@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +3 -0
  2. package/dist/app-registry/index.cjs +53 -0
  3. package/dist/app-registry/index.cjs.map +1 -1
  4. package/dist/app-registry/index.js +53 -0
  5. package/dist/app-registry/index.js.map +1 -1
  6. package/dist/identity/index.cjs +643 -164
  7. package/dist/identity/index.cjs.map +1 -1
  8. package/dist/identity/index.d.cts +2 -2
  9. package/dist/identity/index.d.ts +2 -2
  10. package/dist/identity/index.js +616 -165
  11. package/dist/identity/index.js.map +1 -1
  12. package/dist/{index-QueRiudB.d.cts → index-B5OC9_8B.d.cts} +155 -4
  13. package/dist/index-Bu-xxcv9.d.ts +407 -0
  14. package/dist/{index-C2w5EvFH.d.ts → index-C6WNgPRx.d.ts} +155 -4
  15. package/dist/index-C7odEbp6.d.cts +407 -0
  16. package/dist/index.cjs +1000 -185
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +3 -3
  19. package/dist/index.d.ts +3 -3
  20. package/dist/index.js +981 -185
  21. package/dist/index.js.map +1 -1
  22. package/dist/reputation/index.browser.cjs +153 -148
  23. package/dist/reputation/index.browser.cjs.map +1 -1
  24. package/dist/reputation/index.browser.js +153 -148
  25. package/dist/reputation/index.browser.js.map +1 -1
  26. package/dist/reputation/index.cjs +477 -140
  27. package/dist/reputation/index.cjs.map +1 -1
  28. package/dist/reputation/index.d.cts +2 -2
  29. package/dist/reputation/index.d.ts +2 -2
  30. package/dist/reputation/index.js +475 -141
  31. package/dist/reputation/index.js.map +1 -1
  32. package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
  33. package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
  34. package/dist/widgets/index.cjs.map +1 -1
  35. package/dist/widgets/index.d.cts +3 -0
  36. package/dist/widgets/index.d.ts +3 -0
  37. package/dist/widgets/index.js.map +1 -1
  38. package/package.json +4 -2
  39. package/dist/index-BOvk-7Ku.d.cts +0 -235
  40. package/dist/index-R78TpAhN.d.ts +0 -235
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/shared/errors.ts","../../src/shared/assert.ts","../../src/identity/caip.ts","../../src/identity/did.ts","../../src/identity/did-url.ts","../../src/identity/jwk.ts","../../src/shared/did-document.ts","../../src/identity/resolve-key.ts","../../src/identity/controller-id.ts","../../src/identity/types.ts","../../src/identity/data.ts"],"names":["keccak256","toUtf8Bytes","isAddress","getAddress","base64url","calculateJwkThumbprint","canonicalize","sha256"],"mappings":";;;;;;;;;;;;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EACvC,IAAA;AAAA,EACA,OAAA;AAAA,EAEA,WAAA,CAAY,IAAA,EAAc,OAAA,EAAiB,OAAA,EAAmB;AAC5D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF,CAAA;;;ACRO,SAAS,YAAA,CAAa,KAAA,EAAgB,IAAA,EAAc,IAAA,GAAO,eAAA,EAA0C;AAC1G,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAM,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AAC1D,IAAA,MAAM,IAAI,cAAc,IAAA,EAAM,CAAA,EAAG,IAAI,CAAA,2BAAA,CAAA,EAA+B,EAAE,OAAO,CAAA;AAAA,EAC/E;AACF;AAQO,SAAS,YAAA,CAAa,KAAA,EAAgB,IAAA,EAAc,IAAA,GAAO,eAAA,EAA2D;AAC3H,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,cAAc,IAAA,EAAM,CAAA,EAAG,IAAI,CAAA,kBAAA,CAAA,EAAsB,EAAE,OAAO,CAAA;AAAA,EACtE;AACF;;;ACFA,IAAM,aAAA,GAAgB,uEAAA;AACtB,IAAM,YAAA,GAAe,wDAAA;AAEd,SAAS,YAAY,KAAA,EAA6B;AACvD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,cAAc,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,aAAa,CAAA;AACzC,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,wBAAA,EAA0B,EAAE,OAAO,CAAA;AAAA,EAC7E;AAEA,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA;AAE7B,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,SAAA,IAAa,CAAC,OAAA,EAAS;AACxC,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EACjF;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,SAAA,EAAW,OAAA,EAAQ;AACzC;AAEO,SAAS,WAAA,CAAY,SAAA,EAAmB,SAAA,EAAmB,OAAA,EAAyB;AACzF,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,cAAc,CAAA;AAC/C,EAAA,OAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,IAAI,OAAO,CAAA,CAAA;AAC7C;AAEO,SAAS,gBAAgB,KAAA,EAAuB;AACrD,EAAA,MAAM,MAAA,GAAS,YAAY,KAAK,CAAA;AAChC,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY;AAC/C,EAAA,MAAM,YAAY,MAAA,CAAO,SAAA;AAEzB,EAAA,IAAI,UAAU,MAAA,CAAO,OAAA;AACrB,EAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,IAAA,OAAA,GAAU,QAAQ,WAAA,EAAY;AAAA,EAChC;AAEA,EAAA,OAAO,WAAA,CAAY,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AAClD;AAEO,SAAS,UAAA,CAAW,WAAmB,SAAA,EAA2B;AACvE,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,OAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA;AAClC;AAEO,SAAS,WAAW,KAAA,EAA4B;AACrD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,cAAc,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,YAAY,CAAA;AACxC,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,uBAAA,EAAyB,EAAE,OAAO,CAAA;AAAA,EAC5E;AAEA,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,SAAA,EAAW;AAC5B,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,2BAAA,EAA6B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,OAAO,EAAE,WAAW,SAAA,EAAU;AAChC;;;ACtEA,IAAM,SAAA,GAAY,qBAAA;AAEX,SAAS,WAAW,GAAA,EAAsB;AAC/C,EAAA,OAAO,SAAA,CAAU,KAAK,GAAG,CAAA;AAC3B;AAEO,SAAS,iBAAiB,GAAA,EAAyB;AACxD,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,oBAAoB,CAAA;AAC5C,EAAA,OAAO,KAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA;AAC5B;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,uBAAuB,CAAA;AAC/C,EAAA,OAAO,KAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA;AAC5B;AAEO,SAAS,gBAAgB,MAAA,EAAwB;AACtD,EAAA,YAAA,CAAa,MAAA,EAAQ,UAAU,aAAa,CAAA;AAC5C,EAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,WAAA,EAAY,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA,CAAE,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA;AAC5E;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAE3B,EAAA,IAAI,OAAA,CAAQ,WAAW,MAAM,CAAA,IAAK,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACjE,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,UAAA,CAAW,UAAU,IAC5C,OAAA,CAAQ,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,GAC/B,OAAA;AAEJ,EAAA,MAAM,CAAC,IAAA,EAAM,GAAG,SAAS,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AACjD,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,MAAM,cAAA,GAAiB,gBAAgB,IAAI,CAAA;AAC3C,EAAA,MAAM,IAAA,GAAO,UAAU,MAAA,GAAS,CAAA,GAAI,IAAI,SAAA,CAAU,IAAA,CAAK,GAAG,CAAC,CAAA,CAAA,GAAK,EAAA;AAChE,EAAA,OAAO,CAAA,QAAA,EAAW,cAAc,CAAA,EAAG,IAAI,CAAA,CAAA;AACzC;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,wBAAA,EAA0B,EAAE,OAAO,CAAA;AAAA,EAC5E;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAC1C,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,OAAA,IAAW,CAAC,OAAA,EAAS;AACtC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,WAAA,EAAa,IAAI,OAAO,CAAA,CAAA,EAAI,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAC/E;AAEO,SAAS,mBAAmB,KAAA,EAAoB;AACrD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,aAAa,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,yBAAA,EAA2B,EAAE,OAAO,CAAA;AAAA,EAC7E;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,2BAAA,EAA6B,EAAE,OAAO,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,KAAK,QAAA,EAAU,QAAQ,CAAA,GAAI,KAAA;AACjC,EAAA,IAAI,CAAC,QAAA,IAAY,CAAC,QAAA,EAAU;AAC1B,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+BAAA,EAAiC,EAAE,OAAO,CAAA;AAAA,EACnF;AAEA,EAAA,OAAO,CAAA,WAAA,EAAc,QAAA,CAAS,WAAA,EAAa,IAAI,QAAQ,CAAA,CAAA;AACzD;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,aAAa,KAAA,EAAoB;AAC/C,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAE3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAA,EAAG;AAC/B,IAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,EAChC;AAEA,EAAA,IAAI,CAAC,UAAA,CAAW,OAAO,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,oBAAA,EAAsB,EAAE,OAAO,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,MAAA,GAAS,iBAAiB,OAAO,CAAA;AACvC,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,QAAA;AACH,MAAA,OAAO,mBAAmB,OAAO,CAAA;AAAA,IACnC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC;AACE,MAAA,OAAO,OAAA;AAAA;AAEb;AAEO,SAAS,eAAe,GAAA,EAAe;AAC5C,EAAA,MAAM,UAAA,GAAa,aAAa,GAAG,CAAA;AACnC,EAAA,OAAOA,gBAAA,CAAUC,kBAAA,CAAY,UAAU,CAAC,CAAA;AAC1C;AAEO,SAAS,kBAAkB,OAAA,EAAmB;AACnD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,aAAa,CAAA;AAC9C,EAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,OAAO,CAAA,EAAG;AACxC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,6BAAA,EAA+B,EAAE,SAAS,CAAA;AAAA,EACnF;AAGA,EAAA,OAAO,KAAK,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,aAAa,CAAA,CAAA;AAC9C;AAEO,SAAS,aAAa,GAAA,EAAe;AAC1C,EAAA,OAAO,iBAAA,CAAkB,cAAA,CAAe,GAAG,CAAC,CAAA;AAC9C;AAEO,SAAS,kBAAA,CAAmB,KAAU,OAAA,EAAuB;AAClE,EAAA,IAAI;AACF,IAAA,OAAO,YAAA,CAAa,GAAG,CAAA,CAAE,WAAA,OAAkB,MAAA,CAAO,OAAO,EAAE,WAAA,EAAY;AAAA,EACzE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEO,SAAS,YAAY,MAAA,EAAqB;AAC/C,EAAA,OAAO,CAAA,QAAA,EAAW,eAAA,CAAgB,MAAM,CAAC,CAAA,CAAA;AAC3C;AAEO,SAAS,WAAA,CACd,SAAA,EACA,OAAA,EACA,OAAA,EACK;AACL,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,aAAa,CAAA;AAClD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,aAAa,CAAA;AAC9C,EAAA,IAAI,OAAA,KAAY,EAAA,IAAM,OAAA,KAAY,IAAA,IAAQ,YAAY,MAAA,EAAW;AAC/D,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,qBAAA,EAAuB,EAAE,SAAS,CAAA;AAAA,EAC3E;AACA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,WAAA,EAAa,IAAI,OAAO,CAAA,CAAA,EAAI,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAC/E;AAEO,SAAS,cAAA,CAAe,SAA0B,OAAA,EAAsB;AAC7E,EAAA,OAAO,WAAA,CAAY,QAAA,EAAU,OAAA,EAAS,OAAO,CAAA;AAC/C;AAEO,SAAS,sBAAsB,MAAA,EAAqB;AACzD,EAAA,MAAM,MAAA,GAAS,YAAY,MAAM,CAAA;AACjC,EAAA,OAAO,YAAY,MAAA,CAAO,SAAA,EAAW,MAAA,CAAO,SAAA,EAAW,OAAO,OAAO,CAAA;AACvE;AAEA,SAAS,YAAY,GAAA,EAA0E;AAC7F,EAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAC1C,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,OAAA,IAAW,CAAC,OAAA,EAAS;AACtC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,OAAA,EAAS,OAAA,EAAQ;AACvC;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,OAAA,IAAW,IAAA;AACtC;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,OAAA,IAAW,IAAA;AACtC;AAEO,SAAS,uBAAuB,GAAA,EAAyB;AAC9D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,SAAA,IAAa,IAAA;AACxC;AAEO,SAAS,YAAY,GAAA,EAAmB;AAC7C,EAAA,OAAO,sBAAA,CAAuB,GAAG,CAAA,KAAM,QAAA;AACzC;AAEO,SAAS,oBAAoB,GAAA,EAAyB;AAC3D,EAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAC9C,EAAA,MAAM,CAAC,MAAM,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AACrC,EAAA,OAAO,MAAA,IAAU,IAAA;AACnB;AAmBO,SAAS,sBAAsB,UAAA,EAA4B;AAChE,EAAA,YAAA,CAAa,UAAA,EAAY,cAAc,aAAa,CAAA;AAEpD,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,UAAU,CAAA,EAAG;AACrC,IAAA,MAAM,GAAA,GAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAC,CAAA;AACnD,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,YAAY,CAAA;AAAA,IACrF;AACA,IAAA,OAAO,GAAA,CAAI,OAAA;AAAA,EACb;AAEA,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,WAAW,CAAA,EAAG;AACtC,IAAA,MAAM,QAAQ,UAAA,CAAW,OAAA,CAAQ,aAAa,EAAE,CAAA,CAAE,MAAM,GAAG,CAAA;AAC3D,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,KAAW,CAAA,GAAI,MAAM,CAAC,CAAA,GAAI,MAAM,CAAC,CAAA;AACvD,IAAA,IAAI,CAAC,OAAA,IAAW,CAACC,gBAAA,CAAU,OAAO,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,6BAAA,EAA+B,EAAE,YAAY,CAAA;AAAA,IACtF;AACA,IAAA,OAAOC,kBAAW,OAAO,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,UAAA,CAAW,KAAA,CAAM,8CAA8C,CAAA,EAAG;AACpE,IAAA,MAAM,MAAA,GAAS,YAAY,UAAU,CAAA;AACrC,IAAA,OAAO,MAAA,CAAO,OAAA;AAAA,EAChB;AAEA,EAAA,IAAID,gBAAA,CAAU,UAAU,CAAA,EAAG;AACzB,IAAA,OAAOC,kBAAW,UAAU,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+BAAA,EAAiC,EAAE,YAAY,CAAA;AACxF;AAcA,IAAM,qBAAA,GAAwB,kBAAA;AAG9B,IAAM,eAAA,GAAkB,kBAAA;AAExB,IAAM,gCAAgB,IAAI,GAAA,CAAI,CAAC,IAAA,EAAM,KAAA,EAAO,KAAK,CAAC,CAAA;AAM3C,SAAS,gBAAgB,GAAA,EAAsB;AACpD,EAAA,OAAO,qBAAA,CAAsB,GAAG,CAAA,CAAE,KAAA;AACpC;AAUO,SAAS,sBAAsB,GAAA,EAAsC;AAC1E,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,IAAI,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AACtD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,IAAA,EAAM,OAAO,gCAAA,EAAiC;AAAA,EAC/E;AAEA,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,MAAM,MAAA,GAAS,iBAAiB,OAAO,CAAA;AAEvC,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,eAAe,OAAO,CAAA;AAAA,IAC/B,KAAK,KAAA;AACH,MAAA,OAAO,eAAe,OAAO,CAAA;AAAA,IAC/B;AACE,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO,MAAA,GACH,CAAA,YAAA,EAAe,MAAM,CAAA,wCAAA,CAAA,GACrB;AAAA,OACN;AAAA;AAEN;AAaA,SAAS,eAAe,GAAA,EAAsC;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,uDAAA,EAA0D,KAAA,CAAM,MAAM,CAAA;AAAA,KAC/E;AAAA,EACF;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAE1C,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,mBAAA,EAAoB;AAAA,EACnE;AAEA,EAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,SAAS,CAAA,EAAG;AAC1C,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,6BAA6B,SAAS,CAAA,mDAAA;AAAA,KAC/C;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,8BAAA,EAA+B;AAAA,EAC9E;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,iBAAA,EAAkB;AAAA,EACjE;AAGA,EAAA,IAAI,cAAc,QAAA,EAAU;AAE1B,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA,EAAG;AAC1B,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO,4BAA4B,OAAO,CAAA,mBAAA;AAAA,OAC5C;AAAA,IACF;AAGA,IAAA,IAAI,CAACD,gBAAA,CAAU,OAAO,CAAA,EAAG;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO,wBAAwB,OAAO,CAAA,6BAAA;AAAA,OACxC;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAM;AACtC;AAYA,SAAS,eAAe,GAAA,EAAsC;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,uDAAA,EAA0D,KAAA,CAAM,MAAM,CAAA;AAAA,KAC/E;AAAA,EACF;AAEA,EAAA,MAAM,KAAK,OAAO,CAAA,GAAI,KAAA;AAEtB,EAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,0CAAA,EAA2C;AAAA,EAC1F;AAEA,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,CAAK,OAAO,CAAA,EAAG;AAClC,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQE,cAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AACtC,IAAA,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EAC1C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,uCAAA,EAAwC;AAAA,EACvF;AAEA,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,sCAAA,EAAuC;AAAA,EACtF;AAEA,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,mCAAA,EAAoC;AAAA,EACnF;AAGA,EAAA,MAAM,MAAM,GAAA,CAAI,GAAA;AAChB,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,aAAA,CAAc,GAAA,CAAI,GAAG,CAAA,EAAG;AACtD,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,2DAAA;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAM;AACtC;AAMO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,MAAA,GAAS,eAAe,OAAO,CAAA;AACrC,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,MAAA,CAAO,SAAS,iBAAA,EAAmB,EAAE,OAAO,CAAA;AAAA,EACrF;AAEA,EAAA,OAAO,OAAA;AACT;;;ACpdA,IAAM,aAAA,GAAgB,qBAAA;AAiBf,SAAS,YAAY,KAAA,EAA6B;AACvD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,iBAAiB,CAAA;AAC9C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAG3B,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAErC,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI,QAAA;AAEJ,EAAA,IAAI,cAAc,EAAA,EAAI;AACpB,IAAA,GAAA,GAAM,OAAA;AACN,IAAA,QAAA,GAAW,IAAA;AAAA,EACb,CAAA,MAAO;AACL,IAAA,GAAA,GAAM,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAChC,IAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,KAAA,CAAM,SAAA,GAAY,CAAC,CAAA;AAE/C,IAAA,IAAI,WAAA,CAAY,WAAW,CAAA,EAAG;AAC5B,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,iBAAA;AAAA,QACA,8DAAA;AAAA,QACA,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AAEA,IAAA,QAAA,GAAW,WAAA;AAAA,EACb;AAGA,EAAA,IAAI,CAAC,aAAA,CAAc,IAAA,CAAK,GAAG,CAAA,EAAG;AAC5B,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,iBAAA;AAAA,MACA,gDAAA;AAAA,MACA,EAAE,OAAO,GAAA;AAAI,KACf;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAA;AAAA,IACR,GAAA;AAAA,IACA;AAAA,GACF;AACF;AAMO,SAAS,SAAS,KAAA,EAAwB;AAC/C,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,OAAO,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,IAAK,aAAA,CAAc,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAC1E;AAQO,SAAS,aAAA,CAAc,KAAA,EAAe,SAAA,GAAY,KAAA,EAAa;AACpE,EAAA,YAAA,CAAa,KAAA,EAAO,WAAW,aAAa,CAAA;AAC5C,EAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,iGAAA,CAAA;AAAA,MACA,EAAE,KAAA;AAAM,KACV;AAAA,EACF;AACF;AC7EA,IAAM,4BAAY,IAAI,GAAA,CAAI,CAAC,IAAA,EAAM,KAAA,EAAO,KAAK,CAAC,CAAA;AAG9C,IAAM,kBAAA,mBAAqB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,KAAK,CAAC,CAAA;AAM3E,IAAM,sBAAA,GAAmD;AAAA,EACvD,EAAA,EAAI,CAAC,KAAA,EAAO,GAAA,EAAK,GAAG,CAAA;AAAA,EACpB,GAAA,EAAK,CAAC,KAAA,EAAO,GAAG,CAAA;AAAA,EAChB,GAAA,EAAK,CAAC,GAAA,EAAK,GAAG;AAChB,CAAA;AAeO,SAAS,kBAAkB,GAAA,EAAmC;AACnE,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,+BAAA,EAAgC;AAAA,EAChE;AAEA,EAAA,MAAM,GAAA,GAAM,GAAA;AAGZ,EAAA,MAAM,MAAM,GAAA,CAAI,GAAA;AAChB,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA,EAAG;AAClD,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,2CAA2C,CAAC,GAAG,SAAS,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,KAC7E;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,SAAS,kBAAA,EAAoB;AACtC,IAAA,IAAI,SAAS,GAAA,EAAK;AAChB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,KAAA,EAAO,mCAAmC,KAAK,CAAA,qCAAA;AAAA,OACjD;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,uBAAuB,GAAG