@inco/js 0.6.9 → 0.7.0

package/dist/cjs/kms/quorumClient.js

@@ -0,0 +1,378 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KmsQuorumClient = void 0;
+const binary_js_1 = require("../binary.js");
+const encryption_js_1 = require("../encryption/encryption.js");
+const handle_js_1 = require("../handle.js");
+const retry_js_1 = require("../retry.js");
+const client_js_1 = require("./client.js");
+const thresholdPromises_js_1 = require("./thresholdPromises.js");
+class KmsQuorumClient {
+    kmss;
+    threshold;
+    // Implementation
+    constructor(attestersOrClients, threshold) {
+        if (attestersOrClients.length === 0) {
+            throw new Error('At least one attester or KMS client is required');
+        }
+        if (threshold < 1 || threshold > attestersOrClients.length) {
+            throw new Error(`Threshold must be between 1 and ${attestersOrClients.length}`);
+        }
+        // Check if first element is a KmsClient (has attestedDecrypt method) or an attester object
+        if (attestersOrClients.length > 0 &&
+            'attestedDecrypt' in attestersOrClients[0]) {
+            // Handle KmsClient[] case
+            const kmsClients = attestersOrClients;
+            this.kmss = kmsClients.map((client) => ({
+                client,
+                signer: client.signerAddress,
+            }));
+        }
+        else {
+            // Handle { url: string; signer: Address }[] case
+            const attesters = attestersOrClients;
+            this.kmss = attesters.map((attester) => {
+                return {
+                    client: (0, client_js_1.getKmsClient)(attester.url, attester.signer),
+                    signer: attester.signer,
+                };
+            });
+        }
+        this.threshold = threshold;
+    }
+    /**
+     * Creates a KmsQuorumClient from an array of URLs.
+     * Requires signer addresses and threshold to be explicitly provided.
+     *
+     * @param urls - Array of KMS endpoint URLs
+     * @param signers - Array of signer addresses, must match the length of URLs
+     * @param threshold - Number of successful responses required (must be between 1 and urls.length)
+     * @throws {Error} If URLs array is empty, signers length doesn't match URLs length, or threshold is invalid
+     */
+    static fromUrls(urls, signers, threshold) {
+        if (urls.length === 0) {
+            throw new Error('At least one URL is required');
+        }
+        if (signers.length !== urls.length) {
+            throw new Error(`Signers array length (${signers.length}) must match URLs array length (${urls.length})`);
+        }
+        if (threshold < 1 || threshold > urls.length) {
+            throw new Error(`Threshold must be between 1 and ${urls.length} (number of URLs)`);
+        }
+        const attesters = urls.map((url, index) => {
+            return { url, signer: signers[index] };
+        });
+        return new KmsQuorumClient(attesters, threshold);
+    }
+    /**
+     * Creates a KmsQuorumClient from an array of KmsClient instances.
+     * Each KmsClient must have a signerAddress property.
+     *
+     * @param kmsClients - Array of KMS client instances
+     * @param threshold - Number of successful responses required (must be between 1 and kmsClients.length)
+     * @throws {Error} If KMS clients array is empty or threshold is invalid
+     */
+    static fromKmsClients(kmsClients, threshold) {
+        if (kmsClients.length === 0) {
+            throw new Error('At least one KMS client is required');
+        }
+        if (threshold < 1 || threshold > kmsClients.length) {
+            throw new Error(`Threshold must be between 1 and ${kmsClients.length} (number of KMS clients)`);
+        }
+        return new KmsQuorumClient(kmsClients, threshold);
+    }
+    async attestedDecrypt(request, backoffConfig) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedDecrypt(request);
+        }, backoffConfig);
+        // Extract responses and signers
+        const thresholdResponses = thresholdResults.map((r) => r.response);
+        const signers = thresholdResults.map((r) => r.signer);
+        // Verify that responses are consistent across quorum (plaintext or ciphertext)
+        const reference = this.verifyResponseConsistency(thresholdResponses);
+        return this.buildAggregatedAttestations(reference, thresholdResponses, signers);
+    }
+    async attestedCompute(request, backoffConfig) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedCompute(request);
+        }, backoffConfig);
+        // Extract responses and signers
+        const thresholdResponses = thresholdResults.map((r) => r.response);
+        const signers = thresholdResults.map((r) => r.signer);
+        // Verify that responses are consistent across quorum
+        const reference = this.verifyComputeResponseConsistency(thresholdResponses);
+        return this.buildAggregatedComputeAttestation(reference, thresholdResponses, signers);
+    }
+    async attestedReveal(request, backoffConfig) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedReveal(request);
+        }, backoffConfig);
+        // Extract responses and signers
+        const thresholdResponses = thresholdResults.map((r) => r.response);
+        const signers = thresholdResults.map((r) => r.signer);
+        // Verify that responses are consistent across quorum (plaintext or ciphertext)
+        const reference = this.verifyResponseConsistency(thresholdResponses);
+        return this.buildAggregatedAttestations(reference, thresholdResponses, signers);
+    }
+    /**
+     * Generic method to execute a KMS operation across all clients with retry and threshold logic.
