@motebit/crypto 0.8.0 → 1.0.0

package/dist/hardware-attestation.d.ts

@@ -0,0 +1,238 @@
+/**
+ * Hardware attestation — verify that a motebit's Ed25519 identity key
+ * is bound to a hardware-backed ECDSA P-256 key held in a platform
+ * trust anchor (Apple Secure Enclave today; TPM / Play Integrity /
+ * DeviceCheck as future additive adapters).
+ *
+ * ## Why this exists
+ *
+ * Motebit's identity key is Ed25519, stored in the OS keyring on
+ * desktop and in equivalent app-sandboxed stores on mobile/web. That
+ * key is *software-custody*: the private bytes are readable by any
+ * process running as the user. The moat thesis — "accumulated trust
+ * that a third party can verify" — is categorically weaker without a
+ * hardware root. Hardware attestation bridges the gap without forcing
+ * a cryptosuite migration: a separate hardware-native keypair (Apple
+ * Secure Enclave generates ECDSA P-256) signs a canonical claim that
+ * binds itself to the Ed25519 identity. The identity stays where it
+ * is; the hardware signature is *additional* evidence a verifier can
+ * rank against.
+ *
+ * Same shape as FIDO / WebAuthn attestation — the platform root key
+ * is distinct from the user-facing identity, and one attests the
+ * other.
+ *
+ * ## Receipt format (`platform: "secure_enclave"`)
+ *
+ *   attestation_receipt = base64url(canonical_body_json) + "." +
+ *                         base64url(ecdsa_p256_signature_der)
+ *
+ *   canonical_body_json = JCS-canonicalized JSON of:
+ *     {
+ *       version: "1",
+ *       algorithm: "ecdsa-p256-sha256",
+ *       motebit_id: string,
+ *       device_id: string,
+ *       identity_public_key: Ed25519 hex lowercase,
+ *       se_public_key: P-256 compressed-point hex lowercase,
+ *       attested_at: unix ms,
+ *     }
+ *
+ * The P-256 signature is over `SHA-256(canonical_body_json)` — standard
+ * ECDSA-on-SHA256. The verifier recovers the SE public key from
+ * `body.se_public_key` (self-contained; zero relay contact), verifies
+ * the signature, then checks that `body.identity_public_key` equals the
+ * Ed25519 key the credential subject is claimed for.
+ *
+ * ## Non-goals in v1
+ *
+ *   - Other platforms (TPM / DeviceCheck / Play Integrity) — each
+ *     returns `valid: false` + a named-missing-adapter error. Additive
+ *     platform adapters plug in behind the same result shape.
+ *   - Revocation — claims expire with their parent credential's
+ *     expiry. No separate revocation channel.
+ *   - Chain-of-trust verification — the SE public key is the
+ *     self-asserted root in v1. Future platform adapters verify the
+ *     platform's own attestation chain (Apple's root CA, Google's
+ *     verified-boot chain, etc.) as glucose per the metabolic
+ *     principle.
+ *
+ * Permissive floor (Apache-2.0), no I/O, deterministic. Safe to run in any
+ * environment that can parse UTF-8 JSON.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+/**
+ * Platform identifier mirrored from `HardwareAttestationClaim.platform`.
+ * Declared locally so hardware-attestation.ts isn't coupled to whether
+ * protocol exports it as a named type — the union literal is the
+ * contract.
+ */
+export type AttestationPlatform = HardwareAttestationClaim["platform"];
+/**
+ * One verification error in the result. Matches the shape used by the
+ * other `@motebit/crypto` verify functions so callers can surface
+ * errors uniformly.
+ */
+export interface HardwareAttestationError {
+    readonly message: string;
+}
+/**
+ * Result of verifying one `HardwareAttestationClaim`. `valid` reflects
+ * only the platform-verification outcome for the receipt — identity-key
+ * binding is checked separately via `expectedIdentityPublicKeyHex`.
+ *
+ * For the `secure_enclave` platform, a `valid: true` result asserts:
+ *   1. The receipt is well-formed JWS-shape (body . signature).
+ *   2. The body's algorithm field is `ecdsa-p256-sha256`.
+ *   3. The P-256 signature verifies against the body bytes + the
+ *      SE public key carried inside the body.
+ *   4. The body's `identity_public_key` equals the expected Ed25519
+ *      key the caller provided.
+ *
+ * Other platforms are not implemented in v1 and return
+ * `valid: false, errors: [{message: "...adapter not shipped..."}]`.
