@motebit/crypto 1.1.0 → 1.2.0

package/dist/deletion-certificate.js

@@ -0,0 +1,562 @@
+/**
+ * Deletion certificate — sign + verify for the three retention shapes.
+ *
+ * Permissive floor (Apache-2.0). Zero monorepo dependencies — types
+ * mirror `@motebit/protocol`'s discriminated union; primitives route
+ * through `@motebit/crypto/suite-dispatch`.
+ *
+ * Three arms in one union (`@motebit/protocol :: DeletionCertificate`):
+ *
+ *   - `mutable_pruning` and `consolidation_flush` — multi-signature
+ *     certs (subject / operator / delegate / guardian, at-least-one
+ *     required by the reason-table). Each present signature covers the
+ *     same canonical bytes: `canonicalJson(cert minus all *_signature
+ *     fields)`. Pattern matches identity-v1 §3.8.1 dual-signature
+ *     succession (one canonical payload, multiple verifiable signers).
+ *
+ *   - `append_only_horizon` — single-issuer signature plus witness
+ *     signatures. Both the issuer and every witness sign the same
+ *     `canonicalJson(cert minus signature)`. Witness array is part of
+ *     the signed body — a forged witness fails verification.
+ *
+ * Verification dispatches by `kind`. Reason × signer × mode table
+ * (decision 5) gates which signer compositions are admissible. Each
+ * admissible signature is then cryptographically verified through
+ * `verifyBySuite`.
+ */
+import { canonicalJson, hexToBytes, fromBase64Url, toBase64Url, bytesToHex } from "./signing.js";
+import { signBySuite, verifyBySuite } from "./suite-dispatch.js";
+// ── Constants ────────────────────────────────────────────────────────
+/** The cryptosuite every deletion certificate signs under today. */
+export const DELETION_CERTIFICATE_SUITE = "motebit-jcs-ed25519-b64-v1";
+/**
+ * Filing window for `WitnessOmissionDispute` (retention phase 4b-3).
+ * A dispute MUST be filed within 24h of the cert's `issued_at`;
+ * `verifyWitnessOmissionDispute` rejects beyond this window. Mirrors
+ * the 24h cadence of `spec/dispute-v1.md` §7.5 (filing / withdrawal /
+ * appeal windows).
+ */
+export const WITNESS_OMISSION_DISPUTE_WINDOW_MS = 24 * 60 * 60 * 1000;
+/**
+ * Canonical empty-tree merkle root — hex-encoded SHA-256 of zero
+ * bytes. The verifier in `verifyHorizonCert` rejects horizon certs
+ * whose `federation_graph_anchor.leaf_count = 0` carries a
+ * `merkle_root` other than this value, so a malicious issuer cannot
+ * mint a self-witnessed cert with arbitrary anchor bytes. Mirrors
+ * `EMPTY_FEDERATION_GRAPH_ANCHOR.merkle_root` in `@motebit/protocol`.
+ */
+const EMPTY_FEDERATION_GRAPH_ANCHOR_ROOT = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
+const REASON_TABLE = Object.freeze({
+    user_request: {
+        required: "subject",
+        optional: ["operator"],
+        forbidden: [],
+        modes: ["sovereign", "mediated", "enterprise"],
+    },
+    retention_enforcement: {
+        required: "operator",
+        optional: ["subject"],
+        forbidden: [],
+        modes: ["mediated", "enterprise"],
+    },
+    retention_enforcement_post_classification: {
+        required: "operator",
+        optional: ["subject"],
+        forbidden: [],
+        modes: ["mediated", "enterprise"],
+    },
+    operator_request: {
+        required: "operator",
+        optional: [],
+        forbidden: ["subject"],
+        modes: ["mediated", "enterprise"],
+    },
+    delegated_request: {
+        required: "delegate",
+        optional: ["operator"],
+        forbidden: [],
+        modes: ["mediated", "enterprise"],
+    },
+    self_enforcement: {
+        required: "subject",
+        optional: [],
+        forbidden: ["operator"],
+        // Admitted in every mode: the subject's runtime can drive its own
+        // retention policy whether or not an operator exists. The
+        // distinction from `retention_enforcement` is who signs — subject
+        // for self_enforcement, operator for retention_enforcement.