,CAAA;AAC3C,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,KAAA,MAAW,SAAS,QAAA,EAAU;AAC5B,MAAA,IAAI,EAAE,KAAA,IAAS,GAAA,CAAA,IAAQ,GAAA,CAAI,KAAK,CAAA,KAAM,MAAA,IAAa,GAAA,CAAI,KAAK,CAAA,KAAM,IAAA,IAAQ,GAAA,CAAI,KAAK,MAAM,EAAA,EAAI;AAC3F,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,KAAA;AAAA,UACP,KAAA,EAAO,CAAA,mCAAA,EAAsC,KAAK,CAAA,WAAA,EAAc,GAAG,CAAA,CAAA;AAAA,SACrE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAUA,SAAS,oBAAoB,GAAA,EAAsC;AACjE,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAG,EAAE,IAAA,EAAK;AACrC,EAAA,MAAM,MAA+B,EAAC;AACtC,EAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,IAAA,GAAA,CAAI,GAAG,CAAA,GAAI,GAAA,CAAI,GAAG,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,GAAG,CAAA;AAC3B;AAYO,SAAS,YAAY,GAAA,EAAsB;AAChD,EAAA,YAAA,CAAa,GAAA,EAAK,OAAO,aAAa,CAAA;AAEtC,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,UAAA,CAAW,SAAS,oBAAA,EAAsB,EAAE,KAAK,CAAA;AAAA,EAC1F;AAEA,EAAA,MAAM,SAAA,GAAY,oBAAoB,GAA8B,CAAA;AACpE,EAAA,MAAM,OAAA,GAAUA,eAAU,MAAA,CAAO,IAAI,aAAY,CAAE,MAAA,CAAO,SAAS,CAAC,CAAA;AACpE,EAAA,OAAO,WAAW,OAAO,CAAA,CAAA;AAC3B;AAYO,SAAS,YAAY,MAAA,EAA2B;AACrD,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,CAAC,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,0BAA0B,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC9B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,mDAAA,EAAqD;AAAA,MAC1F,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,EAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,0CAAA,EAA4C;AAAA,MACjF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQA,cAAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AACtC,IAAA,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EAC1C,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+CAAA,EAAiD;AAAA,MACtF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,8CAAA,EAAgD;AAAA,MACrF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,uCAAA,EAAyC;AAAA,MAC9E,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,UAAA,CAAW,SAAS,+BAAA,EAAiC;AAAA,MAC1F,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,GAAA;AACT;AAUA,SAAS,uBAAuB,GAAA,EAAuD;AACrF,EAAA,MAAM,SAAkC,EAAC;AACzC,EAAA,MAAM,cAAA,uBAAqB,GAAA,CAAI,CAAC,OAAO,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,KAAK,CAAC,CAAA;AAEtE,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9C,IAAA,IAAI,kBAAA,CAAmB,GAAA,CAAI,GAAG,CAAA,EAAG;AACjC,IAAA,IAAI,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA,EAAG;AAC7B,IAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,EAChB;AAEA,EAAA,OAAO,MAAA;AACT;AAcO,SAAS,eAAA,CAAgB,GAAY,CAAA,EAAqB;AAC/D,EAAA,YAAA,CAAa,CAAA,EAAG,KAAK,aAAa,CAAA;AAClC,EAAA,YAAA,CAAa,CAAA,EAAG,KAAK,aAAa,CAAA;AAElC,EAAA,MAAM,IAAA,GAAO,CAAA;AACb,EAAA,MAAM,IAAA,GAAO,CAAA;AAGb,EAAA,KAAA,MAAW,SAAS,kBAAA,EAAoB;AACtC,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,aAAA;AAAA,QACA,yCAAyC,KAAK,CAAA,CAAA,CAAA;AAAA,QAC9C,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AACA,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,aAAA;AAAA,QACA,0CAA0C,KAAK,CAAA,CAAA,CAAA;AAAA,QAC/C,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,uBAAuB,IAAI,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,uBAAuB,IAAI,CAAA;AAG3C,EAAA,OAAO,mBAAA,CAAoB,OAAO,CAAA,KAAM,mBAAA,CAAoB,OAAO,CAAA;AACrE;AAoBA,eAAsB,oBAAA,CACpB,GAAA,EACA,eAAA,GAAkD,QAAA,EACjC;AACjB,EAAA,YAAA,CAAa,GAAA,EAAK,OAAO,aAAa,CAAA;AAEtC,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,UAAA,CAAW,SAAS,oBAAA,EAAsB,EAAE,KAAK,CAAA;AAAA,EAC1F;AAGA,EAAA,MAAM,MAAM,eAAA,KAAoB,QAAA,GAAW,QAAA,GACvC,eAAA,KAAoB,WAAW,QAAA,GAC/B,QAAA;AAEJ,EAAA,OAAOC,2BAAA,CAAuB,KAAqD,GAAG,CAAA;AACxF;AAUA,eAAsB,eAAe,GAAA,EAA+B;AAClE,EAAA,MAAM,UAAA,GAAa,MAAM,oBAAA,CAAqB,GAAA,EAAK,QAAQ,CAAA;AAC3D,EAAA,OAAO,YAAY,UAAU,CAAA,CAAA;AAC/B;;;ACpTA,eAAsB,iBACpB,MAAA,EACkC;AAClC,EAAA,MAAM,aAAa,MAAA,CAAO,WAAA,EAAY,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AACzD,EAAA,MAAM,GAAA,GAAM,WAAW,UAAU,CAAA,qBAAA,CAAA;AAEjC,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAM,MAAM,GAAA,EAAK,EAAE,SAAS,EAAE,MAAA,EAAQ,kBAAA,EAAmB,EAAG,CAAA;AAAA,EACzE,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,gCAAgC,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EAC1F;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,2BAAA,EAA8B,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI;AAAA,MACxF,MAAA;AAAA,MACA,QAAQ,QAAA,CAAS;AAAA,KAClB,CAAA;AAAA,EACH;AAEA,EAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAC9B;;;AC0BA,SAAS,sBAAA,CACP,WAAA,EACA,MAAA,EACA,QAAA,EAC2B;AAC3B,EAAA,MAAM,UAAU,WAAA,CAAY,kBAAA;AAC5B,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAiC;AACpD,IAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AAC3C,IAAA,MAAM,KAAK,MAAA,CAAO,EAAA;AAClB,IAAA,IAAI,OAAO,OAAO,QAAA,EAAU;AAG5B,IAAA,IAAI,EAAA,KAAO,QAAQ,OAAO,MAAA;AAG1B,IAAA,IAAI,QAAA,KAAa,EAAA,KAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,IAAM,GAAG,QAAA,CAAS,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE,CAAA,CAAA,EAAI;AACtE,MAAA,OAAO,MAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,SAAS,gCAAgC,WAAA,EAAgD;AACvF,EAAA,MAAM,UAAU,WAAA,CAAY,kBAAA;AAC5B,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,SAAU,EAAC;AACrC,EAAA,OAAQ,OAAA,CACL,MAAA,CAAO,CAAC,CAAA,KAAM,KAAK,OAAO,CAAA,CAAE,EAAA,KAAO,QAAQ,CAAA,CAC3C,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,EAAY,CAAA;AAC9B;AA0BA,eAAsB,wBAAA,CACpB,QACA,OAAA,EAC4B;AAC5B,EAAA,YAAA,CAAa,MAAA,EAAQ,UAAU,iBAAiB,CAAA;AAEhD,EAAA,MAAM,MAAA,GAAS,YAAY,MAAM,CAAA;AACjC,EAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,MAAA,CAAO,GAAG,CAAA;AAE1C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA,CAAc,iBAAA,EAAmB,wCAAA,EAA0C;AAAA,MACnF,MAAA;AAAA,MACA,KAAK,MAAA,CAAO;AAAA,KACb,CAAA;AAAA,EACH;AAEA,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,iBAAiB,MAAA,CAAO,MAAA,EAAQ,OAAO,GAAA,EAAK,MAAA,CAAO,UAAU,OAAO,CAAA;AAAA,IAC7E;AACE,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,wBAAA;AAAA,QACA,uDAAuD,MAAM,CAAA,CAAA,CAAA;AAAA,QAC7D,EAAE,QAAQ,MAAA;AAAO,OACnB;AAAA;AAEN;AAcA,eAAsB,4BAAA,CACpB,QACA,OAAA,EACgC;AAChC,EAAA,MAAM,QAAA,GAAW,MAAM,wBAAA,CAAyB,MAAA,EAAQ,OAAO,CAAA;AAC/D,EAAA,MAAM,aAAA,GAAgB,WAAA,CAAY,QAAA,CAAS,YAAY,CAAA;AAEvD,EAAA,OAAO;AAAA,IACL,GAAG,QAAA;AAAA,IACH;AAAA,GACF;AACF;AAMA,eAAe,gBAAA,CACb,MAAA,EACA,GAAA,EACA,QAAA,EACA,OAAA,EAC4B;AAC5B,EAAA,MAAM,MAAA,GAAS,oBAAoB,GAAG,CAAA;AACtC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA,CAAc,iBAAA,EAAmB,wCAAA,EAA0C;AAAA,MACnF,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,OAAA,GAAU,SAAS,gBAAA,IAAoB,gBAAA;AAC7C,EAAA,MAAM,WAAA,GAAc,MAAM,OAAA,CAAQ,MAAM,CAAA;AAGxC,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,WAAA,EAAa,MAAA,EAAQ,QAAQ,CAAA;AACnE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,uCAAA,EAA0C,QAAA,GAAW,CAAA,CAAA,EAAI,QAAQ,KAAK,MAAM,CAAA,CAAA,CAAA;AAAA,MAC5E,EAAE,MAAA,EAAQ,QAAA,EAAU,gBAAA,EAAkB,+BAAA,CAAgC,WAAW,CAAA;AAAE,KACrF;AAAA,EACF;AAGA,EAAA,MAAM,eAAe,MAAA,CAAO,YAAA;AAC5B,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,QAAA,EAAU;AACrD,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,qBAAA,EAAwB,OAAO,EAAE,CAAA,+BAAA,CAAA;AAAA,MACjC,EAAE,MAAA,EAAQ,oBAAA,EAAsB,MAAA,CAAO,EAAA;AAAG,KAC5C;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,kBAAkB,YAAY,CAAA;AACjD,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,qCAAA,EAAwC,MAAA,CAAO,EAAE,CAAA,cAAA,EAAiB,WAAW,KAAK,CAAA,CAAA;AAAA,MAClF,EAAE,MAAA,EAAQ,oBAAA,EAAsB,MAAA,CAAO,EAAA;AAAG,KAC5C;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,GAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA,sBAAsB,MAAA,CAAO;AAAA,GAC/B;AACF;;;ACtNO,SAAS,kBAAA,CAAmB,GAAW,CAAA,EAAoB;AAEhE,EAAA,IAAI,WAAA,GAA6B,IAAA;AACjC,EAAA,IAAI,WAAA,GAA6B,IAAA;AAEjC,EAAA,IAAI;AACF,IAAA,WAAA,GAAc,aAAa,CAAC,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI;AACF,IAAA,WAAA,GAAc,aAAa,CAAC,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,WAAA,IAAe,WAAA,IAAe,WAAA,KAAgB,WAAA,EAAa;AAC7D,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,IAAA,GAAO,4BAA4B,CAAC,CAAA;AAC1C,EAAA,MAAM,IAAA,GAAO,4BAA4B,CAAC,CAAA;AAE1C,EAAA,IAAI,QAAQ,IAAA,IAAQ,IAAA,CAAK,aAAY,KAAM,IAAA,CAAK,aAAY,EAAG;AAC7D,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAClC,EAAA,MAAM,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAElC,EAAA,IAAI,OAAA,KAAY,KAAA,IAAS,OAAA,KAAY,KAAA,EAAO;AAC1C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,YAAY,CAAC,CAAA;AAC1B,MAAA,MAAM,IAAA,GAAO,YAAY,CAAC,CAAA;AAC1B,MAAA,OAAO,eAAA,CAAgB,MAAM,IAAI,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,4BAA4B,aAAA,EAAsC;AAChF,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,iBAAiB,aAAa,CAAA;AAC7C,IAAA,IAAI,MAAA,KAAW,KAAA,IAAS,aAAA,CAAc,QAAA,CAAS,QAAQ,CAAA,EAAG;AACxD,MAAA,OAAO,sBAAsB,aAAa,CAAA;AAAA,IAC5C;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AACA,EAAA,OAAO,IAAA;AACT;;;AC6DO,SAAS,6BACd,MAAA,EACuB;AACvB,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AAEvB,EAAA,MAAM,cAAc,OAAO,OAAA,CAAQ,WAAA,KAAgB,QAAA,GAAW,QAAQ,WAAA,GAAc,IAAA;AACpF,EAAA,MAAM,WAAW,OAAO,OAAA,CAAQ,QAAA,KAAa,QAAA,GAAW,QAAQ,QAAA,GAAW,IAAA;AAG3E,EAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,WAAW,CAAA;AAC/B,MAAA,UAAA,GAAa,CAAA,QAAA,EAAW,IAAI,QAAQ,CAAA,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,UAAA;AAAA,IACA,WAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,cAAc,MAAA,CAAO;AAAA,GACvB;AACF;ACvKO,SAAS,iBAAiB,GAAA,EAAsB;AACrD,EAAA,MAAM,GAAA,GAAMC,8BAAa,GAAG,CAAA;AAC5B,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,gCAAA,EAAkC,EAAE,KAAK,CAAA;AAAA,EACpF;AACA,EAAA,OAAO,GAAA;AACT;AAEO,SAAS,oBAAoB,GAAA,EAA8C;AAChF,EAAA,MAAM,OAAA,GAAU,iBAAiB,GAAG,CAAA;AACpC,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,IAAA,EAAMN,gBAAAA,CAAUC,kBAAAA,CAAY,OAAO,CAAC;AAAA,GACtC;AACF;AAEO,SAAS,qBAAA,CAAsB,KAAc,SAAA,EAAwC;AAC1F,EAAA,MAAM,GAAA,GAAM,iBAAiB,GAAG,CAAA;AAChC,EAAA,MAAM,KAAA,GAAQA,mBAAY,GAAG,CAAA;AAC7B,EAAA,OAAQ,cAAc,WAAA,GAAcD,gBAAAA,CAAU,KAAK,CAAA,GAAIO,cAAO,KAAK,CAAA;AACrE","file":"index.cjs","sourcesContent":["export class OmaTrustError extends Error {\n code: string;\n details?: unknown;\n\n constructor(code: string, message: string, details?: unknown) {\n super(message);\n this.name = \"OmaTrustError\";\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toOmaTrustError(\n code: string,\n message: string,\n details?: unknown\n): OmaTrustError {\n return new OmaTrustError(code, message, details);\n}\n","import { OmaTrustError } from \"./errors\";\n\nexport function assertString(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is string {\n if (typeof value !== \"string\" || value.trim().length === 0) {\n throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });\n }\n}\n\nexport function assertNumber(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is number {\n if (typeof value !== \"number\" || Number.isNaN(value)) {\n throw new OmaTrustError(code, `${name} must be a valid number`, { value });\n }\n}\n\nexport function assertObject(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is Record<string, unknown> {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) {\n throw new OmaTrustError(code, `${name} must be an object`, { value });\n }\n}\n\nexport function asError(err: unknown): Error {\n if (err instanceof Error) {\n return err;\n }\n return new Error(String(err));\n}\n","import { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\n\nexport type Caip10 = string;\n\nexport type ParsedCaip10 = {\n namespace: string;\n reference: string;\n address: string;\n};\n\nexport type ParsedCaip2 = {\n namespace: string;\n reference: string;\n};\n\nconst CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;\nconst CAIP_2_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+)$/;\n\nexport function parseCaip10(input: string): ParsedCaip10 {\n assertString(input, \"input\", \"INVALID_CAIP\");\n const trimmed = input.trim();\n const match = trimmed.match(CAIP_10_REGEX);\n if (!match?.groups) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-10 format\", { input });\n }\n\n const namespace = match.groups.namespace;\n const reference = match.groups.reference;\n const address = match.groups.address;\n\n if (!namespace || !reference || !address) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-10 components\", { input });\n }\n\n return { namespace, reference, address };\n}\n\nexport function buildCaip10(namespace: string, reference: string, address: string): Caip10 {\n assertString(namespace, \"namespace\", \"INVALID_CAIP\");\n assertString(reference, \"reference\", \"INVALID_CAIP\");\n assertString(address, \"address\", \"INVALID_CAIP\");\n return `${namespace}:${reference}:${address}`;\n}\n\nexport function normalizeCaip10(input: string): Caip10 {\n const parsed = parseCaip10(input);\n const namespace = parsed.namespace.toLowerCase();\n const reference = parsed.reference;\n\n let address = parsed.address;\n if (namespace === \"eip155\") {\n address = address.toLowerCase();\n }\n\n return buildCaip10(namespace, reference, address);\n}\n\nexport function buildCaip2(namespace: string, reference: string): string {\n assertString(namespace, \"namespace\", \"INVALID_CAIP\");\n assertString(reference, \"reference\", \"INVALID_CAIP\");\n return `${namespace}:${reference}`;\n}\n\nexport function parseCaip2(caip2: string): ParsedCaip2 {\n assertString(caip2, \"caip2\", \"INVALID_CAIP\");\n const trimmed = caip2.trim();\n const match = trimmed.match(CAIP_2_REGEX);\n if (!match?.groups) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-2 format\", { caip2 });\n }\n\n const namespace = match.groups.namespace;\n const reference = match.groups.reference;\n if (!namespace || !reference) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-2 components\", { caip2 });\n }\n\n return { namespace, reference };\n}\n","import { getAddress, isAddress, keccak256, toUtf8Bytes } from \"ethers\";\nimport { base64url } from \"jose\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\nimport { parseCaip10 } from \"./caip\";\n\nexport type Hex = `0x${string}`;\nexport type Did = string;\n\nconst DID_REGEX = /^did:[a-z0-9]+:.+$/i;\n\nexport function isValidDid(did: string): boolean {\n return DID_REGEX.test(did);\n}\n\nexport function extractDidMethod(did: Did): string | null {\n const match = did.match(/^did:([a-z0-9]+):/i);\n return match ? match[1] : null;\n}\n\nexport function extractDidIdentifier(did: Did): string | null {\n const match = did.match(/^did:[a-z0-9]+:(.+)$/i);\n return match ? match[1] : null;\n}\n\nexport function normalizeDomain(domain: string): string {\n assertString(domain, \"domain\", \"INVALID_DID\");\n return domain.trim().toLowerCase().replace(/\\.$/, \"\").replace(/^www\\./, \"\");\n}\n\nexport function normalizeDidWeb(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n\n if (trimmed.startsWith(\"did:\") && !trimmed.startsWith(\"did:web:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:web DID\", { input });\n }\n\n const identifier = trimmed.startsWith(\"did:web:\")\n ? trimmed.slice(\"did:web:\".length)\n : trimmed;\n\n const [host, ...pathParts] = identifier.split(\"/\");\n if (!host) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:web identifier\", { input });\n }\n\n const normalizedHost = normalizeDomain(host);\n const path = pathParts.length > 0 ? `/${pathParts.join(\"/\")}` : \"\";\n return `did:web:${normalizedHost}${path}`;\n}\n\nexport function normalizeDidPkh(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:pkh:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:pkh DID\", { input });\n }\n\n const parts = trimmed.split(\":\");\n if (parts.length !== 5) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh format\", { input });\n }\n\n const [, , namespace, chainId, address] = parts;\n if (!namespace || !chainId || !address) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh components\", { input });\n }\n\n return `did:pkh:${namespace.toLowerCase()}:${chainId}:${address.toLowerCase()}`;\n}\n\nexport function normalizeDidHandle(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:handle:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:handle DID\", { input });\n }\n\n const parts = trimmed.split(\":\");\n if (parts.length !== 4) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:handle format\", { input });\n }\n\n const [, , platform, username] = parts;\n if (!platform || !username) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:handle components\", { input });\n }\n\n return `did:handle:${platform.toLowerCase()}:${username}`;\n}\n\nexport function normalizeDidKey(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:key:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:key DID\", { input });\n }\n\n return trimmed;\n}\n\nexport function normalizeDid(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n\n if (!trimmed.startsWith(\"did:\")) {\n return normalizeDidWeb(trimmed);\n }\n\n if (!isValidDid(trimmed)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid DID format\", { input });\n }\n\n const method = extractDidMethod(trimmed);\n switch (method) {\n case \"web\":\n return normalizeDidWeb(trimmed);\n case \"pkh\":\n return normalizeDidPkh(trimmed);\n case \"handle\":\n return normalizeDidHandle(trimmed);\n case \"key\":\n return normalizeDidKey(trimmed);\n case \"jwk\":\n return normalizeDidJwk(trimmed);\n default:\n return trimmed;\n }\n}\n\nexport function computeDidHash(did: Did): Hex {\n const normalized = normalizeDid(did);\n return keccak256(toUtf8Bytes(normalized)) as Hex;\n}\n\nexport function computeDidAddress(didHash: Hex): Hex {\n assertString(didHash, \"didHash\", \"INVALID_DID\");\n if (!