@mcp-i/core 0.1.0

package/dist/middleware/with-mcpi.js

@@ -0,0 +1,472 @@
+/**
+ * MCP-I Middleware for @modelcontextprotocol/sdk Server
+ *
+ * Adds identity, session management, and proof generation to a standard
+ * MCP SDK Server.
+ *
+ * Usage:
+ *   const { handshakeTool, registerToolWithProof } = createMCPIMiddleware(config, crypto);
+ *   server.setRequestHandler(ListToolsRequestSchema, () => ({ tools: [handshakeTool, ...] }));
+ *   registerToolWithProof(server, myToolDef, myHandler);
+ */
+import { FetchProvider, } from "../providers/base.js";
+import { SessionManager, } from "../session/manager.js";
+import { ProofGenerator, } from "../proof/generator.js";
+import { validateHandshakeFormat } from "../session/manager.js";
+import { DelegationCredentialVerifier, } from "../delegation/vc-verifier.js";
+import { createDidKeyResolver } from "../delegation/did-key-resolver.js";
+import { createDidWebResolver } from "../delegation/did-web-resolver.js";
+import { verifyDelegationAudience } from "../delegation/audience-validator.js";
+import { createNeedsAuthorizationError, extractDelegationFromVC, } from "../types/protocol.js";
+import { logger } from "../logging/index.js";
+import { canonicalizeJSON } from "../delegation/utils.js";
+import { base64urlDecodeToBytes, base64urlEncodeFromBytes, bytesToBase64 } from "../utils/base64.js";
+class RuntimeFetchProvider extends FetchProvider {
+    async resolveDID() {
+        return null;
+    }
+    async fetchStatusList() {
+        return null;
+    }
+    async fetchDelegationChain() {
+        return [];
+    }
+    async fetch(url, options) {
+        if (typeof globalThis.fetch !== "function") {
+            throw new Error("Global fetch is not available in this runtime");
+        }
+        return globalThis.fetch(url, options);
+    }
+}
+function getDelegationScopes(credential) {
+    const scopes = new Set();
+    for (const scope of credential.credentialSubject.delegation.scopes ?? []) {
+        scopes.add(scope);
+    }
+    for (const scope of credential.credentialSubject.delegation.constraints.scopes ?? []) {
+        scopes.add(scope);
+    }
+    return Array.from(scopes);
+}
+function validateScopeAttenuation(parentCredential, childCredential) {
+    const parentScopes = getDelegationScopes(parentCredential);
+    const childScopes = getDelegationScopes(childCredential);
+    const childDelegation = childCredential.credentialSubject.delegation;
+    if (parentScopes.length === 0) {
+        return { valid: true };
+    }
+    if (childScopes.length === 0) {
+        return {
+            valid: false,
+            reason: `Delegation ${childDelegation.id} omits scopes required to prove attenuation from parent ${parentCredential.credentialSubject.delegation.id}`,
+        };
+    }
+    const parentScopeSet = new Set(parentScopes);
+    const widenedScopes = childScopes.filter((scope) => !parentScopeSet.has(scope));
+    if (widenedScopes.length > 0) {
+        return {
+            valid: false,
+            reason: `Delegation ${childDelegation.id} widens scopes beyond parent ${parentCredential.credentialSubject.delegation.id}: ${widenedScopes.join(", ")}`,
+        };
+    }
+    return { valid: true };
+}
+/**
+ * Create MCP-I middleware for a standard MCP SDK Server.
+ *
+ * @param config - Agent identity and session configuration
+ * @param cryptoProvider - Platform-specific crypto implementation
+ * @returns Middleware components for session management and proof generation
+ *
+ * @remarks
+ * **Single-process only**: This middleware stores session state in memory using closure
+ * variables (`activeSessionId`, `sessionNonces`). It is NOT suitable for multi-instance
+ * deployments behind a load balancer. For distributed deployments, implement a custom
+ * `SessionStore` backed by Redis, DynamoDB, or similar and pass it via `config.session`.
+ */
+export function createMCPIMiddleware(config, cryptoProvider) {
+    const identity = {
+        did: config.identity.did,
+        kid: config.identity.kid,
+        privateKey: config.identity.privateKey,
+        publicKey: config.identity.publicKey,
+    };
+    const sessionManager = new SessionManager(cryptoProvider, {
+        ...config.session,
+        serverDid: identity.did,
+    });
+    const proofGenerator = new ProofGenerator(identity, cryptoProvider);
+    const delegationConfig = config.delegation;
+    // Session map: sessionId → last nonce (for proof generation)
+    const sessionNonces = new Map();
+    // Active session tracking — set after handshake (manual or auto)
+    let activeSessionId;
+    const handshakeTool = {
+        name: "_mcpi_handshake",
+        description: "MCP-I identity handshake — establishes a cryptographic session",
+        inputSchema: {
+            type: "object",
+            properties: {
+                nonce: { type: "string", description: "Client-generated unique nonce" },
+                audience: {
+                    type: "string",
+                    description: "Intended audience (server DID or URL)",
+                },
+                timestamp: { type: "number", description: "Unix epoch seconds" },
+                agentDid: {
+                    type: "string",
+                    description: "Client agent DID (optional)",
+                },
+            },
+            required: ["nonce", "audience", "timestamp"],
+        },
+    };
+    async function handleHandshake(args) {
+        if (!validateHandshakeFormat(args)) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            success: false,
+                            error: {
+                                code: "MCPI_INVALID_HANDSHAKE",
+                                message: "Invalid handshake format: requires nonce (string), audience (string), and timestamp (positive integer)",
+                            },
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+        const result = await sessionManager.validateHandshake(args);
+        if (result.success && result.session) {
+            sessionNonces.set(result.session.sessionId, result.session.nonce);
+            activeSessionId = result.session.sessionId;
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        success: result.success,
+                        ...(result.session && {
+                            sessionId: result.session.sessionId,
+                            serverDid: identity.did,
+                            serverKid: identity.kid,
+                        }),
+                        ...(result.error && { error: result.error }),
+                    }),
+                },
+            ],
+            ...(result.error && { isError: true }),
+        };
+    }
+    /**
+     * Auto-create a session for proof generation when no handshake has occurred.
