npm - @maatara/core-pqc - Versions diffs - 0.3.0 → 0.4.0 - Mend

@maatara/core-pqc 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/{index.js → index.cjs} +65 -1
package/dist/index.cjs.map +1 -0
package/dist/index.mjs +60 -1
package/dist/index.mjs.map +1 -1
package/dist/src/index.d.ts +95 -0
package/dist/src/index.d.ts.map +1 -1
package/package.json +8 -8
package/dist/index.js.map +0 -1

package/dist/{index.js → index.cjs} RENAMED Viewed

@@ -456,6 +456,65 @@ async function sha256B64u(data) {
     const hashBuffer = await crypto.subtle.digest('SHA-256', data);
     return b64uEncode(new Uint8Array(hashBuffer));
 }
+// ============================================================================
+// ALGORITHMIC OPTIMIZATIONS (arXiv:2501.02305, arXiv:2504.17033)
+// ============================================================================
+// High-performance data structures for verification operations
+// WASM bindings for algorithm functions
+const wasm_create_nonce_cache = wasmPkg__namespace.create_nonce_cache;
+const wasm_nonce_cache_info = wasmPkg__namespace.nonce_cache_info;
+const wasm_sssp_config = wasmPkg__namespace.sssp_config;
+const wasm_provenance_path_config = wasmPkg__namespace.provenance_path_config;
+const wasm_elastic_hash_config = wasmPkg__namespace.elastic_hash_config;
+/**
+ * Create a nonce cache configuration for replay attack prevention.
+ * Based on Elastic Hashing - O(1) amortized, O(log(1/δ)) worst-case.
+ *
+ * @param capacity - Maximum number of nonces to track
+ * @param ttlMs - Time-to-live in milliseconds before nonces expire
+ */
+async function createNonceCacheConfig(capacity, ttlMs) {
+    await initWasm();
+    return JSON.parse(wasm_create_nonce_cache(capacity, ttlMs));
+}
+/**
+ * Get information about the nonce cache algorithm.
+ */
+async function getNonceCacheInfo() {
+    await initWasm();
+    return JSON.parse(wasm_nonce_cache_info());
+}
+/**
+ * Get optimal SSSP configuration for graph verification.
+ * Uses Frontier-Reduced SSSP - O(m × log^(2/3)(n)) complexity.
+ *
+ * @param nodes - Expected number of nodes in the graph
+ */
+async function getSSSPConfig(nodes) {
+    await initWasm();
+    return JSON.parse(wasm_sssp_config(nodes));
+}
+/**
+ * Get optimized configuration for provenance chain verification.
+ *
+ * @param chainLength - Number of blocks in the provenance chain
+ * @param branches - Average number of branches per block
+ */
+async function getProvenancePathConfig(chainLength, branches) {
+    await initWasm();
+    return JSON.parse(wasm_provenance_path_config(chainLength, branches));
+}
+/**
+ * Get elastic hash table configuration for key caching.
+ * Optimal for PQC public key caching with O(1) amortized lookups.
+ *
+ * @param capacity - Maximum number of entries
+ * @param loadFactor - Target load factor (0.0 to 1.0, recommend 0.95)
+ */
+async function getElasticHashConfig(capacity, loadFactor = 0.95) {
+    await initWasm();
+    return JSON.parse(wasm_elastic_hash_config(capacity, loadFactor));
+}
 exports.aesGcmUnwrap = aesGcmUnwrap;
 exports.aesGcmWrap = aesGcmWrap;
@@ -468,10 +527,15 @@ exports.buildPolicyPreimage = buildPolicyPreimage;
 exports.buildTransferPreimage = buildTransferPreimage;
 exports.constantTimeEqual = constantTimeEqual;
 exports.createAttestation = createAttestation;
+exports.createNonceCacheConfig = createNonceCacheConfig;
 exports.createProvenanceCommitment = createProvenanceCommitment;
 exports.dilithiumKeygen = dilithiumKeygen;
 exports.dilithiumSign = dilithiumSign;
 exports.dilithiumVerify = dilithiumVerify;
+exports.getElasticHashConfig = getElasticHashConfig;
+exports.getNonceCacheInfo = getNonceCacheInfo;
+exports.getProvenancePathConfig = getProvenancePathConfig;
+exports.getSSSPConfig = getSSSPConfig;
 exports.hkdfSha256 = hkdfSha256;
 exports.initWasm = initWasm;
 exports.jcsCanonicalize = jcsCanonicalize;
@@ -484,4 +548,4 @@ exports.verifyAttestations = verifyAttestations;
 exports.verifyCommitmentReveal = verifyCommitmentReveal;
 exports.verifyProvenanceCommitment = verifyProvenanceCommitment;
 exports.verifyThreshold = verifyThreshold;
-//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.cjs","sources":["../../src/index.ts"],"sourcesContent":["// Ma'atara Core PQC Toolkit\n// Post-Quantum Cryptography for Browser and Node.js\n// \n// SECURITY NOTICE: This library implements FIPS 204 (ML-DSA) and FIPS 203 (ML-KEM)\n// post-quantum cryptographic algorithms. Key material should be:\n// 1. Stored securely (encrypted at rest)\n// 2. Transmitted only over secure channels\n// 3. Zeroized after use when possible\n// 4. Protected by hardware security modules for high-value operations\n//\n// See docs/WASM_SECURITY_MODEL.md for browser-specific security considerations.\n\n// ============================================================================\n// SECURITY CONSTANTS\n// ============================================================================\nconst MAX_MESSAGE_SIZE = 16 * 1024 * 1024; // 16MB - prevent memory exhaustion\nconst MAX_KEY_SIZE = 1024 * 1024; // 1MB - reasonable for PQC keys\nconst MAX_ATTESTATION_COUNT = 100; // Prevent DoS from large attestation arrays\n\nexport interface KyberKeypair {\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface KyberEncap {\n kem_ct_b64u: string;\n shared_b64u: string;\n}\n\nexport interface AesGcmWrap {\n iv_b64u: string;\n ct_b64u: string;\n}\n\nexport interface DilithiumKeypair {\n algorithm: string;\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface DilithiumSignResult {\n signature_b64u: string;\n algorithm: string;\n}\n\nexport interface DilithiumVerifyResult {\n is_valid: boolean;\n algorithm: string;\n}\n\nexport interface HkdfResult {\n key_b64u: string;\n}\n\nexport interface AesGcmUnwrapResult {\n dek_b64u: string;\n}\n\n// Import WASM functions (namespace import for better bundler compatibility)\nimport * as wasmPkg from '@maatara/core-pqc-wasm';\nconst wasm_kyber_keygen = (wasmPkg as any).kyber_keygen as () => string;\nconst wasm_kyber_encaps = (wasmPkg as any).kyber_encaps as (p: string) => string;\nconst wasm_kyber_decaps = (wasmPkg as any).kyber_decaps as (s: string, c: string) => string;\nconst wasm_hkdf_sha256 = (wasmPkg as any).hkdf_sha256 as (s: string, i: string, salt?: string, len?: number) => string;\nconst wasm_aes_gcm_wrap = (wasmPkg as any).aes_gcm_wrap as (k: string, d: string, a: string) => string;\nconst wasm_aes_gcm_unwrap = (wasmPkg as any).aes_gcm_unwrap as (k: string, iv: string, ct: string, a: string) => string;\nconst wasm_dilithium_keygen = (wasmPkg as any).dilithium_keygen as () => string;\nconst wasm_dilithium_sign = (wasmPkg as any).dilithium_sign as (m: string, s: string) => string;\nconst wasm_dilithium_verify = (wasmPkg as any).dilithium_verify as (m: string, sig: string, p: string) => string;\n\n// Deterministic/canonicalization and governance helpers\nexport interface CanonicalOut { canonical: string; msg_b64u?: string; msgB64u?: string }\n\n// Initialize WASM\nlet wasmReady = false;\n\n/**\n * Initialize the underlying WASM module.\n * - In browsers/bundlers where the glue knows how to fetch the .wasm, you can call without params.\n * - If your bundler provides a URL or Module for the .wasm, pass it as the first argument.\n */\nexport async function initWasm(wasmInput?: any): Promise<void> {\n if (wasmReady) return;\n const maybeInit = (wasmPkg as any).default;\n if (typeof maybeInit === 'function') {\n // Some environments require a URL/Module/bytes for initialization.\n // We forward the optional value if provided; otherwise let the glue resolve it.\n if (wasmInput !== undefined) {\n await maybeInit(wasmInput);\n } else {\n await maybeInit();\n }\n }\n wasmReady = true;\n}\n\n// Kyber functions\nexport async function kyberKeygen(): Promise<KyberKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberEncaps(publicB64u: string): Promise<KyberEncap> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_encaps(publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberDecaps(secretB64u: string, kemCtB64u: string): Promise<{ shared_b64u: string }> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_decaps(secretB64u, kemCtB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// HKDF functions\nexport async function hkdfSha256(\n secretB64u: string,\n infoB64u: string,\n saltB64u?: string,\n len: number = 32\n): Promise<HkdfResult> {\n await initWasm();\n const result = JSON.parse(wasm_hkdf_sha256(secretB64u, infoB64u, saltB64u, len));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// AES-GCM functions\nexport async function aesGcmWrap(\n keyB64u: string,\n dekB64u: string,\n aadB64u: string\n): Promise<AesGcmWrap> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_wrap(keyB64u, dekB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function aesGcmUnwrap(\n keyB64u: string,\n ivB64u: string,\n ctB64u: string,\n aadB64u: string\n): Promise<AesGcmUnwrapResult> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_unwrap(keyB64u, ivB64u, ctB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// Dilithium functions\n\n/**\n * Generate a new ML-DSA-65 (Dilithium) keypair.\n * SECURITY: Keys should be stored encrypted at rest.\n * For high-value operations, consider hardware security modules.\n */\nexport async function dilithiumKeygen(): Promise<DilithiumKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_dilithium_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/**\n * Sign a message using ML-DSA-65 (Dilithium).\n * @param messageB64u - Base64url-encoded message to sign\n * @param secretB64u - Base64url-encoded secret key\n * SECURITY: Secret key should be zeroized after use if possible.\n */\nexport async function dilithiumSign(\n messageB64u: string,\n secretB64u: string\n): Promise<DilithiumSignResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (secretB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Secret key exceeds maximum size of ${MAX_KEY_SIZE} bytes`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_sign(messageB64u, secretB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/**\n * Verify a ML-DSA-65 (Dilithium) signature.\n * @param messageB64u - Base64url-encoded message\n * @param signatureB64u - Base64url-encoded signature\n * @param publicB64u - Base64url-encoded public key\n */\nexport async function dilithiumVerify(\n messageB64u: string,\n signatureB64u: string,\n publicB64u: string\n): Promise<DilithiumVerifyResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (signatureB64u.length > MAX_KEY_SIZE || publicB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Signature or public key exceeds maximum size`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_verify(messageB64u, signatureB64u, publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// ---- Deterministic helpers (multisig/art token) ----\nexport async function jcsCanonicalize(json: unknown): Promise<string> {\n await initWasm();\n const raw = (wasmPkg as any).jcs_canonicalize(JSON.stringify(json));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return out.canonical as string;\n}\n\nexport async function buildPolicyPreimage(policy: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_governance(JSON.stringify(policy));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildMintPreimage(header: unknown, asset: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_mint(JSON.stringify(header), JSON.stringify(asset));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildTransferPreimage(header: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_transfer(JSON.stringify(header));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildAnchorPreimage(userId: string, rootHex: string, epoch: string, chains: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_anchor(userId, rootHex, epoch, JSON.stringify(chains));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\n// ---- Veritas Block Preimage (NEW v2 JCS canonical form) ----\n// We migrate block signing to a canonical (JCS) JSON similar to other preimages.\n// Legacy (v1) blocks used a hand-crafted JSON.stringify of a plain object with fixed insertion order.\n// This helper produces a canonical JSON string and msg_b64u = b64url(UTF-8(canonical JSON)).\n// NOTE: We intentionally EXCLUDE signature, encryptionKeyHash, and any runtime-only fields.\n// Fields included (ordered via JCS lexical ordering):\n// contentType, dataHash, index, metadataHash, ownerPublicKey, previousHash, signatureAlg, timestamp, version\n// index & timestamp MUST be strings representing decimal integers (BigInt safe) – caller responsibility.\nexport interface BlockPreimageInput {\n index: string | number | bigint;\n timestamp: string | number | bigint;\n previousHash: string;\n dataHash: string;\n metadataHash: string;\n signatureAlg: string; // e.g. 'dilithium2'\n ownerPublicKey: string; // Dilithium public key (base64url)\n contentType?: string; // default 'application/json'\n version: number; // block format / protocol version\n}\n\nexport async function buildBlockPreimage(block: BlockPreimageInput): Promise<CanonicalOut> {\n await initWasm();\n // Normalize fields per spec\n const normalized = {\n contentType: block.contentType || 'application/json',\n dataHash: block.dataHash,\n index: block.index.toString(),\n metadataHash: block.metadataHash,\n ownerPublicKey: block.ownerPublicKey,\n previousHash: block.previousHash,\n signatureAlg: block.signatureAlg,\n timestamp: block.timestamp.toString(),\n version: block.version,\n };\n // Use JCS canonicalization via wasm jcs_canonicalize (already exposed through jcsCanonicalize helper)\n const canonical = await jcsCanonicalize(normalized);\n const msg_b64u = b64uEncode(new TextEncoder().encode(canonical));\n return { canonical, msg_b64u, msgB64u: msg_b64u };\n}\n\nexport async function validateRoyalty(receiver: string, bps: number): Promise<boolean> {\n await initWasm();\n const raw = (wasmPkg as any).validate_royalty(receiver, bps);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) return false;\n return !!out.ok;\n}\n\nexport async function verifyAttestations(msgB64u: string, attestations: Array<{ alg: string; publicKeyB64u: string; signatureB64u: string }>, allowedPublicKeys?: string[]): Promise<number> {\n await initWasm();\n const raw = (wasmPkg as any).verify_attestations(msgB64u, JSON.stringify(attestations), allowedPublicKeys ? JSON.stringify(allowedPublicKeys) : undefined);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return Number(out.valid_count || 0);\n}\n\n// Utility functions\n// Cross-env base64url helpers (browser + Node)\nfunction _fromByteArray(bytes: Uint8Array): string {\n if (typeof btoa === 'function') {\n // Browser\n let s = '';\n for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]);\n return btoa(s);\n }\n // Node\n return Buffer.from(bytes).toString('base64');\n}\n\nfunction _toByteArray(b64: string): Uint8Array {\n if (typeof atob === 'function') {\n const binary = atob(b64);\n const out = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);\n return out;\n }\n return new Uint8Array(Buffer.from(b64, 'base64'));\n}\n\nexport function b64uEncode(data: Uint8Array): string {\n return _fromByteArray(data)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+/g, '');\n}\n\nexport function b64uDecode(str: string): Uint8Array {\n const b64 = str.replace(/-/g, '+').replace(/_/g, '/').padEnd(Math.ceil(str.length / 4) * 4, '=');\n return _toByteArray(b64);\n}\n\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result |= a[i] ^ b[i];\n }\n return result === 0;\n}\n\n// ============================================================================\n// THRESHOLD SIGNATURES & GOVERNANCE\n// ============================================================================\n\nexport interface GovernancePolicy {\n policyId: string;\n version: number;\n chainId: string;\n threshold: number;\n signers: Array<{\n publicKeyB64u: string;\n keyId: string;\n weight: number;\n role: 'owner' | 'guardian' | 'delegate' | 'recovery';\n }>;\n operations: Array<{\n action: string;\n requiredThreshold?: number;\n requiredRoles?: string[];\n maxValue?: string;\n timelock?: number;\n }>;\n validFrom: number;\n validUntil: number;\n createdAt: number;\n createdBy: string;\n policySignature: string;\n}\n\nexport interface Attestation {\n signerKeyId: string;\n signerPublicKeyB64u: string;\n operationHash: string;\n operationType: string;\n attestedAt: number;\n expiresAt: number;\n signatureAlg: 'dilithium2';\n signatureB64u: string;\n}\n\nexport interface AggregatedSignature {\n policyId: string;\n policyVersion: number;\n operationHash: string;\n attestations: Attestation[];\n totalWeight: number;\n thresholdMet: boolean;\n verifiedAt: number;\n}\n\n/**\n * Create an attestation for a threshold signature operation.\n */\nexport async function createAttestation(\n operation: { type: string; payload: unknown },\n signerKeys: { keyId: string; publicKeyB64u: string; secretKeyB64u: string },\n expiresInSeconds: number = 3600\n): Promise<Attestation> {\n await initWasm();\n \n // Build deterministic preimage for the operation\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const operationHash = await sha256B64u(preimageBytes);\n const msgB64u = b64uEncode(preimageBytes);\n \n // Sign the preimage\n const sig = await dilithiumSign(msgB64u, signerKeys.secretKeyB64u);\n \n return {\n signerKeyId: signerKeys.keyId,\n signerPublicKeyB64u: signerKeys.publicKeyB64u,\n operationHash,\n operationType: operation.type,\n attestedAt: Date.now(),\n expiresAt: Date.now() + expiresInSeconds * 1000,\n signatureAlg: 'dilithium2',\n signatureB64u: sig.signature_b64u\n };\n}\n\n/**\n * Verify an attestation signature.\n */\nexport async function verifyAttestation(\n attestation: Attestation,\n operation: { type: string; payload: unknown }\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Rebuild expected operation hash\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const expectedHash = await sha256B64u(preimageBytes);\n \n if (attestation.operationHash !== expectedHash) {\n return { valid: false, error: 'Operation hash mismatch' };\n }\n \n // Check expiry\n if (attestation.expiresAt < Date.now()) {\n return { valid: false, error: 'Attestation expired' };\n }\n \n // Verify signature\n const msgB64u = b64uEncode(preimageBytes);\n const result = await dilithiumVerify(msgB64u, attestation.signatureB64u, attestation.signerPublicKeyB64u);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid signature' };\n }\n \n return { valid: true };\n}\n\n/**\n * Verify that an aggregated signature meets the threshold policy.\n */\nexport async function verifyThreshold(\n aggregated: AggregatedSignature,\n operation: { type: string; payload: unknown },\n policy: GovernancePolicy\n): Promise<{ valid: boolean; errors: string[] }> {\n const errors: string[] = [];\n \n // Check policy match\n if (aggregated.policyId !== policy.policyId) {\n errors.push('Policy ID mismatch');\n }\n \n // Verify each attestation and compute weight\n let validWeight = 0;\n for (const attestation of aggregated.attestations) {\n const signer = policy.signers.find(s => s.publicKeyB64u === attestation.signerPublicKeyB64u);\n if (!signer) {\n errors.push(`Signer ${attestation.signerKeyId} not in policy`);\n continue;\n }\n \n const result = await verifyAttestation(attestation, operation);\n if (!result.valid) {\n errors.push(`Attestation from ${attestation.signerKeyId}: ${result.error}`);\n continue;\n }\n \n validWeight += signer.weight;\n }\n \n // Check threshold\n if (validWeight < policy.threshold) {\n errors.push(`Threshold not met: weight ${validWeight} < required ${policy.threshold}`);\n }\n \n return { valid: errors.length === 0, errors };\n}\n\n// ============================================================================\n// PRE-REGISTRATION COMMITMENT SCHEME\n// ============================================================================\n\nexport interface ProvenanceCommitment {\n type: 'ProvenanceCommitment';\n version: 1;\n commitmentHash: string;\n creatorPublicKey: string;\n timestamp: number;\n signature: string;\n}\n\nexport interface CommitmentReveal {\n commitmentHash: string;\n salt: string;\n assetHash: string;\n}\n\n/**\n * Create a provenance commitment for an asset before public disclosure.