600 (owner only)
+        await fs.chmod(identityFile, 0o600);
+    }
+    /**
+     * Export identity information (internal version, no rate limiting)
+     * 用于内部调用，不触发频率限制和审计日志
+     */
+    exportIdentityInternal() {
+        if (!this.peerId || !this.privateKey || !this.e2eePublicKey || !this.e2eePrivateKey || !this.createdAt) {
+            throw new Error('Identity not initialized');
+        }
+        return {
+            peerId: this.peerId.toString(),
+            privateKey: Buffer.from(marshalPrivateKey(this.privateKey)).toString('base64'),
+            e2eeKeyPair: {
+                publicKey: Buffer.from(this.e2eePublicKey).toString('base64'),
+                privateKey: Buffer.from(this.e2eePrivateKey).toString('base64')
+            },
+            createdAt: this.createdAt
+        };
+    }
+    /**
+     * Export identity information
+     *
+     * WARNING: This returns sensitive private key material in plaintext.
+     * - Do not log or expose the returned data
+     * - Clear from memory when no longer needed
+     * - Only call when absolutely necessary
+     *
+     * P1-2 修复：添加调用频率限制和审计日志
+     * P2 修复：实现滑动窗口限制，防止频率限制绕过
+     */
+    exportIdentity() {
+        if (!this.peerId || !this.privateKey || !this.e2eePublicKey || !this.e2eePrivateKey || !this.createdAt) {
+            throw new Error('Identity not initialized');
+        }
+        // P2 修复：滑动窗口频率限制
+        const now = Date.now();
+        // 1. 清理过期的时间戳（超过60秒窗口的）
+        this.exportTimestamps = this.exportTimestamps.filter(timestamp => now - timestamp < IdentityManager.EXPORT_WINDOW_MS);
+        // 2. 检查当前窗口内的调用次数
+        if (this.exportTimestamps.length >= IdentityManager.EXPORT_MAX_IN_WINDOW) {
+            const oldestInWindow = this.exportTimestamps[0];
+            const retryAfterMs = IdentityManager.EXPORT_WINDOW_MS - (now - oldestInWindow);
+            const retryAfterSec = Math.ceil(retryAfterMs / 1000);
+            this.logger.warn('SECURITY: exportIdentity rate limit exceeded', {
+                callCountInWindow: this.exportTimestamps.length,
+                maxAllowed: IdentityManager.EXPORT_MAX_IN_WINDOW,
+                retryAfterSeconds: retryAfterSec
+            });
+            throw new Error(`exportIdentity rate limit exceeded. Maximum ${IdentityManager.EXPORT_MAX_IN_WINDOW} calls per minute. ` +
+                `Please try again in ${retryAfterSec} seconds.`);
+        }
+        // 3. 记录本次调用时间戳
+        this.exportTimestamps.push(now);
+        // P1-2 修复：审计日志 - 记录敏感操作
+        this.exportCallCount++;
+        this.logger.warn('SECURITY: exportIdentity called - private key material exported', {
+            peerId: this.peerId.toString().slice(0, 16),
+            callCount: this.exportCallCount,
+            callsInWindow: this.exportTimestamps.length,
+            timestamp: new Date().toISOString()
+        });
+        // P1-2 修复：调用次数警告
+        if (this.exportCallCount >= IdentityManager.EXPORT_MAX_CALLS_WARN) {
+            this.logger.warn('SECURITY: exportIdentity has been called many times', {
+                callCount: this.exportCallCount,
+                warning: 'Frequent exports of private key material may indicate a security issue'
+            });
+        }
+        return {
+            peerId: this.peerId.toString(),
+            privateKey: Buffer.from(marshalPrivateKey(this.privateKey)).toString('base64'),
+            e2eeKeyPair: {
+                publicKey: Buffer.from(this.e2eePublicKey).toString('base64'),
+                privateKey: Buffer.from(this.e2eePrivateKey).toString('base64')
+            },
+            createdAt: this.createdAt
+        };
+    }
+    /**
+     * Get PeerId
+     */
+    getPeerId() {
+        return this.peerId;
+    }
+    /**
+     * Get PeerId string
+     */
+    getPeerIdString() {
+        return this.peerId?.toString() || null;
+    }
+    /**
+     * Get libp2p private key
+     */
+    getPrivateKey() {
+        return this.privateKey;
+    }
+    /**
+     * Get E2EE key pair
+     *
+     * @敏感 此方法返回敏感的私钥材料
+     * - 不要记录或暴露返回的数据
+     * - 使用完毕后从内存中清除
+     * - 仅在必要时调用
+     */
+    getE2EEKeyPair() {
+        if (!this.e2eePublicKey || !this.e2eePrivateKey)
+            return null;
+        return {
+            publicKey: this.e2eePublicKey,
+            privateKey: this.e2eePrivateKey
+        };
+    }
+    /**
+     * Get E2EE public key (base64)
+     */
+    getE2EEPublicKeyBase64() {
+        return this.e2eePublicKey ? Buffer.from(this.e2eePublicKey).toString('base64') : null;
