@mondaydotcomorg/atp-provenance 0.17.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +417 -0
- package/dist/ast/instrumentor.d.ts +37 -0
- package/dist/ast/instrumentor.d.ts.map +1 -0
- package/dist/ast/instrumentor.js +299 -0
- package/dist/ast/instrumentor.js.map +1 -0
- package/dist/index.d.ts +7 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +7 -0
- package/dist/index.js.map +1 -0
- package/dist/policies/engine.d.ts +71 -0
- package/dist/policies/engine.d.ts.map +1 -0
- package/dist/policies/engine.js +433 -0
- package/dist/policies/engine.js.map +1 -0
- package/dist/registry.d.ts +94 -0
- package/dist/registry.d.ts.map +1 -0
- package/dist/registry.js +445 -0
- package/dist/registry.js.map +1 -0
- package/dist/tokens.d.ts +49 -0
- package/dist/tokens.d.ts.map +1 -0
- package/dist/tokens.js +239 -0
- package/dist/tokens.js.map +1 -0
- package/dist/types.d.ts +150 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +47 -0
- package/dist/types.js.map +1 -0
- package/package.json +51 -0
package/dist/registry.js
ADDED
|
@@ -0,0 +1,445 @@
|
|
|
1
|
+
import { nanoid } from 'nanoid';
|
|
2
|
+
import { computeDigest } from './tokens.js';
|
|
3
|
+
const PROVENANCE_KEY = '__provenance__';
|
|
4
|
+
const PROVENANCE_ID_KEY = '__prov_id__';
|
|
5
|
+
const provenanceStore = new WeakMap();
|
|
6
|
+
const provenanceRegistry = new Map();
|
|
7
|
+
const executionProvenanceIds = new Map();
|
|
8
|
+
let currentExecutionId = null;
|
|
9
|
+
const primitiveProvenanceMap = new Map();
|
|
10
|
+
const executionTaintedPrimitives = new Map();
|
|
11
|
+
/**
|
|
12
|
+
* Mark a primitive value as tainted (derived from tool data)
|
|
13
|
+
* Used by AST mode to track derived values
|
|
14
|
+
*/
|
|
15
|
+
export function markPrimitiveTainted(value, sourceMetadata) {
|
|
16
|
+
if (typeof value !== 'string' && typeof value !== 'number') {
|
|
17
|
+
return;
|
|
18
|
+
}
|
|
19
|
+
if (currentExecutionId) {
|
|
20
|
+
const tainted = executionTaintedPrimitives.get(currentExecutionId);
|
|
21
|
+
if (tainted) {
|
|
22
|
+
tainted.add(value);
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
const key = `tainted:${String(value)}`;
|
|
26
|
+
primitiveProvenanceMap.set(key, sourceMetadata);
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Check if a primitive is tainted (derived from tool data)
|
|
30
|
+
*/
|
|
31
|
+
export function isPrimitiveTainted(value) {
|
|
32
|
+
if (typeof value !== 'string' && typeof value !== 'number') {
|
|
33
|
+
return false;
|
|
34
|
+
}
|
|
35
|
+
if (currentExecutionId) {
|
|
36
|
+
const tainted = executionTaintedPrimitives.get(currentExecutionId);
|
|
37
|
+
if (tainted && tainted.has(value)) {
|
|
38
|
+
return true;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Set the current execution ID for provenance tracking
|
|
45
|
+
* MUST be called at start of each execution to prevent memory leaks
|
|
46
|
+
*/
|
|
47
|
+
export function setProvenanceExecutionId(executionId) {
|
|
48
|
+
currentExecutionId = executionId;
|
|
49
|
+
if (!executionProvenanceIds.has(executionId)) {
|
|
50
|
+
executionProvenanceIds.set(executionId, new Set());
|
|
51
|
+
}
|
|
52
|
+
if (!executionTaintedPrimitives.has(executionId)) {
|
|
53
|
+
executionTaintedPrimitives.set(executionId, new Set());
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Clear the current execution ID
|
|
58
|
+
*/
|
|
59
|
+
export function clearProvenanceExecutionId() {
|
|
60
|
+
currentExecutionId = null;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Register provenance metadata directly (for AST tracking in isolated-vm)
|
|
64
|
+
*/
|
|
65
|
+
export function registerProvenanceMetadata(id, metadata, executionId) {
|
|
66
|
+
if (id.startsWith('tainted:') || id.includes(':')) {
|
|
67
|
+
primitiveProvenanceMap.set(id, metadata);
|
|
68
|
+
if (id.startsWith('tainted:')) {
|
|
69
|
+
const value = id.slice('tainted:'.length);
|
|
70
|
+
if (executionId) {
|
|
71
|
+