\n * This establishes a timestamped claim without revealing the asset content.\n */\nexport async function createProvenanceCommitment(\n assetBytes: Uint8Array,\n keys: { publicKeyB64u: string; secretKeyB64u: string }\n): Promise<{ commitment: ProvenanceCommitment; reveal: CommitmentReveal }> {\n await initWasm();\n \n // Generate random salt\n const salt = crypto.getRandomValues(new Uint8Array(32));\n \n // Compute commitment hash = SHA256(asset || salt || publicKey)\n const publicKeyBytes = b64uDecode(keys.publicKeyB64u);\n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const commitmentHash = await sha256B64u(preimage);\n const assetHash = await sha256B64u(assetBytes);\n \n // Build commitment object (without signature)\n const commitmentData = {\n type: 'ProvenanceCommitment' as const,\n version: 1 as const,\n commitmentHash,\n creatorPublicKey: keys.publicKeyB64u,\n timestamp: Date.now()\n };\n \n // Sign the commitment\n const canonical = await jcsCanonicalize(commitmentData);\n const sig = await dilithiumSign(b64uEncode(new TextEncoder().encode(canonical)), keys.secretKeyB64u);\n \n const commitment: ProvenanceCommitment = {\n ...commitmentData,\n signature: sig.signature_b64u\n };\n \n const reveal: CommitmentReveal = {\n commitmentHash,\n salt: b64uEncode(salt),\n assetHash\n };\n \n return { commitment, reveal };\n}\n\n/**\n * Verify a provenance commitment signature.\n */\nexport async function verifyProvenanceCommitment(\n commitment: ProvenanceCommitment\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Reconstruct the signed data (without signature field)\n const commitmentData = {\n type: commitment.type,\n version: commitment.version,\n commitmentHash: commitment.commitmentHash,\n creatorPublicKey: commitment.creatorPublicKey,\n timestamp: commitment.timestamp\n };\n \n const canonical = await jcsCanonicalize(commitmentData);\n const msgB64u = b64uEncode(new TextEncoder().encode(canonical));\n \n const result = await dilithiumVerify(msgB64u, commitment.signature, commitment.creatorPublicKey);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid commitment signature' };\n }\n \n return { valid: true };\n}\n\n/**\n * Verify that a revealed asset matches a commitment.\n */\nexport async function verifyCommitmentReveal(\n commitment: ProvenanceCommitment,\n assetBytes: Uint8Array,\n reveal: CommitmentReveal\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // First verify the commitment signature\n const sigResult = await verifyProvenanceCommitment(commitment);\n if (!sigResult.valid) {\n return { valid: false, error: `Commitment signature invalid: ${sigResult.error}` };\n }\n \n // Verify asset hash matches\n const computedAssetHash = await sha256B64u(assetBytes);\n if (computedAssetHash !== reveal.assetHash) {\n return { valid: false, error: 'Asset hash does not match reveal' };\n }\n \n // Reconstruct commitment hash\n const salt = b64uDecode(reveal.salt);\n const publicKeyBytes = b64uDecode(commitment.creatorPublicKey);\n \n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const computedCommitmentHash = await sha256B64u(preimage);\n \n if (computedCommitmentHash !== commitment.commitmentHash) {\n return { valid: false, error: 'Commitment hash does not match reveal' };\n }\n \n return { valid: true };\n}\n\n// ============================================================================\n// HELPER: SHA-256 with base64url output\n// ============================================================================\n\nasync function sha256B64u(data: Uint8Array): Promise<string> {\n const hashBuffer = await crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n return b64uEncode(new Uint8Array(hashBuffer));\n}\n\n// ============================================================================\n// ALGORITHMIC OPTIMIZATIONS (arXiv:2501.02305, arXiv:2504.17033)\n// ============================================================================\n// High-performance data structures for verification operations\n\n// WASM bindings for algorithm functions\nconst wasm_create_nonce_cache = (wasmPkg as any).create_nonce_cache as (capacity: number, ttl_ms: number) => string;\nconst wasm_nonce_cache_info = (wasmPkg as any).nonce_cache_info as () => string;\nconst wasm_sssp_config = (wasmPkg as any).sssp_config as (nodes: number) => string;\nconst wasm_provenance_path_config = (wasmPkg as any).provenance_path_config as (chain_length: number, branches: number) => string;\nconst wasm_elastic_hash_config = (wasmPkg as any).elastic_hash_config as (capacity: number, load_factor: number) => string;\n\n/**\n * Nonce Cache Configuration\n * Uses Elastic Hashing (arXiv:2501.02305) for O(1) amortized lookup\n */\nexport interface NonceCacheConfig {\n type: string;\n capacity: number;\n ttl_ms: number;\n algorithm: string;\n complexity: string;\n}\n\n/**\n * Create a nonce cache configuration for replay attack prevention.\n * Based on Elastic Hashing - O(1) amortized, O(log(1/δ)) worst-case.\n * \n * @param capacity - Maximum number of nonces to track\n * @param ttlMs - Time-to-live in milliseconds before nonces expire\n */\nexport async function createNonceCacheConfig(capacity: number, ttlMs: number): Promise<NonceCacheConfig> {\n await initWasm();\n return JSON.parse(wasm_create_nonce_cache(capacity, ttlMs));\n}\n\n/**\n * Get information about the nonce cache algorithm.\n */\nexport async function getNonceCacheInfo(): Promise<{\n name: string;\n paper: string;\n probe_complexity: string;\n load_factor: number;\n features: string[];\n}> {\n await initWasm();\n return JSON.parse(wasm_nonce_cache_info());\n}\n\n/**\n * SSSP (Single-Source Shortest Path) Configuration\n * Uses Frontier-Reduced algorithm (arXiv:2504.17033)\n */\nexport interface SSSPConfig {\n name: string;\n paper: string;\n complexity: string;\n nodes: number;\n pivots_k: number;\n batch_t: number;\n use_cases: string[];\n}\n\n/**\n * Get optimal SSSP configuration for graph verification.\n * Uses Frontier-Reduced SSSP - O(m × log^(2/3)(n)) complexity.\n * \n * @param nodes - Expected number of nodes in the graph\n */\nexport async function getSSSPConfig(nodes: number): Promise<SSSPConfig> {\n await initWasm();\n return JSON.parse(wasm_sssp_config(nodes));\n}\n\n/**\n * Provenance Path Configuration\n * Optimized parameters for chain of custody verification\n */\nexport interface ProvenancePathConfig {\n algorithm: string;\n chain_length: number;\n branches: number;\n estimated_nodes: number;\n estimated_edges: number;\n pivots_k: number;\n batch_t: number;\n complexity: string;\n verification_mode: string;\n}\n\n/**\n * Get optimized configuration for provenance chain verification.\n * \n * @param chainLength - Number of blocks in the provenance chain\n * @param branches - Average number of branches per block\n */\nexport async function getProvenancePathConfig(chainLength: number, branches: number): Promise<ProvenancePathConfig> {\n await initWasm();\n return JSON.parse(wasm_provenance_path_config(chainLength, branches));\n}\n\n/**\n * Elastic Hash Configuration\n * High-performance hash table for key caching\n */\nexport interface ElasticHashConfig {\n algorithm: string;\n paper: string;\n capacity: number;\n load_factor: number;\n levels: number;\n probe_complexity: {\n amortized: string;\n worst_case: string;\n };\n use_cases: string[];\n}\n\n/**\n * Get elastic hash table configuration for key caching.\n * Optimal for PQC public key caching with O(1) amortized lookups.\n * \n * @param capacity - Maximum number of entries\n * @param loadFactor - Target load factor (0.0 to 1.0, recommend 0.95)\n */\nexport async function getElasticHashConfig(capacity: number, loadFactor: number = 0.95): Promise<ElasticHashConfig> {\n await initWasm();\n return JSON.parse(wasm_elastic_hash_config(capacity, loadFactor));\n}\n"],"names":["wasmPkg"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAC1C,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC;AA4CjC,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAA4B;AACvE,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAAqC;AAChF,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAAgD;AAC3F,MAAM,gBAAgB,GAAIA,kBAAe,CAAC,WAA4E;AACtH,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAA2D;AACtG,MAAM,mBAAmB,GAAIA,kBAAe,CAAC,cAA0E;AACvH,MAAM,qBAAqB,GAAIA,kBAAe,CAAC,gBAAgC;AAC/E,MAAM,mBAAmB,GAAIA,kBAAe,CAAC,cAAkD;AAC/F,MAAM,qBAAqB,GAAIA,kBAAe,CAAC,gBAAiE;AAKhH;AACA,IAAI,SAAS,GAAG,KAAK;AAErB;;;;AAIG;AACI,eAAe,QAAQ,CAAC,SAAe,EAAA;AAC5C,IAAA,IAAI,SAAS;QAAE;AACf,IAAA,MAAM,SAAS,GAAIA,kBAAe,CAAC,OAAO;AAC1C,IAAA,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE;;;AAGnC,QAAA,IAAI,SAAS,KAAK,SAAS,EAAE;AAC3B,YAAA,MAAM,SAAS,CAAC,SAAS,CAAC;QAC5B;aAAO;YACL,MAAM,SAAS,EAAE;QACnB;IACF;IACA,SAAS,GAAG,IAAI;AAClB;AAEA;AACO,eAAe,WAAW,GAAA;IAC/B,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;IAC9C,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,WAAW,CAAC,UAAkB,EAAA;IAClD,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAA;IACrE,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,UAAU,CAC9B,UAAkB,EAClB,QAAgB,EAChB,QAAiB,EACjB,GAAA,GAAc,EAAE,EAAA;IAEhB,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,UAAU,CAC9B,OAAe,EACf,OAAe,EACf,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,YAAY,CAChC,OAAe,EACf,MAAc,EACd,MAAc,EACd,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AAEA;;;;AAIG;AACI,eAAe,eAAe,GAAA;IACnC,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;;;;;AAKG;AACI,eAAe,aAAa,CACjC,WAAmB,EACnB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC;IAC9E;AACA,IAAA,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AACpC,QAAA,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,CAAA,MAAA,CAAQ,CAAC;IAC7E;IAEA,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACvE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;;;;;AAKG;AACI,eAAe,eAAe,CACnC,WAAmB,EACnB,aAAqB,EACrB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC;IAC9E;AACA,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,YAAY,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AAC3E,QAAA,MAAM,IAAI,KAAK,CAAC,CAAA,4CAAA,CAA8C,CAAC;IACjE;IAEA,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IACxF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,eAAe,CAAC,IAAa,EAAA;IACjD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AACnE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;IAC1C,OAAO,GAAG,CAAC,SAAmB;AAChC;AAEO,eAAe,mBAAmB,CAAC,MAAe,EAAA;IACvD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACxE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,iBAAiB,CAAC,MAAe,EAAE,KAAc,EAAA;IACrE,MAAM,QAAQ,EAAE;IAChB,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,qBAAqB,CAAC,MAAe,EAAA;IACzD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAC5E,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,mBAAmB,CAAC,MAAc,EAAE,OAAe,EAAE,KAAa,EAAE,MAAe,EAAA;IACvG,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAC5F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAsBO,eAAe,kBAAkB,CAAC,KAAyB,EAAA;IAChE,MAAM,QAAQ,EAAE;;AAEhB,IAAA,MAAM,UAAU,GAAG;AACjB,QAAA,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,kBAAkB;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ;AACxB,QAAA,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC7B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,YAAY,EAAE,KAAK,CAAC,YAAY;AAChC,QAAA,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB;;AAED,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC;AACnD,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;AACnD;AAEO,eAAe,eAAe,CAAC,QAAgB,EAAE,GAAW,EAAA;IACjE,MAAM,QAAQ,EAAE;IAChB,MAAM,GAAG,GAAIA,kBAAe,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC;AAC5D,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,OAAO,KAAK;AAC5B,IAAA,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE;AACjB;AAEO,eAAe,kBAAkB,CAAC,OAAe,EAAE,YAAkF,EAAE,iBAA4B,EAAA;IACxK,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;AAC1J,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;IAC1C,OAAO,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC;AACrC;AAEA;AACA;AACA,SAAS,cAAc,CAAC,KAAiB,EAAA;AACvC,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;;QAE9B,IAAI,CAAC,GAAG,EAAE;AACV,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzE,QAAA,OAAO,IAAI,CAAC,CAAC,CAAC;IAChB;;IAEA,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;AAC9C;AAEA,SAAS,YAAY,CAAC,GAAW,EAAA;AAC/B,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;AAC9B,QAAA,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;QACxB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC;AACzC,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;AACrE,QAAA,OAAO,GAAG;IACZ;AACA,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AACnD;AAEM,SAAU,UAAU,CAAC,IAAgB,EAAA;IACzC,OAAO,cAAc,CAAC,IAAI;AACvB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACvB;AAEM,SAAU,UAAU,CAAC,GAAW,EAAA;AACpC,IAAA,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;AAChG,IAAA,OAAO,YAAY,CAAC,GAAG,CAAC;AAC1B;AAEM,SAAU,iBAAiB,CAAC,CAAa,EAAE,CAAa,EAAA;AAC5D,IAAA,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;AAAE,QAAA,OAAO,KAAK;IACvC,IAAI,MAAM,GAAG,CAAC;AACd,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB;IACA,OAAO,MAAM,KAAK,CAAC;AACrB;AAoDA;;AAEG;AACI,eAAe,iBAAiB,CACrC,SAA6C,EAC7C,UAA2E,EAC3E,gBAAA,GAA2B,IAAI,EAAA;IAE/B,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;AACxD,IAAA,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC;AACrD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;;IAGzC,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,aAAa,CAAC;IAElE,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,KAAK;QAC7B,mBAAmB,EAAE,UAAU,CAAC,aAAa;QAC7C,aAAa;QACb,aAAa,EAAE,SAAS,CAAC,IAAI;AAC7B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI;AAC/C,QAAA,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,GAAG,CAAC;KACpB;AACH;AAEA;;AAEG;AACI,eAAe,iBAAiB,CACrC,WAAwB,EACxB,SAA6C,EAAA;IAE7C,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;AACxD,IAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC;AAEpD,IAAA,IAAI,WAAW,CAAC,aAAa,KAAK,YAAY,EAAE;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE;IAC3D;;IAGA,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACvD;;AAGA,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;AACzC,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,mBAAmB,CAAC;AAEzG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACrD;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;;AAEG;AACI,eAAe,eAAe,CACnC,UAA+B,EAC/B,SAA6C,EAC7C,MAAwB,EAAA;IAExB,MAAM,MAAM,GAAa,EAAE;;IAG3B,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE;AAC3C,QAAA,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC;IACnC;;IAGA,IAAI,WAAW,GAAG,CAAC;AACnB,IAAA,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,YAAY,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,KAAK,WAAW,CAAC,mBAAmB,CAAC;QAC5F,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,CAAA,OAAA,EAAU,WAAW,CAAC,WAAW,CAAA,cAAA,CAAgB,CAAC;YAC9D;QACF;QAEA,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC;AAC9D,QAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;AACjB,YAAA,MAAM,CAAC,IAAI,CAAC,CAAA,iBAAA,EAAoB,WAAW,CAAC,WAAW,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAA,CAAE,CAAC;YAC3E;QACF;AAEA,QAAA,WAAW,IAAI,MAAM,CAAC,MAAM;IAC9B;;AAGA,IAAA,IAAI,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE;QAClC,MAAM,CAAC,IAAI,CAAC,CAAA,0BAAA,EAA6B,WAAW,CAAA,YAAA,EAAe,MAAM,CAAC,SAAS,CAAA,CAAE,CAAC;IACxF;IAEA,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE;AAC/C;AAqBA;;;AAGG;AACI,eAAe,0BAA0B,CAC9C,UAAsB,EACtB,IAAsD,EAAA;IAEtD,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;;IAGvD,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC;AACrD,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;AACxF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC;AACrC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;AAE7D,IAAA,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC;AACjD,IAAA,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC;;AAG9C,IAAA,MAAM,cAAc,GAAG;AACrB,QAAA,IAAI,EAAE,sBAA+B;AACrC,QAAA,OAAO,EAAE,CAAU;QACnB,cAAc;QACd,gBAAgB,EAAE,IAAI,CAAC,aAAa;AACpC,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG;KACpB;;AAGD,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC;AAEpG,IAAA,MAAM,UAAU,GAAyB;AACvC,QAAA,GAAG,cAAc;QACjB,SAAS,EAAE,GAAG,CAAC;KAChB;AAED,IAAA,MAAM,MAAM,GAAqB;QAC/B,cAAc;AACd,QAAA,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;QACtB;KACD;AAED,IAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE;AAC/B;AAEA;;AAEG;AACI,eAAe,0BAA0B,CAC9C,UAAgC,EAAA;IAEhC,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,cAAc,GAAG;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;QAC7C,SAAS,EAAE,UAAU,CAAC;KACvB;AAED,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC;AACvD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAE/D,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,gBAAgB,CAAC;AAEhG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAChE;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;;AAEG;AACI,eAAe,sBAAsB,CAC1C,UAAgC,EAChC,UAAsB,EACtB,MAAwB,EAAA;IAExB,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC;AAC9D,IAAA,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE;AACpB,QAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA,8BAAA,EAAiC,SAAS,CAAC,KAAK,CAAA,CAAE,EAAE;IACpF;;AAGA,IAAA,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC;AACtD,IAAA,IAAI,iBAAiB,KAAK,MAAM,CAAC,SAAS,EAAE;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE;IACpE;;IAGA,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IACpC,MAAM,cAAc,GAAG,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;AAE9D,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;AACxF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC;AACrC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;AAE7D,IAAA,MAAM,sBAAsB,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC;AAEzD,IAAA,IAAI,sBAAsB,KAAK,UAAU,CAAC,cAAc,EAAE;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE;IACzE;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;AACA;AACA;AAEA,eAAe,UAAU,CAAC,IAAgB,EAAA;AACxC,IAAA,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAA+B,CAAC;IACzF,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;AAC/C;AAEA;AACA;AACA;AACA;AAEA;AACA,MAAM,uBAAuB,GAAIA,kBAAe,CAAC,kBAAkE;AACnH,MAAM,qBAAqB,GAAIA,kBAAe,CAAC,gBAAgC;AAC/E,MAAM,gBAAgB,GAAIA,kBAAe,CAAC,WAAwC;AAClF,MAAM,2BAA2B,GAAIA,kBAAe,CAAC,sBAA4E;AACjI,MAAM,wBAAwB,GAAIA,kBAAe,CAAC,mBAAwE;AAc1H;;;;;;AAMG;AACI,eAAe,sBAAsB,CAAC,QAAgB,EAAE,KAAa,EAAA;IAC1E,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC7D;AAEA;;AAEG;AACI,eAAe,iBAAiB,GAAA;IAOrC,MAAM,QAAQ,EAAE;AAChB,IAAA,OAAO,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;AAC5C;AAgBA;;;;;AAKG;AACI,eAAe,aAAa,CAAC,KAAa,EAAA;IAC/C,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAC5C;AAkBA;;;;;AAKG;AACI,eAAe,uBAAuB,CAAC,WAAmB,EAAE,QAAgB,EAAA;IACjF,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;AACvE;AAmBA;;;;;;AAMG;AACI,eAAe,oBAAoB,CAAC,QAAgB,EAAE,aAAqB,IAAI,EAAA;IACpF,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;AACnE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/index.mjs CHANGED Viewed

@@ -435,6 +435,65 @@ async function sha256B64u(data) {
     const hashBuffer = await crypto.subtle.digest('SHA-256', data);
     return b64uEncode(new Uint8Array(hashBuffer));
 }
+// ============================================================================
+// ALGORITHMIC OPTIMIZATIONS (arXiv:2501.02305, arXiv:2504.17033)
+// ============================================================================
+// High-performance data structures for verification operations
+// WASM bindings for algorithm functions
+const wasm_create_nonce_cache = wasmPkg.create_nonce_cache;
+const wasm_nonce_cache_info = wasmPkg.nonce_cache_info;
+const wasm_sssp_config = wasmPkg.sssp_config;
+const wasm_provenance_path_config = wasmPkg.provenance_path_config;
+const wasm_elastic_hash_config = wasmPkg.elastic_hash_config;
+/**
+ * Create a nonce cache configuration for replay attack prevention.