+     * Returns results with both the response and signer address.
+     */
+    async executeKmsOperationWithThreshold(operation, backoffConfig) {
+        // Create promises for all KMS clients, tracking signer addresses
+        // Each client call is wrapped with retry logic
+        const promises = this.kmss.map(async (kms, index) => {
+            try {
+                const response = await (0, retry_js_1.retryWithBackoff)(async () => {
+                    return await operation(kms);
+                }, backoffConfig);
+                return { response, signer: kms.signer };
+            }
+            catch (error) {
+                throw new Error(`KMS client ${index} failed: ${error}`);
+            }
+        });
+        return await (0, thresholdPromises_js_1.executeWithThreshold)(promises, this.threshold);
+    }
+    /**
+     * Collects signatures from responses and sorts them by signer address (ascending).
+     * This is required by SignatureVerifier.
+     */
+    collectAndSortSignatures(signatures, signers) {
+        const signaturesWithSigners = signatures.map((signature, idx) => ({
+            signature,
+            signer: signers[idx],
+        }));
+        // Sort by signer address in ascending order (as required by SignatureVerifier)
+        signaturesWithSigners.sort((a, b) => {
+            const aBigInt = BigInt(a.signer);
+            const bBigInt = BigInt(b.signer);
+            if (aBigInt < bBigInt)
+                return -1;
+            if (aBigInt > bBigInt)
+                return 1;
+            return 0;
+        });
+        // Extract sorted signatures
+        return signaturesWithSigners.map((item) => item.signature);
+    }
+    /**
+     * Builds a plaintext attestation from a DecryptionAttestation proto message.
+     */
+    buildPlaintextAttestation(decryptionAttestation, covalidatorSignatures) {
+        if (!decryptionAttestation.value ||
+            decryptionAttestation.value.case !== 'plaintext') {
+            throw new Error('Expected plaintext attestation');
+        }
+        const plaintextBytes = decryptionAttestation.value.value.value;
+        const handle = decryptionAttestation.handle;
+        const handleType = (0, handle_js_1.getHandleType)(handle);
+        const bigIntValue = (0, binary_js_1.bytesToBigInt)(plaintextBytes);
+        const plaintext = (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, handleType, bigIntValue);
+        return {
+            handle,
+            plaintext,
+            covalidatorSignatures,
+        };
+    }
+    buildAggregatedAttestations(reference, thresholdResponses, signers) {
+        const attestationCount = reference.decryptionAttestations.length;
+        return new Array(attestationCount).fill(undefined).map((_, i) => {
+            const refAtt = reference.decryptionAttestations[i];
+            if (!refAtt.value) {
+                throw new Error('No value in attestation');
+            }
+            // Collect signatures and sort by signer address
+            const signatures = thresholdResponses.map((resp) => resp.decryptionAttestations[i].signature);
+            const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
+            if (refAtt.value.case === 'plaintext') {
+                return this.buildPlaintextAttestation(refAtt, covalidatorSignatures);
+            }
+            else if (refAtt.value.case === 'reencryption') {
+                const reencryption = refAtt.value.value;
+                const ct = reencryption.userCiphertext;
+                const fheType = (0, handle_js_1.getHandleType)((0, binary_js_1.parseHex)(reencryption.handle));
+                return {
+                    handle: refAtt.handle,
+                    encryptedPlaintext: {
+                        ciphertext: {
+                            value: (0, binary_js_1.bytesToHex)(ct),
+                            scheme: 1, // EciesScheme
+                            type: fheType,
+                        },
+                    },
+                    covalidatorSignatures,
+                };
+            }
+            else {
+                throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext' or 'reencryption'`);
+            }
+        });
+    }
+    buildAggregatedComputeAttestation(reference, thresholdResponses, signers) {
+        const refAtt = reference.decryptionAttestation;
+        if (!refAtt) {
+            throw new Error('No decryption attestation in reference response');
+        }
+        if (!refAtt.value) {
+            throw new Error('No value in reference attestation');
+        }
+        if (refAtt.value.case !== 'plaintext') {
+            throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext'`);
