@motebit/crypto 1.2.0 → 1.3.0

package/dist/deletion-certificate.js

@@ -1,562 +0,0 @@
-/**
- * Deletion certificate — sign + verify for the three retention shapes.
- *
- * Permissive floor (Apache-2.0). Zero monorepo dependencies — types
- * mirror `@motebit/protocol`'s discriminated union; primitives route
- * through `@motebit/crypto/suite-dispatch`.
- *
- * Three arms in one union (`@motebit/protocol :: DeletionCertificate`):
- *
- *   - `mutable_pruning` and `consolidation_flush` — multi-signature
- *     certs (subject / operator / delegate / guardian, at-least-one
- *     required by the reason-table). Each present signature covers the
- *     same canonical bytes: `canonicalJson(cert minus all *_signature
- *     fields)`. Pattern matches identity-v1 §3.8.1 dual-signature
- *     succession (one canonical payload, multiple verifiable signers).
- *
- *   - `append_only_horizon` — single-issuer signature plus witness
- *     signatures. Both the issuer and every witness sign the same
- *     `canonicalJson(cert minus signature)`. Witness array is part of
- *     the signed body — a forged witness fails verification.
- *
- * Verification dispatches by `kind`. Reason × signer × mode table
- * (decision 5) gates which signer compositions are admissible. Each
- * admissible signature is then cryptographically verified through
- * `verifyBySuite`.
- */
-import { canonicalJson, hexToBytes, fromBase64Url, toBase64Url, bytesToHex } from "./signing.js";
-import { signBySuite, verifyBySuite } from "./suite-dispatch.js";
-// ── Constants ────────────────────────────────────────────────────────
-/** The cryptosuite every deletion certificate signs under today. */
-export const DELETION_CERTIFICATE_SUITE = "motebit-jcs-ed25519-b64-v1";
-/**
- * Filing window for `WitnessOmissionDispute` (retention phase 4b-3).
- * A dispute MUST be filed within 24h of the cert's `issued_at`;
- * `verifyWitnessOmissionDispute` rejects beyond this window. Mirrors
- * the 24h cadence of `spec/dispute-v1.md` §7.5 (filing / withdrawal /
- * appeal windows).
- */
-export const WITNESS_OMISSION_DISPUTE_WINDOW_MS = 24 * 60 * 60 * 1000;
-/**
- * Canonical empty-tree merkle root — hex-encoded SHA-256 of zero
- * bytes. The verifier in `verifyHorizonCert` rejects horizon certs
- * whose `federation_graph_anchor.leaf_count = 0` carries a
- * `merkle_root` other than this value, so a malicious issuer cannot
- * mint a self-witnessed cert with arbitrary anchor bytes. Mirrors
- * `EMPTY_FEDERATION_GRAPH_ANCHOR.merkle_root` in `@motebit/protocol`.
- */
-const EMPTY_FEDERATION_GRAPH_ANCHOR_ROOT = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
-const REASON_TABLE = Object.freeze({
-    user_request: {
-        required: "subject",
-        optional: ["operator"],
-        forbidden: [],
-        modes: ["sovereign", "mediated", "enterprise"],
-    },
-    retention_enforcement: {
-        required: "operator",
-        optional: ["subject"],
-        forbidden: [],
-        modes: ["mediated", "enterprise"],
-    },
-    retention_enforcement_post_classification: {
-        required: "operator",
-        optional: ["subject"],
-        forbidden: [],
-        modes: ["mediated", "enterprise"],
-    },
-    operator_request: {
-        required: "operator",
-        optional: [],
-        forbidden: ["subject"],
-        modes: ["mediated", "enterprise"],
-    },
-    delegated_request: {
-        required: "delegate",
-        optional: ["operator"],
-        forbidden: [],
-        modes: ["mediated", "enterprise"],
-    },
-    self_enforcement: {
-        required: "subject",
-        optional: [],
-        forbidden: ["operator"],
-        // Admitted in every mode: the subject's runtime can drive its own
-        // retention policy whether or not an operator exists. The
-        // distinction from `retention_enforcement` is who signs — subject
-        // for self_enforcement, operator for retention_enforcement.
-        modes: ["sovereign", "mediated", "enterprise"],
-    },
-    guardian_request: {
-        required: "guardian",
-        optional: ["operator"],
-        forbidden: [],
-        modes: ["enterprise"],
-    },
-});
-// ── Signing helpers ──────────────────────────────────────────────────
-/**
- * Compute the canonical signing bytes for a `mutable_pruning` or
- * `consolidation_flush` cert. Strips every `*_signature` field so all
- * present signers sign identical bytes — matches identity-v1 §3.8.1's
- * dual-signature canonical payload.
