@mcp-i/core 0.1.0

package/dist/session/manager.d.ts

@@ -0,0 +1,77 @@
+/**
+ * Session Management — Platform-agnostic Protocol Reference
+ *
+ * Handles handshake enforcement, session management, and nonce validation
+ * according to MCP-I requirements 4.5–4.9 and 19.1–19.2.
+ *
+ * Platform adapters inject a CryptoProvider for all random byte generation.
+ * The static generateNonce() uses globalThis.crypto (available Node 20+ and
+ * Cloudflare Workers) to remain synchronous without platform-specific imports.
+ */
+import type { HandshakeRequest, SessionContext, NonceCache } from '../types/protocol.js';
+import type { CryptoProvider } from '../providers/base.js';
+export interface SessionConfig {
+    timestampSkewSeconds?: number;
+    sessionTtlMinutes?: number;
+    absoluteSessionLifetime?: number;
+    nonceCache?: NonceCache;
+    serverDid?: string;
+}
+export interface HandshakeResult {
+    success: boolean;
+    session?: SessionContext;
+    error?: {
+        code: string;
+        message: string;
+        remediation?: string;
+    };
+}
+export declare class SessionManager {
+    private config;
+    private cryptoProvider;
+    private sessions;
+    constructor(cryptoProvider: CryptoProvider, config?: SessionConfig);
+    setServerDid(serverDid: string): void;
+    /**
+     * Validate an MCP-I handshake request and create a session.
+     *
+     * Performs the following checks:
+     * - Timestamp within acceptable skew window
+     * - Audience matches server DID (if configured)
+     * - Nonce not previously used (replay protection)
+     *
+     * @param request - The handshake request containing nonce, audience, timestamp, and optional agentDid
+     * @returns Result object with success flag, session on success, or error details on failure
+     */
+    validateHandshake(request: HandshakeRequest): Promise<HandshakeResult>;
+    /**
+     * Retrieve a session by ID, checking for expiration.
+     *
+     * Updates lastActivity timestamp on successful retrieval (sliding window expiry).
+     * Returns null if session doesn't exist, has exceeded idle TTL, or has exceeded
+     * absolute lifetime (if configured).
+     *
+     * @param sessionId - The session ID (e.g., "mcpi_...")
+     * @returns Session context if valid, null if expired or not found
+     */
+    getSession(sessionId: string): Promise<SessionContext | null>;
+    private generateSessionId;
+    private generateClientId;
+    private normalizeClientInfoString;
+    private buildClientInfo;
+    static generateNonce(): string;
+    cleanup(): Promise<void>;
+    getStats(): {
+        activeSessions: number;
+        config: {
+            timestampSkewSeconds: number;
+            sessionTtlMinutes: number;
+            absoluteSessionLifetime?: number;
+            cacheType: string;
+        };
+    };
+    clearSessions(): void;
+}
+export declare function createHandshakeRequest(audience: string): HandshakeRequest;
+export declare function validateHandshakeFormat(request: unknown): request is HandshakeRequest;
+//# sourceMappingURL=manager.d.ts.map

package/dist/session/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,cAAc,EACd,UAAU,EACX,MAAM,sBAAsB,CAAC;AAC9B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAI3D,MAAM,WAAW,aAAa;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,KAAK,CAAC,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAGZ;IACF,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAqC;gBAEzC,cAAc,EAAE,cAAc,EAAE,MAAM,GAAE,aAAkB;IAqBtE,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIrC;;;;;;;;;;OAUG;IACG,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAgF5E;;;;;;;;;OASG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;YA2BrD,iBAAiB;YAWjB,gBAAgB;IAQ9B,OAAO,CAAC,yBAAyB;YAMnB,eAAe;IA2B7B,MAAM,CAAC,aAAa,IAAI,MAAM;IAaxB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAsB9B,QAAQ,IAAI;QACV,cAAc,EAAE,MAAM,CAAC;QACvB,MAAM,EAAE;YACN,oBAAoB,EAAE,MAAM,CAAC;YAC7B,iBAAiB,EAAE,MAAM,CAAC;YAC1B,uBAAuB,CAAC,EAAE,MAAM,CAAC;YACjC,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;KACH;IAYD,aAAa,IAAI,IAAI;CAGtB;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAMzE;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,IAAI,gBAAgB,CAYrF"}

package/dist/session/manager.js

@@ -0,0 +1,251 @@
+/**
+ * Session Management — Platform-agnostic Protocol Reference
+ *
+ * Handles handshake enforcement, session management, and nonce validation
+ * according to MCP-I requirements 4.5–4.9 and 19.1–19.2.