+ * Adapters plug in behind this same result shape; a verifier that
+ * ignores the `se_public_key` field stays forward-compatible.
+ */
+export interface HardwareAttestationVerifyResult {
+    readonly valid: boolean;
+    readonly platform: AttestationPlatform | null;
+    /** P-256 pubkey (compressed hex) recovered from a verified SE receipt. */
+    readonly se_public_key?: string;
+    /** Unix ms timestamp from a verified body, if any. */
+    readonly attested_at?: number;
+    readonly errors: readonly HardwareAttestationError[];
+}
+/**
+ * Context fields the dispatcher lifts out of the VC subject and hands
+ * to the `deviceCheck` arm so it can re-derive the JCS body Apple
+ * signed over. motebit_id / device_id / attested_at participate in
+ * that body alongside identity_public_key; without them the verifier
+ * cannot bind the receipt to the caller's identity. Each field is
+ * optional at the type level so an older credential subject that
+ * doesn't carry them flows through with `identity_bound: false`
+ * rather than crashing the verifier.
+ */
+export interface DeviceCheckVerifierContext {
+    readonly expectedMotebitId?: string;
+    readonly expectedDeviceId?: string;
+    readonly expectedAttestedAt?: number;
+}
+/**
+ * Optional platform-verifier dispatch injected at call site by the
+ * consumer. Each slot takes the claim + the expected Ed25519 identity
+ * key (lowercase hex) and returns a verification result matching the
+ * canonical shape.
+ *
+ * `@motebit/crypto` stays permissive-floor-pure and dep-thin — it never imports a
+ * platform adapter. Consumers (CLI, mobile, desktop, relay) wire the
+ * leaf packages (`@motebit/crypto-appattest` for device_check;
+ * future `@motebit/crypto-tpm`, `@motebit/crypto-play-integrity`) into
+ * this object so that dispatch remains explicit, auditable, and
+ * tree-shakable: a verifier that doesn't care about App Attest ships
+ * zero App Attest code.
+ *
+ * `deviceCheck` takes an optional third `context` argument carrying
+ * the VC-subject fields that participate in the JCS body the Swift
+ * mint path signs over (motebit_id / device_id / attested_at). The
+ * dispatcher populates this from the credential subject; direct
+ * callers threading their own context can too. Older injected
+ * verifiers that ignore the third argument still satisfy the type.
+ */
+export interface HardwareAttestationVerifiers {
+    readonly deviceCheck?: (claim: HardwareAttestationClaim, expectedIdentityPublicKeyHex: string, context?: DeviceCheckVerifierContext) => HardwareAttestationVerifyResult | PromiseLike<HardwareAttestationVerifyResult> | {
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    } | PromiseLike<{
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    }>;
+    readonly tpm?: (claim: HardwareAttestationClaim, expectedIdentityPublicKeyHex: string, context?: DeviceCheckVerifierContext) => HardwareAttestationVerifyResult | PromiseLike<HardwareAttestationVerifyResult> | {
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    } | PromiseLike<{
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    }>;
+    readonly playIntegrity?: (claim: HardwareAttestationClaim, expectedIdentityPublicKeyHex: string, context?: DeviceCheckVerifierContext) => HardwareAttestationVerifyResult | PromiseLike<HardwareAttestationVerifyResult> | {
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    } | PromiseLike<{
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    }>;
+    readonly webauthn?: (claim: HardwareAttestationClaim, expectedIdentityPublicKeyHex: string, context?: DeviceCheckVerifierContext) => HardwareAttestationVerifyResult | PromiseLike<HardwareAttestationVerifyResult> | {
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    } | PromiseLike<{
+        readonly valid: boolean;
+        readonly errors: ReadonlyArray<{
+            readonly message: string;
+        }>;
+    }>;
+}
+/**
+ * Verify a hardware-attestation claim.
+ *
+ * - `claim` — the `HardwareAttestationClaim` taken from a credential's
+ *   `credentialSubject.hardware_attestation`.
+ * - `expectedIdentityPublicKeyHex` — the Ed25519 public key (hex) the
+ *   verifier believes owns the credential. Comes from the credential
+ *   issuance path (typically the subject's DID pubkey).
