@id-wispera/core 0.1.0

package/dist/vault.d.ts

@@ -0,0 +1,151 @@
+/**
+ * ID Wispera Encrypted Vault
+ * Local-first encrypted storage using AES-256-GCM
+ */
+import { Passport, AuditEntry, VaultConfig, VaultData, VaultState } from './types.js';
+/**
+ * Scrypt parameters matching Python/Go SDKs for cross-SDK interoperability.
+ */
+export declare const SCRYPT_PARAMS: {
+    readonly N: 16384;
+    readonly r: 8;
+    readonly p: 1;
+    readonly keyLen: 32;
+};
+/**
+ * Storage backend interface
+ */
+export interface StorageBackend {
+    read(): Promise<VaultData | null>;
+    write(data: VaultData): Promise<void>;
+    exists(): Promise<boolean>;
+    delete(): Promise<void>;
+}
+/**
+ * In-memory storage backend (for testing)
+ */
+export declare class MemoryStorageBackend implements StorageBackend {
+    private data;
+    read(): Promise<VaultData | null>;
+    write(data: VaultData): Promise<void>;
+    exists(): Promise<boolean>;
+    delete(): Promise<void>;
+}
+/**
+ * File system storage backend
+ */
+export declare class FileSystemStorageBackend implements StorageBackend {
+    private path;
+    constructor(path: string);
+    read(): Promise<VaultData | null>;
+    write(data: VaultData): Promise<void>;
+    exists(): Promise<boolean>;
+    delete(): Promise<void>;
+}
+/**
+ * Encrypted vault for storing passports and audit logs
+ */
+export declare class Vault {
+    private key;
+    private salt;
+    private iv;
+    private passports;
+    private auditLog;
+    private config;
+    private storage;
+    private createdAt;
+    private lastAccessedAt;
+    constructor(config: VaultConfig, storage?: StorageBackend);
+    /**
+     * Check if the vault is unlocked
+     */
+    get isUnlocked(): boolean;
+    /**
+     * Get vault state information
+     */
+    getState(): VaultState;
+    /**
+     * Initialize a new vault
+     */
+    init(passphrase: string): Promise<void>;
+    /**
+     * Unlock an existing vault
+     */
+    unlock(passphrase: string): Promise<void>;
+    /**
+     * Lock the vault (clear keys from memory)
+     */
+    lock(): void;
+    /**
+     * Save the vault to storage
+     */
+    private save;
+    /**
+     * Ensure vault is unlocked before operations
+     */
+    private ensureUnlocked;
+    /**
+     * Store a passport in the vault
+     */
+    storePassport(passport: Passport): Promise<void>;
+    /**
+     * Retrieve a passport by ID
+     */
+    retrievePassport(id: string): Promise<Passport | null>;
+    /**
+     * Delete a passport by ID
+     */
+    deletePassport(id: string): Promise<boolean>;
+    /**
+     * Get all passports
+     */
+    getAllPassports(): Promise<Passport[]>;
+    /**
+     * Add an entry to the audit log
+     */
+    addAuditEntry(entry: AuditEntry): Promise<void>;
+    /**
+     * Get audit log entries
+     */
+    getAuditLog(passportId?: string): Promise<AuditEntry[]>;
+    /**
+     * Export vault data (with credentials masked)
+     */
+    exportVault(format: 'json' | 'csv'): Promise<string>;
+}
+/**
+ * Migrate a v1 (PBKDF2) vault to v2 (Scrypt).
+ *
+ * 1. Reads the vault file and checks its version.
+ * 2. Decrypts with the v1 KDF (PBKDF2).
+ * 3. Re-encrypts with the v2 KDF (Scrypt).
+ * 4. Writes the updated vault with version 2.
+ *
+ * The passphrase does not change — only the key derivation function is upgraded.