/^0x[0-9a-fA-F]{64}$/.test(didHash)) {\n throw new OmaTrustError(\"INVALID_DID\", \"didHash must be 32-byte hex\", { didHash });\n }\n\n // Spec: low-order 160 bits of didHash, serialized as lowercase 0x-hex.\n return `0x${didHash.slice(-40).toLowerCase()}` as Hex;\n}\n\nexport function didToAddress(did: Did): Hex {\n return computeDidAddress(computeDidHash(did));\n}\n\nexport function validateDidAddress(did: Did, address: Hex): boolean {\n try {\n return didToAddress(did).toLowerCase() === String(address).toLowerCase();\n } catch {\n return false;\n }\n}\n\nexport function buildDidWeb(domain: string): Did {\n return `did:web:${normalizeDomain(domain)}`;\n}\n\nexport function buildDidPkh(\n namespace: string,\n chainId: string | number,\n address: string\n): Did {\n assertString(namespace, \"namespace\", \"INVALID_DID\");\n assertString(address, \"address\", \"INVALID_DID\");\n if (chainId === \"\" || chainId === null || chainId === undefined) {\n throw new OmaTrustError(\"INVALID_DID\", \"chainId is required\", { chainId });\n }\n return `did:pkh:${namespace.toLowerCase()}:${chainId}:${address.toLowerCase()}`;\n}\n\nexport function buildEvmDidPkh(chainId: string | number, address: string): Did {\n return buildDidPkh(\"eip155\", chainId, address);\n}\n\nexport function buildDidPkhFromCaip10(caip10: string): Did {\n const parsed = parseCaip10(caip10);\n return buildDidPkh(parsed.namespace, parsed.reference, parsed.address);\n}\n\nfunction parseDidPkh(did: Did): { namespace: string; chainId: string; address: string } | null {\n if (!did.startsWith(\"did:pkh:\")) {\n return null;\n }\n\n const parts = did.split(\":\");\n if (parts.length !== 5) {\n return null;\n }\n\n const [, , namespace, chainId, address] = parts;\n if (!namespace || !chainId || !address) {\n return null;\n }\n\n return { namespace, chainId, address };\n}\n\nexport function getChainIdFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.chainId ?? null;\n}\n\nexport function getAddressFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.address ?? null;\n}\n\nexport function getNamespaceFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.namespace ?? null;\n}\n\nexport function isEvmDidPkh(did: Did): boolean {\n return getNamespaceFromDidPkh(did) === \"eip155\";\n}\n\nexport function getDomainFromDidWeb(did: Did): string | null {\n if (!did.startsWith(\"did:web:\")) {\n return null;\n }\n\n const identifier = did.slice(\"did:web:\".length);\n const [domain] = identifier.split(\"/\");\n return domain || null;\n}\n\n/**\n * Extract an EVM address from a DID or address-like identifier.\n *\n * Supports:\n * - did:pkh (extracts the address portion — currently EVM only)\n * - did:ethr (extracts the Ethereum address)\n * - CAIP-10 format (e.g. eip155:1:0xABC)\n * - Raw EVM addresses (0x + 40 hex chars)\n *\n * NOTE: This function is EVM-specific. It does not support non-EVM chains\n * (e.g. Solana, Cosmos). Non-EVM did:pkh identifiers will throw.\n * A future version may generalize to support multiple chain families.\n *\n * @param identifier - A DID, CAIP-10 string, or raw EVM address\n * @returns The checksummed EVM address\n * @throws OmaTrustError if the identifier cannot be resolved to an EVM address\n */\nexport function extractAddressFromDid(identifier: string): string {\n assertString(identifier, \"identifier\", \"INVALID_DID\");\n\n if (identifier.startsWith(\"did:pkh:\")) {\n const pkh = parseDidPkh(normalizeDidPkh(identifier));\n if (!pkh) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh identifier\", { identifier });\n }\n return pkh.address;\n }\n\n if (identifier.startsWith(\"did:ethr:\")) {\n const parts = identifier.replace(\"did:ethr:\", \"\").split(\":\");\n const address = parts.length === 1 ? parts[0] : parts[1];\n if (!address || !isAddress(address)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:ethr identifier\", { identifier });\n }\n return getAddress(address);\n }\n\n if (identifier.match(/^[a-z0-9-]+:[a-zA-Z0-9-]+:0x[a-fA-F0-9]{40}$/)) {\n const parsed = parseCaip10(identifier);\n return parsed.address;\n }\n\n if (isAddress(identifier)) {\n return getAddress(identifier);\n }\n\n throw new OmaTrustError(\"INVALID_DID\", \"Unsupported identifier format\", { identifier });\n}\n\n// ---------------------------------------------------------------------------\n// Private-Key DID Validation\n// ---------------------------------------------------------------------------\n\n/** Result of private-key DID validation */\nexport interface PrivateKeyDidValidation {\n valid: boolean;\n method: \"pkh\" | \"jwk\" | null;\n error?: string;\n}\n\n// CAIP-2 namespace: lowercase alphanumeric + hyphens, 3-8 chars per spec\nconst CAIP2_NAMESPACE_REGEX = /^[a-z0-9-]{3,8}$/;\n\n// Base64url character set (no padding required)\nconst BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;\n\nconst VALID_JWK_KTY = new Set([\"EC\", \"OKP\", \"RSA\"]);\n\n/**\n * Check if a DID uses a private-key method (can sign transactions/messages).\n * Quick boolean check — use validatePrivateKeyDid() for detailed errors.\n */\nexport function isPrivateKeyDid(did: string): boolean {\n return validatePrivateKeyDid(did).valid;\n}\n\n/**\n * Validate that a DID is a well-formed private-key DID.\n * Returns detailed validation result with method identification and error messages.\n *\n * Supported methods:\n * - did:pkh — CAIP-10 blockchain account (deep validation for eip155)\n * - did:jwk — JSON Web Key (structural validation)\n */\nexport function validatePrivateKeyDid(did: string): PrivateKeyDidValidation {\n if (typeof did !== \"string\" || did.trim().length === 0) {\n return { valid: false, method: null, error: \"DID must be a non-empty string\" };\n }\n\n const trimmed = did.trim();\n const method = extractDidMethod(trimmed);\n\n switch (method) {\n case \"pkh\":\n return validateDidPkh(trimmed);\n case \"jwk\":\n return validateDidJwk(trimmed);\n default:\n return {\n valid: false,\n method: null,\n error: method\n ? `DID method \"${method}\" is not a recognized private-key method`\n : \"Invalid DID format\"\n };\n }\n}\n\n/**\n * Validate a did:pkh DID.\n *\n * Format: did:pkh:<namespace>:<chainId>:<address>\n * - Must have exactly 5 colon-separated parts\n * - namespace must be a valid CAIP-2 namespace (lowercase alphanumeric + hyphens, 3-8 chars)\n * - chainId must be non-empty\n * - address must be non-empty\n * - For eip155 namespace: address must be a valid EVM address (0x + 40 hex chars)\n * - For other namespaces: address must be non-empty (permissive fallback)\n */\nfunction validateDidPkh(did: string): PrivateKeyDidValidation {\n const parts = did.split(\":\");\n if (parts.length !== 5) {\n return {\n valid: false,\n method: \"pkh\",\n error: `did:pkh must have exactly 5 colon-separated parts, got ${parts.length}`\n };\n }\n\n const [, , namespace, chainId, address] = parts;\n\n if (!namespace) {\n return { valid: false, method: \"pkh\", error: \"Missing namespace\" };\n }\n\n if (!CAIP2_NAMESPACE_REGEX.test(namespace)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid CAIP-2 namespace \"${namespace}\" (must be 3-8 lowercase alphanumeric/hyphen chars)`\n };\n }\n\n if (!chainId) {\n return { valid: false, method: \"pkh\", error: \"Missing chain ID (reference)\" };\n }\n\n if (!address) {\n return { valid: false, method: \"pkh\", error: \"Missing address\" };\n }\n\n // Deep validation for eip155 (EVM) namespace\n if (namespace === \"eip155\") {\n // Chain ID should be numeric for eip155\n if (!/^\\d+$/.test(chainId)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid eip155 chain ID \"${chainId}\" (must be numeric)`\n };\n }\n\n // Address must be a valid EVM address\n if (!isAddress(address)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid EVM address \"${address}\" (must be 0x + 40 hex chars)`\n };\n }\n }\n\n return { valid: true, method: \"pkh\" };\n}\n\n/**\n * Validate a did:jwk DID.\n *\n * Format: did:jwk:<base64url-encoded-JWK>\n * - Must have exactly 3 colon-separated parts\n * - Identifier must be valid base64url\n * - Decoded value must be valid JSON\n * - Decoded JSON must contain a valid kty field (EC, OKP, RSA)\n * - Must NOT contain d (private key component)\n */\nfunction validateDidJwk(did: string): PrivateKeyDidValidation {\n const parts = did.split(\":\");\n if (parts.length !== 3) {\n return {\n valid: false,\n method: \"jwk\",\n error: `did:jwk must have exactly 3 colon-separated parts, got ${parts.length}`\n };\n }\n\n const [, , encoded] = parts;\n\n if (!encoded || encoded.length === 0) {\n return { valid: false, method: \"jwk\", error: \"Missing base64url-encoded JWK identifier\" };\n }\n\n if (!BASE64URL_REGEX.test(encoded)) {\n return {\n valid: false,\n method: \"jwk\",\n error: \"Identifier contains invalid base64url characters\"\n };\n }\n\n // Decode base64url to JSON\n let decoded: string;\n try {\n const bytes = base64url.decode(encoded);\n decoded = new TextDecoder().decode(bytes);\n } catch {\n return { valid: false, method: \"jwk\", error: \"Failed to base64url-decode identifier\" };\n }\n\n let jwk: Record<string, unknown>;\n try {\n jwk = JSON.parse(decoded);\n } catch {\n return { valid: false, method: \"jwk\", error: \"Decoded identifier is not valid JSON\" };\n }\n\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n return { valid: false, method: \"jwk\", error: \"Decoded JWK must be a JSON object\" };\n }\n\n // Must have kty\n const kty = jwk.kty;\n if (typeof kty !== \"string\" || !VALID_JWK_KTY.has(kty)) {\n return {\n valid: false,\n method: \"jwk\",\n error: `Invalid or missing kty field (must be one of: EC, OKP, RSA)`\n };\n }\n\n // Must NOT contain private key material\n if (\"d\" in jwk) {\n return {\n valid: false,\n method: \"jwk\",\n error: \"DID must reference a public key — private key component (d) is not allowed\"\n };\n }\n\n return { valid: true, method: \"jwk\" };\n}\n\n/**\n * Normalize a did:jwk DID.\n * Validates structure and returns the DID unchanged (did:jwk is already canonical).\n */\nexport function normalizeDidJwk(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:jwk:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:jwk DID\", { input });\n }\n\n const result = validateDidJwk(trimmed);\n if (!result.valid) {\n throw new OmaTrustError(\"INVALID_DID\", result.error ?? \"Invalid did:jwk\", { input });\n }\n\n return trimmed;\n}\n","/**\n * DID URL Parsing — Phase 1\n *\n * Parses DID URLs (e.g. did:web:api.example.com#key-1) into their components.\n * DID URLs are mutable key references / lookup handles, not durable controller DIDs.\n */\n\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Parsed DID URL components */\nexport interface ParsedDidUrl {\n /** The original full DID URL */\n didUrl: string;\n /** The base DID (without fragment) */\n did: string;\n /** The fragment identifier (without the '#'), or null if no fragment */\n fragment: string | null;\n}\n\n// ---------------------------------------------------------------------------\n// DID URL Parser\n// ---------------------------------------------------------------------------\n\nconst DID_URL_REGEX = /^did:[a-z0-9]+:.+$/i;\n\n/**\n * Parse a DID URL into its components.\n *\n * A DID URL may include a fragment (e.g. `did:web:api.example.com#key-1`).\n * The fragment identifies a verification method, key reference, or other\n * resource under the DID.\n *\n * DID URLs are mutable key references. They should not be used as durable\n * controller DIDs. Use `resolveDidUrlControllerDid()` to derive a durable\n * `did:jwk` from a DID URL.\n *\n * @param input - A DID URL string\n * @returns Parsed components: didUrl, did, fragment\n * @throws OmaTrustError with code INVALID_DID_URL if input is malformed\n */\nexport function parseDidUrl(input: string): ParsedDidUrl {\n assertString(input, \"input\", \"INVALID_DID_URL\");\n const trimmed = input.trim();\n\n // Split on first '#' to separate DID from fragment\n const hashIndex = trimmed.indexOf(\"#\");\n\n let did: string;\n let fragment: string | null;\n\n if (hashIndex === -1) {\n did = trimmed;\n fragment = null;\n } else {\n did = trimmed.slice(0, hashIndex);\n const rawFragment = trimmed.slice(hashIndex + 1);\n\n if (rawFragment.length === 0) {\n throw new OmaTrustError(\n \"INVALID_DID_URL\",\n \"DID URL has empty fragment (trailing '#' with no identifier)\",\n { input }\n );\n }\n\n fragment = rawFragment;\n }\n\n // Validate the base DID portion\n if (!DID_URL_REGEX.test(did)) {\n throw new OmaTrustError(\n \"INVALID_DID_URL\",\n \"Invalid DID URL: base DID portion is malformed\",\n { input, did }\n );\n }\n\n return {\n didUrl: trimmed,\n did,\n fragment,\n };\n}\n\n/**\n * Check whether a string is a DID URL (contains a fragment).\n * Useful for guards that need to reject DID URLs where a bare DID is expected.\n */\nexport function isDidUrl(input: string): boolean {\n if (typeof input !== \"string\") return false;\n const trimmed = input.trim();\n return trimmed.includes(\"#\") && DID_URL_REGEX.test(trimmed.split(\"#\")[0]);\n}\n\n/**\n * Assert that a string is a bare DID (not a DID URL with a fragment).\n * Throws if the input contains a fragment.\n *\n * Use this in functions that expect a subject DID and must reject DID URLs.\n */\nexport function assertBareDid(input: string, paramName = \"did\"): void {\n assertString(input, paramName, \"INVALID_DID\");\n if (isDidUrl(input)) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Expected a bare DID but received a DID URL with a fragment. Use parseDidUrl() to handle DID URLs.`,\n { input }\n );\n }\n}\n","/**\n * JWK and did:jwk Helpers — Phase 2\n *\n * Provides conversion between public JWKs and did:jwk DIDs,\n * deterministic JWK comparison, and public JWK validation.\n *\n * did:jwk is the preferred durable DID representation for JWS/JWK public key\n * material. It is immutable (the DID IS the key) and should be used as the\n * controllerDid for authorization checks.\n *\n * Uses the `jose` library for base64url encoding/decoding and JWK thumbprints.\n */\n\nimport { base64url, calculateJwkThumbprint } from \"jose\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertObject } from \"../shared/assert\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Minimal public JWK structure */\nexport interface PublicJwk {\n kty: string;\n [key: string]: unknown;\n}\n\n/** Result of JWK validation */\nexport interface JwkValidationResult {\n valid: boolean;\n error?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst VALID_KTY = new Set([\"EC\", \"OKP\", \"RSA\"]);\n\n/** Private key fields that must not appear in a public JWK */\nconst PRIVATE_KEY_FIELDS = new Set([\"d\", \"p\", \"q\", \"dp\", \"dq\", \"qi\", \"oth\"]);\n\n/**\n * Required public key fields per key type.\n * Used for structural validation.\n */\nconst REQUIRED_PUBLIC_FIELDS: Record<string, string[]> = {\n EC: [\"crv\", \"x\", \"y\"],\n OKP: [\"crv\", \"x\"],\n RSA: [\"n\", \"e\"],\n};\n\n// ---------------------------------------------------------------------------\n// Public JWK Validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that a JWK object is a well-formed public key.\n *\n * Requirements:\n * - Must be a non-null object\n * - Must have a valid `kty` (EC, OKP, RSA)\n * - Must have required public key fields for its key type\n * - Must NOT contain private key material (d, p, q, dp, dq, qi, oth)\n */\nexport function validatePublicJwk(jwk: unknown): JwkValidationResult {\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n return { valid: false, error: \"JWK must be a non-null object\" };\n }\n\n const obj = jwk as Record<string, unknown>;\n\n // Check kty\n const kty = obj.kty;\n if (typeof kty !== \"string\" || !VALID_KTY.has(kty)) {\n return {\n valid: false,\n error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(\", \")})`,\n };\n }\n\n // Reject private key material\n for (const field of PRIVATE_KEY_FIELDS) {\n if (field in obj) {\n return {\n valid: false,\n error: `JWK contains private key field \"${field}\" — only public keys are allowed`,\n };\n }\n }\n\n // Check required public fields\n const required = REQUIRED_PUBLIC_FIELDS[kty];\n if (required) {\n for (const field of required) {\n if (!(field in obj) || obj[field] === undefined || obj[field] === null || obj[field] === \"\") {\n return {\n valid: false,\n error: `Missing required public key field \"${field}\" for kty=\"${kty}\"`,\n };\n }\n }\n }\n\n return { valid: true };\n}\n\n// ---------------------------------------------------------------------------\n// did:jwk Conversion\n// ---------------------------------------------------------------------------\n\n/**\n * Deterministic JSON serialization for JWK.