@hashgraphonline/standards-sdk 0.1.161 → 0.1.162

package/dist/es/standards-sdk.es169.js

@@ -1,242 +1,175 @@
-const DEFAULT_USER_AGENT = "@hol-org/rb-client";
-const DEFAULT_PROGRESS_INTERVAL_MS = 1500;
-const DEFAULT_PROGRESS_TIMEOUT_MS = 5 * 60 * 1e3;
-const DEFAULT_BASE_URL = "https://hol.org/registry/api/v1";
-const JSON_CONTENT_TYPE = /application\/json/i;
-const DEFAULT_HISTORY_TOP_UP_HBAR = 0.25;
-const MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS = 1;
-const stripTrailingSlashes = (value) => {
-  let end = value.length;
-  while (end > 0 && value.charCodeAt(end - 1) === 47) {
-    end -= 1;
-  }
-  return end === value.length ? value : value.slice(0, end);
+import * as path from "path";
+import { Buffer } from "buffer";
+import { randomBytes } from "crypto";
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { registerEncryptionKeyResponseSchema } from "./standards-sdk.es140.js";
+import { optionalImport } from "./standards-sdk.es158.js";
+const getFs = async () => {
+  const fsModule = await optionalImport("node:fs");
+  if (fsModule && typeof fsModule.existsSync === "function" && typeof fsModule.readFileSync === "function" && typeof fsModule.writeFileSync === "function" && typeof fsModule.appendFileSync === "function") {
+    return fsModule;
+  }
+  return null;
 };
-const createAbortError = () => typeof DOMException === "function" ? new DOMException("Aborted", "AbortError") : new Error("The operation was aborted");
-const normaliseHeaderName = (name) => name.trim().toLowerCase();
-const isBrowserRuntime = () => typeof window !== "undefined" && typeof window.fetch === "function";
-const toJsonValue = (value) => {
-  if (value === null) {
-    return null;
-  }
-  if (value instanceof Date) {
-    return value.toISOString();
-  }
-  if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
-    return value;
-  }
-  if (Array.isArray(value)) {
-    return value.map((item) => item === void 0 ? null : toJsonValue(item));
-  }
-  if (typeof value === "object") {
-    const result = {};
-    Object.entries(value).forEach(
-      ([key, entryValue]) => {
-        if (entryValue !== void 0) {
-          result[key] = toJsonValue(entryValue);
-        }
-      }
-    );
-    return result;
-  }
-  throw new TypeError("Only JSON-compatible values are supported");
-};
-const isJsonObject = (value) => typeof value === "object" && value !== null && !Array.isArray(value);
-const toJsonObject = (value) => {
-  const normalised = toJsonValue(value);
-  if (isJsonObject(normalised)) {
-    return normalised;
-  }
-  throw new TypeError("Expected JSON object value");
-};
-const serialiseAuthConfig = (auth) => {
-  const authPayload = {};
-  if (auth.type) {
-    authPayload.type = auth.type;
+async function registerEncryptionKey(client, payload) {
+  const raw = await client.requestJson("/encryption/keys", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: payload
+  });
+  return client.parseWithSchema(
+    raw,
+    registerEncryptionKeyResponseSchema,
+    "register encryption key response"
+  );
+}
+function normalizeAutoRegisterIdentity(config) {
+  const identity = {};
+  if (config.uaid) {
+    identity.uaid = config.uaid;
+  }
+  if (config.ledgerAccountId) {
+    identity.ledgerAccountId = config.ledgerAccountId;
+    if (config.ledgerNetwork) {
+      identity.ledgerNetwork = config.ledgerNetwork;
+    }
   }
-  if (auth.token) {
-    authPayload.token = auth.token;
+  if (config.email) {
+    identity.email = config.email;
   }
-  if (auth.username) {
-    authPayload.username = auth.username;
+  if (identity.uaid || identity.ledgerAccountId || identity.email) {
+    return identity;
   }
-  if (auth.password) {
-    authPayload.password = auth.password;
+  return null;
+}
+function derivePublicKeyFromPrivateKey(client, privateKey) {
+  const normalized = client.hexToBuffer(privateKey);
+  const publicKey = secp256k1.getPublicKey(normalized, true);
+  return Buffer.from(publicKey).toString("hex");
+}
+async function resolveAutoRegisterKeyMaterial(client, config) {
+  if (config.publicKey?.trim()) {
+    return { publicKey: config.publicKey.trim() };
+  }
+  let privateKey = config.privateKey?.trim();
+  const envVar = config.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {
+    privateKey = process.env[envVar]?.trim();
+  }
+  if (!privateKey && config.generateIfMissing) {
+    const pair = await client.generateEncryptionKeyPair({
+      keyType: config.keyType ?? "secp256k1",
+      envVar,
+      envPath: config.envPath,
+      overwrite: config.overwriteEnv
+    });
+    return { publicKey: pair.publicKey, privateKey: pair.privateKey };
   }
-  if (auth.headerName) {
-    authPayload.headerName = auth.headerName;
+  if (privateKey) {
+    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);
+    return { publicKey, privateKey };