+ * - `verifiers` — optional injection of platform-specific verifiers for
+ *   claims other than `secure_enclave`. Consumers pass
+ *   `{ deviceCheck: deviceCheckVerifier(...) }` from
+ *   `@motebit/crypto-appattest` to enable App Attest verification. When
+ *   a claim's platform has no verifier wired, the dispatcher returns a
+ *   stub `valid: false, errors: [{message:"adapter not yet shipped"}]`
+ *   so verification remains fail-closed by default.
+ * - `deviceCheckContext` — VC-subject fields (motebit_id / device_id /
+ *   attested_at) lifted from the credential subject; threaded to the
+ *   injected `deviceCheck` verifier so it can re-derive the JCS body
+ *   Apple signed over. Ignored for every other platform.
+ *
+ * Zero throws — every failure lands as `valid: false` with a structured
+ * reason so callers can render consistent audit output. The
+ * secure_enclave path remains synchronous; device_check (and any other
+ * injected adapter) may return a Promise, so callers that dispatch
+ * through the `verify()` entrypoint get `await`ed results.
+ */
+export declare function verifyHardwareAttestationClaim(claim: HardwareAttestationClaim, expectedIdentityPublicKeyHex: string, verifiers?: HardwareAttestationVerifiers, deviceCheckContext?: DeviceCheckVerifierContext): HardwareAttestationVerifyResult | Promise<HardwareAttestationVerifyResult>;
+/**
+ * Test-only helper — encode a canonical body + signature into the
+ * receipt format. Tests that have a P-256 private key (via
+ * `@noble/curves/p256`) can call `signBytes` themselves, then hand the
+ * resulting body + signature to this helper to produce a well-formed
+ * receipt that `verifyHardwareAttestationClaim` will accept. Production
+ * callers MUST mint receipts via the Rust Secure Enclave bridge —
+ * never through this function.
+ */
+export declare function encodeSecureEnclaveReceiptForTest(bodyBytes: Uint8Array, sigBytes: Uint8Array): string;
+/**
+ * Test-only helper — build a canonical body JSON's bytes. Use with
+ * `encodeSecureEnclaveReceiptForTest` to produce a full receipt for
+ * verification tests. Canonicalization matches what production would
+ * emit.
+ */
+export declare function canonicalSecureEnclaveBodyForTest(body: {
+    readonly motebit_id: string;
+    readonly device_id: string;
+    readonly identity_public_key: string;
+    readonly se_public_key: string;
+    readonly attested_at: number;
+}): Uint8Array;
+//# sourceMappingURL=hardware-attestation.d.ts.map

package/dist/hardware-attestation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardware-attestation.d.ts","sourceRoot":"","sources":["../src/hardware-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6DG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAKlE;;;;;GAKG;AACH,MAAM,MAAM,mBAAmB,GAAG,wBAAwB,CAAC,UAAU,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,+BAA+B;IAC9C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAAC;IAC9C,0EAA0E;IAC1E,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,sDAAsD;IACtD,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,SAAS,wBAAwB,EAAE,CAAC;CACtD;AAiBD;;;;;;;;;GASG;AACH,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,WAAW,CAAC,EAAE,CACrB,KAAK,EAAE,wBAAwB,EAC/B,4BAA4B,EAAE,MAAM,EACpC,OAAO,CAAC,EAAE,0BAA0B,KAElC,+BAA+B,GAC/B,WAAW,CAAC,+BAA+B,CAAC,GAC5C;QAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,GACzF,WAAW,CAAC;QACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC9D,CAAC,CAAC;IACP,QAAQ,CAAC,GAAG,CAAC,EAAE,CACb,KAAK,EAAE,wBAAwB,EAC/B,4BAA4B,EAAE,MAAM,EACpC,OAAO,CAAC,EAAE,0BAA0B,KAElC,+BAA+B,GAC/B,WAAW,CAAC,+BAA+B,CAAC,GAC5C;QAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,GACzF,WAAW,CAAC;QACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC9D,CAAC,CAAC;IACP,QAAQ,CAAC,aAAa,CAAC,EAAE,CACvB,KAAK,EAAE,wBAAwB,EAC/B,4BAA4B,EAAE,MAAM,EACpC,OAAO,CAAC,EAAE,0BAA0B,KAElC,+BAA+B,GAC/B,WAAW,CAAC,+BAA+B,CAAC,GAC5C;QAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,GACzF,WAAW,CAAC;QACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC9D,CAAC,CAAC;IACP,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAClB,KAAK,EAAE,wBAAwB,EAC/B,4BAA4B,EAAE,MAAM,EACpC,OAAO,CAAC,EAAE,0BAA0B,KAElC,+BAA+B,GAC/B,WAAW,CAAC,+BAA+B,CAAC,GAC5C;QAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,GACzF,WAAW,CAAC;QACV,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;QACxB,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;YAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAC9D,CAAC,CAAC;CACR;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,wBAAwB,EAC/B,4BAA4B,EAAE,MAAM,EACpC,SAAS,CAAC,EAAE,4BAA4B,EACxC,kBAAkB,CAAC,EAAE,0BAA0B,GAC9C,+BAA+B,GAAG,OAAO,CAAC,+BAA+B,CAAC,CAoE5E;AAoMD;;;;;;;;GAQG;AACH,wBAAgB,iCAAiC,CAC/C,SAAS,EAAE,UAAU,EACrB,QAAQ,EAAE,UAAU,GACnB,MAAM,CAER;AAED;;;;;GAKG;AACH,wBAAgB,iCAAiC,CAAC,IAAI,EAAE;IACtD,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B,GAAG,UAAU,CAOb"}

package/dist/hardware-attestation.js

@@ -0,0 +1,345 @@
+/**
+ * Hardware attestation — verify that a motebit's Ed25519 identity key
+ * is bound to a hardware-backed ECDSA P-256 key held in a platform
+ * trust anchor (Apple Secure Enclave today; TPM / Play Integrity /
+ * DeviceCheck as future additive adapters).
+ *
+ * ## Why this exists
+ *
+ * Motebit's identity key is Ed25519, stored in the OS keyring on
+ * desktop and in equivalent app-sandboxed stores on mobile/web. That
+ * key is *software-custody*: the private bytes are readable by any
+ * process running as the user. The moat thesis — "accumulated trust
+ * that a third party can verify" — is categorically weaker without a
+ * hardware root. Hardware attestation bridges the gap without forcing
+ * a cryptosuite migration: a separate hardware-native keypair (Apple
+ * Secure Enclave generates ECDSA P-256) signs a canonical claim that
+ * binds itself to the Ed25519 identity. The identity stays where it
+ * is; the hardware signature is *additional* evidence a verifier can
+ * rank against.
+ *
+ * Same shape as FIDO / WebAuthn attestation — the platform root key
+ * is distinct from the user-facing identity, and one attests the
+ * other.
+ *
+ * ## Receipt format (`platform: "secure_enclave"`)
+ *
+ *   attestation_receipt = base64url(canonical_body_json) + "." +
+ *                         base64url(ecdsa_p256_signature_der)
+ *
+ *   canonical_body_json = JCS-canonicalized JSON of:
+ *     {
+ *       version: "1",
+ *       algorithm: "ecdsa-p256-sha256",
+ *       motebit_id: string,
+ *       device_id: string,
+ *       identity_public_key: Ed25519 hex lowercase,
+ *       se_public_key: P-256 compressed-point hex lowercase,
+ *       attested_at: unix ms,
+ *     }
+ *
+ * The P-256 signature is over `SHA-256(canonical_body_json)` — standard
+ * ECDSA-on-SHA256. The verifier recovers the SE public key from
+ * `body.se_public_key` (self-contained; zero relay contact), verifies
+ * the signature, then checks that `body.identity_public_key` equals the
+ * Ed25519 key the credential subject is claimed for.
+ *
+ * ## Non-goals in v1
+ *
+ *   - Other platforms (TPM / DeviceCheck / Play Integrity) — each
+ *     returns `valid: false` + a named-missing-adapter error. Additive
+ *     platform adapters plug in behind the same result shape.
+ *   - Revocation — claims expire with their parent credential's
+ *     expiry. No separate revocation channel.
+ *   - Chain-of-trust verification — the SE public key is the
+ *     self-asserted root in v1. Future platform adapters verify the
+ *     platform's own attestation chain (Apple's root CA, Google's
+ *     verified-boot chain, etc.) as glucose per the metabolic
+ *     principle.
+ *
+ * Permissive floor (Apache-2.0), no I/O, deterministic. Safe to run in any
+ * environment that can parse UTF-8 JSON.
+ */
+import { canonicalJson, fromBase64Url } from "./signing.js";
+import { verifyP256EcdsaSha256 } from "./suite-dispatch.js";
+/**
+ * Verify a hardware-attestation claim.
+ *
+ * - `claim` — the `HardwareAttestationClaim` taken from a credential's
+ *   `credentialSubject.hardware_attestation`.