let tainted = executionTaintedPrimitives.get(executionId);
|
|
72
|
+
if (!tainted) {
|
|
73
|
+
tainted = new Set();
|
|
74
|
+
executionTaintedPrimitives.set(executionId, tainted);
|
|
75
|
+
}
|
|
76
|
+
tainted.add(value);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
else {
|
|
81
|
+
provenanceRegistry.set(id, metadata);
|
|
82
|
+
}
|
|
83
|
+
if (executionId) {
|
|
84
|
+
let ids = executionProvenanceIds.get(executionId);
|
|
85
|
+
if (!ids) {
|
|
86
|
+
ids = new Set();
|
|
87
|
+
executionProvenanceIds.set(executionId, ids);
|
|
88
|
+
}
|
|
89
|
+
ids.add(id);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Cleanup provenance for a specific execution to prevent memory leaks
|
|
94
|
+
* MUST be called after execution completes or fails
|
|
95
|
+
*/
|
|
96
|
+
export function cleanupProvenanceForExecution(executionId) {
|
|
97
|
+
const ids = executionProvenanceIds.get(executionId);
|
|
98
|
+
if (ids) {
|
|
99
|
+
for (const id of ids) {
|
|
100
|
+
provenanceRegistry.delete(id);
|
|
101
|
+
const keysToDelete = [];
|
|
102
|
+
for (const key of primitiveProvenanceMap.keys()) {
|
|
103
|
+
if (key.startsWith(`${id}:`) || key.startsWith('tainted:')) {
|
|
104
|
+
keysToDelete.push(key);
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
for (const key of keysToDelete) {
|
|
108
|
+
primitiveProvenanceMap.delete(key);
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
executionProvenanceIds.delete(executionId);
|
|
112
|
+
}
|
|
113
|
+
executionTaintedPrimitives.delete(executionId);
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* Check if a primitive value was extracted from a provenance-tracked object
|
|
117
|
+
* This catches: const ssn = user.ssn; await send({ body: ssn })
|
|
118
|
+
* Also checks if value is marked as tainted (AST mode)
|
|
119
|
+
*/
|
|
120
|
+
export function getProvenanceForPrimitive(value) {
|
|
121
|
+
if (typeof value !== 'string' && typeof value !== 'number') {
|
|
122
|
+
return null;
|
|
123
|
+
}
|
|
124
|
+
const valueStr = String(value);
|
|
125
|
+
if (isPrimitiveTainted(value)) {
|
|
126
|
+
const taintedKey = `tainted:${valueStr}`;
|
|
127
|
+
const metadata = primitiveProvenanceMap.get(taintedKey);
|
|
128
|
+
if (metadata) {
|
|
129
|
+
return metadata;
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
const taintedKey = `tainted:${valueStr}`;
|
|
133
|
+
const taintedMetadata = primitiveProvenanceMap.get(taintedKey);
|
|
134
|
+
if (taintedMetadata) {
|
|
135
|
+
return taintedMetadata;
|
|
136
|
+
}
|
|
137
|
+
for (const [key, metadata] of primitiveProvenanceMap.entries()) {
|
|
138
|
+
const parts = key.split(':');
|
|
139
|
+
if (parts.length >= 3 && !key.startsWith('tainted:')) {
|
|
140
|
+
const primitiveValue = parts.slice(2).join(':');
|
|
141
|
+
if (primitiveValue === valueStr) {
|
|
142
|
+
return metadata;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
const digest = computeDigest(value);
|
|
147
|
+
if (digest) {
|
|
148
|
+
const digestMetadata = provenanceRegistry.get(digest);
|
|
149
|
+
if (digestMetadata) {
|
|
150
|
+
return digestMetadata;
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
return null;
|
|
154
|
+
}
|
|
155
|
+
/**
|
|
156
|
+
* Capture provenance state for pause/resume
|
|
157
|
+
*/
|
|
158
|
+
export function captureProvenanceState(executionId) {
|
|
159
|
+
const state = new Map();
|
|
160
|
+
const ids = executionProvenanceIds.get(executionId);
|
|
161
|
+
if (ids) {
|
|
162
|
+
for (const id of ids) {
|
|
163
|
+
const metadata = provenanceRegistry.get(id);
|
|
164
|
+
if (metadata) {
|
|
165
|
+
state.set(id, metadata);
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
return state;
|
|
170
|
+
}
|
|
171
|
+
/**
|
|
172
|
+
* Capture provenance snapshot including primitive taints for multi-step token persistence
|
|
173
|
+
*/
|
|
174
|
+
export function captureProvenanceSnapshot(executionId) {
|
|
175
|
+
const registryMap = captureProvenanceState(executionId);
