npm - @naylence/advanced-security - Versions diffs - 0.3.5-test.101 → 0.3.5-test.102 - Mend

@naylence/advanced-security 0.3.5-test.101 → 0.3.5-test.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (127) hide show

package/dist/cjs/naylence/fame/security/cert/trust-store/env-provider.js ADDED Viewed

@@ -0,0 +1,123 @@
+import { HttpBundleProvider } from "./http-bundle-provider.js";
+import { parseFameCaCerts } from "./fame-ca-certs-parser.js";
+import { createProviderFromDataUri, createProviderFromPem, loadPemFromFile, } from "./static-bundle-provider.js";
+export async function createTrustStoreProviderFromEnv(options = {}) {
+    const env = resolveEnv(options.env);
+    const rawSources = envValue(env, "FAME_CA_CERTS");
+    const hashPins = envValue(env, "FAME_CA_BUNDLE_SHA256");
+    const allowedSpkis = envValue(env, "FAME_CA_ALLOWED_ROOT_SPKIS");
+    const allowTofuRaw = envValue(env, "FAME_CA_ALLOW_TOFU");
+    const refreshIntervalRaw = envValue(env, "FAME_CA_REFRESH_INTERVAL_MS");
+    const sources = parseFameCaCerts(rawSources, {
+        hashPins,
+        allowedSpkis,
+        allowTofu: toScalar(allowTofuRaw),
+        refreshIntervalMs: toScalar(refreshIntervalRaw),
+    });
+    if (sources.length === 0) {
+        return null;
+    }
+    const providers = await Promise.all(sources.map((source) => buildProviderForSource(source, options)));
+    if (providers.length === 1) {
+        return providers[0];
+    }
+    return new CompositeTrustStoreProvider(providers);
+}
+class CompositeTrustStoreProvider {
+    constructor(providers) {
+        this.providers = providers;
+    }
+    async getRoots() {
+        const rootsLists = await Promise.all(this.providers.map((provider) => provider.getRoots()));
+        return rootsLists.flat();
+    }
+    onUpdate(callback) {
+        const unsubscribers = this.providers
+            .map((provider) => provider.onUpdate?.(callback) ?? null)
+            .filter((fn) => typeof fn === "function");
+        return () => {
+            for (const unsubscribe of unsubscribers) {
+                try {
+                    unsubscribe();
+                }
+                catch {
+                    // Swallow cleanup errors
+                }
+            }
+        };
+    }
+}
+async function buildProviderForSource(source, options) {
+    switch (source.type) {
+        case "INLINE_PEM":
+            return buildInlinePemProvider(source);
+        case "DATA_PEM":
+            return buildDataUriProvider(source);
+        case "FILE":
+            return buildFileProvider(source);
+        case "HTTPS_BUNDLE":
+            return buildHttpProvider(source, options);
+        default:
+            throw new Error(`Unsupported trust bundle source: ${source.type ?? "unknown"}`);
+    }
+}
+function buildInlinePemProvider(source) {
+    return createProviderFromPem(source.pem);
+}
+function buildDataUriProvider(source) {
+    return createProviderFromDataUri(source.dataUri);
+}
+async function buildFileProvider(source) {
+    const pem = await loadPemFromFile(source.path);
+    return createProviderFromPem(pem);
+}
+function buildHttpProvider(source, options) {
+    return new HttpBundleProvider({
+        url: source.url,
+        hashPins: source.hashPins,
+        allowedSpkis: source.allowedSpkis,
+        allowTofu: source.allowTofu,
+        refreshIntervalMs: source.refreshIntervalMs,
+        enforcePinsInBrowser: options.requirePinsInBrowser !== false,
+    });
+}
+function resolveEnv(fallback) {
+    if (fallback && typeof fallback === "object") {
+        return fallback;
+    }
+    if (isNodeEnvironment() && typeof process !== "undefined") {
+        return process.env;
+    }
+    if (typeof globalThis === "object" && globalThis) {
+        const scoped = globalThis;
+        if (scoped.__ENV__ && typeof scoped.__ENV__ === "object") {
+            return scoped.__ENV__;
+        }
+        if (scoped.env && typeof scoped.env === "object") {
+            return scoped.env;
+        }
+    }
+    return {};
+}
+function envValue(env, key) {
+    const direct = env[key];
+    if (typeof direct === "string" || Array.isArray(direct)) {
+        return direct;
+    }
+    if (typeof process !== "undefined" && process.env?.[key]) {
+        return process.env[key];
+    }
+    return null;
+}
+function toScalar(value) {
+    if (Array.isArray(value)) {
+        return value.length > 0 ? value[value.length - 1] ?? null : null;
+    }
+    return value;
+}
+function isNodeEnvironment() {
+    return (typeof process !== "undefined" &&
+        typeof process.versions !== "undefined" &&
+        typeof process.versions.node === "string");
+}
+//# sourceMappingURL=env-provider.js.map