+ *
+ * Platform adapters inject a CryptoProvider for all random byte generation.
+ * The static generateNonce() uses globalThis.crypto (available Node 20+ and
+ * Cloudflare Workers) to remain synchronous without platform-specific imports.
+ */
+import { MemoryNonceCacheProvider } from '../providers/memory.js';
+import { logger } from '../logging/index.js';
+export class SessionManager {
+    config;
+    cryptoProvider;
+    sessions = new Map();
+    constructor(cryptoProvider, config = {}) {
+        this.cryptoProvider = cryptoProvider;
+        this.config = {
+            timestampSkewSeconds: config.timestampSkewSeconds ?? 120,
+            sessionTtlMinutes: config.sessionTtlMinutes ?? 30,
+            nonceCache: config.nonceCache ?? new MemoryNonceCacheProvider(),
+            ...(config.absoluteSessionLifetime !== undefined && {
+                absoluteSessionLifetime: config.absoluteSessionLifetime,
+            }),
+            ...(config.serverDid !== undefined && { serverDid: config.serverDid }),
+        };
+        if (this.config.nonceCache instanceof MemoryNonceCacheProvider) {
+            logger.warn('[SessionManager] Using MemoryNonceCacheProvider — not suitable for ' +
+                'multi-instance deployments. Use Redis, DynamoDB, or Cloudflare KV ' +
+                'for production.');
+        }
+    }
+    setServerDid(serverDid) {
+        this.config.serverDid = serverDid;
+    }
+    /**
+     * Validate an MCP-I handshake request and create a session.
+     *
+     * Performs the following checks:
+     * - Timestamp within acceptable skew window
+     * - Audience matches server DID (if configured)
+     * - Nonce not previously used (replay protection)
+     *
+     * @param request - The handshake request containing nonce, audience, timestamp, and optional agentDid
+     * @returns Result object with success flag, session on success, or error details on failure
+     */
+    async validateHandshake(request) {
+        try {
+            const now = Math.floor(Date.now() / 1000);
+            const timeDiff = Math.abs(now - request.timestamp);
+            if (timeDiff > this.config.timestampSkewSeconds) {
+                return {
+                    success: false,
+                    error: {
+                        code: 'XMCP_I_EHANDSHAKE',
+                        message: `Timestamp outside acceptable range (±${this.config.timestampSkewSeconds}s)`,
+                        remediation: `Check NTP sync on client and server. Current server time: ${now}, received: ${request.timestamp}, diff: ${timeDiff}s. Adjust timestampSkewSeconds if needed.`,
+                    },
+                };
+            }
+            // Validate audience matches this server's DID (SPEC.md §4 MUST)
+            if (this.config.serverDid && request.audience !== this.config.serverDid) {
+                return {
+                    success: false,
+                    error: {
+                        code: 'MCPI_AUDIENCE_MISMATCH',
+                        message: `Audience mismatch: expected ${this.config.serverDid}, got ${request.audience}`,
+                    },
+                };
+            }
+            const nonceExists = await this.config.nonceCache.has(request.nonce, request.agentDid);
+            if (nonceExists) {
+                return {
+                    success: false,
+                    error: {
+                        code: 'XMCP_I_EHANDSHAKE',
+                        message: 'Nonce already used (replay attack prevention)',
+                        remediation: 'Generate a new unique nonce for each request',
+                    },
+                };
+            }
+            const nonceTtlSeconds = this.config.sessionTtlMinutes * 60 + 60;
+            await this.config.nonceCache.add(request.nonce, nonceTtlSeconds, request.agentDid);
+            const sessionId = await this.generateSessionId();
+            const clientInfo = await this.buildClientInfo(request);
+            const session = {
+                sessionId,
+                audience: request.audience,
+                nonce: request.nonce,
+                timestamp: request.timestamp,
+                createdAt: now,
+                lastActivity: now,
+                ttlMinutes: this.config.sessionTtlMinutes,
+                identityState: 'anonymous',
+                agentDid: request.agentDid,
+                ...(this.config.serverDid && { serverDid: this.config.serverDid }),
+                ...(clientInfo && { clientInfo }),
+            };
+            this.sessions.set(sessionId, session);
+            return { success: true, session };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: {
+                    code: 'XMCP_I_EHANDSHAKE',
+                    message: `Handshake validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                },
+            };
+        }
+    }
+    /**
+     * Retrieve a session by ID, checking for expiration.