   }
-  if (auth.headerValue) {
-    authPayload.headerValue = auth.headerValue;
+  return null;
+}
+async function autoRegisterEncryptionKey(client, config) {
+  const identity = normalizeAutoRegisterIdentity(config);
+  if (!identity) {
+    throw new Error(
+      "Auto-registration requires uaid, ledgerAccountId, or email"
+    );
   }
-  if (auth.headers) {
-    authPayload.headers = { ...auth.headers };
+  const material = await resolveAutoRegisterKeyMaterial(client, config);
+  if (!material) {
+    throw new Error(
+      "Unable to resolve encryption public key for auto-registration"
+    );
   }
-  return authPayload;
-};
-const serialiseAgentRegistrationRequest = (payload) => {
-  const body = {
-    profile: toJsonObject(payload.profile)
+  await registerEncryptionKey(client, {
+    keyType: config.keyType ?? "secp256k1",
+    publicKey: material.publicKey,
+    ...identity
+  });
+  return material;
+}
+async function ensureAgentEncryptionKey(client, options) {
+  return autoRegisterEncryptionKey(client, {
+    ...options,
+    uaid: options.uaid
+  });
+}
+function createEncryptionApi(client) {
+  return {
+    registerKey: (payload) => registerEncryptionKey(client, payload),
+    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),
+    deriveSharedSecret: (options) => client.deriveSharedSecret(options),
+    encryptCipherEnvelope: (options) => client.buildCipherEnvelope(options),
+    decryptCipherEnvelope: (options) => client.openCipherEnvelope(options),
+    ensureAgentKey: (options) => ensureAgentEncryptionKey(client, options)
   };
-  if (payload.endpoint !== void 0) {
-    body.endpoint = payload.endpoint;
-  }
-  if (payload.protocol !== void 0) {
-    body.protocol = payload.protocol;
-  }
-  if (payload.communicationProtocol !== void 0) {
-    body.communicationProtocol = payload.communicationProtocol;
-  }
-  if (payload.registry !== void 0) {
-    body.registry = payload.registry;
-  }
-  if (payload.additionalRegistries !== void 0) {
-    body.additionalRegistries = payload.additionalRegistries;
-  }
-  if (payload.metadata !== void 0) {
-    body.metadata = toJsonObject(payload.metadata);
-  }
-  return body;
-};
-const normalizeHexPrivateKey = (value) => {
-  const trimmed = value.trim();
-  if (!trimmed) {
-    throw new Error("evmPrivateKey is required");
-  }
-  return trimmed.startsWith("0x") ? trimmed : `0x${trimmed}`;
-};
-function normaliseBaseUrl(input) {
-  const trimmed = input?.trim();
-  let baseCandidate = trimmed && trimmed.length > 0 ? trimmed : DEFAULT_BASE_URL;
-  try {
-    const url = new URL(stripTrailingSlashes(baseCandidate));
-    const hostname = url.hostname.toLowerCase();
-    const ensureRegistryPrefix = () => {
-      if (!url.pathname.startsWith("/registry")) {
-        url.pathname = url.pathname === "/" ? "/registry" : `/registry${url.pathname}`;
-      }
-    };
-    if (hostname === "hol.org") {
-      ensureRegistryPrefix();
-      baseCandidate = url.toString();
-    } else if (hostname === "registry.hashgraphonline.com" || hostname === "hashgraphonline.com") {
-      ensureRegistryPrefix();
-      url.hostname = "hol.org";
-      baseCandidate = url.toString();
-    }
-  } catch {
-  }
-  const withoutTrailing = stripTrailingSlashes(baseCandidate);
-  if (/\/api\/v\d+$/i.test(withoutTrailing)) {
-    return withoutTrailing;
-  }
-  if (/\/api$/i.test(withoutTrailing)) {
-    return `${withoutTrailing}/v1`;
+}
+async function bootstrapEncryptionOptions(client, options) {
+  if (!options?.autoRegister || options.autoRegister.enabled === false) {
+    return null;
   }
-  return `${withoutTrailing}/api/v1`;
+  return autoRegisterEncryptionKey(client, options.autoRegister);
 }
-function buildSearchQuery(params) {
-  const query = new URLSearchParams();
-  const appendList = (key, values) => {
-    if (!values) {
-      return;
+async function generateEncryptionKeyPair(client, options = {}) {
+  client.assertNodeRuntime("generateEncryptionKeyPair");
+  const keyType = options.keyType ?? "secp256k1";
+  if (keyType !== "secp256k1") {
+    throw new Error("Only secp256k1 key generation is supported currently");
+  }
+  const privateKeyBytes = randomBytes(32);
+  const privateKey = Buffer.from(privateKeyBytes).toString("hex");
+  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);
+  const publicKey = Buffer.from(publicKeyBytes).toString("hex");
+  const envVar = options.envVar ?? "RB_ENCRYPTION_PRIVATE_KEY";
+  const resolvedPath = options.envPath ? path.resolve(options.envPath) : void 0;
+  if (resolvedPath) {
+    const fsModule = await getFs();
+    if (!fsModule) {
+      throw new Error(
+        "File system module is not available; cannot write encryption key env file"
+      );
     }
-    values.forEach((value) => {
-      if (typeof value === "string") {