package/dist/cjs/naylence/fame/security/cert/trust-store/env-provider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env-provider.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/env-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EACL,yBAAyB,EACzB,qBAAqB,EACrB,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAgBrC,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,UAA2C,EAAE;IAE7C,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAElD,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,EAAE,uBAAuB,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;IACzD,MAAM,kBAAkB,GAAG,QAAQ,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC;IAExE,MAAM,OAAO,GAAG,gBAAgB,CAAC,UAAU,EAAE;QAC3C,QAAQ;QACR,YAAY;QACZ,SAAS,EAAE,QAAQ,CAAC,YAAY,CAAC;QACjC,iBAAiB,EAAE,QAAQ,CAAC,kBAAkB,CAAC;KAChD,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,sBAAsB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CACjE,CAAC;IAEF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC,CAAC,CAAuB,CAAC;IAC5C,CAAC;IAED,OAAO,IAAI,2BAA2B,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,2BAA2B;IAG/B,YAAmB,SAAwC;QACzD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,QAAQ;QACnB,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAClC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CACtD,CAAC;QAEF,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3B,CAAC;IAEM,QAAQ,CAAC,QAAoB;QAClC,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS;aACjC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;aACxD,MAAM,CAAC,CAAC,EAAE,EAAoB,EAAE,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,CAAC;QAE9D,OAAO,GAAG,EAAE;YACV,KAAK,MAAM,WAAW,IAAI,aAAa,EAAE,CAAC;gBACxC,IAAI,CAAC;oBACH,WAAW,EAAE,CAAC;gBAChB,CAAC;gBAAC,MAAM,CAAC;oBACP,yBAAyB;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;CACF;AAED,KAAK,UAAU,sBAAsB,CACnC,MAAyB,EACzB,OAAwC;IAExC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,YAAY;YACf,OAAO,sBAAsB,CAAC,MAAM,CAAC,CAAC;QACxC,KAAK,UAAU;YACb,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;QACtC,KAAK,MAAM;YACT,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,cAAc;YACjB,OAAO,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5C;YACE,MAAM,IAAI,KAAK,CAAC,oCAAqC,MAA4B,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;IAC3G,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAuB;IACrD,OAAO,qBAAqB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAqB;IACjD,OAAO,yBAAyB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAqB;IACpD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAyB,EACzB,OAAwC;IAExC,OAAO,IAAI,kBAAkB,CAAC;QAC5B,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,oBAAoB,EAAE,OAAO,CAAC,oBAAoB,KAAK,KAAK;KAC7D,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,QAAyC;IAC3D,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,iBAAiB,EAAE,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QAC1D,OAAO,OAAO,CAAC,GAAyC,CAAC;IAC3D,CAAC;IAED,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,UAGd,CAAC;QAEF,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzD,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YACjD,OAAO,MAAM,CAAC,GAAG,CAAC;QACpB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,QAAQ,CACf,GAA4B,EAC5B,GAAW;IAEX,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxD,OAAO,MAA2B,CAAC;IACrC,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;QACzD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAW,CAAC;IACpC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,KAA+B;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACnE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,CACL,OAAO,OAAO,KAAK,WAAW;QAC9B,OAAO,OAAO,CAAC,QAAQ,KAAK,WAAW;QACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAC1C,CAAC;AACJ,CAAC"}

package/dist/cjs/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js ADDED Viewed