|
|
176
|
+
const registry = Array.from(registryMap.entries());
|
|
177
|
+
const primitives = [];
|
|
178
|
+
const ids = executionProvenanceIds.get(executionId) || new Set();
|
|
179
|
+
const tainted = executionTaintedPrimitives.get(executionId);
|
|
180
|
+
if (tainted) {
|
|
181
|
+
for (const value of tainted) {
|
|
182
|
+
const key = `tainted:${String(value)}`;
|
|
183
|
+
const meta = primitiveProvenanceMap.get(key);
|
|
184
|
+
if (meta) {
|
|
185
|
+
primitives.push([key, meta]);
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
for (const [key, meta] of primitiveProvenanceMap.entries()) {
|
|
190
|
+
if (key.startsWith('tainted:')) {
|
|
191
|
+
continue;
|
|
192
|
+
}
|
|
193
|
+
const [first] = key.split(':');
|
|
194
|
+
if (first && ids.has(first)) {
|
|
195
|
+
primitives.push([key, meta]);
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
return { registry, primitives };
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* Restore provenance state after resume
|
|
202
|
+
*/
|
|
203
|
+
export function restoreProvenanceState(executionId, state) {
|
|
204
|
+
setProvenanceExecutionId(executionId);
|
|
205
|
+
const ids = executionProvenanceIds.get(executionId);
|
|
206
|
+
for (const [id, metadata] of state) {
|
|
207
|
+
provenanceRegistry.set(id, metadata);
|
|
208
|
+
ids.add(id);
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
/**
|
|
212
|
+
* Restore provenance snapshot including primitive taints for multi-step token persistence
|
|
213
|
+
*/
|
|
214
|
+
export function restoreProvenanceSnapshot(executionId, snapshot) {
|
|
215
|
+
const registryMap = new Map(snapshot.registry);
|
|
216
|
+
restoreProvenanceState(executionId, registryMap);
|
|
217
|
+
for (const [key, meta] of snapshot.primitives) {
|
|
218
|
+
primitiveProvenanceMap.set(key, meta);
|
|
219
|
+
if (key.startsWith('tainted:')) {
|
|
220
|
+
const value = key.slice('tainted:'.length);
|
|
221
|
+
let set = executionTaintedPrimitives.get(executionId);
|
|
222
|
+
if (!set) {
|
|
223
|
+
set = new Set();
|
|
224
|
+
executionTaintedPrimitives.set(executionId, set);
|
|
225
|
+
}
|
|
226
|
+
set.add(value);
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
/**
|
|
231
|
+
* Create a provenance-tracked value
|
|
232
|
+
* SOLUTION: Store metadata in global registry, attach only ID to object
|
|
233
|
+
* The ID (simple string) SURVIVES isolated-vm cloning
|
|
234
|
+
*
|
|
235
|
+
* For objects, also wraps in Proxy to track primitive extractions
|
|
236
|
+
*/
|
|
237
|
+
export function createProvenanceProxy(value, source, readers = { type: 'public' }, dependencies = []) {
|
|
238
|
+
if (value === null || value === undefined) {
|
|
239
|
+
return value;
|
|
240
|
+
}
|
|
241
|
+
if (typeof value !== 'object' && typeof value !== 'function') {
|
|
242
|
+
return value;
|
|
243
|
+
}
|
|
244
|
+
const id = nanoid();
|
|
245
|
+
const metadata = {
|
|
246
|
+
id,
|
|
247
|
+
source,
|
|
248
|
+
readers,
|
|
249
|
+
dependencies,
|
|
250
|
+
context: {},
|
|
251
|
+
};
|
|
252
|
+
provenanceRegistry.set(id, metadata);
|
|
253
|
+
if (currentExecutionId) {
|
|
254
|
+
const ids = executionProvenanceIds.get(currentExecutionId);
|
|
255
|
+
if (ids) {
|
|
256
|
+
ids.add(id);
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
try {
|
|
260
|
+
Object.defineProperty(value, PROVENANCE_ID_KEY, {
|
|
261
|
+
value: id,
|
|
262
|
+
writable: false,
|
|
263
|
+
enumerable: true,
|
|
264
|
+
configurable: true,
|
|
265
|
+
});
|
|
266
|
+
}
|
|
267
|
+
catch (e) {
|
|
268
|
+
provenanceStore.set(value, metadata);
|
|
269
|
+
}
|
|
270
|
+
if (Array.isArray(value)) {
|
|
271
|
+
for (const item of value) {
|
|
272
|
+
if (typeof item === 'object' && item !== null && !hasProvenance(item)) {
|
|
273
|
+
createProvenanceProxy(item, source, readers, [id, ...dependencies]);
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
else if (typeof value === 'object') {
|
|
278
|
+