-        const trimmed = value.trim();
-        if (trimmed.length > 0) {
-          query.append(key, trimmed);
+    const envLine = `${envVar}=${privateKey}`;
+    if (fsModule.existsSync(resolvedPath)) {
+      const content = fsModule.readFileSync(resolvedPath, "utf-8");
+      const lineRegex = new RegExp(`^${envVar}=.*$`, "m");
+      if (lineRegex.test(content)) {
+        if (!options.overwrite) {
+          throw new Error(
+            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`
+          );
         }
+        const updated = content.replace(lineRegex, envLine);
+        fsModule.writeFileSync(resolvedPath, updated);
+      } else {
+        const needsNewline = !content.endsWith("\n");
+        fsModule.appendFileSync(
+          resolvedPath,
+          `${needsNewline ? "\n" : ""}${envLine}
+`
+        );
       }
-    });
-  };
-  if (params.q) {
-    const trimmed = params.q.trim();
-    if (trimmed.length > 0) {
-      query.set("q", trimmed);
-    }
-  }
-  if (typeof params.page === "number") {
-    query.set("page", params.page.toString());
-  }
-  if (typeof params.limit === "number") {
-    query.set("limit", params.limit.toString());
-  }
-  if (params.registry) {
-    const trimmed = params.registry.trim();
-    if (trimmed.length > 0) {
-      query.set("registry", trimmed);
-    }
-  }
-  appendList("registries", params.registries);
-  if (typeof params.minTrust === "number") {
-    query.set("minTrust", params.minTrust.toString());
-  }
-  appendList("capabilities", params.capabilities);
-  appendList("protocols", params.protocols);
-  appendList("adapters", params.adapters);
-  if (params.metadata) {
-    Object.entries(params.metadata).forEach(([key, values]) => {
-      if (!key || !Array.isArray(values) || values.length === 0) {
-        return;
-      }
-      const trimmedKey = key.trim();
-      if (trimmedKey.length === 0) {
-        return;
-      }
-      values.forEach((value) => {
-        if (value === void 0 || value === null) {
-          return;
-        }
-        query.append(`metadata.${trimmedKey}`, String(value));
-      });
-    });
-  }
-  if (params.type) {
-    const trimmedType = params.type.trim();
-    if (trimmedType.length > 0 && trimmedType.toLowerCase() !== "all") {
-      query.set("type", trimmedType);
+    } else {
+      fsModule.writeFileSync(resolvedPath, `${envLine}
+`);
     }
   }
-  if (params.verified === true) {
-    query.set("verified", "true");
-  }
-  if (params.online === true) {
-    query.set("online", "true");
-  }
-  if (params.sortBy) {
-    const trimmedSort = params.sortBy.trim();
-    if (trimmedSort.length > 0) {
-      query.set("sortBy", trimmedSort);
-    }
-  }
-  if (params.sortOrder) {
-    const lowered = params.sortOrder.toLowerCase();
-    if (lowered === "asc" || lowered === "desc") {
-      query.set("sortOrder", lowered);
-    }
-  }
-  const queryString = query.toString();
-  return queryString.length > 0 ? `?${queryString}` : "";
+  return {
+    privateKey,
+    publicKey,
+    envPath: resolvedPath,
+    envVar
+  };
 }
 export {
-  DEFAULT_BASE_URL,
-  DEFAULT_HISTORY_TOP_UP_HBAR,
-  DEFAULT_PROGRESS_INTERVAL_MS,
-  DEFAULT_PROGRESS_TIMEOUT_MS,
-  DEFAULT_USER_AGENT,
-  JSON_CONTENT_TYPE,
-  MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS,
-  buildSearchQuery,
-  createAbortError,
-  isBrowserRuntime,
-  isJsonObject,
-  normaliseBaseUrl,
-  normaliseHeaderName,
-  normalizeHexPrivateKey,
-  serialiseAgentRegistrationRequest,
-  serialiseAuthConfig,
-  toJsonObject,
-  toJsonValue
+  autoRegisterEncryptionKey,
+  bootstrapEncryptionOptions,
+  createEncryptionApi,
+  ensureAgentEncryptionKey,
+  generateEncryptionKeyPair,
+  registerEncryptionKey
 };
 //# sourceMappingURL=standards-sdk.es169.js.map

package/dist/es/standards-sdk.es169.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es169.js","sources":["../../src/services/registry-broker/client/utils.ts"],"sourcesContent":["import type {\n  AgentAuthConfig,\n  AgentRegistrationRequest,\n  JsonObject,\n  JsonValue,\n  SearchParams,\n} from '../types';\n\nexport const DEFAULT_USER_AGENT = '@hol-org/rb-client';\nexport const DEFAULT_PROGRESS_INTERVAL_MS = 1_500;\nexport const DEFAULT_PROGRESS_TIMEOUT_MS = 5 * 60 * 1_000;\nexport const DEFAULT_BASE_URL = 'https://hol.org/registry/api/v1';\nexport const JSON_CONTENT_TYPE = /application\\/json/i;\nexport const DEFAULT_HISTORY_TOP_UP_HBAR = 0.25;\nexport const MINIMUM_REGISTRATION_AUTO_TOP_UP_CREDITS = 1;\n\nconst stripTrailingSlashes = (value: string): string => {\n  let end = value.length;\n  while (end > 0 && value.charCodeAt(end - 1) === 47) {\n    end -= 1;\n  }\n  return end === value.length ? value : value.slice(0, end);\n};\n\nexport const createAbortError = (): Error =>\n  typeof DOMException === 'function'\n    ? new DOMException('Aborted', 'AbortError')\n    : new Error('The operation was aborted');\n\nexport const normaliseHeaderName = (name: string): string =>\n  name.trim().toLowerCase();\n\nexport const isBrowserRuntime = (): boolean =>\n  typeof window !