+ * Based on Elastic Hashing - O(1) amortized, O(log(1/δ)) worst-case.
+ *
+ * @param capacity - Maximum number of nonces to track
+ * @param ttlMs - Time-to-live in milliseconds before nonces expire
+ */
+async function createNonceCacheConfig(capacity, ttlMs) {
+    await initWasm();
+    return JSON.parse(wasm_create_nonce_cache(capacity, ttlMs));
+}
+/**
+ * Get information about the nonce cache algorithm.
+ */
+async function getNonceCacheInfo() {
+    await initWasm();
+    return JSON.parse(wasm_nonce_cache_info());
+}
+/**
+ * Get optimal SSSP configuration for graph verification.
+ * Uses Frontier-Reduced SSSP - O(m × log^(2/3)(n)) complexity.
+ *
+ * @param nodes - Expected number of nodes in the graph
+ */
+async function getSSSPConfig(nodes) {
+    await initWasm();
+    return JSON.parse(wasm_sssp_config(nodes));
+}
+/**
+ * Get optimized configuration for provenance chain verification.
+ *
+ * @param chainLength - Number of blocks in the provenance chain
+ * @param branches - Average number of branches per block
+ */
+async function getProvenancePathConfig(chainLength, branches) {
+    await initWasm();
+    return JSON.parse(wasm_provenance_path_config(chainLength, branches));
+}
+/**
+ * Get elastic hash table configuration for key caching.
+ * Optimal for PQC public key caching with O(1) amortized lookups.
+ *
+ * @param capacity - Maximum number of entries
+ * @param loadFactor - Target load factor (0.0 to 1.0, recommend 0.95)
+ */
+async function getElasticHashConfig(capacity, loadFactor = 0.95) {
+    await initWasm();
+    return JSON.parse(wasm_elastic_hash_config(capacity, loadFactor));
+}
-export { aesGcmUnwrap, aesGcmWrap, b64uDecode, b64uEncode, buildAnchorPreimage, buildBlockPreimage, buildMintPreimage, buildPolicyPreimage, buildTransferPreimage, constantTimeEqual, createAttestation, createProvenanceCommitment, dilithiumKeygen, dilithiumSign, dilithiumVerify, hkdfSha256, initWasm, jcsCanonicalize, kyberDecaps, kyberEncaps, kyberKeygen, validateRoyalty, verifyAttestation, verifyAttestations, verifyCommitmentReveal, verifyProvenanceCommitment, verifyThreshold };
+export { aesGcmUnwrap, aesGcmWrap, b64uDecode, b64uEncode, buildAnchorPreimage, buildBlockPreimage, buildMintPreimage, buildPolicyPreimage, buildTransferPreimage, constantTimeEqual, createAttestation, createNonceCacheConfig, createProvenanceCommitment, dilithiumKeygen, dilithiumSign, dilithiumVerify, getElasticHashConfig, getNonceCacheInfo, getProvenancePathConfig, getSSSPConfig, hkdfSha256, initWasm, jcsCanonicalize, kyberDecaps, kyberEncaps, kyberKeygen, validateRoyalty, verifyAttestation, verifyAttestations, verifyCommitmentReveal, verifyProvenanceCommitment, verifyThreshold };
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","sources":["../../src/index.ts"],"sourcesContent":["// Ma'atara Core PQC Toolkit\n// Post-Quantum Cryptography for Browser and Node.js\n// \n// SECURITY NOTICE: This library implements FIPS 204 (ML-DSA) and FIPS 203 (ML-KEM)\n// post-quantum cryptographic algorithms. Key material should be:\n// 1. Stored securely (encrypted at rest)\n// 2. Transmitted only over secure channels\n// 3. Zeroized after use when possible\n// 4. Protected by hardware security modules for high-value operations\n//\n// See docs/WASM_SECURITY_MODEL.md for browser-specific security considerations.\n\n// ============================================================================\n// SECURITY CONSTANTS\n// ============================================================================\nconst MAX_MESSAGE_SIZE = 16 * 1024 * 1024; // 16MB - prevent memory exhaustion\nconst MAX_KEY_SIZE = 1024 * 1024; // 1MB - reasonable for PQC keys\nconst MAX_ATTESTATION_COUNT = 100; // Prevent DoS from large attestation arrays\n\nexport interface KyberKeypair {\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface KyberEncap {\n kem_ct_b64u: string;\n shared_b64u: string;\n}\n\nexport interface AesGcmWrap {\n iv_b64u: string;\n ct_b64u: string;\n}\n\nexport interface DilithiumKeypair {\n algorithm: string;\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface DilithiumSignResult {\n signature_b64u: string;\n algorithm: string;\n}\n\nexport interface DilithiumVerifyResult {\n is_valid: boolean;\n algorithm: string;\n}\n\nexport interface HkdfResult {\n key_b64u: string;\n}\n\nexport interface AesGcmUnwrapResult {\n dek_b64u: string;\n}\n\n// Import WASM functions (namespace import for better bundler compatibility)\nimport * as wasmPkg from '@maatara/core-pqc-wasm';\nconst wasm_kyber_keygen = (wasmPkg as any).kyber_keygen as () => string;\nconst wasm_kyber_encaps = (wasmPkg as any).kyber_encaps as (p: string) => string;\nconst wasm_kyber_decaps = (wasmPkg as any).kyber_decaps as (s: string, c: string) => string;\nconst wasm_hkdf_sha256 = (wasmPkg as any).hkdf_sha256 as (s: string, i: string, salt?: string, len?: number) => string;\nconst wasm_aes_gcm_wrap = (wasmPkg as any).aes_gcm_wrap as (k: string, d: string, a: string) => string;\nconst wasm_aes_gcm_unwrap = (wasmPkg as any).aes_gcm_unwrap as (k: string, iv: string, ct: string, a: string) => string;\nconst wasm_dilithium_keygen = (wasmPkg as any).dilithium_keygen as () => string;\nconst wasm_dilithium_sign = (wasmPkg as any).dilithium_sign as (m: string, s: string) => string;\nconst wasm_dilithium_verify = (wasmPkg as any).dilithium_verify as (m: string, sig: string, p: string) => string;\n\n// Deterministic/canonicalization and governance helpers\nexport interface CanonicalOut { canonical: string; msg_b64u?: string; msgB64u?: string }\n\n// Initialize WASM\nlet wasmReady = false;\n\n/*\n Initialize the underlying WASM module.\n * - In browsers/bundlers where the glue knows how to fetch the .wasm, you can call without params.\n * - If your bundler provides a URL or Module for the .wasm, pass it as the first argument.\n /\nexport async function initWasm(wasmInput?: any): Promise<void> {\n if (wasmReady) return;\n const maybeInit = (wasmPkg as any).default;\n if (typeof maybeInit === 'function') {\n // Some environments require a URL/Module/bytes for initialization.\n // We forward the optional value if provided; otherwise let the glue resolve it.\n if (wasmInput !== undefined) {\n await maybeInit(wasmInput);\n } else {\n await maybeInit();\n }\n }\n wasmReady = true;\n}\n\n// Kyber functions\nexport async function kyberKeygen(): Promise<KyberKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberEncaps(publicB64u: string): Promise<KyberEncap> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_encaps(publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberDecaps(secretB64u: string, kemCtB64u: string): Promise<{ shared_b64u: string }> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_decaps(secretB64u, kemCtB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// HKDF functions\nexport async function hkdfSha256(\n secretB64u: string,\n infoB64u: string,\n saltB64u?: string,\n len: number = 32\n): Promise<HkdfResult> {\n await initWasm();\n const result = JSON.parse(wasm_hkdf_sha256(secretB64u, infoB64u, saltB64u, len));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// AES-GCM functions\nexport async function aesGcmWrap(\n keyB64u: string,\n dekB64u: string,\n aadB64u: string\n): Promise<AesGcmWrap> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_wrap(keyB64u, dekB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function aesGcmUnwrap(\n keyB64u: string,\n ivB64u: string,\n ctB64u: string,\n aadB64u: string\n): Promise<AesGcmUnwrapResult> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_unwrap(keyB64u, ivB64u, ctB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// Dilithium functions\n\n/\n Generate a new ML-DSA-65 (Dilithium) keypair.\n * SECURITY: Keys should be stored encrypted at rest.\n * For high-value operations, consider hardware security modules.\n /\nexport async function dilithiumKeygen(): Promise<DilithiumKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_dilithium_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/\n Sign a message using ML-DSA-65 (Dilithium).\n * @param messageB64u - Base64url-encoded message to sign\n * @param secretB64u - Base64url-encoded secret key\n * SECURITY: Secret key should be zeroized after use if possible.\n /\nexport async function dilithiumSign(\n messageB64u: string,\n secretB64u: string\n): Promise<DilithiumSignResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (secretB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Secret key exceeds maximum size of ${MAX_KEY_SIZE} bytes`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_sign(messageB64u, secretB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/\n Verify a ML-DSA-65 (Dilithium) signature.\n * @param messageB64u - Base64url-encoded message\n * @param signatureB64u - Base64url-encoded signature\n * @param publicB64u - Base64url-encoded public key\n /\nexport async function dilithiumVerify(\n messageB64u: string,\n signatureB64u: string,\n publicB64u: string\n): Promise<DilithiumVerifyResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (signatureB64u.length > MAX_KEY_SIZE \|\| publicB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Signature or public key exceeds maximum size`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_verify(messageB64u, signatureB64u, publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// ---- Deterministic helpers (multisig/art token) ----\nexport async function jcsCanonicalize(json: unknown): Promise<string> {\n await initWasm();\n const raw = (wasmPkg as any).jcs_canonicalize(JSON.stringify(json));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return out.canonical as string;\n}\n\nexport async function buildPolicyPreimage(policy: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_governance(JSON.stringify(policy));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildMintPreimage(header: unknown, asset: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_mint(JSON.stringify(header), JSON.stringify(asset));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildTransferPreimage(header: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_transfer(JSON.stringify(header));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildAnchorPreimage(userId: string, rootHex: string, epoch: string, chains: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_anchor(userId, rootHex, epoch, JSON.stringify(chains));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\n// ---- Veritas Block Preimage (NEW v2 JCS canonical form) ----\n// We migrate block signing to a canonical (JCS) JSON similar to other preimages.\n// Legacy (v1) blocks used a hand-crafted JSON.stringify of a plain object with fixed insertion order.\n// This helper produces a canonical JSON string and msg_b64u = b64url(UTF-8(canonical JSON)).\n// NOTE: We intentionally EXCLUDE signature, encryptionKeyHash, and any runtime-only fields.\n// Fields included (ordered via JCS lexical ordering):\n// contentType, dataHash, index, metadataHash, ownerPublicKey, previousHash, signatureAlg, timestamp, version\n// index & timestamp MUST be strings representing decimal integers (BigInt safe) – caller responsibility.\nexport interface BlockPreimageInput {\n index: string \| number \| bigint;\n timestamp: string \| number \| bigint;\n previousHash: string;\n dataHash: string;\n metadataHash: string;\n signatureAlg: string; // e.g. 'dilithium2'\n ownerPublicKey: string; // Dilithium public key (base64url)\n contentType?: string; // default 'application/json'\n version: number; // block format / protocol version\n}\n\nexport async function buildBlockPreimage(block: BlockPreimageInput): Promise<CanonicalOut> {\n await initWasm();\n // Normalize fields per spec\n const normalized = {\n contentType: block.contentType \|\| 'application/json',\n dataHash: block.dataHash,\n index: block.index.toString(),\n metadataHash: block.metadataHash,\n ownerPublicKey: block.ownerPublicKey,\n previousHash: block.previousHash,\n signatureAlg: block.signatureAlg,\n timestamp: block.timestamp.toString(),\n version: block.version,\n };\n // Use JCS canonicalization via wasm jcs_canonicalize (already exposed through jcsCanonicalize helper)\n const canonical = await jcsCanonicalize(normalized);\n const msg_b64u = b64uEncode(new TextEncoder().encode(canonical));\n return { canonical, msg_b64u, msgB64u: msg_b64u };\n}\n\nexport async function validateRoyalty(receiver: string, bps: number): Promise<boolean> {\n await initWasm();\n const raw = (wasmPkg as any).validate_royalty(receiver, bps);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) return false;\n return !!out.ok;\n}\n\nexport async function verifyAttestations(msgB64u: string, attestations: Array<{ alg: string; publicKeyB64u: string; signatureB64u: string }>, allowedPublicKeys?: string[]): Promise<number> {\n await initWasm();\n const raw = (wasmPkg as any).verify_attestations(msgB64u, JSON.stringify(attestations), allowedPublicKeys ? JSON.stringify(allowedPublicKeys) : undefined);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return Number(out.valid_count \|\| 0);\n}\n\n// Utility functions\n// Cross-env base64url helpers (browser + Node)\nfunction _fromByteArray(bytes: Uint8Array): string {\n if (typeof btoa === 'function') {\n // Browser\n let s = '';\n for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]);\n return btoa(s);\n }\n // Node\n return Buffer.from(bytes).toString('base64');\n}\n\nfunction _toByteArray(b64: string): Uint8Array {\n if (typeof atob === 'function') {\n const binary = atob(b64);\n const out = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);\n return out;\n }\n return new Uint8Array(Buffer.from(b64, 'base64'));\n}\n\nexport function b64uEncode(data: Uint8Array): string {\n return _fromByteArray(data)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+/g, '');\n}\n\nexport function b64uDecode(str: string): Uint8Array {\n const b64 = str.replace(/-/g, '+').replace(/_/g, '/').padEnd(Math.ceil(str.length / 4) 4, '=');\n return _toByteArray(b64);\n}\n\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result \|= a[i] ^ b[i];\n }\n return result === 0;\n}\n\n// ============================================================================\n// THRESHOLD SIGNATURES & GOVERNANCE\n// ============================================================================\n\nexport interface GovernancePolicy {\n policyId: string;\n version: number;\n chainId: string;\n threshold: number;\n signers: Array<{\n publicKeyB64u: string;\n keyId: string;\n weight: number;\n role: 'owner' \| 'guardian' \| 'delegate' \| 'recovery';\n }>;\n operations: Array<{\n action: string;\n requiredThreshold?: number;\n requiredRoles?: string[];\n maxValue?: string;\n timelock?: number;\n }>;\n validFrom: number;\n validUntil: number;\n createdAt: number;\n createdBy: string;\n policySignature: string;\n}\n\nexport interface Attestation {\n signerKeyId: string;\n signerPublicKeyB64u: string;\n operationHash: string;\n operationType: string;\n attestedAt: number;\n expiresAt: number;\n signatureAlg: 'dilithium2';\n signatureB64u: string;\n}\n\nexport interface AggregatedSignature {\n policyId: string;\n policyVersion: number;\n operationHash: string;\n attestations: Attestation[];\n totalWeight: number;\n thresholdMet: boolean;\n verifiedAt: number;\n}\n\n/*\n Create an attestation for a threshold signature operation.\n /\nexport async function createAttestation(\n operation: { type: string; payload: unknown },\n signerKeys: { keyId: string; publicKeyB64u: string; secretKeyB64u: string },\n expiresInSeconds: number = 3600\n): Promise<Attestation> {\n await initWasm();\n \n // Build deterministic preimage for the operation\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const operationHash = await sha256B64u(preimageBytes);\n const msgB64u = b64uEncode(preimageBytes);\n \n // Sign the preimage\n const sig = await dilithiumSign(msgB64u, signerKeys.secretKeyB64u);\n \n return {\n signerKeyId: signerKeys.keyId,\n signerPublicKeyB64u: signerKeys.publicKeyB64u,\n operationHash,\n operationType: operation.type,\n attestedAt: Date.now(),\n expiresAt: Date.now() + expiresInSeconds 1000,\n signatureAlg: 'dilithium2',\n signatureB64u: sig.signature_b64u\n };\n}\n\n/*\n Verify an attestation signature.\n /\nexport async function verifyAttestation(\n attestation: Attestation,\n operation: { type: string; payload: unknown }\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Rebuild expected operation hash\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const expectedHash = await sha256B64u(preimageBytes);\n \n if (attestation.operationHash !== expectedHash) {\n return { valid: false, error: 'Operation hash mismatch' };\n }\n \n // Check expiry\n if (attestation.expiresAt < Date.now()) {\n return { valid: false, error: 'Attestation expired' };\n }\n \n // Verify signature\n const msgB64u = b64uEncode(preimageBytes);\n const result = await dilithiumVerify(msgB64u, attestation.signatureB64u, attestation.signerPublicKeyB64u);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid signature' };\n }\n \n return { valid: true };\n}\n\n/\n Verify that an aggregated signature meets the threshold policy.\n /\nexport async function verifyThreshold(\n aggregated: AggregatedSignature,\n operation: { type: string; payload: unknown },\n policy: GovernancePolicy\n): Promise<{ valid: boolean; errors: string[] }> {\n const errors: string[] = [];\n \n // Check policy match\n if (aggregated.policyId !