- */
-export function canonicalizeMultiSignatureCert(cert) {
-    const { subject_signature, operator_signature, delegate_signature, guardian_signature, ...body } = cert;
-    // touch all extracted fields so unused-locals lint doesn't fail
-    void subject_signature;
-    void operator_signature;
-    void delegate_signature;
-    void guardian_signature;
-    return new TextEncoder().encode(canonicalJson(body));
-}
-/**
- * Compute the canonical signing bytes for an `append_only_horizon`
- * cert's ISSUER signature. Strips only `signature`. The issuer commits
- * to the full body — including every witness's signature in
- * `witnessed_by` — so a forged witness fails verification at the
- * issuer signature step (the body the issuer signed no longer matches
- * the post-tampering body).
- */
-export function canonicalizeHorizonCert(cert) {
-    const { signature, ...body } = cert;
-    void signature;
-    return new TextEncoder().encode(canonicalJson(body));
-}
-/**
- * Compute the canonical signing bytes for a WITNESS signature on an
- * `append_only_horizon` cert. Strips both `signature` and
- * `witnessed_by` so witnesses can co-sign asynchronously without
- * needing to know each other's signatures.
- *
- * Witness's identity is bound to the signature via the public key
- * used at verification (resolved from `witnessed_by[i].motebit_id`).
- * The cert body's other fields (subject, store_id, horizon_ts,
- * issued_at, federation_graph_anchor) make two distinct horizon
- * advances produce distinct signing bytes, so a witness signature
- * cannot be relayed to a different cert.
- *
- * The issuer's separate signature commits to the assembled witness
- * array — that's the binding that makes a forged or substituted
- * witness detectable.
- */
-export function canonicalizeHorizonCertForWitness(cert) {
-    const { signature, witnessed_by, ...body } = cert;
-    void signature;
-    void witnessed_by;
-    return new TextEncoder().encode(canonicalJson(body));
-}
-/**
- * Sign a `mutable_pruning` or `consolidation_flush` cert as the
- * subject (motebit identity key). Adds the `subject_signature` block.
- *
- * Callers compose: sign as subject → optionally sign as operator → emit.
- * Each signing step appends a signature block; the canonical bytes are
- * recomputed from the body each time, so signatures are commutative
- * (any signing order produces identical bytes for every signer).
- */
-export async function signCertAsSubject(cert, motebitId, privateKey) {
-    const bytes = canonicalizeMultiSignatureCert(cert);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return {
-        ...cert,
-        subject_signature: {
-            motebit_id: motebitId,
-            suite: DELETION_CERTIFICATE_SUITE,
-            signature: toBase64Url(sig),
-        },
-    };
-}
-/** Sign a multi-signature cert as the operator. */
-export async function signCertAsOperator(cert, operatorId, privateKey) {
-    const bytes = canonicalizeMultiSignatureCert(cert);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return {
-        ...cert,
-        operator_signature: {
-            operator_id: operatorId,
-            suite: DELETION_CERTIFICATE_SUITE,
-            signature: toBase64Url(sig),
-        },
-    };
-}
-/** Sign a multi-signature cert as a delegate (multi-hop authorization). */
-export async function signCertAsDelegate(cert, delegateMotebitId, delegationReceiptId, privateKey) {
-    const bytes = canonicalizeMultiSignatureCert(cert);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return {
-        ...cert,
-        delegate_signature: {
-            motebit_id: delegateMotebitId,
-            delegation_receipt_id: delegationReceiptId,
-            suite: DELETION_CERTIFICATE_SUITE,
-            signature: toBase64Url(sig),
-        },
-    };
-}
-/** Sign a multi-signature cert as the guardian (enterprise custody). */
-export async function signCertAsGuardian(cert, guardianPublicKey, privateKey) {
-    const bytes = canonicalizeMultiSignatureCert(cert);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return {
-        ...cert,
-        guardian_signature: {
-            guardian_public_key: bytesToHex(guardianPublicKey),
-            suite: DELETION_CERTIFICATE_SUITE,
-            signature: toBase64Url(sig),
-        },
-    };
-}
-/**
- * Sign an `append_only_horizon` cert as the issuer. The issuer is the
- * subject named by the discriminator — motebit identity key for
- * per-motebit horizons, operator key for operator-wide horizons.