== 'undefined' && typeof window.fetch === 'function';\n\nexport const toJsonValue = (value: unknown): JsonValue => {\n  if (value === null) {\n    return null;\n  }\n  if (value instanceof Date) {\n    return value.toISOString();\n  }\n  if (\n    typeof value === 'string' ||\n    typeof value === 'number' ||\n    typeof value === 'boolean'\n  ) {\n    return value;\n  }\n  if (Array.isArray(value)) {\n    return value.map(item => (item === undefined ? null : toJsonValue(item)));\n  }\n  if (typeof value === 'object') {\n    const result: JsonObject = {};\n    Object.entries(value as Record<string, unknown>).forEach(\n      ([key, entryValue]) => {\n        if (entryValue !== undefined) {\n          result[key] = toJsonValue(entryValue);\n        }\n      },\n    );\n    return result;\n  }\n  throw new TypeError('Only JSON-compatible values are supported');\n};\n\nexport const isJsonObject = (value: JsonValue): value is JsonObject =>\n  typeof value === 'object' && value !== null && !Array.isArray(value);\n\nexport const toJsonObject = (value: unknown): JsonObject => {\n  const normalised = toJsonValue(value);\n  if (isJsonObject(normalised)) {\n    return normalised;\n  }\n  throw new TypeError('Expected JSON object value');\n};\n\nexport const serialiseAuthConfig = (auth: AgentAuthConfig): JsonObject => {\n  const authPayload: JsonObject = {};\n  if (auth.type) {\n    authPayload.type = auth.type;\n  }\n  if (auth.token) {\n    authPayload.token = auth.token;\n  }\n  if (auth.username) {\n    authPayload.username = auth.username;\n  }\n  if (auth.password) {\n    authPayload.password = auth.password;\n  }\n  if (auth.headerName) {\n    authPayload.headerName = auth.headerName;\n  }\n  if (auth.headerValue) {\n    authPayload.headerValue = auth.headerValue;\n  }\n  if (auth.headers) {\n    authPayload.headers = { ...auth.headers };\n  }\n  return authPayload;\n};\n\nexport const serialiseAgentRegistrationRequest = (\n  payload: AgentRegistrationRequest,\n): JsonObject => {\n  const body: JsonObject = {\n    profile: toJsonObject(payload.profile),\n  };\n  if (payload.endpoint !== undefined) {\n    body.endpoint = payload.endpoint;\n  }\n  if (payload.protocol !== undefined) {\n    body.protocol = payload.protocol;\n  }\n  if (payload.communicationProtocol !== undefined) {\n    body.communicationProtocol = payload.communicationProtocol;\n  }\n  if (payload.registry !== undefined) {\n    body.registry = payload.registry;\n  }\n  if (payload.additionalRegistries !== undefined) {\n    body.additionalRegistries = payload.additionalRegistries;\n  }\n  if (payload.metadata !== undefined) {\n    body.metadata = toJsonObject(payload.metadata);\n  }\n  return body;\n};\n\nexport type X402NetworkId = 'base' | 'base-sepolia';\n\nexport const normalizeHexPrivateKey = (value: string): `0x${string}` => {\n  const trimmed = value.trim();\n  if (!trimmed) {\n    throw new Error('evmPrivateKey is required');\n  }\n  return trimmed.startsWith('0x')\n    ? (trimmed as `0x${string}`)\n    : (`0x${trimmed}` as `0x${string}`);\n};\n\nexport function normaliseBaseUrl(input?: string): string {\n  const trimmed = input?.trim();\n  let baseCandidate =\n    trimmed && trimmed.length > 0 ? trimmed : DEFAULT_BASE_URL;\n\n  try {\n    const url = new URL(stripTrailingSlashes(baseCandidate));\n    const hostname = url.hostname.toLowerCase();\n    const ensureRegistryPrefix = (): void => {\n      if (!url.pathname.startsWith('/registry')) {\n        url.pathname =\n          url.pathname === '/' ? '/registry' : `/registry${url.pathname}`;\n      }\n    };\n\n    if (hostname === 'hol.org') {\n      ensureRegistryPrefix();\n      baseCandidate = url.toString();\n    } else if (\n      hostname === 'registry.hashgraphonline.com' ||\n      hostname === 'hashgraphonline.com'\n    ) {\n      ensureRegistryPrefix();\n      url.hostname = 'hol.org';\n      baseCandidate = url.toString();\n    }\n  } catch {}\n\n  const withoutTrailing = stripTrailingSlashes(baseCandidate);\n  if (/\\/api\\/v\\d+$/i.test(withoutTrailing)) {\n    return withoutTrailing;\n  }\n  if (/\\/api$/i.test(withoutTrailing)) {\n    return `${withoutTrailing}/v1`;\n  }\n  return `${withoutTrailing}/api/v1`;\n}\n\nexport function buildSearchQuery(params: SearchParams): string {\n  const query = new URLSearchParams();\n  const appendList = (key: string, values?: string[]) => {\n    if (!values) {\n      return;\n    }\n    values.forEach(value => {\n      if (typeof value === 'string') {\n        const trimmed = value.trim();\n        if (trimmed.length > 0) {\n          