+        modes: ["sovereign", "mediated", "enterprise"],
+    },
+    guardian_request: {
+        required: "guardian",
+        optional: ["operator"],
+        forbidden: [],
+        modes: ["enterprise"],
+    },
+});
+// ── Signing helpers ──────────────────────────────────────────────────
+/**
+ * Compute the canonical signing bytes for a `mutable_pruning` or
+ * `consolidation_flush` cert. Strips every `*_signature` field so all
+ * present signers sign identical bytes — matches identity-v1 §3.8.1's
+ * dual-signature canonical payload.
+ */
+export function canonicalizeMultiSignatureCert(cert) {
+    const { subject_signature, operator_signature, delegate_signature, guardian_signature, ...body } = cert;
+    // touch all extracted fields so unused-locals lint doesn't fail
+    void subject_signature;
+    void operator_signature;
+    void delegate_signature;
+    void guardian_signature;
+    return new TextEncoder().encode(canonicalJson(body));
+}
+/**
+ * Compute the canonical signing bytes for an `append_only_horizon`
+ * cert's ISSUER signature. Strips only `signature`. The issuer commits
+ * to the full body — including every witness's signature in
+ * `witnessed_by` — so a forged witness fails verification at the
+ * issuer signature step (the body the issuer signed no longer matches
+ * the post-tampering body).
+ */
+export function canonicalizeHorizonCert(cert) {
+    const { signature, ...body } = cert;
+    void signature;
+    return new TextEncoder().encode(canonicalJson(body));
+}
+/**
+ * Compute the canonical signing bytes for a WITNESS signature on an
+ * `append_only_horizon` cert. Strips both `signature` and
+ * `witnessed_by` so witnesses can co-sign asynchronously without
+ * needing to know each other's signatures.
+ *
+ * Witness's identity is bound to the signature via the public key
+ * used at verification (resolved from `witnessed_by[i].motebit_id`).
+ * The cert body's other fields (subject, store_id, horizon_ts,
+ * issued_at, federation_graph_anchor) make two distinct horizon
+ * advances produce distinct signing bytes, so a witness signature
+ * cannot be relayed to a different cert.
+ *
+ * The issuer's separate signature commits to the assembled witness
+ * array — that's the binding that makes a forged or substituted
+ * witness detectable.
+ */
+export function canonicalizeHorizonCertForWitness(cert) {
+    const { signature, witnessed_by, ...body } = cert;
+    void signature;
+    void witnessed_by;
+    return new TextEncoder().encode(canonicalJson(body));
+}
+/**
+ * Sign a `mutable_pruning` or `consolidation_flush` cert as the
+ * subject (motebit identity key). Adds the `subject_signature` block.
+ *
+ * Callers compose: sign as subject → optionally sign as operator → emit.
+ * Each signing step appends a signature block; the canonical bytes are
+ * recomputed from the body each time, so signatures are commutative
+ * (any signing order produces identical bytes for every signer).
+ */
+export async function signCertAsSubject(cert, motebitId, privateKey) {
+    const bytes = canonicalizeMultiSignatureCert(cert);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return {
+        ...cert,
+        subject_signature: {
+            motebit_id: motebitId,
+            suite: DELETION_CERTIFICATE_SUITE,
+            signature: toBase64Url(sig),
+        },
+    };
+}
+/** Sign a multi-signature cert as the operator. */
+export async function signCertAsOperator(cert, operatorId, privateKey) {
+    const bytes = canonicalizeMultiSignatureCert(cert);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return {
+        ...cert,
+        operator_signature: {
+            operator_id: operatorId,
+            suite: DELETION_CERTIFICATE_SUITE,
+            signature: toBase64Url(sig),
+        },
+    };
+}
+/** Sign a multi-signature cert as a delegate (multi-hop authorization). */
+export async function signCertAsDelegate(cert, delegateMotebitId, delegationReceiptId, privateKey) {
+    const bytes = canonicalizeMultiSignatureCert(cert);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return {
+        ...cert,
+        delegate_signature: {
+            motebit_id: delegateMotebitId,
+            delegation_receipt_id: delegationReceiptId,
+            suite: DELETION_CERTIFICATE_SUITE,
+            signature: toBase64Url(sig),
+        },
+    };
+}
+/** Sign a multi-signature cert as the guardian (enterprise custody). */
+export async function signCertAsGuardian(cert, guardianPublicKey, privateKey) {
+    const bytes = canonicalizeMultiSignatureCert(cert);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return {
+        ...cert,
+        guardian_signature: {
+            guardian_public_key: bytesToHex(guardianPublicKey),
+            suite: DELETION_CERTIFICATE_SUITE,
+            signature: toBase64Url(sig),
+        },
+    };
+}
+/**
+ * Sign an `append_only_horizon` cert as the issuer. The issuer is the
+ * subject named by the discriminator — motebit identity key for
+ * per-motebit horizons, operator key for operator-wide horizons.