- */
-export async function signHorizonCertAsIssuer(cert, privateKey) {
-    const withSuite = { ...cert, suite: DELETION_CERTIFICATE_SUITE, signature: "" };
-    const bytes = canonicalizeHorizonCert(withSuite);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return { ...withSuite, signature: toBase64Url(sig) };
-}
-/**
- * Add a witness signature to an `append_only_horizon` cert. Witness
- * signs the same canonical body as the issuer; the witness array is
- * part of the signed body, so once the issuer has signed, the witness
- * additions are appended without re-signing the issuer side.
- *
- * Note: the issuer's signature is over the body INCLUDING the
- * witness array as it stood when the issuer signed. Witnesses added
- * after issuer-signing invalidate the issuer signature. Production
- * flow: build the witness array first → issuer signs last. This
- * function is here for tests and offline witness aggregation.
- */
-export async function signHorizonWitness(cert, witnessMotebitId, privateKey, inclusionProof) {
-    const bytes = canonicalizeHorizonCertForWitness(cert);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    const witness = {
-        motebit_id: witnessMotebitId,
-        signature: toBase64Url(sig),
-        ...(inclusionProof !== undefined ? { inclusion_proof: inclusionProof } : {}),
-    };
-    return witness;
-}
-// ── Witness solicitation request body — issuer + peer-side primitives (4b-3) ──
-//
-// `HorizonWitnessRequestBody` is the cert body witnesses canonicalize
-// and sign. By construction it equals the `append_only_horizon` cert
-// minus `witnessed_by[]` and minus top-level `signature` — the same
-// projection `canonicalizeHorizonCertForWitness` produces. These three
-// helpers wrap that projection so call sites never re-derive the
-// canonical bytes by hand (rule: services consume primitives, never
-// inline `canonicalJson`).
-//
-// Both the issuer's `WitnessSolicitationRequest.issuer_signature` and
-// each peer's `WitnessSolicitationResponse.signature` are over THE
-// SAME bytes — `canonicalJson(cert_body)` under
-// `motebit-jcs-ed25519-b64-v1`. The peer's verify-issuer + sign-as-
-// witness paths share canonical-bytes derivation by design (session-3
-// sub-decision: issuer-signature payload IS witness-signature payload).
-/**
- * Compute the canonical signing bytes for a `HorizonWitnessRequestBody`.
- * Byte-equal to `canonicalizeHorizonCertForWitness` over the
- * corresponding full cert (since the function strips
- * `witnessed_by[]` + `signature`); exposed as a separate helper so
- * call sites pass the wire-shaped request body directly without
- * synthesizing a full cert.
- */
-export function canonicalizeHorizonWitnessRequestBody(body) {
-    return canonicalizeHorizonCertForWitness({
-        ...body,
-        witnessed_by: [],
-        signature: "",
-    });
-}
-/**
- * Sign a `HorizonWitnessRequestBody` — produces a base64url-encoded
- * Ed25519 signature over the canonical bytes. Used by BOTH:
- *
- *   - the issuer, for `WitnessSolicitationRequest.issuer_signature`
- *     (attests authenticity of the solicitation request before any
- *     peer signs as witness),
- *   - each peer witness, for `WitnessSolicitationResponse.signature`
- *     (the per-witness signature copied verbatim into
- *     `cert.witnessed_by[].signature`).
- *
- * Both roles sign byte-equal canonical bytes by design (session-3
- * sub-decision: issuer-signature payload IS witness-signature payload).
- * The peer's verify-issuer + sign-as-witness paths share canonical-bytes
- * derivation through this primitive — drift-impossible.
- */
-export async function signHorizonWitnessRequestBody(body, privateKey) {
-    const bytes = canonicalizeHorizonWitnessRequestBody(body);
-    const sig = await signBySuite(DELETION_CERTIFICATE_SUITE, bytes, privateKey);
-    return toBase64Url(sig);
-}
-/**
- * Verify the issuer's `issuer_signature` on a
- * `WitnessSolicitationRequest`. Peer-side fail-closed gate before the
- * peer signs as a witness over the same bytes. Returns `false` on any
- * malformed signature, suite mismatch, or hash failure — never throws.