for (const key in value) {
|
|
279
|
+
if (Object.prototype.hasOwnProperty.call(value, key) && key !== PROVENANCE_ID_KEY) {
|
|
280
|
+
const nestedValue = value[key];
|
|
281
|
+
if (typeof nestedValue === 'object' &&
|
|
282
|
+
nestedValue !== null &&
|
|
283
|
+
!hasProvenance(nestedValue)) {
|
|
284
|
+
createProvenanceProxy(nestedValue, source, readers, [id, ...dependencies]);
|
|
285
|
+
}
|
|
286
|
+
else if (typeof nestedValue === 'string' || typeof nestedValue === 'number') {
|
|
287
|
+
const primitiveKey = `${id}:${key}:${String(nestedValue)}`;
|
|
288
|
+
primitiveProvenanceMap.set(primitiveKey, metadata);
|
|
289
|
+
}
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
return value;
|
|
294
|
+
}
|
|
295
|
+
/**
|
|
296
|
+
* Get provenance metadata from a value
|
|
297
|
+
* Looks up by ID from global registry (survives isolated-vm cloning)
|
|
298
|
+
*/
|
|
299
|
+
export function getProvenance(value) {
|
|
300
|
+
if (value === null || value === undefined) {
|
|
301
|
+
return null;
|
|
302
|
+
}
|
|
303
|
+
if (typeof value === 'string' || typeof value === 'number') {
|
|
304
|
+
const primitiveProvenance = getProvenanceForPrimitive(value);
|
|
305
|
+
if (primitiveProvenance) {
|
|
306
|
+
return primitiveProvenance;
|
|
307
|
+
}
|
|
308
|
+
}
|
|
309
|
+
if (typeof value === 'object') {
|
|
310
|
+
const id = value[PROVENANCE_ID_KEY];
|
|
311
|
+
if (id && typeof id === 'string') {
|
|
312
|
+
const metadata = provenanceRegistry.get(id);
|
|
313
|
+
if (metadata) {
|
|
314
|
+
return metadata;
|
|
315
|
+
}
|
|
316
|
+
}
|
|
317
|
+
if (PROVENANCE_KEY in value) {
|
|
318
|
+
return value[PROVENANCE_KEY];
|
|
319
|
+
}
|
|
320
|
+
const stored = provenanceStore.get(value);
|
|
321
|
+
if (stored) {
|
|
322
|
+
return stored;
|
|
323
|
+
}
|
|
324
|
+
}
|
|
325
|
+
return null;
|
|
326
|
+
}
|
|
327
|
+
/**
|
|
328
|
+
* Check if a value has provenance tracking
|
|
329
|
+
*/
|
|
330
|
+
export function hasProvenance(value) {
|
|
331
|
+
return getProvenance(value) !== null;
|
|
332
|
+
}
|
|
333
|
+
/**
|
|
334
|
+
* Get all provenance metadata in an object recursively
|
|
335
|
+
*/
|
|
336
|
+
export function getAllProvenance(value, visited = new Set()) {
|
|
337
|
+
if (value === null || value === undefined || typeof value !== 'object') {
|
|
338
|
+
return [];
|
|
339
|
+
}
|
|
340
|
+
if (visited.has(value)) {
|
|
341
|
+
return [];
|
|
342
|
+
}
|
|
343
|
+
visited.add(value);
|
|
344
|
+
const results = [];
|
|
345
|
+
const metadata = getProvenance(value);
|
|
346
|
+
if (metadata) {
|
|
347
|
+
results.push(metadata);
|
|
348
|
+
}
|
|
349
|
+
if (Array.isArray(value)) {
|
|
350
|
+
for (const item of value) {
|
|
351
|
+
results.push(...getAllProvenance(item, visited));
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
else if (typeof value === 'object') {
|
|
355
|
+
for (const key in value) {
|
|
356
|
+
if (key !== PROVENANCE_KEY &&
|
|
357
|
+
key !== PROVENANCE_ID_KEY &&
|
|
358
|
+
Object.prototype.hasOwnProperty.call(value, key)) {
|
|
359
|
+
results.push(...getAllProvenance(value[key], visited));
|
|
360
|
+
}
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
return results;
|
|
364
|
+
}
|
|
365
|
+
/**
|
|
366
|
+
* Merge reader permissions (intersection for security)
|
|
367
|
+
*/
|
|
368
|
+
export function mergeReaders(readers1, readers2) {
|
|
369
|
+
if (readers1.type === 'public') {
|
|
370
|
+
return readers2;
|
|
371
|
+
}
|
|
372
|
+
if (readers2.type === 'public') {
|
|
373
|
+
return readers1;
|
|
374
|
+
}
|
|
375
|
+
const intersection = readers1.readers.filter((r) => readers2.readers.includes(r));
|
|
376
|
+
return { type: 'restricted', readers: intersection };
|
|
377
|
+
}
|
|
378
|
+
/**
|
|
379
|
+
* Check if a reader can access data with given permissions
|
|
380
|
+
*/
|
|
381
|
+
export function canRead(reader, permissions) {
|
|
382
|
+
if (permissions.type === 'public') {
|
|
383
|
+
return true;
|
|
384
|
+
}
|
|
385
|
+