+ */
+export async function signHorizonCertAsIssuer(cert, privateKey) {
+    const withSuite = { ...cert, suite: DELETION_CERTIFICATE_SUITE, signature: "" };
+    const bytes = canonicalizeHorizonCert(withSuite);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return { ...withSuite, signature: toBase64Url(sig) };
+}
+/**
+ * Add a witness signature to an `append_only_horizon` cert. Witness
+ * signs the same canonical body as the issuer; the witness array is
+ * part of the signed body, so once the issuer has signed, the witness
+ * additions are appended without re-signing the issuer side.
+ *
+ * Note: the issuer's signature is over the body INCLUDING the
+ * witness array as it stood when the issuer signed. Witnesses added
+ * after issuer-signing invalidate the issuer signature. Production
+ * flow: build the witness array first → issuer signs last. This
+ * function is here for tests and offline witness aggregation.
+ */
+export async function signHorizonWitness(cert, witnessMotebitId, privateKey, inclusionProof) {
+    const bytes = canonicalizeHorizonCertForWitness(cert);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    const witness = {
+        motebit_id: witnessMotebitId,
+        signature: toBase64Url(sig),
+        ...(inclusionProof !== undefined ? { inclusion_proof: inclusionProof } : {}),
+    };
+    return witness;
+}
+// ── Witness solicitation request body — issuer + peer-side primitives (4b-3) ──
+//
+// `HorizonWitnessRequestBody` is the cert body witnesses canonicalize
+// and sign. By construction it equals the `append_only_horizon` cert
+// minus `witnessed_by[]` and minus top-level `signature` — the same
+// projection `canonicalizeHorizonCertForWitness` produces. These three
+// helpers wrap that projection so call sites never re-derive the
+// canonical bytes by hand (rule: services consume primitives, never
+// inline `canonicalJson`).
+//
+// Both the issuer's `WitnessSolicitationRequest.issuer_signature` and
+// each peer's `WitnessSolicitationResponse.signature` are over THE
+// SAME bytes — `canonicalJson(cert_body)` under
+// `motebit-jcs-ed25519-b64-v1`. The peer's verify-issuer + sign-as-
+// witness paths share canonical-bytes derivation by design (session-3
+// sub-decision: issuer-signature payload IS witness-signature payload).
+/**
+ * Compute the canonical signing bytes for a `HorizonWitnessRequestBody`.
+ * Byte-equal to `canonicalizeHorizonCertForWitness` over the
+ * corresponding full cert (since the function strips
+ * `witnessed_by[]` + `signature`); exposed as a separate helper so
+ * call sites pass the wire-shaped request body directly without
+ * synthesizing a full cert.
+ */
+export function canonicalizeHorizonWitnessRequestBody(body) {
+    return canonicalizeHorizonCertForWitness({
+        ...body,
+        witnessed_by: [],
+        signature: "",
+    });
+}
+/**
+ * Sign a `HorizonWitnessRequestBody` — produces a base64url-encoded
+ * Ed25519 signature over the canonical bytes. Used by BOTH:
+ *
+ *   - the issuer, for `WitnessSolicitationRequest.issuer_signature`
+ *     (attests authenticity of the solicitation request before any
+ *     peer signs as witness),
+ *   - each peer witness, for `WitnessSolicitationResponse.signature`
+ *     (the per-witness signature copied verbatim into
+ *     `cert.witnessed_by[].signature`).
+ *
+ * Both roles sign byte-equal canonical bytes by design (session-3
+ * sub-decision: issuer-signature payload IS witness-signature payload).
+ * The peer's verify-issuer + sign-as-witness paths share canonical-bytes
+ * derivation through this primitive — drift-impossible.