- */
-export async function verifyHorizonWitnessRequestSignature(body, signatureBase64Url, issuerPublicKey) {
-    let sigBytes;
-    try {
-        sigBytes = fromBase64Url(signatureBase64Url);
-    }
-    catch {
-        return false;
-    }
-    if (sigBytes.length === 0)
-        return false;
-    const bytes = canonicalizeHorizonWitnessRequestBody(body);
-    return verifyBySuite(DELETION_CERTIFICATE_SUITE, bytes, sigBytes, issuerPublicKey);
-}
-// ── Verifier ─────────────────────────────────────────────────────────
-/**
- * Verify a deletion certificate. Single entry point — dispatches by
- * `kind` to the per-arm verifier. Fail-closed throughout: any
- * verification step that errors or returns false → `valid: false`.
- *
- * The verifier checks, in order:
- *   1. Reason × signer × mode table is satisfied (decision 5).
- *   2. Each present signature is cryptographically valid against the
- *      cert's canonical signing bytes.
- *   3. (Horizon arm only) the issuer signature and each witness
- *      signature verify.
- *   4. (Optional, when `validateGuardianBinding` supplied) the
- *      embedded guardian public key matches the subject motebit's
- *      declared guardian.
- */
-export async function verifyDeletionCertificate(cert, ctx) {
-    switch (cert.kind) {
-        case "mutable_pruning":
-        case "consolidation_flush":
-            return verifyMultiSignatureCert(cert, ctx);
-        case "append_only_horizon":
-            return verifyHorizonCert(cert, ctx);
-    }
-}
-async function verifyMultiSignatureCert(cert, ctx) {
-    const errors = [];
-    const rule = REASON_TABLE[cert.reason];
-    if (rule === undefined) {
-        return failResult(`unknown reason: ${cert.reason}`);
-    }
-    // Mode check (only when caller declared a mode).
-    if (ctx.deploymentMode !== undefined && !rule.modes.includes(ctx.deploymentMode)) {
-        errors.push(`reason "${cert.reason}" not admitted in deployment mode "${ctx.deploymentMode}"`);
-    }
-    // Presence check — required signer must be present, forbidden must be absent.
-    const present = {
-        subject: cert.subject_signature !== undefined,
-        operator: cert.operator_signature !== undefined,
-        delegate: cert.delegate_signature !== undefined,
-        guardian: cert.guardian_signature !== undefined,
-    };
-    if (!present[rule.required]) {
-        errors.push(`reason "${cert.reason}" requires ${rule.required}_signature, not present`);
-    }
-    for (const f of rule.forbidden) {
-        if (present[f]) {
-            errors.push(`reason "${cert.reason}" forbids ${f}_signature, present`);
-        }
-    }
-    // Signature verification — verify every present signature against canonical bytes.
-    const bytes = canonicalizeMultiSignatureCert(cert);
-    let subjectValid = null;
-    if (cert.subject_signature !== undefined) {
-        subjectValid = await verifyOneSignature(bytes, cert.subject_signature.signature, cert.subject_signature.suite, await ctx.resolveMotebitPublicKey(cert.subject_signature.motebit_id));
-        if (!subjectValid)
-            errors.push("subject_signature invalid");
-    }
-    let operatorValid = null;
-    if (cert.operator_signature !== undefined) {
-        operatorValid = await verifyOneSignature(bytes, cert.operator_signature.signature, cert.operator_signature.suite, await ctx.resolveOperatorPublicKey(cert.operator_signature.operator_id));
-        if (!operatorValid)
-            errors.push("operator_signature invalid");
-    }
-    let delegateValid = null;
-    if (cert.delegate_signature !== undefined) {
-        delegateValid = await verifyOneSignature(bytes, cert.delegate_signature.signature, cert.delegate_signature.suite, await ctx.resolveMotebitPublicKey(cert.delegate_signature.motebit_id));
-        if (!delegateValid)
-            errors.push("delegate_signature invalid");
-    }
-    let guardianValid = null;
-    if (cert.guardian_signature !== undefined) {
-        let guardianKey;
-        try {
-            guardianKey = hexToBytes(cert.guardian_signature.guardian_public_key);
-        }
-        catch {
-            guardianKey = null;
-            errors.push("guardian_public_key not valid hex");
-        }
-        if (ctx.validateGuardianBinding !== undefined) {
-            const subjectMotebitId = cert.subject_signature !== undefined
-                ? cert.subject_signature.motebit_id
-                : undefined;
-            const ok = await ctx.validateGuardianBinding(subjectMotebitId, cert.guardian_signature.guardian_public_key);
-            if (!ok)
-                errors.push("guardian_public_key not bound to subject motebit");
-        }
-        guardianValid = await verifyOneSignature(bytes, cert.guardian_signature.signature, cert.guardian_signature.suite, guardianKey);
-        if (!guardianValid)
-            errors.push("guardian_signature invalid");
-    }
-    return {
-        valid: errors.length === 0,
-        errors,
-        steps: {
-            reason_table_satisfied: errors.length === 0,
-            subject_signature_valid: subjectValid,
-            operator_signature_valid: operatorValid,
-            delegate_signature_valid: delegateValid,
-            guardian_signature_valid: guardianValid,
-            horizon_issuer_signature_valid: null,
-            horizon_witnesses_valid_count: null,
-            horizon_witnesses_present_count: null,
-        },
-    };
-}
-async function verifyHorizonCert(cert, ctx) {
-    const errors = [];
-    // Empty-tree anchor sanity check — when `leaf_count = 0`, the only
-    // admissible `merkle_root` is the empty-tree value. Otherwise an
-    // issuer could mint a self-witnessed cert with arbitrary anchor
-    // bytes and dodge inclusion-proof scrutiny in WitnessOmissionDispute.