+ */
+export declare function migrateVault(passphrase: string, vaultPath?: string): Promise<{
+    migrated: boolean;
+    fromVersion: number;
+    toVersion: number;
+}>;
+/**
+ * Get the default vault path
+ */
+export declare function getDefaultVaultPath(): string;
+/**
+ * Initialize a new vault
+ */
+export declare function initVault(passphrase: string, storagePath?: string): Promise<Vault>;
+/**
+ * Unlock an existing vault
+ */
+export declare function unlockVault(passphrase: string, storagePath?: string): Promise<Vault>;
+/**
+ * Lock a vault
+ */
+export declare function lockVault(vault: Vault): void;
+/**
+ * Check if a vault exists
+ */
+export declare function vaultExists(storagePath?: string): Promise<boolean>;
+//# sourceMappingURL=vault.d.ts.map

package/dist/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,QAAQ,EACR,UAAU,EACV,WAAW,EACX,SAAS,EACT,UAAU,EAGX,MAAM,YAAY,CAAC;AAyCpB;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;CAKhB,CAAC;AAqFX;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3B,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,oBAAqB,YAAW,cAAc;IACzD,OAAO,CAAC,IAAI,CAA0B;IAEhC,IAAI,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAIjC,KAAK,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAI1B,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAG9B;AAED;;GAEG;AACH,qBAAa,wBAAyB,YAAW,cAAc;IACjD,OAAO,CAAC,IAAI;gBAAJ,IAAI,EAAE,MAAM;IAE1B,IAAI,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAajC,KAAK,CAAC,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAQrC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAU1B,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAU9B;AAMD;;GAEG;AACH,qBAAa,KAAK;IAChB,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,IAAI,CAA2B;IACvC,OAAO,CAAC,EAAE,CAA2B;IACrC,OAAO,CAAC,SAAS,CAAoC;IACrD,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,OAAO,CAAiB;IAChC,OAAO,CAAC,SAAS,CAAoC;IACrD,OAAO,CAAC,cAAc,CAAoC;gBAE9C,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,cAAc;IAWzD;;OAEG;IACH,IAAI,UAAU,IAAI,OAAO,CAExB;IAED;;OAEG;IACH,QAAQ,IAAI,UAAU;IAUtB;;OAEG;IACG,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmB7C;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0C/C;;OAEG;IACH,IAAI,IAAI,IAAI;IAMZ;;OAEG;YACW,IAAI;IAwBlB;;OAEG;IACH,OAAO,CAAC,cAAc;IAWtB;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAMtD;;OAEG;IACG,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAK5D;;OAEG;IACG,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASlD;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;IAS5C;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD;;OAEG;IACG,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAY7D;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;CAiD3D;AAMD;;;;;;;;;GASG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAiDxE;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAG5C;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,KAAK,CAAC,CAQhB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,KAAK,CAAC,CAQhB;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,IAAI,CAE5C;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAIxE"}

package/dist/vault.js

@@ -0,0 +1,499 @@
+/**
+ * ID Wispera Encrypted Vault
+ * Local-first encrypted storage using AES-256-GCM
+ */
+/// <reference lib="dom" />
+import { VaultError, VAULT_DATA_VERSION, } from './types.js';
+import { getRandomBytes, getCryptoSubtle, toBufferSource, maskValue } from './utils.js';
+// ============================================================================
+// Crypto Utilities
+// ============================================================================
+/**
+ * Convert bytes to hex string
+ */
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Convert hex string to bytes
+ */
+function hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+    }
+    return bytes;
+}
+/**
+ * Convert string to bytes
+ */
+function stringToBytes(str) {
+    return new TextEncoder().encode(str);
+}
+/**
+ * Convert bytes to string
+ */
+function bytesToString(bytes) {
+    return new TextDecoder().decode(bytes);
+}
+/**
+ * Scrypt parameters matching Python/Go SDKs for cross-SDK interoperability.
+ */
+export const SCRYPT_PARAMS = {
+    N: 16384, // 2^14 — CPU/memory cost
+    r: 8, // block size
+    p: 1, // parallelism
+    keyLen: 32, // 256-bit key
+};
+/**
+ * Derive encryption key from passphrase using the appropriate KDF for the vault version.