return permissions.readers.includes(reader);
|
|
386
|
+
}
|
|
387
|
+
/**
|
|
388
|
+
* Extract provenance for serialization (pause/resume)
|
|
389
|
+
*/
|
|
390
|
+
export function extractProvenanceMap(sandbox) {
|
|
391
|
+
const provenanceMap = new Map();
|
|
392
|
+
const visited = new Set();
|
|
393
|
+
function traverse(value, path = '') {
|
|
394
|
+
if (value === null || value === undefined || typeof value !== 'object') {
|
|
395
|
+
return;
|
|
396
|
+
}
|
|
397
|
+
if (visited.has(value)) {
|
|
398
|
+
return;
|
|
399
|
+
}
|
|
400
|
+
visited.add(value);
|
|
401
|
+
const metadata = getProvenance(value);
|
|
402
|
+
if (metadata) {
|
|
403
|
+
provenanceMap.set(path || metadata.id, metadata);
|
|
404
|
+
}
|
|
405
|
+
if (Array.isArray(value)) {
|
|
406
|
+
value.forEach((item, index) => {
|
|
407
|
+
traverse(item, `${path}[${index}]`);
|
|
408
|
+
});
|
|
409
|
+
}
|
|
410
|
+
else if (typeof value === 'object') {
|
|
411
|
+
for (const key in value) {
|
|
412
|
+
if (Object.prototype.hasOwnProperty.call(value, key)) {
|
|
413
|
+
traverse(value[key], path ? `${path}.${key}` : key);
|
|
414
|
+
}
|
|
415
|
+
}
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
for (const [key, value] of Object.entries(sandbox)) {
|
|
419
|
+
traverse(value, key);
|
|
420
|
+
}
|
|
421
|
+
return provenanceMap;
|
|
422
|
+
}
|
|
423
|
+
/**
|
|
424
|
+
* Restore provenance from serialized state
|
|
425
|
+
*/
|
|
426
|
+
export function restoreProvenanceMap(provenanceMap, sandbox) {
|
|
427
|
+
for (const [path, metadata] of provenanceMap.entries()) {
|
|
428
|
+
const value = resolvePath(sandbox, path);
|
|
429
|
+
if (value !== undefined && typeof value === 'object') {
|
|
430
|
+
provenanceStore.set(value, metadata);
|
|
431
|
+
}
|
|
432
|
+
}
|
|
433
|
+
}
|
|
434
|
+
function resolvePath(obj, path) {
|
|
435
|
+
const parts = path.split(/[\.\[]/).map((p) => p.replace(/\]$/, ''));
|
|
436
|
+
let current = obj;
|
|
437
|
+
for (const part of parts) {
|
|
438
|
+
if (current === null || current === undefined) {
|
|
439
|
+
return undefined;
|
|
440
|
+
}
|
|
441
|
+
current = current[part];
|
|
442
|
+
}
|
|
443
|
+
return current;
|
|
444
|
+
}
|
|
445
|
+
//# sourceMappingURL=registry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAOhC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,cAAc,GAAG,gBAAgB,CAAC;AACxC,MAAM,iBAAiB,GAAG,aAAa,CAAC;AACxC,MAAM,eAAe,GAAG,IAAI,OAAO,EAA8B,CAAC;AAElE,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA8B,CAAC;AAEjE,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAuB,CAAC;AAE9D,IAAI,kBAAkB,GAAkB,IAAI,CAAC;AAE7C,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAA8B,CAAC;AAErE,MAAM,0BAA0B,GAAG,IAAI,GAAG,EAAwB,CAAC;AAEnE;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAc,EAAE,cAAkC;IACtF,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO;IACR,CAAC;IAED,IAAI,kBAAkB,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACnE,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACF,CAAC;IAED,MAAM,GAAG,GAAG,WAAW,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IACvC,sBAAsB,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,kBAAkB,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACnE,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAmB;IAC3D,kBAAkB,GAAG,WAAW,CAAC;IACjC,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9C,sBAAsB,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAClD,0BAA0B,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B;IACzC,kBAAkB,GAAG,IAAI,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACzC,EAAU,EACV,QAA4B,EAC5B,WAAoB;IAEpB,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,sBAAsB,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAEzC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,WAAW,EAAE,CAAC;gBACjB,IAAI,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;oBACd,OAAO,GAAG,IAAI,GAAG,EAAE,CAAC;oBACpB,0BAA0B,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBACtD,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACF,CAAC;IACF,CAAC;SAAM,CAAC;QACP,kBAAkB,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QACjB,IAAI,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,EAAE,CAAC;YACV,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;YAChB,sBAAsB,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;AACF,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,6BAA6B,CAAC,WAAmB;IAChE,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACpD,IAAI,GAAG,EAAE,CAAC;QACT,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACtB,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,sBAAsB,CAAC,IAAI,EAAE,EAAE,CAAC;gBACjD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5D,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACxB,CAAC;YACF,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;gBAChC,sBAAsB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;QACF,CAAC;QACD,sBAAsB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED,0BAA0B,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,IAAI,CAAC;IACb,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAE/B,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,WAAW,QAAQ,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACxD,IAAI,QAAQ,EAAE,CAAC;YACd,OAAO,QAAQ,CAAC;QACjB,CAAC;IACF,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,QAAQ,EAAE,CAAC;IACzC,MAAM,eAAe,GAAG,sBAAsB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/D,IAAI,eAAe,EAAE,CAAC;QACrB,OAAO,eAAe,CAAC;IACxB,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,sBAAsB,CAAC,OAAO,EAAE,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtD,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,cAAc,KAAK,QAAQ,EAAE,CAAC;gBACjC,OAAO,QAAQ,CAAC;YACjB,CAAC;QACF,CAAC;IACF,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,MAAM,EAAE,CAAC;QACZ,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,cAAc,EAAE,CAAC;YACpB,OAAO,cAAc,CAAC;QACvB,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,WAAmB;IACzD,MAAM,KAAK,GAAG,IAAI,GAAG,EAA8B,CAAC;IACpD,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACpD,IAAI,GAAG,EAAE,CAAC;QACT,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACtB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACd,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YACzB,CAAC;QACF,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAAmB;IAI5D,MAAM,WAAW,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IAEnD,MAAM,UAAU,GAAwC,EAAE,CAAC;IAC3D,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;IAEzE,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5D,IAAI,OAAO,EAAE,CAAC;QACb,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,WAAW,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7C,IAAI,IAAI,EAAE,CAAC;gBACV,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;YAC9B,CAAC;QACF,CAAC;IACF,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,sBAAsB,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5D,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,SAAS;QACV,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAC9B,CAAC;IACF,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACrC,WAAmB,EACnB,KAAsC;IAEtC,wBAAwB,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAE,CAAC;IAErD,KAAK,MAAM,CAAC,EAAE,EAAE,QAAQ,CAAC,IAAI,KAAK,EAAE,CAAC;QACpC,kBAAkB,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QACrC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACxC,WAAmB,EACnB,QAGC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,sBAAsB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAEjD,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC/C,sBAAsB,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEtC,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,GAAG,GAAG,0BAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,GAAG,EAAE,CAAC;gBACV,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;gBAChB,0BAA0B,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CACpC,KAAQ,EACR,MAAsB,EACtB,UAA6B,EAAE,IAAI,EAAE,QAAQ,EAAE,EAC/C,eAAyB,EAAE;IAE3B,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC3C,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACd,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,QAAQ,GAAuB;QACpC,EAAE;QACF,MAAM;QACN,OAAO;QACP,YAAY;QACZ,OAAO,EAAE,EAAE;KACX,CAAC;IAEF,kBAAkB,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IAErC,IAAI,kBAAkB,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC3D,IAAI,GAAG,EAAE,CAAC;YACT,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACF,CAAC;IAED,IAAI,CAAC;QACJ,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,iBAAiB,EAAE;YAC/C,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,IAAI;SAClB,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACZ,eAAe,CAAC,GAAG,CAAC,KAAe,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvE,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;YACrE,CAAC;QACF,CAAC;IACF,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,KAAK,MAAM,GAAG,IAAI,KAAgC,EAAE,CAAC;YACpD,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,GAAG,KAAK,iBAAiB,EAAE,CAAC;gBACnF,MAAM,WAAW,GAAI,KAAiC,CAAC,GAAG,CAAC,CAAC;gBAC5D,IACC,OAAO,WAAW,KAAK,QAAQ;oBAC/B,WAAW,KAAK,IAAI;oBACpB,CAAC,aAAa,CAAC,WAAW,CAAC,EAC1B,CAAC;oBACF,qBAAqB,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;oBAC/E,MAAM,YAAY,GAAG,GAAG,EAAE,IAAI,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC3D,sBAAsB,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACpD,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC3C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACb,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5D,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,mBAAmB,EAAE,CAAC;YACzB,OAAO,mBAAmB,CAAC;QAC5B,CAAC;IACF,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,EAAE,GAAI,KAAa,CAAC,iBAAiB,CAAC,CAAC;QAC7C,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACd,OAAO,QAAQ,CAAC;YACjB,CAAC;QACF,CAAC;QAED,IAAI,cAAc,IAAK,KAAa,EAAE,CAAC;YACtC,OAAQ,KAAa,CAAC,cAAc,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACZ,OAAO,MAAM,CAAC;QACf,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc;IAC3C,OAAO,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAc,EAAE,UAAU,IAAI,GAAG,EAAO;IACxE,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxE,OAAO,EAAE,CAAC;IACX,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,EAAE,CAAC;IACX,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAEnB,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEtC,IAAI,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC;IACF,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;YACzB,IACC,GAAG,KAAK,cAAc;gBACtB,GAAG,KAAK,iBAAiB;gBACzB,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,EAC/C,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAE,KAAa,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YACjE,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC3B,QAA2B,EAC3B,QAA2B;IAE3B,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1F,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,MAAc,EAAE,WAA8B;IACrE,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CACnC,OAAgC;IAEhC,MAAM,aAAa,GAAG,IAAI,GAAG,EAA8B,CAAC;IAC5D,MAAM,OAAO,GAAG,IAAI,GAAG,EAAO,CAAC;IAE/B,SAAS,QAAQ,CAAC,KAAc,EAAE,OAAe,EAAE;QAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxE,OAAO;QACR,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;QACR,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEnB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,QAAQ,EAAE,CAAC;YACd,aAAa,CAAC,GAAG,CAAC,IAAI,IAAI,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC7B,QAAQ,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,CAAC;YACrC,CAAC,CAAC,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;oBACtD,QAAQ,CAAE,KAAa,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAC9D,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,aAAa,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CACnC,aAA8C,EAC9C,OAAgC;IAEhC,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACzC,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtD,eAAe,CAAC,GAAG,CAAC,KAAe,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;IACF,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B,EAAE,IAAY;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IACpE,IAAI,OAAO,GAAQ,GAAG,CAAC;IAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QAC1B,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC/C,OAAO,SAAS,CAAC;QAClB,CAAC;QACD,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC"}