+    }
+    /**
+     * Check if identity is fully loaded
+     */
+    isLoaded() {
+        return (this.peerId !== null &&
+            this.privateKey !== null &&
+            this.e2eePublicKey !== null &&
+            this.e2eePrivateKey !== null &&
+            this.createdAt !== null);
+    }
+    /**
+     * Delete identity file and securely wipe memory (dangerous operation)
+     */
+    async deleteIdentity() {
+        try {
+            const identityFile = this.getIdentityFilePath();
+            await fs.unlink(identityFile);
+            // Securely wipe private key data from memory
+            if (this.e2eePrivateKey) {
+                secureWipe(this.e2eePrivateKey);
+            }
+            // Securely wipe libp2p Ed25519 private key bytes
+            if (this.privateKey) {
+                // Access the raw bytes of the Ed25519 private key and wipe them
+                const privateKeyBytes = this.privateKey.bytes;
+                if (privateKeyBytes) {
+                    secureWipe(privateKeyBytes);
+                }
+            }
+            // Clear all identity data from memory
+            this.peerId = null;
+            this.privateKey = null;
+            this.e2eePublicKey = null;
+            this.e2eePrivateKey = null;
+            this.createdAt = null;
+            this.logger.warn('Identity deleted and memory cleared');
+            return success(undefined);
+        }
+        catch (error) {
+            if (error.code === 'ENOENT') {
+                return success(undefined);
+            }
+            return failureFromError('IDENTITY_DELETE_FAILED', 'Failed to delete identity', error);
+        }
+    }
+}
+//# sourceMappingURL=identity-manager.js.map

package/dist/core/identity/identity-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-manager.js","sourceRoot":"","sources":["../../../src/core/identity/identity-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,IAAI,CAAC;AACpC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC9F,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGjD,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAU,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC/F,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAO5E,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;GAGG;AACH,SAAS,mBAAmB,CAAC,GAAY;IACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,MAAM,GAAG,GAA8B,CAAC;IAC9C,OAAO,CACL,MAAM,CAAC,SAAS,KAAK,IAAI;QACzB,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC/B,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;QAC7B,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;QAClC,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CACtC,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,eAAe;IAClB,OAAO,CAAS;IAChB,QAAQ,CAAU;IAClB,MAAM,GAAkB,IAAI,CAAC;IAC7B,UAAU,GAAsB,IAAI,CAAC;IACrC,aAAa,GAAsB,IAAI,CAAC;IACxC,cAAc,GAAsB,IAAI,CAAC;IACzC,SAAS,GAAgB,IAAI,CAAC;IAC9B,MAAM,CAAS;IACvB,qCAAqC;IAC7B,WAAW,GAA6C,IAAI,CAAC;IACrE,0CAA0C;IAClC,eAAe,GAAW,CAAC,CAAC;IACpC,gCAAgC;IACxB,gBAAgB,GAAa,EAAE,CAAC;IACxC,8BAA8B;IACtB,MAAM,CAAU,gBAAgB,GAAG,KAAK,CAAC;IACjD,sBAAsB;IACd,MAAM,CAAU,oBAAoB,GAAG,CAAC,CAAC;IACjD,wCAAwC;IAChC,MAAM,CAAU,qBAAqB,GAAG,EAAE,CAAC;IAEnD,YAAY,UAAkC,EAAE;QAC9C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACK,mBAAmB;QACzB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,gDAAgD;YAChD,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAChE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,YAAY;QAChB,uBAAuB;QACvB,IAAI,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACpB,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,+BAA+B;QAC/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,WAAW;QACX,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAEzC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC;YACtC,OAAO,MAAM,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,aAAa;YACb,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc;QAC1B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAE3B,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAEhD,IAAI,CAAC;gBACH,gCAAgC;gBAChC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAEtD,yBAAyB;gBACzB,IAAI,MAAe,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;gBAAC,OAAO,UAAU,EAAE,CAAC;oBACpB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE;wBAC7D,KAAK,EAAE,UAAU,YAAY,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;qBAC7E,CAAC,CAAC;oBACH,OAAO,OAAO,CAAC,WAAW,CACxB,oBAAoB,EACpB,8GAA8G,CAC/G,CAAC,CAAC;gBACL,