+ */
+export async function signHorizonWitnessRequestBody(body, privateKey) {
+    const bytes = canonicalizeHorizonWitnessRequestBody(body);
+    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
+    return toBase64Url(sig);
+}
+/**
+ * Verify the issuer's `issuer_signature` on a
+ * `WitnessSolicitationRequest`. Peer-side fail-closed gate before the
+ * peer signs as a witness over the same bytes. Returns `false` on any
+ * malformed signature, suite mismatch, or hash failure — never throws.
+ */
+export async function verifyHorizonWitnessRequestSignature(body, signatureBase64Url, issuerPublicKey) {
+    let sigBytes;
+    try {
+        sigBytes = fromBase64Url(signatureBase64Url);
+    }
+    catch {
+        return false;
+    }
+    if (sigBytes.length === 0)
+        return false;
+    const bytes = canonicalizeHorizonWitnessRequestBody(body);
+    return verifyBySuite(DELETION_CERTIFICATE_SUITE, bytes, sigBytes, issuerPublicKey);
+}
+// ── Verifier ─────────────────────────────────────────────────────────
+/**
+ * Verify a deletion certificate. Single entry point — dispatches by
+ * `kind` to the per-arm verifier. Fail-closed throughout: any
+ * verification step that errors or returns false → `valid: false`.
+ *
+ * The verifier checks, in order:
+ *   1. Reason × signer × mode table is satisfied (decision 5).
+ *   2. Each present signature is cryptographically valid against the
+ *      cert's canonical signing bytes.
+ *   3. (Horizon arm only) the issuer signature and each witness
+ *      signature verify.
+ *   4. (Optional, when `validateGuardianBinding` supplied) the
+ *      embedded guardian public key matches the subject motebit's
+ *      declared guardian.
+ */
+export async function verifyDeletionCertificate(cert, ctx) {
+    switch (cert.kind) {
+        case "mutable_pruning":
+        case "consolidation_flush":
+            return verifyMultiSignatureCert(cert, ctx);
+        case "append_only_horizon":
+            return verifyHorizonCert(cert, ctx);
+    }
+}
+async function verifyMultiSignatureCert(cert, ctx) {
+    const errors = [];
+    const rule = REASON_TABLE[cert.reason];
+    if (rule === undefined) {
+        return failResult(`unknown reason: ${cert.reason}`);
+    }
+    // Mode check (only when caller declared a mode).
+    if (ctx.deploymentMode !== undefined && !rule.modes.includes(ctx.deploymentMode)) {
+        errors.push(`reason "${cert.reason}" not admitted in deployment mode "${ctx.deploymentMode}"`);
+    }
+    // Presence check — required signer must be present, forbidden must be absent.
+    const present = {
+        subject: cert.subject_signature !== undefined,
+        operator: cert.operator_signature !== undefined,
+        delegate: cert.delegate_signature !== undefined,
+        guardian: cert.guardian_signature !== undefined,
+    };
+    if (!present[rule.required]) {
+        errors.push(`reason "${cert.reason}" requires ${rule.required}_signature, not present`);
+    }
+    for (const f of rule.forbidden) {
+        if (present[f]) {
+            errors.push(`reason "${cert.reason}" forbids ${f}_signature, present`);
+        }
+    }
+    // Signature verification — verify every present signature against canonical bytes.