+     *
+     * Updates lastActivity timestamp on successful retrieval (sliding window expiry).
+     * Returns null if session doesn't exist, has exceeded idle TTL, or has exceeded
+     * absolute lifetime (if configured).
+     *
+     * @param sessionId - The session ID (e.g., "mcpi_...")
+     * @returns Session context if valid, null if expired or not found
+     */
+    async getSession(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return null;
+        const now = Math.floor(Date.now() / 1000);
+        const idleTimeSeconds = now - session.lastActivity;
+        const maxIdleSeconds = session.ttlMinutes * 60;
+        if (idleTimeSeconds > maxIdleSeconds) {
+            this.sessions.delete(sessionId);
+            return null;
+        }
+        if (this.config.absoluteSessionLifetime !== undefined) {
+            const sessionAgeSeconds = now - session.createdAt;
+            const maxAgeSeconds = this.config.absoluteSessionLifetime * 60;
+            if (sessionAgeSeconds > maxAgeSeconds) {
+                this.sessions.delete(sessionId);
+                return null;
+            }
+        }
+        session.lastActivity = now;
+        this.sessions.set(sessionId, session);
+        return session;
+    }
+    async generateSessionId() {
+        const bytes = await this.cryptoProvider.randomBytes(16);
+        bytes[6] = (bytes[6] & 0x0f) | 0x40;
+        bytes[8] = (bytes[8] & 0x3f) | 0x80;
+        const hex = Array.from(bytes)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('');
+        const uuid = `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20, 32)}`;
+        return `mcpi_${uuid}`;
+    }
+    async generateClientId() {
+        const bytes = await this.cryptoProvider.randomBytes(6);
+        const hex = Array.from(bytes)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('');
+        return `client_${hex}`;
+    }
+    normalizeClientInfoString(value) {
+        if (typeof value !== 'string')
+            return undefined;
+        const trimmed = value.trim();
+        return trimmed.length > 0 ? trimmed : undefined;
+    }
+    async buildClientInfo(request) {
+        const hasMetadata = !!request.clientInfo ||
+            typeof request.clientProtocolVersion === 'string' ||
+            request.clientCapabilities !== undefined;
+        if (!hasMetadata)
+            return undefined;
+        const source = request.clientInfo;
+        return {
+            name: this.normalizeClientInfoString(source?.name) ?? 'unknown',
+            title: this.normalizeClientInfoString(source?.title),
+            version: this.normalizeClientInfoString(source?.version),
+            platform: this.normalizeClientInfoString(source?.platform),
+            vendor: this.normalizeClientInfoString(source?.vendor),
+            persistentId: this.normalizeClientInfoString(source?.persistentId),
+            clientId: this.normalizeClientInfoString(source?.clientId) ??