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;oBAClD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;oBAChE,OAAO,OAAO,CAAC,WAAW,CACxB,oBAAoB,EACpB,qDAAqD,CACtD,CAAC,CAAC;gBACL,CAAC;gBAED,6BAA6B;gBAC7B,MAAM,SAAS,GAAG,MAAiC,CAAC;gBACpD,uCAAuC;gBACvC,MAAM,cAAc,GAAG,SAAS,CAAC,SAAS,CAAC;gBAC3C,MAAM,WAAW,GAAG,OAAO,cAAc,KAAK,SAAS,IAAI,cAAc,KAAK,IAAI,CAAC;gBAEnF,IAAI,WAAW,EAAE,CAAC;oBAChB,0CAA0C;oBAC1C,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;wBACxD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;wBACzE,OAAO,OAAO,CAAC,WAAW,CACxB,4BAA4B,EAC5B,gGAAgG,CACjG,CAAC,CAAC;oBACL,CAAC;oBAED,qBAAqB;oBACrB,IAAI,CAAC;wBACH,sCAAsC;wBACtC,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC;4BACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mEAAmE,CAAC,CAAC;4BACvF,OAAO,OAAO,CAAC,WAAW,CACxB,oBAAoB,EACpB,mEAAmE,CACpE,CAAC,CAAC;wBACL,CAAC;wBACD,MAAM,SAAS,GAAG,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;wBAC5D,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;wBAE5C,wBAAwB;wBACxB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;wBAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;4BACrD,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;4BAC5C,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE;yBACzC,CAAC,CAAC;wBAEH,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAC;oBAChD,CAAC;oBAAC,OAAO,YAAY,EAAE,CAAC;wBACtB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mDAAmD,EAAE;4BACrE,KAAK,EAAE,YAAY,YAAY,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;yBACnF,CAAC,CAAC;wBACH,OAAO,OAAO,CAAC,WAAW,CACxB,yBAAyB,EACzB,4DAA4D,CAC7D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,MAAM,SAAS,GAAG,MAA2B,CAAC;gBAC9C,MAAM,IAAI,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;gBAE5C,wBAAwB;gBACxB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;gBAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;oBACrD,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBAC5C,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE;iBACzC,CAAC,CAAC;gBAEH,+BAA+B;gBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAC;gBAEjG,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,SAAkB,EAAE,CAAC;gBAC5B,0DAA0D;gBAC1D,IAAK,SAAmC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC3D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;oBACjE,OAAO,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxC,CAAC;gBACD,MAAM,SAAS,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,gBAAgB,CAAC,sBAAsB,EAAE,mCAAmC,EAAE,KAAc,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CAAC,SAA4B;QAC9D,0BAA0B;QAC1B,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QACnF,CAAC;QAED,iCAAiC;QACjC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU,GAAG,MAAM,mBAAmB,CAAC,eAAe,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,GAAG,MAAM,cAAc,CAChC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CACtB,CAAC;QAEF,sDAAsD;QACtD,UAAU,CAAC,eAAe,CAAC,CAAC;QAE5B,wBAAwB;QACxB,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAEpE,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACjD,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,CAAC;YACH,8CAA8C;YAC9C,IAAI,CAAC,UAAU,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;YACnD,IAAI,CAAC,MAAM,GAAG,MAAM,cAAc,CAChC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CACtB,CAAC;YAEF,oCAAoC;YACpC,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YACrD,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAE9D,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;YAE5B,gBAAgB;YAChB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAE1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE;gBACvC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBAC3C,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;aACxC,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC,CAAC;QAChD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,gBAAgB,CAAC,wBAAwB,EAAE,+BAA+B,EAAE,KAAc,CAAC,CAAC;QACrG,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACvG,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,SAAS,GAAsB;YACnC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC1E,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnE,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACjE,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;YACvC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QAEF,8BAA8B;QAC9B,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,CAAC;QAE1E,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,+BAA+B;YAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAC;QAC3G,CAAC;QAED