+ *   - Version 1 (legacy): PBKDF2-SHA256, 100 000 iterations
+ *   - Version 2 (current): Scrypt N=16384, r=8, p=1 — matches Python/Go SDKs
+ */
+async function deriveKey(passphrase, salt, version = 2, iterations = 100000) {
+    let rawKey;
+    if (version >= 2) {
+        // Scrypt via Node.js crypto (not available in Web Crypto API)
+        const nodeCrypto = await import('crypto');
+        rawKey = nodeCrypto.scryptSync(passphrase, salt, SCRYPT_PARAMS.keyLen, { N: SCRYPT_PARAMS.N, r: SCRYPT_PARAMS.r, p: SCRYPT_PARAMS.p });
+    }
+    else {
+        // Legacy PBKDF2 for v1 vaults (backward compatibility)
+        const subtle = await getCryptoSubtle();
+        const keyMaterial = await subtle.importKey('raw', toBufferSource(stringToBytes(passphrase)), 'PBKDF2', false, ['deriveBits', 'deriveKey']);
+        return subtle.deriveKey({
+            name: 'PBKDF2',
+            salt: toBufferSource(salt),
+            iterations,
+            hash: 'SHA-256',
+        }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+    }
+    // Import the raw Scrypt-derived bytes as a CryptoKey for AES-GCM
+    const subtle = await getCryptoSubtle();
+    return subtle.importKey('raw', toBufferSource(rawKey), { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
+}
+/**
+ * Encrypt data using AES-256-GCM
+ */
+async function encrypt(data, key, iv) {
+    const crypto = await getCryptoSubtle();
+    const encrypted = await crypto.encrypt({ name: 'AES-GCM', iv: toBufferSource(iv) }, key, toBufferSource(stringToBytes(data)));
+    return bytesToHex(new Uint8Array(encrypted));
+}
+/**
+ * Decrypt data using AES-256-GCM
+ */
+async function decrypt(encryptedHex, key, iv) {
+    const crypto = await getCryptoSubtle();
+    const decrypted = await crypto.decrypt({ name: 'AES-GCM', iv: toBufferSource(iv) }, key, toBufferSource(hexToBytes(encryptedHex)));
+    return bytesToString(new Uint8Array(decrypted));
+}
+/**
+ * In-memory storage backend (for testing)
+ */
+export class MemoryStorageBackend {
+    data = null;
+    async read() {
+        return this.data;
+    }
+    async write(data) {
+        this.data = data;
+    }
+    async exists() {
+        return this.data !== null;
+    }
+    async delete() {
+        this.data = null;
+    }
+}
+/**
+ * File system storage backend
+ */
+export class FileSystemStorageBackend {
+    path;
+    constructor(path) {
+        this.path = path;
+    }
+    async read() {
+        const fs = await import('fs/promises');
+        try {
+            const content = await fs.readFile(this.path, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (err) {
+            if (err.code === 'ENOENT') {
+                return null;
+            }
+            throw err;
+        }
+    }
+    async write(data) {
+        const fs = await import('fs/promises');
+        const path = await import('path');
+        const dir = path.dirname(this.path);
+        await fs.mkdir(dir, { recursive: true });
+        await fs.writeFile(this.path, JSON.stringify(data, null, 2), 'utf-8');
+    }
+    async exists() {
+        const fs = await import('fs/promises');
+        try {
+            await fs.access(this.path);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async delete() {
+        const fs = await import('fs/promises');
+        try {
+            await fs.unlink(this.path);
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT') {
+                throw err;
+            }
+        }
+    }
+}
+// ============================================================================
+// Vault Class
+// ============================================================================
+/**
+ * Encrypted vault for storing passports and audit logs
+ */
+export class Vault {
+    key = null;
+    salt = null;
+    iv = null;
+    passports = new Map();
+    auditLog = [];
+    config;
+    storage;
+    createdAt = new Date().toISOString();
+    lastAccessedAt = new Date().toISOString();
+    constructor(config, storage) {
+        this.config = config;
+        if (storage) {
+            this.storage = storage;
+        }
+        else if (config.storagePath) {
+            this.storage = new FileSystemStorageBackend(config.storagePath);
+        }
+        else {
+            this.storage = new MemoryStorageBackend();
+        }
+    }
+    /**
+     * Check if the vault is unlocked
+     */
+    get isUnlocked() {
+        return this.key !== null;
+    }
+    /**
+     * Get vault state information
+     */
+    getState() {
+        return {
+            isUnlocked: this.isUnlocked,
+            path: this.config.storagePath ?? ':memory:',
+            passportCount: this.passports.size,