+                (await this.generateClientId()),
+            protocolVersion: this.normalizeClientInfoString(request.clientProtocolVersion),
+            capabilities: request.clientCapabilities,
+        };
+    }
+    static generateNonce() {
+        const buffer = new Uint8Array(16);
+        globalThis.crypto.getRandomValues(buffer);
+        let binaryStr = '';
+        for (let i = 0; i < buffer.length; i++) {
+            binaryStr += String.fromCharCode(buffer[i]);
+        }
+        return btoa(binaryStr)
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=/g, '');
+    }
+    async cleanup() {
+        const now = Math.floor(Date.now() / 1000);
+        for (const [sessionId, session] of this.sessions.entries()) {
+            const idleTimeSeconds = now - session.lastActivity;
+            const maxIdleSeconds = session.ttlMinutes * 60;
+            let expired = idleTimeSeconds > maxIdleSeconds;
+            if (!expired && this.config.absoluteSessionLifetime !== undefined) {
+                const sessionAgeSeconds = now - session.createdAt;
+                const maxAgeSeconds = this.config.absoluteSessionLifetime * 60;
+                expired = sessionAgeSeconds > maxAgeSeconds;
+            }
+            if (expired) {
+                this.sessions.delete(sessionId);
+            }
+        }
+        await this.config.nonceCache.cleanup();
+    }
+    getStats() {
+        return {
+            activeSessions: this.sessions.size,
+            config: {
+                timestampSkewSeconds: this.config.timestampSkewSeconds,
+                sessionTtlMinutes: this.config.sessionTtlMinutes,
+                absoluteSessionLifetime: this.config.absoluteSessionLifetime,
+                cacheType: this.config.nonceCache.constructor.name,
+            },
+        };
+    }
+    clearSessions() {
+        this.sessions.clear();
+    }
+}
+export function createHandshakeRequest(audience) {
+    return {
+        nonce: SessionManager.generateNonce(),
+        audience,
+        timestamp: Math.floor(Date.now() / 1000),
+    };
+}
+export function validateHandshakeFormat(request) {
+    return (typeof request === 'object' &&
+        request !== null &&
+        typeof request['nonce'] === 'string' &&
+        request['nonce'].length > 0 &&
+        typeof request['audience'] === 'string' &&
+        request['audience'].length > 0 &&
+        typeof request['timestamp'] === 'number' &&
+        request['timestamp'] > 0 &&
+        Number.isInteger(request['timestamp']));
+}
+//# sourceMappingURL=manager.js.map

package/dist/session/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/session/manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAoB7C,MAAM,OAAO,cAAc;IACjB,MAAM,CAGZ;IACM,cAAc,CAAiB;IAC/B,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAC;IAErD,YAAY,cAA8B,EAAE,SAAwB,EAAE;QACpE,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG;YACZ,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,IAAI,GAAG;YACxD,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,EAAE;YACjD,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,wBAAwB,EAAE;YAC/D,GAAG,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,IAAI;gBAClD,uBAAuB,EAAE,MAAM,CAAC,uBAAuB;aACxD,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;SACvE,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,YAAY,wBAAwB,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CACT,qEAAqE;gBACnE,oEAAoE;gBACpE,iBAAiB,CACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,YAAY,CAAC,SAAiB;QAC5B,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAyB;QAC/C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YAEnD,IAAI,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAChD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,mBAAmB;wBACzB,OAAO,EAAE,wCAAwC,IAAI,CAAC,MAAM,CAAC,oBAAoB,IAAI;wBACrF,WAAW,EAAE,6DAA6D,GAAG,eAAe,OAAO,CAAC,SAAS,WAAW,QAAQ,2CAA2C;qBAC5K;iBACF,CAAC;YACJ,CAAC;YAED,gEAAgE;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACxE,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,wBAAwB;wBAC9B,OAAO,EAAE,+BAA+B,IAAI,CAAC,MAAM,CAAC,SAAS,SAAS,OAAO,CAAC,QAAQ,EAAE;qBACzF;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAClD,OAAO,CAAC,KAAK,EACb,OAAO,CAAC,QAAQ,CACjB,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE;wBACL,IAAI,EAAE,mBAAmB;wBACzB,OAAO,EAAE,+CAA+C;wBACxD,WAAW,EAAE,8CAA8C;qBAC5D;iBACF,CAAC;YACJ,CAAC;YAED,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;YAChE,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAC9B,OAAO,CAAC,KAAK,EACb,eAAe,EACf,OAAO,CAAC,QAAQ,CACjB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACjD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAEvD,MAAM,OAAO,GAAmB;gBAC9B,SAAS;gBACT,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,SAAS,EAAE,GAAG;gBACd,YAAY,EAAE,GAAG;gBACjB,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;gBACzC,aAAa,EAAE,WAAW;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAClE,GAAG,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,CAAC;aAClC,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAEtC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;iBACpG;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;QACnD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE/C,IAAI,eAAe,GAAG,cAAc,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;YACtD,MAAM,iBAAiB,GAAG,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;YAClD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,EAAE,CAAC;YAC/D,IAAI,iBAAiB,GAAG,aAAa,EAAE,CAAC;gBACtC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,CAAC,YAAY,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACtC,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACxD,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;QACrC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QACrH,OAAO,QAAQ,IAAI,EAAE,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;QACZ,OAAO,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAEO,yBAAyB,CAAC,KAAc;QAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,OAAyB;QAEzB,MAAM,WAAW,GACf,CAAC,CAAC,OAAO,CAAC,UAAU;YACpB,OAAO,OAAO,CAAC,qBAAqB,KAAK,QAAQ;YACjD,OAAO,CAAC,kBAAkB,KAAK,SAAS,CAAC;QAE3C,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;QAElC,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,SAAS;YAC/D,KAAK,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,KAAK,CAAC;YACpD,OAAO,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,OAAO,CAAC;YACxD,QAAQ,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC;YAC1D,MAAM,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC;YACtD,YAAY,EAAE,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,YAAY,CAAC;YAClE,QAAQ,EACN,IAAI,CAAC,yBAAyB,CAAC,MAAM,EAAE,QAAQ,CAAC;gBAChD,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,eAAe,EAAE,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,qBAAqB,CAAC;YAC9E,YAAY,EAAE,OAAO,CAAC,kBAAkB;SACzC,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,SAAS,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3D,MAAM,eAAe,GAAG,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC;YACnD,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;YAC/C,IAAI,OAAO,GAAG,eAAe,GAAG,cAAc,CAAC;YAE/C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;gBAClE,MAAM,iBAAiB,GAAG,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC;gBAClD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAuB,GAAG,EAAE,CAAC;gBAC/D,OAAO,GAAG,iBAAiB,GAAG,aAAa,CAAC;YAC9C,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;IACzC,CAAC;IAED,QAAQ;QASN,OAAO;YACL,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAClC,MAAM,EAAE;gBACN,oBAAoB,EAAE,IAAI,CAAC,MAAM,CAAC,oBAAoB;gBACtD,iBAAiB,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;gBAChD,uBAAuB,EAAE,IAAI,CAAC,MAAM,CAAC,uBAAuB;gBAC5D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI;aACnD;SACF,CAAC;IACJ,CAAC;IAED,aAAa;QACX,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACrD,OAAO;QACL,KAAK,EAAE,cAAc,CAAC,aAAa,EAAE;QACrC,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAgB;IACtD,OAAO,CACL,OAAO,OAAO,KAAK,QAAQ;QAC3B,OAAO,KAAK,IAAI;QAChB,OAAQ,OAAmC,CAAC,OAAO,CAAC,KAAK,QAAQ;QAC/D,OAAmC,CAAC,OAAO,CAAY,CAAC,MAAM,GAAG,CAAC;QACpE,OAAQ,OAAmC,CAAC,UAAU,CAAC,KAAK,QAAQ;QAClE,OAAmC,CAAC,UAAU,CAAY,CAAC,MAAM,GAAG,CAAC;QACvE,OAAQ,OAAmC,CAAC,WAAW,CAAC,KAAK,QAAQ;QACnE,OAAmC,CAAC,WAAW,CAAY,GAAG,CAAC;QACjE,MAAM,CAAC,SAAS,CAAE,OAAmC,CAAC,WAAW,CAAC,CAAC,CACpE,CAAC;AACJ,CAAC"}

package/dist/types/protocol.d.ts

@@ -0,0 +1,320 @@
+/**
+ * MCP-I Protocol Types
+ *
+ * Inlined type definitions for the MCP-I protocol reference implementation.