\n * Keys are sorted alphabetically to ensure canonical encoding.\n */\nfunction canonicalizeJwkJson(jwk: Record<string, unknown>): string {\n const sorted = Object.keys(jwk).sort();\n const obj: Record<string, unknown> = {};\n for (const key of sorted) {\n obj[key] = jwk[key];\n }\n return JSON.stringify(obj);\n}\n\n/**\n * Convert a public JWK to a did:jwk DID.\n *\n * Uses deterministic (sorted-key) JSON serialization and base64url encoding.\n * Rejects JWKs containing private key material.\n *\n * @param jwk - A public JWK object\n * @returns The did:jwk DID string\n * @throws OmaTrustError if the JWK is invalid or contains private key material\n */\nexport function jwkToDidJwk(jwk: unknown): string {\n assertObject(jwk, \"jwk\", \"INVALID_JWK\");\n\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_JWK\", validation.error ?? \"Invalid public JWK\", { jwk });\n }\n\n const canonical = canonicalizeJwkJson(jwk as Record<string, unknown>);\n const encoded = base64url.encode(new TextEncoder().encode(canonical));\n return `did:jwk:${encoded}`;\n}\n\n/**\n * Convert a did:jwk DID back to a public JWK object.\n *\n * Validates the DID structure, decodes the base64url payload,\n * parses JSON, and validates the resulting JWK.\n *\n * @param didJwk - A did:jwk DID string\n * @returns The decoded public JWK object\n * @throws OmaTrustError if the DID is malformed or contains private key material\n */\nexport function didJwkToJwk(didJwk: string): PublicJwk {\n if (typeof didJwk !== \"string\" || !didJwk.startsWith(\"did:jwk:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected a did:jwk DID\", { input: didJwk });\n }\n\n const parts = didJwk.split(\":\");\n if (parts.length !== 3) {\n throw new OmaTrustError(\"INVALID_DID\", \"did:jwk must have exactly 3 colon-separated parts\", {\n input: didJwk,\n });\n }\n\n const encoded = parts[2];\n if (!encoded || encoded.length === 0) {\n throw new OmaTrustError(\"INVALID_DID\", \"Missing base64url-encoded JWK identifier\", {\n input: didJwk,\n });\n }\n\n // Decode using jose base64url\n let decoded: string;\n try {\n const bytes = base64url.decode(encoded);\n decoded = new TextDecoder().decode(bytes);\n } catch {\n throw new OmaTrustError(\"INVALID_DID\", \"Failed to base64url-decode did:jwk identifier\", {\n input: didJwk,\n });\n }\n\n let jwk: Record<string, unknown>;\n try {\n jwk = JSON.parse(decoded);\n } catch {\n throw new OmaTrustError(\"INVALID_DID\", \"Decoded did:jwk identifier is not valid JSON\", {\n input: didJwk,\n });\n }\n\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Decoded did:jwk must be a JSON object\", {\n input: didJwk,\n });\n }\n\n // Validate as public JWK\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_DID\", validation.error ?? \"Invalid public JWK in did:jwk\", {\n input: didJwk,\n });\n }\n\n return jwk as PublicJwk;\n}\n\n// ---------------------------------------------------------------------------\n// Public JWK Comparison\n// ---------------------------------------------------------------------------\n\n/**\n * Extract only the public key fields from a JWK for comparison purposes.\n * Strips private fields and non-key metadata (kid, use, key_ops, alg, ext).\n */\nfunction extractPublicKeyFields(jwk: Record<string, unknown>): Record<string, unknown> {\n const result: Record<string, unknown> = {};\n const metadataFields = new Set([\"kid\", \"use\", \"key_ops\", \"alg\", \"ext\"]);\n\n for (const [key, value] of Object.entries(jwk)) {\n if (PRIVATE_KEY_FIELDS.has(key)) continue;\n if (metadataFields.has(key)) continue;\n result[key] = value;\n }\n\n return result;\n}\n\n/**\n * Compare two public JWKs for equality.\n *\n * Compares only the public key material fields (kty, crv, x, y, n, e, etc.).\n * Ignores property order, metadata fields (kid, use, alg, key_ops, ext),\n * and rejects/strips private key fields before comparison.\n *\n * @param a - First public JWK\n * @param b - Second public JWK\n * @returns true if both JWKs represent the same public key\n * @throws OmaTrustError if either JWK contains private key material\n */\nexport function publicJwkEquals(a: unknown, b: unknown): boolean {\n assertObject(a, \"a\", \"INVALID_JWK\");\n assertObject(b, \"b\", \"INVALID_JWK\");\n\n const aObj = a as Record<string, unknown>;\n const bObj = b as Record<string, unknown>;\n\n // Reject if either contains private key material\n for (const field of PRIVATE_KEY_FIELDS) {\n if (field in aObj) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `First JWK contains private key field \"${field}\"`,\n { field }\n );\n }\n if (field in bObj) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `Second JWK contains private key field \"${field}\"`,\n { field }\n );\n }\n }\n\n const aPublic = extractPublicKeyFields(aObj);\n const bPublic = extractPublicKeyFields(bObj);\n\n // Compare via canonical JSON\n return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);\n}\n\n\n// ---------------------------------------------------------------------------\n// JWK Thumbprint (RFC 7638)\n// ---------------------------------------------------------------------------\n\n/**\n * Compute an RFC 7638 JWK Thumbprint for a public JWK.\n *\n * Returns the base64url-encoded SHA-256 thumbprint. This is a compact,\n * deterministic fingerprint of the public key material.\n *\n * Used in OMATrust DNS TXT records as: `jkt=S256:<thumbprint>`\n *\n * @param jwk - A public JWK object\n * @param digestAlgorithm - Hash algorithm (default: \"sha256\")\n * @returns base64url-encoded thumbprint string\n * @throws OmaTrustError if the JWK is invalid or contains private key material\n */\nexport async function computeJwkThumbprint(\n jwk: unknown,\n digestAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\"\n): Promise<string> {\n assertObject(jwk, \"jwk\", \"INVALID_JWK\");\n\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_JWK\", validation.error ?? \"Invalid public JWK\", { jwk });\n }\n\n // jose's calculateJwkThumbprint expects a JWK-like object and a digest algorithm\n const alg = digestAlgorithm === \"sha256\" ? \"sha256\"\n : digestAlgorithm === \"sha384\" ? \"sha384\"\n : \"sha512\";\n\n return calculateJwkThumbprint(jwk as Parameters<typeof calculateJwkThumbprint>[0], alg);\n}\n\n/**\n * Format a JWK thumbprint as an OMATrust DNS TXT `jkt` value.\n *\n * Format: `jkt=S256:<base64url-thumbprint>`\n *\n * @param jwk - A public JWK object\n * @returns Formatted jkt string for DNS TXT records\n */\nexport async function formatJktValue(jwk: unknown): Promise<string> {\n const thumbprint = await computeJwkThumbprint(jwk, \"sha256\");\n return `jkt=S256:${thumbprint}`;\n}\n","/**\n * DID Document Fetching — shared utility\n *\n * Fetches did:web DID documents from the well-known endpoint.\n * Used by identity/resolve-key and reputation/proof/did-json.\n */\n\nimport { OmaTrustError } from \"./errors\";\n\n/**\n * Fetch a DID document for a did:web domain.\n *\n * Resolves `https://<domain>/.well-known/did.json` and returns the parsed JSON.\n *\n * @param domain - The domain to fetch the DID document from\n * @returns The parsed DID document\n * @throws OmaTrustError with code NETWORK_ERROR if fetch fails\n */\nexport async function fetchDidDocument(\n domain: string\n): Promise<Record<string, unknown>> {\n const normalized = domain.toLowerCase().replace(/\\.$/, \"\");\n const url = `https://${normalized}/.well-known/did.json`;\n\n let response: Response;\n try {\n response = await fetch(url, { headers: { Accept: \"application/json\" } });\n } catch (err) {\n throw new OmaTrustError(\"NETWORK_ERROR\", \"Failed to fetch DID document\", { domain, err });\n }\n\n if (!response.ok) {\n throw new OmaTrustError(\"NETWORK_ERROR\", `DID document fetch failed: ${response.status}`, {\n domain,\n status: response.status,\n });\n }\n\n return (await response.json()) as Record<string, unknown>;\n}\n","/**\n * DID URL Key Resolution — Phase 3\n *\n * Resolves DID URL key references (e.g. did:web:api.example.com#key-1) to\n * public key material and derives durable did:jwk controller DIDs.\n *\n * DID URLs are mutable key references. This module resolves them to the\n * actual public key material they currently point to, then converts that\n * material into an immutable did:jwk for use as a controller DID.\n */\n\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\nimport { fetchDidDocument } from \"../shared/did-document\";\nimport { parseDidUrl } from \"./did-url\";\nimport { extractDidMethod, getDomainFromDidWeb } from \"./did\";\nimport { validatePublicJwk, jwkToDidJwk, type PublicJwk } from \"./jwk\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Result of resolving a DID URL to public key material */\nexport interface ResolvedPublicKey {\n /** The original DID URL */\n didUrl: string;\n /** The base DID (without fragment) */\n did: string;\n /** The fragment identifier */\n fragment: string | null;\n /** The resolved public JWK */\n publicKeyJwk: PublicJwk;\n /** The verification method ID that matched */\n verificationMethodId: string;\n}\n\n/** Result of resolving a DID URL to a durable controller DID */\nexport interface ResolvedControllerDid extends ResolvedPublicKey {\n /** The durable did:jwk derived from the resolved public key */\n controllerDid: string;\n}\n\n/** Options for DID URL key resolution */\nexport interface ResolveKeyOptions {\n /**\n * Custom DID document fetcher. If not provided, uses the shared\n * fetchDidDocument which fetches from `/.well-known/did.json`.\n */\n fetchDidDocument?: (domain: string) => Promise<Record<string, unknown>>;\n}\n\n// ---------------------------------------------------------------------------\n// Verification Method Search\n// ---------------------------------------------------------------------------\n\ninterface VerificationMethod {\n id: string;\n type?: string;\n publicKeyJwk?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\n/**\n * Find a verification method in a DID document by DID URL or fragment.\n */\nfunction findVerificationMethod(\n didDocument: Record<string, unknown>,\n didUrl: string,\n fragment: string | null\n): VerificationMethod | null {\n const methods = didDocument.verificationMethod;\n if (!Array.isArray(methods)) {\n return null;\n }\n\n for (const method of methods as VerificationMethod[]) {\n if (!method || typeof method !== \"object\") continue;\n const id = method.id;\n if (typeof id !== \"string\") continue;\n\n // Match by full DID URL\n if (id === didUrl) return method;\n\n // Match by fragment (e.g. \"#key-1\" matches \"did:web:example.com#key-1\")\n if (fragment && (id === `#${fragment}` || id.endsWith(`#${fragment}`))) {\n return method;\n }\n }\n\n return null;\n}\n\n/**\n * Extract verification method IDs from a DID document for error reporting.\n */\nfunction extractMethodIdsFromDidDocument(didDocument: Record<string, unknown>): string[] {\n const methods = didDocument.verificationMethod;\n if (!Array.isArray(methods)) return [];\n return (methods as Array<Record<string, unknown>>)\n .filter((m) => m && typeof m.id === \"string\")\n .map((m) => m.id as string);\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve a DID URL to public key material.\n *\n * Currently supports:\n * - did:web with fragment (e.g. did:web:api.example.com#key-1)\n *\n * Resolution steps:\n * 1. Parse the DID URL\n * 2. Resolve the base DID (fetch DID document)\n * 3. Find the matching verification method\n * 4. Extract and validate publicKeyJwk\n *\n * This function only obtains key material. It does not make authorization\n * decisions or check Controller Witness / Key Binding records.\n *\n * @param didUrl - A DID URL string (e.g. \"did:web:api.example.com#key-1\")\n * @param options - Optional configuration (custom fetcher, etc.)\n * @returns Resolved public key information\n * @throws OmaTrustError if resolution fails\n */\nexport async function resolveDidUrlToPublicKey(\n didUrl: string,\n options?: ResolveKeyOptions\n): Promise<ResolvedPublicKey> {\n assertString(didUrl, \"didUrl\", \"INVALID_DID_URL\");\n\n const parsed = parseDidUrl(didUrl);\n const method = extractDidMethod(parsed.did);\n\n if (!method) {\n throw new OmaTrustError(\"INVALID_DID_URL\", \"Cannot extract DID method from DID URL\", {\n didUrl,\n did: parsed.did,\n });\n }\n\n switch (method) {\n case \"web\":\n return resolveDidUrlKey(parsed.didUrl, parsed.did, parsed.fragment, options);\n default:\n throw new OmaTrustError(\n \"UNSUPPORTED_DID_METHOD\",\n `DID URL key resolution is not supported for method \"${method}\"`,\n { didUrl, method }\n );\n }\n}\n\n/**\n * Resolve a DID URL to a durable controller DID.\n *\n * This wraps resolveDidUrlToPublicKey and adds the did:jwk conversion step.\n * The returned controllerDid is the durable DID that callers should pass\n * to getControllerAuthorization.\n *\n * @param didUrl - A DID URL string (e.g. \"did:web:api.example.com#key-1\")\n * @param options - Optional configuration (custom fetcher, etc.)\n * @returns Resolved public key plus derived did:jwk controller DID\n * @throws OmaTrustError if resolution fails\n */\nexport async function resolveDidUrlToControllerDid(\n didUrl: string,\n options?: ResolveKeyOptions\n): Promise<ResolvedControllerDid> {\n const resolved = await resolveDidUrlToPublicKey(didUrl, options);\n const controllerDid = jwkToDidJwk(resolved.publicKeyJwk);\n\n return {\n ...resolved,\n controllerDid,\n };\n}\n\n// ---------------------------------------------------------------------------\n// did:web Resolution\n// ---------------------------------------------------------------------------\n\nasync function resolveDidUrlKey(\n didUrl: string,\n did: string,\n fragment: string | null,\n options?: ResolveKeyOptions\n): Promise<ResolvedPublicKey> {\n const domain = getDomainFromDidWeb(did);\n if (!domain) {\n throw new OmaTrustError(\"INVALID_DID_URL\", \"Cannot extract domain from did:web DID\", {\n didUrl,\n did,\n });\n }\n\n // Fetch DID document\n const fetchFn = options?.fetchDidDocument ?? fetchDidDocument;\n const didDocument = await fetchFn(domain);\n\n // Find verification method\n const method = findVerificationMethod(didDocument, didUrl, fragment);\n if (!method) {\n throw new OmaTrustError(\n \"KEY_NOT_FOUND\",\n `No verification method found matching \"${fragment ? `#${fragment}` : didUrl}\"`,\n { didUrl, fragment, availableMethods: extractMethodIdsFromDidDocument(didDocument) }\n );\n }\n\n // Extract publicKeyJwk\n const publicKeyJwk = method.publicKeyJwk;\n if (!publicKeyJwk || typeof publicKeyJwk !== \"object\") {\n throw new OmaTrustError(\n \"KEY_NOT_FOUND\",\n `Verification method \"${method.id}\" does not contain publicKeyJwk`,\n { didUrl, verificationMethodId: method.id }\n );\n }\n\n // Validate the JWK is a valid public key\n const validation = validatePublicJwk(publicKeyJwk);\n if (!validation.valid) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `publicKeyJwk in verification method \"${method.id}\" is invalid: ${validation.error}`,\n { didUrl, verificationMethodId: method.id }\n );\n }\n\n return {\n didUrl,\n did,\n fragment,\n publicKeyJwk: publicKeyJwk as PublicJwk,\n verificationMethodId: method.id,\n };\n}\n","/**\n * Controller ID Comparison\n *\n * Determines whether two controller DIDs refer to the same entity.\n * Handles DID normalization and EVM address-based fallback (chain-agnostic).\n */\n\nimport { normalizeDid, extractDidMethod, extractAddressFromDid } from \"./did\";\nimport { didJwkToJwk, publicJwkEquals } from \"./jwk\";\n\n/**\n * Check if two controller DIDs refer to the same entity.\n *\n * Matching strategies (tried in order):\n * 1. Exact normalized DID string match\n * 2. EVM address match (chain-agnostic): if both DIDs resolve to the same\n * EVM address, they match regardless of chain ID. This handles cases like\n * did:pkh:eip155:1:0xABC matching did:pkh:eip155:137:0xABC.\n * 3. JWK material match: if both are did:jwk, compare the decoded public key\n * material directly (handles non-canonical encoding differences).\n *\n * @param a - First controller DID\n * @param b - Second controller DID\n * @returns true if both DIDs refer to the same controller\n */\nexport function isSameControllerId(a: string, b: string): boolean {\n // Strategy 1: Exact normalized DID string match\n let normalizedA: string | null = null;\n let normalizedB: string | null = null;\n\n try {\n normalizedA = normalizeDid(a);\n } catch {\n // a may not be normalizable\n }\n\n try {\n normalizedB = normalizeDid(b);\n } catch {\n // b may not be normalizable\n }\n\n if (normalizedA && normalizedB && normalizedA === normalizedB) {\n return true;\n }\n\n // Strategy 2: EVM address match (chain-agnostic)\n const evmA = extractControllerEvmAddress(a);\n const evmB = extractControllerEvmAddress(b);\n\n if (evmA && evmB && evmA.toLowerCase() === evmB.toLowerCase()) {\n return true;\n }\n\n // Strategy 3: JWK material match (for did:jwk with different encodings)\n const methodA = extractDidMethod(a);\n const methodB = extractDidMethod(b);\n\n if (methodA === \"jwk\" && methodB === \"jwk\") {\n try {\n const jwkA = didJwkToJwk(a);\n const jwkB = didJwkToJwk(b);\n return publicJwkEquals(jwkA, jwkB);\n } catch {\n return false;\n }\n }\n\n return false;\n}\n\n/**\n * Extract an EVM address from a controller DID, if possible.