+ * - `expectedIdentityPublicKeyHex` — the Ed25519 public key (hex) the
+ *   verifier believes owns the credential. Comes from the credential
+ *   issuance path (typically the subject's DID pubkey).
+ * - `verifiers` — optional injection of platform-specific verifiers for
+ *   claims other than `secure_enclave`. Consumers pass
+ *   `{ deviceCheck: deviceCheckVerifier(...) }` from
+ *   `@motebit/crypto-appattest` to enable App Attest verification. When
+ *   a claim's platform has no verifier wired, the dispatcher returns a
+ *   stub `valid: false, errors: [{message:"adapter not yet shipped"}]`
+ *   so verification remains fail-closed by default.
+ * - `deviceCheckContext` — VC-subject fields (motebit_id / device_id /
+ *   attested_at) lifted from the credential subject; threaded to the
+ *   injected `deviceCheck` verifier so it can re-derive the JCS body
+ *   Apple signed over. Ignored for every other platform.
+ *
+ * Zero throws — every failure lands as `valid: false` with a structured
+ * reason so callers can render consistent audit output. The
+ * secure_enclave path remains synchronous; device_check (and any other
+ * injected adapter) may return a Promise, so callers that dispatch
+ * through the `verify()` entrypoint get `await`ed results.
+ */
+export function verifyHardwareAttestationClaim(claim, expectedIdentityPublicKeyHex, verifiers, deviceCheckContext) {
+    const platform = claim.platform;
+    const errors = [];
+    switch (platform) {
+        case "secure_enclave":
+            return verifySecureEnclaveClaim(claim, expectedIdentityPublicKeyHex);
+        case "software":
+            // Truthful "this key is not hardware-backed" claim — valid in
+            // the sense of "no deception," but offers no hardware signal. The
+            // semiring scores it as `0.1` (see `@motebit/semiring`). Report
+            // as `valid: false` for the hardware-verification channel: the
+            // claim doesn't prove hardware, and the caller should score it
+            // via the semiring, not treat it as attested.
+            errors.push({
+                message: "platform `software` is a no-hardware sentinel; no verification channel",
+            });
+            return { valid: false, platform: "software", errors };
+        case "device_check":
+            if (verifiers?.deviceCheck) {
+                return dispatchInjected(platform, verifiers.deviceCheck(claim, expectedIdentityPublicKeyHex, deviceCheckContext));
+            }
+            errors.push({
+                message: `platform \`${platform}\` verifier not wired — pass { deviceCheck: deviceCheckVerifier(...) } from @motebit/crypto-appattest to enable`,
+            });
+            return { valid: false, platform, errors };
+        case "tpm":
+            if (verifiers?.tpm) {
+                return dispatchInjected(platform, verifiers.tpm(claim, expectedIdentityPublicKeyHex, deviceCheckContext));
+            }
+            errors.push({
+                message: `platform \`${platform}\` verifier not wired — pass { tpm: ... } via the verifiers parameter to enable`,
+            });
+            return { valid: false, platform, errors };
+        case "play_integrity":
+            if (verifiers?.playIntegrity) {
+                return dispatchInjected(platform, verifiers.playIntegrity(claim, expectedIdentityPublicKeyHex, deviceCheckContext));
+            }
+            errors.push({
+                message: `platform \`${platform}\` verifier not wired — pass { playIntegrity: ... } via the verifiers parameter to enable`,
+            });
+            return { valid: false, platform, errors };
+        case "webauthn":
+            if (verifiers?.webauthn) {
+                return dispatchInjected(platform, verifiers.webauthn(claim, expectedIdentityPublicKeyHex, deviceCheckContext));
+            }
+            errors.push({
+                message: `platform \`${platform}\` verifier not wired — pass { webauthn: webauthnVerifier(...) } from @motebit/crypto-webauthn to enable`,
+            });
+            return { valid: false, platform, errors };
+        default:
+            errors.push({
+                message: `unknown platform \`${claim.platform}\` — not in the declared enum`,
+            });
+            return { valid: false, platform: null, errors };
+    }
+}
+/**
+ * Normalize the injected verifier's return shape into the canonical
+ * `HardwareAttestationVerifyResult`. Injected leaves may return a
+ * richer shape (e.g. `@motebit/crypto-appattest`'s
+ * `DeviceCheckVerifyResult` carries `attestation_detail`); the
+ * canonical fields are lifted out here so the outer VC verify path
+ * always sees the same shape.