@@ -0,0 +1,220 @@
+export function parseFameCaCerts(rawSources, options = {}) {
+    const entries = normalizeSourceEntries(rawSources);
+    if (entries.length === 0) {
+        return [];
+    }
+    const envPins = normalizeStringArray(options.hashPins);
+    const envSpkis = normalizeStringArray(options.allowedSpkis);
+    const envAllowTofu = parseBoolean(options.allowTofu);
+    const envRefreshMs = parseInteger(options.refreshIntervalMs);
+    const sources = [];
+    for (const entry of entries) {
+        if (entry.startsWith("data:")) {
+            sources.push({ type: "DATA_PEM", dataUri: entry });
+            continue;
+        }
+        if (entry.startsWith("http://")) {
+            throw new Error("FAME_CA_CERTS may not reference insecure HTTP URLs");
+        }
+        if (entry.startsWith("https://")) {
+            const { source, pins } = buildHttpsSource(entry, {
+                hashPins: envPins,
+                allowedSpkis: envSpkis,
+                allowTofu: envAllowTofu,
+                refreshIntervalMs: envRefreshMs,
+            });
+            sources.push({ ...source, ...pins });
+            continue;
+        }
+        if (entry.startsWith("file://")) {
+            sources.push({
+                type: "FILE",
+                path: extractFilePath(entry),
+            });
+            continue;
+        }
+        if (entry.includes("-----BEGIN")) {
+            sources.push({ type: "INLINE_PEM", pem: entry });
+            continue;
+        }
+        sources.push({ type: "FILE", path: entry });
+    }
+    return sources;
+}
+function normalizeSourceEntries(candidate) {
+    if (!candidate) {
+        return [];
+    }
+    if (Array.isArray(candidate)) {
+        return candidate
+            .map((value) => (typeof value === "string" ? value.trim() : ""))
+            .filter((value) => value.length > 0);
+    }
+    if (typeof candidate === "string") {
+        const trimmed = candidate.trim();
+        if (!trimmed) {
+            return [];
+        }
+        if (trimmed.startsWith("[")) {
+            try {
+                const parsed = JSON.parse(trimmed);
+                if (Array.isArray(parsed)) {
+                    return parsed
+                        .map((value) => (typeof value === "string" ? value.trim() : ""))
+                        .filter((value) => value.length > 0);
+                }
+            }
+            catch {
+                // fall through to delimiter parsing
+            }
+        }
+        if (trimmed.startsWith("data:")) {
+            return [trimmed];
+        }
+        if (trimmed.includes("\n")) {
+            return trimmed
+                .split(/\s*\n+\s*/u)
+                .map((value) => value.trim())
+                .filter((value) => value.length > 0);
+        }
+        return trimmed
+            .split(/\s*,\s*/u)
+            .map((value) => value.trim())
+            .filter((value) => value.length > 0);
+    }
+    return [];
+}
+function buildHttpsSource(value, defaults) {
+    const url = new URL(value);
+    if (url.protocol !== "https:") {
+        throw new Error("HTTPS trust bundle URL must use https://");
+    }
+    const queryPins = extractPinsFromQuery(url);
+    const hashPins = mergeUnique(defaults.hashPins ?? [], queryPins.hashPins ?? []);
+    const allowedSpkis = mergeUnique(defaults.allowedSpkis ?? [], queryPins.allowedSpkis ?? []);
+    const allowTofu = queryPins.allowTofu ?? defaults.allowTofu ?? undefined;
+    const refreshIntervalMs = queryPins.refreshIntervalMs ?? defaults.refreshIntervalMs ?? undefined;
+    const source = {
+        type: "HTTPS_BUNDLE",
+        url: url.toString(),
+    };
+    return {
+        source,
+        pins: {
+            hashPins: hashPins.length > 0 ? hashPins : undefined,
+            allowedSpkis: allowedSpkis.length > 0 ? allowedSpkis : undefined,
+            allowTofu,
+            refreshIntervalMs,
+        },
+    };
+}
+function extractPinsFromQuery(url) {
+    const hashPins = [];
+    const hashKeys = ["sha256", "hash", "bundle_sha256", "pin", "pins"];
+    for (const key of hashKeys) {
+        const values = url.searchParams.getAll(key);
+        for (const value of values) {
+            if (value) {
+                hashPins.push(value.trim());
+            }
+        }
+    }
+    const allowedSpkis = [];
+    const spkiKeys = ["spki", "allowed_spki", "allowed_spkis"];
+    for (const key of spkiKeys) {
+        const values = url.searchParams.getAll(key);
+        for (const value of values) {
+            if (value) {
+                allowedSpkis.push(value.trim());
+            }
+        }
+    }
+    let allowTofu;
+    const tofuParam = url.searchParams.get("tofu") ?? url.searchParams.get("allow_tofu");
+    if (tofuParam !== null) {
+        allowTofu = parseBoolean(tofuParam);
+    }
+    let refreshIntervalMs;
+    const refreshParam = url.searchParams.get("refresh") ?? url.searchParams.get("interval");
+    if (refreshParam !== null) {
+        const parsed = parseInteger(refreshParam);
+        if (typeof parsed === "number" && parsed > 0) {
+            refreshIntervalMs = parsed;
+        }
+    }
+    return {
+        hashPins: hashPins.length > 0 ? hashPins : undefined,
+        allowedSpkis: allowedSpkis.length > 0 ? allowedSpkis : undefined,
+        allowTofu,
+        refreshIntervalMs,
+    };
+}
+function extractFilePath(uri) {
+    try {
+        const url = new URL(uri);
+        if (url.protocol !== "file:") {
+            return uri;
+        }
+        return url.pathname;
+    }
+    catch {
+        return uri;
+    }
+}
+function normalizeStringArray(input) {
+    if (!input) {
+        return [];
+    }
+    if (Array.isArray(input)) {
+        return input.map((value) => value.trim()).filter((value) => value.length > 0);
+    }
+    if (typeof input === "string") {
+        return input
+            .split(/\s*,\s*/u)
+            .map((value) => value.trim())
+            .filter((value) => value.length > 0);
+    }
+    return [];
+}
+function parseBoolean(value) {
+    if (typeof value === "boolean") {
+        return value;
+    }
+    if (typeof value === "string") {
+        const normalized = value.trim().toLowerCase();
+        if (normalized === "true" || normalized === "1") {
+            return true;
+        }
+        if (normalized === "false" || normalized === "0") {
+            return false;
+        }
+    }
+    return undefined;
+}
+function parseInteger(value) {
+    if (typeof value === "number" && Number.isFinite(value)) {
+        return value;
+    }
+    if (typeof value === "string") {
+        const parsed = Number.parseInt(value, 10);
+        if (Number.isFinite(parsed)) {
+            return parsed;
+        }
+    }
+    return undefined;
+}
+function mergeUnique(left, right) {
+    const set = new Set();
+    for (const value of left) {
+        if (value) {
+            set.add(value);
+        }
+    }
+    for (const value of right) {
+        if (value) {
+            set.add(value);
+        }
+    }
+    return Array.from(set);
+}
+//# sourceMappingURL=fame-ca-certs-parser.js.map