\n * Returns null for non-EVM controllers (did:jwk, non-eip155 did:pkh, etc.)\n */\nexport function extractControllerEvmAddress(controllerDid: string): string | null {\n try {\n const method = extractDidMethod(controllerDid);\n if (method === \"pkh\" && controllerDid.includes(\"eip155\")) {\n return extractAddressFromDid(controllerDid);\n }\n } catch {\n // Not extractable\n }\n return null;\n}\n","/**\n * Identity Types — Phase 4\n *\n * Types for JWS verification results and authorization metadata.\n * These define the contract between signature verification and\n * downstream authorization checks via getControllerAuthorization.\n */\n\nimport type { PublicJwk } from \"./jwk\";\n\n// ---------------------------------------------------------------------------\n// JWS Verification Result\n// ---------------------------------------------------------------------------\n\n/** Source of the public key used for JWS signature verification */\nexport type PublicKeySource = \"embedded-jwk\" | \"kid-resolution\";\n\n/**\n * Structured result of JWS signature verification.\n *\n * This result is NOT an authorization result. It does not determine whether\n * the signing key was authorized to act for the service identified by resourceUrl.\n *\n * It provides enough information for callers to perform downstream authorization\n * checks via getControllerAuthorization:\n * - publicKeyDid (did:jwk) is the durable controller DID\n * - resourceUrl identifies the service subject\n * - issuedAt enables authorization-window checks for receipts\n */\nexport interface JwsVerificationResult {\n /** Whether the JWS signature is cryptographically valid */\n valid: boolean;\n\n /** Decoded JWS protected header */\n header: Record<string, unknown>;\n\n /** Decoded JWS payload */\n payload: Record<string, unknown>;\n\n /** kid from the JWS header (a key reference, NOT a controller DID) */\n kid: string | null;\n\n /** The public JWK used for signature verification */\n publicKeyJwk: PublicJwk;\n\n /** How the public key was obtained */\n publicKeySource: PublicKeySource;\n\n /**\n * The durable did:jwk derived from the public key.\n * This is the controller DID for downstream authorization checks.\n * Pass this as controllerDid to getControllerAuthorization.\n */\n publicKeyDid: string;\n\n /** Error details when valid is false */\n error?: JwsVerificationError;\n}\n\n/** Error details for failed JWS verification */\nexport interface JwsVerificationError {\n code: string;\n message: string;\n}\n\n/**\n * Failed JWS verification result.\n * Returned when parsing, decoding, or signature verification fails.\n */\nexport interface JwsVerificationFailure {\n valid: false;\n error: JwsVerificationError;\n header?: Record<string, unknown>;\n payload?: Record<string, unknown>;\n kid?: string | null;\n publicKeyJwk?: PublicJwk;\n publicKeySource?: PublicKeySource;\n publicKeyDid?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Metadata\n// ---------------------------------------------------------------------------\n\n/**\n * Authorization metadata extracted from a verified JWS artifact.\n *\n * This is the information a caller needs to perform an authorization check\n * after JWS signature verification succeeds.\n *\n * Usage:\n * 1. Verify JWS → get JwsVerificationResult\n * 2. Extract AuthorizationMetadata from the result\n * 3. Call getControllerAuthorization({ subjectDid, controllerDid, purpose })\n * 4. Evaluate the returned authorization window against policy\n */\nexport interface AuthorizationMetadata {\n /**\n * The durable controller DID (did:jwk) derived from the verified public key.\n * Pass this as controllerDid to getControllerAuthorization.\n */\n controllerDid: string;\n\n /**\n * The subject DID derived from resourceUrl.\n * For x402 artifacts, this is typically did:web:<domain-from-resourceUrl>.\n * Pass this as subjectDid to getControllerAuthorization.\n */\n subjectDid: string | null;\n\n /**\n * The resourceUrl from the signed payload.\n * Identifies the service/resource the artifact is associated with.\n */\n resourceUrl: string | null;\n\n /**\n * The issuedAt timestamp from the signed payload (receipts).\n * Used for authorization-window checks — was the controller authorized at this time?\n */\n issuedAt: string | null;\n\n /**\n * The kid from the JWS header (mutable key reference).\n * Useful for key-pinning lookups but NOT a controller DID.\n */\n kid: string | null;\n\n /** The public JWK used for signature verification */\n publicKeyJwk: PublicJwk;\n}\n\n// ---------------------------------------------------------------------------\n// Helper\n// ---------------------------------------------------------------------------\n\n/**\n * Extract authorization metadata from a successful JWS verification result.\n *\n * Derives the subject DID from resourceUrl when possible (assumes did:web\n * for HTTPS URLs). Returns null for subjectDid if resourceUrl is missing\n * or cannot be parsed.\n *\n * @param result - A successful JwsVerificationResult (valid === true)\n * @returns Authorization metadata for downstream getControllerAuthorization calls\n */\nexport function extractAuthorizationMetadata(\n result: JwsVerificationResult\n): AuthorizationMetadata {\n const payload = result.payload;\n\n const resourceUrl = typeof payload.resourceUrl === \"string\" ? payload.resourceUrl : null;\n const issuedAt = typeof payload.issuedAt === \"string\" ? payload.issuedAt : null;\n\n // Derive subject DID from resourceUrl\n let subjectDid: string | null = null;\n if (resourceUrl) {\n try {\n const url = new URL(resourceUrl);\n subjectDid = `did:web:${url.hostname}`;\n } catch {\n // Cannot parse URL — leave subjectDid null\n }\n }\n\n return {\n controllerDid: result.publicKeyDid,\n subjectDid,\n resourceUrl,\n issuedAt,\n kid: result.kid,\n publicKeyJwk: result.publicKeyJwk,\n };\n}\n","import canonicalize from \"canonicalize\";\nimport { keccak256, sha256, toUtf8Bytes } from \"ethers\";\nimport { OmaTrustError } from \"../shared/errors\";\n\ntype Hex = `0x${string}`;\n\nexport function canonicalizeJson(obj: unknown): string {\n const jcs = canonicalize(obj);\n if (!jcs) {\n throw new OmaTrustError(\"INVALID_INPUT\", \"Object cannot be canonicalized\", { obj });\n }\n return jcs;\n}\n\nexport function canonicalizeForHash(obj: unknown): { jcsJson: string; hash: Hex } {\n const jcsJson = canonicalizeJson(obj);\n return {\n jcsJson,\n hash: keccak256(toUtf8Bytes(jcsJson)) as Hex\n };\n}\n\nexport function hashCanonicalizedJson(obj: unknown, algorithm: \"keccak256\" | \"sha256\"): Hex {\n const jcs = canonicalizeJson(obj);\n const bytes = toUtf8Bytes(jcs);\n return (algorithm === \"keccak256\" ? keccak256(bytes) : sha256(bytes)) as Hex;\n}\n"]}
1
+ {"version":3,"sources":["../../src/shared/errors.ts","../../src/shared/assert.ts","../../src/identity/caip.ts","../../src/identity/jwk.ts","../../src/identity/did.ts","../../src/identity/did-url.ts","../../src/shared/did-document.ts","../../src/identity/resolve-key.ts","../../src/identity/controller-id.ts","../../src/identity/types.ts","../../src/identity/data.ts","../../src/identity/artifact.ts","../../src/identity/did-migration.ts"],"names":["code","base64url","calculateJwkThumbprint","keccak256","toUtf8Bytes","isAddress","getAddress","canonicalize","sha256","raw","cid","CID","base32","digest","digestHex","base58btc"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAO,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EACvC,IAAA;AAAA,EACA,OAAA;AAAA,EAEA,WAAA,CAAYA,KAAAA,EAAc,OAAA,EAAiB,OAAA,EAAmB;AAC5D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAOA,KAAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF,CAAA;;;ACRO,SAAS,YAAA,CAAa,KAAA,EAAgB,IAAA,EAAcA,KAAAA,GAAO,eAAA,EAA0C;AAC1G,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,MAAM,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AAC1D,IAAA,MAAM,IAAI,cAAcA,KAAAA,EAAM,CAAA,EAAG,IAAI,CAAA,2BAAA,CAAA,EAA+B,EAAE,OAAO,CAAA;AAAA,EAC/E;AACF;AAQO,SAAS,YAAA,CAAa,KAAA,EAAgB,IAAA,EAAcA,KAAAA,GAAO,eAAA,EAA2D;AAC3H,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,cAAcA,KAAAA,EAAM,CAAA,EAAG,IAAI,CAAA,kBAAA,CAAA,EAAsB,EAAE,OAAO,CAAA;AAAA,EACtE;AACF;;;ACFA,IAAM,aAAA,GAAgB,uEAAA;AACtB,IAAM,YAAA,GAAe,wDAAA;AAEd,SAAS,YAAY,KAAA,EAA6B;AACvD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,cAAc,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,aAAa,CAAA;AACzC,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,wBAAA,EAA0B,EAAE,OAAO,CAAA;AAAA,EAC7E;AAEA,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA;AAE7B,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,SAAA,IAAa,CAAC,OAAA,EAAS;AACxC,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EACjF;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,SAAA,EAAW,OAAA,EAAQ;AACzC;AAEO,SAAS,WAAA,CAAY,SAAA,EAAmB,SAAA,EAAmB,OAAA,EAAyB;AACzF,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,cAAc,CAAA;AAC/C,EAAA,OAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,IAAI,OAAO,CAAA,CAAA;AAC7C;AAEO,SAAS,gBAAgB,KAAA,EAAuB;AACrD,EAAA,MAAM,MAAA,GAAS,YAAY,KAAK,CAAA;AAChC,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,SAAA,CAAU,WAAA,EAAY;AAC/C,EAAA,MAAM,YAAY,MAAA,CAAO,SAAA;AAEzB,EAAA,IAAI,UAAU,MAAA,CAAO,OAAA;AACrB,EAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,IAAA,OAAA,GAAU,QAAQ,WAAA,EAAY;AAAA,EAChC;AAEA,EAAA,OAAO,WAAA,CAAY,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AAClD;AAEO,SAAS,UAAA,CAAW,WAAmB,SAAA,EAA2B;AACvE,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,cAAc,CAAA;AACnD,EAAA,OAAO,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA;AAClC;AAEO,SAAS,WAAW,KAAA,EAA4B;AACrD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,cAAc,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,YAAY,CAAA;AACxC,EAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,uBAAA,EAAyB,EAAE,OAAO,CAAA;AAAA,EAC5E;AAEA,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,SAAA;AAC/B,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,SAAA,EAAW;AAC5B,IAAA,MAAM,IAAI,aAAA,CAAc,cAAA,EAAgB,2BAAA,EAA6B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,OAAO,EAAE,WAAW,SAAA,EAAU;AAChC;AC1CA,IAAM,4BAAY,IAAI,GAAA,CAAI,CAAC,IAAA,EAAM,KAAA,EAAO,KAAK,CAAC,CAAA;AAG9C,IAAM,kBAAA,mBAAqB,IAAI,GAAA,CAAI,CAAC,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,KAAK,CAAC,CAAA;AAM3E,IAAM,sBAAA,GAAmD;AAAA,EACvD,EAAA,EAAI,CAAC,KAAA,EAAO,GAAA,EAAK,GAAG,CAAA;AAAA,EACpB,GAAA,EAAK,CAAC,KAAA,EAAO,GAAG,CAAA;AAAA,EAChB,GAAA,EAAK,CAAC,GAAA,EAAK,GAAG;AAChB,CAAA;AAeO,SAAS,kBAAkB,GAAA,EAAmC;AACnE,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,EAAO,+BAAA,EAAgC;AAAA,EAChE;AAEA,EAAA,MAAM,GAAA,GAAM,GAAA;AAGZ,EAAA,MAAM,MAAM,GAAA,CAAI,GAAA;AAChB,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,SAAA,CAAU,GAAA,CAAI,GAAG,CAAA,EAAG;AAClD,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO,2CAA2C,CAAC,GAAG,SAAS,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,KAC7E;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,SAAS,kBAAA,EAAoB;AACtC,IAAA,IAAI,SAAS,GAAA,EAAK;AAChB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,KAAA,EAAO,mCAAmC,KAAK,CAAA,qCAAA;AAAA,OACjD;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,uBAAuB,GAAG,CAAA;AAC3C,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,KAAA,MAAW,SAAS,QAAA,EAAU;AAC5B,MAAA,IAAI,EAAE,KAAA,IAAS,GAAA,CAAA,IAAQ,GAAA,CAAI,KAAK,CAAA,KAAM,MAAA,IAAa,GAAA,CAAI,KAAK,CAAA,KAAM,IAAA,IAAQ,GAAA,CAAI,KAAK,MAAM,EAAA,EAAI;AAC3F,QAAA,OAAO;AAAA,UACL,KAAA,EAAO,KAAA;AAAA,UACP,KAAA,EAAO,CAAA,mCAAA,EAAsC,KAAK,CAAA,WAAA,EAAc,GAAG,CAAA,CAAA;AAAA,SACrE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAUA,SAAS,oBAAoB,GAAA,EAAsC;AACjE,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,GAAG,EAAE,IAAA,EAAK;AACrC,EAAA,MAAM,MAA+B,EAAC;AACtC,EAAA,KAAA,MAAW,OAAO,MAAA,EAAQ;AACxB,IAAA,GAAA,CAAI,GAAG,CAAA,GAAI,GAAA,CAAI,GAAG,CAAA;AAAA,EACpB;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,GAAG,CAAA;AAC3B;AAYO,SAAS,YAAY,GAAA,EAAsB;AAChD,EAAA,YAAA,CAAa,GAAA,EAAK,OAAO,aAAa,CAAA;AAEtC,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,UAAA,CAAW,SAAS,oBAAA,EAAsB,EAAE,KAAK,CAAA;AAAA,EAC1F;AAEA,EAAA,MAAM,SAAA,GAAY,oBAAoB,GAA8B,CAAA;AACpE,EAAA,MAAM,OAAA,GAAUC,eAAU,MAAA,CAAO,IAAI,aAAY,CAAE,MAAA,CAAO,SAAS,CAAC,CAAA;AACpE,EAAA,OAAO,WAAW,OAAO,CAAA,CAAA;AAC3B;AAYO,SAAS,YAAY,MAAA,EAA2B;AACrD,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,CAAC,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,0BAA0B,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC9B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,mDAAA,EAAqD;AAAA,MAC1F,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,CAAC,CAAA;AACvB,EAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,0CAAA,EAA4C;AAAA,MACjF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQA,cAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AACtC,IAAA,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EAC1C,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+CAAA,EAAiD;AAAA,MACtF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,8CAAA,EAAgD;AAAA,MACrF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,uCAAA,EAAyC;AAAA,MAC9E,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,UAAA,CAAW,SAAS,+BAAA,EAAiC;AAAA,MAC1F,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,GAAA;AACT;AAUA,SAAS,uBAAuB,GAAA,EAAuD;AACrF,EAAA,MAAM,SAAkC,EAAC;AACzC,EAAA,MAAM,cAAA,uBAAqB,GAAA,CAAI,CAAC,OAAO,KAAA,EAAO,SAAA,EAAW,KAAA,EAAO,KAAK,CAAC,CAAA;AAEtE,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAAG,CAAA,EAAG;AAC9C,IAAA,IAAI,kBAAA,CAAmB,GAAA,CAAI,GAAG,CAAA,EAAG;AACjC,IAAA,IAAI,cAAA,CAAe,GAAA,CAAI,GAAG,CAAA,EAAG;AAC7B,IAAA,MAAA,CAAO,GAAG,CAAA,GAAI,KAAA;AAAA,EAChB;AAEA,EAAA,OAAO,MAAA;AACT;AAcO,SAAS,eAAA,CAAgB,GAAY,CAAA,EAAqB;AAC/D,EAAA,YAAA,CAAa,CAAA,EAAG,KAAK,aAAa,CAAA;AAClC,EAAA,YAAA,CAAa,CAAA,EAAG,KAAK,aAAa,CAAA;AAElC,EAAA,MAAM,IAAA,GAAO,CAAA;AACb,EAAA,MAAM,IAAA,GAAO,CAAA;AAGb,EAAA,KAAA,MAAW,SAAS,kBAAA,EAAoB;AACtC,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,aAAA;AAAA,QACA,yCAAyC,KAAK,CAAA,CAAA,CAAA;AAAA,QAC9C,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AACA,IAAA,IAAI,SAAS,IAAA,EAAM;AACjB,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,aAAA;AAAA,QACA,0CAA0C,KAAK,CAAA,CAAA,CAAA;AAAA,QAC/C,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,uBAAuB,IAAI,CAAA;AAC3C,EAAA,MAAM,OAAA,GAAU,uBAAuB,IAAI,CAAA;AAG3C,EAAA,OAAO,mBAAA,CAAoB,OAAO,CAAA,KAAM,mBAAA,CAAoB,OAAO,CAAA;AACrE;AAoBA,eAAsB,oBAAA,CACpB,GAAA,EACA,eAAA,GAAkD,QAAA,EACjC;AACjB,EAAA,YAAA,CAAa,GAAA,EAAK,OAAO,aAAa,CAAA;AAEtC,EAAA,MAAM,UAAA,GAAa,kBAAkB,GAAG,CAAA;AACxC,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,UAAA,CAAW,SAAS,oBAAA,EAAsB,EAAE,KAAK,CAAA;AAAA,EAC1F;AAGA,EAAA,MAAM,MAAM,eAAA,KAAoB,QAAA,GAAW,QAAA,GACvC,eAAA,KAAoB,WAAW,QAAA,GAC/B,QAAA;AAEJ,EAAA,OAAOC,2BAAA,CAAuB,KAAqD,GAAG,CAAA;AACxF;AAUA,eAAsB,eAAe,GAAA,EAA+B;AAClE,EAAA,MAAM,UAAA,GAAa,MAAM,oBAAA,CAAqB,GAAA,EAAK,QAAQ,CAAA;AAC3D,EAAA,OAAO,YAAY,UAAU,CAAA,CAAA;AAC/B;;;AC5TA,IAAM,SAAA,GAAY,qBAAA;AAEX,SAAS,WAAW,GAAA,EAAsB;AAC/C,EAAA,OAAO,SAAA,CAAU,KAAK,GAAG,CAAA;AAC3B;AAEO,SAAS,iBAAiB,GAAA,EAAyB;AACxD,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,oBAAoB,CAAA;AAC5C,EAAA,OAAO,KAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA;AAC5B;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,uBAAuB,CAAA;AAC/C,EAAA,OAAO,KAAA,GAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA;AAC5B;AAEO,SAAS,gBAAgB,MAAA,EAAwB;AACtD,EAAA,YAAA,CAAa,MAAA,EAAQ,UAAU,aAAa,CAAA;AAC5C,EAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,WAAA,EAAY,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA,CAAE,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA;AAC5E;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAE3B,EAAA,IAAI,OAAA,CAAQ,WAAW,MAAM,CAAA,IAAK,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACjE,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,UAAA,CAAW,UAAU,IAC5C,OAAA,CAAQ,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,GAC/B,OAAA;AAEJ,EAAA,MAAM,CAAC,IAAA,EAAM,GAAG,SAAS,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AACjD,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,MAAM,cAAA,GAAiB,gBAAgB,IAAI,CAAA;AAC3C,EAAA,MAAM,IAAA,GAAO,UAAU,MAAA,GAAS,CAAA,GAAI,IAAI,SAAA,CAAU,IAAA,CAAK,GAAG,CAAC,CAAA,CAAA,GAAK,EAAA;AAChE,EAAA,OAAO,CAAA,QAAA,EAAW,cAAc,CAAA,EAAG,IAAI,CAAA,CAAA;AACzC;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,wBAAA,EAA0B,EAAE,OAAO,CAAA;AAAA,EAC5E;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAC1C,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,OAAA,IAAW,CAAC,OAAA,EAAS;AACtC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,OAAO,CAAA;AAAA,EAChF;AAEA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,WAAA,EAAa,IAAI,OAAO,