+ */
+async function dispatchInjected(platform, result) {
+    const awaited = await Promise.resolve(result);
+    return {
+        valid: awaited.valid,
+        platform,
+        errors: awaited.errors ?? [],
+    };
+}
+// ── Secure Enclave path ──────────────────────────────────────────────
+function verifySecureEnclaveClaim(claim, expectedIdentityPublicKeyHex) {
+    const errors = [];
+    const platform = "secure_enclave";
+    if (claim.key_exported === true) {
+        // An exported hardware key no longer uniquely holds the material;
+        // the signed receipt is historical evidence only. We still verify
+        // the signature — it's still meaningful — but the result's caller
+        // should score it with the lower semiring value (see
+        // `scoreAttestation` in @motebit/semiring: exported → 0.5). We do
+        // not short-circuit as invalid — that would conflate "key was
+        // exported" with "attestation fraudulent."
+    }
+    if (!claim.attestation_receipt) {
+        errors.push({
+            message: "secure_enclave claim missing `attestation_receipt`",
+        });
+        return { valid: false, platform, errors };
+    }
+    const parts = claim.attestation_receipt.split(".");
+    if (parts.length !== 2) {
+        errors.push({
+            message: `attestation_receipt must be 2 base64url parts separated by '.'; got ${parts.length}`,
+        });
+        return { valid: false, platform, errors };
+    }
+    const [bodyB64, sigB64] = parts;
+    let bodyBytes;
+    let sigBytes;
+    try {
+        bodyBytes = fromBase64Url(bodyB64);
+        sigBytes = fromBase64Url(sigB64);
+    }
+    catch (err) {
+        errors.push({
+            message: `base64url decode failed: ${err instanceof Error ? err.message : String(err)}`,
+        });
+        return { valid: false, platform, errors };
+    }
+    let bodyJson;
+    try {
+        bodyJson = JSON.parse(new TextDecoder().decode(bodyBytes));
+    }
+    catch (err) {
+        errors.push({
+            message: `body JSON parse failed: ${err instanceof Error ? err.message : String(err)}`,
+        });
+        return { valid: false, platform, errors };
+    }
+    const bodyCheck = parseSecureEnclaveBody(bodyJson);
+    if (bodyCheck.kind === "error") {
+        errors.push({ message: bodyCheck.reason });
+        return { valid: false, platform, errors };
+    }
+    const body = bodyCheck.body;
+    if (body.version !== "1") {
+        errors.push({
+            message: `unsupported body version '${body.version}' (expected '1')`,
+        });
+        return { valid: false, platform, errors };
+    }
+    if (body.algorithm !== "ecdsa-p256-sha256") {
+        errors.push({
+            message: `unsupported body algorithm '${body.algorithm}' (expected 'ecdsa-p256-sha256')`,
+        });
+        return { valid: false, platform, errors };
+    }
+    // Re-canonicalize the body and hash — the signed bytes are what the
+    // signer actually signed. The body we parsed is the source of truth
+    // for *fields*, but the signed bytes must match the on-wire body
+    // bytes exactly (JCS is deterministic, but the signer might have
+    // produced the body with trailing whitespace etc. — we verify
+    // against the as-received bytes, not our re-canonicalization).
+    let sigValid;
+    try {
+        sigValid = verifyP256EcdsaSha256(body.se_public_key, bodyBytes, sigBytes);
+    }
+    catch (err) {
+        errors.push({
+            message: `p-256 verification crashed: ${err instanceof Error ? err.message : String(err)}`,
+        });
+        return { valid: false, platform, errors };
+    }
+    if (!sigValid) {
+        errors.push({
+            message: "p-256 signature does not verify against body + se_public_key",
+        });
+        return { valid: false, platform, errors };
+    }
+    // Identity-key binding check — the attestation body names which
+    // Ed25519 key this hardware claim is for. The verifier has the
+    // expected key from the credential's issuance context.