+        }
+        // Collect signatures and sort by signer address
+        // We know all responses have decryption attestations from verifyComputeResponseConsistency
+        const signatures = [];
+        for (const resp of thresholdResponses) {
+            const att = resp.decryptionAttestation;
+            if (att) {
+                signatures.push(att.signature);
+            }
+        }
+        const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
+        return this.buildPlaintextAttestation(refAtt, covalidatorSignatures);
+    }
+    verifyResponseConsistency(thresholdResponses) {
+        if (thresholdResponses.length === 0) {
+            throw new Error('No responses collected to verify');
+        }
+        const reference = thresholdResponses[0];
+        for (let r = 1; r < thresholdResponses.length; r++) {
+            if (thresholdResponses[r].decryptionAttestations.length !==
+                reference.decryptionAttestations.length) {
+                throw new Error('Inconsistent number of decryption attestations across KMS responses');
+            }
+        }
+        for (let i = 0; i < reference.decryptionAttestations.length; i++) {
+            const refAtt = reference.decryptionAttestations[i];
+            if (!refAtt.value) {
+                throw new Error('No value in reference attestation');
+            }
+            const refCase = refAtt.value.case;
+            // Verify that all responses have the same case (plaintext or reencryption)
+            for (let r = 1; r < thresholdResponses.length; r++) {
+                const att = thresholdResponses[r].decryptionAttestations[i];
+                if (!att.value) {
+                    throw new Error('No value in attestation');
+                }
+                if (att.value.case !== refCase) {
+                    throw new Error(`Inconsistent attestation types: reference has '${refCase}' but response ${r} has '${att.value.case}'`);
+                }
+            }
+            // Verify consistency based on the case
+            if (refCase === 'plaintext') {
+                this.verifyPlaintextConsistency(i, reference, thresholdResponses);
+            }
+            else if (refCase === 'reencryption') {
+                this.verifyCiphertextConsistency(i, reference, thresholdResponses);
+            }
+            else {
+                throw new Error(`Unexpected attestation type: ${refCase}, expected 'plaintext' or 'reencryption'`);
+            }
+        }
+        return reference;
+    }
+    verifyComputeResponseConsistency(thresholdResponses) {
+        if (thresholdResponses.length === 0) {
+            throw new Error('No responses collected to verify');
+        }
+        const reference = thresholdResponses[0];
+        const refAtt = reference.decryptionAttestation;
+        if (!refAtt) {
+            throw new Error('No decryption attestation in reference response');
+        }
+        if (!refAtt.value) {
+            throw new Error('No value in reference attestation');
+        }
+        if (refAtt.value.case !== 'plaintext') {
+            throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext'`);
+        }
+        // Verify that all responses have a decryption attestation
+        for (let r = 1; r < thresholdResponses.length; r++) {
+            const att = thresholdResponses[r].decryptionAttestation;
+            if (!att) {
+                throw new Error('No decryption attestation in response');
+            }
+            if (!att.value) {
+                throw new Error('No value in attestation');
+            }
+            if (att.value.case !== 'plaintext') {
+                throw new Error('Expected plaintext attestation but received non-plaintext');
+            }
+            // Verify handles match
+            if (att.handle !== refAtt.handle) {
+                throw new Error('Handles differ across KMS responses');
+            }
+            // Verify plaintext values match
+            this.verifyPlaintextBytesConsistency(refAtt.value.value.value, att.value.value.value);
+        }
+        return reference;
+    }
+    /**
+     * Verifies that two plaintext byte arrays are identical.
+     */
+    verifyPlaintextBytesConsistency(refBytes, bytes) {
+        if (refBytes.length !== bytes.length) {
+            throw new Error('Plaintexts differ across KMS responses');
+        }
+        for (let b = 0; b < refBytes.length; b++) {
+            if (refBytes[b] !== bytes[b]) {
+                throw new Error('Plaintexts differ across KMS responses');
+            }
+        }
+    }
+    verifyPlaintextConsistency(index, reference, thresholdResponses) {