== policy.policyId) {\n errors.push('Policy ID mismatch');\n }\n \n // Verify each attestation and compute weight\n let validWeight = 0;\n for (const attestation of aggregated.attestations) {\n const signer = policy.signers.find(s => s.publicKeyB64u === attestation.signerPublicKeyB64u);\n if (!signer) {\n errors.push(`Signer ${attestation.signerKeyId} not in policy`);\n continue;\n }\n \n const result = await verifyAttestation(attestation, operation);\n if (!result.valid) {\n errors.push(`Attestation from ${attestation.signerKeyId}: ${result.error}`);\n continue;\n }\n \n validWeight += signer.weight;\n }\n \n // Check threshold\n if (validWeight < policy.threshold) {\n errors.push(`Threshold not met: weight ${validWeight} < required ${policy.threshold}`);\n }\n \n return { valid: errors.length === 0, errors };\n}\n\n// ============================================================================\n// PRE-REGISTRATION COMMITMENT SCHEME\n// ============================================================================\n\nexport interface ProvenanceCommitment {\n type: 'ProvenanceCommitment';\n version: 1;\n commitmentHash: string;\n creatorPublicKey: string;\n timestamp: number;\n signature: string;\n}\n\nexport interface CommitmentReveal {\n commitmentHash: string;\n salt: string;\n assetHash: string;\n}\n\n/\n Create a provenance commitment for an asset before public disclosure.\n * This establishes a timestamped claim without revealing the asset content.\n /\nexport async function createProvenanceCommitment(\n assetBytes: Uint8Array,\n keys: { publicKeyB64u: string; secretKeyB64u: string }\n): Promise<{ commitment: ProvenanceCommitment; reveal: CommitmentReveal }> {\n await initWasm();\n \n // Generate random salt\n const salt = crypto.getRandomValues(new Uint8Array(32));\n \n // Compute commitment hash = SHA256(asset \|\| salt \|\| publicKey)\n const publicKeyBytes = b64uDecode(keys.publicKeyB64u);\n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const commitmentHash = await sha256B64u(preimage);\n const assetHash = await sha256B64u(assetBytes);\n \n // Build commitment object (without signature)\n const commitmentData = {\n type: 'ProvenanceCommitment' as const,\n version: 1 as const,\n commitmentHash,\n creatorPublicKey: keys.publicKeyB64u,\n timestamp: Date.now()\n };\n \n // Sign the commitment\n const canonical = await jcsCanonicalize(commitmentData);\n const sig = await dilithiumSign(b64uEncode(new TextEncoder().encode(canonical)), keys.secretKeyB64u);\n \n const commitment: ProvenanceCommitment = {\n ...commitmentData,\n signature: sig.signature_b64u\n };\n \n const reveal: CommitmentReveal = {\n commitmentHash,\n salt: b64uEncode(salt),\n assetHash\n };\n \n return { commitment, reveal };\n}\n\n/\n Verify a provenance commitment signature.\n /\nexport async function verifyProvenanceCommitment(\n commitment: ProvenanceCommitment\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Reconstruct the signed data (without signature field)\n const commitmentData = {\n type: commitment.type,\n version: commitment.version,\n commitmentHash: commitment.commitmentHash,\n creatorPublicKey: commitment.creatorPublicKey,\n timestamp: commitment.timestamp\n };\n \n const canonical = await jcsCanonicalize(commitmentData);\n const msgB64u = b64uEncode(new TextEncoder().encode(canonical));\n \n const result = await dilithiumVerify(msgB64u, commitment.signature, commitment.creatorPublicKey);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid commitment signature' };\n }\n \n return { valid: true };\n}\n\n/\n Verify that a revealed asset matches a commitment.\n */\nexport async function verifyCommitmentReveal(\n commitment: ProvenanceCommitment,\n assetBytes: Uint8Array,\n reveal: CommitmentReveal\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // First verify the commitment signature\n const sigResult = await verifyProvenanceCommitment(commitment);\n if (!sigResult.valid) {\n return { valid: false, error: `Commitment signature invalid: ${sigResult.error}` };\n }\n \n // Verify asset hash matches\n const computedAssetHash = await sha256B64u(assetBytes);\n if (computedAssetHash !== reveal.assetHash) {\n return { valid: false, error: 'Asset hash does not match reveal' };\n }\n \n // Reconstruct commitment hash\n const salt = b64uDecode(reveal.salt);\n const publicKeyBytes = b64uDecode(commitment.creatorPublicKey);\n \n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const computedCommitmentHash = await sha256B64u(preimage);\n \n if (computedCommitmentHash !== commitment.commitmentHash) {\n return { valid: false, error: 'Commitment hash does not match reveal' };\n }\n \n return { valid: true };\n}\n\n// ============================================================================\n// HELPER: SHA-256 with base64url output\n// ============================================================================\n\nasync function sha256B64u(data: Uint8Array): Promise<string> {\n const hashBuffer = await crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n return b64uEncode(new Uint8Array(hashBuffer));\n}\n\n"],"names":[],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAC1C,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC;AA4CjC,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAA4B,CAAC;AACxE,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAAqC,CAAC;AACjF,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAAgD,CAAC;AAC5F,MAAM,gBAAgB,GAAI,OAAe,CAAC,WAA4E,CAAC;AACvH,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAA2D,CAAC;AACvG,MAAM,mBAAmB,GAAI,OAAe,CAAC,cAA0E,CAAC;AACxH,MAAM,qBAAqB,GAAI,OAAe,CAAC,gBAAgC,CAAC;AAChF,MAAM,mBAAmB,GAAI,OAAe,CAAC,cAAkD,CAAC;AAChG,MAAM,qBAAqB,GAAI,OAAe,CAAC,gBAAiE,CAAC;AAKjH;AACA,IAAI,SAAS,GAAG,KAAK,CAAC;AAEtB;;;;AAIG;AACI,eAAe,QAAQ,CAAC,SAAe,EAAA;AAC5C,IAAA,IAAI,SAAS;QAAE,OAAO;AACtB,IAAA,MAAM,SAAS,GAAI,OAAe,CAAC,OAAO,CAAC;AAC3C,IAAA,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE;;;AAGnC,QAAA,IAAI,SAAS,KAAK,SAAS,EAAE;AAC3B,YAAA,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;SAC5B;aAAM;YACL,MAAM,SAAS,EAAE,CAAC;SACnB;KACF;IACD,SAAS,GAAG,IAAI,CAAC;AACnB,CAAC;AAED;AACO,eAAe,WAAW,GAAA;IAC/B,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,WAAW,CAAC,UAAkB,EAAA;IAClD,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAA;IACrE,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACpE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,UAAU,CAC9B,UAAkB,EAClB,QAAgB,EAChB,QAAiB,EACjB,GAAA,GAAc,EAAE,EAAA;IAEhB,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;IACjF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,UAAU,CAC9B,OAAe,EACf,OAAe,EACf,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,YAAY,CAChC,OAAe,EACf,MAAc,EACd,MAAc,EACd,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACjF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AAEA;;;;AAIG;AACI,eAAe,eAAe,GAAA;IACnC,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;AAKG;AACI,eAAe,aAAa,CACjC,WAAmB,EACnB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC9E;AACD,IAAA,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AACpC,QAAA,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC7E;IAED,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;AAKG;AACI,eAAe,eAAe,CACnC,WAAmB,EACnB,aAAqB,EACrB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC9E;AACD,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,YAAY,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AAC3E,QAAA,MAAM,IAAI,KAAK,CAAC,CAAA,4CAAA,CAA8C,CAAC,CAAC;KACjE;IAED,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC;IACzF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,eAAe,CAAC,IAAa,EAAA;IACjD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACpE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,GAAG,CAAC,SAAmB,CAAC;AACjC,CAAC;AAEM,eAAe,mBAAmB,CAAC,MAAe,EAAA;IACvD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AACzE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,iBAAiB,CAAC,MAAe,EAAE,KAAc,EAAA;IACrE,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAChG,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,qBAAqB,CAAC,MAAe,EAAA;IACzD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7E,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,mBAAmB,CAAC,MAAc,EAAE,OAAe,EAAE,KAAa,EAAE,MAAe,EAAA;IACvG,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAsBM,eAAe,kBAAkB,CAAC,KAAyB,EAAA;IAChE,MAAM,QAAQ,EAAE,CAAC;;AAEjB,IAAA,MAAM,UAAU,GAAG;AACjB,QAAA,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,kBAAkB;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ;AACxB,QAAA,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC7B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,YAAY,EAAE,KAAK,CAAC,YAAY;AAChC,QAAA,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC;;AAEF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;AACpD,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AACpD,CAAC;AAEM,eAAe,eAAe,CAAC,QAAgB,EAAE,GAAW,EAAA;IACjE,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,GAAG,GAAI,OAAe,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AAC7D,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,OAAO,KAAK,CAAC;AAC7B,IAAA,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;AAClB,CAAC;AAEM,eAAe,kBAAkB,CAAC,OAAe,EAAE,YAAkF,EAAE,iBAA4B,EAAA;IACxK,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,CAAC;AAC3J,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;AACA;AACA,SAAS,cAAc,CAAC,KAAiB,EAAA;AACvC,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;;QAE9B,IAAI,CAAC,GAAG,EAAE,CAAC;AACX,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1E,QAAA,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;KAChB;;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAA;AAC/B,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;AAC9B,QAAA,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC1C,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,GAAG,CAAC;KACZ;AACD,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;AACpD,CAAC;AAEK,SAAU,UAAU,CAAC,IAAgB,EAAA;IACzC,OAAO,cAAc,CAAC,IAAI,CAAC;AACxB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEK,SAAU,UAAU,CAAC,GAAW,EAAA;AACpC,IAAA,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;AACjG,IAAA,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAEe,SAAA,iBAAiB,CAAC,CAAa,EAAE,CAAa,EAAA;AAC5D,IAAA,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;AAAE,QAAA,OAAO,KAAK,CAAC;IACxC,IAAI,MAAM,GAAG,CAAC,CAAC;AACf,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KACvB;IACD,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAoDD;;AAEG;AACI,eAAe,iBAAiB,CACrC,SAA6C,EAC7C,UAA2E,EAC3E,gBAAA,GAA2B,IAAI,EAAA;IAE/B,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACzD,IAAA,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,CAAC;AACtD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;;IAG1C,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;IAEnE,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,KAAK;QAC7B,mBAAmB,EAAE,UAAU,CAAC,aAAa;QAC7C,aAAa;QACb,aAAa,EAAE,SAAS,CAAC,IAAI;AAC7B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI;AAC/C,QAAA,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,GAAG,CAAC,cAAc;KAClC,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,eAAe,iBAAiB,CACrC,WAAwB,EACxB,SAA6C,EAAA;IAE7C,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACzD,IAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,CAAC;AAErD,IAAA,IAAI,WAAW,CAAC,aAAa,KAAK,YAAY,EAAE;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;KAC3D;;IAGD,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;KACvD;;AAGD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;AAC1C,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAE1G,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;KACrD;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;AAEG;AACI,eAAe,eAAe,CACnC,UAA+B,EAC/B,SAA6C,EAC7C,MAAwB,EAAA;IAExB,MAAM,MAAM,GAAa,EAAE,CAAC;;IAG5B,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE;AAC3C,QAAA,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;KACnC;;IAGD,IAAI,WAAW,GAAG,CAAC,CAAC;AACpB,IAAA,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,YAAY,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,KAAK,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7F,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,CAAA,OAAA,EAAU,WAAW,CAAC,WAAW,CAAgB,cAAA,CAAA,CAAC,CAAC;YAC/D,SAAS;SACV;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAC/D,QAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;AACjB,YAAA,MAAM,CAAC,IAAI,CAAC,CAAA,iBAAA,EAAoB,WAAW,CAAC,WAAW,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;YAC5E,SAAS;SACV;AAED,QAAA,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC;KAC9B;;AAGD,IAAA,IAAI,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE;QAClC,MAAM,CAAC,IAAI,CAAC,CAA6B,0BAAA,EAAA,WAAW,CAAe,YAAA,EAAA,MAAM,CAAC,SAAS,CAAE,CAAA,CAAC,CAAC;KACxF;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAqBD;;;AAGG;AACI,eAAe,0BAA0B,CAC9C,UAAsB,EACtB,IAAsD,EAAA;IAEtD,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;;IAGxD,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACtD,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACzF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;AACtC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;AAE9D,IAAA,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;AAClD,IAAA,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;;AAG/C,IAAA,MAAM,cAAc,GAAG;AACrB,QAAA,IAAI,EAAE,sBAA+B;AACrC,QAAA,OAAO,EAAE,CAAU;QACnB,cAAc;QACd,gBAAgB,EAAE,IAAI,CAAC,aAAa;AACpC,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;;AAGF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;AAErG,IAAA,MAAM,UAAU,GAAyB;AACvC,QAAA,GAAG,cAAc;QACjB,SAAS,EAAE,GAAG,CAAC,cAAc;KAC9B,CAAC;AAEF,IAAA,MAAM,MAAM,GAAqB;QAC/B,cAAc;AACd,QAAA,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;QACtB,SAAS;KACV,CAAC;AAEF,IAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;AAChC,CAAC;AAED;;AAEG;AACI,eAAe,0BAA0B,CAC9C,UAAgC,EAAA;IAEhC,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,cAAc,GAAG;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;QAC7C,SAAS,EAAE,UAAU,CAAC,SAAS;KAChC,CAAC;AAEF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;AACxD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AAEhE,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,gBAAgB,CAAC,CAAC;AAEjG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;KAChE;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;AAEG;AACI,eAAe,sBAAsB,CAC1C,UAAgC,EAChC,UAAsB,EACtB,MAAwB,EAAA;IAExB,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC/D,IAAA,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE;AACpB,QAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA,8BAAA,EAAiC,SAAS,CAAC,KAAK,CAAA,CAAE,EAAE,CAAC;KACpF;;AAGD,IAAA,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;AACvD,IAAA,IAAI,iBAAiB,KAAK,MAAM,CAAC,SAAS,EAAE;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC;KACpE;;IAGD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;AAE/D,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACzF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;AACtC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;AAE9D,IAAA,MAAM,sBAAsB,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;AAE1D,IAAA,IAAI,sBAAsB,KAAK,UAAU,CAAC,cAAc,EAAE;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;KACzE;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;AACA;AACA;AAEA,eAAe,UAAU,CAAC,IAAgB,EAAA;AACxC,IAAA,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAA+B,CAAC,CAAC;IAC1F,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD;;;;"}
1	+ {"version":3,"file":"index.mjs","sources":["../../src/index.ts"],"sourcesContent":["// Ma'atara Core PQC Toolkit\n// Post-Quantum Cryptography for Browser and Node.js\n// \n// SECURITY NOTICE: This library implements FIPS 204 (ML-DSA) and FIPS 203 (ML-KEM)\n// post-quantum cryptographic algorithms. Key material should be:\n// 1. Stored securely (encrypted at rest)\n// 2. Transmitted only over secure channels\n// 3. Zeroized after use when possible\n// 4. Protected by hardware security modules for high-value operations\n//\n// See docs/WASM_SECURITY_MODEL.md for browser-specific security considerations.\n\n// ============================================================================\n// SECURITY CONSTANTS\n// ============================================================================\nconst MAX_MESSAGE_SIZE = 16 * 1024 * 1024; // 16MB - prevent memory exhaustion\nconst MAX_KEY_SIZE = 1024 * 1024; // 1MB - reasonable for PQC keys\nconst MAX_ATTESTATION_COUNT = 100; // Prevent DoS from large attestation arrays\n\nexport interface KyberKeypair {\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface KyberEncap {\n kem_ct_b64u: string;\n shared_b64u: string;\n}\n\nexport interface AesGcmWrap {\n iv_b64u: string;\n ct_b64u: string;\n}\n\nexport interface DilithiumKeypair {\n algorithm: string;\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface DilithiumSignResult {\n signature_b64u: string;\n algorithm: string;\n}\n\nexport interface DilithiumVerifyResult {\n is_valid: boolean;\n algorithm: string;\n}\n\nexport interface HkdfResult {\n key_b64u: string;\n}\n\nexport interface AesGcmUnwrapResult {\n dek_b64u: string;\n}\n\n// Import WASM functions (namespace import for better bundler compatibility)\nimport * as wasmPkg from '@maatara/core-pqc-wasm';\nconst wasm_kyber_keygen = (wasmPkg as any).kyber_keygen as () => string;\nconst wasm_kyber_encaps = (wasmPkg as any).kyber_encaps as (p: string) => string;\nconst wasm_kyber_decaps = (wasmPkg as any).kyber_decaps as (s: string, c: string) => string;\nconst wasm_hkdf_sha256 = (wasmPkg as any).hkdf_sha256 as (s: string, i: string, salt?: string, len?: number) => string;\nconst wasm_aes_gcm_wrap = (wasmPkg as any).aes_gcm_wrap as (k: string, d: string, a: string) => string;\nconst wasm_aes_gcm_unwrap = (wasmPkg as any).aes_gcm_unwrap as (k: string, iv: string, ct: string, a: string) => string;\nconst wasm_dilithium_keygen = (wasmPkg as any).dilithium_keygen as () => string;\nconst wasm_dilithium_sign = (wasmPkg as any).dilithium_sign as (m: string, s: string) => string;\nconst wasm_dilithium_verify = (wasmPkg as any).dilithium_verify as (m: string, sig: string, p: string) => string;\n\n// Deterministic/canonicalization and governance helpers\nexport interface CanonicalOut { canonical: string; msg_b64u?: string; msgB64u?: string }\n\n// Initialize WASM\nlet wasmReady = false;\n\n/*\n Initialize the underlying WASM module.