query.append(key, trimmed);\n        }\n      }\n    });\n  };\n\n  if (params.q) {\n    const trimmed = params.q.trim();\n    if (trimmed.length > 0) {\n      query.set('q', trimmed);\n    }\n  }\n  if (typeof params.page === 'number') {\n    query.set('page', params.page.toString());\n  }\n  if (typeof params.limit === 'number') {\n    query.set('limit', params.limit.toString());\n  }\n  if (params.registry) {\n    const trimmed = params.registry.trim();\n    if (trimmed.length > 0) {\n      query.set('registry', trimmed);\n    }\n  }\n  appendList('registries', params.registries);\n  if (typeof params.minTrust === 'number') {\n    query.set('minTrust', params.minTrust.toString());\n  }\n  appendList('capabilities', params.capabilities);\n  appendList('protocols', params.protocols);\n  appendList('adapters', params.adapters);\n\n  if (params.metadata) {\n    Object.entries(params.metadata).forEach(([key, values]) => {\n      if (!key || !Array.isArray(values) || values.length === 0) {\n        return;\n      }\n      const trimmedKey = key.trim();\n      if (trimmedKey.length === 0) {\n        return;\n      }\n      values.forEach(value => {\n        if (value === undefined || value === null) {\n          return;\n        }\n        query.append(`metadata.${trimmedKey}`, String(value));\n      });\n    });\n  }\n\n  if (params.type) {\n    const trimmedType = params.type.trim();\n    if (trimmedType.length > 0 && trimmedType.toLowerCase() !== 'all') {\n      query.set('type', trimmedType);\n    }\n  }\n\n  if (params.verified === true) {\n    query.set('verified', 'true');\n  }\n\n  if (params.online === true) {\n    query.set('online', 'true');\n  }\n\n  if (params.sortBy) {\n    const trimmedSort = params.sortBy.trim();\n    if (trimmedSort.length > 0) {\n      query.set('sortBy', trimmedSort);\n    }\n  }\n\n  if (params.sortOrder) {\n    const lowered = params.sortOrder.toLowerCase();\n    if (lowered === 'asc' || lowered === 'desc') {\n      query.set('sortOrder', lowered);\n    }\n  }\n  const queryString = query.toString();\n  return queryString.length > 0 ? `?${queryString}` : '';\n}\n"],"names":[],"mappings":"AAQO,MAAM,qBAAqB;AAC3B,MAAM,+BAA+B;AACrC,MAAM,8BAA8B,IAAI,KAAK;AAC7C,MAAM,mBAAmB;AACzB,MAAM,oBAAoB;AAC1B,MAAM,8BAA8B;AACpC,MAAM,2CAA2C;AAExD,MAAM,uBAAuB,CAAC,UAA0B;AACtD,MAAI,MAAM,MAAM;AAChB,SAAO,MAAM,KAAK,MAAM,WAAW,MAAM,CAAC,MAAM,IAAI;AAClD,WAAO;AAAA,EACT;AACA,SAAO,QAAQ,MAAM,SAAS,QAAQ,MAAM,MAAM,GAAG,GAAG;AAC1D;AAEO,MAAM,mBAAmB,MAC9B,OAAO,iBAAiB,aACpB,IAAI,aAAa,WAAW,YAAY,IACxC,IAAI,MAAM,2BAA2B;AAEpC,MAAM,sBAAsB,CAAC,SAClC,KAAK,KAAA,EAAO,YAAA;AAEP,MAAM,mBAAmB,MAC9B,OAAO,WAAW,eAAe,OAAO,OAAO,UAAU;AAEpD,MAAM,cAAc,CAAC,UAA8B;AACxD,MAAI,UAAU,MAAM;AAClB,WAAO;AAAA,EACT;AACA,MAAI,iBAAiB,MAAM;AACzB,WAAO,MAAM,YAAA;AAAA,EACf;AACA,MACE,OAAO,UAAU,YACjB,OAAO,UAAU,YACjB,OAAO,UAAU,WACjB;AACA,WAAO;AAAA,EACT;AACA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,CAAA,SAAS,SAAS,SAAY,OAAO,YAAY,IAAI,CAAE;AAAA,EAC1E;AACA,MAAI,OAAO,UAAU,UAAU;AAC7B,UAAM,SAAqB,CAAA;AAC3B,WAAO,QAAQ,KAAgC,EAAE;AAAA,MAC/C,CAAC,CAAC,KAAK,UAAU,MAAM;AACrB,YAAI,eAAe,QAAW;AAC5B,iBAAO,GAAG,IAAI,YAAY,UAAU;AAAA,QACtC;AAAA,MACF;AAAA,IAAA;AAEF,WAAO;AAAA,EACT;AACA,QAAM,IAAI,UAAU,2CAA2C;AACjE;AAEO,MAAM,eAAe,CAAC,UAC3B,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAE9D,MAAM,eAAe,CAAC,UAA+B;AAC1D,QAAM,aAAa,YAAY,KAAK;AACpC,MAAI,aAAa,UAAU,GAAG;AAC5B,WAAO;AAAA,EACT;AACA,QAAM,IAAI,UAAU,4BAA4B;AAClD;AAEO,MAAM,sBAAsB,CAAC,SAAsC;AACxE,QAAM,cAA0B,CAAA;AAChC,MAAI,KAAK,MAAM;AACb,gBAAY,OAAO,KAAK;AAAA,EAC1B;AACA,MAAI,KAAK,OAAO;AACd,gBAAY,QAAQ,KAAK;AAAA,EAC3B;AACA,MAAI,KAAK,UAAU;AACjB,gBAAY,WAAW,KAAK;AAAA,EAC9B;AACA,MAAI,KAAK,UAAU;AACjB,gBAAY,WAAW,KAAK;AAAA,EAC9B;AACA,MAAI,KAAK,YAAY;AACnB,gBAAY,aAAa,KAAK;AAAA,EAChC;AACA,MAAI,KAAK,aAAa;AACpB,gBAAY,cAAc,KAAK;AAAA,EACjC;AACA,MAAI,KAAK,SAAS;AAChB,gBAAY,UAAU,EAAE,GAAG,KAAK,QAAA;AAAA,EAClC;AACA,SAAO;AACT;AAEO,MAAM,oCAAoC,CAC/C,YACe;AACf,QAAM,OAAmB;AAAA,IACvB,SAAS,aAAa,QAAQ,OAAO;AAAA,EAAA;AAEvC,MAAI,QAAQ,aAAa,QAAW;AAClC,SAAK,WAAW,QAAQ;AAAA,EAC1B;AACA,MAAI,QAAQ,aAAa,QAAW;AAClC,SAAK,WAAW,QAAQ;AAAA,EAC1B;AACA,MAAI,QAAQ,0BAA0B,QAAW;AAC/C,SAAK,wBAAwB,QAAQ;AAAA,EACvC;AACA,MAAI,QAAQ,aAAa,QAAW;AAClC,SAAK,WAAW,QAAQ;AAAA,EAC1B;AACA,MAAI,QAAQ,yBAAyB,QAAW;AAC9C,SAAK,uBAAuB,QAAQ;AAAA,EACtC;AACA,MAAI,QAAQ,aAAa,QAAW;AAClC,SAAK,WAAW,aAAa,QAAQ,QAAQ;AAAA,EAC/C;AACA,SAAO;AACT;AAIO,MAAM,yBAAyB,CAAC,UAAiC;AACtE,QAAM,UAAU,MAAM,KAAA;AACtB,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC7C;AACA,SAAO,QAAQ,WAAW,IAAI,IACzB,UACA,KAAK,OAAO;AACnB;AAEO,SAAS,iBAAiB,OAAwB;AACvD,QAAM,UAAU,OAAO,KAAA;AACvB,MAAI,gBACF,WAAW,QAAQ,SAAS,IAAI,UAAU;AAE5C,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,qBAAqB,aAAa,CAAC;AACvD,UAAM,WAAW,IAAI,SAAS,YAAA;AAC9B,UAAM,uBAAuB,MAAY;AACvC,UAAI,CAAC,IAAI,SAAS,WAAW,WAAW,GAAG;AACzC,YAAI,WACF,IAAI,aAAa,MAAM,cAAc,YAAY,IAAI,QAAQ;AAAA,MACjE;AAAA,IACF;AAEA,