@motebit/crypto 0.8.0

package/LICENSE

@@ -0,0 +1,26 @@
+MIT License
+
+Copyright (c) 2026 Motebit
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+"Motebit" is a trademark of Motebit, Inc. The MIT License grants rights to
+this software, not to any Motebit trademarks, logos, or branding. You may not
+use Motebit branding in a way that suggests endorsement or affiliation without
+written permission.

package/README.md

@@ -0,0 +1,142 @@
+# @motebit/crypto
+
+Protocol cryptography for Motebit — sign and verify all artifacts.
+
+Receipts, credentials, delegations, successions, presentations. Zero runtime dependencies. MIT licensed.
+
+## Install
+
+```bash
+npm install @motebit/crypto
+```
+
+## Verify
+
+```typescript
+import { verify } from "@motebit/crypto";
+
+// Identity file
+const r1 = await verify(fs.readFileSync("motebit.md", "utf-8"));
+if (r1.type === "identity" && r1.valid) {
+  console.log(r1.did); // did:key:z...
+}
+
+// Execution receipt (object or JSON string)
+const r2 = await verify(receipt);
+if (r2.type === "receipt" && r2.valid) {
+  console.log(r2.signer); // did:key of the signing agent
+}
+
+// Verifiable credential
+const r3 = await verify(credential);
+if (r3.type === "credential" && r3.valid) {
+  console.log(r3.issuer); // did:key of the issuer
+}
+```
+
+## Sign
+
+```typescript
+import { signExecutionReceipt, generateKeypair } from "@motebit/crypto";
+
+const { publicKey, privateKey } = await generateKeypair();
+
+const signed = await signExecutionReceipt(receipt, privateKey, publicKey);
+// signed.signature is base64url Ed25519 over canonical JSON
+```
+
+```typescript
+import { signDelegation } from "@motebit/crypto";
+
+const token = await signDelegation(
+  {
+    delegator_id,
+    delegator_public_key,
+    delegate_id,
+    delegate_public_key,
+    scope,
+    issued_at,
+    expires_at,
+  },
+  delegatorPrivateKey,
+);
+```
+
+```typescript
+import { issueReputationCredential } from "@motebit/crypto";
+
+const vc = await issueReputationCredential(
+  {
+    success_rate: 0.95,
+    avg_latency_ms: 120,
+    task_count: 50,
+    trust_score: 0.8,
+    availability: 0.99,
+    measured_at: Date.now(),
+  },
+  privateKey,
+  publicKey,
+  subjectDid,
+);
+```
+
+## API
+
+### Verification
+
+- **`verify(artifact, options?)`** — Verify any artifact. Detects type automatically. Returns discriminated union.
+- **`verifyIdentityFile(content)`** — _(deprecated)_ Legacy identity verification. Use `verify()` instead.
+- **`parse(content)`** — Parse a `motebit.md` without verifying.
+
+### Signing
+
+- **`signExecutionReceipt(receipt, privateKey, publicKey?)`** — Sign a receipt with Ed25519.
+- **`signSovereignPaymentReceipt(input, privateKey, publicKey)`** — Sign a sovereign onchain payment receipt.
+- **`signDelegation(delegation, delegatorPrivateKey)`** — Sign a delegation token.
+- **`signKeySuccession(oldPrivateKey, newPrivateKey, newPublicKey, oldPublicKey)`** — Sign a key rotation.
+- **`signCollaborativeReceipt(receipt, initiatorPrivateKey)`** — Sign a collaborative receipt.
+- **`signVerifiableCredential(vc, privateKey, publicKey)`** — Sign a W3C VC (eddsa-jcs-2022).
+- **`signVerifiablePresentation(vp, privateKey, publicKey)`** — Sign a W3C VP.
+
+### Credential Issuance
+
+- **`issueGradientCredential(snapshot, privateKey, publicKey)`** — Issue an intelligence gradient VC.
+- **`issueReputationCredential(snapshot, privateKey, publicKey, subjectDid)`** — Issue a reputation VC.
+- **`issueTrustCredential(trustRecord, privateKey, publicKey, subjectDid)`** — Issue a trust VC.
+- **`createPresentation(credentials, privateKey, publicKey)`** — Bundle VCs into a signed VP.
+
+### Chain Verification
+
+- **`verifyReceiptChain(receipt, knownKeys)`** — Recursively verify a delegation receipt tree.