CAAA,CAAA,EAAI,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAC/E;AAEO,SAAS,mBAAmB,KAAA,EAAoB;AACrD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,aAAa,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,yBAAA,EAA2B,EAAE,OAAO,CAAA;AAAA,EAC7E;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,2BAAA,EAA6B,EAAE,OAAO,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,KAAK,QAAA,EAAU,QAAQ,CAAA,GAAI,KAAA;AACjC,EAAA,IAAI,CAAC,QAAA,IAAY,CAAC,QAAA,EAAU;AAC1B,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+BAAA,EAAiC,EAAE,OAAO,CAAA;AAAA,EACnF;AAEA,EAAA,OAAO,CAAA,WAAA,EAAc,QAAA,CAAS,WAAA,EAAa,IAAI,QAAQ,CAAA,CAAA;AACzD;AAEO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,OAAO,OAAA;AACT;AAEO,SAAS,aAAa,KAAA,EAAoB;AAC/C,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAE1C,EAAA,MAAM,UAAU,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAEzC,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAA,EAAG;AAC/B,IAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,EAChC;AAEA,EAAA,IAAI,CAAC,UAAA,CAAW,OAAO,CAAA,EAAG;AACxB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,oBAAA,EAAsB,EAAE,OAAO,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,MAAA,GAAS,iBAAiB,OAAO,CAAA;AACvC,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,QAAA;AACH,MAAA,OAAO,mBAAmB,OAAO,CAAA;AAAA,IACnC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC,KAAK,KAAA;AACH,MAAA,OAAO,gBAAgB,OAAO,CAAA;AAAA,IAChC;AACE,MAAA,OAAO,OAAA;AAAA;AAEb;AAEO,SAAS,eAAe,GAAA,EAAe;AAC5C,EAAA,MAAM,UAAA,GAAa,aAAa,GAAG,CAAA;AACnC,EAAA,OAAOC,gBAAA,CAAUC,kBAAA,CAAY,UAAU,CAAC,CAAA;AAC1C;AAEO,SAAS,kBAAkB,OAAA,EAAmB;AACnD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,aAAa,CAAA;AAC9C,EAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,OAAO,CAAA,EAAG;AACxC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,6BAAA,EAA+B,EAAE,SAAS,CAAA;AAAA,EACnF;AAGA,EAAA,OAAO,KAAK,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,aAAa,CAAA,CAAA;AAC9C;AAEO,SAAS,aAAa,GAAA,EAAe;AAC1C,EAAA,OAAO,iBAAA,CAAkB,cAAA,CAAe,GAAG,CAAC,CAAA;AAC9C;AAEO,SAAS,kBAAA,CAAmB,KAAU,OAAA,EAAuB;AAClE,EAAA,IAAI;AACF,IAAA,OAAO,YAAA,CAAa,GAAG,CAAA,CAAE,WAAA,OAAkB,MAAA,CAAO,OAAO,EAAE,WAAA,EAAY;AAAA,EACzE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEO,SAAS,YAAY,MAAA,EAAqB;AAC/C,EAAA,OAAO,CAAA,QAAA,EAAW,eAAA,CAAgB,MAAM,CAAC,CAAA,CAAA;AAC3C;AAEO,SAAS,WAAA,CACd,SAAA,EACA,OAAA,EACA,OAAA,EACK;AACL,EAAA,YAAA,CAAa,SAAA,EAAW,aAAa,aAAa,CAAA;AAClD,EAAA,YAAA,CAAa,OAAA,EAAS,WAAW,aAAa,CAAA;AAC9C,EAAA,IAAI,OAAA,KAAY,EAAA,IAAM,OAAA,KAAY,IAAA,IAAQ,YAAY,MAAA,EAAW;AAC/D,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,qBAAA,EAAuB,EAAE,SAAS,CAAA;AAAA,EAC3E;AACA,EAAA,OAAO,CAAA,QAAA,EAAW,UAAU,WAAA,EAAa,IAAI,OAAO,CAAA,CAAA,EAAI,OAAA,CAAQ,WAAA,EAAa,CAAA,CAAA;AAC/E;AAEO,SAAS,cAAA,CAAe,SAA0B,OAAA,EAAsB;AAC7E,EAAA,OAAO,WAAA,CAAY,QAAA,EAAU,OAAA,EAAS,OAAO,CAAA;AAC/C;AAEO,SAAS,sBAAsB,MAAA,EAAqB;AACzD,EAAA,MAAM,MAAA,GAAS,YAAY,MAAM,CAAA;AACjC,EAAA,OAAO,YAAY,MAAA,CAAO,SAAA,EAAW,MAAA,CAAO,SAAA,EAAW,OAAO,OAAO,CAAA;AACvE;AAEA,SAAS,YAAY,GAAA,EAA0E;AAC7F,EAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAC1C,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,OAAA,IAAW,CAAC,OAAA,EAAS;AACtC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,EAAE,SAAA,EAAW,OAAA,EAAS,OAAA,EAAQ;AACvC;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,OAAA,IAAW,IAAA;AACtC;AAEO,SAAS,qBAAqB,GAAA,EAAyB;AAC5D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,OAAA,IAAW,IAAA;AACtC;AAEO,SAAS,uBAAuB,GAAA,EAAyB;AAC9D,EAAA,OAAO,WAAA,CAAY,GAAG,CAAA,EAAG,SAAA,IAAa,IAAA;AACxC;AAEO,SAAS,YAAY,GAAA,EAAmB;AAC7C,EAAA,OAAO,sBAAA,CAAuB,GAAG,CAAA,KAAM,QAAA;AACzC;AAEO,SAAS,oBAAoB,GAAA,EAAyB;AAC3D,EAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC/B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAC9C,EAAA,MAAM,CAAC,MAAM,CAAA,GAAI,UAAA,CAAW,MAAM,GAAG,CAAA;AACrC,EAAA,OAAO,MAAA,IAAU,IAAA;AACnB;AAmBO,SAAS,sBAAsB,UAAA,EAA4B;AAChE,EAAA,YAAA,CAAa,UAAA,EAAY,cAAc,aAAa,CAAA;AAEpD,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,UAAU,CAAA,EAAG;AACrC,IAAA,MAAM,GAAA,GAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAC,CAAA;AACnD,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,4BAAA,EAA8B,EAAE,YAAY,CAAA;AAAA,IACrF;AACA,IAAA,OAAO,GAAA,CAAI,OAAA;AAAA,EACb;AAEA,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,WAAW,CAAA,EAAG;AACtC,IAAA,MAAM,QAAQ,UAAA,CAAW,OAAA,CAAQ,aAAa,EAAE,CAAA,CAAE,MAAM,GAAG,CAAA;AAC3D,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,KAAW,CAAA,GAAI,MAAM,CAAC,CAAA,GAAI,MAAM,CAAC,CAAA;AACvD,IAAA,IAAI,CAAC,OAAA,IAAW,CAACC,gBAAA,CAAU,OAAO,CAAA,EAAG;AACnC,MAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,6BAAA,EAA+B,EAAE,YAAY,CAAA;AAAA,IACtF;AACA,IAAA,OAAOC,kBAAW,OAAO,CAAA;AAAA,EAC3B;AAEA,EAAA,IAAI,UAAA,CAAW,KAAA,CAAM,8CAA8C,CAAA,EAAG;AACpE,IAAA,MAAM,MAAA,GAAS,YAAY,UAAU,CAAA;AACrC,IAAA,OAAO,MAAA,CAAO,OAAA;AAAA,EAChB;AAEA,EAAA,IAAID,gBAAA,CAAU,UAAU,CAAA,EAAG;AACzB,IAAA,OAAOC,kBAAW,UAAU,CAAA;AAAA,EAC9B;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+BAAA,EAAiC,EAAE,YAAY,CAAA;AACxF;AAcA,IAAM,qBAAA,GAAwB,kBAAA;AAG9B,IAAM,eAAA,GAAkB,kBAAA;AAExB,IAAM,gCAAgB,IAAI,GAAA,CAAI,CAAC,IAAA,EAAM,KAAA,EAAO,KAAK,CAAC,CAAA;AAM3C,SAAS,gBAAgB,GAAA,EAAsB;AACpD,EAAA,OAAO,qBAAA,CAAsB,GAAG,CAAA,CAAE,KAAA;AACpC;AAUO,SAAS,sBAAsB,GAAA,EAAsC;AAC1E,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,IAAI,IAAA,EAAK,CAAE,WAAW,CAAA,EAAG;AACtD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,IAAA,EAAM,OAAO,gCAAA,EAAiC;AAAA,EAC/E;AAEA,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,EAAK;AACzB,EAAA,MAAM,MAAA,GAAS,iBAAiB,OAAO,CAAA;AAEvC,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,eAAe,OAAO,CAAA;AAAA,IAC/B,KAAK,KAAA;AACH,MAAA,OAAO,eAAe,OAAO,CAAA;AAAA,IAC/B;AACE,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,IAAA;AAAA,QACR,KAAA,EAAO,MAAA,GACH,CAAA,YAAA,EAAe,MAAM,CAAA,wCAAA,CAAA,GACrB;AAAA,OACN;AAAA;AAEN;AAaA,SAAS,eAAe,GAAA,EAAsC;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,uDAAA,EAA0D,KAAA,CAAM,MAAM,CAAA;AAAA,KAC/E;AAAA,EACF;AAEA,EAAA,MAAM,KAAK,SAAA,EAAW,OAAA,EAAS,OAAO,CAAA,GAAI,KAAA;AAE1C,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,mBAAA,EAAoB;AAAA,EACnE;AAEA,EAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,SAAS,CAAA,EAAG;AAC1C,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,6BAA6B,SAAS,CAAA,mDAAA;AAAA,KAC/C;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,8BAAA,EAA+B;AAAA,EAC9E;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,iBAAA,EAAkB;AAAA,EACjE;AAGA,EAAA,IAAI,cAAc,QAAA,EAAU;AAE1B,IAAA,IAAI,CAAC,OAAA,CAAQ,IAAA,CAAK,OAAO,CAAA,EAAG;AAC1B,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO,4BAA4B,OAAO,CAAA,mBAAA;AAAA,OAC5C;AAAA,IACF;AAGA,IAAA,IAAI,CAACD,gBAAA,CAAU,OAAO,CAAA,EAAG;AACvB,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO,wBAAwB,OAAO,CAAA,6BAAA;AAAA,OACxC;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,cAAc,QAAA,EAAU;AAE1B,IAAA,IAAI,CAAC,+BAAA,CAAgC,IAAA,CAAK,OAAO,CAAA,EAAG;AAClD,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO,2BAA2B,OAAO,CAAA,mCAAA;AAAA,OAC3C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAM;AACtC;AAYA,SAAS,eAAe,GAAA,EAAsC;AAC5D,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,uDAAA,EAA0D,KAAA,CAAM,MAAM,CAAA;AAAA,KAC/E;AAAA,EACF;AAEA,EAAA,MAAM,KAAK,OAAO,CAAA,GAAI,KAAA;AAEtB,EAAA,IAAI,CAAC,OAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,0CAAA,EAA2C;AAAA,EAC1F;AAEA,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,CAAK,OAAO,CAAA,EAAG;AAClC,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQJ,cAAAA,CAAU,MAAA,CAAO,OAAO,CAAA;AACtC,IAAA,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,KAAK,CAAA;AAAA,EAC1C,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,uCAAA,EAAwC;AAAA,EACvF;AAEA,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,sCAAA,EAAuC;AAAA,EACtF;AAEA,EAAA,IAAI,CAAC,OAAO,OAAO,GAAA,KAAQ,YAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACzD,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,OAAO,mCAAA,EAAoC;AAAA,EACnF;AAGA,EAAA,MAAM,MAAM,GAAA,CAAI,GAAA;AAChB,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,aAAA,CAAc,GAAA,CAAI,GAAG,CAAA,EAAG;AACtD,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO,CAAA,2DAAA;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,MAAM,aAAA,GAAgB,kBAAkB,GAAG,CAAA;AAC3C,EAAA,IAAI,CAAC,cAAc,KAAA,EAAO;AACxB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,KAAA,EAAO,KAAA,EAAO,cAAc,KAAA,EAAM;AAAA,EACnE;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,MAAA,EAAQ,KAAA,EAAM;AACtC;AAMO,SAAS,gBAAgB,KAAA,EAAoB;AAClD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,aAAa,CAAA;AAC1C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,UAAU,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,sBAAA,EAAwB,EAAE,OAAO,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,MAAA,GAAS,eAAe,OAAO,CAAA;AACrC,EAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,IAAA,MAAM,IAAI,cAAc,aAAA,EAAe,MAAA,CAAO,SAAS,iBAAA,EAAmB,EAAE,OAAO,CAAA;AAAA,EACrF;AAEA,EAAA,OAAO,OAAA;AACT;;;ACxeA,IAAM,aAAA,GAAgB,qBAAA;AAiBf,SAAS,YAAY,KAAA,EAA6B;AACvD,EAAA,YAAA,CAAa,KAAA,EAAO,SAAS,iBAAiB,CAAA;AAC9C,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAG3B,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAErC,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI,QAAA;AAEJ,EAAA,IAAI,cAAc,EAAA,EAAI;AACpB,IAAA,GAAA,GAAM,OAAA;AACN,IAAA,QAAA,GAAW,IAAA;AAAA,EACb,CAAA,MAAO;AACL,IAAA,GAAA,GAAM,OAAA,CAAQ,KAAA,CAAM,CAAA,EAAG,SAAS,CAAA;AAChC,IAAA,MAAM,WAAA,GAAc,OAAA,CAAQ,KAAA,CAAM,SAAA,GAAY,CAAC,CAAA;AAE/C,IAAA,IAAI,WAAA,CAAY,WAAW,CAAA,EAAG;AAC5B,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,iBAAA;AAAA,QACA,8DAAA;AAAA,QACA,EAAE,KAAA;AAAM,OACV;AAAA,IACF;AAEA,IAAA,QAAA,GAAW,WAAA;AAAA,EACb;AAGA,EAAA,IAAI,CAAC,aAAA,CAAc,IAAA,CAAK,GAAG,CAAA,EAAG;AAC5B,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,iBAAA;AAAA,MACA,gDAAA;AAAA,MACA,EAAE,OAAO,GAAA;AAAI,KACf;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,OAAA;AAAA,IACR,GAAA;AAAA,IACA;AAAA,GACF;AACF;AAMO,SAAS,SAAS,KAAA,EAAwB;AAC/C,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,EAAA,OAAO,OAAA,CAAQ,QAAA,CAAS,GAAG,CAAA,IAAK,aAAA,CAAc,IAAA,CAAK,OAAA,CAAQ,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAC1E;AAQO,SAAS,aAAA,CAAc,KAAA,EAAe,SAAA,GAAY,KAAA,EAAa;AACpE,EAAA,YAAA,CAAa,KAAA,EAAO,WAAW,aAAa,CAAA;AAC5C,EAAA,IAAI,QAAA,CAAS,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,iGAAA,CAAA;AAAA,MACA,EAAE,KAAA;AAAM,KACV;AAAA,EACF;AACF;;;AChGA,eAAsB,iBACpB,MAAA,EACkC;AAClC,EAAA,MAAM,aAAa,MAAA,CAAO,WAAA,EAAY,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AACzD,EAAA,MAAM,GAAA,GAAM,WAAW,UAAU,CAAA,qBAAA,CAAA;AAEjC,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,MAAM,MAAM,GAAA,EAAK,EAAE,SAAS,EAAE,MAAA,EAAQ,kBAAA,EAAmB,EAAG,CAAA;AAAA,EACzE,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,gCAAgC,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,EAC1F;AAEA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,2BAAA,EAA8B,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI;AAAA,MACxF,MAAA;AAAA,MACA,QAAQ,QAAA,CAAS;AAAA,KAClB,CAAA;AAAA,EACH;AAEA,EAAA,OAAQ,MAAM,SAAS,IAAA,EAAK;AAC9B;;;AC0BA,SAAS,sBAAA,CACP,WAAA,EACA,MAAA,EACA,QAAA,EAC2B;AAC3B,EAAA,MAAM,UAAU,WAAA,CAAY,kBAAA;AAC5B,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,EAAG;AAC3B,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,KAAA,MAAW,UAAU,OAAA,EAAiC;AACpD,IAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AAC3C,IAAA,MAAM,KAAK,MAAA,CAAO,EAAA;AAClB,IAAA,IAAI,OAAO,OAAO,QAAA,EAAU;AAG5B,IAAA,IAAI,EAAA,KAAO,QAAQ,OAAO,MAAA;AAG1B,IAAA,IAAI,QAAA,KAAa,EAAA,KAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,IAAM,GAAG,QAAA,CAAS,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE,CAAA,CAAA,EAAI;AACtE,MAAA,OAAO,MAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,SAAS,gCAAgC,WAAA,EAAgD;AACvF,EAAA,MAAM,UAAU,WAAA,CAAY,kBAAA;AAC5B,EAAA,IAAI,CAAC,KAAA,CAAM,OAAA,CAAQ,OAAO,CAAA,SAAU,EAAC;AACrC,EAAA,OAAQ,OAAA,CACL,MAAA,CAAO,CAAC,CAAA,KAAM,KAAK,OAAO,CAAA,CAAE,EAAA,KAAO,QAAQ,CAAA,CAC3C,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,EAAY,CAAA;AAC9B;AA0BA,eAAsB,wBAAA,CACpB,QACA,OAAA,EAC4B;AAC5B,EAAA,YAAA,CAAa,MAAA,EAAQ,UAAU,iBAAiB,CAAA;AAEhD,EAAA,MAAM,MAAA,GAAS,YAAY,MAAM,CAAA;AACjC,EAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,MAAA,CAAO,GAAG,CAAA;AAE1C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA,CAAc,iBAAA,EAAmB,wCAAA,EAA0C;AAAA,MACnF,MAAA;AAAA,MACA,KAAK,MAAA,CAAO;AAAA,KACb,CAAA;AAAA,EACH;AAEA,EAAA,QAAQ,MAAA;AAAQ,IACd,KAAK,KAAA;AACH,MAAA,OAAO,iBAAiB,MAAA,CAAO,MAAA,EAAQ,OAAO,GAAA,EAAK,MAAA,CAAO,UAAU,OAAO,CAAA;AAAA,IAC7E;AACE,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,wBAAA;AAAA,QACA,uDAAuD,MAAM,CAAA,CAAA,CAAA;AAAA,QAC7D,EAAE,QAAQ,MAAA;AAAO,OACnB;AAAA;AAEN;AAcA,eAAsB,4BAAA,CACpB,QACA,OAAA,EACgC;AAChC,EAAA,MAAM,QAAA,GAAW,MAAM,wBAAA,CAAyB,MAAA,EAAQ,OAAO,CAAA;AAC/D,EAAA,MAAM,aAAA,GAAgB,WAAA,CAAY,QAAA,CAAS,YAAY,CAAA;AAEvD,EAAA,OAAO;AAAA,IACL,GAAG,QAAA;AAAA,IACH;AAAA,GACF;AACF;AAMA,eAAe,gBAAA,CACb,MAAA,EACA,GAAA,EACA,QAAA,EACA,OAAA,EAC4B;AAC5B,EAAA,MAAM,MAAA,GAAS,oBAAoB,GAAG,CAAA;AACtC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA,CAAc,iBAAA,EAAmB,wCAAA,EAA0C;AAAA,MACnF,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,OAAA,GAAU,SAAS,gBAAA,IAAoB,gBAAA;AAC7C,EAAA,MAAM,WAAA,GAAc,MAAM,OAAA,CAAQ,MAAM,CAAA;AAGxC,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,WAAA,EAAa,MAAA,EAAQ,QAAQ,CAAA;AACnE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,uCAAA,EAA0C,QAAA,GAAW,CAAA,CAAA,EAAI,QAAQ,KAAK,MAAM,CAAA,CAAA,CAAA;AAAA,MAC5E,EAAE,MAAA,EAAQ,QAAA,EAAU,gBAAA,EAAkB,+BAAA,CAAgC,WAAW,CAAA;AAAE,KACrF;AAAA,EACF;AAGA,EAAA,MAAM,eAAe,MAAA,CAAO,YAAA;AAC5B,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,QAAA,EAAU;AACrD,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA,CAAA,qBAAA,EAAwB,OAAO,EAAE,CAAA,+BAAA,CAAA;AAAA,MACjC,EAAE,MAAA,EAAQ,oBAAA,EAAsB,MAAA,CAAO,EAAA;AAAG,KAC5C;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,kBAAkB,YAAY,CAAA;AACjD,EAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,qCAAA,EAAwC,MAAA,CAAO,EAAE,CAAA,cAAA,EAAiB,WAAW,KAAK,CAAA,CAAA;AAAA,MAClF,EAAE,MAAA,EAAQ,oBAAA,EAAsB,MAAA,CAAO,EAAA;AAAG,KAC5C;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,GAAA;AAAA,IACA,QAAA;AAAA,IACA,YAAA;AAAA,IACA,sBAAsB,MAAA,CAAO;AAAA,GAC/B;AACF;;;ACtNO,SAAS,kBAAA,CAAmB,GAAW,CAAA,EAAoB;AAEhE,EAAA,IAAI,WAAA,GAA6B,IAAA;AACjC,EAAA,IAAI,WAAA,GAA6B,IAAA;AAEjC,EAAA,IAAI;AACF,IAAA,WAAA,GAAc,aAAa,CAAC,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI;AACF,IAAA,WAAA,GAAc,aAAa,CAAC,CAAA;AAAA,EAC9B,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,WAAA,IAAe,WAAA,IAAe,WAAA,KAAgB,WAAA,EAAa;AAC7D,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,IAAA,GAAO,4BAA4B,CAAC,CAAA;AAC1C,EAAA,MAAM,IAAA,GAAO,4BAA4B,CAAC,CAAA;AAE1C,EAAA,IAAI,QAAQ,IAAA,IAAQ,IAAA,CAAK,aAAY,KAAM,IAAA,CAAK,aAAY,EAAG;AAC7D,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAClC,EAAA,MAAM,OAAA,GAAU,iBAAiB,CAAC,CAAA;AAElC,EAAA,IAAI,OAAA,KAAY,KAAA,IAAS,OAAA,KAAY,KAAA,EAAO;AAC1C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,YAAY,CAAC,CAAA;AAC1B,MAAA,MAAM,IAAA,GAAO,YAAY,CAAC,CAAA;AAC1B,MAAA,OAAO,eAAA,CAAgB,MAAM,IAAI,CAAA;AAAA,IACnC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,4BAA4B,aAAA,EAAsC;AAChF,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,iBAAiB,aAAa,CAAA;AAC7C,IAAA,IAAI,MAAA,KAAW,KAAA,IAAS,aAAA,CAAc,QAAA,CAAS,QAAQ,CAAA,EAAG;AACxD,MAAA,OAAO,sBAAsB,aAAa,CAAA;AAAA,IAC5C;AAAA,EACF,CAAA,CAAA,MAAQ;AAAA,EAER;AACA,EAAA,OAAO,IAAA;AACT;;;ACsFO,SAAS,6BACd,MAAA,EACuB;AACvB,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA;AAEvB,EAAA,MAAM,cAAc,OAAO,OAAA,CAAQ,WAAA,KAAgB,QAAA,GAAW,QAAQ,WAAA,GAAc,IAAA;AACpF,EAAA,MAAM,QAAA,GACJ,OAAO,OAAA,CAAQ,QAAA,KAAa,QAAA,GACxB,OAAA,CAAQ,QAAA,GACR,OAAO,OAAA,CAAQ,QAAA,KAAa,QAAA,GAC1B,OAAA,CAAQ,QAAA,GACR,IAAA;AAGR,EAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,WAAW,CAAA;AAC/B,MAAA,UAAA,GAAa,CAAA,QAAA,EAAW,IAAI,QAAQ,CAAA,CAAA;AAAA,IACtC,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAGA,EAAA,IAAI,kBAAkB,MAAA,EAAQ;AAE5B,IAAA,MAAM,SAAA,GAAY,MAAA;AAClB,IAAA,OAAO;AAAA,MACL,eAAe,SAAA,CAAU,YAAA;AAAA,MACzB,UAAA;AAAA,MACA,WAAA;AAAA,MACA,QAAA;AAAA,MACA,KAAK,SAAA,CAAU,GAAA;AAAA,MACf,cAAc,SAAA,CAAU,YAAA;AAAA,MACxB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAM,YAAA,GAAe,MAAA;AACrB,EAAA,MAAM,aAAA,GAAgB,YAAA,CAAa,MAAA,CAAO,WAAA,EAAY;AACtD,EAAA,OAAO;AAAA,IACL,aAAA,EAAe,oBAAoB,aAAa,CAAA,CAAA;AAAA,IAChD,UAAA;AAAA,IACA,WAAA;AAAA,IACA,QAAA;AAAA,IACA,GAAA,EAAK,IAAA;AAAA,IACL,YAAA,EAAc,IAAA;AAAA,IACd,QAAQ,YAAA,CAAa;AAAA,GACvB;AACF;ACxNA,IAAM,mCAAmB,IAAI,GAAA,CAAI,CAAC,WAAA,EAAa,QAAQ,CAAC,CAAA;AAGxD,IAAM,cAAA,GAAiB,EAAA;AAEvB,SAAS,gBAAA,CAAiB,OAAe,OAAA,EAAwB;AAC/D,EAAA,IAAI,QAAQ,cAAA,EAAgB;AAC1B,IAAA,MAAM,GAAA,GAAM,UACR,CAAA,sCAAA,EAAyC,cAAc,OAAO,OAAO,CAAA,CAAA,GACrE,yCAAyC,cAAc,CAAA,CAAA;AAC3D,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,GAAG,CAAA;AAAA,EAC9C;AACF;AAOO,SAAS,gBAAgB,KAAA,EAAwB;AACtD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,wBAAwB,CAAA;AAAA,EACnE;AAaA,EAAA,MAAM,aAAA,GAAgB,oBAAoB,KAAK,CAAA;AAC/C,EAAA,IAAI,aAAA,CAAc,SAAS,CAAA,EAAG;AAC5B,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA,qBAAqB,aAAA,CAAc,MAAA,GAAS,CAAA,GAAI,GAAA,GAAM,EAAE,CAAA,WAAA,EAAc,aAAA,CAAc,GAAA,CAAI,CAAA,CAAA,KAAK,IAAI,CAAC,CAAA,CAAA,CAAG,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,MACjH,EAAE,aAAA;AAAc,KAClB;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAAA,EACzB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,yBAAyB,CAAA;AAAA,EACpE;AACF;AAMA,SAAS,oBAAoB,KAAA,EAAyB;AACpD,EAAA,MAAM,aAAuB,EAAC;AAE9B,EAAA,MAAM,iBAAgC,EAAC;AACvC,EAAA,IAAI,QAAA,GAAW,KAAA;AACf,EAAA,IAAI,OAAA,GAAU,KAAA;AACd,EAAA,IAAI,UAAA,GAAa,EAAA;AACjB,EAAA,IAAI,aAAA,GAAgB,KAAA;AACpB,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,IAAI,CAAA,GAAI,CAAA;AAER,EAAA,OAAO,CAAA,GAAI,MAAM,MAAA,EAAQ;AACvB,IAAA,MAAM,EAAA,GAAK,MAAM,CAAC,CAAA;AAElB,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,IAAI,eAAe,UAAA,IAAc,EAAA;AACjC,MAAA,OAAA,GAAU,KAAA;AACV,MAAA,CAAA,EAAA;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,IAAA,EAAM;AACf,MAAA,OAAA,GAAU,IAAA;AACV,MAAA,IAAI,eAAe,UAAA,IAAc,EAAA;AACjC,MAAA,CAAA,EAAA;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,OAAO,GAAA,EAAK;AACd,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,QAAA,GAAW,IAAA;AAEX,QAAA,IAAI,cAAA,CAAe,MAAA,GAAS,CAAA,IAAK,CAAC,UAAA,EAAY;AAC5C,UAAA,aAAA,GAAgB,IAAA;AAChB,UAAA,UAAA,GAAa,EAAA;AAAA,QACf;AAAA,MACF,CAAA,MAAO;AACL,QAAA,QAAA,GAAW,KAAA;AACX,QAAA,IAAI,aAAA,EAAe;AACjB,UAAA,aAAA,GAAgB,KAAA;AAChB,UAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,CAAe,MAAA,GAAS,CAAC,CAAA;AACvD,UAAA,IAAI,MAAA,CAAO,GAAA,CAAI,UAAU,CAAA,EAAG;AAC1B,YAAA,IAAI,CAAC,UAAA,CAAW,QAAA,CAAS,UAAU,CAAA,EAAG;AACpC,cAAA,UAAA,CAAW,KAAK,UAAU,CAAA;AAAA,YAC5B;AAAA,UACF,CAAA,MAAO;AACL,YAAA,MAAA,CAAO,IAAI,UAAU,CAAA;AAAA,UACvB;AAAA,QACF;AAAA,MACF;AACA,MAAA,CAAA,EAAA;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,IAAI,eAAe,UAAA,IAAc,EAAA;AACjC,MAAA,CAAA,EAAA;AACA,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,OAAO,GAAA,EAAK;AACd,MAAA,cAAA,CAAe,IAAA,iBAAK,IAAI,GAAA,EAAK,CAAA;AAC7B,MAAA,gBAAA,CAAiB,eAAe,MAAM,CAAA;AACtC,MAAA,UAAA,GAAa,KAAA;AAAA,IACf,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AACrB,MAAA,cAAA,CAAe,GAAA,EAAI;AACnB,MAAA,UAAA,GAAa,eAAe,MAAA,GAAS,CAAA;AAAA,IACvC,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AAErB,MAAA,cAAA,CAAe,qBAAK,IAAI,GAAA,CAAI,CAAC,WAAW,CAAC,CAAC,CAAA;AAC1C,MAAA,gBAAA,CAAiB,eAAe,MAAM,CAAA;AACtC,MAAA,UAAA,GAAa,KAAA;AAAA,IACf,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AACrB,MAAA,cAAA,CAAe,GAAA,EAAI;AACnB,MAAA,UAAA,GAAa,eAAe,MAAA,GAAS,CAAA;AAAA,IACvC,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AACrB,MAAA,UAAA,GAAa,IAAA;AAAA,IACf,CAAA,MAAA,IAAW,OAAO,GAAA,EAAK;AACrB,MAAA,UAAA,GAAa,KAAA;AAAA,IACf;AAEA,IAAA,CAAA,EAAA;AAAA,EACF;AAEA,EAAA,OAAO,UAAA;AACT;AAOO,SAAS,cAAA,CAAe,KAAA,EAAgB,IAAA,GAAe,GAAA,EAAK,QAAgB,CAAA,EAAS;AAC1F,EAAA,gBAAA,CAAiB,OAAO,IAAI,CAAA;AAE5B,EAAA,IAAI,UAAU,MAAA,EAAW;AACvB,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,WAAA,CAAa,CAAA;AAAA,EACtF;AAEA,EAAA,IAAI,UAAU,IAAA,EAAM;AAEpB,EAAA,QAAQ,OAAO,KAAA;AAAO,IACpB,KAAK,QAAA;AAAA,IACL,KAAK,SAAA;AACH,MAAA;AAAA,IACF,KAAK,QAAA;AACH,MAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,0BAA0B,IAAI,CAAA,EAAA,EAAK,KAAK,CAAA,wBAAA,CAA0B,CAAA;AAAA,MAC7G;AACA,MAAA;AAAA,IACF,KAAK,QAAA;AACH,MAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,+BAAA,CAAiC,CAAA;AAAA,IAC1G,KAAK,UAAA;AACH,MAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,UAAA,CAAY,CAAA;AAAA,IACrF,KAAK,QAAA;AACH,MAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,QAAA,CAAU,CAAA;AAAA,IACnF,KAAK,QAAA;AACH,MAAA,IAAI,iBAAiB,IAAA,EAAM;AACzB,QAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,oCAAA,CAAsC,CAAA;AAAA,MAC/G;AACA,MAAA,IAAI,iBAAiB,MAAA,EAAQ;AAC3B,QAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,QAAA,CAAU,CAAA;AAAA,MACnF;AACA,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACxB,QAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,UAAA,cAAA,CAAe,KAAA,CAAM,CAAC,CAAA,EAAG,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,CAAC,CAAA,CAAA,CAAA,EAAK,KAAA,GAAQ,CAAC,CAAA;AAAA,QACrD;AACA,QAAA;AAAA,MACF;AAEA,MAAA,KAAA,MAAW,CAAC,GAAA,EAAK,GAAG,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9C,QAAA,cAAA,CAAe,KAAK,CAAA,EAAG,IAAI,IAAI,GAAG,CAAA,CAAA,EAAI,QAAQ,CAAC,CAAA;AAAA,MACjD;AACA,MAAA;AAAA,IACF;AACE,MAAA,MAAM,IAAI,cAAc,eAAA,EAAiB,CAAA,uBAAA,EAA0B,IAAI,CAAA,gBAAA,EAAmB,OAAO,KAAK,CAAA,CAAA,CAAG,CAAA;AAAA;AAE/G;AAEO,SAAS,iBAAiB,GAAA,EAAsB;AACrD,EAAA,cAAA,CAAe,GAAG,CAAA;AAClB,EAAA,MAAM,GAAA,GAAMM,8BAAa,GAAG,CAAA;AAC5B,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,gCAAA,EAAkC,EAAE,KAAK,CAAA;AAAA,EACpF;AACA,EAAA,OAAO,GAAA;AACT;AAMO,SAAS,yBAAyB,GAAA,EAA8C;AACrF,EAAA,MAAM,OAAA,GAAU,iBAAiB,GAAG,CAAA;AACpC,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,IAAA,EAAMJ,gBAAAA,CAAUC,kBAAAA,CAAY,OAAO,CAAC;AAAA,GACtC;AACF;AAGO,SAAS,oBAAoB,GAAA,EAA8C;AAChF,EAAA,OAAO,yBAAyB,GAAG,CAAA;AACrC;AAEO,SAAS,qBAAA,CAAsB,KAAc,SAAA,EAAwC;AAC1F,EAAA,IAAI,CAAC,gBAAA,CAAiB,GAAA,CAAI,SAAS,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,cAAc,eAAA,EAAiB,CAAA,6BAAA,EAAgC,SAAS,CAAA,mCAAA,CAAA,EAAuC,EAAE,WAAW,CAAA;AAAA,EACxI;AACA,EAAA,MAAM,GAAA,GAAM,iBAAiB,GAAG,CAAA;AAChC,EAAA,MAAM,KAAA,GAAQA,mBAAY,GAAG,CAAA;AAC7B,EAAA,OAAQ,cAAc,WAAA,GAAcD,gBAAAA,CAAU,KAAK,CAAA,GAAIK,cAAO,KAAK,CAAA;AACrE;AC7LA,IAAM,mBAAA,GAAsB,eAAA;AAM5B,IAAM,WAAA,GAAc,CAAA;AAGpB,IAAM,SAAA,GAAgBC,cAAA,CAAA,IAAA;AAGtB,IAAM,aAAA,GAAgB,EAAA;AAGtB,IAAM,sBAAA,GAAyB,EAAA;AAgB/B,eAAsB,qBAAqB,KAAA,EAAoC;AAC7E,EAAA,IAAI,EAAE,KAAA,YAAiB,UAAA,CAAA,IAAe,KAAA,CAAM,WAAW,CAAA,EAAG;AACxD,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,eAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,MAAA,GAAS,MAAMD,WAAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AACxC,EAAA,MAAME,KAAA,GAAMC,OAAA,CAAI,QAAA,CAAS,SAAA,EAAW,MAAM,CAAA;AAC1C,EAAA,OAAO,GAAG,mBAAmB,CAAA,EAAGD,KAAA,CAAI,QAAA,CAASE,aAAM,CAAC,CAAA,CAAA;AACtD;AAgBA,eAAsB,oBAAoB,KAAA,EAAiC;AAEzE,EAAA,MAAM,QAAQ,OAAO,KAAA,KAAU,QAAA,GAAW,eAAA,CAAgB,KAAK,CAAA,GAAI,KAAA;AAGnE,EAAA,MAAM,GAAA,GAAM,iBAAiB,KAAK,CAAA;AAClC,EAAA,MAAM,KAAA,GAAQ,IAAI,WAAA,EAAY,CAAE,OAAO,GAAG,CAAA;AAE1C,EAAA,MAAM,MAAA,GAAS,MAAMJ,WAAAA,CAAO,MAAA,CAAO,KAAK,CAAA;AACxC,EAAA,MAAME,KAAA,GAAMC,OAAA,CAAI,QAAA,CAAS,SAAA,EAAW,MAAM,CAAA;AAC1C,EAAA,OAAO,GAAG,mBAAmB,CAAA,EAAGD,KAAA,CAAI,QAAA,CAASE,aAAM,CAAC,CAAA,CAAA;AACtD;AAoBO,SAAS,iBAAiB,GAAA,EAAgC;AAC/D,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,GAAA,CAAI,UAAA,CAAW,mBAAmB,CAAA,EAAG;AACnE,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,6BAAA,EAA+B,EAAE,KAAK,CAAA;AAAA,EAC/E;AAEA,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,mBAAA,CAAoB,MAAM,CAAA;AACvD,EAAA,IAAI,CAAC,UAAA,IAAc,UAAA,CAAW,MAAA,KAAW,CAAA,EAAG;AAC1C,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,oCAAA,EAAsC,EAAE,KAAK,CAAA;AAAA,EACtF;AAGA,EAAA,IAAI,UAAA,CAAW,CAAC,CAAA,KAAM,GAAA,EAAK;AACzB,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,0BAAA,EAA6B,UAAA,CAAW,CAAC,CAAC,CAAA,6BAAA,CAAA;AAAA,MAC1C,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAIF,KAAA;AACJ,EAAA,IAAI;AACF,IAAAA,KAAA,GAAMC,OAAA,CAAI,KAAA,CAAM,UAAA,EAAYC,aAAM,CAAA;AAAA,EACpC,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,0DAAA;AAAA,MACA,EAAE,GAAA,EAAK,KAAA,EAAO,GAAA;AAAI,KACpB;AAAA,EACF;AAGA,EAAA,IAAIF,KAAA,CAAI,YAAY,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,2BAAA,EAA8BA,MAAI,OAAO,CAAA,CAAA;AAAA,MACzC,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAIA,KAAA,CAAI,SAAS,SAAA,EAAW;AAC1B,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,qCAAA,EAAwCA,KAAA,CAAI,IAAA,CAAK,QAAA,CAAS,EAAE,CAAC,CAAA,CAAA;AAAA,MAC7D,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAIA,KAAA,CAAI,SAAA,CAAU,IAAA,KAAS,aAAA,EAAe;AACxC,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,qDAAqDA,KAAA,CAAI,SAAA,CAAU,IAAA,CAAK,QAAA,CAAS,EAAE,CAAC,CAAA,CAAA;AAAA,MACpF,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAIA,KAAA,CAAI,SAAA,CAAU,MAAA,CAAO,MAAA,KAAW,sBAAA,EAAwB;AAC1D,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,CAAA,qCAAA,EAAwCA,KAAA,CAAI,SAAA,CAAU,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,MACnE,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAEA,EAAA,MAAM,MAAA,GAASA,MAAI,SAAA,CAAU,MAAA;AAC7B,EAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,CAChC,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAEV,EAAA,OAAO,EAAE,GAAA,EAAK,UAAA,EAAY,MAAA,EAAQ,SAAA,EAAU;AAC9C;AA+BA,eAAsB,iBAAA,CACpB,KACA,OAAA,EACqC;AAErC,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,iBAAiB,GAAG,CAAA;AAAA,EAC/B,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,GAAA,YAAe,aAAA,GAAgB,GAAA,CAAI,OAAA,GAAU;AAAA,KACvD;AAAA,EACF;AAEA,EAAA,MAAM,cAAc,MAAA,CAAO,SAAA;AAG3B,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAa,OAAO,OAAA,KAAY,YAAY,OAAA,KAAY,IAAA,IAAQ,EAAE,OAAA,YAAmB,UAAA,CAAA,EAAc;AACxH,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,OAAO,OAAA,KAAY,QAAA,GAAW,eAAA,CAAgB,OAAO,CAAA,GAAI,OAAA;AACvE,MAAA,MAAM,GAAA,GAAM,iBAAiB,KAAK,CAAA;AAClC,MAAA,MAAM,QAAA,GAAW,IAAI,WAAA,EAAY,CAAE,OAAO,GAAG,CAAA;AAC7C,MAAA,MAAMG,OAAAA,GAAS,MAAML,WAAAA,CAAO,MAAA,CAAO,QAAQ,CAAA;AAC3C,MAAA,MAAMM,aAAY,KAAA,CAAM,IAAA,CAAKD,QAAO,MAAM,CAAA,CACvC,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAEV,MAAA,IAAIC,eAAc,WAAA,EAAa;AAC7B,QAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,MAAA,EAAO;AAAA,MAC1C;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAGA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI,mBAAmB,UAAA,EAAY;AACjC,IAAA,QAAA,GAAW,OAAA;AAAA,EACb,CAAA,MAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AACtC,IAAA,QAAA,GAAW,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO,CAAA;AAAA,EAC7C,CAAA,MAAO;AAEL,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,MAAA,GAAS,MAAMN,WAAAA,CAAO,MAAA,CAAO,QAAQ,CAAA;AAC3C,EAAA,MAAM,YAAY,KAAA,CAAM,IAAA,CAAK,OAAO,MAAM,CAAA,CACvC,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAEV,EAAA,IAAI,cAAc,WAAA,EAAa;AAC7B,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,QAAA,EAAS;AAAA,EAC5C;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACF;AC5QO,SAAS,gBAAgB,GAAA,EAAqB;AACnD,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,GAAA,CAAI,UAAA,CAAW,WAAW,CAAA,EAAG;AAC3D,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,yBAAA,EAA2B,EAAE,KAAK,CAAA;AAAA,EAC3E;AAEA,EAAA,MAAM,SAAA,GAAY,GAAA,CAAI,KAAA,CAAM,WAAA,CAAY,MAAM,CAAA;AAC9C,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,oCAAA,EAAsC,EAAE,KAAK,CAAA;AAAA,EACtF;AAEA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI,OAAA;AAIJ,EAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,KAAA,CAAM,GAAG,CAAA;AACjC,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AAEtB,IAAA,OAAA,GAAU,GAAA;AACV,IAAA,OAAA,GAAU,MAAM,CAAC,CAAA;AAAA,EACnB,CAAA,MAAA,IAAW,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG;AAE7B,IAAA,MAAM,UAAA,GAAa,MAAM,CAAC,CAAA;AAC1B,IAAA,OAAA,GAAU,MAAM,CAAC,CAAA;AAGjB,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,IAAI,CAAA,EAAG;AAC/B,MAAA,OAAA,GAAU,MAAA,CAAO,QAAA,CAAS,UAAA,EAAY,EAAE,CAAC,CAAA;AAAA,IAC3C,CAAA,MAAA,IAAW,OAAA,CAAQ,IAAA,CAAK,UAAU,CAAA,EAAG;AACnC,MAAA,OAAA,GAAU,UAAA;AAAA,IACZ,CAAA,MAAO;AAEL,MAAA,MAAM,UAAA,GAAqC;AAAA,QACzC,OAAA,EAAS,GAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,OAAA,EAAS,UAAA;AAAA,QACT,OAAA,EAAS,KAAA;AAAA,QACT,QAAA,EAAU,OAAA;AAAA,QACV,QAAA,EAAU,IAAA;AAAA,QACV,IAAA,EAAM;AAAA,OACR;AACA,MAAA,MAAM,MAAA,GAAS,UAAA,CAAW,UAAA,CAAW,WAAA,EAAa,CAAA;AAClD,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAI,aAAA;AAAA,UACR,aAAA;AAAA,UACA,6BAA6B,UAAU,CAAA,CAAA,CAAA;AAAA,UACvC,EAAE,GAAA,EAAK,OAAA,EAAS,UAAA;AAAW,SAC7B;AAAA,MACF;AACA,MAAA,OAAA,GAAU,MAAA;AAAA,IACZ;AAAA,EACF,CAAA,MAAO;AACL,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,yBAAA,EAA2B,EAAE,KAAK,CAAA;AAAA,EAC3E;AAEA,EAAA,IAAI,CAACH,gBAAAA,CAAU,OAAO,CAAA,EAAG;AACvB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,0CAAA,EAA4C;AAAA,MACjF,GAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAA,GAAcC,kBAAW,OAAO,CAAA;AACtC,EAAA,OAAO,CAAA,eAAA,EAAkB,OAAO,CAAA,CAAA,EAAI,WAAA,CAAY,aAAa,CAAA,CAAA;AAC/D;AAUA,IAAM,oBAAA,GAAyF;AAAA;AAAA,EAE7F,GAAA,EAAM,EAAE,GAAA,EAAK,KAAA,EAAO,KAAK,SAAA,EAAU;AAAA;AAAA,EAEnC,GAAA,EAAM,EAAE,GAAA,EAAK,KAAA,EAAO,KAAK,QAAA,EAAS;AAAA;AAAA,EAElC,KAAM,EAAE,GAAA,EAAK,MAAM,GAAA,EAAK,WAAA,EAAa,WAAW,EAAA,EAAG;AAAA;AAAA,EAEnD,MAAQ,EAAE,GAAA,EAAK,MAAM,GAAA,EAAK,OAAA,EAAS,WAAW,EAAA,EAAG;AAAA;AAAA,EAEjD,MAAQ,EAAE,GAAA,EAAK,MAAM,GAAA,EAAK,OAAA,EAAS,WAAW,EAAA;AAChD,CAAA;AAMA,SAAS,UAAA,CAAW,OAAmB,MAAA,EAAsD;AAC3F,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,IAAI,SAAA,GAAY,CAAA;AAEhB,EAAA,OAAO,MAAA,GAAS,SAAA,GAAY,KAAA,CAAM,MAAA,EAAQ;AACxC,IAAA,MAAM,IAAA,GAAO,KAAA,CAAM,MAAA,GAAS,SAAS,CAAA;AACrC,IAAA,KAAA,IAAA,CAAU,OAAO,GAAA,KAAS,KAAA;AAC1B,IAAA,SAAA,EAAA;AACA,IAAA,IAAA,CAAK,IAAA,GAAO,SAAU,CAAA,EAAG;AACvB,MAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAAA,IAC5B;AACA,IAAA,KAAA,IAAS,CAAA;AACT,IAAA,IAAI,QAAQ,EAAA,EAAI;AACd,MAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,8CAA8C,CAAA;AAAA,IACvF;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,+CAA+C,CAAA;AACxF;AAQA,SAAS,eAAA,CACP,eACA,GAAA,EACkC;AAqBlC,EAAA,MAAM,IAAI,aAAA;AAAA,IACR,sBAAA;AAAA,IACA,qCAAqC,GAAG,CAAA,mIAAA,CAAA;AAAA,IAGxC,EAAE,GAAA,EAAK,SAAA,EAAW,aAAA,CAAc,MAAA;AAAO,GACzC;AACF;AAqBO,SAAS,eAAe,GAAA,EAAqB;AAClD,EAAA,IAAI,OAAO,GAAA,KAAQ,QAAA,IAAY,CAAC,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAC1D,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,wBAAA,EAA0B,EAAE,KAAK,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,UAAA,GAAa,GAAA,CAAI,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAC9C,EAAA,IAAI,CAAC,UAAA,IAAc,CAAC,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,EAAG;AAC9C,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,qEAAA;AAAA,MACA,EAAE,GAAA;AAAI,KACR;AAAA,EACF;AAGA,EAAA,IAAI,OAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,GAAUS,gBAAA,CAAU,OAAO,UAAU,CAAA;AAAA,EACvC,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,aAAA;AAAA,MACA,oDAAA;AAAA,MACA,EAAE,GAAA,EAAK,KAAA,EAAO,GAAA;AAAI,KACpB;AAAA,EACF;AAEA,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,IAAA,MAAM,IAAI,aAAA,CAAc,aAAA,EAAe,iCAAA,EAAmC,EAAE,KAAK,CAAA;AAAA,EACnF;AAGA,EAAA,MAAM,EAAE,KAAA,EAAO,UAAA,EAAY,WAAU,GAAI,UAAA,CAAW,SAAS,CAAC,CAAA;AAE9D,EAAA,MAAM,OAAA,GAAU,qBAAqB,UAAU,CAAA;AAC/C,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,aAAA;AAAA,MACR,sBAAA;AAAA,MACA,CAAA,kCAAA,EAAqC,UAAA,CAAW,QAAA,CAAS,EAAE,CAAC,CAAA,WAAA,CAAA;AAAA,MAC5D,EAAE,KAAK,KAAA,EAAO,CAAA,EAAA,EAAK,WAAW,QAAA,CAAS,EAAE,CAAC,CAAA,CAAA;AAAG,KAC/C;AAAA,EACF;AAGA,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,KAAA,CAAM,SAAS,CAAA;AAExC,EAAA,IAAI,OAAA,CAAQ,QAAQ,KAAA,EAAO;AAEzB,IAAA,IAAI,QAAA,CAAS,WAAW,EAAA,EAAI;AAC1B,MAAA,MAAM,IAAI,aAAA;AAAA,QACR,aAAA;AAAA,QACA,CAAA,iBAAA,EAAoB,OAAA,CAAQ,GAAG,CAAA,UAAA,EAAa,SAAS,MAAM,CAAA,MAAA,CAAA;AAAA,QAC3D,EAAE,GAAA,EAAK,GAAA,EAAK,OAAA,CAAQ,GAAA;AAAI,OAC1B;AAAA,IACF;AAEA,IAAA,MAAM,GAAA,GAAM;AAAA,MACV,KAAK,OAAA,CAAQ,GAAA;AAAA,MACb,KAAK,OAAA,CAAQ,GAAA;AAAA,MACb,CAAA,EAAGd,cAAAA,CAAU,MAAA,CAAO,QAAQ;AAAA,KAC9B;AAEA,IAAA,OAAO,YAAY,GAAG,CAAA;AAAA,EACxB;AAGA,EAAA,OAAO,gBAAgB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA,CAAE,EAAE,QAAA,EAAS;AAC3D","file":"index.cjs","sourcesContent":["export class OmaTrustError extends Error {\n code: string;\n details?: unknown;\n\n constructor(code: string, message: string, details?: unknown) {\n super(message);\n this.name = \"OmaTrustError\";\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toOmaTrustError(\n code: string,\n message: string,\n details?: unknown\n): OmaTrustError {\n return new OmaTrustError(code, message, details);\n}\n","import { OmaTrustError } from \"./errors\";\n\nexport function assertString(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is string {\n if (typeof value !== \"string\" || value.trim().length === 0) {\n throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });\n }\n}\n\nexport function assertNumber(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is number {\n if (typeof value !== \"number\" || Number.isNaN(value)) {\n throw new OmaTrustError(code, `${name} must be a valid number`, { value });\n }\n}\n\nexport function assertObject(value: unknown, name: string, code = \"INVALID_INPUT\"): asserts value is Record<string, unknown> {\n if (!value || typeof value !== \"object\" || Array.isArray(value)) {\n throw new OmaTrustError(code, `${name} must be an object`, { value });\n }\n}\n\nexport function asError(err: unknown): Error {\n if (err instanceof Error) {\n return err;\n }\n return new Error(String(err));\n}\n","import { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\n\nexport type Caip10 = string;\n\nexport type ParsedCaip10 = {\n namespace: string;\n reference: string;\n address: string;\n};\n\nexport type ParsedCaip2 = {\n namespace: string;\n reference: string;\n};\n\nconst CAIP_10_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+):(?<address>.+)$/;\nconst CAIP_2_REGEX = /^(?<namespace>[a-z0-9-]+):(?