+     * In production, MCP-I-aware clients handle the handshake automatically.
+     * This convenience mode allows non-MCP-I clients (like MCP Inspector) to
+     * still see proofs without manual handshake.
+     */
+    async function ensureSession() {
+        if (activeSessionId) {
+            const existing = await sessionManager.getSession(activeSessionId);
+            if (existing)
+                return activeSessionId;
+        }
+        if (!config.autoSession)
+            return undefined;
+        // Generate a server-side session with cryptographically random nonce (SPEC.md §4)
+        const nonceBytes = await cryptoProvider.randomBytes(16);
+        const nonce = base64urlEncodeFromBytes(nonceBytes);
+        const timestamp = Math.floor(Date.now() / 1000);
+        const result = await sessionManager.validateHandshake({
+            nonce,
+            audience: identity.did,
+            timestamp,
+        });
+        if (result.success && result.session) {
+            activeSessionId = result.session.sessionId;
+            sessionNonces.set(result.session.sessionId, result.session.nonce);
+            return activeSessionId;
+        }
+        return undefined;
+    }
+    function wrapWithProof(toolName, handler) {
+        return async (args, sessionId) => {
+            const result = await handler(args, sessionId);
+            if (result.isError) {
+                return result;
+            }
+            // Resolve session: explicit param → active session → auto-create
+            const resolvedSessionId = sessionId ?? await ensureSession();
+            if (!resolvedSessionId) {
+                return result;
+            }
+            const session = await sessionManager.getSession(resolvedSessionId);
+            if (!session) {
+                return result;
+            }
+            try {
+                const request = { method: toolName, params: args };
+                const response = { data: result.content };
+                const proof = await proofGenerator.generateProof(request, response, session);
+                // Attach proof as _meta (rendered by MCP Inspector, invisible to LLMs)
+                result._meta = { proof };
+            }
+            catch {
+                // Proof generation failure is non-fatal — the tool result is still valid
+            }
+            return result;
+        };
+    }
+    function wrapWithDelegation(toolName, config, handler) {
+        const legacyUnsafeDelegationEnabled = delegationConfig?.allowLegacyUnsafeDelegation === true;
+        const didKeyResolver = createDidKeyResolver();
+        const fetchProvider = delegationConfig?.fetchProvider ??
+            (typeof globalThis.fetch === "function"
+                ? new RuntimeFetchProvider()
+                : undefined);
+        const didWebResolver = fetchProvider
+            ? createDidWebResolver(fetchProvider)
+            : undefined;
+        const didResolver = {
+            async resolve(did) {
+                const customResolver = delegationConfig?.didResolver;
+                if (customResolver) {
+                    const resolved = await customResolver.resolve(did);
+                    if (resolved) {
+                        return resolved;
+                    }
+                }
+                if (did.startsWith("did:key:")) {
+                    return didKeyResolver.resolve(did);
+                }
+                if (did.startsWith("did:web:")) {
+                    return didWebResolver?.resolve(did) ?? null;
+                }
+                return null;
+            },
+        };
+        const signatureVerifier = async (vc, publicKeyJwk) => {
+            const proof = vc.proof;
+            if (!proof) {
+                return { valid: false, reason: "Missing proof" };
+            }
+            const proofValue = proof["proofValue"];
+            if (!proofValue) {
+                return { valid: false, reason: "Missing proofValue in proof" };
+            }
+            // Reconstruct the unsigned VC (without proof) for signature verification
+            const vcRecord = vc;
+            const vcWithoutProof = {};
+            for (const [k, v] of Object.entries(vcRecord)) {
+                if (k !== "proof")
+                    vcWithoutProof[k] = v;
+            }
+            const canonical = canonicalizeJSON(vcWithoutProof);
+            const data = new TextEncoder().encode(canonical);
+            // Decode signature from base64url proof value
+            const sigBytes = base64urlDecodeToBytes(proofValue);
+            // Get public key from JWK (x is base64url-encoded raw key bytes)
+            const jwk = publicKeyJwk;
+            if (!jwk.x) {
+                return { valid: false, reason: "No x field in publicKeyJwk" };
+            }
+            // Convert base64url key to standard base64 for the crypto provider
+            const pubKeyBytes = base64urlDecodeToBytes(jwk.x);
+            const pubKeyBase64 = bytesToBase64(pubKeyBytes);
+            const valid = await cryptoProvider.verify(data, sigBytes, pubKeyBase64);
+            return {
+                valid,