\n * - In browsers/bundlers where the glue knows how to fetch the .wasm, you can call without params.\n * - If your bundler provides a URL or Module for the .wasm, pass it as the first argument.\n /\nexport async function initWasm(wasmInput?: any): Promise<void> {\n if (wasmReady) return;\n const maybeInit = (wasmPkg as any).default;\n if (typeof maybeInit === 'function') {\n // Some environments require a URL/Module/bytes for initialization.\n // We forward the optional value if provided; otherwise let the glue resolve it.\n if (wasmInput !== undefined) {\n await maybeInit(wasmInput);\n } else {\n await maybeInit();\n }\n }\n wasmReady = true;\n}\n\n// Kyber functions\nexport async function kyberKeygen(): Promise<KyberKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberEncaps(publicB64u: string): Promise<KyberEncap> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_encaps(publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberDecaps(secretB64u: string, kemCtB64u: string): Promise<{ shared_b64u: string }> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_decaps(secretB64u, kemCtB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// HKDF functions\nexport async function hkdfSha256(\n secretB64u: string,\n infoB64u: string,\n saltB64u?: string,\n len: number = 32\n): Promise<HkdfResult> {\n await initWasm();\n const result = JSON.parse(wasm_hkdf_sha256(secretB64u, infoB64u, saltB64u, len));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// AES-GCM functions\nexport async function aesGcmWrap(\n keyB64u: string,\n dekB64u: string,\n aadB64u: string\n): Promise<AesGcmWrap> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_wrap(keyB64u, dekB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function aesGcmUnwrap(\n keyB64u: string,\n ivB64u: string,\n ctB64u: string,\n aadB64u: string\n): Promise<AesGcmUnwrapResult> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_unwrap(keyB64u, ivB64u, ctB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// Dilithium functions\n\n/\n Generate a new ML-DSA-65 (Dilithium) keypair.\n * SECURITY: Keys should be stored encrypted at rest.\n * For high-value operations, consider hardware security modules.\n /\nexport async function dilithiumKeygen(): Promise<DilithiumKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_dilithium_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/\n Sign a message using ML-DSA-65 (Dilithium).\n * @param messageB64u - Base64url-encoded message to sign\n * @param secretB64u - Base64url-encoded secret key\n * SECURITY: Secret key should be zeroized after use if possible.\n /\nexport async function dilithiumSign(\n messageB64u: string,\n secretB64u: string\n): Promise<DilithiumSignResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (secretB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Secret key exceeds maximum size of ${MAX_KEY_SIZE} bytes`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_sign(messageB64u, secretB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/\n Verify a ML-DSA-65 (Dilithium) signature.\n * @param messageB64u - Base64url-encoded message\n * @param signatureB64u - Base64url-encoded signature\n * @param publicB64u - Base64url-encoded public key\n /\nexport async function dilithiumVerify(\n messageB64u: string,\n signatureB64u: string,\n publicB64u: string\n): Promise<DilithiumVerifyResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (signatureB64u.length > MAX_KEY_SIZE \|\| publicB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Signature or public key exceeds maximum size`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_verify(messageB64u, signatureB64u, publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// ---- Deterministic helpers (multisig/art token) ----\nexport async function jcsCanonicalize(json: unknown): Promise<string> {\n await initWasm();\n const raw = (wasmPkg as any).jcs_canonicalize(JSON.stringify(json));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return out.canonical as string;\n}\n\nexport async function buildPolicyPreimage(policy: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_governance(JSON.stringify(policy));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildMintPreimage(header: unknown, asset: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_mint(JSON.stringify(header), JSON.stringify(asset));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildTransferPreimage(header: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_transfer(JSON.stringify(header));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildAnchorPreimage(userId: string, rootHex: string, epoch: string, chains: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_anchor(userId, rootHex, epoch, JSON.stringify(chains));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\n// ---- Veritas Block Preimage (NEW v2 JCS canonical form) ----\n// We migrate block signing to a canonical (JCS) JSON similar to other preimages.\n// Legacy (v1) blocks used a hand-crafted JSON.stringify of a plain object with fixed insertion order.\n// This helper produces a canonical JSON string and msg_b64u = b64url(UTF-8(canonical JSON)).\n// NOTE: We intentionally EXCLUDE signature, encryptionKeyHash, and any runtime-only fields.\n// Fields included (ordered via JCS lexical ordering):\n// contentType, dataHash, index, metadataHash, ownerPublicKey, previousHash, signatureAlg, timestamp, version\n// index & timestamp MUST be strings representing decimal integers (BigInt safe) – caller responsibility.\nexport interface BlockPreimageInput {\n index: string \| number \| bigint;\n timestamp: string \| number \| bigint;\n previousHash: string;\n dataHash: string;\n metadataHash: string;\n signatureAlg: string; // e.g. 'dilithium2'\n ownerPublicKey: string; // Dilithium public key (base64url)\n contentType?: string; // default 'application/json'\n version: number; // block format / protocol version\n}\n\nexport async function buildBlockPreimage(block: BlockPreimageInput): Promise<CanonicalOut> {\n await initWasm();\n // Normalize fields per spec\n const normalized = {\n contentType: block.contentType \|\| 'application/json',\n dataHash: block.dataHash,\n index: block.index.toString(),\n metadataHash: block.metadataHash,\n ownerPublicKey: block.ownerPublicKey,\n previousHash: block.previousHash,\n signatureAlg: block.signatureAlg,\n timestamp: block.timestamp.toString(),\n version: block.version,\n };\n // Use JCS canonicalization via wasm jcs_canonicalize (already exposed through jcsCanonicalize helper)\n const canonical = await jcsCanonicalize(normalized);\n const msg_b64u = b64uEncode(new TextEncoder().encode(canonical));\n return { canonical, msg_b64u, msgB64u: msg_b64u };\n}\n\nexport async function validateRoyalty(receiver: string, bps: number): Promise<boolean> {\n await initWasm();\n const raw = (wasmPkg as any).validate_royalty(receiver, bps);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) return false;\n return !!out.ok;\n}\n\nexport async function verifyAttestations(msgB64u: string, attestations: Array<{ alg: string; publicKeyB64u: string; signatureB64u: string }>, allowedPublicKeys?: string[]): Promise<number> {\n await initWasm();\n const raw = (wasmPkg as any).verify_attestations(msgB64u, JSON.stringify(attestations), allowedPublicKeys ? JSON.stringify(allowedPublicKeys) : undefined);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return Number(out.valid_count \|\| 0);\n}\n\n// Utility functions\n// Cross-env base64url helpers (browser + Node)\nfunction _fromByteArray(bytes: Uint8Array): string {\n if (typeof btoa === 'function') {\n // Browser\n let s = '';\n for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]);\n return btoa(s);\n }\n // Node\n return Buffer.from(bytes).toString('base64');\n}\n\nfunction _toByteArray(b64: string): Uint8Array {\n if (typeof atob === 'function') {\n const binary = atob(b64);\n const out = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);\n return out;\n }\n return new Uint8Array(Buffer.from(b64, 'base64'));\n}\n\nexport function b64uEncode(data: Uint8Array): string {\n return _fromByteArray(data)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+/g, '');\n}\n\nexport function b64uDecode(str: string): Uint8Array {\n const b64 = str.replace(/-/g, '+').replace(/_/g, '/').padEnd(Math.ceil(str.length / 4) 4, '=');\n return _toByteArray(b64);\n}\n\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result \|= a[i] ^ b[i];\n }\n return result === 0;\n}\n\n// ============================================================================\n// THRESHOLD SIGNATURES & GOVERNANCE\n// ============================================================================\n\nexport interface GovernancePolicy {\n policyId: string;\n version: number;\n chainId: string;\n threshold: number;\n signers: Array<{\n publicKeyB64u: string;\n keyId: string;\n weight: number;\n role: 'owner' \| 'guardian' \| 'delegate' \| 'recovery';\n }>;\n operations: Array<{\n action: string;\n requiredThreshold?: number;\n requiredRoles?: string[];\n maxValue?: string;\n timelock?: number;\n }>;\n validFrom: number;\n validUntil: number;\n createdAt: number;\n createdBy: string;\n policySignature: string;\n}\n\nexport interface Attestation {\n signerKeyId: string;\n signerPublicKeyB64u: string;\n operationHash: string;\n operationType: string;\n attestedAt: number;\n expiresAt: number;\n signatureAlg: 'dilithium2';\n signatureB64u: string;\n}\n\nexport interface AggregatedSignature {\n policyId: string;\n policyVersion: number;\n operationHash: string;\n attestations: Attestation[];\n totalWeight: number;\n thresholdMet: boolean;\n verifiedAt: number;\n}\n\n/*\n Create an attestation for a threshold signature operation.\n /\nexport async function createAttestation(\n operation: { type: string; payload: unknown },\n signerKeys: { keyId: string; publicKeyB64u: string; secretKeyB64u: string },\n expiresInSeconds: number = 3600\n): Promise<Attestation> {\n await initWasm();\n \n // Build deterministic preimage for the operation\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const operationHash = await sha256B64u(preimageBytes);\n const msgB64u = b64uEncode(preimageBytes);\n \n // Sign the preimage\n const sig = await dilithiumSign(msgB64u, signerKeys.secretKeyB64u);\n \n return {\n signerKeyId: signerKeys.keyId,\n signerPublicKeyB64u: signerKeys.publicKeyB64u,\n operationHash,\n operationType: operation.type,\n attestedAt: Date.now(),\n expiresAt: Date.now() + expiresInSeconds 1000,\n signatureAlg: 'dilithium2',\n signatureB64u: sig.signature_b64u\n };\n}\n\n/*\n Verify an attestation signature.\n /\nexport async function verifyAttestation(\n attestation: Attestation,\n operation: { type: string; payload: unknown }\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Rebuild expected operation hash\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const expectedHash = await sha256B64u(preimageBytes);\n \n if (attestation.operationHash !== expectedHash) {\n return { valid: false, error: 'Operation hash mismatch' };\n }\n \n // Check expiry\n if (attestation.expiresAt < Date.now()) {\n return { valid: false, error: 'Attestation expired' };\n }\n \n // Verify signature\n const msgB64u = b64uEncode(preimageBytes);\n const result = await dilithiumVerify(msgB64u, attestation.signatureB64u, attestation.signerPublicKeyB64u);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid signature' };\n }\n \n return { valid: true };\n}\n\n/\n Verify that an aggregated signature meets the threshold policy.\n /\nexport async function verifyThreshold(\n aggregated: AggregatedSignature,\n operation: { type: string; payload: unknown },\n policy: GovernancePolicy\n): Promise<{ valid: boolean; errors: string[] }> {\n const errors: string[] = [];\n \n // Check policy match\n if (aggregated.policyId !== policy.policyId) {\n errors.push('Policy ID mismatch');\n }\n \n // Verify each attestation and compute weight\n let validWeight = 0;\n for (const attestation of aggregated.attestations) {\n const signer = policy.signers.find(s => s.publicKeyB64u === attestation.signerPublicKeyB64u);\n if (!signer) {\n errors.push(`Signer ${attestation.signerKeyId} not in policy`);\n continue;\n }\n \n const result = await verifyAttestation(attestation, operation);\n if (!result.valid) {\n errors.push(`Attestation from ${attestation.signerKeyId}: ${result.error}`);\n continue;\n }\n \n validWeight += signer.weight;\n }\n \n // Check threshold\n if (validWeight < policy.threshold) {\n errors.push(`Threshold not met: weight ${validWeight} < required ${policy.threshold}`);\n }\n \n return { valid: errors.length === 0, errors };\n}\n\n// ============================================================================\n// PRE-REGISTRATION COMMITMENT SCHEME\n// ============================================================================\n\nexport interface ProvenanceCommitment {\n type: 'ProvenanceCommitment';\n version: 1;\n commitmentHash: string;\n creatorPublicKey: string;\n timestamp: number;\n signature: string;\n}\n\nexport interface CommitmentReveal {\n commitmentHash: string;\n salt: string;\n assetHash: string;\n}\n\n/\n Create a provenance commitment for an asset before public disclosure.\n * This establishes a timestamped claim without revealing the asset content.\n /\nexport async function createProvenanceCommitment(\n assetBytes: Uint8Array,\n keys: { publicKeyB64u: string; secretKeyB64u: string }\n): Promise<{ commitment: ProvenanceCommitment; reveal: CommitmentReveal }> {\n await initWasm();\n \n // Generate random salt\n const salt = crypto.getRandomValues(new Uint8Array(32));\n \n // Compute commitment hash = SHA256(asset \|\| salt \|\| publicKey)\n const publicKeyBytes = b64uDecode(keys.publicKeyB64u);\n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const commitmentHash = await sha256B64u(preimage);\n const assetHash = await sha256B64u(assetBytes);\n \n // Build commitment object (without signature)\n const commitmentData = {\n type: 'ProvenanceCommitment' as const,\n version: 1 as const,\n commitmentHash,\n creatorPublicKey: keys.publicKeyB64u,\n timestamp: Date.now()\n };\n \n // Sign the commitment\n const canonical = await jcsCanonicalize(commitmentData);\n const sig = await dilithiumSign(b64uEncode(new TextEncoder().encode(canonical)), keys.secretKeyB64u);\n \n const commitment: ProvenanceCommitment = {\n ...commitmentData,\n signature: sig.signature_b64u\n };\n \n const reveal: CommitmentReveal = {\n commitmentHash,\n salt: b64uEncode(salt),\n assetHash\n };\n \n return { commitment, reveal };\n}\n\n/\n Verify a provenance commitment signature.\n /\nexport async function verifyProvenanceCommitment(\n commitment: ProvenanceCommitment\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Reconstruct the signed data (without signature field)\n const commitmentData = {\n type: commitment.type,\n version: commitment.version,\n commitmentHash: commitment.commitmentHash,\n creatorPublicKey: commitment.creatorPublicKey,\n timestamp: commitment.timestamp\n };\n \n const canonical = await jcsCanonicalize(commitmentData);\n const msgB64u = b64uEncode(new TextEncoder().encode(canonical));\n \n const result = await dilithiumVerify(msgB64u, commitment.signature, commitment.creatorPublicKey);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid commitment signature' };\n }\n \n return { valid: true };\n}\n\n/\n Verify that a revealed asset matches a commitment.\n /\nexport async function verifyCommitmentReveal(\n commitment: ProvenanceCommitment,\n assetBytes: Uint8Array,\n reveal: CommitmentReveal\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // First verify the commitment signature\n const sigResult = await verifyProvenanceCommitment(commitment);\n if (!sigResult.valid) {\n return { valid: false, error: `Commitment signature invalid: ${sigResult.error}` };\n }\n \n // Verify asset hash matches\n const computedAssetHash = await sha256B64u(assetBytes);\n if (computedAssetHash !== reveal.assetHash) {\n return { valid: false, error: 'Asset hash does not match reveal' };\n }\n \n // Reconstruct commitment hash\n const salt = b64uDecode(reveal.salt);\n const publicKeyBytes = b64uDecode(commitment.creatorPublicKey);\n \n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const computedCommitmentHash = await sha256B64u(preimage);\n \n if (computedCommitmentHash !== commitment.commitmentHash) {\n return { valid: false, error: 'Commitment hash does not match reveal' };\n }\n \n return { valid: true };\n}\n\n// ============================================================================\n// HELPER: SHA-256 with base64url output\n// ============================================================================\n\nasync function sha256B64u(data: Uint8Array): Promise<string> {\n const hashBuffer = await crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n return b64uEncode(new Uint8Array(hashBuffer));\n}\n\n// ============================================================================\n// ALGORITHMIC OPTIMIZATIONS (arXiv:2501.02305, arXiv:2504.17033)\n// ============================================================================\n// High-performance data structures for verification operations\n\n// WASM bindings for algorithm functions\nconst wasm_create_nonce_cache = (wasmPkg as any).create_nonce_cache as (capacity: number, ttl_ms: number) => string;\nconst wasm_nonce_cache_info = (wasmPkg as any).nonce_cache_info as () => string;\nconst wasm_sssp_config = (wasmPkg as any).sssp_config as (nodes: number) => string;\nconst wasm_provenance_path_config = (wasmPkg as any).provenance_path_config as (chain_length: number, branches: number) => string;\nconst wasm_elastic_hash_config = (wasmPkg as any).elastic_hash_config as (capacity: number, load_factor: number) => string;\n\n/\n Nonce Cache Configuration\n * Uses Elastic Hashing (arXiv:2501.02305) for O(1) amortized lookup\n /\nexport interface NonceCacheConfig {\n type: string;\n capacity: number;\n ttl_ms: number;\n algorithm: string;\n complexity: string;\n}\n\n/\n Create a nonce cache configuration for replay attack prevention.