+    const bytes = canonicalizeMultiSignatureCert(cert);
+    let subjectValid = null;
+    if (cert.subject_signature !== undefined) {
+        subjectValid = await verifyOneSignature(bytes, cert.subject_signature.signature, cert.subject_signature.suite, await ctx.resolveMotebitPublicKey(cert.subject_signature.motebit_id));
+        if (!subjectValid)
+            errors.push("subject_signature invalid");
+    }
+    let operatorValid = null;
+    if (cert.operator_signature !== undefined) {
+        operatorValid = await verifyOneSignature(bytes, cert.operator_signature.signature, cert.operator_signature.suite, await ctx.resolveOperatorPublicKey(cert.operator_signature.operator_id));
+        if (!operatorValid)
+            errors.push("operator_signature invalid");
+    }
+    let delegateValid = null;
+    if (cert.delegate_signature !== undefined) {
+        delegateValid = await verifyOneSignature(bytes, cert.delegate_signature.signature, cert.delegate_signature.suite, await ctx.resolveMotebitPublicKey(cert.delegate_signature.motebit_id));
+        if (!delegateValid)
+            errors.push("delegate_signature invalid");
+    }
+    let guardianValid = null;
+    if (cert.guardian_signature !== undefined) {
+        let guardianKey;
+        try {
+            guardianKey = hexToBytes(cert.guardian_signature.guardian_public_key);
+        }
+        catch {
+            guardianKey = null;
+            errors.push("guardian_public_key not valid hex");
+        }
+        if (ctx.validateGuardianBinding !== undefined) {
+            const subjectMotebitId = cert.subject_signature !== undefined
+                ? cert.subject_signature.motebit_id
+                : undefined;
+            const ok = await ctx.validateGuardianBinding(subjectMotebitId, cert.guardian_signature.guardian_public_key);
+            if (!ok)
+                errors.push("guardian_public_key not bound to subject motebit");
+        }
+        guardianValid = await verifyOneSignature(bytes, cert.guardian_signature.signature, cert.guardian_signature.suite, guardianKey);
+        if (!guardianValid)
+            errors.push("guardian_signature invalid");
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        steps: {
+            reason_table_satisfied: errors.length === 0,
+            subject_signature_valid: subjectValid,
+            operator_signature_valid: operatorValid,
+            delegate_signature_valid: delegateValid,
+            guardian_signature_valid: guardianValid,
+            horizon_issuer_signature_valid: null,
+            horizon_witnesses_valid_count: null,
+            horizon_witnesses_present_count: null,
+        },
+    };
+}
+async function verifyHorizonCert(cert, ctx) {
+    const errors = [];
+    // Empty-tree anchor sanity check — when `leaf_count = 0`, the only
+    // admissible `merkle_root` is the empty-tree value. Otherwise an
+    // issuer could mint a self-witnessed cert with arbitrary anchor
+    // bytes and dodge inclusion-proof scrutiny in WitnessOmissionDispute.
+    const anchor = cert.federation_graph_anchor;
+    if (anchor !== undefined) {
+        if (anchor.leaf_count === 0 && anchor.merkle_root !== EMPTY_FEDERATION_GRAPH_ANCHOR_ROOT) {
+            errors.push("federation_graph_anchor.leaf_count=0 requires the empty-tree merkle_root");
+        }
+        if (anchor.leaf_count < 0 || !Number.isInteger(anchor.leaf_count)) {
+            errors.push("federation_graph_anchor.leaf_count must be a non-negative integer");
+        }
+    }
+    const issuerBytes = canonicalizeHorizonCert(cert);
+    const witnessBytes = canonicalizeHorizonCertForWitness(cert);
+    // Issuer key resolution depends on subject discriminator.
+    const issuerKey = cert.subject.kind === "motebit"
+        ? await ctx.resolveMotebitPublicKey(cert.subject.motebit_id)
+        : await ctx.resolveOperatorPublicKey(cert.subject.operator_id);
+    const issuerValid = await verifyOneSignature(issuerBytes, cert.signature, cert.suite, issuerKey);
+    if (!issuerValid)
+        errors.push("horizon issuer signature invalid");
+    // Witness verification — witnesses sign the body without `witnessed_by`,
+    // so each witness signature can be co-signed asynchronously. The
+    // issuer's separate signature commits to the assembled witness array
+    // (a forged witness fails issuer-signature verification above).
+    let witnessesValid = 0;
+    for (const w of cert.witnessed_by) {
+        const key = await ctx.resolveMotebitPublicKey(w.motebit_id);
+        const ok = await verifyOneSignature(witnessBytes, w.signature, cert.suite, key);
+        if (ok)
+            witnessesValid++;
+        else
+            errors.push(`witness ${w.motebit_id} signature invalid`);
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        steps: {
+            reason_table_satisfied: true,
+            subject_signature_valid: null,
+            operator_signature_valid: null,
+            delegate_signature_valid: null,
+            guardian_signature_valid: null,
+            horizon_issuer_signature_valid: issuerValid,
+            horizon_witnesses_valid_count: witnessesValid,
+            horizon_witnesses_present_count: cert.witnessed_by.length,
+        },
+    };
+}
+async function verifyOneSignature(canonicalBytes, signatureBase64Url, suite, publicKey) {
+    if (publicKey === null)
+        return false;
+    let sigBytes;
+    try {
+        sigBytes = fromBase64Url(signatureBase64Url);
+    }
+    catch {
+        return false;
+    }
+    return verifyBySuite(suite, canonicalBytes, sigBytes, publicKey);
+}
+function failResult(message) {
+    return {
+        valid: false,
+        errors: [message],
+        steps: {
+            reason_table_satisfied: false,
+            subject_signature_valid: null,
+            operator_signature_valid: null,
+            delegate_signature_valid: null,
+            guardian_signature_valid: null,
+            horizon_issuer_signature_valid: null,
+            horizon_witnesses_valid_count: null,
+            horizon_witnesses_present_count: null,
+        },
+    };
+}
+/**
+ * Verify a retention manifest published at
+ * `/.well-known/motebit-retention.json`. The manifest's signature
+ * covers `canonicalJson(manifest minus signature)`, signed by the
+ * operator's identity key under `motebit-jcs-ed25519-hex-v1` —
+ * sibling to the operator-transparency manifest's signing flow.