package/dist/cjs/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fame-ca-certs-parser.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/cert/trust-store/fame-ca-certs-parser.ts"],"names":[],"mappings":"AAgBA,MAAM,UAAU,gBAAgB,CAC9B,UAAmB,EACnB,UAAmC,EAAE;IAErC,MAAM,OAAO,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAE7D,MAAM,OAAO,GAAwB,EAAE,CAAC;IAExC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAA0B,CAAC,CAAC;YAC3E,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,KAAK,EAAE;gBAC/C,QAAQ,EAAE,OAAO;gBACjB,YAAY,EAAE,QAAQ;gBACtB,SAAS,EAAE,YAAY;gBACvB,iBAAiB,EAAE,YAAY;aAChC,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YACrC,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC;aACL,CAAC,CAAC;YAC3B,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,KAAK,EAA4B,CAAC,CAAC;YAC3E,SAAS;QACX,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAA0B,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,sBAAsB,CAAC,SAAkB;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS;aACb,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;aAC/D,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACnC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1B,OAAO,MAAM;yBACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;yBAC/D,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oCAAoC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,OAAO;iBACX,KAAK,CAAC,YAAY,CAAC;iBACnB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;iBAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;QAED,OAAO,OAAO;aACX,KAAK,CAAC,UAAU,CAAC;aACjB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;aAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAa,EACb,QAAyB;IAEzB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAE3B,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,EAAE,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAChF,MAAM,YAAY,GAAG,WAAW,CAC9B,QAAQ,CAAC,YAAY,IAAI,EAAE,EAC3B,SAAS,CAAC,YAAY,IAAI,EAAE,CAC7B,CAAC;IAEF,MAAM,SAAS,GACb,SAAS,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,IAAI,SAAS,CAAC;IACzD,MAAM,iBAAiB,GACrB,SAAS,CAAC,iBAAiB,IAAI,QAAQ,CAAC,iBAAiB,IAAI,SAAS,CAAC;IAEzE,MAAM,MAAM,GAAsB;QAChC,IAAI,EAAE,cAAc;QACpB,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;KACpB,CAAC;IAEF,OAAO;QACL,MAAM;QACN,IAAI,EAAE;YACJ,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YACpD,YAAY,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;YAChE,SAAS;YACT,iBAAiB;SAClB;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAQ;IACpC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACpE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC;IAC3D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAA8B,CAAC;IACnC,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrF,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,iBAAqC,CAAC;IAC1C,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACzF,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAC1C,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7C,iBAAiB,GAAG,MAAM,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpD,YAAY,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QAChE,SAAS;QACT,iBAAiB;KAClB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACzB,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC7B,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAA2C;IACvE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,KAAK;aACT,KAAK,CAAC,UAAU,CAAC;aACjB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;aAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,YAAY,CAAC,KAA0C;IAC9D,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,UAAU,KAAK,OAAO,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,KAAyC;IAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,WAAW,CAAC,IAAuB,EAAE,KAAwB;IACpE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QACzB,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,KAAK,EAAE,CAAC;QAC1B,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACzB,CAAC"}