+- **`verifyReceiptSequence(chain)`** — Verify a flat sequence of receipts.
+- **`verifyDelegation(delegation, options?)`** — Verify a delegation token signature.
+- **`verifyDelegationChain(chain)`** — Verify a chain of delegations with scope narrowing.
+- **`verifyKeySuccession(record, guardianPublicKeyHex?)`** — Verify a key rotation record.
+- **`verifySuccessionChain(chain, guardianPublicKeyHex?)`** — Verify a full key rotation chain.
+
+### Primitives
+
+- **`generateKeypair()`** — Generate an Ed25519 keypair.
+- **`ed25519Sign(message, privateKey)`** — Raw Ed25519 sign.
+- **`ed25519Verify(signature, message, publicKey)`** — Raw Ed25519 verify.
+- **`canonicalJson(obj)`** — Deterministic JSON serialization (JCS/RFC 8785).
+- **`hash(data)`** — SHA-256 hex string.
+- **`createSignedToken(payload, privateKey)`** — Create a signed auth token.
+- **`verifySignedToken(token, publicKey)`** — Verify a signed auth token.
+- **`publicKeyToDidKey(publicKey)`** / **`didKeyToPublicKey(did)`** — did:key conversion.
+
+## What can it do?
+
+| Operation | Artifacts                                                                                  | Format                      |
+| --------- | ------------------------------------------------------------------------------------------ | --------------------------- |
+| Sign      | Receipts, delegations, credentials, presentations, successions, payment receipts           | Ed25519 over canonical JSON |
+| Verify    | Identity files, receipts, credentials, presentations, delegation chains, succession chains | Offline — no network calls  |
+| Issue     | Gradient, reputation, and trust credentials                                                | W3C VC 2.0, eddsa-jcs-2022  |
+
+All operations are **offline** — no network calls, no relay lookup, no runtime dependency. Everything needed for signing and verification is in the artifact itself.
+
+## License
+
+MIT — see [LICENSE](./LICENSE).
+
+"Motebit" is a trademark. The MIT License grants rights to this software, not to any Motebit trademarks, logos, or branding. You may not use Motebit branding in a way that suggests endorsement or affiliation without written permission.

package/dist/artifacts.d.ts

@@ -0,0 +1,268 @@
+/**
+ * Protocol artifact signing — receipts, delegations, successions, collaborative receipts.
+ *
+ * These functions define the canonical signing format for all Motebit protocol
+ * artifacts. A third party needs these to produce valid signed artifacts that
+ * any verifier will accept.
+ *
+ * Moved from BSL @motebit/crypto to MIT @motebit/crypto.
+ */
+/**
+ * Shape of an execution receipt for signing/verification.
+ * Structurally compatible with @motebit/protocol ExecutionReceipt.
+ */
+export interface SignableReceipt {
+    task_id: string;
+    motebit_id: string;
+    /** Signer's Ed25519 public key (hex). Enables verification without relay lookup. */
+    public_key?: string;
+    device_id: string;
+    submitted_at: number;
+    completed_at: number;
+    status: "completed" | "failed" | "denied";
+    result: string;
+    tools_used: string[];
+    memories_formed: number;
+    prompt_hash: string;
+    result_hash: string;
+    delegation_receipts?: SignableReceipt[];
+    relay_task_id?: string;
+    delegated_scope?: string;
+    signature: string;
+}
+/**
+ * Sign an execution receipt. Produces a canonical JSON representation
+ * of all fields except `signature`, signs it with Ed25519, and sets
+ * the `signature` field to the base64url-encoded result.
+ */
+export declare function signExecutionReceipt<T extends Omit<SignableReceipt, "signature">>(receipt: T, privateKey: Uint8Array, publicKey?: Uint8Array): Promise<T & {
+    signature: string;
+}>;
+/**
+ * Verify an execution receipt's Ed25519 signature.
+ * Reconstructs the canonical JSON from all fields except `signature`
+ * and verifies against the provided public key.
+ */
+export declare function verifyExecutionReceipt(receipt: SignableReceipt, publicKey: Uint8Array): Promise<boolean>;
+/**
+ * Inputs for a sovereign payment receipt — produced by the *payee* when
+ * a counterparty pays them directly via an onchain wallet rail (Solana,
+ * future Aptos/Sui), bypassing the relay's settlement gate.