+                reason: valid ? undefined : "Signature verification failed",
+            };
+        };
+        const verifier = new DelegationCredentialVerifier({
+            didResolver,
+            signatureVerifier,
+            statusListResolver: delegationConfig?.statusListResolver,
+        });
+        const buildDelegationErrorResponse = (error, reason) => ({
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({ error, reason }),
+                },
+            ],
+            isError: true,
+        });
+        const validateDelegationChain = async (leafCredential) => {
+            const leafDelegation = extractDelegationFromVC(leafCredential);
+            let chain = [leafCredential];
+            if (leafDelegation.parentId) {
+                if (!delegationConfig?.resolveDelegationChain) {
+                    if (legacyUnsafeDelegationEnabled) {
+                        logger.warn(`[mcpi] Legacy delegation mode enabled: accepting parent-linked credential ${leafDelegation.id} without resolveDelegationChain`);
+                        return { valid: true };
+                    }
+                    return {
+                        valid: false,
+                        reason: `Delegation ${leafDelegation.id} references parent ${leafDelegation.parentId} but no resolveDelegationChain handler is configured`,
+                    };
+                }
+                let resolvedChain;
+                try {
+                    resolvedChain =
+                        await delegationConfig.resolveDelegationChain(leafCredential);
+                }
+                catch (error) {
+                    return {
+                        valid: false,
+                        reason: `Failed to resolve delegation chain: ${error instanceof Error ? error.message : "Unknown error"}`,
+                    };
+                }
+                if (resolvedChain.length === 0) {
+                    return {
+                        valid: false,
+                        reason: `Delegation ${leafDelegation.id} references parent ${leafDelegation.parentId} but the resolved chain is empty`,
+                    };
+                }
+                const leafIndex = resolvedChain.findIndex((credential) => credential.credentialSubject.delegation.id === leafDelegation.id);
+                if (leafIndex !== -1 && leafIndex !== resolvedChain.length - 1) {
+                    return {
+                        valid: false,
+                        reason: `Resolved delegation chain for ${leafDelegation.id} must end with the leaf credential`,
+                    };
+                }
+                chain =
+                    leafIndex === -1 ? [...resolvedChain, leafCredential] : resolvedChain;
+            }
+            const seenIds = new Set();
+            let previousDelegation;
+            let previousCredential;
+            for (const credential of chain) {
+                const delegation = extractDelegationFromVC(credential);
+                if (seenIds.has(delegation.id)) {
+                    return {
+                        valid: false,
+                        reason: `Delegation chain contains a circular reference at ${delegation.id}`,
+                    };
+                }
+                seenIds.add(delegation.id);
+                if (credential.credentialStatus && !delegationConfig?.statusListResolver) {
+                    if (legacyUnsafeDelegationEnabled) {
+                        logger.warn(`[mcpi] Legacy delegation mode enabled: skipping status-list verification for ${delegation.id}`);
+                    }
+                    else {
+                        return {
+                            valid: false,
+                            reason: `Delegation ${delegation.id} has credentialStatus but no statusListResolver is configured`,
+                        };
+                    }
+                }
+                const credentialVerification = await verifier.verifyDelegationCredential(credential);
+                if (!credentialVerification.valid) {
+                    return {
+                        valid: false,
+                        reason: `Delegation ${delegation.id} invalid: ${credentialVerification.reason}`,
+                    };
+                }
+                if (!verifyDelegationAudience(delegation, identity.did)) {
+                    return {
+                        valid: false,
+                        reason: `Delegation ${delegation.id} audience does not include server DID ${identity.did}`,
+                    };
+                }
+                if (!previousDelegation || !previousCredential) {
+                    if (delegation.parentId) {
+                        return {
+                            valid: false,
+                            reason: `Resolved delegation chain is incomplete: root delegation ${delegation.id} still references parent ${delegation.parentId}`,
+                        };
+                    }
+                    previousDelegation = delegation;
+                    previousCredential = credential;
+                    continue;
+                }
+                if (delegation.parentId !== previousDelegation.id) {