+ * All types are pure TypeScript — no external dependencies.
+ *
+ * Related Spec: MCP-I §3, §4, §5, §6
+ */
+export interface CrispBudget {
+    unit: 'USD' | 'ops' | 'points';
+    cap: number;
+    window?: {
+        kind: 'rolling' | 'fixed';
+        durationSec: number;
+    };
+}
+export interface CrispScope {
+    resource: string;
+    matcher: 'exact' | 'prefix' | 'regex';
+    constraints?: Record<string, unknown>;
+}
+export interface DelegationConstraints {
+    notBefore?: number;
+    notAfter?: number;
+    scopes?: string[];
+    audience?: string | string[];
+    crisp?: {
+        budget?: CrispBudget;
+        scopes: CrispScope[];
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+}
+export type DelegationStatus = 'active' | 'revoked' | 'expired';
+export interface DelegationRecord {
+    id: string;
+    issuerDid: string;
+    subjectDid: string;
+    controller?: string;
+    vcId: string;
+    parentId?: string;
+    constraints: DelegationConstraints;
+    signature: string;
+    status: DelegationStatus;
+    createdAt?: number;
+    revokedAt?: number;
+    revokedReason?: string;
+    metadata?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+export interface Proof {
+    type: string;
+    created?: string;
+    verificationMethod?: string;
+    proofPurpose?: string;
+    proofValue?: string;
+    jws?: string;
+    [key: string]: unknown;
+}
+export interface CredentialStatus {
+    id: string;
+    type: 'StatusList2021Entry';
+    statusPurpose: 'revocation' | 'suspension';
+    statusListIndex: string;
+    statusListCredential: string;
+    [key: string]: unknown;
+}
+export interface DelegationCredentialSubject {
+    id: string;
+    delegation: {
+        id: string;
+        issuerDid: string;
+        subjectDid: string;
+        userDid?: string;
+        userIdentifier?: string;
+        sessionId?: string;
+        scopes?: string[];
+        controller?: string;
+        parentId?: string;
+        constraints: DelegationConstraints;
+        status: DelegationStatus;
+        createdAt?: number;
+        metadata?: Record<string, unknown>;
+    };
+}
+export interface DelegationCredential {
+    '@context': (string | Record<string, unknown>)[];
+    id?: string;
+    type: string[];
+    issuer: string | {
+        id: string;
+        [key: string]: unknown;
+    };
+    issuanceDate: string;
+    expirationDate?: string;
+    credentialSubject: DelegationCredentialSubject;
+    credentialStatus?: CredentialStatus;
+    proof?: Proof;
+    [key: string]: unknown;
+}
+export declare const DELEGATION_CREDENTIAL_CONTEXT: "https://schema.modelcontextprotocol-identity.io/xmcp-i/credentials/delegation.v1.0.0.json";
+export interface StatusList2021Credential {
+    '@context': (string | Record<string, unknown>)[];
+    id: string;
+    type: string[];
+    issuer: string | {
+        id: string;
+    };
+    issuanceDate: string;
+    credentialSubject: {
+        id?: string;
+        type: 'StatusList2021';
+        statusPurpose: 'revocation' | 'suspension';
+        encodedList: string;
+    };
+    proof?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+/**
+ * Wrap a DelegationRecord in an unsigned W3C VC structure.
+ */
+export declare function wrapDelegationAsVC(delegation: DelegationRecord, options?: {
+    id?: string;
+    issuanceDate?: string;
+    expirationDate?: string;
+    credentialStatus?: CredentialStatus;
+    userDid?: string;
+    userIdentifier?: string;
+    sessionId?: string;
+    scopes?: string[];
+}): Omit<DelegationCredential, 'proof'>;
+/**
+ * Extract a DelegationRecord from a DelegationCredential.