+        const refAtt = reference.decryptionAttestations[index];
+        if (refAtt.value?.case !== 'plaintext') {
+            throw new Error('Expected plaintext attestation');
+        }
+        const refBytes = refAtt.value.value.value;
+        for (let r = 1; r < thresholdResponses.length; r++) {
+            const att = thresholdResponses[r].decryptionAttestations[index];
+            if (att.value?.case !== 'plaintext') {
+                throw new Error('Expected plaintext attestation but received non-plaintext');
+            }
+            const bytes = att.value.value.value;
+            this.verifyPlaintextBytesConsistency(refBytes, bytes);
+        }
+    }
+    verifyCiphertextConsistency(index, reference, thresholdResponses) {
+        const refAtt = reference.decryptionAttestations[index];
+        if (refAtt.value?.case !== 'reencryption') {
+            throw new Error('Expected reencryption attestation');
+        }
+        const refReencryption = refAtt.value.value;
+        const refCt = refReencryption.userCiphertext;
+        if (!refCt) {
+            throw new Error('No ciphertext in reference reencryption');
+        }
+        const refFheType = (0, handle_js_1.getHandleType)((0, binary_js_1.parseHex)(refReencryption.handle));
+        for (let r = 1; r < thresholdResponses.length; r++) {
+            const att = thresholdResponses[r].decryptionAttestations[index];
+            if (att.value?.case !== 'reencryption') {
+                throw new Error('Expected reencryption attestation but received non-reencryption');
+            }
+            const reencryption = att.value.value;
+            const ct = reencryption.userCiphertext;
+            if (!ct) {
+                throw new Error('No ciphertext in reencryption');
+            }
+            const fheType = (0, handle_js_1.getHandleType)((0, binary_js_1.parseHex)(reencryption.handle));
+            // Verify FHE type matches
+            if (fheType !== refFheType) {
+                throw new Error('FHE types differ across KMS responses');
+            }
+            // Verify ciphertext bytes match
+            if (refCt.length !== ct.length) {
+                throw new Error('Ciphertexts differ across KMS responses');
+            }
+            for (let b = 0; b < refCt.length; b++) {
+                if (refCt[b] !== ct[b]) {
+                    throw new Error('Ciphertexts differ across KMS responses');
+                }
+            }
+        }
+    }
+}
+exports.KmsQuorumClient = KmsQuorumClient;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVvcnVtQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2ttcy9xdW9ydW1DbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBS0EsNENBS3NCO0FBTXRCLCtEQUdxQztBQVVyQyw0Q0FBNkM7QUFFN0MsMENBQStDO0FBQy9DLDJDQUEyRDtBQUMzRCxpRUFBOEQ7QUFPOUQsTUFBYSxlQUFlO0lBQ1QsSUFBSSxDQUFRO0lBQ1osU0FBUyxDQUFTO0lBUW5DLGlCQUFpQjtJQUNqQixZQUNFLGtCQUFvRSxFQUNwRSxTQUFpQjtRQUVqQixJQUFJLGtCQUFrQixDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLGlEQUFpRCxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQUksU0FBUyxHQUFHLENBQUMsSUFBSSxTQUFTLEdBQUcsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FDYixtQ0FBbUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQy9ELENBQUM7UUFDSixDQUFDO1FBRUQsMkZBQTJGO1FBQzNGLElBQ0Usa0JBQWtCLENBQUMsTUFBTSxHQUFHLENBQUM7WUFDN0IsaUJBQWlCLElBQUksa0JBQWtCLENBQUMsQ0FBQyxDQUFDLEVBQzFDLENBQUM7WUFDRCwwQkFBMEI7WUFDMUIsTUFBTSxVQUFVLEdBQUcsa0JBQWlDLENBQUM7WUFDckQsSUFBSSxDQUFDLElBQUksR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN0QyxNQUFNO2dCQUNOLE1BQU0sRUFBRSxNQUFNLENBQUMsYUFBYTthQUM3QixDQUFDLENBQUMsQ0FBQztRQUNOLENBQUM7YUFBTSxDQUFDO1lBQ04saURBQWlEO1lBQ2pELE1BQU0sU0FBUyxHQUFHLGtCQUdmLENBQUM7WUFDSixJQUFJLENBQUMsSUFBSSxHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRTtnQkFDckMsT0FBTztvQkFDTCxNQUFNLEVBQUUsSUFBQSx3QkFBWSxFQUFDLFFBQVEsQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFDbkQsTUFBTSxFQUFFLFFBQVEsQ0FBQyxNQUFNO2lCQUN4QixDQUFDO1lBQ0osQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBQ0QsSUFBSSxDQUFDLFNBQVMsR0FBRyxTQUFTLENBQUM7SUFDN0IsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsTUFBTSxDQUFDLFFBQVEsQ0FDYixJQUFjLEVBQ2QsT0FBa0IsRUFDbEIsU0FBaUI7UUFFakIsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3RCLE1BQU0sSUFBSSxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQztRQUNsRCxDQUFDO1FBQ0QsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNuQyxNQUFNLElBQUksS0FBSyxDQUNiLHlCQUF5QixPQUFPLENBQUMsTUFBTSxtQ0FBbUMsSUFBSSxDQUFDLE1BQU0sR0FBRyxDQUN6RixDQUFDO1FBQ0osQ0FBQztRQUVELElBQUksU0FBUyxHQUFHLENBQUMsSUFBSSxTQUFTLEdBQUcsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQ2IsbUNBQW1DLElBQUksQ0FBQyxNQUFNLG1CQUFtQixDQUNsRSxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUU7WUFDeEMsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDekMsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLElBQUksZUFBZSxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxjQUFjLENBQ25CLFVBQXVCLEVBQ3ZCLFNBQWlCO1FBRWpCLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUM1QixNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLENBQUM7UUFDekQsQ0FBQztRQUVELElBQUksU0FBUyxHQUFHLENBQUMsSUFBSSxTQUFTLEdBQUcsVUFBVSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ25ELE1BQU0sSUFBSSxLQUFLLENBQ2IsbUNBQW1DLFVBQVUsQ0FBQyxNQUFNLDBCQUEwQixDQUMvRSxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sSUFBSSxlQUFlLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUNuQixPQUErQixFQUMvQixhQUFzQztRQU90QyxNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGdDQUFnQyxDQUNsRSxLQUFLLEVBQUUsR0FBRyxFQUFFLEVBQUU7WUFDWixPQUFPLE1BQU0sR0FBRyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbkQsQ0FBQyxFQUNELGFBQWEsQ0FDZCxDQUFDO1FBRUYsZ0NBQWdDO1FBQ2hDLE1BQU0sa0JBQWtCLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUM3QyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQW1DLENBQzdDLENBQUM7UUFDRixNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV0RCwrRUFBK0U7UUFDL0UsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLHlCQUF5QixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFFckUsT0FBTyxJQUFJLENBQUMsMkJBQTJCLENBQ3JDLFNBQVMsRUFDVCxrQkFBa0IsRUFDbEIsT0FBTyxDQUNSLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLGVBQWUsQ0FDbkIsT0FBK0IsRUFDL0IsYUFBc0M7UUFFdEMsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELENBQUMsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLGdDQUFnQztRQUNoQyxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLEdBQUcsQ0FDN0MsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFtQyxDQUM3QyxDQUFDO1FBQ0YsTUFBTSxPQUFPLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEQscURBQXFEO1FBQ3JELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxnQ0FBZ0MsQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBRTVFLE9BQU8sSUFBSSxDQUFDLGlDQUFpQyxDQUMzQyxTQUFTLEVBQ1Qsa0JBQWtCLEVBQ2xCLE9BQU8sQ0FDUixDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQ2xCLE9BQThCLEVBQzlCLGFBQXNDO1FBT3RDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQ2xFLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtZQUNaLE9BQU8sTUFBTSxHQUFHLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNsRCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRixnQ0FBZ0M7UUFDaEMsTUFBTSxrQkFBa0IsR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQzdDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBa0MsQ0FDNUMsQ0FBQztRQUNGLE1BQU0sT0FBTyxHQUFHLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXRELCtFQUErRTtRQUMvRSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMseUJBQXlCLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUVyRSxPQUFPLElBQUksQ0FBQywyQkFBMkIsQ0FDckMsU0FBUyxFQUNULGtCQUFrQixFQUNsQixPQUFPLENBQ1IsQ0FBQztJQUNKLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsZ0NBQWdDLENBQzVDLFNBQTJDLEVBQzNDLGFBQXNDO1FBRXRDLGlFQUFpRTtRQUNqRSwrQ0FBK0M7UUFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRTtZQUNsRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFBLDJCQUFnQixFQUFDLEtBQUssSUFBSSxFQUFFO29CQUNqRCxPQUFPLE1BQU0sU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUM5QixDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUMxQyxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixNQUFNLElBQUksS0FBSyxDQUFDLGNBQWMsS0FBSyxZQUFZLEtBQUssRUFBRSxDQUFDLENBQUM7WUFDMUQsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLElBQUEsMkNBQW9CLEVBRzlCLFFBQVEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNLLHdCQUF3QixDQUM5QixVQUF3QixFQUN4QixPQUFrQjtRQUVsQixNQUFNLHFCQUFxQixHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLFNBQVM7WUFDVCxNQUFNLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQztTQUNyQixDQUFDLENBQUMsQ0FBQztRQUVKLCtFQUErRTtRQUMvRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLElBQUksT0FBTyxHQUFHLE9BQU87Z0JBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNqQyxJQUFJLE9BQU8sR0FBRyxPQUFPO2dCQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hDLE9BQU8sQ0FBQyxDQUFDO1FBQ1gsQ0FBQyxDQUFDLENBQUM7UUFFSCw0QkFBNEI7UUFDNUIsT0FBTyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx5QkFBeUIsQ0FDL0IscUJBQWlELEVBQ2pELHFCQUFtQztRQUVuQyxJQUNFLENBQUMscUJBQXFCLENBQUMsS0FBSztZQUM1QixxQkFBcUIsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFDaEQsQ0FBQztZQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNwRCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcscUJBQXFCLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFDL0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsTUFBbUIsQ0FBQztRQUN6RCxNQUFNLFVBQVUsR0FBRyxJQUFBLHlCQUFhLEVBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxXQUFXLEdBQUcsSUFBQSx5QkFBYSxFQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sU0FBUyxHQUFHLElBQUEsaUNBQWlCLEVBQ2pDLGlDQUFpQixDQUFDLEtBQUssRUFDdkIsVUFBOEIsRUFDOUIsV0FBVyxDQUNaLENBQUM7UUFFRixPQUFPO1lBQ0wsTUFBTTtZQUNOLFNBQVM7WUFDVCxxQkFBcUI7U0FDa0MsQ0FBQztJQUM1RCxDQUFDO0lBRU8sMkJBQTJCLENBQ2pDLFNBQTJELEVBQzNELGtCQUF3RSxFQUN4RSxPQUFrQjtRQUtsQixNQUFNLGdCQUFnQixHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLENBQUM7UUFDakUsT0FBTyxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDOUQsTUFBTSxNQUFNLEdBQUcsU0FBUyxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ25ELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUM3QyxDQUFDO1lBRUQsZ0RBQWdEO1lBQ2hELE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FDdkMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQ25ELENBQUM7WUFDRixNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDekQsVUFBVSxFQUNWLE9BQU8sQ0FDUixDQUFDO1lBRUYsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDdEMsT0FBTyxJQUFJLENBQUMseUJBQXlCLENBQUMsTUFBTSxFQUFFLHFCQUFxQixDQUFDLENBQUM7WUFDdkUsQ0FBQztpQkFBTSxJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO2dCQUNoRCxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztnQkFDeEMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztnQkFDdkMsTUFBTSxPQUFPLEdBQUcsSUFBQSx5QkFBYSxFQUFDLElBQUEsb0JBQVEsRUFBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztnQkFDN0QsT0FBTztvQkFDTCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQW1CO29CQUNsQyxrQkFBa0IsRUFBRTt3QkFDbEIsVUFBVSxFQUFFOzRCQUNWLEtBQUssRUFBRSxJQUFBLHNCQUFVLEVBQUMsRUFBRSxDQUFDOzRCQUNyQixNQUFNLEVBQUUsQ0FBQyxFQUFFLGNBQWM7NEJBQ3pCLElBQUksRUFBRSxPQUFPO3lCQUNkO3FCQUNnRDtvQkFDbkQscUJBQXFCO2lCQUMyQyxDQUFDO1lBQ3JFLENBQUM7aUJBQU0sQ0FBQztnQkFDTixNQUFNLElBQUksS0FBSyxDQUNiLGdDQUFnQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksMENBQTBDLENBQzVGLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU8saUNBQWlDLENBQ3ZDLFNBQWtDLEVBQ2xDLGtCQUE2QyxFQUM3QyxPQUFrQjtRQUVsQixNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMscUJBQXFCLENBQUM7UUFDL0MsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ1osTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUNiLGdDQUFnQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksd0JBQXdCLENBQzFFLENBQUM7UUFDSixDQUFDO1FBRUQsZ0RBQWdEO1FBQ2hELDJGQUEyRjtRQUMzRixNQUFNLFVBQVUsR0FBaUIsRUFBRSxDQUFDO1FBQ3BDLEtBQUssTUFBTSxJQUFJLElBQUksa0JBQWtCLEVBQUUsQ0FBQztZQUN0QyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMscUJBQXFCLENBQUM7WUFDdkMsSUFBSSxHQUFHLEVBQUUsQ0FBQztnQkFDUixVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUNqQyxDQUFDO1FBQ0gsQ0FBQztRQUNELE1BQU0scUJBQXFCLEdBQUcsSUFBSSxDQUFDLHdCQUF3QixDQUN6RCxVQUFVLEVBQ1YsT0FBTyxDQUNSLENBQUM7UUFFRixPQUFPLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxNQUFNLEVBQUUscUJBQXFCLENBQUMsQ0FBQztJQUN2RSxDQUFDO0lBRU8seUJBQXlCLENBQy9CLGtCQUF3RTtRQUV4RSxJQUFJLGtCQUFrQixDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDdEQsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRXhDLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNuRCxJQUNFLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLE1BQU07Z0JBQ25ELFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQ3ZDLENBQUM7Z0JBQ0QsTUFBTSxJQUFJLEtBQUssQ0FDYixxRUFBcUUsQ0FDdEUsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqRSxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFFbkQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO1lBQ3ZELENBQUM7WUFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztZQUVsQywyRUFBMkU7WUFDM0UsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUNuRCxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDNUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDZixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7Z0JBQzdDLENBQUM7Z0JBQ0QsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxPQUFPLEVBQUUsQ0FBQztvQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FDYixrREFBa0QsT0FBTyxrQkFBa0IsQ0FBQyxTQUFTLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxHQUFHLENBQ3ZHLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCx1Q0FBdUM7WUFDdkMsSUFBSSxPQUFPLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQzVCLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDcEUsQ0FBQztpQkFBTSxJQUFJLE9BQU8sS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxDQUFDLDJCQUEyQixDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsa0JBQWtCLENBQUMsQ0FBQztZQUNyRSxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxJQUFJLEtBQUssQ0FDYixnQ0FBZ0MsT0FBTywwQ0FBMEMsQ0FDbEYsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVPLGdDQUFnQyxDQUN0QyxrQkFBNkM7UUFFN0MsSUFBSSxrQkFBa0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO1FBQ3RELENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN4QyxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMscUJBQXFCLENBQUM7UUFFL0MsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ1osTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN0QyxNQUFNLElBQUksS0FBSyxDQUNiLGdDQUFnQyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksd0JBQXdCLENBQzFFLENBQUM7UUFDSixDQUFDO1FBRUQsMERBQTBEO1FBQzFELEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNuRCxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQztZQUN4RCxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFFRCxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUM3QyxDQUFDO1lBRUQsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDbkMsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQsQ0FDNUQsQ0FBQztZQUNKLENBQUM7WUFFRCx1QkFBdUI7WUFDdkIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1lBQ3pELENBQUM7WUFFRCxnQ0FBZ0M7WUFDaEMsSUFBSSxDQUFDLCtCQUErQixDQUNsQyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQ3hCLEdBQUcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FDdEIsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRUQ7O09BRUc7SUFDSywrQkFBK0IsQ0FDckMsUUFBb0IsRUFDcEIsS0FBaUI7UUFFakIsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDNUQsQ0FBQztRQUNELEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDekMsSUFBSSxRQUFRLENBQUMsQ0FBQyxDQUFDLEtBQUssS0FBSyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sSUFBSSxLQUFLLENBQUMsd0NBQXdDLENBQUMsQ0FBQztZQUM1RCxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTywwQkFBMEIsQ0FDaEMsS0FBYSxFQUNiLFNBQTJELEVBQzNELGtCQUF3RTtRQUV4RSxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDdkQsSUFBSSxNQUFNLENBQUMsS0FBSyxFQUFFLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7UUFDcEQsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztRQUUxQyxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDbkQsTUFBTSxHQUFHLEdBQUcsa0JBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDaEUsSUFBSSxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDcEMsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQsQ0FDNUQsQ0FBQztZQUNKLENBQUM7WUFFRCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDcEMsSUFBSSxDQUFDLCtCQUErQixDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN4RCxDQUFDO0lBQ0gsQ0FBQztJQUVPLDJCQUEyQixDQUNqQyxLQUFhLEVBQ2IsU0FBMkQsRUFDM0Qsa0JBQXdFO1FBRXhFLE1BQU0sTUFBTSxHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN2RCxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO1lBQzFDLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFDM0MsTUFBTSxLQUFLLEdBQUcsZUFBZSxDQUFDLGNBQWMsQ0FBQztRQUM3QyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksS0FBSyxDQUFDLHlDQUF5QyxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLElBQUEseUJBQWEsRUFBQyxJQUFBLG9CQUFRLEVBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFFbkUsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ25ELE1BQU0sR0FBRyxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ2hFLElBQUksR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ3ZDLE1BQU0sSUFBSSxLQUFLLENBQ2IsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBRUQsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDckMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztZQUN2QyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFDRCxNQUFNLE9BQU8sR0FBRyxJQUFBLHlCQUFhLEVBQUMsSUFBQSxvQkFBUSxFQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBRTdELDBCQUEwQjtZQUMxQixJQUFJLE9BQU8sS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFFRCxnQ0FBZ0M7WUFDaEMsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1lBQzdELENBQUM7WUFDRCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUN0QyxJQUFJLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztvQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO2dCQUM3RCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0NBQ0Y7QUFsa0JELDBDQWtrQkMifQ==

package/dist/cjs/kms/thresholdPromises.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Executes promises and returns results as soon as threshold is reached
+ * @param promises Array of promises to execute
+ * @param threshold Number of successful responses needed
+ * @returns Promise that resolves with threshold number of results
+ */
+export declare function executeWithThreshold<T>(promises: Promise<T>[], threshold: number): Promise<T[]>;

package/dist/cjs/kms/thresholdPromises.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeWithThreshold = executeWithThreshold;
+/**
+ * Executes promises and returns results as soon as threshold is reached
+ * @param promises Array of promises to execute
+ * @param threshold Number of successful responses needed
+ * @returns Promise that resolves with threshold number of results
+ */
+async function executeWithThreshold(promises, threshold) {
+    if (threshold < 0) {
+        throw new Error('Threshold cannot be negative');
+    }
+    // If threshold is 0, resolve immediately.