+                    return {
+                        valid: false,
+                        reason: `Delegation ${delegation.id} references parent ${delegation.parentId} but expected ${previousDelegation.id}`,
+                    };
+                }
+                if (delegation.issuerDid !== previousDelegation.subjectDid) {
+                    return {
+                        valid: false,
+                        reason: `Delegation ${delegation.id} issued by ${delegation.issuerDid} but parent subject is ${previousDelegation.subjectDid}`,
+                    };
+                }
+                const scopeValidation = validateScopeAttenuation(previousCredential, credential);
+                if (!scopeValidation.valid) {
+                    return scopeValidation;
+                }
+                previousDelegation = delegation;
+                previousCredential = credential;
+            }
+            const finalDelegation = extractDelegationFromVC(chain[chain.length - 1]);
+            if (finalDelegation.id !== leafDelegation.id) {
+                return {
+                    valid: false,
+                    reason: `Resolved delegation chain ended at ${finalDelegation.id} instead of leaf ${leafDelegation.id}`,
+                };
+            }
+            return { valid: true };
+        };
+        return async (args, sessionId) => {
+            const delegationArg = args["_mcpi_delegation"];
+            if (delegationArg === undefined || delegationArg === null) {
+                // No delegation provided — return needs_authorization response
+                const tokenBytes = await cryptoProvider.randomBytes(16);
+                const hex = Array.from(tokenBytes)
+                    .map((b) => b.toString(16).padStart(2, "0"))
+                    .join("");
+                const resumeToken = [
+                    hex.slice(0, 8),
+                    hex.slice(8, 12),
+                    hex.slice(12, 16),
+                    hex.slice(16, 20),
+                    hex.slice(20),
+                ].join("-");
+                const expiresAt = Math.floor(Date.now() / 1000) + 300;
+                const authError = createNeedsAuthorizationError({
+                    message: `Tool "${toolName}" requires delegation with scope: ${config.scopeId}`,
+                    authorizationUrl: config.consentUrl,
+                    resumeToken,
+                    expiresAt,
+                    scopes: [config.scopeId],
+                });
+                return {
+                    content: [{ type: "text", text: JSON.stringify(authError) }],
+                };
+            }
+            const vc = delegationArg;
+            const verificationResult = await validateDelegationChain(vc);
+            if (!verificationResult.valid) {
+                logger.warn(`[mcpi] Delegation verification failed for "${toolName}": ${verificationResult.reason}`);
+                return buildDelegationErrorResponse("delegation_invalid", verificationResult.reason ?? "Unknown delegation validation error");
+            }
+            const scopes = getDelegationScopes(vc);
+            if (!scopes.includes(config.scopeId)) {
+                logger.warn(`[mcpi] Delegation missing required scope "${config.scopeId}" for "${toolName}"`);
+                return buildDelegationErrorResponse("delegation_scope_missing", `Required scope "${config.scopeId}" not in delegation scopes`);
+            }
+            // Strip _mcpi_delegation from args before passing to handler
+            const cleanArgs = {};
+            for (const [k, v] of Object.entries(args)) {
+                if (k !== "_mcpi_delegation")
+                    cleanArgs[k] = v;
+            }
+            logger.debug(`[mcpi] Delegation verified for "${toolName}", scope "${config.scopeId}"`);
+            return handler(cleanArgs, sessionId);
+        };
+    }
+    return {
+        sessionManager,
+        proofGenerator,
+        handshakeTool,
+        handleHandshake,
+        wrapWithProof,
+        wrapWithDelegation,
+    };
+}
+//# sourceMappingURL=with-mcpi.js.map

package/dist/middleware/with-mcpi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"with-mcpi.js","sourceRoot":"","sources":["../../src/middleware/with-mcpi.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAEL,aAAa,GACd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,GAGf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,cAAc,GAIf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EACL,4BAA4B,GAI7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EACL,6BAA6B,EAC7B,uBAAuB,GAGxB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AA4IrG,MAAM,oBAAqB,SAAQ,aAAa;IAC9C,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,oBAAoB;QACxB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,OAAiB;QACxC,IAAI,OAAO,UAAU,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,OAAsB,CAAC,CAAC;IACvD,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,UAAgC;IAC3D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,WAAW,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACrF,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