QAAI,aAAa,WAAW;AAC1B,2BAAA;AACA,sBAAgB,IAAI,SAAA;AAAA,IACtB,WACE,aAAa,kCACb,aAAa,uBACb;AACA,2BAAA;AACA,UAAI,WAAW;AACf,sBAAgB,IAAI,SAAA;AAAA,IACtB;AAAA,EACF,QAAQ;AAAA,EAAC;AAET,QAAM,kBAAkB,qBAAqB,aAAa;AAC1D,MAAI,gBAAgB,KAAK,eAAe,GAAG;AACzC,WAAO;AAAA,EACT;AACA,MAAI,UAAU,KAAK,eAAe,GAAG;AACnC,WAAO,GAAG,eAAe;AAAA,EAC3B;AACA,SAAO,GAAG,eAAe;AAC3B;AAEO,SAAS,iBAAiB,QAA8B;AAC7D,QAAM,QAAQ,IAAI,gBAAA;AAClB,QAAM,aAAa,CAAC,KAAa,WAAsB;AACrD,QAAI,CAAC,QAAQ;AACX;AAAA,IACF;AACA,WAAO,QAAQ,CAAA,UAAS;AACtB,UAAI,OAAO,UAAU,UAAU;AAC7B,cAAM,UAAU,MAAM,KAAA;AACtB,YAAI,QAAQ,SAAS,GAAG;AACtB,gBAAM,OAAO,KAAK,OAAO;AAAA,QAC3B;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,GAAG;AACZ,UAAM,UAAU,OAAO,EAAE,KAAA;AACzB,QAAI,QAAQ,SAAS,GAAG;AACtB,YAAM,IAAI,KAAK,OAAO;AAAA,IACxB;AAAA,EACF;AACA,MAAI,OAAO,OAAO,SAAS,UAAU;AACnC,UAAM,IAAI,QAAQ,OAAO,KAAK,UAAU;AAAA,EAC1C;AACA,MAAI,OAAO,OAAO,UAAU,UAAU;AACpC,UAAM,IAAI,SAAS,OAAO,MAAM,UAAU;AAAA,EAC5C;AACA,MAAI,OAAO,UAAU;AACnB,UAAM,UAAU,OAAO,SAAS,KAAA;AAChC,QAAI,QAAQ,SAAS,GAAG;AACtB,YAAM,IAAI,YAAY,OAAO;AAAA,IAC/B;AAAA,EACF;AACA,aAAW,cAAc,OAAO,UAAU;AAC1C,MAAI,OAAO,OAAO,aAAa,UAAU;AACvC,UAAM,IAAI,YAAY,OAAO,SAAS,UAAU;AAAA,EAClD;AACA,aAAW,gBAAgB,OAAO,YAAY;AAC9C,aAAW,aAAa,OAAO,SAAS;AACxC,aAAW,YAAY,OAAO,QAAQ;AAEtC,MAAI,OAAO,UAAU;AACnB,WAAO,QAAQ,OAAO,QAAQ,EAAE,QAAQ,CAAC,CAAC,KAAK,MAAM,MAAM;AACzD,UAAI,CAAC,OAAO,CAAC,MAAM,QAAQ,MAAM,KAAK,OAAO,WAAW,GAAG;AACzD;AAAA,MACF;AACA,YAAM,aAAa,IAAI,KAAA;AACvB,UAAI,WAAW,WAAW,GAAG;AAC3B;AAAA,MACF;AACA,aAAO,QAAQ,CAAA,UAAS;AACtB,YAAI,UAAU,UAAa,UAAU,MAAM;AACzC;AAAA,QACF;AACA,cAAM,OAAO,YAAY,UAAU,IAAI,OAAO,KAAK,CAAC;AAAA,MACtD,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,MAAM;AACf,UAAM,cAAc,OAAO,KAAK,KAAA;AAChC,QAAI,YAAY,SAAS,KAAK,YAAY,YAAA,MAAkB,OAAO;AACjE,YAAM,IAAI,QAAQ,WAAW;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,OAAO,aAAa,MAAM;AAC5B,UAAM,IAAI,YAAY,MAAM;AAAA,EAC9B;AAEA,MAAI,OAAO,WAAW,MAAM;AAC1B,UAAM,IAAI,UAAU,MAAM;AAAA,EAC5B;AAEA,MAAI,OAAO,QAAQ;AACjB,UAAM,cAAc,OAAO,OAAO,KAAA;AAClC,QAAI,YAAY,SAAS,GAAG;AAC1B,YAAM,IAAI,UAAU,WAAW;AAAA,IACjC;AAAA,EACF;AAEA,MAAI,OAAO,WAAW;AACpB,UAAM,UAAU,OAAO,UAAU,YAAA;AACjC,QAAI,YAAY,SAAS,YAAY,QAAQ;AAC3C,YAAM,IAAI,aAAa,OAAO;AAAA,IAChC;AAAA,EACF;AACA,QAAM,cAAc,MAAM,SAAA;AAC1B,SAAO,YAAY,SAAS,IAAI,IAAI,WAAW,KAAK;AACtD;"}
+{"version":3,"file":"standards-sdk.es169.js","sources":["../../src/services/registry-broker/client/encryption.ts"],"sourcesContent":["import * as path from 'path';\nimport { Buffer } from 'buffer';\nimport { randomBytes } from 'crypto';\nimport { secp256k1 } from '@noble/curves/secp256k1.js';\nimport type {\n  AutoRegisterEncryptionKeyOptions,\n  CipherEnvelope,\n  ClientEncryptionOptions,\n  DecryptCipherEnvelopeOptions,\n  DeriveSharedSecretOptions,\n  EncryptCipherEnvelopeOptions,\n  EphemeralKeyPair,\n  EnsureAgentKeyOptions,\n  RegisterEncryptionKeyPayload,\n  RegisterEncryptionKeyResponse,\n  SharedSecretInput,\n} from '../types';\nimport { registerEncryptionKeyResponseSchema } from '../schemas';\nimport { optionalImport } from '../../../utils/dynamic-import';\nimport type {\n  RegistryBrokerClient,\n  GenerateEncryptionKeyPairOptions,\n} from './base-client';\n\ntype FsModule = {\n  existsSync: (path: string) => boolean;\n  readFileSync: (path: string, encoding: BufferEncoding) => string;\n  writeFileSync: (path: string, data: string) => void;\n  appendFileSync: (path: string, data: string) => void;\n};\n\nconst getFs = async (): Promise<FsModule | null> => {\n  const fsModule = await optionalImport<Partial<FsModule>>('node:fs');\n\n  if (\n    fsModule &&\n    typeof fsModule.existsSync === 'function' &&\n    typeof fsModule.readFileSync === 'function' &&\n    typeof fsModule.writeFileSync === 'function' &&\n    typeof fsModule.appendFileSync === 'function'\n  ) {\n    return fsModule as FsModule;\n  }\n\n  return null;\n};\n\nexport interface RegistryBrokerEncryptionApi {\n  registerKey: (\n    payload: RegisterEncryptionKeyPayload,\n  ) => Promise<RegisterEncryptionKeyResponse>;\n  generateEphemeralKeyPair: () => EphemeralKeyPair;\n  deriveSharedSecret: (options: DeriveSharedSecretOptions) => Buffer;\n  encryptCipherEnvelope: (\n    options: EncryptCipherEnvelopeOptions,\n  ) => CipherEnvelope;\n  decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) => string;\n  ensureAgentKey: (\n    options: EnsureAgentKeyOptions,\n  ) => Promise<{ publicKey: string; privateKey?: string }>;\n}\n\nexport async function registerEncryptionKey(\n  client: RegistryBrokerClient,\n  payload: RegisterEncryptionKeyPayload,\n): Promise<RegisterEncryptionKeyResponse> {\n  const raw = await client.requestJson('/encryption/keys', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body: payload,\n  });\n  return client.parseWithSchema(\n    raw,\n    registerEncryptionKeyResponseSchema,\n    'register encryption key response',\n  );\n}\n\nfunction normalizeAutoRegisterIdentity(\n  