+ *
+ * Browser-side re-verifier per docs/doctrine/retention-policy.md
+ * §"Self-attesting transparency". Composes existing primitives —
+ * `canonicalJson` from signing.ts, `verifyBySuite` from
+ * suite-dispatch.ts. Same shape as the `verifySkillBundle`
+ * (87e2f174) browser primitive.
+ *
+ * The verifier accepts the operator's public key directly — callers
+ * resolve it from the operator-transparency manifest at
+ * `/.well-known/motebit-transparency.json` (its `relay_public_key`
+ * field), so a single manifest fetch + verify pair gives users a
+ * full retention claim audit.
+ */
+export async function verifyRetentionManifest(manifest, operatorPublicKey) {
+    const errors = [];
+    if (manifest.spec !== "motebit/retention-manifest@1") {
+        errors.push(`unexpected spec: ${String(manifest.spec)}`);
+    }
+    if (manifest.suite !== "motebit-jcs-ed25519-hex-v1") {
+        errors.push(`unexpected suite: ${manifest.suite}`);
+    }
+    if (errors.length > 0) {
+        return { valid: false, errors, manifest: null };
+    }
+    const { signature, ...body } = manifest;
+    const canonical = canonicalJson(body);
+    const canonicalBytes = new TextEncoder().encode(canonical);
+    let signatureBytes;
+    try {
+        // hex-encoded signature per `motebit-jcs-ed25519-hex-v1`
+        if (signature.length !== 128 || !/^[0-9a-f]+$/i.test(signature)) {
+            errors.push("signature is not 128-char hex");
+            return { valid: false, errors, manifest: null };
+        }
+        const out = new Uint8Array(64);
+        for (let i = 0; i < 64; i++) {
+            out[i] = parseInt(signature.slice(i * 2, i * 2 + 2), 16);
+        }
+        signatureBytes = out;
+        /* c8 ignore start -- defensive catch; the parseInt-based hex decode above doesn't throw on invalid input (parseInt returns NaN), so this catch is unreachable today. Keep for forward-compat: if a future hex-decode primitive (e.g. native Uint8Array.fromHex) throws, this branch ensures fail-closed verification rather than silently passing garbage bytes through to verifyBySuite. */
+    }
+    catch {
+        errors.push("signature decode failed");
+        return { valid: false, errors, manifest: null };
+    }
+    /* c8 ignore stop */
+    const ok = await verifyBySuite("motebit-jcs-ed25519-hex-v1", canonicalBytes, signatureBytes, operatorPublicKey);
+    if (!ok) {
+        errors.push("manifest signature does not verify against operator_public_key");
+        return { valid: false, errors, manifest: null };
+    }
+    return { valid: true, errors: [], manifest };
+}
+// Re-export to satisfy unused-import lint when MotebitId only appears in JSDoc.