,MAAM,IAAI,GAAG,aAAa;YACxB,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,QAAS,CAAC,CAAC;YAC5D,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAEvC,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACrC,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,iBAAiB,CAAC,IAAY;QAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAChD,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QAChD,2CAA2C;QAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACK,sBAAsB;QAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACvG,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC9E,WAAW,EAAE;gBACX,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7D,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;aAChE;YACD,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACvG,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,wBAAwB;QACxB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAClD,SAAS,CAAC,EAAE,CAAC,GAAG,GAAG,SAAS,GAAG,eAAe,CAAC,gBAAgB,CAChE,CAAC;QAEF,kBAAkB;QAClB,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,eAAe,CAAC,oBAAoB,EAAE,CAAC;YACzE,MAAM,cAAc,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAChD,MAAM,YAAY,GAAG,eAAe,CAAC,gBAAgB,GAAG,CAAC,GAAG,GAAG,cAAc,CAAC,CAAC;YAC/E,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;YAErD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;gBAC/D,iBAAiB,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM;gBAC/C,UAAU,EAAE,eAAe,CAAC,oBAAoB;gBAChD,iBAAiB,EAAE,aAAa;aACjC,CAAC,CAAC;YAEH,MAAM,IAAI,KAAK,CACb,+CAA+C,eAAe,CAAC,oBAAoB,qBAAqB;gBACxG,uBAAuB,aAAa,WAAW,CAChD,CAAC;QACJ,CAAC;QAED,eAAe;QACf,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEhC,wBAAwB;QACxB,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iEAAiE,EAAE;YAClF,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3C,SAAS,EAAE,IAAI,CAAC,eAAe;YAC/B,aAAa,EAAE,IAAI,CAAC,gBAAgB,CAAC,MAAM;YAC3C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,iBAAiB;QACjB,IAAI,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,qBAAqB,EAAE,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qDAAqD,EAAE;gBACtE,SAAS,EAAE,IAAI,CAAC,eAAe;gBAC/B,OAAO,EAAE,wEAAwE;aAClF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC9E,WAAW,EAAE;gBACX,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7D,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;aAChE;YACD,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;;;OAOG;IACH,cAAc;QACZ,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC;QAC7D,OAAO;YACL,SAAS,EAAE,IAAI,CAAC,aAAa;YAC7B,UAAU,EAAE,IAAI,CAAC,cAAc;SAChC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,OAAO,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,CACL,IAAI,CAAC,MAAM,KAAK,IAAI;YACpB,IAAI,CAAC,UAAU,KAAK,IAAI;YACxB,IAAI,CAAC,aAAa,KAAK,IAAI;YAC3B,IAAI,CAAC,cAAc,KAAK,IAAI;YAC5B,IAAI,CAAC,SAAS,KAAK,IAAI,CACxB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAChD,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAE9B,6CAA6C;YAC7C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAClC,CAAC;YAED,iDAAiD;YACjD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,gEAAgE;gBAChE,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;gBAC9C,IAAI,eAAe,EAAE,CAAC;oBACpB,UAAU,CAAC,eAAe,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,sCAAsC;YACtC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YACvB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAC3B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YAEtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;YAC5B,CAAC;YACD,OAAO,gBAAgB,CAAC,wBAAwB,EAAE,2BAA2B,EAAE,KAAc,CAAC,CAAC;QACjG,CAAC;IACH,CAAC"}

package/dist/core/identity/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * 身份管理模块导出
+ */
+export { IdentityManager } from './identity-manager.js';
+export { encryptIdentity, decryptIdentity } from './encrypted-key-store.js';
+export type { PersistedIdentity, IdentityManagerOptions, ExportedIdentity, EncryptedIdentity } from './types.js';
+export { DEFAULT_DATA_DIR, IDENTITY_FILE, AES_KEY_SIZE, AES_IV_SIZE, AES_TAG_SIZE } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/core/identity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/identity/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC5E,YAAY,EACV,iBAAiB,EACjB,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,YAAY,EACb,MAAM,YAAY,CAAC"}

package/dist/core/identity/index.js

@@ -0,0 +1,7 @@
+/**
+ * 身份管理模块导出
+ */
+export { IdentityManager } from './identity-manager.js';
+export { encryptIdentity, decryptIdentity } from './encrypted-key-store.js';
