@ftptech/canton-agent-wallet 0.1.0

package/dist/verify-prepared.d.ts

@@ -0,0 +1,361 @@
+interface DecodedExercise {
+    choiceId: string;
+    chosenValue: Uint8Array;
+    /** The exercised contract id (Exercise.contract_id, field 2), UTF-8 decoded.
+     *  Pinned by the arms ONLY when the caller supplies an expected value
+     *  (defense-in-depth: closes the resolve→prepare TOCTOU where a relay points
+     *  the choice at a contract other than the one it resolved to the agent).
+     *  undefined if the node carried no decodable contract_id. */
+    contractId?: string | undefined;
+    /** The exercised contract's template, as a `module:entity` qualified name (the
+     *  package id is dropped because it changes across package upgrades). Used to
+     *  pin WHICH template the validated choice runs against, so a relay cannot
+     *  point a same-named choice at a confusable/attacker template. undefined if
+     *  the node carried no decodable template_id. */
+    templateQualifiedName?: string | undefined;
+}
+/** The recognized `transaction.v1.Node` node-type oneof members. Anything not
+ *  in this set is treated as PRESENT-AND-UNVALIDATED (reject), never skipped. */
+type NodeKind = "create" | "fetch" | "exercise" | "rollback" | "query_by_key";
+/**
+ * One fully-accounted node of the prepared transaction. EVERY entry in
+ * DamlTransaction.nodes produces exactly one of these — a node we cannot fully
+ * recognize is recorded with `recognized=false` rather than silently dropped, so
+ * the invariant layer can fail closed on it (this is the fix for the bypass
+ * where a sibling node carried under a non-1000 node version, or as a
+ * non-exercise node type, was invisible to verify).
+ */
+interface DecodedNode {
+    /** DamlTransaction.Node.node_id (the id `roots`/`children` reference). */
+    nodeId: string;
+    /** False ⇒ the node version was not the known `v1` (1000) oneof member, or it
+     *  set an unknown/extra versioned_node member. Such a node is opaque: a
+     *  participant understanding that version could execute it under our signature,
+     *  so we must refuse to sign. */
+    recognizedVersion: boolean;
+    /** The v1 node-type oneof member, or undefined if !recognizedVersion or the
+     *  inner node set no/unknown node_type member. undefined ⇒ reject. */
+    kind?: NodeKind | undefined;
+    /** For exercise nodes: the choice id + chosen value (money-critical args). */
+    exercise?: DecodedExercise | undefined;
+    /** node_id references this node declares as its children (Exercise.children /
+     *  Rollback.children). Used to prove reachability from the single root so no
+     *  orphan (extra-leg) node can hide in DamlTransaction.nodes. */
+    children: string[];
+    /** Every `Value`-typed payload this node introduces (exercise chosen_value &
+     *  exercise_result, create argument). The foreign-party backstop scans the
+     *  UNION of these across ALL nodes, not just the matched root exercise — so a
+     *  party/recipient introduced by ANY sibling/consequence node surfaces. */
+    values: Uint8Array[];
+    /** Node-level `repeated string party` fields that are NOT carried inside a
+     *  Daml `Value` tree: Create.signatories/stakeholders,
+     *  Exercise.signatories/stakeholders/acting_parties/choice_observers,
+     *  Fetch.signatories/stakeholders/acting_parties, and a QueryByKey's key
+     *  maintainers. The foreign-party backstop scans these too, so an attacker
+     *  party placed as e.g. a consequence contract's stakeholder/observer (a
+     *  position invisible to the Value-leaf walk) still surfaces. */
+    partyMeta: string[];
+}
+interface DecodedPrepared {
+    /** `act_as` parties from Metadata.submitter_info (authoritative submitter). */
+    actAs: string[];
+    /** DamlTransaction.roots — node_ids declared as transaction roots. */
+    roots: string[];
+    /** EVERY node in DamlTransaction.nodes, fully accounted (recognized or not). */
+    nodes: DecodedNode[];
+    /** Convenience view: every recognized Exercise node's choice id + chosen value
+     *  (backwards-compatible with callers that only inspected exercises). */
+    exercises: DecodedExercise[];
+    /** Metadata.synchronizer_id (proto field 3, in the SIGNED block). undefined if
+     *  absent. Pinned to caller intent by the arms when supplied. */