|
package/dist/tokens.d.ts
ADDED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import type { ProvenanceMetadata } from './types.js';
|
|
2
|
+
interface CacheProvider {
|
|
3
|
+
name: string;
|
|
4
|
+
get(key: string): Promise<unknown>;
|
|
5
|
+
set(key: string, value: unknown, ttl?: number): Promise<void>;
|
|
6
|
+
delete(key: string): Promise<void>;
|
|
7
|
+
has?(key: string): Promise<boolean>;
|
|
8
|
+
disconnect?(): Promise<void>;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Token payload structure
|
|
12
|
+
*/
|
|
13
|
+
export interface TokenPayload {
|
|
14
|
+
v: 1;
|
|
15
|
+
clientId: string;
|
|
16
|
+
executionId: string;
|
|
17
|
+
createdAt: number;
|
|
18
|
+
expiresAt: number;
|
|
19
|
+
valueDigest: string;
|
|
20
|
+
metaId: string;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Deterministic JSON stringification with sorted keys
|
|
24
|
+
*/
|
|
25
|
+
export declare function stableStringify(value: unknown): string | null;
|
|
26
|
+
/**
|
|
27
|
+
* Compute SHA-256 digest of value
|
|
28
|
+
*/
|
|
29
|
+
export declare function computeDigest(value: unknown): string | null;
|
|
30
|
+
/**
|
|
31
|
+
* Get client secret (Phase 1: single secret from env)
|
|
32
|
+
*/
|
|
33
|
+
export declare function getClientSecret(clientId: string): string;
|
|
34
|
+
/**
|
|
35
|
+
* Issue a provenance token for a value
|
|
36
|
+
*/
|
|
37
|
+
export declare function issueProvenanceToken(metadata: ProvenanceMetadata, value: unknown, clientId: string, executionId: string, cacheProvider: CacheProvider, ttl?: number): Promise<string | null>;
|
|
38
|
+
/**
|
|
39
|
+
* Verify and extract provenance from a token
|
|
40
|
+
*/
|
|
41
|
+
export declare function verifyProvenanceToken(token: string, value: unknown, clientId: string, executionId: string, cacheProvider: CacheProvider): Promise<ProvenanceMetadata | null>;
|
|
42
|
+
/**
|
|
43
|
+
* Verify multiple hints and build a digest → metadata map
|
|
44
|
+
* Returns map for O(1) lookup during re-attachment
|
|
45
|
+
* ALSO returns a value → metadata map for substring matching
|
|
46
|
+
*/
|
|
47
|
+
export declare function verifyProvenanceHints(hints: string[], clientId: string, executionId: string, cacheProvider: CacheProvider, maxHints?: number): Promise<Map<string, ProvenanceMetadata>>;
|
|
48
|
+
export {};
|
|
49
|
+
//# sourceMappingURL=tokens.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAGrD,UAAU,aAAa;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,UAAU,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,CAAC,EAAE,CAAC,CAAC;IACL,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CACf;AAID;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CA4C7D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAM3D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAkBxD;AASD;;GAEG;AACH,wBAAsB,oBAAoB,CACzC,QAAQ,EAAE,kBAAkB,EAC5B,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,EAC5B,GAAG,GAAE,MAAa,GAChB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqCxB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAC1C,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,GAC1B,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAwEpC;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CAC1C,KAAK,EAAE,MAAM,EAAE,EACf,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,aAAa,EAC5B,QAAQ,GAAE,MAAa,GACrB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAyD1C"}
|