+ *
+ * The receipt is structurally an `ExecutionReceipt` with:
+ *   - `task_id` formatted as `{rail}:tx:{txHash}` so the trust signal
+ *     anchors to a specific, globally unique onchain payment.
+ *   - `relay_task_id` left undefined (the field is optional precisely
+ *     for non-relay execution paths — see protocol/index.ts).
+ *   - All cryptography identical to relay-mediated receipts: same
+ *     canonical JSON, same Ed25519 sign/verify, same trust ingestion.
+ */
+export interface SovereignPaymentReceiptInput {
+    /** The payee's motebit ID (the worker who is signing this receipt). */
+    payee_motebit_id: string;
+    /** The payee's device ID. */
+    payee_device_id: string;
+    /** The payer's motebit ID — recorded in `result` for downstream audit. */
+    payer_motebit_id: string;
+    /** Onchain payment proof: rail name (e.g., "solana") + transaction signature. */
+    rail: string;
+    tx_hash: string;
+    /** Payment amount in micro-units (6 decimals for USDC). */
+    amount_micro: bigint;
+    /** Asset symbol (e.g., "USDC"). */
+    asset: string;
+    /** Brief human-readable description of the service rendered. */
+    service_description: string;
+    /** SHA-256 hash of the request payload. */
+    prompt_hash: string;
+    /** SHA-256 hash of the result payload. */
+    result_hash: string;
+    /** Tools the payee used to deliver the service. Empty array if pure payment ack. */
+    tools_used?: string[];
+    /** When the payee accepted the request. */
+    submitted_at: number;
+    /** When the payee completed the work. */
+    completed_at: number;
+}
+/**
+ * Construct, canonicalize, and sign a sovereign payment receipt with
+ * the payee's Ed25519 identity key. Returns a fully-formed
+ * `ExecutionReceipt` that can be passed to any standard verifier and
+ * fed into `bumpTrustFromReceipt` on the payer's runtime.
+ *
+ * No relay is contacted at any point. The resulting receipt is
+ * self-verifiable forever from the embedded `public_key` field.
+ */
+export declare function signSovereignPaymentReceipt(input: SovereignPaymentReceiptInput, privateKey: Uint8Array, publicKey: Uint8Array): Promise<SignableReceipt>;
+export interface ReceiptVerification {
+    task_id: string;
+    motebit_id: string;
+    verified: boolean;
+    error?: string;
+    delegations: ReceiptVerification[];
+}
+/**
+ * Known public keys map: motebit_id → Uint8Array public key.
+ * Used to look up the correct key for each receipt in the chain.
+ */
+export type KnownKeys = Map<string, Uint8Array>;
+/**
+ * Recursively verify an execution receipt and all its delegation receipts.
+ * Each receipt is verified against the public key found in `knownKeys` for its `motebit_id`.
+ * Returns a tree of verification results mirroring the delegation structure.
+ */
+export declare function verifyReceiptChain(receipt: SignableReceipt, knownKeys: KnownKeys): Promise<ReceiptVerification>;
+export interface ReceiptChainEntry {
+    receipt: SignableReceipt;
+    signer_public_key: Uint8Array;
+}
+/**
+ * Verify a flat sequence of execution receipts.
+ *
+ * A valid sequence means:
+ * 1. Each receipt's signature is valid against its signer's public key.
+ * 2. Adjacent receipts are temporally ordered: receipt[i].completed_at <= receipt[i+1].submitted_at.
+ *
+ * An empty sequence is considered valid.
+ * Use `verifyReceiptChain` for nested/tree-structured delegation receipts.
+ */
+export declare function verifyReceiptSequence(chain: ReceiptChainEntry[]): Promise<{
+    valid: boolean;
+    error?: string;
+    index?: number;
+}>;
+/**
+ * A signed delegation token authorizing one entity to act on behalf of another.
+ * The delegator signs (delegator_id, delegate_id, scope, issued_at, expires_at)
+ * with their private key, proving they authorized the delegate.
+ */
+export interface DelegationToken {
+    delegator_id: string;
+    delegator_public_key: string;
+    delegate_id: string;
+    delegate_public_key: string;
+    scope: string;
+    issued_at: number;
+    expires_at: number;
+    signature: string;
+}
+/**
+ * Sign a delegation token. The delegator authorizes the delegate to act
+ * within the given scope. The signature covers all fields except `signature`.