+    if (body.identity_public_key.toLowerCase() !== expectedIdentityPublicKeyHex.toLowerCase()) {
+        errors.push({
+            message: `identity_public_key mismatch: body names ${body.identity_public_key.slice(0, 16)}…, expected ${expectedIdentityPublicKeyHex.slice(0, 16)}…`,
+        });
+        return { valid: false, platform, errors };
+    }
+    return {
+        valid: true,
+        platform,
+        se_public_key: body.se_public_key,
+        attested_at: body.attested_at,
+        errors: [],
+    };
+}
+function parseSecureEnclaveBody(raw) {
+    if (raw === null || typeof raw !== "object") {
+        return { kind: "error", reason: "body is not a JSON object" };
+    }
+    const r = raw;
+    const fields = [
+        "version",
+        "algorithm",
+        "motebit_id",
+        "device_id",
+        "identity_public_key",
+        "se_public_key",
+        "attested_at",
+    ];
+    for (const f of fields) {
+        if (!(f in r)) {
+            return { kind: "error", reason: `body missing required field '${f}'` };
+        }
+    }
+    if (typeof r.version !== "string" ||
+        typeof r.algorithm !== "string" ||
+        typeof r.motebit_id !== "string" ||
+        typeof r.device_id !== "string" ||
+        typeof r.identity_public_key !== "string" ||
+        typeof r.se_public_key !== "string" ||
+        typeof r.attested_at !== "number") {
+        return { kind: "error", reason: "body field types invalid" };
+    }
+    return {
+        kind: "ok",
+        body: {
+            version: r.version,
+            algorithm: r.algorithm,
+            motebit_id: r.motebit_id,
+            device_id: r.device_id,
+            identity_public_key: r.identity_public_key,
+            se_public_key: r.se_public_key,
+            attested_at: r.attested_at,
+        },
+    };
+}
+// ── Test helper — mint a valid SE receipt from an in-process P-256 key ─
+/**
+ * Test-only helper — encode a canonical body + signature into the
+ * receipt format. Tests that have a P-256 private key (via
+ * `@noble/curves/p256`) can call `signBytes` themselves, then hand the
+ * resulting body + signature to this helper to produce a well-formed
+ * receipt that `verifyHardwareAttestationClaim` will accept. Production
+ * callers MUST mint receipts via the Rust Secure Enclave bridge —
+ * never through this function.
+ */
+export function encodeSecureEnclaveReceiptForTest(bodyBytes, sigBytes) {
+    return `${toBase64Url(bodyBytes)}.${toBase64Url(sigBytes)}`;
+}
+/**
+ * Test-only helper — build a canonical body JSON's bytes. Use with
+ * `encodeSecureEnclaveReceiptForTest` to produce a full receipt for
+ * verification tests. Canonicalization matches what production would
+ * emit.
+ */
+export function canonicalSecureEnclaveBodyForTest(body) {
+    const full = {
+        version: "1",
+        algorithm: "ecdsa-p256-sha256",
+        ...body,
+    };
+    return new TextEncoder().encode(canonicalJson(full));
+}
+function toBase64Url(bytes) {
+    // Match the conventions in signing.ts — base64url, no padding.
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+//# sourceMappingURL=hardware-attestation.js.map

package/dist/hardware-attestation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardware-attestation.js","sourceRoot":"","sources":["../src/hardware-attestation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6DG;AAIH,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAsJ5D;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,8BAA8B,CAC5C,KAA+B,EAC/B,4BAAoC,EACpC,SAAwC,EACxC,kBAA+C;IAE/C,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAChC,MAAM,MAAM,GAA+B,EAAE,CAAC;IAE9C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,gBAAgB;YACnB,OAAO,wBAAwB,CAAC,KAAK,EAAE,4BAA4B,CAAC,CAAC;QACvE,KAAK,UAAU;YACb,8DAA8D;YAC9D,kEAAkE;YAClE,gEAAgE;YAChE,+DAA+D;YAC/D,+DAA+D;YAC/D,8CAA8C;YAC9C,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,wEAAwE;aAClF,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;QACxD,KAAK,cAAc;YACjB,IAAI,SAAS,EAAE,WAAW,EAAE,CAAC;gBAC3B,OAAO,gBAAgB,CACrB,QAAQ,EACR,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,4BAA4B,EAAE,kBAAkB,CAAC,CAC/E,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,cAAc,QAAQ,iHAAiH;aACjJ,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,KAAK;YACR,IAAI,SAAS,EAAE,GAAG,EAAE,CAAC;gBACnB,OAAO,gBAAgB,CACrB,QAAQ,EACR,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,4BAA4B,EAAE,kBAAkB,CAAC,CACvE,