+            createdAt: this.createdAt,
+            lastAccessedAt: this.lastAccessedAt,
+        };
+    }
+    /**
+     * Initialize a new vault
+     */
+    async init(passphrase) {
+        if (await this.storage.exists()) {
+            throw new VaultError('Vault already exists', 'VAULT_EXISTS');
+        }
+        this.salt = getRandomBytes(32);
+        this.iv = getRandomBytes(12);
+        this.key = await deriveKey(passphrase, this.salt, VAULT_DATA_VERSION, this.config.keyDerivationIterations);
+        this.createdAt = new Date().toISOString();
+        this.lastAccessedAt = new Date().toISOString();
+        await this.save();
+    }
+    /**
+     * Unlock an existing vault
+     */
+    async unlock(passphrase) {
+        const data = await this.storage.read();
+        if (!data) {
+            throw new VaultError('Vault does not exist', 'VAULT_NOT_FOUND');
+        }
+        if (data.version < 1 || data.version > VAULT_DATA_VERSION) {
+            throw new VaultError(`Unsupported vault version: ${data.version}`, 'UNSUPPORTED_VERSION', { version: data.version });
+        }
+        this.salt = hexToBytes(data.salt);
+        this.iv = hexToBytes(data.iv);
+        this.key = await deriveKey(passphrase, this.salt, data.version, this.config.keyDerivationIterations);
+        try {
+            // Try to decrypt passports to verify the key is correct
+            const passportsJson = await decrypt(data.encryptedPassports, this.key, this.iv);
+            const passports = JSON.parse(passportsJson);
+            this.passports = new Map(passports.map((p) => [p.id, p]));
+            const auditJson = await decrypt(data.encryptedAuditLog, this.key, this.iv);
+            this.auditLog = JSON.parse(auditJson);
+            this.createdAt = data.metadata.createdAt;
+            this.lastAccessedAt = new Date().toISOString();
+        }
+        catch {
+            this.key = null;
+            this.salt = null;
+            this.iv = null;
+            throw new VaultError('Invalid passphrase', 'INVALID_PASSPHRASE');
+        }
+    }
+    /**
+     * Lock the vault (clear keys from memory)
+     */
+    lock() {
+        this.key = null;
+        this.passports.clear();
+        this.auditLog = [];
+    }
+    /**
+     * Save the vault to storage
+     */
+    async save() {
+        if (!this.key || !this.salt || !this.iv) {
+            throw new VaultError('Vault is locked', 'VAULT_LOCKED');
+        }
+        const passportsJson = JSON.stringify(Array.from(this.passports.values()));
+        const auditJson = JSON.stringify(this.auditLog);
+        const data = {
+            version: VAULT_DATA_VERSION,
+            salt: bytesToHex(this.salt),
+            iv: bytesToHex(this.iv),
+            encryptedPassports: await encrypt(passportsJson, this.key, this.iv),
+            encryptedAuditLog: await encrypt(auditJson, this.key, this.iv),
+            metadata: {
+                createdAt: this.createdAt,
+                updatedAt: new Date().toISOString(),
+                passportCount: this.passports.size,
+            },
+        };
+        await this.storage.write(data);
+    }
+    /**
+     * Ensure vault is unlocked before operations
+     */
+    ensureUnlocked() {
+        if (!this.isUnlocked) {
+            throw new VaultError('Vault is locked', 'VAULT_LOCKED');
+        }
+        this.lastAccessedAt = new Date().toISOString();
+    }
+    // ============================================================================
+    // Passport Operations
+    // ============================================================================
+    /**
+     * Store a passport in the vault
+     */
+    async storePassport(passport) {
+        this.ensureUnlocked();
+        this.passports.set(passport.id, passport);
+        await this.save();
+    }
+    /**
+     * Retrieve a passport by ID
+     */
+    async retrievePassport(id) {
+        this.ensureUnlocked();
+        return this.passports.get(id) ?? null;
+    }
+    /**
+     * Delete a passport by ID
+     */
+    async deletePassport(id) {
+        this.ensureUnlocked();
+        const deleted = this.passports.delete(id);
+        if (deleted) {
+            await this.save();
+        }
+        return deleted;
+    }
+    /**
+     * Get all passports
+     */
+    async getAllPassports() {
+        this.ensureUnlocked();
+        return Array.from(this.passports.values());
+    }
+    // ============================================================================
+    // Audit Log Operations
+    // ============================================================================
+    /**
+     * Add an entry to the audit log
+     */