config: AutoRegisterEncryptionKeyOptions,\n): Pick<\n  RegisterEncryptionKeyPayload,\n  'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n> | null {\n  const identity: Pick<\n    RegisterEncryptionKeyPayload,\n    'uaid' | 'ledgerAccountId' | 'ledgerNetwork' | 'email'\n  > = {};\n  if (config.uaid) {\n    identity.uaid = config.uaid;\n  }\n  if (config.ledgerAccountId) {\n    identity.ledgerAccountId = config.ledgerAccountId;\n    if (config.ledgerNetwork) {\n      identity.ledgerNetwork = config.ledgerNetwork;\n    }\n  }\n  if (config.email) {\n    identity.email = config.email;\n  }\n  if (identity.uaid || identity.ledgerAccountId || identity.email) {\n    return identity;\n  }\n  return null;\n}\n\nfunction derivePublicKeyFromPrivateKey(\n  client: RegistryBrokerClient,\n  privateKey: string,\n): string {\n  const normalized = client.hexToBuffer(privateKey);\n  const publicKey = secp256k1.getPublicKey(normalized, true);\n  return Buffer.from(publicKey).toString('hex');\n}\n\nasync function resolveAutoRegisterKeyMaterial(\n  client: RegistryBrokerClient,\n  config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n  if (config.publicKey?.trim()) {\n    return { publicKey: config.publicKey.trim() };\n  }\n  let privateKey = config.privateKey?.trim();\n  const envVar = config.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n  if (!privateKey && envVar && process?.env?.[envVar]?.trim()) {\n    privateKey = process.env[envVar]?.trim();\n  }\n  if (!privateKey && config.generateIfMissing) {\n    const pair = await client.generateEncryptionKeyPair({\n      keyType: config.keyType ?? 'secp256k1',\n      envVar,\n      envPath: config.envPath,\n      overwrite: config.overwriteEnv,\n    });\n    return { publicKey: pair.publicKey, privateKey: pair.privateKey };\n  }\n  if (privateKey) {\n    const publicKey = derivePublicKeyFromPrivateKey(client, privateKey);\n    return { publicKey, privateKey };\n  }\n  return null;\n}\n\nexport async function autoRegisterEncryptionKey(\n  client: RegistryBrokerClient,\n  config: AutoRegisterEncryptionKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n  const identity = normalizeAutoRegisterIdentity(config);\n  if (!identity) {\n    throw new Error(\n      'Auto-registration requires uaid, ledgerAccountId, or email',\n    );\n  }\n  const material = await resolveAutoRegisterKeyMaterial(client, config);\n  if (!material) {\n    throw new Error(\n      'Unable to resolve encryption public key for auto-registration',\n    );\n  }\n  await registerEncryptionKey(client, {\n    keyType: config.keyType ?? 'secp256k1',\n    publicKey: material.publicKey,\n    ...identity,\n  });\n  return material;\n}\n\nexport async function ensureAgentEncryptionKey(\n  client: RegistryBrokerClient,\n  options: EnsureAgentKeyOptions,\n): Promise<{ publicKey: string; privateKey?: string }> {\n  return autoRegisterEncryptionKey(client, {\n    ...options,\n    uaid: options.uaid,\n    enabled: true,\n  });\n}\n\nexport function createEncryptionApi(\n  client: RegistryBrokerClient,\n): RegistryBrokerEncryptionApi {\n  return {\n    registerKey: (payload: RegisterEncryptionKeyPayload) =>\n      registerEncryptionKey(client, payload),\n    generateEphemeralKeyPair: () => client.createEphemeralKeyPair(),\n    deriveSharedSecret: (options: DeriveSharedSecretOptions) =>\n      client.deriveSharedSecret(options),\n    encryptCipherEnvelope: (options: EncryptCipherEnvelopeOptions) =>\n      client.buildCipherEnvelope(options),\n    decryptCipherEnvelope: (options: DecryptCipherEnvelopeOptions) =>\n      client.openCipherEnvelope(options),\n    ensureAgentKey: (options: EnsureAgentKeyOptions) =>\n      ensureAgentEncryptionKey(client, options),\n  };\n}\n\nexport async function bootstrapEncryptionOptions(\n  client: RegistryBrokerClient,\n  options?: ClientEncryptionOptions,\n): Promise<{ publicKey: string; privateKey?: string } | null> {\n  if (!options?.autoRegister || options.autoRegister.enabled === false) {\n    return null;\n  }\n  return autoRegisterEncryptionKey(client, options.autoRegister);\n}\n\nexport async function generateEncryptionKeyPair(\n  client: RegistryBrokerClient,\n  options: GenerateEncryptionKeyPairOptions = {},\n): Promise<{\n  privateKey: string;\n  publicKey: string;\n  envPath?: string;\n  envVar: string;\n}> {\n  client.assertNodeRuntime('generateEncryptionKeyPair');\n\n  const keyType = options.keyType ?? 'secp256k1';\n  if (keyType !== 'secp256k1') {\n    throw new Error('Only secp256k1 key generation is supported currently');\n  }\n\n  const privateKeyBytes = randomBytes(32);\n  const privateKey = Buffer.from(privateKeyBytes).toString('hex');\n  const publicKeyBytes = secp256k1.getPublicKey(privateKeyBytes, true);\n  const publicKey = Buffer.from(publicKeyBytes).toString('hex');\n\n  const envVar = options.envVar ?? 