+ */
+export declare function extractDelegationFromVC(vc: DelegationCredential): DelegationRecord;
+/**
+ * Check if a DelegationCredential is expired.
+ */
+export declare function isDelegationCredentialExpired(vc: DelegationCredential): boolean;
+/**
+ * Check if a DelegationCredential is not yet valid.
+ */
+export declare function isDelegationCredentialNotYetValid(vc: DelegationCredential): boolean;
+/**
+ * Validate a DelegationCredential.
+ * Returns a Zod-compatible result shape.
+ */
+export declare function validateDelegationCredential(vc: unknown): {
+    success: boolean;
+    error?: {
+        message: string;
+    };
+    data?: DelegationCredential;
+};
+export interface MCPClientInfo {
+    name: string;
+    title?: string;
+    version?: string;
+    platform?: string;
+    vendor?: string;
+    persistentId?: string;
+}
+export interface MCPClientSessionInfo extends MCPClientInfo {
+    clientId: string;
+    protocolVersion?: string;
+    capabilities?: Record<string, unknown>;
+}
+export interface HandshakeRequest {
+    nonce: string;
+    audience: string;
+    timestamp: number;
+    agentDid?: string;
+    clientInfo?: MCPClientInfo & {
+        clientId?: string;
+    };
+    clientProtocolVersion?: string;
+    clientCapabilities?: Record<string, unknown>;
+}
+export type SessionIdentityState = 'anonymous' | 'authenticated';
+export interface SessionContext {
+    sessionId: string;
+    audience: string;
+    nonce: string;
+    timestamp: number;
+    createdAt: number;
+    lastActivity: number;
+    ttlMinutes: number;
+    agentDid?: string;
+    serverDid?: string;
+    clientDid?: string;
+    userDid?: string;
+    clientInfo?: MCPClientSessionInfo;
+    identityState: SessionIdentityState;
+    oauthIdentity?: {
+        provider: string;
+        subject: string;
+        email?: string;
+        name?: string;
+    };
+    delegationRef?: string;
+    delegationChain?: string;
+    delegationScopes?: string[];
+    [key: string]: unknown;
+}
+/**
+ * Nonce cache interface for replay prevention.
+ */
+export interface NonceCache {
+    has(nonce: string, agentDid?: string): Promise<boolean>;
+    add(nonce: string, ttl: number, agentDid?: string): Promise<void>;
+    cleanup(): Promise<void>;
+}
+export declare const DEFAULT_SESSION_TTL_MINUTES = 30;
+export declare const DEFAULT_TIMESTAMP_SKEW_SECONDS = 120;
+export declare const NONCE_LENGTH_BYTES = 16;
+export interface ProofMeta {
+    did: string;
+    kid: string;
+    ts: number;
+    nonce: string;
+    audience: string;
+    sessionId: string;
+    requestHash: string;
+    responseHash: string;
+    scopeId?: string;
+    delegationRef?: string;
+    clientDid?: string;
+}
+export interface DetachedProof {
+    jws: string;
+    meta: ProofMeta;
+}
+export interface CanonicalHashes {
+    requestHash: string;
+    responseHash: string;
+}
+export interface AuditRecord {
+    version: 'audit.v1';
+    ts: number;
+    session: string;
+    audience: string;
+    did: string;
+    kid: string;
+    reqHash: string;
+    resHash: string;
+    verified: 'yes' | 'no';
+    scope: string;
+}
+export interface AuditContext {
+    identity: {
+        did: string;
+        kid: string;
+        [key: string]: unknown;
+    };
+    session: {
+        sessionId: string;
+        audience: string;
+        [key: string]: unknown;
+    };
+    requestHash: string;
+    responseHash: string;
+    verified: 'yes' | 'no';
+    scopeId?: string;
+}
+export interface AuditEventContext {
+    eventType: string;
+    identity: {
+        did: string;
+        kid: string;
+        [key: string]: unknown;
+    };
+    session: {
+        sessionId: string;
+        audience: string;
+        [key: string]: unknown;
+    };
+    eventData?: Record<string, unknown>;
+}
+export interface AuthorizationDisplay {
+    title?: string;
+    hint?: Array<'link' | 'qr' | 'code'>;
+    authorizationCode?: string;
+    qrUrl?: string;
+    [key: string]: unknown;
+}
+export interface NeedsAuthorizationError {
+    error: 'needs_authorization';
+    message: string;
+    authorizationUrl: string;
+    resumeToken: string;
+    expiresAt: number;
+    scopes: string[];
+    display?: AuthorizationDisplay;
+    context?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+export declare function createNeedsAuthorizationError(config: {
+    message: string;
+    authorizationUrl: string;
+    resumeToken: string;
+    expiresAt: number;
+    scopes: string[];
+    display?: AuthorizationDisplay;
+}): NeedsAuthorizationError;
+export declare function isNeedsAuthorizationError(error: unknown): error is NeedsAuthorizationError;
+/**
+ * Validate a DetachedProof structure.