+void null;
+//# sourceMappingURL=deletion-certificate.js.map

package/dist/deletion-certificate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deletion-certificate.js","sourceRoot":"","sources":["../src/deletion-certificate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAUH,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACjG,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEjE,wEAAwE;AAExE,oEAAoE;AACpE,MAAM,CAAC,MAAM,0BAA0B,GAAY,4BAA4B,CAAC;AAEhF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kCAAkC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtE;;;;;;;GAOG;AACH,MAAM,kCAAkC,GACtC,kEAAkE,CAAC;AAkBrE,MAAM,YAAY,GAAiD,MAAM,CAAC,MAAM,CAAC;IAC/E,YAAY,EAAE;QACZ,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC;KAC/C;IACD,qBAAqB,EAAE;QACrB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,yCAAyC,EAAE;QACzC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,EAAE;QACZ,SAAS,EAAE,CAAC,SAAS,CAAC;QACtB,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,iBAAiB,EAAE;QACjB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,EAAE;QACZ,SAAS,EAAE,CAAC,UAAU,CAAC;QACvB,kEAAkE;QAClE,0DAA0D;QAC1D,kEAAkE;QAClE,4DAA4D;QAC5D,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC;KAC/C;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,YAAY,CAAC;KACtB;CACF,CAAC,CAAC;AA2DH,wEAAwE;AAExE;;;;;GAKG;AACH,MAAM,UAAU,8BAA8B,CAC5C,IAAuF;IAEvF,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,IAAI,EAAE,GAC9F,IAAI,CAAC;IACP,gEAAgE;IAChE,KAAK,iBAAiB,CAAC;IACvB,KAAK,kBAAkB,CAAC;IACxB,KAAK,kBAAkB,CAAC;IACxB,KAAK,kBAAkB,CAAC;IACxB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAmE;IAEnE,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IACpC,KAAK,SAAS,CAAC;IACf,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,iCAAiC,CAC/C,IAAmE;IAEnE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAClD,KAAK,SAAS,CAAC;IACf,KAAK,YAAY,CAAC;IAClB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAErC,IAAO,EAAE,SAAiB,EAAE,UAAsB;IAClD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,iBAAiB,EAAE;YACjB,UAAU,EAAE,SAAkB;YAC9B,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,mDAAmD;AACnD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAEtC,IAAO,EAAE,UAAkB,EAAE,UAAsB;IACnD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,WAAW,EAAE,UAAU;YACvB,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAGtC,IAAO,EACP,iBAAyB,EACzB,mBAA2B,EAC3B,UAAsB;IAEtB,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,UAAU,EAAE,iBAA0B;YACtC,qBAAqB,EAAE,mBAAmB;YAC1C,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAEtC,IAAO,EAAE,iBAA6B,EAAE,UAAsB;IAC9D,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,mBAAmB,EAAE,UAAU,CAAC,iBAAiB,CAAC;YAClD,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAgG,EAChG,UAAsB;IAEtB,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,0BAA0B,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAChF,MAAM,KAAK,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO,EAAE,GAAG,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAmE,EACnE,gBAAwB,EACxB,UAAsB,EACtB,cAAkD;IAElD,MAAM,KAAK,GAAG,iCAAiC,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAmB;QAC9B,UAAU,EAAE,gBAAyB;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;QAC3B,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iFAAiF;AACjF,EAAE;AACF,sEAAsE;AACtE,qEAAqE;AACrE,oEAAoE;AACpE,uEAAuE;AACvE,iEAAiE;AACjE,oEAAoE;AACpE,2BAA2B;AAC3B,EAAE;AACF,sEAAsE;AACtE,mEAAmE;AACnE,gDAAgD;AAChD,oEAAoE;AACpE,sEAAsE;AACtE,wEAAwE;AAExE;;;;;;;GAOG;AACH,MAAM,UAAU,qCAAqC,CAAC,IAA+B;IACnF,OAAO,iCAAiC,CAAC;QACvC,GAAG,IAAI;QACP,YAAY,EAAE,EAAE;QAChB,SAAS,EAAE,EAAE;KACmD,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAA+B,EAC/B,UAAsB;IAEtB,MAAM,KAAK,GAAG,qCAAqC,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oCAAoC,CACxD,IAA+B,EAC/B,kBAA0B,EAC1B,eAA2B;IAE3B,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,KAAK,GAAG,qCAAqC,CAAC,IAAI,CAAC,CAAC;IAC1D,OAAO,aAAa,CAAC,0BAA0B,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AACrF,CAAC;AAED,wEAAwE;AAExE;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAyB,EACzB,GAAqC;IAErC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,iBAAiB,CAAC;QACvB,KAAK,qBAAqB;YACxB,OAAO,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC7C,KAAK,qBAAqB;YACxB,OAAO,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,IAAuF,EACvF,GAAqC;IAErC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,iDAAiD;IACjD,IAAI,GAAG,CAAC,cAAc,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,sCAAsC,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC;IACjG,CAAC;IAED,8EAA8E;IAC9E,MAAM,OAAO,GAAgC;QAC3C,OAAO,EAAE,IAAI,CAAC,iBAAiB,KAAK,SAAS;QAC7C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