\n * Based on Elastic Hashing - O(1) amortized, O(log(1/δ)) worst-case.\n * \n * @param capacity - Maximum number of nonces to track\n * @param ttlMs - Time-to-live in milliseconds before nonces expire\n /\nexport async function createNonceCacheConfig(capacity: number, ttlMs: number): Promise<NonceCacheConfig> {\n await initWasm();\n return JSON.parse(wasm_create_nonce_cache(capacity, ttlMs));\n}\n\n/\n Get information about the nonce cache algorithm.\n /\nexport async function getNonceCacheInfo(): Promise<{\n name: string;\n paper: string;\n probe_complexity: string;\n load_factor: number;\n features: string[];\n}> {\n await initWasm();\n return JSON.parse(wasm_nonce_cache_info());\n}\n\n/\n SSSP (Single-Source Shortest Path) Configuration\n * Uses Frontier-Reduced algorithm (arXiv:2504.17033)\n /\nexport interface SSSPConfig {\n name: string;\n paper: string;\n complexity: string;\n nodes: number;\n pivots_k: number;\n batch_t: number;\n use_cases: string[];\n}\n\n/\n Get optimal SSSP configuration for graph verification.\n * Uses Frontier-Reduced SSSP - O(m × log^(2/3)(n)) complexity.\n * \n * @param nodes - Expected number of nodes in the graph\n /\nexport async function getSSSPConfig(nodes: number): Promise<SSSPConfig> {\n await initWasm();\n return JSON.parse(wasm_sssp_config(nodes));\n}\n\n/\n Provenance Path Configuration\n * Optimized parameters for chain of custody verification\n /\nexport interface ProvenancePathConfig {\n algorithm: string;\n chain_length: number;\n branches: number;\n estimated_nodes: number;\n estimated_edges: number;\n pivots_k: number;\n batch_t: number;\n complexity: string;\n verification_mode: string;\n}\n\n/\n Get optimized configuration for provenance chain verification.\n * \n * @param chainLength - Number of blocks in the provenance chain\n * @param branches - Average number of branches per block\n /\nexport async function getProvenancePathConfig(chainLength: number, branches: number): Promise<ProvenancePathConfig> {\n await initWasm();\n return JSON.parse(wasm_provenance_path_config(chainLength, branches));\n}\n\n/\n Elastic Hash Configuration\n * High-performance hash table for key caching\n /\nexport interface ElasticHashConfig {\n algorithm: string;\n paper: string;\n capacity: number;\n load_factor: number;\n levels: number;\n probe_complexity: {\n amortized: string;\n worst_case: string;\n };\n use_cases: string[];\n}\n\n/\n Get elastic hash table configuration for key caching.\n * Optimal for PQC public key caching with O(1) amortized lookups.\n * \n * @param capacity - Maximum number of entries\n * @param loadFactor - Target load factor (0.0 to 1.0, recommend 0.95)\n */\nexport async function getElasticHashConfig(capacity: number, loadFactor: number = 0.95): Promise<ElasticHashConfig> {\n await initWasm();\n return JSON.parse(wasm_elastic_hash_config(capacity, loadFactor));\n}\n"],"names":[],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAC1C,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC;AA4CjC,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAA4B;AACvE,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAAqC;AAChF,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAAgD;AAC3F,MAAM,gBAAgB,GAAI,OAAe,CAAC,WAA4E;AACtH,MAAM,iBAAiB,GAAI,OAAe,CAAC,YAA2D;AACtG,MAAM,mBAAmB,GAAI,OAAe,CAAC,cAA0E;AACvH,MAAM,qBAAqB,GAAI,OAAe,CAAC,gBAAgC;AAC/E,MAAM,mBAAmB,GAAI,OAAe,CAAC,cAAkD;AAC/F,MAAM,qBAAqB,GAAI,OAAe,CAAC,gBAAiE;AAKhH;AACA,IAAI,SAAS,GAAG,KAAK;AAErB;;;;AAIG;AACI,eAAe,QAAQ,CAAC,SAAe,EAAA;AAC5C,IAAA,IAAI,SAAS;QAAE;AACf,IAAA,MAAM,SAAS,GAAI,OAAe,CAAC,OAAO;AAC1C,IAAA,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE;;;AAGnC,QAAA,IAAI,SAAS,KAAK,SAAS,EAAE;AAC3B,YAAA,MAAM,SAAS,CAAC,SAAS,CAAC;QAC5B;aAAO;YACL,MAAM,SAAS,EAAE;QACnB;IACF;IACA,SAAS,GAAG,IAAI;AAClB;AAEA;AACO,eAAe,WAAW,GAAA;IAC/B,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC;IAC9C,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,WAAW,CAAC,UAAkB,EAAA;IAClD,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAA;IACrE,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,UAAU,CAC9B,UAAkB,EAClB,QAAgB,EAChB,QAAiB,EACjB,GAAA,GAAc,EAAE,EAAA;IAEhB,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,UAAU,CAC9B,OAAe,EACf,OAAe,EACf,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEO,eAAe,YAAY,CAChC,OAAe,EACf,MAAc,EACd,MAAc,EACd,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAChF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AAEA;;;;AAIG;AACI,eAAe,eAAe,GAAA;IACnC,MAAM,QAAQ,EAAE;IAChB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;;;;;AAKG;AACI,eAAe,aAAa,CACjC,WAAmB,EACnB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC;IAC9E;AACA,IAAA,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AACpC,QAAA,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,CAAA,MAAA,CAAQ,CAAC;IAC7E;IAEA,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACvE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;;;;;AAKG;AACI,eAAe,eAAe,CACnC,WAAmB,EACnB,aAAqB,EACrB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC;IAC9E;AACA,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,YAAY,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AAC3E,QAAA,MAAM,IAAI,KAAK,CAAC,CAAA,4CAAA,CAA8C,CAAC;IACjE;IAEA,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IACxF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,IAAA,OAAO,MAAM;AACf;AAEA;AACO,eAAe,eAAe,CAAC,IAAa,EAAA;IACjD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AACnE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;IAC1C,OAAO,GAAG,CAAC,SAAmB;AAChC;AAEO,eAAe,mBAAmB,CAAC,MAAe,EAAA;IACvD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACxE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,iBAAiB,CAAC,MAAe,EAAE,KAAc,EAAA;IACrE,MAAM,QAAQ,EAAE;IAChB,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,qBAAqB,CAAC,MAAe,EAAA;IACzD,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAC5E,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAEO,eAAe,mBAAmB,CAAC,MAAc,EAAE,OAAe,EAAE,KAAa,EAAE,MAAe,EAAA;IACvG,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AAC5F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;AAC1C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE;AACpF;AAsBO,eAAe,kBAAkB,CAAC,KAAyB,EAAA;IAChE,MAAM,QAAQ,EAAE;;AAEhB,IAAA,MAAM,UAAU,GAAG;AACjB,QAAA,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,kBAAkB;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ;AACxB,QAAA,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC7B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,YAAY,EAAE,KAAK,CAAC,YAAY;AAChC,QAAA,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB;;AAED,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC;AACnD,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;AACnD;AAEO,eAAe,eAAe,CAAC,QAAgB,EAAE,GAAW,EAAA;IACjE,MAAM,QAAQ,EAAE;IAChB,MAAM,GAAG,GAAI,OAAe,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC;AAC5D,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,OAAO,KAAK;AAC5B,IAAA,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE;AACjB;AAEO,eAAe,kBAAkB,CAAC,OAAe,EAAE,YAAkF,EAAE,iBAA4B,EAAA;IACxK,MAAM,QAAQ,EAAE;AAChB,IAAA,MAAM,GAAG,GAAI,OAAe,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;AAC1J,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG;IAC3D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;IAC1C,OAAO,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC;AACrC;AAEA;AACA;AACA,SAAS,cAAc,CAAC,KAAiB,EAAA;AACvC,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;;QAE9B,IAAI,CAAC,GAAG,EAAE;AACV,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACzE,QAAA,OAAO,IAAI,CAAC,CAAC,CAAC;IAChB;;IAEA,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;AAC9C;AAEA,SAAS,YAAY,CAAC,GAAW,EAAA;AAC/B,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;AAC9B,QAAA,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;QACxB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC;AACzC,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;AACrE,QAAA,OAAO,GAAG;IACZ;AACA,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;AACnD;AAEM,SAAU,UAAU,CAAC,IAAgB,EAAA;IACzC,OAAO,cAAc,CAAC,IAAI;AACvB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACvB;AAEM,SAAU,UAAU,CAAC,GAAW,EAAA;AACpC,IAAA,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;AAChG,IAAA,OAAO,YAAY,CAAC,GAAG,CAAC;AAC1B;AAEM,SAAU,iBAAiB,CAAC,CAAa,EAAE,CAAa,EAAA;AAC5D,IAAA,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;AAAE,QAAA,OAAO,KAAK;IACvC,IAAI,MAAM,GAAG,CAAC;AACd,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvB;IACA,OAAO,MAAM,KAAK,CAAC;AACrB;AAoDA;;AAEG;AACI,eAAe,iBAAiB,CACrC,SAA6C,EAC7C,UAA2E,EAC3E,gBAAA,GAA2B,IAAI,EAAA;IAE/B,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;AACxD,IAAA,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC;AACrD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;;IAGzC,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,aAAa,CAAC;IAElE,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,KAAK;QAC7B,mBAAmB,EAAE,UAAU,CAAC,aAAa;QAC7C,aAAa;QACb,aAAa,EAAE,SAAS,CAAC,IAAI;AAC7B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI;AAC/C,QAAA,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,GAAG,CAAC;KACpB;AACH;AAEA;;AAEG;AACI,eAAe,iBAAiB,CACrC,WAAwB,EACxB,SAA6C,EAAA;IAE7C,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC;IAC5F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;AACxD,IAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC;AAEpD,IAAA,IAAI,WAAW,CAAC,aAAa,KAAK,YAAY,EAAE;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE;IAC3D;;IAGA,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACvD;;AAGA,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC;AACzC,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,mBAAmB,CAAC;AAEzG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE;IACrD;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;;AAEG;AACI,eAAe,eAAe,CACnC,UAA+B,EAC/B,SAA6C,EAC7C,MAAwB,EAAA;IAExB,MAAM,MAAM,GAAa,EAAE;;IAG3B,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE;AAC3C,QAAA,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC;IACnC;;IAGA,IAAI,WAAW,GAAG,CAAC;AACnB,IAAA,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,YAAY,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,KAAK,WAAW,CAAC,mBAAmB,CAAC;QAC5F,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,CAAA,OAAA,EAAU,WAAW,CAAC,WAAW,CAAA,cAAA,CAAgB,CAAC;YAC9D;QACF;QAEA,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC;AAC9D,QAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;AACjB,YAAA,MAAM,CAAC,IAAI,CAAC,CAAA,iBAAA,EAAoB,WAAW,CAAC,WAAW,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAA,CAAE,CAAC;YAC3E;QACF;AAEA,QAAA,WAAW,IAAI,MAAM,CAAC,MAAM;IAC9B;;AAGA,IAAA,IAAI,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE;QAClC,MAAM,CAAC,IAAI,CAAC,CAAA,0BAAA,EAA6B,WAAW,CAAA,YAAA,EAAe,MAAM,CAAC,SAAS,CAAA,CAAE,CAAC;IACxF;IAEA,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE;AAC/C;AAqBA;;;AAGG;AACI,eAAe,0BAA0B,CAC9C,UAAsB,EACtB,IAAsD,EAAA;IAEtD,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;;IAGvD,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC;AACrD,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;AACxF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC;AACrC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;AAE7D,IAAA,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC;AACjD,IAAA,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC;;AAG9C,IAAA,MAAM,cAAc,GAAG;AACrB,QAAA,IAAI,EAAE,sBAA+B;AACrC,QAAA,OAAO,EAAE,CAAU;QACnB,cAAc;QACd,gBAAgB,EAAE,IAAI,CAAC,aAAa;AACpC,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG;KACpB;;AAGD,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC;AAEpG,IAAA,MAAM,UAAU,GAAyB;AACvC,QAAA,GAAG,cAAc;QACjB,SAAS,EAAE,GAAG,CAAC;KAChB;AAED,IAAA,MAAM,MAAM,GAAqB;QAC/B,cAAc;AACd,QAAA,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;QACtB;KACD;AAED,IAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE;AAC/B;AAEA;;AAEG;AACI,eAAe,0BAA0B,CAC9C,UAAgC,EAAA;IAEhC,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,cAAc,GAAG;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;QAC7C,SAAS,EAAE,UAAU,CAAC;KACvB;AAED,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC;AACvD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAE/D,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,gBAAgB,CAAC;AAEhG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAChE;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;;AAEG;AACI,eAAe,sBAAsB,CAC1C,UAAgC,EAChC,UAAsB,EACtB,MAAwB,EAAA;IAExB,MAAM,QAAQ,EAAE;;AAGhB,IAAA,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC;AAC9D,IAAA,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE;AACpB,QAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA,8BAAA,EAAiC,SAAS,CAAC,KAAK,CAAA,CAAE,EAAE;IACpF;;AAGA,IAAA,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC;AACtD,IAAA,IAAI,iBAAiB,KAAK,MAAM,CAAC,SAAS,EAAE;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE;IACpE;;IAGA,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;IACpC,MAAM,cAAc,GAAG,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC;AAE9D,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;AACxF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IAC3B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC;AACrC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;AAE7D,IAAA,MAAM,sBAAsB,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC;AAEzD,IAAA,IAAI,sBAAsB,KAAK,UAAU,CAAC,cAAc,EAAE;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE;IACzE;AAEA,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;AACxB;AAEA;AACA;AACA;AAEA,eAAe,UAAU,CAAC,IAAgB,EAAA;AACxC,IAAA,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAA+B,CAAC;IACzF,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;AAC/C;AAEA;AACA;AACA;AACA;AAEA;AACA,MAAM,uBAAuB,GAAI,OAAe,CAAC,kBAAkE;AACnH,MAAM,qBAAqB,GAAI,OAAe,CAAC,gBAAgC;AAC/E,MAAM,gBAAgB,GAAI,OAAe,CAAC,WAAwC;AAClF,MAAM,2BAA2B,GAAI,OAAe,CAAC,sBAA4E;AACjI,MAAM,wBAAwB,GAAI,OAAe,CAAC,mBAAwE;AAc1H;;;;;;AAMG;AACI,eAAe,sBAAsB,CAAC,QAAgB,EAAE,KAAa,EAAA;IAC1E,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC7D;AAEA;;AAEG;AACI,eAAe,iBAAiB,GAAA;IAOrC,MAAM,QAAQ,EAAE;AAChB,IAAA,OAAO,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;AAC5C;AAgBA;;;;;AAKG;AACI,eAAe,aAAa,CAAC,KAAa,EAAA;IAC/C,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;AAC5C;AAkBA;;;;;AAKG;AACI,eAAe,uBAAuB,CAAC,WAAmB,EAAE,QAAgB,EAAA;IACjF,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;AACvE;AAmBA;;;;;;AAMG;AACI,eAAe,oBAAoB,CAAC,QAAgB,EAAE,aAAqB,IAAI,EAAA;IACpF,MAAM,QAAQ,EAAE;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;AACnE;;;;"}

package/dist/src/index.d.ts CHANGED Viewed

@@ -206,4 +206,99 @@ export declare function verifyCommitmentReveal(commitment: ProvenanceCommitment,
     valid: boolean;
     error?: string;
 }>;
+/**
+ * Nonce Cache Configuration
+ * Uses Elastic Hashing (arXiv:2501.02305) for O(1) amortized lookup
+ */
+export interface NonceCacheConfig {
+    type: string;
+    capacity: number;
+    ttl_ms: number;
+    algorithm: string;
+    complexity: string;
+}
+/**
+ * Create a nonce cache configuration for replay attack prevention.
+ * Based on Elastic Hashing - O(1) amortized, O(log(1/δ)) worst-case.
+ *
+ * @param capacity - Maximum number of nonces to track
+ * @param ttlMs - Time-to-live in milliseconds before nonces expire
+ */
+export declare function createNonceCacheConfig(capacity: number, ttlMs: number): Promise<NonceCacheConfig>;
+/**
+ * Get information about the nonce cache algorithm.
+ */
+export declare function getNonceCacheInfo(): Promise<{
+    name: string;
+    paper: string;
+    probe_complexity: string;
+    load_factor: number;
+    features: string[];
+}>;
+/**
+ * SSSP (Single-Source Shortest Path) Configuration
+ * Uses Frontier-Reduced algorithm (arXiv:2504.17033)
+ */
+export interface SSSPConfig {
+    name: string;
+    paper: string;
+    complexity: string;
+    nodes: number;
+    pivots_k: number;
+    batch_t: number;
+    use_cases: string[];
+}
+/**
+ * Get optimal SSSP configuration for graph verification.
+ * Uses Frontier-Reduced SSSP - O(m × log^(2/3)(n)) complexity.
+ *
+ * @param nodes - Expected number of nodes in the graph
+ */
+export declare function getSSSPConfig(nodes: number): Promise<SSSPConfig>;
+/**
+ * Provenance Path Configuration
+ * Optimized parameters for chain of custody verification
+ */
+export interface ProvenancePathConfig {
+    algorithm: string;
+    chain_length: number;
+    branches: number;
+    estimated_nodes: number;
+    estimated_edges: number;
+    pivots_k: number;
+    batch_t: number;
+    complexity: string;
+    verification_mode: string;
+}
+/**
+ * Get optimized configuration for provenance chain verification.
+ *
+ * @param chainLength - Number of blocks in the provenance chain
+ * @param branches - Average number of branches per block
+ */
+export declare function getProvenancePathConfig(chainLength: number, branches: number): Promise<ProvenancePathConfig>;
+/**
+ * Elastic Hash Configuration
+ * High-performance hash table for key caching
+ */
+export interface ElasticHashConfig {
+    algorithm: string;
+    paper: string;
+    capacity: number;
+    load_factor: number;
+    levels: number;
+    probe_complexity: {
+        amortized: string;
+        worst_case: string;
+    };
+    use_cases: string[];
+}
+/**
+ * Get elastic hash table configuration for key caching.
+ * Optimal for PQC public key caching with O(1) amortized lookups.