+    async addAuditEntry(entry) {
+        this.ensureUnlocked();
+        this.auditLog.push(entry);
+        await this.save();
+    }
+    /**
+     * Get audit log entries
+     */
+    async getAuditLog(passportId) {
+        this.ensureUnlocked();
+        if (passportId) {
+            return this.auditLog.filter((e) => e.passportId === passportId);
+        }
+        return [...this.auditLog];
+    }
+    // ============================================================================
+    // Export Operations
+    // ============================================================================
+    /**
+     * Export vault data (with credentials masked)
+     */
+    async exportVault(format) {
+        this.ensureUnlocked();
+        const maskedPassports = Array.from(this.passports.values()).map((p) => ({
+            ...p,
+            credentialValue: maskValue(p.credentialValue),
+        }));
+        if (format === 'json') {
+            return JSON.stringify({
+                passports: maskedPassports,
+                auditLog: this.auditLog,
+                exportedAt: new Date().toISOString(),
+            }, null, 2);
+        }
+        // CSV format
+        const headers = [
+            'id',
+            'name',
+            'credentialType',
+            'visaType',
+            'status',
+            'platforms',
+            'humanOwner',
+            'validFrom',
+            'validUntil',
+            'tags',
+        ];
+        const rows = maskedPassports.map((p) => [
+            p.id,
+            p.name,
+            p.credentialType,
+            p.visaType,
+            p.status,
+            p.platforms.join(';'),
+            p.humanOwner,
+            p.validFrom,
+            p.validUntil ?? '',
+            p.tags.join(';'),
+        ].join(','));
+        return [headers.join(','), ...rows].join('\n');
+    }
+}
+// ============================================================================
+// Vault Migration
+// ============================================================================
+/**
+ * Migrate a v1 (PBKDF2) vault to v2 (Scrypt).
+ *
+ * 1. Reads the vault file and checks its version.
+ * 2. Decrypts with the v1 KDF (PBKDF2).
+ * 3. Re-encrypts with the v2 KDF (Scrypt).
+ * 4. Writes the updated vault with version 2.
+ *
+ * The passphrase does not change — only the key derivation function is upgraded.
+ */
+export async function migrateVault(passphrase, vaultPath) {
+    const path = vaultPath ?? getDefaultVaultPath();
+    const storage = new FileSystemStorageBackend(path);
+    const data = await storage.read();
+    if (!data) {
+        throw new VaultError('Vault does not exist', 'VAULT_NOT_FOUND');
+    }
+    if (data.version >= VAULT_DATA_VERSION) {
+        return { migrated: false, fromVersion: data.version, toVersion: data.version };
+    }
+    const fromVersion = data.version;
+    // Decrypt with the old KDF
+    const salt = hexToBytes(data.salt);
+    const iv = hexToBytes(data.iv);
+    const oldKey = await deriveKey(passphrase, salt, fromVersion);
+    let passportsJson;
+    let auditJson;
+    try {
+        passportsJson = await decrypt(data.encryptedPassports, oldKey, iv);
+        auditJson = await decrypt(data.encryptedAuditLog, oldKey, iv);
+    }
+    catch {
+        throw new VaultError('Invalid passphrase', 'INVALID_PASSPHRASE');
+    }
+    // Re-encrypt with the new KDF (same salt, same IV — only the derived key changes)
+    const newSalt = getRandomBytes(32);
+    const newIv = getRandomBytes(12);
+    const newKey = await deriveKey(passphrase, newSalt, VAULT_DATA_VERSION);
+    const newData = {
+        version: VAULT_DATA_VERSION,
+        salt: bytesToHex(newSalt),
+        iv: bytesToHex(newIv),
+        encryptedPassports: await encrypt(passportsJson, newKey, newIv),
+        encryptedAuditLog: await encrypt(auditJson, newKey, newIv),
+        metadata: {
+            ...data.metadata,
+            updatedAt: new Date().toISOString(),
+        },
+    };
+    await storage.write(newData);
+    return { migrated: true, fromVersion, toVersion: VAULT_DATA_VERSION };
+}
+// ============================================================================
+// Factory Functions
+// ============================================================================
+/**
+ * Get the default vault path
+ */
+export function getDefaultVaultPath() {
+    const home = process.env.HOME ?? process.env.USERPROFILE ?? '.';
+    return `${home}/.id-wispera/vault.json`;
+}
+/**
+ * Initialize a new vault
+ */
+export async function initVault(passphrase, storagePath) {
+    const path = storagePath ?? getDefaultVaultPath();
+    const vault = new Vault({
+        storagePath: path,