;QAC/C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;QAC/C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;KAChD,CAAC;IACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,cAAc,IAAI,CAAC,QAAQ,yBAAyB,CAAC,CAAC;IAC1F,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,mFAAmF;IACnF,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IAEnD,IAAI,YAAY,GAAmB,IAAI,CAAC;IACxC,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACzC,YAAY,GAAG,MAAM,kBAAkB,CACrC,KAAK,EACL,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAChC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAC5B,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAoB,CAAC,CAC/E,CAAC;QACF,IAAI,CAAC,YAAY;YAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,MAAM,GAAG,CAAC,wBAAwB,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CACxE,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAoB,CAAC,CAChF,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,IAAI,WAA8B,CAAC;QACnC,IAAI,CAAC;YACH,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,GAAG,IAAI,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,GAAG,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,gBAAgB,GACpB,IAAI,CAAC,iBAAiB,KAAK,SAAS;gBAClC,CAAC,CAAE,IAAI,CAAC,iBAAiB,CAAC,UAAqB;gBAC/C,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAC1C,gBAAgB,EAChB,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAC5C,CAAC;YACF,IAAI,CAAC,EAAE;gBAAE,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC3E,CAAC;QACD,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,WAAW,CACZ,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,KAAK,EAAE;YACL,sBAAsB,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC3C,uBAAuB,EAAE,YAAY;YACrC,wBAAwB,EAAE,aAAa;YACvC,wBAAwB,EAAE,aAAa;YACvC,wBAAwB,EAAE,aAAa;YACvC,8BAA8B,EAAE,IAAI;YACpC,6BAA6B,EAAE,IAAI;YACnC,+BAA+B,EAAE,IAAI;SACtC;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,IAAmE,EACnE,GAAqC;IAErC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,mEAAmE;IACnE,iEAAiE;IACjE,gEAAgE;IAChE,sEAAsE;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,uBAAuB,CAAC;IAC5C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,KAAK,kCAAkC,EAAE,CAAC;YACzF,MAAM,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,iCAAiC,CAAC,IAAI,CAAC,CAAC;IAE7D,0DAA0D;IAC1D,MAAM,SAAS,GACb,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;QAC7B,CAAC,CAAC,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,UAAoB,CAAC;QACtE,CAAC,CAAC,MAAM,GAAG,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEnE,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW;QAAE,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAElE,yEAAyE;IACzE,iEAAiE;IACjE,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,UAAoB,CAAC,CAAC;QACtE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,YAAY,EAAE,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChF,IAAI,EAAE;YAAE,cAAc,EAAE,CAAC;;YACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAoB,oBAAoB,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,KAAK,EAAE;YACL,sBAAsB,EAAE,IAAI;YAC5B,uBAAuB,EAAE,IAAI;YAC7B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,8BAA8B,EAAE,WAAW;YAC3C,6BAA6B,EAAE,cAAc;YAC7C,+BAA+B,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM;SAC1D;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,cAA0B,EAC1B,kBAA0B,EAC1B,KAAc,EACd,SAA4B;IAE5B,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACrC,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,CAAC,OAAO,CAAC;QACjB,KAAK,EAAE;YACL,sBAAsB,EAAE,KAAK;YAC7B,uBAAuB,EAAE,IAAI;YAC7B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,8BAA8B,EAAE,IAAI;YACpC,6BAA6B,EAAE,IAAI;YACnC,+BAA+B,EAAE,IAAI;SACtC;KACF,CAAC;AACJ,CAAC;AAcD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,QAA2B,EAC3B,iBAA6B;IAE7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,QAAQ,CAAC,IAAI,KAAK,8BAA8B,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,4BAA4B,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,qBAAqB,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,QAAQ,CAAC;IACxC,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE3D,IAAI,cAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,yDAAyD;QACzD,IAAI,SAAS,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAChE,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAClD,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,cAAc,GAAG,GAAG,CAAC;QACrB,6XAA6X;IAC/X,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IACD,oBAAoB;IAEpB,MAAM,EAAE,GAAG,MAAM,aAAa,CAC5B,4BAA4B,EAC5B,cAAc,EACd,cAAc,EACd,iBAAiB,CAClB,CAAC;IACF,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC9E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED,gFAAgF;AAChF,KAAM,IAA6B,CAAC"}