+ *
+ * @param capacity - Maximum number of entries
+ * @param loadFactor - Target load factor (0.0 to 1.0, recommend 0.95)
+ */
+export declare function getElasticHashConfig(capacity: number, loadFactor?: number): Promise<ElasticHashConfig>;
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAmBA,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAeD,MAAM,WAAW,YAAY;IAAG,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE;AAKxF;;;;GAIG;AACH,wBAAsB,QAAQ,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAa7D;AAGD,wBAAsB,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC,CAKzD;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAKzE;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAKzG;AAGD,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,EACjB,GAAG,GAAE,MAAW,GACf,OAAO,CAAC,UAAU,CAAC,CAKrB;AAGD,wBAAsB,UAAU,CAC9B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC,CAKrB;AAED,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,kBAAkB,CAAC,CAK7B;AAID;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAKjE;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,mBAAmB,CAAC,CAa9B;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAahC;AAGD,wBAAsB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAMpE;AAED,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMhF;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAM9F;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMlF;AAED,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMhI;AAUD,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAChC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,CAkBzF;AAED,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAMrF;AAED,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAM3L;AAyBD,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAKnD;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAGlD;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAOvE;AAMD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,KAAK,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;QACtB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;KACtD,CAAC,CAAC;IACH,UAAU,EAAE,KAAK,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAC7C,UAAU,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,EAC3E,gBAAgB,GAAE,MAAa,GAC9B,OAAO,CAAC,WAAW,CAAC,CAsBtB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GAC5C,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0B7C;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,mBAAmB,EAC/B,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAC7C,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAgC/C;AAMD,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,CAAC,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GACrD,OAAO,CAAC;IAAE,UAAU,EAAE,oBAAoB,CAAC;IAAC,MAAM,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAyCzE;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,UAAU,EAAE,oBAAoB,GAC/B,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB7C;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA+B7C"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAmBA,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAeD,MAAM,WAAW,YAAY;IAAG,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE;AAKxF;;;;GAIG;AACH,wBAAsB,QAAQ,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAa7D;AAGD,wBAAsB,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC,CAKzD;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAKzE;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAKzG;AAGD,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,EACjB,GAAG,GAAE,MAAW,GACf,OAAO,CAAC,UAAU,CAAC,CAKrB;AAGD,wBAAsB,UAAU,CAC9B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,CAAC,CAKrB;AAED,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,kBAAkB,CAAC,CAK7B;AAID;;;;GAIG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAKjE;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,mBAAmB,CAAC,CAa9B;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,qBAAqB,CAAC,CAahC;AAGD,wBAAsB,eAAe,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAMpE;AAED,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMhF;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAM9F;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMlF;AAED,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAMhI;AAUD,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IAChC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC,CAkBzF;AAED,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAMrF;AAED,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,CAAC,EAAE,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAM3L;AAyBD,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAKnD;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAGlD;AAED,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAOvE;AAMD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,KAAK,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;QACtB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,OAAO,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;KACtD,CAAC,CAAC;IACH,UAAU,EAAE,KAAK,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAC7C,UAAU,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,EAC3E,gBAAgB,GAAE,MAAa,GAC9B,OAAO,CAAC,WAAW,CAAC,CAsBtB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GAC5C,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0B7C;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,mBAAmB,EAC/B,SAAS,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAC7C,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAgC/C;AAMD,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,CAAC,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,UAAU,EAAE,UAAU,EACtB,IAAI,EAAE;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GACrD,OAAO,CAAC;IAAE,UAAU,EAAE,oBAAoB,CAAC;IAAC,MAAM,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAyCzE;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,UAAU,EAAE,oBAAoB,GAC/B,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsB7C;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,gBAAgB,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA+B7C;AAuBD;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAGvG;AAED;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB,CAAC,CAGD;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAGtE;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAGlH;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,GAAE,MAAa,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAGlH"}

package/package.json CHANGED Viewed

@@ -1,16 +1,16 @@
 {
   "name": "@maatara/core-pqc",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Ma'atara Post-Quantum Cryptography Toolkit for Browser and Node.js",
   "type": "module",
-  "main": "dist/index.js",
+  "main": "dist/index.cjs",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
-      "require": "./dist/index.js"
+      "require": "./dist/index.cjs"
     }
   },
   "files": [
@@ -35,14 +35,14 @@
   "author": "Ma'atara",
   "license": "Apache-2.0",
   "devDependencies": {
-    "@rollup/plugin-node-resolve": "^15.0.0",
-    "@rollup/plugin-typescript": "^11.0.0",
+    "@rollup/plugin-node-resolve": "^16.0.0",
+    "@rollup/plugin-typescript": "^12.0.0",
     "@types/jest": "^29.0.0",
-    "ts-jest": "^29.1.1",
+    "ts-jest": "^29.4.6",
     "jest": "^29.0.0",
-    "rollup": "^3.0.0",
+    "rollup": "^4.30.0",
     "tslib": "^2.0.0",
-    "typescript": "^5.0.0"
+    "typescript": "^5.9.3"
   },
   "dependencies": {
     "@maatara/core-pqc-wasm": "^0.3.0"

package/dist/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.js","sources":["../../src/index.ts"],"sourcesContent":["// Ma'atara Core PQC Toolkit\n// Post-Quantum Cryptography for Browser and Node.js\n// \n// SECURITY NOTICE: This library implements FIPS 204 (ML-DSA) and FIPS 203 (ML-KEM)\n// post-quantum cryptographic algorithms. Key material should be:\n// 1. Stored securely (encrypted at rest)\n// 2. Transmitted only over secure channels\n// 3. Zeroized after use when possible\n// 4. Protected by hardware security modules for high-value operations\n//\n// See docs/WASM_SECURITY_MODEL.md for browser-specific security considerations.\n\n// ============================================================================\n// SECURITY CONSTANTS\n// ============================================================================\nconst MAX_MESSAGE_SIZE = 16 * 1024 * 1024; // 16MB - prevent memory exhaustion\nconst MAX_KEY_SIZE = 1024 * 1024; // 1MB - reasonable for PQC keys\nconst MAX_ATTESTATION_COUNT = 100; // Prevent DoS from large attestation arrays\n\nexport interface KyberKeypair {\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface KyberEncap {\n kem_ct_b64u: string;\n shared_b64u: string;\n}\n\nexport interface AesGcmWrap {\n iv_b64u: string;\n ct_b64u: string;\n}\n\nexport interface DilithiumKeypair {\n algorithm: string;\n public_b64u: string;\n secret_b64u: string;\n}\n\nexport interface DilithiumSignResult {\n signature_b64u: string;\n algorithm: string;\n}\n\nexport interface DilithiumVerifyResult {\n is_valid: boolean;\n algorithm: string;\n}\n\nexport interface HkdfResult {\n key_b64u: string;\n}\n\nexport interface AesGcmUnwrapResult {\n dek_b64u: string;\n}\n\n// Import WASM functions (namespace import for better bundler compatibility)\nimport * as wasmPkg from '@maatara/core-pqc-wasm';\nconst wasm_kyber_keygen = (wasmPkg as any).kyber_keygen as () => string;\nconst wasm_kyber_encaps = (wasmPkg as any).kyber_encaps as (p: string) => string;\nconst wasm_kyber_decaps = (wasmPkg as any).kyber_decaps as (s: string, c: string) => string;\nconst wasm_hkdf_sha256 = (wasmPkg as any).hkdf_sha256 as (s: string, i: string, salt?: string, len?: number) => string;\nconst wasm_aes_gcm_wrap = (wasmPkg as any).aes_gcm_wrap as (k: string, d: string, a: string) => string;\nconst wasm_aes_gcm_unwrap = (wasmPkg as any).aes_gcm_unwrap as (k: string, iv: string, ct: string, a: string) => string;\nconst wasm_dilithium_keygen = (wasmPkg as any).dilithium_keygen as () => string;\nconst wasm_dilithium_sign = (wasmPkg as any).dilithium_sign as (m: string, s: string) => string;\nconst wasm_dilithium_verify = (wasmPkg as any).dilithium_verify as (m: string, sig: string, p: string) => string;\n\n// Deterministic/canonicalization and governance helpers\nexport interface CanonicalOut { canonical: string; msg_b64u?: string; msgB64u?: string }\n\n// Initialize WASM\nlet wasmReady = false;\n\n/**\n * Initialize the underlying WASM module.\n * - In browsers/bundlers where the glue knows how to fetch the .wasm, you can call without params.\n * - If your bundler provides a URL or Module for the .wasm, pass it as the first argument.\n */\nexport async function initWasm(wasmInput?: any): Promise<void> {\n if (wasmReady) return;\n const maybeInit = (wasmPkg as any).default;\n if (typeof maybeInit === 'function') {\n // Some environments require a URL/Module/bytes for initialization.\n // We forward the optional value if provided; otherwise let the glue resolve it.\n if (wasmInput !== undefined) {\n await maybeInit(wasmInput);\n } else {\n await maybeInit();\n }\n }\n wasmReady = true;\n}\n\n// Kyber functions\nexport async function kyberKeygen(): Promise<KyberKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberEncaps(publicB64u: string): Promise<KyberEncap> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_encaps(publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function kyberDecaps(secretB64u: string, kemCtB64u: string): Promise<{ shared_b64u: string }> {\n await initWasm();\n const result = JSON.parse(wasm_kyber_decaps(secretB64u, kemCtB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// HKDF functions\nexport async function hkdfSha256(\n secretB64u: string,\n infoB64u: string,\n saltB64u?: string,\n len: number = 32\n): Promise<HkdfResult> {\n await initWasm();\n const result = JSON.parse(wasm_hkdf_sha256(secretB64u, infoB64u, saltB64u, len));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// AES-GCM functions\nexport async function aesGcmWrap(\n keyB64u: string,\n dekB64u: string,\n aadB64u: string\n): Promise<AesGcmWrap> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_wrap(keyB64u, dekB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\nexport async function aesGcmUnwrap(\n keyB64u: string,\n ivB64u: string,\n ctB64u: string,\n aadB64u: string\n): Promise<AesGcmUnwrapResult> {\n await initWasm();\n const result = JSON.parse(wasm_aes_gcm_unwrap(keyB64u, ivB64u, ctB64u, aadB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// Dilithium functions\n\n/**\n * Generate a new ML-DSA-65 (Dilithium) keypair.\n * SECURITY: Keys should be stored encrypted at rest.\n * For high-value operations, consider hardware security modules.\n */\nexport async function dilithiumKeygen(): Promise<DilithiumKeypair> {\n await initWasm();\n const result = JSON.parse(wasm_dilithium_keygen());\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/**\n * Sign a message using ML-DSA-65 (Dilithium).\n * @param messageB64u - Base64url-encoded message to sign\n * @param secretB64u - Base64url-encoded secret key\n * SECURITY: Secret key should be zeroized after use if possible.\n */\nexport async function dilithiumSign(\n messageB64u: string,\n secretB64u: string\n): Promise<DilithiumSignResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (secretB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Secret key exceeds maximum size of ${MAX_KEY_SIZE} bytes`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_sign(messageB64u, secretB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n/**\n * Verify a ML-DSA-65 (Dilithium) signature.\n * @param messageB64u - Base64url-encoded message\n * @param signatureB64u - Base64url-encoded signature\n * @param publicB64u - Base64url-encoded public key\n */\nexport async function dilithiumVerify(\n messageB64u: string,\n signatureB64u: string,\n publicB64u: string\n): Promise<DilithiumVerifyResult> {\n // Input validation - prevent memory exhaustion attacks\n if (messageB64u.length > MAX_MESSAGE_SIZE) {\n throw new Error(`Message exceeds maximum size of ${MAX_MESSAGE_SIZE} bytes`);\n }\n if (signatureB64u.length > MAX_KEY_SIZE || publicB64u.length > MAX_KEY_SIZE) {\n throw new Error(`Signature or public key exceeds maximum size`);\n }\n \n await initWasm();\n const result = JSON.parse(wasm_dilithium_verify(messageB64u, signatureB64u, publicB64u));\n if (result.error) throw new Error(result.error);\n return result;\n}\n\n// ---- Deterministic helpers (multisig/art token) ----\nexport async function jcsCanonicalize(json: unknown): Promise<string> {\n await initWasm();\n const raw = (wasmPkg as any).jcs_canonicalize(JSON.stringify(json));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return out.canonical as string;\n}\n\nexport async function buildPolicyPreimage(policy: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_governance(JSON.stringify(policy));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildMintPreimage(header: unknown, asset: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_mint(JSON.stringify(header), JSON.stringify(asset));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildTransferPreimage(header: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_asset_transfer(JSON.stringify(header));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\nexport async function buildAnchorPreimage(userId: string, rootHex: string, epoch: string, chains: unknown): Promise<CanonicalOut> {\n await initWasm();\n const raw = (wasmPkg as any).preimage_anchor(userId, rootHex, epoch, JSON.stringify(chains));\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return { canonical: out.canonical, msg_b64u: out.msg_b64u, msgB64u: out.msg_b64u };\n}\n\n// ---- Veritas Block Preimage (NEW v2 JCS canonical form) ----\n// We migrate block signing to a canonical (JCS) JSON similar to other preimages.\n// Legacy (v1) blocks used a hand-crafted JSON.stringify of a plain object with fixed insertion order.\n// This helper produces a canonical JSON string and msg_b64u = b64url(UTF-8(canonical JSON)).\n// NOTE: We intentionally EXCLUDE signature, encryptionKeyHash, and any runtime-only fields.\n// Fields included (ordered via JCS lexical ordering):\n// contentType, dataHash, index, metadataHash, ownerPublicKey, previousHash, signatureAlg, timestamp, version\n// index & timestamp MUST be strings representing decimal integers (BigInt safe) – caller responsibility.\nexport interface BlockPreimageInput {\n index: string | number | bigint;\n timestamp: string | number | bigint;\n previousHash: string;\n dataHash: string;\n metadataHash: string;\n signatureAlg: string; // e.g. 'dilithium2'\n ownerPublicKey: string; // Dilithium public key (base64url)\n contentType?: string; // default 'application/json'\n version: number; // block format / protocol version\n}\n\nexport async function buildBlockPreimage(block: BlockPreimageInput): Promise<CanonicalOut> {\n await initWasm();\n // Normalize fields per spec\n const normalized = {\n contentType: block.contentType || 'application/json',\n dataHash: block.dataHash,\n index: block.index.toString(),\n metadataHash: block.metadataHash,\n ownerPublicKey: block.ownerPublicKey,\n previousHash: block.previousHash,\n signatureAlg: block.signatureAlg,\n timestamp: block.timestamp.toString(),\n version: block.version,\n };\n // Use JCS canonicalization via wasm jcs_canonicalize (already exposed through jcsCanonicalize helper)\n const canonical = await jcsCanonicalize(normalized);\n const msg_b64u = b64uEncode(new TextEncoder().encode(canonical));\n return { canonical, msg_b64u, msgB64u: msg_b64u };\n}\n\nexport async function validateRoyalty(receiver: string, bps: number): Promise<boolean> {\n await initWasm();\n const raw = (wasmPkg as any).validate_royalty(receiver, bps);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) return false;\n return !!out.ok;\n}\n\nexport async function verifyAttestations(msgB64u: string, attestations: Array<{ alg: string; publicKeyB64u: string; signatureB64u: string }>, allowedPublicKeys?: string[]): Promise<number> {\n await initWasm();\n const raw = (wasmPkg as any).verify_attestations(msgB64u, JSON.stringify(attestations), allowedPublicKeys ? JSON.stringify(allowedPublicKeys) : undefined);\n const out = typeof raw === 'string' ? JSON.parse(raw) : raw;\n if (out?.error) throw new Error(out.error);\n return Number(out.valid_count || 0);\n}\n\n// Utility functions\n// Cross-env base64url helpers (browser + Node)\nfunction _fromByteArray(bytes: Uint8Array): string {\n if (typeof btoa === 'function') {\n // Browser\n let s = '';\n for (let i = 0; i < bytes.length; i++) s += String.fromCharCode(bytes[i]);\n return btoa(s);\n }\n // Node\n return Buffer.from(bytes).toString('base64');\n}\n\nfunction _toByteArray(b64: string): Uint8Array {\n if (typeof atob === 'function') {\n const binary = atob(b64);\n const out = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);\n return out;\n }\n return new Uint8Array(Buffer.from(b64, 'base64'));\n}\n\nexport function b64uEncode(data: Uint8Array): string {\n return _fromByteArray(data)\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+/g, '');\n}\n\nexport function b64uDecode(str: string): Uint8Array {\n const b64 = str.replace(/-/g, '+').replace(/_/g, '/').padEnd(Math.ceil(str.length / 4) * 4, '=');\n return _toByteArray(b64);\n}\n\nexport function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n let result = 0;\n for (let i = 0; i < a.length; i++) {\n result |= a[i] ^ b[i];\n }\n return result === 0;\n}\n\n// ============================================================================\n// THRESHOLD SIGNATURES & GOVERNANCE\n// ============================================================================\n\nexport interface GovernancePolicy {\n policyId: string;\n version: number;\n chainId: string;\n threshold: number;\n signers: Array<{\n publicKeyB64u: string;\n keyId: string;\n weight: number;\n role: 'owner' | 'guardian' | 'delegate' | 'recovery';\n }>;\n operations: Array<{\n action: string;\n requiredThreshold?: number;\n requiredRoles?: string[];\n maxValue?: string;\n timelock?: number;\n }>;\n validFrom: number;\n validUntil: number;\n createdAt: number;\n createdBy: string;\n policySignature: string;\n}\n\nexport interface Attestation {\n signerKeyId: string;\n signerPublicKeyB64u: string;\n operationHash: string;\n operationType: string;\n attestedAt: number;\n expiresAt: number;\n signatureAlg: 'dilithium2';\n signatureB64u: string;\n}\n\nexport interface AggregatedSignature {\n policyId: string;\n policyVersion: number;\n operationHash: string;\n attestations: Attestation[];\n totalWeight: number;\n thresholdMet: boolean;\n verifiedAt: number;\n}\n\n/**\n * Create an attestation for a threshold signature operation.