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,cAAc,QAAQ,iFAAiF;aACjH,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,gBAAgB;YACnB,IAAI,SAAS,EAAE,aAAa,EAAE,CAAC;gBAC7B,OAAO,gBAAgB,CACrB,QAAQ,EACR,SAAS,CAAC,aAAa,CAAC,KAAK,EAAE,4BAA4B,EAAE,kBAAkB,CAAC,CACjF,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,cAAc,QAAQ,2FAA2F;aAC3H,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,UAAU;YACb,IAAI,SAAS,EAAE,QAAQ,EAAE,CAAC;gBACxB,OAAO,gBAAgB,CACrB,QAAQ,EACR,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,4BAA4B,EAAE,kBAAkB,CAAC,CAC5E,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,cAAc,QAAQ,0GAA0G;aAC1I,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAC5C;YACE,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,sBAAsB,KAAK,CAAC,QAAQ,+BAA+B;aAC7E,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACpD,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,gBAAgB,CAC7B,QAA6B,EAC7B,MAOM;IAEN,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;KAC7B,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,wBAAwB,CAC/B,KAA+B,EAC/B,4BAAoC;IAEpC,MAAM,MAAM,GAA+B,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAwB,gBAAgB,CAAC;IAEvD,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;QAChC,kEAAkE;QAClE,kEAAkE;QAClE,kEAAkE;QAClE,qDAAqD;QACrD,kEAAkE;QAClE,8DAA8D;QAC9D,2CAA2C;IAC7C,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,oDAAoD;SAC9D,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,uEAAuE,KAAK,CAAC,MAAM,EAAE;SAC/F,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,KAAyB,CAAC;IAEpD,IAAI,SAAqB,CAAC;IAC1B,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACnC,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;SACxF,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAY,CAAC;IACxE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,2BAA2B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;SACvF,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,SAAS,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IACD,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;IAE5B,IAAI,IAAI,CAAC,OAAO,KAAK,GAAG,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,6BAA6B,IAAI,CAAC,OAAO,kBAAkB;SACrE,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IACD,IAAI,IAAI,CAAC,SAAS,KAAK,mBAAmB,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,+BAA+B,IAAI,CAAC,SAAS,kCAAkC;SACzF,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,oEAAoE;IACpE,oEAAoE;IACpE,iEAAiE;IACjE,iEAAiE;IACjE,8DAA8D;IAC9D,+DAA+D;IAC/D,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC5E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;SAC3F,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,gEAAgE;IAChE,+DAA+D;IAC/D,uDAAuD;IACvD,IAAI,IAAI,CAAC,mBAAmB,CAAC,WAAW,EAAE,KAAK,4BAA4B,CAAC,WAAW,EAAE,EAAE,CAAC;QAC1F,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,4CAA4C,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,4BAA4B,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG;SACtJ,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,QAAQ;QACR,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE,EAAE;KACX,CAAC;AACJ,CAAC;AAID,SAAS,sBAAsB,CAAC,GAAY;IAC1C,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;IAChE,CAAC;IACD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,MAAM,MAAM,GAAmC;QAC7C,SAAS;QACT,WAAW;QACX,YAAY;QACZ,WAAW;QACX,qBAAqB;QACrB,eAAe;QACf,aAAa;KACd,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACd,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,gCAAgC,CAAC,GAAG,EAAE,CAAC;QACzE,CAAC;IACH,CAAC;IACD,IACE,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;QAC7B,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ;QAChC,OAAO,CAAC,CAAC,SAAS,KAAK,QAAQ;QAC/B,OAAO,CAAC,CAAC,mBAAmB,KAAK,QAAQ;QACzC,OAAO,CAAC,CAAC,aAAa,KAAK,QAAQ;QACnC,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,EACjC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO;QACL,IAAI,EAAE,IAAI;QACV,IAAI,EAAE;YACJ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,mBAAmB,EAAE,CAAC,CAAC,mBAAmB;YAC1C,aAAa,EAAE,CAAC,CAAC,aAAa;YAC9B,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B;KACF,CAAC;AACJ,CAAC;AAED,0EAA0E;AAE1E;;;;;;;;GAQG;AACH,MAAM,UAAU,iCAAiC,CAC/C,SAAqB,EACrB,QAAoB;IAEpB,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iCAAiC,CAAC,IAMjD;IACC,MAAM,IAAI,GAAsB;QAC9B,OAAO,EAAE,GAAG;QACZ,SAAS,EAAE,mBAAmB;QAC9B,GAAG,IAAI;KACR,CAAC;IACF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB;IACpC,+DAA+D;IAC/D,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC"}