+    synchronizerId?: string | undefined;
+    /** SIGNED Metadata timing fields, microseconds since the Unix epoch, as
+     *  BigInts (undefined if absent). All in the proto's "needs to be signed"
+     *  block, so the agent's signature covers them; the arms sanity-bound them. */
+    preparationTime?: bigint | undefined;
+    minLedgerEffectiveTime?: bigint | undefined;
+    maxLedgerEffectiveTime?: bigint | undefined;
+    maxRecordTime?: bigint | undefined;
+    /** Every Create `argument` Value carried in Metadata.input_contracts (proto
+     *  field 7, SIGNED): the authenticated input-contract set. Scanned by the
+     *  foreign-party backstop so a party that appears ONLY inside an input
+     *  contract's payload (never in a transaction node) still surfaces. */
+    inputContractValues: Uint8Array[];
+    /** The node-level `repeated string party` fields of each Metadata.input_contracts
+     *  Create — signatories (field 6) + stakeholders (field 7) + any contract-key
+     *  parties (field 8). The V2 metadata hasher binds disclosed/input contracts via
+     *  `hashNode(toCreateNode)` → addCreateNode, which hashes argument + signatories
+     *  + stakeholders, so these party fields ARE covered by the agent's signature;
+     *  the backstop scans them so a foreign party placed ONLY as an input-contract
+     *  signatory/stakeholder (not in its argument) still surfaces. */
+    inputContractPartyMeta: string[];
+}
+/**
+ * Decode a base64 `PreparedTransaction` into the bits we validate.
+ *
+ * Enumerates EVERY node in DamlTransaction.nodes — every node-version member and
+ * every node-type oneof member — recording unrecognized ones as
+ * present-but-unvalidated (never silently skipping them). The single allowed
+ * root exercise, no-orphan reachability, and the all-nodes value backstop are
+ * enforced by the per-arm invariant (`assertSingleAllowedRootExercise`).
+ */
+export declare function decodePrepared(preparedTransactionB64: string): DecodedPrepared;
+interface ExtractedTransfer {
+    sender: string;
+    receiver: string;
+    amount: string;
+    instrumentAdmin: string;
+    instrumentId: string;
+}
+/**
+ * Extract the transfer body (sender/receiver/amount/instrument) from a
+ * TransferFactory_Transfer choice argument, BY TYPE at its structural position.
+ */
+export declare function extractTransfer(chosenValue: Uint8Array): ExtractedTransfer;
+export interface PreparedTransferExpectation {
+    /** The agent's own party — must be the transfer sender (caller intent). */
+    sender: string;
+    /** The intended recipient (merchant payTo / withdraw target) — caller intent. */
+    receiver: string;
+    /** The EXACT amount string the agent asked to transfer — caller intent. */
+    amount: string;
+    /**
+     * The instrument id the agent expects (e.g. "Amulet"). Caller intent — the
+     * agent chooses what asset to pay in. The instrument ADMIN (DSO party) is
+     * resolved by the relay and is deliberately NOT used as a trust anchor: we
+     * never whitelist a relay-supplied party. Pass it only if you have an
+     * independently-trusted value to additionally pin.
+     */
+    instrumentId: string;
+    /** Optional, independently-trusted instrument admin (the DSO party) to pin. When
+     *  supplied it is pinned by exact equality AND becomes the ONLY admin/dso value
+     *  the foreign-party backstop excludes outside its root position — closing the
+     *  "alias the unpinned admin to the attacker and inject it as a consequence
+     *  recipient" neutralization. Pass it whenever you have an out-of-band DSO. */
+    instrumentAdmin?: string;
+    /** Optional, caller-intent synchronizer id (the merchant-advertised domain).
+     *  When supplied, the SIGNED Metadata.synchronizer_id is pinned to it (fail-
+     *  closed if absent/different) so a relay cannot land the agent's signature on a
+     *  domain of its choosing. */
+    synchronizerId?: string;
+    /** Optional, caller-intent template `module:entity` qualified name of the
+     *  TransferFactory the choice runs against (e.g. the token-standard transfer
+     *  factory). When supplied, the exercise's template_id is pinned, closing the
+     *  template/contract-confusion surface. */
+    templateQualifiedName?: string;
+    /** Optional, caller-intent contract id of the factory the exercise targets.