+    if (threshold === 0) {
+        return [];
+    }
+    if (promises.length === 0 && threshold > 0) {
+        throw new Error('Cannot reach positive threshold with no promises');
+    }
+    if (threshold > promises.length) {
+        throw new Error(`Threshold ${threshold} exceeds number of promises ${promises.length}`);
+    }
+    const results = [];
+    let failures = 0;
+    return new Promise((resolve, reject) => {
+        promises.forEach((promise) => {
+            promise
+                .then((response) => {
+                if (results.length < threshold) {
+                    results.push(response);
+                    if (results.length === threshold) {
+                        resolve(results);
+                    }
+                }
+            })
+                .catch((error) => {
+                console.error(`Error executing promise: ${error}`);
+                failures++;
+                // Check if we can still reach the threshold
+                // We need (threshold - results.length) more successes
+                // from (promises.length - results.length - failures) remaining promises
+                const remainingPromises = promises.length - results.length - failures;
+                const neededSuccesses = threshold - results.length;
+                if (remainingPromises < neededSuccesses) {
+                    reject(new Error(`Cannot reach threshold of ${threshold} responses. Failed clients exceed limit.`));
+                }
+            });
+        });
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGhyZXNob2xkUHJvbWlzZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMva21zL3RocmVzaG9sZFByb21pc2VzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBTUEsb0RBb0RDO0FBMUREOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLG9CQUFvQixDQUN4QyxRQUFzQixFQUN0QixTQUFpQjtJQUVqQixJQUFJLFNBQVMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUNELDBDQUEwQztJQUMxQyxJQUFJLFNBQVMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUNwQixPQUFPLEVBQUUsQ0FBQztJQUNaLENBQUM7SUFDRCxJQUFJLFFBQVEsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLFNBQVMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMzQyxNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUNELElBQUksU0FBUyxHQUFHLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksS0FBSyxDQUNiLGFBQWEsU0FBUywrQkFBK0IsUUFBUSxDQUFDLE1BQU0sRUFBRSxDQUN2RSxDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sT0FBTyxHQUFRLEVBQUUsQ0FBQztJQUN4QixJQUFJLFFBQVEsR0FBRyxDQUFDLENBQUM7SUFFakIsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtRQUNyQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUU7WUFDM0IsT0FBTztpQkFDSixJQUFJLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRTtnQkFDakIsSUFBSSxPQUFPLENBQUMsTUFBTSxHQUFHLFNBQVMsRUFBRSxDQUFDO29CQUMvQixPQUFPLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO29CQUN2QixJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssU0FBUyxFQUFFLENBQUM7d0JBQ2pDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztvQkFDbkIsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQyxDQUFDO2lCQUNELEtBQUssQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFO2dCQUNmLE9BQU8sQ0FBQyxLQUFLLENBQUMsNEJBQTRCLEtBQUssRUFBRSxDQUFDLENBQUM7Z0JBQ25ELFFBQVEsRUFBRSxDQUFDO2dCQUNYLDRDQUE0QztnQkFDNUMsc0RBQXNEO2dCQUN0RCx3RUFBd0U7Z0JBQ3hFLE1BQU0saUJBQWlCLEdBQUcsUUFBUSxDQUFDLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQztnQkFDdEUsTUFBTSxlQUFlLEdBQUcsU0FBUyxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7Z0JBQ25ELElBQUksaUJBQWlCLEdBQUcsZUFBZSxFQUFFLENBQUM7b0JBQ3hDLE1BQU0sQ0FDSixJQUFJLEtBQUssQ0FDUCw2QkFBNkIsU0FBUywwQ0FBMEMsQ0FDakYsQ0FDRixDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDLENBQUMsQ0FBQztRQUNQLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDIn0=

package/dist/cjs/lite/index.d.ts

@@ -7,4 +7,3 @@ export * from './deployments.js';
 export * from './ecies.js';
 export * from './hadu.js';
 export * from './lightning.js';
-export * from './reencrypt.js';

package/dist/cjs/lite/index.js

@@ -21,5 +21,4 @@ __exportStar(require("./deployments.js"), exports);
 __exportStar(require("./ecies.js"), exports);
 __exportStar(require("./hadu.js"), exports);
 __exportStar(require("./lightning.js"), exports);
-__exportStar(require("./reencrypt.js"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsaUVBQStDO0FBTy9DLHdEQUFzQztBQUN0Qyx3REFBc0M7QUFDdEMsbURBQWlDO0FBQ2pDLDZDQUEyQjtBQUMzQiw0Q0FBMEI7QUFDMUIsaURBQStCO0FBQy9CLGlEQUErQiJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsaUVBQStDO0FBTy9DLHdEQUFzQztBQUN0Qyx3REFBc0M7QUFDdEMsbURBQWlDO0FBQ2pDLDZDQUEyQjtBQUMzQiw0Q0FBMEI7QUFDMUIsaURBQStCIn0=