,wBAAwB,CAC/B,gBAAsC,EACtC,eAAqC;IAErC,MAAM,YAAY,GAAG,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,mBAAmB,CAAC,eAAe,CAAC,CAAC;IACzD,MAAM,eAAe,GAAG,eAAe,CAAC,iBAAiB,CAAC,UAAU,CAAC;IAErE,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,cAAc,eAAe,CAAC,EAAE,2DAA2D,gBAAgB,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,EAAE;SACtJ,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;IAC7C,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IAChF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,cAAc,eAAe,CAAC,EAAE,gCAAgC,gBAAgB,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,KAAK,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SACxJ,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,oBAAoB,CAClC,MAAkB,EAClB,cAA8B;IAE9B,MAAM,QAAQ,GAAuB;QACnC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QACxB,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG;QACxB,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;QACtC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;KACrC,CAAC;IAEF,MAAM,cAAc,GAAG,IAAI,cAAc,CAAC,cAAc,EAAE;QACxD,GAAG,MAAM,CAAC,OAAO;QACjB,SAAS,EAAE,QAAQ,CAAC,GAAG;KACxB,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpE,MAAM,gBAAgB,GAAG,MAAM,CAAC,UAAU,CAAC;IAE3C,6DAA6D;IAC7D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEhD,iEAAiE;IACjE,IAAI,eAAmC,CAAC;IAExC,MAAM,aAAa,GAAuB;QACxC,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,gEAAgE;QAClE,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,+BAA+B,EAAE;gBACvE,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uCAAuC;iBACrD;gBACD,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oBAAoB,EAAE;gBAChE,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6BAA6B;iBAC3C;aACF;YACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC;SAC7C;KACF,CAAC;IAEF,KAAK,UAAU,eAAe,CAAC,IAA6B;QAI1D,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE;gCACL,IAAI,EAAE,wBAAwB;gCAC9B,OAAO,EACL,wGAAwG;6BAC3G;yBACF,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GACV,MAAM,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAE/C,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAClE,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;QAC7C,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI;4BACpB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;4BACnC,SAAS,EAAE,QAAQ,CAAC,GAAG;4BACvB,SAAS,EAAE,QAAQ,CAAC,GAAG;yBACxB,CAAC;wBACF,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;qBAC7C,CAAC;iBACH;aACF;YACD,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;SACvC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,aAAa;QAC1B,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAClE,IAAI,QAAQ;gBAAE,OAAO,eAAe,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAE1C,kFAAkF;QAClF,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEhD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC;YACpD,KAAK;YACL,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;YAC3C,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAClE,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,SAAS,aAAa,CACpB,QAAgB,EAChB,OAAwB;QAExB,OAAO,KAAK,EAAE,IAA6B,EAAE,SAAkB,EAAE,EAAE;YACjE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAE9C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,iEAAiE;YACjE,MAAM,iBAAiB,GAAG,SAAS,IAAI,MAAM,aAAa,EAAE,CAAC;YAC7D,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,OAAO,GAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;gBAChE,MAAM,QAAQ,GAAiB,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;gBAExD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,aAAa,CAC9C,OAAO,EACP,QAAQ,EACR,OAAO,CACR,CAAC;gBAEF,uEAAuE;gBACvE,MAAM,CAAC,KAAK,GAAG,EAAE,KAAK,EAAE,CAAC;YAC3B,CAAC;YAAC,MAAM,CAAC;gBACP,yEAAyE;YAC3E,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;IACJ,CAAC;IAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,MAA+C,EAC/C,OAAwB;QAExB,MAAM,6BAA6B,GACjC,gBAAgB,EAAE,2BAA2B,KAAK,IAAI,CAAC;QACzD,MAAM,cAAc,GAAG,oBAAoB,EAAE,CAAC;QAC9C,MAAM,aAAa,GACjB,gBAAgB,EAAE,aAAa;YAC/B,CAAC,OAAO,UAAU,CAAC,KAAK,KAAK,UAAU;gBACrC,CAAC,CAAC,IAAI,oBAAoB,EAAE;gBAC5B,CAAC,CAAC,SAAS,CAAC,CAAC;QACjB,MAAM,cAAc,GAAG,aAAa;YAClC,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC;YACrC,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,WAAW,GAAgB;YAC/B,KAAK,CAAC,OAAO,CAAC,GAAW;gBACvB,MAAM,cAAc,GAAG,gBAAgB,EAAE,WAAW,CAAC;gBACrD,IAAI,cAAc,EAAE,CAAC;oBACnB,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACnD,IAAI,QAAQ,EAAE,CAAC;wBACb,OAAO,QAAQ,CAAC;oBAClB,CAAC;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC/B,OAAO,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrC,CAAC;gBAED,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC/B,OAAO,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;gBAC9C,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;SACF,CAAC;QAEF,MAAM,iBAAiB,GAAkC,KAAK,EAC5D,EAAwB,EACxB,YAAqB,EACyB,EAAE;YAChD,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC;YACvB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;YACnD,CAAC;YAED,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAuB,CAAC;YAC7D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;YACjE,CAAC;YAED,yEAAyE;YACzE,MAAM,QAAQ,GAAG,EAA6B,CAAC;YAC/C,MAAM,cAAc,GAA4B,EAAE,CAAC;YACnD