+     *  When supplied, Exercise.contract_id is pinned by exact equality (fail-closed
+     *  on divergence) — defense-in-depth closing the resolve→prepare TOCTOU. No-op
+     *  when omitted (the all-nodes party backstop still contains any redirect). */
+    expectedContractId?: string;
+    /** Inject Date.now() for testability of the timing sanity checks. */
+    nowMs?: number;
+}
+export declare class PreparedDecodeError extends Error {
+    constructor(message: string);
+}
+export declare class PreparedTransferMismatchError extends Error {
+    constructor(message: string);
+}
+/**
+ * Assert the relay-returned `preparedTransaction` encodes EXACTLY the transfer
+ * the agent intended. Throws `PreparedTransferMismatchError` on any mismatch
+ * and `PreparedDecodeError` if the bytes are not a decodable PreparedTransaction
+ * carrying a single transfer exercise. Call this BEFORE signing `hash`.
+ *
+ * Fail-closed: anything we cannot positively prove matches the intent throws.
+ */
+export declare function assertPreparedTransferMatches(preparedTransactionB64: string, expect: PreparedTransferExpectation): void;
+interface ExtractedCreateTransferCommand {
+    sender: string;
+    receiver: string;
+    delegate: string;
+    amount: string;
+    nonce: string;
+    /** Decimal-string of the Value.timestamp varint, or undefined if not present
+     *  as a timestamp leaf (some encodings serialize Time differently); the
+     *  caller only sanity-checks it, never pins it to money. */
+    expiresAt?: string;
+    /** The expectedDso party AS it appears at its own position, used ONLY to
+     *  exclude it from the foreign-recipient backstop (never as an allowlist). */
+    expectedDso?: string;
+}
+/**
+ * Extract the v1 create-command fields from its (flat) choice-argument record,
+ * BY TYPE at its DAML DECLARATION-ORDER POSITION (what the participant binds),
+ * NOT by label — and fail closed on any label/position divergence (the
+ * amount-inflation / receiver-swap vector). Declaration order:
+ *   [0] sender:Party [1] receiver:Party [2] delegate:Party [3] amount:Numeric
+ *   [4] expiresAt:Time [5] nonce:Int [6] description:Optional Text [7] expectedDso:Party
+ * Honest encodings — fully labelled in order OR label-free (normalized) — both
+ * pass; a record whose labels disagree with declaration order (a decoy field
+ * re-using a money-critical label, or a mislabeled value at a money position) is
+ * rejected. Fails closed if a money-critical field is the wrong type / missing.
+ */
+export declare function extractCreateTransferCommand(chosenValue: Uint8Array): ExtractedCreateTransferCommand;
+/** Caller-intent expectation for a v1 `CreateTransferCommand`. Every field is
+ *  CALLER INTENT — none is taken from the relay's resolve response. */
+export interface PreparedCreateTransferCommandExpectation {
+    /** The agent's own party — must be the command sender. */
+    sender: string;
+    /** The intended recipient (merchant payTo from the 402). */
+    receiver: string;
+    /** The facilitator/delegate party (from the 402 `extra.facilitatorParty`). */
+    delegate: string;
+    /** The EXACT amount string the agent asked to pay. */
+    amount: string;
+    /** Optional: the exact nonce the agent built the command with. When supplied
+     *  it is pinned by exact equality; always sanity-checked (>= 0) regardless. */
+    nonce?: string;
+    /** Optional, independently-trusted DSO party. When supplied it is pinned by
+     *  exact equality to the command's expectedDso AND becomes the ONLY dso value
+     *  the foreign-party backstop excludes outside its root position — closing the
+     *  "alias the unpinned expectedDso to the attacker and inject it as a
+     *  consequence recipient" neutralization. Pass it whenever an out-of-band DSO
+     *  is available; without it the backstop still closes the root-extra-leaf and
+     *  money-role aliasing vectors. */
+    expectedDso?: string;
+    /** Optional, caller-intent synchronizer id (merchant-advertised domain). When
+     *  supplied, the SIGNED Metadata.synchronizer_id is pinned to it (fail-closed
+     *  if absent/different) so a relay cannot land the signature on its own domain. */
+    synchronizerId?: string;
+    /** Optional, caller-intent template `module:entity` of the ExternalPartyAmulet-
+     *  Rules contract the choice runs against. When supplied, the exercise's
+     *  template_id is pinned (template/contract-confusion). */
+    templateQualifiedName?: string;
+    /** Optional, caller-intent contract id of the ExternalPartyAmuletRules contract
+     *  the exercise targets. When supplied, Exercise.contract_id is pinned by exact
+     *  equality (fail-closed on divergence) — defense-in-depth closing the
+     *  resolve→prepare TOCTOU. No-op when omitted. */
+    expectedContractId?: string;
+    /** Inject Date.now() for testability of the expiresAt / timing sanity checks. */
+    nowMs?: number;
+}
+/**
+ * Assert the relay-returned `preparedTransaction` encodes EXACTLY the v1
+ * `ExternalPartyAmuletRules_CreateTransferCommand` the agent intended. Throws
+ * `PreparedTransferMismatchError` on any mismatch and `PreparedDecodeError` if
+ * the bytes are not a decodable PreparedTransaction carrying a single
+ * create-command exercise. Call BEFORE signing the hash. Fail-closed: anything
+ * not positively proven to match the intent throws.