+        storageType: 'filesystem',
+    });
+    await vault.init(passphrase);
+    return vault;
+}
+/**
+ * Unlock an existing vault
+ */
+export async function unlockVault(passphrase, storagePath) {
+    const path = storagePath ?? getDefaultVaultPath();
+    const vault = new Vault({
+        storagePath: path,
+        storageType: 'filesystem',
+    });
+    await vault.unlock(passphrase);
+    return vault;
+}
+/**
+ * Lock a vault
+ */
+export function lockVault(vault) {
+    vault.lock();
+}
+/**
+ * Check if a vault exists
+ */
+export async function vaultExists(storagePath) {
+    const path = storagePath ?? getDefaultVaultPath();
+    const storage = new FileSystemStorageBackend(path);
+    return storage.exists();
+}
+//# sourceMappingURL=vault.js.map

package/dist/vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,2BAA2B;AAE3B,OAAO,EAML,UAAU,EACV,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAExF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,UAAU,CAAC,KAAiB;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,KAAiB;IACtC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,CAAC,EAAE,KAAK,EAAG,yBAAyB;IACpC,CAAC,EAAE,CAAC,EAAO,aAAa;IACxB,CAAC,EAAE,CAAC,EAAO,cAAc;IACzB,MAAM,EAAE,EAAE,EAAE,cAAc;CAClB,CAAC;AAEX;;;;GAIG;AACH,KAAK,UAAU,SAAS,CACtB,UAAkB,EAClB,IAAgB,EAChB,UAAkB,CAAC,EACnB,aAAqB,MAAM;IAE3B,IAAI,MAAkB,CAAC;IAEvB,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,8DAA8D;QAC9D,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,GAAG,UAAU,CAAC,UAAU,CAC5B,UAAU,EACV,IAAI,EACJ,aAAa,CAAC,MAAM,EACpB,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,uDAAuD;QACvD,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,SAAS,CACxC,KAAK,EACL,cAAc,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,EACzC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,EAAE,WAAW,CAAC,CAC5B,CAAC;QACF,OAAO,MAAM,CAAC,SAAS,CACrB;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC;YAC1B,UAAU;YACV,IAAI,EAAE,SAAS;SAChB,EACD,WAAW,EACX,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,OAAO,MAAM,CAAC,SAAS,CACrB,KAAK,EACL,cAAc,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,EAChC,KAAK,EACL,CAAC,SAAS,EAAE,SAAS,CAAC,CACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,OAAO,CAAC,IAAY,EAAE,GAAc,EAAE,EAAc;IACjE,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IAEvC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAE9H,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,OAAO,CAAC,YAAoB,EAAE,GAAc,EAAE,EAAc;IACzE,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IAEvC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,cAAc,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAEnI,OAAO,aAAa,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;AAClD,CAAC;AAgBD;;GAEG;AACH,MAAM,OAAO,oBAAoB;IACvB,IAAI,GAAqB,IAAI,CAAC;IAEtC,KAAK,CAAC,IAAI;QACR,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,wBAAwB;IACf;IAApB,YAAoB,IAAY;QAAZ,SAAI,GAAJ,IAAI,CAAQ;IAAG,CAAC;IAEpC,KAAK,CAAC,IAAI;QACR,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;GAEG;AACH,MAAM,OAAO,KAAK;IACR,GAAG,GAAqB,IAAI,CAAC;IAC7B,IAAI,GAAsB,IAAI,CAAC;IAC/B,EAAE,GAAsB,IAAI,CAAC;IAC7B,SAAS,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC7C,QAAQ,GAAiB,EAAE,CAAC;IAC5B,MAAM,CAAc;IACpB,OAAO,CAAiB;IACxB,SAAS,GAAW,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,cAAc,GAAW,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE1D,YAAY,MAAmB,EAAE,OAAwB;QACvD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;aAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC9B,IAAI,CAAC,OAAO,GAAG,IAAI,wBAAwB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAClE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,UAAU;YAC3C,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;YAClC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,UAAkB;QAC3B,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,CAAC,EAAE,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;QAC7B,IAAI,CAAC,GAAG,GAAG,MAAM,SAAS,CACxB,UAAU,EACV,IAAI,CAAC,IAAI,EACT,kBAAkB,EAClB,IAAI,CAAC,MAAM,CAAC,uBAAuB,CACpC,CAAC;QACF,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE/C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE,iBAAiB,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,kBAAkB,EAAE,CAAC;YAC1D,MAAM,IAAI,UAAU,CAClB,8BAA8B,IAAI,CAAC,OAAO,EAAE,EAC5C,qBAAqB,EACrB,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAC1B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG,GAAG,MAAM,SAAS,CACxB,UAAU,EACV,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,CAAC,uBAAuB,CACpC,CAAC;QAEF,IAAI,CAAC;YACH,wDAAwD;YACxD,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAChF,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAe,CAAC;YAC1D,