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9C,IAAI,CAAC,KAAK,OAAO;oBAAE,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAC3C,CAAC;YACD,MAAM,SAAS,GAAG,gBAAgB,CAAC,cAAc,CAAC,CAAC;YACnD,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAEjD,8CAA8C;YAC9C,MAAM,QAAQ,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;YAEpD,iEAAiE;YACjE,MAAM,GAAG,GAAG,YAA8B,CAAC;YAC3C,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4BAA4B,EAAE,CAAC;YAChE,CAAC;YAED,mEAAmE;YACnE,MAAM,WAAW,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;YAEhD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;YACxE,OAAO;gBACL,KAAK;gBACL,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,+BAA+B;aAC5D,CAAC;QACJ,CAAC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC;YAChD,WAAW;YACX,iBAAiB;YACjB,kBAAkB,EAAE,gBAAgB,EAAE,kBAAkB;SACzD,CAAC,CAAC;QAEH,MAAM,4BAA4B,GAAG,CACnC,KAAa,EACb,MAAc,EACwB,EAAE,CAAC,CAAC;YAC1C,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;iBACxC;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QAEH,MAAM,uBAAuB,GAAG,KAAK,EACnC,cAAoC,EACU,EAAE;YAChD,MAAM,cAAc,GAAG,uBAAuB,CAAC,cAAc,CAAC,CAAC;YAC/D,IAAI,KAAK,GAA2B,CAAC,cAAc,CAAC,CAAC;YAErD,IAAI,cAAc,CAAC,QAAQ,EAAE,CAAC;gBAC5B,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,EAAE,CAAC;oBAC9C,IAAI,6BAA6B,EAAE,CAAC;wBAClC,MAAM,CAAC,IAAI,CACT,6EAA6E,cAAc,CAAC,EAAE,iCAAiC,CAChI,CAAC;wBACF,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;oBACzB,CAAC;oBACD,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,cAAc,CAAC,EAAE,sBAAsB,cAAc,CAAC,QAAQ,sDAAsD;qBAC3I,CAAC;gBACJ,CAAC;gBAED,IAAI,aAAqC,CAAC;gBAC1C,IAAI,CAAC;oBACH,aAAa;wBACX,MAAM,gBAAgB,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;gBAClE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,uCAAuC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;qBAC1G,CAAC;gBACJ,CAAC;gBAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC/B,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,cAAc,CAAC,EAAE,sBAAsB,cAAc,CAAC,QAAQ,kCAAkC;qBACvH,CAAC;gBACJ,CAAC;gBAED,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,CACvC,CAAC,UAAU,EAAE,EAAE,CACb,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,KAAK,cAAc,CAAC,EAAE,CACnE,CAAC;gBACF,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,SAAS,KAAK,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC/D,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,iCAAiC,cAAc,CAAC,EAAE,oCAAoC;qBAC/F,CAAC;gBACJ,CAAC;gBAED,KAAK;oBACH,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;YAC1E,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;YAClC,IAAI,kBAAgD,CAAC;YACrD,IAAI,kBAAoD,CAAC;YAEzD,KAAK,MAAM,UAAU,IAAI,KAAK,EAAE,CAAC;gBAC/B,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;gBAEvD,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC/B,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,qDAAqD,UAAU,CAAC,EAAE,EAAE;qBAC7E,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;gBAE3B,IAAI,UAAU,CAAC,gBAAgB,IAAI,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,CAAC;oBACzE,IAAI,6BAA6B,EAAE,CAAC;wBAClC,MAAM,CAAC,IAAI,CACT,gFAAgF,UAAU,CAAC,EAAE,EAAE,CAChG,CAAC;oBACJ,CAAC;yBAAM,CAAC;wBACR,OAAO;4BACL,KAAK,EAAE,KAAK;4BACZ,MAAM,EAAE,cAAc,UAAU,CAAC,EAAE,+DAA+D;yBACnG,CAAC;oBACF,CAAC;gBACH,CAAC;gBAED,MAAM,sBAAsB,GAAG,MAAM,QAAQ,CAAC,0BAA0B,CACtE,UAAU,CACX,CAAC;gBACF,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,CAAC;oBAClC,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,UAAU,CAAC,EAAE,aAAa,sBAAsB,CAAC,MAAM,EAAE;qBAChF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACxD,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,UAAU,CAAC,EAAE,yCAAyC,QAAQ,CAAC,GAAG,EAAE;qBAC3F,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,kBAAkB,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC/C,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;wBACxB,OAAO;4BACL,KAAK,EAAE,KAAK;4BACZ,MAAM,EAAE,4DAA4D,UAAU,CAAC,EAAE,4BAA4B,UAAU,CAAC,QAAQ,EAAE;yBACnI,CAAC;oBACJ,CAAC;oBAED,kBAAkB,GAAG,UAAU,CAAC;oBAChC,kBAAkB,GAAG,UAAU,CAAC;oBAChC,SAAS;gBACX,CAAC;gBAED,IAAI,UAAU,CAAC,QAAQ,KAAK,kBAAkB,CAAC,EAAE,EAAE,CAAC;oBAClD,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,UAAU,CAAC,EAAE,sBAAsB,UAAU,CAAC,QAAQ,iBAAiB,kBAAkB,CAAC,EAAE,EAAE;qBACrH,CAAC;gBACJ,CAAC;gBAED,IAAI,UAAU,CAAC,SAAS,KAAK,kBAAkB,CAAC,UAAU,EAAE,CAAC;oBAC3D,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,cAAc,UAAU,CAAC,EAAE,cAAc,UAAU,CAAC,SAAS,0BAA0B,kBAAkB,CAAC,UAAU,EAAE;qBAC/H,CAAC;gBACJ,CAAC;gBAED,MAAM,eAAe,GAAG,wBAAwB,CAC9C,kBAAkB,EAClB,UAAU,CACX,CAAC;gBACF,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;oBAC3B,OAAO,eAAe,CAAC;gBACzB,CAAC;gBAED,kBAAkB,GAAG,UAAU,CAAC;gBAChC,kBAAkB,GAAG,UAAU,CAAC;YAClC,CAAC;YAED,MAAM,eAAe,GAAG,uBAAuB,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,CAAC;YAC1E,IAAI,eAAe,CAAC,EAAE,KAAK,cAAc,CAAC,EAAE,EAAE,CAAC;gBAC7C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,sCAAsC,eAAe,CAAC,EAAE,oBAAoB,cAAc,CAAC,EAAE,EAAE;iBACxG,CAAC;YACJ,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC,CAAC;QAEF,OAAO,KAAK,EACV,IAA6B,EAC7B,SAAkB,EAClB,EAAE;YACF,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAE/C,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;gBAC1D,+DAA+D;gBAC/D,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;qBAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;qBAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;gBACZ,MAAM,WAAW,GAAG;oBAClB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;oBACf,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBAChB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;oBACjB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;oBACjB,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;iBACd,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACZ,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC;gBAEtD,MAAM,SAAS,GAAG,6BAA6B,CAAC;oBAC9C,OAAO,EAAE,SAAS,QAAQ,qCAAqC,MAAM,CAAC,OAAO,EAAE;oBAC/E,gBAAgB,EAAE,MAAM,CAAC,UAAU;oBACnC,WAAW;oBACX,SAAS;oBACT,MAAM,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;iBACzB,CAAC,CAAC;gBAEH,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;iBAC7D,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,GAAG,aAAqC,CAAC;YACjD,MAAM,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,EAAE,CAAC,CAAC;YAE7D,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CACT,8CAA8C,QAAQ,MAAM,kBAAkB,CAAC,MAAM,EAAE,CACxF,CAAC;gBACF,OAAO,4BAA4B,CACjC,oBAAoB,EACpB,kBAAkB,CAAC,MAAM,IAAI,qCAAqC,CACnE,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrC,MAAM,CAAC,IAAI,CACT,6CAA6C,MAAM,CAAC,OAAO,UAAU,QAAQ,GAAG,CACjF,CAAC;gBACF,OAAO,4BAA4B,CACjC,0BAA0B,EAC1B,mBAAmB,MAAM,CAAC,OAAO,4BAA4B,CAC9D,CAAC;YACJ,CAAC;YAED,6DAA6D;YAC7D,MAAM,SAAS,GAA4B,EAAE,CAAC;YAC9C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,KAAK,kBAAkB;oBAAE,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,CAAC,KAAK,CACV,mCAAmC,QAAQ,aAAa,MAAM,CAAC,OAAO,GAAG,CAC1E,CAAC;YACF,OAAO,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACvC,CAAC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,cAAc;QACd,cAAc;QACd,aAAa;QACb,eAAe;QACf,aAAa;QACb,kBAAkB;KACnB,CAAC;AACJ,CAAC"}

package/dist/proof/errors.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Proof Verification Error Codes and Types
+ *
+ * Specific error codes for proof verification failures to enable
+ * better error handling and debugging.
+ */
+/**
+ * Error codes for proof verification
+ */
+export declare const PROOF_VERIFICATION_ERROR_CODES: {
+    readonly INVALID_PROOF_STRUCTURE: "INVALID_PROOF_STRUCTURE";
+    readonly MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD";
+    readonly NONCE_REPLAY_DETECTED: "NONCE_REPLAY_DETECTED";
+    readonly TIMESTAMP_SKEW_EXCEEDED: "TIMESTAMP_SKEW_EXCEEDED";
+    readonly TIMESTAMP_INVALID: "TIMESTAMP_INVALID";
+    readonly INVALID_JWS_SIGNATURE: "INVALID_JWS_SIGNATURE";
+    readonly INVALID_JWS_FORMAT: "INVALID_JWS_FORMAT";
+    readonly INVALID_JWS_HEADER: "INVALID_JWS_HEADER";
+    readonly INVALID_JWS_PAYLOAD: "INVALID_JWS_PAYLOAD";
+    readonly INVALID_JWS_SIGNATURE_BASE64: "INVALID_JWS_SIGNATURE_BASE64";
+    readonly UNSUPPORTED_ALGORITHM: "UNSUPPORTED_ALGORITHM";
+    readonly INVALID_JWK_FORMAT: "INVALID_JWK_FORMAT";
+    readonly INVALID_JWK_KTY: "INVALID_JWK_KTY";
+    readonly INVALID_JWK_CRV: "INVALID_JWK_CRV";
+    readonly INVALID_JWK_X_FIELD: "INVALID_JWK_X_FIELD";
+    readonly INVALID_JWK_KEY_LENGTH: "INVALID_JWK_KEY_LENGTH";
+    readonly JWK_KID_MISMATCH: "JWK_KID_MISMATCH";
+    readonly DID_RESOLUTION_FAILED: "DID_RESOLUTION_FAILED";
+    readonly DID_DOCUMENT_NOT_FOUND: "DID_DOCUMENT_NOT_FOUND";
+    readonly VERIFICATION_METHOD_NOT_FOUND: "VERIFICATION_METHOD_NOT_FOUND";
+    readonly PUBLIC_KEY_NOT_FOUND: "PUBLIC_KEY_NOT_FOUND";
+    readonly UNSUPPORTED_DID_METHOD: "UNSUPPORTED_DID_METHOD";
+    readonly VERIFICATION_ERROR: "VERIFICATION_ERROR";
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+};
+export type ProofVerificationErrorCode = typeof PROOF_VERIFICATION_ERROR_CODES[keyof typeof PROOF_VERIFICATION_ERROR_CODES];
+/**
+ * Proof verification error with specific error code
+ */
+export declare class ProofVerificationError extends Error {
+    readonly code: ProofVerificationErrorCode;
+    readonly details?: Record<string, unknown> | undefined;
+    constructor(code: ProofVerificationErrorCode, message: string, details?: Record<string, unknown> | undefined);
+}
+/**
+ * Create a proof verification error
+ */
+export declare function createProofVerificationError(code: ProofVerificationErrorCode, message: string, details?: Record<string, unknown>): ProofVerificationError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/proof/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/proof/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CAoCjC,CAAC;AAEX,MAAM,MAAM,0BAA0B,GACpC,OAAO,8BAA8B,CAAC,MAAM,OAAO,8BAA8B,CAAC,CAAC;AAErF;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;aAE7B,IAAI,EAAE,0BAA0B;aAEhC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;gBAFjC,IAAI,EAAE,0BAA0B,EAChD,OAAO,EAAE,MAAM,EACC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,YAAA;CAKpD;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAC1C,IAAI,EAAE,0BAA0B,EAChC,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAChC,sBAAsB,CAExB"}

package/dist/proof/errors.js

@@ -0,0 +1,61 @@
+/**
+ * Proof Verification Error Codes and Types
+ *
+ * Specific error codes for proof verification failures to enable
+ * better error handling and debugging.