-    const anchor = cert.federation_graph_anchor;
-    if (anchor !== undefined) {
-        if (anchor.leaf_count === 0 && anchor.merkle_root !== EMPTY_FEDERATION_GRAPH_ANCHOR_ROOT) {
-            errors.push("federation_graph_anchor.leaf_count=0 requires the empty-tree merkle_root");
-        }
-        if (anchor.leaf_count < 0 || !Number.isInteger(anchor.leaf_count)) {
-            errors.push("federation_graph_anchor.leaf_count must be a non-negative integer");
-        }
-    }
-    const issuerBytes = canonicalizeHorizonCert(cert);
-    const witnessBytes = canonicalizeHorizonCertForWitness(cert);
-    // Issuer key resolution depends on subject discriminator.
-    const issuerKey = cert.subject.kind === "motebit"
-        ? await ctx.resolveMotebitPublicKey(cert.subject.motebit_id)
-        : await ctx.resolveOperatorPublicKey(cert.subject.operator_id);
-    const issuerValid = await verifyOneSignature(issuerBytes, cert.signature, cert.suite, issuerKey);
-    if (!issuerValid)
-        errors.push("horizon issuer signature invalid");
-    // Witness verification — witnesses sign the body without `witnessed_by`,
-    // so each witness signature can be co-signed asynchronously. The
-    // issuer's separate signature commits to the assembled witness array
-    // (a forged witness fails issuer-signature verification above).
-    let witnessesValid = 0;
-    for (const w of cert.witnessed_by) {
-        const key = await ctx.resolveMotebitPublicKey(w.motebit_id);
-        const ok = await verifyOneSignature(witnessBytes, w.signature, cert.suite, key);
-        if (ok)
-            witnessesValid++;
-        else
-            errors.push(`witness ${w.motebit_id} signature invalid`);
-    }
-    return {
-        valid: errors.length === 0,
-        errors,
-        steps: {
-            reason_table_satisfied: true,
-            subject_signature_valid: null,
-            operator_signature_valid: null,
-            delegate_signature_valid: null,
-            guardian_signature_valid: null,
-            horizon_issuer_signature_valid: issuerValid,
-            horizon_witnesses_valid_count: witnessesValid,
-            horizon_witnesses_present_count: cert.witnessed_by.length,
-        },
-    };
-}
-async function verifyOneSignature(canonicalBytes, signatureBase64Url, suite, publicKey) {
-    if (publicKey === null)
-        return false;
-    let sigBytes;
-    try {
-        sigBytes = fromBase64Url(signatureBase64Url);
-    }
-    catch {
-        return false;
-    }
-    return verifyBySuite(suite, canonicalBytes, sigBytes, publicKey);
-}
-function failResult(message) {
-    return {
-        valid: false,
-        errors: [message],
-        steps: {
-            reason_table_satisfied: false,
-            subject_signature_valid: null,
-            operator_signature_valid: null,
-            delegate_signature_valid: null,
-            guardian_signature_valid: null,
-            horizon_issuer_signature_valid: null,
-            horizon_witnesses_valid_count: null,
-            horizon_witnesses_present_count: null,
-        },
-    };
-}
-/**
- * Verify a retention manifest published at
- * `/.well-known/motebit-retention.json`. The manifest's signature
- * covers `canonicalJson(manifest minus signature)`, signed by the
- * operator's identity key under `motebit-jcs-ed25519-hex-v1` —
- * sibling to the operator-transparency manifest's signing flow.