+ * Returns a Zod-compatible result shape.
+ */
+export declare function validateDetachedProof(proof: unknown): {
+    success: boolean;
+    error?: {
+        message: string;
+        errors?: Array<{
+            message: string;
+        }>;
+    };
+    data?: DetachedProof;
+};
+//# sourceMappingURL=protocol.d.ts.map

package/dist/types/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../src/types/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,QAAQ,CAAC;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,SAAS,GAAG,OAAO,CAAC;QAC1B,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,WAAW,CAAC;QACrB,MAAM,EAAE,UAAU,EAAE,CAAC;QACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAMD,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,qBAAqB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,gBAAgB,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAMD,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,qBAAqB,CAAC;IAC5B,aAAa,EAAE,YAAY,GAAG,YAAY,CAAC;IAC3C,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,qBAAqB,CAAC;QACnC,MAAM,EAAE,gBAAgB,CAAC;QACzB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;IACjD,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IACxD,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,2BAA2B,CAAC;IAC/C,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,6BAA6B,EACxC,2FAAoG,CAAC;AAMvG,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;IACjD,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE;QACjB,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,gBAAgB,CAAC;QACvB,aAAa,EAAE,YAAY,GAAG,YAAY,CAAC;QAC3C,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,gBAAgB,EAC5B,OAAO,CAAC,EAAE;IACR,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB,GACA,IAAI,CAAC,oBAAoB,EAAE,OAAO,CAAC,CA2CrC;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,EAAE,EAAE,oBAAoB,GAAG,gBAAgB,CAwBlF;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAAC,EAAE,EAAE,oBAAoB,GAAG,OAAO,CAgB/E;AAED;;GAEG;AACH,wBAAgB,iCAAiC,CAAC,EAAE,EAAE,oBAAoB,GAAG,OAAO,CAWnF;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAAC,EAAE,EAAE,OAAO,GAAG;IACzD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5B,IAAI,CAAC,EAAE,oBAAoB,CAAC;CAC7B,CAqDA;AAMD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,oBAAqB,SAAQ,aAAa;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,aAAa,GAAG;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACnD,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9C;AAED,MAAM,MAAM,oBAAoB,GAAG,WAAW,GAAG,eAAe,CAAC;AAEjE,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,oBAAoB,CAAC;IAClC,aAAa,EAAE,oBAAoB,CAAC;IACpC,aAAa,CAAC,EAAE;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;IACF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACxD,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAC9C,eAAO,MAAM,8BAA8B,MAAM,CAAC;AAClD,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAMrC,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,UAAU,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,IAAI,CAAC;IACvB,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE;QACR,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,KAAK,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE;QACR,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAMD,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,CAAC;IACrC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,qBAAqB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,oBAAoB,CAAC;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,wBAAgB,6BAA6B,CAAC,MAAM,EAAE;IACpD,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,oBAAoB,CAAC;CAChC,GAAG,uBAAuB,CAK1B;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,uBAAuB,CAM1F;AAQD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG;IACrD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;IACjE,IAAI,CAAC,EAAE,aAAa,CAAC;CACtB,CAqDA"}