\n */\nexport async function createAttestation(\n operation: { type: string; payload: unknown },\n signerKeys: { keyId: string; publicKeyB64u: string; secretKeyB64u: string },\n expiresInSeconds: number = 3600\n): Promise<Attestation> {\n await initWasm();\n \n // Build deterministic preimage for the operation\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const operationHash = await sha256B64u(preimageBytes);\n const msgB64u = b64uEncode(preimageBytes);\n \n // Sign the preimage\n const sig = await dilithiumSign(msgB64u, signerKeys.secretKeyB64u);\n \n return {\n signerKeyId: signerKeys.keyId,\n signerPublicKeyB64u: signerKeys.publicKeyB64u,\n operationHash,\n operationType: operation.type,\n attestedAt: Date.now(),\n expiresAt: Date.now() + expiresInSeconds * 1000,\n signatureAlg: 'dilithium2',\n signatureB64u: sig.signature_b64u\n };\n}\n\n/**\n * Verify an attestation signature.\n */\nexport async function verifyAttestation(\n attestation: Attestation,\n operation: { type: string; payload: unknown }\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Rebuild expected operation hash\n const preimage = await jcsCanonicalize({ type: operation.type, payload: operation.payload });\n const preimageBytes = new TextEncoder().encode(preimage);\n const expectedHash = await sha256B64u(preimageBytes);\n \n if (attestation.operationHash !== expectedHash) {\n return { valid: false, error: 'Operation hash mismatch' };\n }\n \n // Check expiry\n if (attestation.expiresAt < Date.now()) {\n return { valid: false, error: 'Attestation expired' };\n }\n \n // Verify signature\n const msgB64u = b64uEncode(preimageBytes);\n const result = await dilithiumVerify(msgB64u, attestation.signatureB64u, attestation.signerPublicKeyB64u);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid signature' };\n }\n \n return { valid: true };\n}\n\n/**\n * Verify that an aggregated signature meets the threshold policy.\n */\nexport async function verifyThreshold(\n aggregated: AggregatedSignature,\n operation: { type: string; payload: unknown },\n policy: GovernancePolicy\n): Promise<{ valid: boolean; errors: string[] }> {\n const errors: string[] = [];\n \n // Check policy match\n if (aggregated.policyId !== policy.policyId) {\n errors.push('Policy ID mismatch');\n }\n \n // Verify each attestation and compute weight\n let validWeight = 0;\n for (const attestation of aggregated.attestations) {\n const signer = policy.signers.find(s => s.publicKeyB64u === attestation.signerPublicKeyB64u);\n if (!signer) {\n errors.push(`Signer ${attestation.signerKeyId} not in policy`);\n continue;\n }\n \n const result = await verifyAttestation(attestation, operation);\n if (!result.valid) {\n errors.push(`Attestation from ${attestation.signerKeyId}: ${result.error}`);\n continue;\n }\n \n validWeight += signer.weight;\n }\n \n // Check threshold\n if (validWeight < policy.threshold) {\n errors.push(`Threshold not met: weight ${validWeight} < required ${policy.threshold}`);\n }\n \n return { valid: errors.length === 0, errors };\n}\n\n// ============================================================================\n// PRE-REGISTRATION COMMITMENT SCHEME\n// ============================================================================\n\nexport interface ProvenanceCommitment {\n type: 'ProvenanceCommitment';\n version: 1;\n commitmentHash: string;\n creatorPublicKey: string;\n timestamp: number;\n signature: string;\n}\n\nexport interface CommitmentReveal {\n commitmentHash: string;\n salt: string;\n assetHash: string;\n}\n\n/**\n * Create a provenance commitment for an asset before public disclosure.\n * This establishes a timestamped claim without revealing the asset content.\n */\nexport async function createProvenanceCommitment(\n assetBytes: Uint8Array,\n keys: { publicKeyB64u: string; secretKeyB64u: string }\n): Promise<{ commitment: ProvenanceCommitment; reveal: CommitmentReveal }> {\n await initWasm();\n \n // Generate random salt\n const salt = crypto.getRandomValues(new Uint8Array(32));\n \n // Compute commitment hash = SHA256(asset || salt || publicKey)\n const publicKeyBytes = b64uDecode(keys.publicKeyB64u);\n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const commitmentHash = await sha256B64u(preimage);\n const assetHash = await sha256B64u(assetBytes);\n \n // Build commitment object (without signature)\n const commitmentData = {\n type: 'ProvenanceCommitment' as const,\n version: 1 as const,\n commitmentHash,\n creatorPublicKey: keys.publicKeyB64u,\n timestamp: Date.now()\n };\n \n // Sign the commitment\n const canonical = await jcsCanonicalize(commitmentData);\n const sig = await dilithiumSign(b64uEncode(new TextEncoder().encode(canonical)), keys.secretKeyB64u);\n \n const commitment: ProvenanceCommitment = {\n ...commitmentData,\n signature: sig.signature_b64u\n };\n \n const reveal: CommitmentReveal = {\n commitmentHash,\n salt: b64uEncode(salt),\n assetHash\n };\n \n return { commitment, reveal };\n}\n\n/**\n * Verify a provenance commitment signature.\n */\nexport async function verifyProvenanceCommitment(\n commitment: ProvenanceCommitment\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // Reconstruct the signed data (without signature field)\n const commitmentData = {\n type: commitment.type,\n version: commitment.version,\n commitmentHash: commitment.commitmentHash,\n creatorPublicKey: commitment.creatorPublicKey,\n timestamp: commitment.timestamp\n };\n \n const canonical = await jcsCanonicalize(commitmentData);\n const msgB64u = b64uEncode(new TextEncoder().encode(canonical));\n \n const result = await dilithiumVerify(msgB64u, commitment.signature, commitment.creatorPublicKey);\n \n if (!result.is_valid) {\n return { valid: false, error: 'Invalid commitment signature' };\n }\n \n return { valid: true };\n}\n\n/**\n * Verify that a revealed asset matches a commitment.\n */\nexport async function verifyCommitmentReveal(\n commitment: ProvenanceCommitment,\n assetBytes: Uint8Array,\n reveal: CommitmentReveal\n): Promise<{ valid: boolean; error?: string }> {\n await initWasm();\n \n // First verify the commitment signature\n const sigResult = await verifyProvenanceCommitment(commitment);\n if (!sigResult.valid) {\n return { valid: false, error: `Commitment signature invalid: ${sigResult.error}` };\n }\n \n // Verify asset hash matches\n const computedAssetHash = await sha256B64u(assetBytes);\n if (computedAssetHash !== reveal.assetHash) {\n return { valid: false, error: 'Asset hash does not match reveal' };\n }\n \n // Reconstruct commitment hash\n const salt = b64uDecode(reveal.salt);\n const publicKeyBytes = b64uDecode(commitment.creatorPublicKey);\n \n const preimage = new Uint8Array(assetBytes.length + salt.length + publicKeyBytes.length);\n preimage.set(assetBytes, 0);\n preimage.set(salt, assetBytes.length);\n preimage.set(publicKeyBytes, assetBytes.length + salt.length);\n \n const computedCommitmentHash = await sha256B64u(preimage);\n \n if (computedCommitmentHash !== commitment.commitmentHash) {\n return { valid: false, error: 'Commitment hash does not match reveal' };\n }\n \n return { valid: true };\n}\n\n// ============================================================================\n// HELPER: SHA-256 with base64url output\n// ============================================================================\n\nasync function sha256B64u(data: Uint8Array): Promise<string> {\n const hashBuffer = await crypto.subtle.digest('SHA-256', data as unknown as BufferSource);\n return b64uEncode(new Uint8Array(hashBuffer));\n}\n\n"],"names":["wasmPkg"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA;AACA;AACA;AACA,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAC1C,MAAM,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC;AA4CjC,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAA4B,CAAC;AACxE,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAAqC,CAAC;AACjF,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAAgD,CAAC;AAC5F,MAAM,gBAAgB,GAAIA,kBAAe,CAAC,WAA4E,CAAC;AACvH,MAAM,iBAAiB,GAAIA,kBAAe,CAAC,YAA2D,CAAC;AACvG,MAAM,mBAAmB,GAAIA,kBAAe,CAAC,cAA0E,CAAC;AACxH,MAAM,qBAAqB,GAAIA,kBAAe,CAAC,gBAAgC,CAAC;AAChF,MAAM,mBAAmB,GAAIA,kBAAe,CAAC,cAAkD,CAAC;AAChG,MAAM,qBAAqB,GAAIA,kBAAe,CAAC,gBAAiE,CAAC;AAKjH;AACA,IAAI,SAAS,GAAG,KAAK,CAAC;AAEtB;;;;AAIG;AACI,eAAe,QAAQ,CAAC,SAAe,EAAA;AAC5C,IAAA,IAAI,SAAS;QAAE,OAAO;AACtB,IAAA,MAAM,SAAS,GAAIA,kBAAe,CAAC,OAAO,CAAC;AAC3C,IAAA,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE;;;AAGnC,QAAA,IAAI,SAAS,KAAK,SAAS,EAAE;AAC3B,YAAA,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;SAC5B;aAAM;YACL,MAAM,SAAS,EAAE,CAAC;SACnB;KACF;IACD,SAAS,GAAG,IAAI,CAAC;AACnB,CAAC;AAED;AACO,eAAe,WAAW,GAAA;IAC/B,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC/C,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,WAAW,CAAC,UAAkB,EAAA;IAClD,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,WAAW,CAAC,UAAkB,EAAE,SAAiB,EAAA;IACrE,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACpE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,UAAU,CAC9B,UAAkB,EAClB,QAAgB,EAChB,QAAiB,EACjB,GAAA,GAAc,EAAE,EAAA;IAEhB,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;IACjF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,UAAU,CAC9B,OAAe,EACf,OAAe,EACf,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,eAAe,YAAY,CAChC,OAAe,EACf,MAAc,EACd,MAAc,EACd,OAAe,EAAA;IAEf,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACjF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AAEA;;;;AAIG;AACI,eAAe,eAAe,GAAA;IACnC,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACnD,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;AAKG;AACI,eAAe,aAAa,CACjC,WAAmB,EACnB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC9E;AACD,IAAA,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AACpC,QAAA,MAAM,IAAI,KAAK,CAAC,sCAAsC,YAAY,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC7E;IAED,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;IACxE,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;AAKG;AACI,eAAe,eAAe,CACnC,WAAmB,EACnB,aAAqB,EACrB,UAAkB,EAAA;;AAGlB,IAAA,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE;AACzC,QAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,gBAAgB,CAAA,MAAA,CAAQ,CAAC,CAAC;KAC9E;AACD,IAAA,IAAI,aAAa,CAAC,MAAM,GAAG,YAAY,IAAI,UAAU,CAAC,MAAM,GAAG,YAAY,EAAE;AAC3E,QAAA,MAAM,IAAI,KAAK,CAAC,CAAA,4CAAA,CAA8C,CAAC,CAAC;KACjE;IAED,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC;IACzF,IAAI,MAAM,CAAC,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChD,IAAA,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;AACO,eAAe,eAAe,CAAC,IAAa,EAAA;IACjD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACpE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,GAAG,CAAC,SAAmB,CAAC;AACjC,CAAC;AAEM,eAAe,mBAAmB,CAAC,MAAe,EAAA;IACvD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AACzE,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,iBAAiB,CAAC,MAAe,EAAE,KAAc,EAAA;IACrE,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAChG,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,qBAAqB,CAAC,MAAe,EAAA;IACzD,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7E,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAEM,eAAe,mBAAmB,CAAC,MAAc,EAAE,OAAe,EAAE,KAAa,EAAE,MAAe,EAAA;IACvG,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7F,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAC3C,IAAA,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC;AACrF,CAAC;AAsBM,eAAe,kBAAkB,CAAC,KAAyB,EAAA;IAChE,MAAM,QAAQ,EAAE,CAAC;;AAEjB,IAAA,MAAM,UAAU,GAAG;AACjB,QAAA,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,kBAAkB;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ;AACxB,QAAA,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC7B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,cAAc,EAAE,KAAK,CAAC,cAAc;QACpC,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,YAAY,EAAE,KAAK,CAAC,YAAY;AAChC,QAAA,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE;QACrC,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC;;AAEF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;AACpD,IAAA,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;AACpD,CAAC;AAEM,eAAe,eAAe,CAAC,QAAgB,EAAE,GAAW,EAAA;IACjE,MAAM,QAAQ,EAAE,CAAC;IACjB,MAAM,GAAG,GAAIA,kBAAe,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AAC7D,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,OAAO,KAAK,CAAC;AAC7B,IAAA,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;AAClB,CAAC;AAEM,eAAe,kBAAkB,CAAC,OAAe,EAAE,YAAkF,EAAE,iBAA4B,EAAA;IACxK,MAAM,QAAQ,EAAE,CAAC;AACjB,IAAA,MAAM,GAAG,GAAIA,kBAAe,CAAC,mBAAmB,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC,CAAC;AAC3J,IAAA,MAAM,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,GAAG,EAAE,KAAK;AAAE,QAAA,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;AACA;AACA,SAAS,cAAc,CAAC,KAAiB,EAAA;AACvC,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;;QAE9B,IAAI,CAAC,GAAG,EAAE,CAAC;AACX,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1E,QAAA,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;KAChB;;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAA;AAC/B,IAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;AAC9B,QAAA,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC1C,QAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AACtE,QAAA,OAAO,GAAG,CAAC;KACZ;AACD,IAAA,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;AACpD,CAAC;AAEK,SAAU,UAAU,CAAC,IAAgB,EAAA;IACzC,OAAO,cAAc,CAAC,IAAI,CAAC;AACxB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;AACnB,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAEK,SAAU,UAAU,CAAC,GAAW,EAAA;AACpC,IAAA,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;AACjG,IAAA,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAEe,SAAA,iBAAiB,CAAC,CAAa,EAAE,CAAa,EAAA;AAC5D,IAAA,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;AAAE,QAAA,OAAO,KAAK,CAAC;IACxC,IAAI,MAAM,GAAG,CAAC,CAAC;AACf,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;KACvB;IACD,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAoDD;;AAEG;AACI,eAAe,iBAAiB,CACrC,SAA6C,EAC7C,UAA2E,EAC3E,gBAAA,GAA2B,IAAI,EAAA;IAE/B,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACzD,IAAA,MAAM,aAAa,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,CAAC;AACtD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;;IAG1C,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;IAEnE,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,KAAK;QAC7B,mBAAmB,EAAE,UAAU,CAAC,aAAa;QAC7C,aAAa;QACb,aAAa,EAAE,SAAS,CAAC,IAAI;AAC7B,QAAA,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,GAAG,IAAI;AAC/C,QAAA,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,GAAG,CAAC,cAAc;KAClC,CAAC;AACJ,CAAC;AAED;;AAEG;AACI,eAAe,iBAAiB,CACrC,WAAwB,EACxB,SAA6C,EAAA;IAE7C,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7F,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACzD,IAAA,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,CAAC;AAErD,IAAA,IAAI,WAAW,CAAC,aAAa,KAAK,YAAY,EAAE;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;KAC3D;;IAGD,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;KACvD;;AAGD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;AAC1C,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,mBAAmB,CAAC,CAAC;AAE1G,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;KACrD;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;AAEG;AACI,eAAe,eAAe,CACnC,UAA+B,EAC/B,SAA6C,EAC7C,MAAwB,EAAA;IAExB,MAAM,MAAM,GAAa,EAAE,CAAC;;IAG5B,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE;AAC3C,QAAA,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;KACnC;;IAGD,IAAI,WAAW,GAAG,CAAC,CAAC;AACpB,IAAA,KAAK,MAAM,WAAW,IAAI,UAAU,CAAC,YAAY,EAAE;QACjD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,aAAa,KAAK,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7F,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,CAAC,IAAI,CAAC,CAAA,OAAA,EAAU,WAAW,CAAC,WAAW,CAAgB,cAAA,CAAA,CAAC,CAAC;YAC/D,SAAS;SACV;QAED,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAC/D,QAAA,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;AACjB,YAAA,MAAM,CAAC,IAAI,CAAC,CAAA,iBAAA,EAAoB,WAAW,CAAC,WAAW,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAA,CAAE,CAAC,CAAC;YAC5E,SAAS;SACV;AAED,QAAA,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC;KAC9B;;AAGD,IAAA,IAAI,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE;QAClC,MAAM,CAAC,IAAI,CAAC,CAA6B,0BAAA,EAAA,WAAW,CAAe,YAAA,EAAA,MAAM,CAAC,SAAS,CAAE,CAAA,CAAC,CAAC;KACxF;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAqBD;;;AAGG;AACI,eAAe,0BAA0B,CAC9C,UAAsB,EACtB,IAAsD,EAAA;IAEtD,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;;IAGxD,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACtD,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACzF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;AACtC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;AAE9D,IAAA,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;AAClD,IAAA,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;;AAG/C,IAAA,MAAM,cAAc,GAAG;AACrB,QAAA,IAAI,EAAE,sBAA+B;AACrC,QAAA,OAAO,EAAE,CAAU;QACnB,cAAc;QACd,gBAAgB,EAAE,IAAI,CAAC,aAAa;AACpC,QAAA,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;;AAGF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;AAErG,IAAA,MAAM,UAAU,GAAyB;AACvC,QAAA,GAAG,cAAc;QACjB,SAAS,EAAE,GAAG,CAAC,cAAc;KAC9B,CAAC;AAEF,IAAA,MAAM,MAAM,GAAqB;QAC/B,cAAc;AACd,QAAA,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC;QACtB,SAAS;KACV,CAAC;AAEF,IAAA,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;AAChC,CAAC;AAED;;AAEG;AACI,eAAe,0BAA0B,CAC9C,UAAgC,EAAA;IAEhC,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,cAAc,GAAG;QACrB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,OAAO,EAAE,UAAU,CAAC,OAAO;QAC3B,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;QAC7C,SAAS,EAAE,UAAU,CAAC,SAAS;KAChC,CAAC;AAEF,IAAA,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,CAAC;AACxD,IAAA,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AAEhE,IAAA,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,gBAAgB,CAAC,CAAC;AAEjG,IAAA,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QACpB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;KAChE;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;AAEG;AACI,eAAe,sBAAsB,CAC1C,UAAgC,EAChC,UAAsB,EACtB,MAAwB,EAAA;IAExB,MAAM,QAAQ,EAAE,CAAC;;AAGjB,IAAA,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,UAAU,CAAC,CAAC;AAC/D,IAAA,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE;AACpB,QAAA,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA,8BAAA,EAAiC,SAAS,CAAC,KAAK,CAAA,CAAE,EAAE,CAAC;KACpF;;AAGD,IAAA,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,UAAU,CAAC,CAAC;AACvD,IAAA,IAAI,iBAAiB,KAAK,MAAM,CAAC,SAAS,EAAE;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC;KACpE;;IAGD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,cAAc,GAAG,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;AAE/D,IAAA,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AACzF,IAAA,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;AACtC,IAAA,QAAQ,CAAC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;AAE9D,IAAA,MAAM,sBAAsB,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;AAE1D,IAAA,IAAI,sBAAsB,KAAK,UAAU,CAAC,cAAc,EAAE;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;KACzE;AAED,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;AACA;AACA;AAEA,eAAe,UAAU,CAAC,IAAgB,EAAA;AACxC,IAAA,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAA+B,CAAC,CAAC;IAC1F,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;AAChD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}