+ */
+export declare function signDelegation(delegation: Omit<DelegationToken, "signature">, delegatorPrivateKey: Uint8Array): Promise<DelegationToken>;
+/**
+ * Verify a delegation token's signature and (optionally) expiration.
+ *
+ * @param delegation - The delegation token to verify
+ * @param options.checkExpiry - If true (default), reject expired tokens. Pass false
+ *   only when verifying historical chains where expiration is irrelevant.
+ * @param options.now - Current time in ms (default: Date.now()). For testing.
+ */
+export declare function verifyDelegation(delegation: DelegationToken, options?: {
+    checkExpiry?: boolean;
+    now?: number;
+}): Promise<boolean>;
+/**
+ * Verify a chain of delegation tokens.
+ *
+ * A valid chain means:
+ * 1. Each delegation's signature is valid (signed by the delegator's key).
+ * 2. Adjacent delegations are linked: delegation[i].delegate_id === delegation[i+1].delegator_id
+ *    and delegation[i].delegate_public_key === delegation[i+1].delegator_public_key.
+ *
+ * An empty chain is considered valid (no delegations to verify).
+ */
+export declare function verifyDelegationChain(chain: DelegationToken[]): Promise<{
+    valid: boolean;
+    error?: string;
+}>;
+/**
+ * A key succession record proving that one Ed25519 key has been replaced by another.
+ * Normal rotation: both old and new keys sign. Guardian recovery: guardian + new key sign.
+ */
+export interface KeySuccessionRecord {
+    old_public_key: string;
+    new_public_key: string;
+    timestamp: number;
+    reason?: string;
+    old_key_signature?: string;
+    new_key_signature: string;
+    /** True when succession was authorized by guardian, not old key. */
+    recovery?: boolean;
+    /** Guardian signature — present only when recovery is true. */
+    guardian_signature?: string;
+}
+/**
+ * Create a key succession record signed by both the old and new keys.
+ */
+export declare function signKeySuccession(oldPrivateKey: Uint8Array, newPrivateKey: Uint8Array, newPublicKey: Uint8Array, oldPublicKey: Uint8Array, reason?: string): Promise<KeySuccessionRecord>;
+/**
+ * Sign a guardian recovery succession record (§3.8.3).
+ * The guardian key signs instead of the compromised old key.
+ * Reason MUST include "guardian_recovery".
+ */
+export declare function signGuardianRecoverySuccession(guardianPrivateKey: Uint8Array, newPrivateKey: Uint8Array, oldPublicKey: Uint8Array, newPublicKey: Uint8Array, reason?: string): Promise<KeySuccessionRecord>;
+/**
+ * Verify a key succession record. For normal rotation, checks old_key_signature + new_key_signature.
+ * For guardian recovery (recovery: true), checks guardian_signature + new_key_signature.
+ */
+export declare function verifyKeySuccession(record: KeySuccessionRecord, guardianPublicKeyHex?: string): Promise<boolean>;
+/** Result of verifying a key succession chain. */
+export interface SuccessionChainResult {
+    valid: boolean;
+    genesis_public_key: string;
+    current_public_key: string;
+    length: number;
+    error?: {
+        index: number;
+        message: string;
+    };
+}
+/**
+ * Verify a full key succession chain — an ordered array of KeySuccessionRecords
+ * representing a sequence of key rotations from a genesis key to the current active key.
+ */
+export declare function verifySuccessionChain(chain: KeySuccessionRecord[], guardianPublicKeyHex?: string): Promise<SuccessionChainResult>;
+/**
+ * Sign a guardian revocation payload — requires BOTH identity and guardian keys.
+ * Neither party can unilaterally dissolve the custody relationship.
+ */
+export declare function signGuardianRevocation(identityPrivateKey: Uint8Array, guardianPrivateKey: Uint8Array, timestamp?: number): Promise<{
+    payload: string;
+    identity_signature: string;
+    guardian_signature: string;
+    timestamp: number;
+}>;
+/**
+ * Verify a guardian revocation proof — both signatures must be valid.