+ */
+export declare function assertPreparedCreateTransferCommandMatches(preparedTransactionB64: string, expect: PreparedCreateTransferCommandExpectation): void;
+/** Caller-intent expectation for a `TransferInstruction_Accept` (claim) prepare. */
+export interface PreparedAcceptExpectation {
+    /** The agent's own party — must be the authoritative submitter (act_as). */
+    selfParty: string;
+    /** Inject Date.now() for testability of the timing sanity checks. */
+    nowMs?: number;
+}
+/**
+ * Assert the relay-returned `preparedTransaction` for the claim path encodes
+ * EXACTLY a single `TransferInstruction_Accept` exercise submitted by the agent —
+ * and is NOT an outbound transfer/create-transfer-command drain. Throws
+ * `PreparedTransferMismatchError` on any mismatch and `PreparedDecodeError` if
+ * the bytes are not a decodable PreparedTransaction. Call BEFORE signing the
+ * hash. Fail-closed: anything not positively proven to be an inbound accept by
+ * the agent throws.
+ */
+export declare function assertPreparedAcceptMatches(preparedTransactionB64: string, expect: PreparedAcceptExpectation): void;
+/**
+ * How to bind the relay-returned `hash` to the `preparedTransaction` bytes the
+ * agent just structurally validated. Exactly one of these must hold for a
+ * value-moving transfer, or we refuse to sign (fail-closed).
+ */
+export interface HashBindingOptions {
+    /**
+     * A function that recomputes the signing hash from the prepared-transaction
+     * bytes EXACTLY as Canton's participant does on `execute`
+     * (HASHING_SCHEME_VERSION_V2), returning it base64-encoded. When supplied,
+     * `assertHashBinding` requires `recomputeHash(prepared) === hash`
+     * (constant-time) and throws otherwise — this is the real cryptographic
+     * binding and the only thing that defeats a relay returning honest bytes with
+     * the hash of a DIFFERENT (tampered) transaction.
+     *
+     * It MUST be a deterministic function of the bytes alone and MUST match the
+     * participant's algorithm; if it does not, honest transfers fail closed
+     * (refused), never silently mis-bound.
+     *
+     * May be async: the conformant implementation (`recomputeHash` in
+     * `canton-hash.ts`, backed by `@canton-network/core-tx-visualizer`) uses
+     * WebCrypto and returns a Promise. `assertHashBinding` awaits the result, so a
+     * sync `=> string` recompute is also accepted.
+     */
+    recomputeHash?: (preparedTransactionB64: string) => Promise<string> | string;
+    /**
+     * DANGEROUS, OFF BY DEFAULT. Sign the relay-returned hash WITHOUT recomputing
+     * it. The Canton Ledger API proto is explicit: "clients MUST recompute the
+     * hash from the raw transaction if the preparing participant is not trusted"
+     * and the hash field is "provided for convenience [and] may be removed". A
+     * compromised relay can return structurally-honest bytes paired with the hash
+     * of a tampered transaction; if it then swaps the bytes it forwards to the
+     * participant, the agent's signature authorizes the attacker's transfer.
+     *
+     * Only set this true if you independently display the decoded transfer to a
+     * human for approval before signing, OR you fully trust the relay. Never the
+     * default for autonomous agents.
+     */
+    trustRelayHash?: boolean;
+}
+/** Thrown when a supplied `recomputeHash` cannot faithfully encode the bytes. */
+export declare class PreparedHashUnavailableError extends Error {
+    constructor(message: string);
+}
+/**
+ * Bind the `hash` the relay told us to sign to the `preparedTransaction` bytes
+ * we just structurally validated. Call this BEFORE signing `hash`.