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAE1D,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAiB,CAAC;YAEtD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YACzC,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;YAChB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;YACjB,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;YACf,MAAM,IAAI,UAAU,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;QAChB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,IAAI;QAChB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEhD,MAAM,IAAI,GAAc;YACtB,OAAO,EAAE,kBAAkB;YAC3B,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3B,EAAE,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,kBAAkB,EAAE,MAAM,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;YACnE,iBAAiB,EAAE,MAAM,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;YAC9D,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;aACnC;SACF,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjD,CAAC;IAED,+EAA+E;IAC/E,sBAAsB;IACtB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAkB;QACpC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC1C,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,EAAU;QAC7B,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACpB,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,+EAA+E;IAC/E,uBAAuB;IACvB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,KAAiB;QACnC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,UAAmB;QACnC,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,+EAA+E;IAC/E,oBAAoB;IACpB,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,MAAsB;QACtC,IAAI,CAAC,cAAc,EAAE,CAAC;QAEtB,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACtE,GAAG,CAAC;YACJ,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC;SAC9C,CAAC,CAAC,CAAC;QAEJ,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,SAAS,CACnB;gBACE,SAAS,EAAE,eAAe;gBAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC,EACD,IAAI,EACJ,CAAC,CACF,CAAC;QACJ,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG;YACd,IAAI;YACJ,MAAM;YACN,gBAAgB;YAChB,UAAU;YACV,QAAQ;YACR,WAAW;YACX,YAAY;YACZ,WAAW;YACX,YAAY;YACZ,MAAM;SACP,CAAC;QACF,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACrC;YACE,CAAC,CAAC,EAAE;YACJ,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC;YACrB,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,UAAU,IAAI,EAAE;YAClB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;SACjB,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACF,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC;CACF;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,SAAkB;IAElB,MAAM,IAAI,GAAG,SAAS,IAAI,mBAAmB,EAAE,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;IAElC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,UAAU,CAAC,sBAAsB,EAAE,iBAAiB,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACvC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;IACjF,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;IAEjC,2BAA2B;IAC3B,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IAE9D,IAAI,aAAqB,CAAC;IAC1B,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QACnE,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,iBAAiB,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,CAAC;IACnE,CAAC;IAED,kFAAkF;IAClF,MAAM,OAAO,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;IAExE,MAAM,OAAO,GAAc;QACzB,OAAO,EAAE,kBAAkB;QAC3B,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC;QACzB,EAAE,EAAE,UAAU,CAAC,KAAK,CAAC;QACrB,kBAAkB,EAAE,MAAM,OAAO,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,CAAC;QAC/D,iBAAiB,EAAE,MAAM,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC;QAC1D,QAAQ,EAAE;YACR,GAAG,IAAI,CAAC,QAAQ;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC;KACF,CAAC;IAEF,MAAM,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,kBAAkB,EAAE,CAAC;AACxE,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC;IAChE,OAAO,GAAG,IAAI,yBAAyB,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAkB,EAClB,WAAoB;IAEpB,MAAM,IAAI,GAAG,WAAW,IAAI,mBAAmB,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,YAAY;KAC1B,CAAC,CAAC;IACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,WAAoB;IAEpB,MAAM,IAAI,GAAG,WAAW,IAAI,mBAAmB,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;QACtB,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,YAAY;KAC1B,CAAC,CAAC;IACH,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC/B,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAY;IACpC,KAAK,CAAC,IAAI,EAAE,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,WAAoB;IACpD,MAAM,IAAI,GAAG,WAAW,IAAI,mBAAmB,EAAE,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACnD,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC;AAC1B,CAAC"}