- *
- * Browser-side re-verifier per docs/doctrine/retention-policy.md
- * §"Self-attesting transparency". Composes existing primitives —
- * `canonicalJson` from signing.ts, `verifyBySuite` from
- * suite-dispatch.ts. Same shape as the `verifySkillBundle`
- * (87e2f174) browser primitive.
- *
- * The verifier accepts the operator's public key directly — callers
- * resolve it from the operator-transparency manifest at
- * `/.well-known/motebit-transparency.json` (its `relay_public_key`
- * field), so a single manifest fetch + verify pair gives users a
- * full retention claim audit.
- */
-export async function verifyRetentionManifest(manifest, operatorPublicKey) {
-    const errors = [];
-    if (manifest.spec !== "motebit/retention-manifest@1") {
-        errors.push(`unexpected spec: ${String(manifest.spec)}`);
-    }
-    if (manifest.suite !== "motebit-jcs-ed25519-hex-v1") {
-        errors.push(`unexpected suite: ${manifest.suite}`);
-    }
-    if (errors.length > 0) {
-        return { valid: false, errors, manifest: null };
-    }
-    const { signature, ...body } = manifest;
-    const canonical = canonicalJson(body);
-    const canonicalBytes = new TextEncoder().encode(canonical);
-    let signatureBytes;
-    try {
-        // hex-encoded signature per `motebit-jcs-ed25519-hex-v1`
-        if (signature.length !== 128 || !/^[0-9a-f]+$/i.test(signature)) {
-            errors.push("signature is not 128-char hex");
-            return { valid: false, errors, manifest: null };
-        }
-        const out = new Uint8Array(64);
-        for (let i = 0; i < 64; i++) {
-            out[i] = parseInt(signature.slice(i * 2, i * 2 + 2), 16);
-        }
-        signatureBytes = out;
-        /* c8 ignore start -- defensive catch; the parseInt-based hex decode above doesn't throw on invalid input (parseInt returns NaN), so this catch is unreachable today. Keep for forward-compat: if a future hex-decode primitive (e.g. native Uint8Array.fromHex) throws, this branch ensures fail-closed verification rather than silently passing garbage bytes through to verifyBySuite. */
-    }
-    catch {
-        errors.push("signature decode failed");
-        return { valid: false, errors, manifest: null };
-    }
-    /* c8 ignore stop */
-    const ok = await verifyBySuite("motebit-jcs-ed25519-hex-v1", canonicalBytes, signatureBytes, operatorPublicKey);
-    if (!ok) {
-        errors.push("manifest signature does not verify against operator_public_key");
-        return { valid: false, errors, manifest: null };
-    }
-    return { valid: true, errors: [], manifest };
-}
-// Re-export to satisfy unused-import lint when MotebitId only appears in JSDoc.
-void null;
-//# sourceMappingURL=deletion-certificate.js.map

package/dist/deletion-certificate.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"deletion-certificate.js","sourceRoot":"","sources":["../src/deletion-certificate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAUH,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACjG,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEjE,wEAAwE;AAExE,oEAAoE;AACpE,MAAM,CAAC,MAAM,0BAA0B,GAAY,4BAA4B,CAAC;AAEhF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kCAAkC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtE;;;;;;;GAOG;AACH,MAAM,kCAAkC,GACtC,kEAAkE,CAAC;AAkBrE,MAAM,YAAY,GAAiD,MAAM,CAAC,MAAM,CAAC;IAC/E,YAAY,EAAE;QACZ,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC;KAC/C;IACD,qBAAqB,EAAE;QACrB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,yCAAyC,EAAE;QACzC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,SAAS,CAAC;QACrB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,EAAE;QACZ,SAAS,EAAE,CAAC,SAAS,CAAC;QACtB,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,iBAAiB,EAAE;QACjB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;KAClC;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,EAAE;QACZ,SAAS,EAAE,CAAC,UAAU,CAAC;QACvB,kEAAkE;QAClE,0DAA0D;QAC1D,kEAAkE;QAClE,4DAA4D;QAC5D,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC;KAC/C;IACD,gBAAgB,EAAE;QAChB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,SAAS,EAAE,EAAE;QACb,KAAK,EAAE,CAAC,YAAY,CAAC;KACtB;CACF,CAAC,CAAC;AA2DH,wEAAwE;AAExE;;;;;GAKG;AACH,MAAM,UAAU,8BAA8B,CAC5C,IAAuF;IAEvF,MAAM,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,GAAG,IAAI,EAAE,GAC9F,IAAI,CAAC;IACP,gEAAgE;IAChE,KAAK,iBAAiB,CAAC;IACvB,KAAK,kBAAkB,CAAC;IACxB,KAAK,kBAAkB,CAAC;IACxB,KAAK,kBAAkB,CAAC;IACxB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAmE;IAEnE,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IACpC,KAAK,SAAS,CAAC;IACf,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,iCAAiC,CAC/C,IAAmE;IAEnE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;IAClD,KAAK,SAAS,CAAC;IACf,KAAK,YAAY,CAAC;IAClB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAErC,IAAO,EAAE,SAAiB,EAAE,UAAsB;IAClD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,iBAAiB,EAAE;YACjB,UAAU,EAAE,SAAkB;YAC9B,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,mDAAmD;AACnD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAEtC,IAAO,EAAE,UAAkB,EAAE,UAAsB;IACnD,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,WAAW,EAAE,UAAU;YACvB,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAGtC,IAAO,EACP,iBAAyB,EACzB,mBAA2B,EAC3B,UAAsB;IAEtB,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,UAAU,EAAE,iBAA0B;YACtC,qBAAqB,EAAE,mBAAmB;YAC1C,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAEtC,IAAO,EAAE,iBAA6B,EAAE,UAAsB;IAC9D,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO;QACL,GAAG,IAAI;QACP,kBAAkB,EAAE;YAClB,mBAAmB,EAAE,UAAU,CAAC,iBAAiB,CAAC;YAClD,KAAK,EAAE,0BAA0B;YACjC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;SAC5B;KACG,CAAC;AACT,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAgG,EAChG,UAAsB;IAEtB,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,0BAA0B,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAChF,MAAM,KAAK,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO,EAAE,GAAG,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;AACvD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAmE,EACnE,gBAAwB,EACxB,UAAsB,EACtB,cAAkD;IAElD,MAAM,KAAK,GAAG,iCAAiC,CAAC,IAAI,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAmB;QAC9B,UAAU,EAAE,gBAAyB;QACrC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC;QAC3B,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC;IACF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iFAAiF;AACjF,EAAE;AACF,sEAAsE;AACtE,qEAAqE;AACrE,oEAAoE;AACpE,uEAAuE;AACvE,iEAAiE;AACjE,oEAAoE;AACpE,2BAA2B;AAC3B,EAAE;AACF,sEAAsE;AACtE,mEAAmE;AACnE,gDAAgD;AAChD,oEAAoE;AACpE,sEAAsE;AACtE,wEAAwE;AAExE;;;;;;;GAOG;AACH,MAAM,UAAU,qCAAqC,CAAC,IAA+B;IACnF,OAAO,iCAAiC,CAAC;QACvC,GAAG,IAAI;QACP,YAAY,EAAE,EAAE;QAChB,SAAS,EAAE,EAAE;KACmD,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAA+B,EAC/B,UAAsB;IAEtB,MAAM,KAAK,GAAG,qCAAqC,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,0BAA0B,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAC7E,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oCAAoC,CACxD,IAA+B,EAC/B,kBAA0B,EAC1B,eAA2B;IAE3B,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,KAAK,GAAG,qCAAqC,CAAC,IAAI,CAAC,CAAC;IAC1D,OAAO,aAAa,CAAC,0BAA0B,EAAE,KAAK,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;AACrF,CAAC;AAED,wEAAwE;AAExE;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAyB,EACzB,GAAqC;IAErC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,iBAAiB,CAAC;QACvB,KAAK,qBAAqB;YACxB,OAAO,wBAAwB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC7C,KAAK,qBAAqB;YACxB,OAAO,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,IAAuF,EACvF,GAAqC;IAErC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,iDAAiD;IACjD,IAAI,GAAG,CAAC,cAAc,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,sCAAsC,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC;IACjG,CAAC;IAED,8EAA8E;IAC9E,MAAM,OAAO,GAAgC;QAC3C,OAAO,EAAE,IAAI,CAAC,iBAAiB,KAAK,SAAS;QAC7C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;QAC/C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;QAC/C,QAAQ,EAAE,IAAI,CAAC,kBAAkB,KAAK,SAAS;KAChD,CAAC;IACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,cAAc,IAAI,CAAC,QAAQ,yBAAyB,CAAC,CAAC;IAC1F,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,mFAAmF;IACnF,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IAEnD,IAAI,YAAY,GAAmB,IAAI,CAAC;IACxC,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QACzC,YAAY,GAAG,MAAM,kBAAkB,CACrC,KAAK,EACL,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAChC,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAC5B,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,iBAAiB,CAAC,UAAoB,CAAC,CAC/E,CAAC;QACF,IAAI,CAAC,YAAY;YAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,MAAM,GAAG,CAAC,wBAAwB,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CACxE,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAoB,CAAC,CAChF,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,aAAa,GAAmB,IAAI,CAAC;IACzC,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QAC1C,IAAI,WAA8B,CAAC;QACnC,IAAI,CAAC;YACH,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,GAAG,IAAI,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,GAAG,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,gBAAgB,GACpB,IAAI,CAAC,iBAAiB,KAAK,SAAS;gBAClC,CAAC,CAAE,IAAI,CAAC,iBAAiB,CAAC,UAAqB;gBAC/C,CAAC,CAAC,SAAS,CAAC;YAChB,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAC1C,gBAAgB,EAChB,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,CAC5C,CAAC;YACF,IAAI,CAAC,EAAE;gBAAE,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC3E,CAAC;QACD,aAAa,GAAG,MAAM,kBAAkB,CACtC,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,SAAS,EACjC,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAC7B,WAAW,CACZ,CAAC;QACF,IAAI,CAAC,aAAa;YAAE,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,KAAK,EAAE;YACL,sBAAsB,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC3C,uBAAuB,EAAE,YAAY;YACrC,wBAAwB,EAAE,aAAa;YACvC,wBAAwB,EAAE,aAAa;YACvC,wBAAwB,EAAE,aAAa;YACvC,8BAA8B,EAAE,IAAI;YACpC,6BAA6B,EAAE,IAAI;YACnC,+BAA+B,EAAE,IAAI;SACtC;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,IAAmE,EACnE,GAAqC;IAErC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,mEAAmE;IACnE,iEAAiE;IACjE,gEAAgE;IAChE,sEAAsE;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,uBAAuB,CAAC;IAC5C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,KAAK,kCAAkC,EAAE,CAAC;YACzF,MAAM,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,iCAAiC,CAAC,IAAI,CAAC,CAAC;IAE7D,0DAA0D;IAC1D,MAAM,SAAS,GACb,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS;QAC7B,CAAC,CAAC,MAAM,GAAG,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,UAAoB,CAAC;QACtE,CAAC,CAAC,MAAM,GAAG,CAAC,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAEnE,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW;QAAE,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAElE,yEAAyE;IACzE,iEAAiE;IACjE,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC,UAAoB,CAAC,CAAC;QACtE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,YAAY,EAAE,CAAC,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChF,IAAI,EAAE;YAAE,cAAc,EAAE,CAAC;;YACpB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAoB,oBAAoB,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,KAAK,EAAE;YACL,sBAAsB,EAAE,IAAI;YAC5B,uBAAuB,EAAE,IAAI;YAC7B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,8BAA8B,EAAE,WAAW;YAC3C,6BAA6B,EAAE,cAAc;YAC7C,+BAA+B,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM;SAC1D;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAC/B,cAA0B,EAC1B,kBAA0B,EAC1B,KAAc,EACd,SAA4B;IAE5B,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACrC,IAAI,QAAoB,CAAC;IACzB,IAAI,CAAC;QACH,QAAQ,GAAG,aAAa,CAAC,kBAAkB,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,CAAC,OAAO,CAAC;QACjB,KAAK,EAAE;YACL,sBAAsB,EAAE,KAAK;YAC7B,uBAAuB,EAAE,IAAI;YAC7B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,wBAAwB,EAAE,IAAI;YAC9B,8BAA8B,EAAE,IAAI;YACpC,6BAA6B,EAAE,IAAI;YACnC,+BAA+B,EAAE,IAAI;SACtC;KACF,CAAC;AACJ,CAAC;AAcD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,QAA2B,EAC3B,iBAA6B;IAE7B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,QAAQ,CAAC,IAAI,KAAK,8BAA8B,EAAE,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,QAAQ,CAAC,KAAK,KAAK,4BAA4B,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,qBAAqB,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,QAAQ,CAAC;IACxC,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE3D,IAAI,cAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,yDAAyD;QACzD,IAAI,SAAS,CAAC,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAChE,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAClD,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,cAAc,GAAG,GAAG,CAAC;QACrB,6XAA6X;IAC/X,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IACD,oBAAoB;IAEpB,MAAM,EAAE,GAAG,MAAM,aAAa,CAC5B,4BAA4B,EAC5B,cAAc,EACd,cAAc,EACd,iBAAiB,CAClB,CAAC;IACF,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC9E,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED,gFAAgF;AAChF,KAAM,IAA6B,CAAC"}