+export { DEFAULT_DATA_DIR, IDENTITY_FILE, AES_KEY_SIZE, AES_IV_SIZE, AES_TAG_SIZE } from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/core/identity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/core/identity/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAO5E,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,YAAY,EACb,MAAM,YAAY,CAAC"}

package/dist/core/identity/types.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Identity manager type definitions
+ */
+/** AES-256-GCM parameters */
+export declare const AES_KEY_SIZE = 32;
+export declare const AES_IV_SIZE = 12;
+export declare const AES_TAG_SIZE = 16;
+/** Scrypt parameters for key derivation */
+export declare const SCRYPT_N = 16384;
+export declare const SCRYPT_R = 8;
+export declare const SCRYPT_P = 1;
+/** Salt size for key derivation */
+export declare const SALT_SIZE = 16;
+/** Data directory */
+export declare const DEFAULT_DATA_DIR = ".f2a";
+export declare const IDENTITY_FILE = "identity.json";
+/**
+ * Persisted identity data structure
+ */
+export interface PersistedIdentity {
+    /** libp2p PeerId (Ed25519) protobuf encoded (base64) */
+    peerId: string;
+    /** E2EE private key (X25519, base64) */
+    e2eePrivateKey: string;
+    /** E2EE public key (X25519, base64) */
+    e2eePublicKey: string;
+    /** Creation time (ISO string) */
+    createdAt: string;
+    /** Last used time (ISO string) */
+    lastUsedAt: string;
+}
+/**
+ * Identity configuration options
+ */
+export interface IdentityManagerOptions {
+    /** Data directory (default ~/.f2a/) */
+    dataDir?: string;
+    /** Encryption password (optional, for encrypted storage) */
+    password?: string;
+}
+/**
+ * Exported identity information
+ *
+ * WARNING: This contains sensitive private key material.
+ * Handle with care and avoid logging or exposing this data.
+ */
+export interface ExportedIdentity {
+    /** PeerId string */
+    peerId: string;
+    /** libp2p private key (protobuf encoded, base64) - SENSITIVE */
+    privateKey: string;
+    /** E2EE key pair */
+    e2eeKeyPair: {
+        publicKey: string;
+        privateKey: string;
+    };
+    /** Creation time */
+    createdAt: Date;
+}
+/**
+ * Encrypted identity data structure
+ */
+export interface EncryptedIdentity {
+    encrypted: true;
+    salt: string;
+    iv: string;
+    authTag: string;
+    ciphertext: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/identity/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/identity/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,6BAA6B;AAC7B,eAAO,MAAM,YAAY,KAAK,CAAC;AAC/B,eAAO,MAAM,WAAW,KAAK,CAAC;AAC9B,eAAO,MAAM,YAAY,KAAK,CAAC;AAE/B,2CAA2C;AAC3C,eAAO,MAAM,QAAQ,QAAQ,CAAC;AAC9B,eAAO,MAAM,QAAQ,IAAI,CAAC;AAC1B,eAAO,MAAM,QAAQ,IAAI,CAAC;AAE1B,mCAAmC;AACnC,eAAO,MAAM,SAAS,KAAK,CAAC;AAE5B,qBAAqB;AACrB,eAAO,MAAM,gBAAgB,SAAS,CAAC;AACvC,eAAO,MAAM,aAAa,kBAAkB,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,cAAc,EAAE,MAAM,CAAC;IACvB,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB;IACpB,WAAW,EAAE;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,oBAAoB;IACpB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB"}

package/dist/core/identity/types.js

@@ -0,0 +1,17 @@
+/**
+ * Identity manager type definitions
+ */
+/** AES-256-GCM parameters */
+export const AES_KEY_SIZE = 32;
+export const AES_IV_SIZE = 12;
+export const AES_TAG_SIZE = 16;
+/** Scrypt parameters for key derivation */
+export const SCRYPT_N = 16384; // CPU/memory cost parameter (default, ~64MB memory)
+export const SCRYPT_R = 8; // Block size
+export const SCRYPT_P = 1; // Parallelization parameter
+/** Salt size for key derivation */
+export const SALT_SIZE = 16;
+/** Data directory */
+export const DEFAULT_DATA_DIR = '.f2a';
+export const IDENTITY_FILE = 'identity.json';
+//# sourceMappingURL=types.js.map

package/dist/core/identity/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/core/identity/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,6BAA6B;AAC7B,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAC/B,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC9B,MAAM,CAAC,MAAM,YAAY,GAAG,EAAE,CAAC;AAE/B,2CAA2C;AAC3C,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,oDAAoD;AACnF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAK,aAAa;AAC5C,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAK,4BAA4B;AAE3D,mCAAmC;AACnC,MAAM,CAAC,MAAM,SAAS,GAAG,EAAE,CAAC;AAE5B,qBAAqB;AACrB,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC;AACvC,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAC"}