+ */
+/**
+ * Error codes for proof verification
+ */
+export const PROOF_VERIFICATION_ERROR_CODES = {
+    // Proof structure errors
+    INVALID_PROOF_STRUCTURE: "INVALID_PROOF_STRUCTURE",
+    MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD",
+    // Security errors
+    NONCE_REPLAY_DETECTED: "NONCE_REPLAY_DETECTED",
+    TIMESTAMP_SKEW_EXCEEDED: "TIMESTAMP_SKEW_EXCEEDED",
+    TIMESTAMP_INVALID: "TIMESTAMP_INVALID",
+    // Signature errors
+    INVALID_JWS_SIGNATURE: "INVALID_JWS_SIGNATURE",
+    INVALID_JWS_FORMAT: "INVALID_JWS_FORMAT",
+    INVALID_JWS_HEADER: "INVALID_JWS_HEADER",
+    INVALID_JWS_PAYLOAD: "INVALID_JWS_PAYLOAD",
+    INVALID_JWS_SIGNATURE_BASE64: "INVALID_JWS_SIGNATURE_BASE64",
+    UNSUPPORTED_ALGORITHM: "UNSUPPORTED_ALGORITHM",
+    // JWK errors
+    INVALID_JWK_FORMAT: "INVALID_JWK_FORMAT",
+    INVALID_JWK_KTY: "INVALID_JWK_KTY",
+    INVALID_JWK_CRV: "INVALID_JWK_CRV",
+    INVALID_JWK_X_FIELD: "INVALID_JWK_X_FIELD",
+    INVALID_JWK_KEY_LENGTH: "INVALID_JWK_KEY_LENGTH",
+    JWK_KID_MISMATCH: "JWK_KID_MISMATCH",
+    // DID resolution errors
+    DID_RESOLUTION_FAILED: "DID_RESOLUTION_FAILED",
+    DID_DOCUMENT_NOT_FOUND: "DID_DOCUMENT_NOT_FOUND",
+    VERIFICATION_METHOD_NOT_FOUND: "VERIFICATION_METHOD_NOT_FOUND",
+    PUBLIC_KEY_NOT_FOUND: "PUBLIC_KEY_NOT_FOUND",
+    UNSUPPORTED_DID_METHOD: "UNSUPPORTED_DID_METHOD",
+    // Generic errors
+    VERIFICATION_ERROR: "VERIFICATION_ERROR",
+    INTERNAL_ERROR: "INTERNAL_ERROR",
+};
+/**
+ * Proof verification error with specific error code
+ */
+export class ProofVerificationError extends Error {
+    code;
+    details;
+    constructor(code, message, details) {
+        super(message);
+        this.code = code;
+        this.details = details;
+        this.name = "ProofVerificationError";
+    }
+}
+/**
+ * Create a proof verification error
+ */
+export function createProofVerificationError(code, message, details) {
+    return new ProofVerificationError(code, message, details);
+}
+//# sourceMappingURL=errors.js.map

package/dist/proof/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/proof/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG;IAC5C,yBAAyB;IACzB,uBAAuB,EAAE,yBAAyB;IAClD,sBAAsB,EAAE,wBAAwB;IAEhD,kBAAkB;IAClB,qBAAqB,EAAE,uBAAuB;IAC9C,uBAAuB,EAAE,yBAAyB;IAClD,iBAAiB,EAAE,mBAAmB;IAEtC,mBAAmB;IACnB,qBAAqB,EAAE,uBAAuB;IAC9C,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,mBAAmB,EAAE,qBAAqB;IAC1C,4BAA4B,EAAE,8BAA8B;IAC5D,qBAAqB,EAAE,uBAAuB;IAE9C,aAAa;IACb,kBAAkB,EAAE,oBAAoB;IACxC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,mBAAmB,EAAE,qBAAqB;IAC1C,sBAAsB,EAAE,wBAAwB;IAChD,gBAAgB,EAAE,kBAAkB;IAEpC,wBAAwB;IACxB,qBAAqB,EAAE,uBAAuB;IAC9C,sBAAsB,EAAE,wBAAwB;IAChD,6BAA6B,EAAE,+BAA+B;IAC9D,oBAAoB,EAAE,sBAAsB;IAC5C,sBAAsB,EAAE,wBAAwB;IAEhD,iBAAiB;IACjB,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;CACxB,CAAC;AAKX;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAE7B;IAEA;IAHlB,YACkB,IAAgC,EAChD,OAAe,EACC,OAAiC;QAEjD,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,SAAI,GAAJ,IAAI,CAA4B;QAEhC,YAAO,GAAP,OAAO,CAA0B;QAGjD,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,IAAgC,EAChC,OAAe,EACf,OAAiC;IAEjC,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC"}