+ */
+export declare function verifyGuardianRevocation(revocation: {
+    identity_signature: string;
+    guardian_signature: string;
+    timestamp: number;
+}, identityPublicKeyHex: string, guardianPublicKeyHex: string): Promise<boolean>;
+export interface SignableCollaborativeReceipt {
+    proposal_id: string;
+    plan_id: string;
+    participant_receipts: SignableReceipt[];
+    content_hash: string;
+    initiator_signature: string;
+}
+/**
+ * Sign a collaborative receipt. Computes a content hash over the canonical
+ * JSON of all participant receipts, then signs the aggregate with the
+ * initiator's Ed25519 private key.
+ */
+export declare function signCollaborativeReceipt(receipt: Omit<SignableCollaborativeReceipt, "content_hash" | "initiator_signature">, initiatorPrivateKey: Uint8Array): Promise<SignableCollaborativeReceipt>;
+/**
+ * Verify a collaborative receipt:
+ * 1. Recomputes content hash from participant receipts and checks it matches.
+ * 2. Verifies the initiator's Ed25519 signature over the aggregate.
+ * 3. Optionally verifies each participant receipt against known keys.
+ */
+export declare function verifyCollaborativeReceipt(receipt: SignableCollaborativeReceipt, initiatorPublicKey: Uint8Array, participantKeys?: KnownKeys): Promise<{
+    valid: boolean;
+    error?: string;
+}>;
+//# sourceMappingURL=artifacts.d.ts.map

package/dist/artifacts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"artifacts.d.ts","sourceRoot":"","sources":["../src/artifacts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAgBH;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,eAAe,EAAE,CAAC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,SAAS,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,EACrF,OAAO,EAAE,CAAC,EACV,UAAU,EAAE,UAAU,EACtB,SAAS,CAAC,EAAE,UAAU,GACrB,OAAO,CAAC,CAAC,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAOpC;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAUlB;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,4BAA4B;IAC3C,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IACzB,6BAA6B;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,gBAAgB,EAAE,MAAM,CAAC;IACzB,iFAAiF;IACjF,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,mBAAmB,EAAE,MAAM,CAAC;IAC5B,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,oFAAoF;IACpF,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;GAQG;AACH,wBAAsB,2BAA2B,CAC/C,KAAK,EAAE,4BAA4B,EACnC,UAAU,EAAE,UAAU,EACtB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,eAAe,CAAC,CAgB1B;AAID,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,mBAAmB,EAAE,CAAC;CACpC;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEhD;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,eAAe,EACxB,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,mBAAmB,CAAC,CA+B9B;AAcD,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,eAAe,CAAC;IACzB,iBAAiB,EAAE,UAAU,CAAC;CAC/B;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,iBAAiB,EAAE,GACzB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwB7D;AAID;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,EAC9C,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,eAAe,CAAC,CAK1B;AAED;;;;;;;GAOG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,eAAe,EAC3B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAChD,OAAO,CAAC,OAAO,CAAC,CAiBlB;AAED;;;;;;;;;GASG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,eAAe,EAAE,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoC7C;AAID;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+DAA+D;IAC/D,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AA0BD;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,aAAa,EAAE,UAAU,EACzB,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CAmB9B;AAED;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,kBAAkB,EAAE,UAAU,EAC9B,aAAa,EAAE,UAAU,EACzB,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,mBAAmB,CAAC,CA2B9B;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,mBAAmB,EAC3B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,OAAO,CAAC,CA+BlB;AAID,kDAAkD;AAClD,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC5C;AAED;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,mBAAmB,EAAE,EAC5B,oBAAoB,CAAC,EAAE,MAAM,GAC5B,OAAO,CAAC,qBAAqB,CAAC,CA+EhC;AAID;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC;IACT,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAcD;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,UAAU,EAAE;IACV,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB,EACD,oBAAoB,EAAE,MAAM,EAC5B,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,OAAO,CAAC,CAiBlB;AAID,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB,EAAE,eAAe,EAAE,CAAC;IACxC,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,MAAM,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,IAAI,CAAC,4BAA4B,EAAE,cAAc,GAAG,qBAAqB,CAAC,EACnF,mBAAmB,EAAE,UAAU,GAC9B,OAAO,CAAC,4BAA4B,CAAC,CAkBvC;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,4BAA4B,EACrC,kBAAkB,EAAE,UAAU,EAC9B,eAAe,CAAC,EAAE,SAAS,GAC1B,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiD7C"}