+ *
+ * THE BINDING (why blind-signing breaks self-custody)
+ * ---------------------------------------------------
+ * The signed artifact is `hash`. The participant, on `execute`, recomputes the
+ * V2 hash from whatever bytes reach it and accepts the signature only if it
+ * matches. A compromised relay (the participant proxy) can therefore return
+ * structurally-HONEST `preparedTransaction` bytes (which sail through
+ * `assertPreparedTransferMatches`) paired with `hash = V2(PT_evil)` for a
+ * DIFFERENT transfer, then forward `PT_evil` instead of the honest bytes to the
+ * participant: V2(PT_evil) == hash, signature valid, attacker paid. Validating
+ * the bytes is therefore necessary but NOT sufficient — the agent must also
+ * prove the hash it signs is the hash OF THOSE validated bytes. That requires
+ * recomputing the hash locally; the relay-supplied hash is untrusted input.
+ *
+ * This function enforces, fail-closed:
+ *   1. shape: `hash` is a present, well-formed, non-empty base64 digest, and the
+ *      `preparedTransaction` is a decodable PreparedTransaction with exactly the
+ *      one transfer exercise (so we are signing a transfer we understood);
+ *   2. binding: EITHER `opts.recomputeHash` is supplied and
+ *      `recomputeHash(prepared) === hash` (constant-time) — the real binding —
+ *      OR `opts.trustRelayHash === true` is explicitly set (the documented,
+ *      off-by-default escape hatch for human-in-the-loop / trusted-relay use).
+ *      If neither holds, we REFUSE to sign rather than blind-sign an unbound,
+ *      relay-chosen hash.
+ */
+export declare function assertHashBinding(preparedTransactionB64: string, hashB64: string, opts?: HashBindingOptions): Promise<void>;
+/**
+ * Returns true iff `hash` is the plain SHA-256 of the `preparedTransaction`
+ * bytes. NOTE: Canton V2 does NOT hash this way (see `assertHashBinding`), so
+ * this is advisory only and is NEVER used to accept or reject a submission.
+ * Retained for diagnostics / future schemes.
+ */
+export declare function hashMatchesPreparedPlain(preparedTransactionB64: string, hashB64: string): boolean;
+/** Thrown when relay-returned onboarding topology cannot be proven to bind the
+ *  agent's own key + namespace. Onboarding refuses to sign the multiHash. */
+export declare class OnboardingTopologyMismatchError extends Error {
+    constructor(message: string);
+}
+/** What the agent independently knows/expects about its onboarding. */
+export interface OnboardingTopologyExpectation {
+    /** The agent's OWN freshly-generated public key, base64 SPKI/DER (keys.ts). */
+    publicKeySpkiB64: string;
+    /** The relay-returned party id, expected `name::fingerprint`. */
+    party: string;
+    /** The relay-returned canonical key fingerprint (the party's namespace). */
+    publicKeyFingerprint: string;
+}
+/**
+ * Assert the relay-returned onboarding topology binds the agent's OWN key and
+ * namespace. Call this BEFORE signing the onboarding `multiHash`. Fail-closed:
+ * anything not positively proven throws `OnboardingTopologyMismatchError`.