'RB_ENCRYPTION_PRIVATE_KEY';\n  const resolvedPath = options.envPath\n    ? path.resolve(options.envPath)\n    : undefined;\n\n  if (resolvedPath) {\n    const fsModule = await getFs();\n\n    if (!fsModule) {\n      throw new Error(\n        'File system module is not available; cannot write encryption key env file',\n      );\n    }\n\n    const envLine = `${envVar}=${privateKey}`;\n    if (fsModule.existsSync(resolvedPath)) {\n      const content = fsModule.readFileSync(resolvedPath, 'utf-8');\n      const lineRegex = new RegExp(`^${envVar}=.*$`, 'm');\n      if (lineRegex.test(content)) {\n        if (!options.overwrite) {\n          throw new Error(\n            `${envVar} already exists in ${resolvedPath}; set overwrite=true to replace it`,\n          );\n        }\n        const updated = content.replace(lineRegex, envLine);\n        fsModule.writeFileSync(resolvedPath, updated);\n      } else {\n        const needsNewline = !content.endsWith('\\n');\n        fsModule.appendFileSync(\n          resolvedPath,\n          `${needsNewline ? '\\n' : ''}${envLine}\\n`,\n        );\n      }\n    } else {\n      fsModule.writeFileSync(resolvedPath, `${envLine}\\n`);\n    }\n  }\n\n  return {\n    privateKey,\n    publicKey,\n    envPath: resolvedPath,\n    envVar,\n  };\n}\n"],"names":[],"mappings":";;;;;;AA+BA,MAAM,QAAQ,YAAsC;AAClD,QAAM,WAAW,MAAM,eAAkC,SAAS;AAElE,MACE,YACA,OAAO,SAAS,eAAe,cAC/B,OAAO,SAAS,iBAAiB,cACjC,OAAO,SAAS,kBAAkB,cAClC,OAAO,SAAS,mBAAmB,YACnC;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAiBA,eAAsB,sBACpB,QACA,SACwC;AACxC,QAAM,MAAM,MAAM,OAAO,YAAY,oBAAoB;AAAA,IACvD,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B,MAAM;AAAA,EAAA,CACP;AACD,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,SAAS,8BACP,QAIO;AACP,QAAM,WAGF,CAAA;AACJ,MAAI,OAAO,MAAM;AACf,aAAS,OAAO,OAAO;AAAA,EACzB;AACA,MAAI,OAAO,iBAAiB;AAC1B,aAAS,kBAAkB,OAAO;AAClC,QAAI,OAAO,eAAe;AACxB,eAAS,gBAAgB,OAAO;AAAA,IAClC;AAAA,EACF;AACA,MAAI,OAAO,OAAO;AAChB,aAAS,QAAQ,OAAO;AAAA,EAC1B;AACA,MAAI,SAAS,QAAQ,SAAS,mBAAmB,SAAS,OAAO;AAC/D,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,8BACP,QACA,YACQ;AACR,QAAM,aAAa,OAAO,YAAY,UAAU;AAChD,QAAM,YAAY,UAAU,aAAa,YAAY,IAAI;AACzD,SAAO,OAAO,KAAK,SAAS,EAAE,SAAS,KAAK;AAC9C;AAEA,eAAe,+BACb,QACA,QAC4D;AAC5D,MAAI,OAAO,WAAW,QAAQ;AAC5B,WAAO,EAAE,WAAW,OAAO,UAAU,OAAK;AAAA,EAC5C;AACA,MAAI,aAAa,OAAO,YAAY,KAAA;AACpC,QAAM,SAAS,OAAO,UAAU;AAChC,MAAI,CAAC,cAAc,UAAU,SAAS,MAAM,MAAM,GAAG,QAAQ;AAC3D,iBAAa,QAAQ,IAAI,MAAM,GAAG,KAAA;AAAA,EACpC;AACA,MAAI,CAAC,cAAc,OAAO,mBAAmB;AAC3C,UAAM,OAAO,MAAM,OAAO,0BAA0B;AAAA,MAClD,SAAS,OAAO,WAAW;AAAA,MAC3B;AAAA,MACA,SAAS,OAAO;AAAA,MAChB,WAAW,OAAO;AAAA,IAAA,CACnB;AACD,WAAO,EAAE,WAAW,KAAK,WAAW,YAAY,KAAK,WAAA;AAAA,EACvD;AACA,MAAI,YAAY;AACd,UAAM,YAAY,8BAA8B,QAAQ,UAAU;AAClE,WAAO,EAAE,WAAW,WAAA;AAAA,EACtB;AACA,SAAO;AACT;AAEA,eAAsB,0BACpB,QACA,QACqD;AACrD,QAAM,WAAW,8BAA8B,MAAM;AACrD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,WAAW,MAAM,+BAA+B,QAAQ,MAAM;AACpE,MAAI,CAAC,UAAU;AACb,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,QAAM,sBAAsB,QAAQ;AAAA,IAClC,SAAS,OAAO,WAAW;AAAA,IAC3B,WAAW,SAAS;AAAA,IACpB,GAAG;AAAA,EAAA,CACJ;AACD,SAAO;AACT;AAEA,eAAsB,yBACpB,QACA,SACqD;AACrD,SAAO,0BAA0B,QAAQ;AAAA,IACvC,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAEhB,CAAC;AACH;AAEO,SAAS,oBACd,QAC6B;AAC7B,SAAO;AAAA,IACL,aAAa,CAAC,YACZ,sBAAsB,QAAQ,OAAO;AAAA,IACvC,0BAA0B,MAAM,OAAO,uBAAA;AAAA,IACvC,oBAAoB,CAAC,YACnB,OAAO,mBAAmB,OAAO;AAAA,IACnC,uBAAuB,CAAC,YACtB,OAAO,oBAAoB,OAAO;AAAA,IACpC,uBAAuB,CAAC,YACtB,OAAO,mBAAmB,OAAO;AAAA,IACnC,gBAAgB,CAAC,YACf,yBAAyB,QAAQ,OAAO;AAAA,EAAA;AAE9C;AAEA,eAAsB,2BACpB,QACA,SAC4D;AAC5D,MAAI,CAAC,SAAS,gBAAgB,QAAQ,aAAa,YAAY,OAAO;AACpE,WAAO;AAAA,EACT;AACA,SAAO,0BAA0B,QAAQ,QAAQ,YAAY;AAC/D;AAEA,eAAsB,0BACpB,QACA,UAA4C,IAM3C;AACD,SAAO,kBAAkB,2BAA2B;AAEpD,QAAM,UAAU,QAAQ,WAAW;AACnC,MAAI,YAAY,aAAa;AAC3B,UAAM,IAAI,MAAM,sDAAsD;AAAA,EACxE;AAEA,QAAM,kBAAkB,YAAY,EAAE;AACtC,QAAM,aAAa,OAAO,KAAK,eAAe,EAAE,SAAS,KAAK;AAC9D,QAAM,iBAAiB,UAAU,aAAa,iBAAiB,IAAI;AACnE,QAAM,YAAY,OAAO,KAAK,cAAc,EAAE,SAAS,KAAK;AAE5D,QAAM,SAAS,QAAQ,UAAU;AACjC,QAAM,eAAe,QAAQ,UACzB,KAAK,QAAQ,QAAQ,OAAO,IAC5B;AAEJ,MAAI,cAAc;AAChB,UAAM,WAAW,MAAM,MAAA;AAEvB,QAAI,CAAC,UAAU;AACb,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,UAAU,GAAG,MAAM,IAAI,UAAU;AACvC,QAAI,SAAS,WAAW,YAAY,GAAG;AACrC,YAAM,UAAU,SAAS,aAAa,cAAc,OAAO;AAC3D,YAAM,YAAY,IAAI,OAAO,IAAI,MAAM,QAAQ,GAAG;AAClD,UAAI,UAAU,KAAK,OAAO,GAAG;AAC3B,YAAI,CAAC,QAAQ,WAAW;AACtB,gBAAM,IAAI;AAAA,YACR,GAAG,MAAM,sBAAsB,YAAY;AAAA,UAAA;AAAA,QAE/C;AACA,cAAM,UAAU,QAAQ,QAAQ,WAAW,OAAO;AAClD,iBAAS,cAAc,cAAc,OAAO;AAAA,MAC9C,OAAO;AACL,cAAM,eAAe,CAAC,QAAQ,SAAS,IAAI;AAC3C,iBAAS;AAAA,UACP;AAAA,UACA,GAAG,eAAe,OAAO,EAAE,GAAG,OAAO;AAAA;AAAA,QAAA;AAAA,MAEzC;AAAA,IACF,OAAO;AACL,eAAS,cAAc,cAAc,GAAG,OAAO;AAAA,CAAI;AAAA,IACrD;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EAAA;AAEJ;"}