+ */
+export declare function assertOnboardingTopologyBindsKey(onboardingTransactionsB64: string[], expect: OnboardingTopologyExpectation): void;
+export {};
+//# sourceMappingURL=verify-prepared.d.ts.map

package/dist/verify-prepared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-prepared.d.ts","sourceRoot":"","sources":["../src/verify-prepared.ts"],"names":[],"mappings":"AA0uBA,UAAU,eAAe;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,UAAU,CAAC;IACxB;;;;kEAI8D;IAC9D,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC;;;;qDAIiD;IACjD,qBAAqB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C;AAED;iFACiF;AACjF,KAAK,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAU,GAAG,UAAU,GAAG,cAAc,CAAC;AAE9E;;;;;;;GAOG;AACH,UAAU,WAAW;IACnB,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC;IACf;;;qCAGiC;IACjC,iBAAiB,EAAE,OAAO,CAAC;IAC3B;0EACsE;IACtE,IAAI,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC5B,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACvC;;qEAEiE;IACjE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB;;;+EAG2E;IAC3E,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB;;;;;;qEAMiE;IACjE,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,UAAU,eAAe;IACvB,+EAA+E;IAC/E,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,sEAAsE;IACtE,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,gFAAgF;IAChF,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB;6EACyE;IACzE,SAAS,EAAE,eAAe,EAAE,CAAC;IAC7B;qEACiE;IACjE,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC;;mFAE+E;IAC/E,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,sBAAsB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5C,sBAAsB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5C,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC;;;2EAGuE;IACvE,mBAAmB,EAAE,UAAU,EAAE,CAAC;IAClC;;;;;;sEAMkE;IAClE,sBAAsB,EAAE,MAAM,EAAE,CAAC;CAClC;AA6KD;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,sBAAsB,EAAE,MAAM,GAAG,eAAe,CAsI9E;AAqeD,UAAU,iBAAiB;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;CACtB;AAyED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,WAAW,EAAE,UAAU,GAAG,iBAAiB,CAwD1E;AAMD,MAAM,WAAW,2BAA2B;IAC1C,2EAA2E;IAC3E,MAAM,EAAE,MAAM,CAAC;IACf,iFAAiF;IACjF,QAAQ,EAAE,MAAM,CAAC;IACjB,2EAA2E;IAC3E,MAAM,EAAE,MAAM,CAAC;IACf;;;;;;OAMG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;;mFAI+E;IAC/E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;kCAG8B;IAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;+CAG2C;IAC3C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;mFAG+E;IAC/E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,6BAA8B,SAAQ,KAAK;gBAC1C,OAAO,EAAE,MAAM;CAI5B;AAED;;;;;;;GAOG;AACH,wBAAgB,6BAA6B,CAC3C,sBAAsB,EAAE,MAAM,EAC9B,MAAM,EAAE,2BAA2B,GAClC,IAAI,CAuFN;AAyCD,UAAU,8BAA8B;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd;;gEAE4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;kFAC8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,4BAA4B,CAC1C,WAAW,EAAE,UAAU,GACtB,8BAA8B,CAoDhC;AAED;uEACuE;AACvE,MAAM,WAAW,wCAAwC;IACvD,0DAA0D;IAC1D,MAAM,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,QAAQ,EAAE,MAAM,CAAC;IACjB,8EAA8E;IAC9E,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAC;IACf;mFAC+E;IAC/E,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;uCAMmC;IACnC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;uFAEmF;IACnF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;+DAE2D;IAC3D,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B;;;sDAGkD;IAClD,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;GAOG;AACH,wBAAgB,0CAA0C,CACxD,sBAAsB,EAAE,MAAM,EAC9B,MAAM,EAAE,wCAAwC,GAC/C,IAAI,CAyIN;AA8BD,oFAAoF;AACpF,MAAM,WAAW,yBAAyB;IACxC,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAC;IAClB,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CACzC,sBAAsB,EAAE,MAAM,EAC9B,MAAM,EAAE,yBAAyB,GAChC,IAAI,CAiBN;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;;;;;;;;;;;;;OAiBG;IACH,aAAa,CAAC,EAAE,CAAC,sBAAsB,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC;IAC7E;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,iFAAiF;AACjF,qBAAa,4BAA6B,SAAQ,KAAK;gBACzC,OAAO,EAAE,MAAM;CAI5B;AAgBD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAsB,iBAAiB,CACrC,sBAAsB,EAAE,MAAM,EAC9B,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,kBAAuB,GAC5B,OAAO,CAAC,IAAI,CAAC,CA4Df;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,sBAAsB,EAAE,MAAM,EAC9B,OAAO,EAAE,MAAM,GACd,OAAO,CAIT;AAoDD;6EAC6E;AAC7E,qBAAa,+BAAgC,SAAQ,KAAK;gBAC5C,OAAO,EAAE,MAAM;CAI5B;AAED,uEAAuE;AACvE,MAAM,WAAW,6BAA6B;IAC5C,+EAA+E;IAC/E,gBAAgB,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,KAAK,EAAE,MAAM,CAAC;IACd,4EAA4E;IAC5E,oBAAoB,EAAE,MAAM,CAAC;CAC9B;AA+BD;;;;GAIG;AACH,wBAAgB,gCAAgC,CAC9C,yBAAyB,EAAE,MAAM,EAAE,EACnC,MAAM,EAAE,6BAA6B,GACpC,IAAI,CA0EN"}