<reference>[a-zA-Z0-9-]+)$/;\n\nexport function parseCaip10(input: string): ParsedCaip10 {\n assertString(input, \"input\", \"INVALID_CAIP\");\n const trimmed = input.trim();\n const match = trimmed.match(CAIP_10_REGEX);\n if (!match?.groups) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-10 format\", { input });\n }\n\n const namespace = match.groups.namespace;\n const reference = match.groups.reference;\n const address = match.groups.address;\n\n if (!namespace || !reference || !address) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-10 components\", { input });\n }\n\n return { namespace, reference, address };\n}\n\nexport function buildCaip10(namespace: string, reference: string, address: string): Caip10 {\n assertString(namespace, \"namespace\", \"INVALID_CAIP\");\n assertString(reference, \"reference\", \"INVALID_CAIP\");\n assertString(address, \"address\", \"INVALID_CAIP\");\n return `${namespace}:${reference}:${address}`;\n}\n\nexport function normalizeCaip10(input: string): Caip10 {\n const parsed = parseCaip10(input);\n const namespace = parsed.namespace.toLowerCase();\n const reference = parsed.reference;\n\n let address = parsed.address;\n if (namespace === \"eip155\") {\n address = address.toLowerCase();\n }\n\n return buildCaip10(namespace, reference, address);\n}\n\nexport function buildCaip2(namespace: string, reference: string): string {\n assertString(namespace, \"namespace\", \"INVALID_CAIP\");\n assertString(reference, \"reference\", \"INVALID_CAIP\");\n return `${namespace}:${reference}`;\n}\n\nexport function parseCaip2(caip2: string): ParsedCaip2 {\n assertString(caip2, \"caip2\", \"INVALID_CAIP\");\n const trimmed = caip2.trim();\n const match = trimmed.match(CAIP_2_REGEX);\n if (!match?.groups) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-2 format\", { caip2 });\n }\n\n const namespace = match.groups.namespace;\n const reference = match.groups.reference;\n if (!namespace || !reference) {\n throw new OmaTrustError(\"INVALID_CAIP\", \"Invalid CAIP-2 components\", { caip2 });\n }\n\n return { namespace, reference };\n}\n","/**\n * JWK and did:jwk Helpers — Phase 2\n *\n * Provides conversion between public JWKs and did:jwk DIDs,\n * deterministic JWK comparison, and public JWK validation.\n *\n * did:jwk is the preferred durable DID representation for JWS/JWK public key\n * material. It is immutable (the DID IS the key) and should be used as the\n * controllerDid for authorization checks.\n *\n * Uses the `jose` library for base64url encoding/decoding and JWK thumbprints.\n */\n\nimport { base64url, calculateJwkThumbprint } from \"jose\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertObject } from \"../shared/assert\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Minimal public JWK structure */\nexport interface PublicJwk {\n kty: string;\n [key: string]: unknown;\n}\n\n/** Result of JWK validation */\nexport interface JwkValidationResult {\n valid: boolean;\n error?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst VALID_KTY = new Set([\"EC\", \"OKP\", \"RSA\"]);\n\n/** Private key fields that must not appear in a public JWK */\nconst PRIVATE_KEY_FIELDS = new Set([\"d\", \"p\", \"q\", \"dp\", \"dq\", \"qi\", \"oth\"]);\n\n/**\n * Required public key fields per key type.\n * Used for structural validation.\n */\nconst REQUIRED_PUBLIC_FIELDS: Record<string, string[]> = {\n EC: [\"crv\", \"x\", \"y\"],\n OKP: [\"crv\", \"x\"],\n RSA: [\"n\", \"e\"],\n};\n\n// ---------------------------------------------------------------------------\n// Public JWK Validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that a JWK object is a well-formed public key.\n *\n * Requirements:\n * - Must be a non-null object\n * - Must have a valid `kty` (EC, OKP, RSA)\n * - Must have required public key fields for its key type\n * - Must NOT contain private key material (d, p, q, dp, dq, qi, oth)\n */\nexport function validatePublicJwk(jwk: unknown): JwkValidationResult {\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n return { valid: false, error: \"JWK must be a non-null object\" };\n }\n\n const obj = jwk as Record<string, unknown>;\n\n // Check kty\n const kty = obj.kty;\n if (typeof kty !== \"string\" || !VALID_KTY.has(kty)) {\n return {\n valid: false,\n error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(\", \")})`,\n };\n }\n\n // Reject private key material\n for (const field of PRIVATE_KEY_FIELDS) {\n if (field in obj) {\n return {\n valid: false,\n error: `JWK contains private key field \"${field}\" — only public keys are allowed`,\n };\n }\n }\n\n // Check required public fields\n const required = REQUIRED_PUBLIC_FIELDS[kty];\n if (required) {\n for (const field of required) {\n if (!(field in obj) || obj[field] === undefined || obj[field] === null || obj[field] === \"\") {\n return {\n valid: false,\n error: `Missing required public key field \"${field}\" for kty=\"${kty}\"`,\n };\n }\n }\n }\n\n return { valid: true };\n}\n\n// ---------------------------------------------------------------------------\n// did:jwk Conversion\n// ---------------------------------------------------------------------------\n\n/**\n * Deterministic JSON serialization for JWK.\n * Keys are sorted alphabetically to ensure canonical encoding.\n */\nfunction canonicalizeJwkJson(jwk: Record<string, unknown>): string {\n const sorted = Object.keys(jwk).sort();\n const obj: Record<string, unknown> = {};\n for (const key of sorted) {\n obj[key] = jwk[key];\n }\n return JSON.stringify(obj);\n}\n\n/**\n * Convert a public JWK to a did:jwk DID.\n *\n * Uses deterministic (sorted-key) JSON serialization and base64url encoding.\n * Rejects JWKs containing private key material.\n *\n * @param jwk - A public JWK object\n * @returns The did:jwk DID string\n * @throws OmaTrustError if the JWK is invalid or contains private key material\n */\nexport function jwkToDidJwk(jwk: unknown): string {\n assertObject(jwk, \"jwk\", \"INVALID_JWK\");\n\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_JWK\", validation.error ?? \"Invalid public JWK\", { jwk });\n }\n\n const canonical = canonicalizeJwkJson(jwk as Record<string, unknown>);\n const encoded = base64url.encode(new TextEncoder().encode(canonical));\n return `did:jwk:${encoded}`;\n}\n\n/**\n * Convert a did:jwk DID back to a public JWK object.\n *\n * Validates the DID structure, decodes the base64url payload,\n * parses JSON, and validates the resulting JWK.\n *\n * @param didJwk - A did:jwk DID string\n * @returns The decoded public JWK object\n * @throws OmaTrustError if the DID is malformed or contains private key material\n */\nexport function didJwkToJwk(didJwk: string): PublicJwk {\n if (typeof didJwk !== \"string\" || !didJwk.startsWith(\"did:jwk:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected a did:jwk DID\", { input: didJwk });\n }\n\n const parts = didJwk.split(\":\");\n if (parts.length !== 3) {\n throw new OmaTrustError(\"INVALID_DID\", \"did:jwk must have exactly 3 colon-separated parts\", {\n input: didJwk,\n });\n }\n\n const encoded = parts[2];\n if (!encoded || encoded.length === 0) {\n throw new OmaTrustError(\"INVALID_DID\", \"Missing base64url-encoded JWK identifier\", {\n input: didJwk,\n });\n }\n\n // Decode using jose base64url\n let decoded: string;\n try {\n const bytes = base64url.decode(encoded);\n decoded = new TextDecoder().decode(bytes);\n } catch {\n throw new OmaTrustError(\"INVALID_DID\", \"Failed to base64url-decode did:jwk identifier\", {\n input: didJwk,\n });\n }\n\n let jwk: Record<string, unknown>;\n try {\n jwk = JSON.parse(decoded);\n } catch {\n throw new OmaTrustError(\"INVALID_DID\", \"Decoded did:jwk identifier is not valid JSON\", {\n input: didJwk,\n });\n }\n\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Decoded did:jwk must be a JSON object\", {\n input: didJwk,\n });\n }\n\n // Validate as public JWK\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_DID\", validation.error ?? \"Invalid public JWK in did:jwk\", {\n input: didJwk,\n });\n }\n\n return jwk as PublicJwk;\n}\n\n// ---------------------------------------------------------------------------\n// Public JWK Comparison\n// ---------------------------------------------------------------------------\n\n/**\n * Extract only the public key fields from a JWK for comparison purposes.\n * Strips private fields and non-key metadata (kid, use, key_ops, alg, ext).\n */\nfunction extractPublicKeyFields(jwk: Record<string, unknown>): Record<string, unknown> {\n const result: Record<string, unknown> = {};\n const metadataFields = new Set([\"kid\", \"use\", \"key_ops\", \"alg\", \"ext\"]);\n\n for (const [key, value] of Object.entries(jwk)) {\n if (PRIVATE_KEY_FIELDS.has(key)) continue;\n if (metadataFields.has(key)) continue;\n result[key] = value;\n }\n\n return result;\n}\n\n/**\n * Compare two public JWKs for equality.\n *\n * Compares only the public key material fields (kty, crv, x, y, n, e, etc.).\n * Ignores property order, metadata fields (kid, use, alg, key_ops, ext),\n * and rejects/strips private key fields before comparison.\n *\n * @param a - First public JWK\n * @param b - Second public JWK\n * @returns true if both JWKs represent the same public key\n * @throws OmaTrustError if either JWK contains private key material\n */\nexport function publicJwkEquals(a: unknown, b: unknown): boolean {\n assertObject(a, \"a\", \"INVALID_JWK\");\n assertObject(b, \"b\", \"INVALID_JWK\");\n\n const aObj = a as Record<string, unknown>;\n const bObj = b as Record<string, unknown>;\n\n // Reject if either contains private key material\n for (const field of PRIVATE_KEY_FIELDS) {\n if (field in aObj) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `First JWK contains private key field \"${field}\"`,\n { field }\n );\n }\n if (field in bObj) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `Second JWK contains private key field \"${field}\"`,\n { field }\n );\n }\n }\n\n const aPublic = extractPublicKeyFields(aObj);\n const bPublic = extractPublicKeyFields(bObj);\n\n // Compare via canonical JSON\n return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);\n}\n\n\n// ---------------------------------------------------------------------------\n// JWK Thumbprint (RFC 7638)\n// ---------------------------------------------------------------------------\n\n/**\n * Compute an RFC 7638 JWK Thumbprint for a public JWK.\n *\n * Returns the base64url-encoded SHA-256 thumbprint. This is a compact,\n * deterministic fingerprint of the public key material.\n *\n * Used in OMATrust DNS TXT records as: `jkt=S256:<thumbprint>`\n *\n * @param jwk - A public JWK object\n * @param digestAlgorithm - Hash algorithm (default: \"sha256\")\n * @returns base64url-encoded thumbprint string\n * @throws OmaTrustError if the JWK is invalid or contains private key material\n */\nexport async function computeJwkThumbprint(\n jwk: unknown,\n digestAlgorithm: \"sha256\" | \"sha384\" | \"sha512\" = \"sha256\"\n): Promise<string> {\n assertObject(jwk, \"jwk\", \"INVALID_JWK\");\n\n const validation = validatePublicJwk(jwk);\n if (!validation.valid) {\n throw new OmaTrustError(\"INVALID_JWK\", validation.error ?? \"Invalid public JWK\", { jwk });\n }\n\n // jose's calculateJwkThumbprint expects a JWK-like object and a digest algorithm\n const alg = digestAlgorithm === \"sha256\" ? \"sha256\"\n : digestAlgorithm === \"sha384\" ? \"sha384\"\n : \"sha512\";\n\n return calculateJwkThumbprint(jwk as Parameters<typeof calculateJwkThumbprint>[0], alg);\n}\n\n/**\n * Format a JWK thumbprint as an OMATrust DNS TXT `jkt` value.\n *\n * Format: `jkt=S256:<base64url-thumbprint>`\n *\n * @param jwk - A public JWK object\n * @returns Formatted jkt string for DNS TXT records\n */\nexport async function formatJktValue(jwk: unknown): Promise<string> {\n const thumbprint = await computeJwkThumbprint(jwk, \"sha256\");\n return `jkt=S256:${thumbprint}`;\n}\n","import { getAddress, isAddress, keccak256, toUtf8Bytes } from \"ethers\";\nimport { base64url } from \"jose\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\nimport { parseCaip10 } from \"./caip\";\nimport { validatePublicJwk } from \"./jwk\";\n\nexport type Hex = `0x${string}`;\nexport type Did = string;\n\nconst DID_REGEX = /^did:[a-z0-9]+:.+$/i;\n\nexport function isValidDid(did: string): boolean {\n return DID_REGEX.test(did);\n}\n\nexport function extractDidMethod(did: Did): string | null {\n const match = did.match(/^did:([a-z0-9]+):/i);\n return match ? match[1] : null;\n}\n\nexport function extractDidIdentifier(did: Did): string | null {\n const match = did.match(/^did:[a-z0-9]+:(.+)$/i);\n return match ? match[1] : null;\n}\n\nexport function normalizeDomain(domain: string): string {\n assertString(domain, \"domain\", \"INVALID_DID\");\n return domain.trim().toLowerCase().replace(/\\.$/, \"\").replace(/^www\\./, \"\");\n}\n\nexport function normalizeDidWeb(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n\n if (trimmed.startsWith(\"did:\") && !trimmed.startsWith(\"did:web:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:web DID\", { input });\n }\n\n const identifier = trimmed.startsWith(\"did:web:\")\n ? trimmed.slice(\"did:web:\".length)\n : trimmed;\n\n const [host, ...pathParts] = identifier.split(\"/\");\n if (!host) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:web identifier\", { input });\n }\n\n const normalizedHost = normalizeDomain(host);\n const path = pathParts.length > 0 ? `/${pathParts.join(\"/\")}` : \"\";\n return `did:web:${normalizedHost}${path}`;\n}\n\nexport function normalizeDidPkh(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:pkh:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:pkh DID\", { input });\n }\n\n const parts = trimmed.split(\":\");\n if (parts.length !== 5) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh format\", { input });\n }\n\n const [, , namespace, chainId, address] = parts;\n if (!namespace || !chainId || !address) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh components\", { input });\n }\n\n return `did:pkh:${namespace.toLowerCase()}:${chainId}:${address.toLowerCase()}`;\n}\n\nexport function normalizeDidHandle(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:handle:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:handle DID\", { input });\n }\n\n const parts = trimmed.split(\":\");\n if (parts.length !== 4) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:handle format\", { input });\n }\n\n const [, , platform, username] = parts;\n if (!platform || !username) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:handle components\", { input });\n }\n\n return `did:handle:${platform.toLowerCase()}:${username}`;\n}\n\nexport function normalizeDidKey(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:key:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:key DID\", { input });\n }\n\n return trimmed;\n}\n\nexport function normalizeDid(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n // Strip DID URL fragment (#...) — fragments are not part of the DID itself (W3C DID Core §3.5)\n const trimmed = input.trim().split(\"#\")[0];\n\n if (!trimmed.startsWith(\"did:\")) {\n return normalizeDidWeb(trimmed);\n }\n\n if (!isValidDid(trimmed)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid DID format\", { input });\n }\n\n const method = extractDidMethod(trimmed);\n switch (method) {\n case \"web\":\n return normalizeDidWeb(trimmed);\n case \"pkh\":\n return normalizeDidPkh(trimmed);\n case \"handle\":\n return normalizeDidHandle(trimmed);\n case \"key\":\n return normalizeDidKey(trimmed);\n case \"jwk\":\n return normalizeDidJwk(trimmed);\n default:\n return trimmed;\n }\n}\n\nexport function computeDidHash(did: Did): Hex {\n const normalized = normalizeDid(did);\n return keccak256(toUtf8Bytes(normalized)) as Hex;\n}\n\nexport function computeDidAddress(didHash: Hex): Hex {\n assertString(didHash, \"didHash\", \"INVALID_DID\");\n if (!/^0x[0-9a-fA-F]{64}$/.test(didHash)) {\n throw new OmaTrustError(\"INVALID_DID\", \"didHash must be 32-byte hex\", { didHash });\n }\n\n // Spec: low-order 160 bits of didHash, serialized as lowercase 0x-hex.\n return `0x${didHash.slice(-40).toLowerCase()}` as Hex;\n}\n\nexport function didToAddress(did: Did): Hex {\n return computeDidAddress(computeDidHash(did));\n}\n\nexport function validateDidAddress(did: Did, address: Hex): boolean {\n try {\n return didToAddress(did).toLowerCase() === String(address).toLowerCase();\n } catch {\n return false;\n }\n}\n\nexport function buildDidWeb(domain: string): Did {\n return `did:web:${normalizeDomain(domain)}`;\n}\n\nexport function buildDidPkh(\n namespace: string,\n chainId: string | number,\n address: string\n): Did {\n assertString(namespace, \"namespace\", \"INVALID_DID\");\n assertString(address, \"address\", \"INVALID_DID\");\n if (chainId === \"\" || chainId === null || chainId === undefined) {\n throw new OmaTrustError(\"INVALID_DID\", \"chainId is required\", { chainId });\n }\n return `did:pkh:${namespace.toLowerCase()}:${chainId}:${address.toLowerCase()}`;\n}\n\nexport function buildEvmDidPkh(chainId: string | number, address: string): Did {\n return buildDidPkh(\"eip155\", chainId, address);\n}\n\nexport function buildDidPkhFromCaip10(caip10: string): Did {\n const parsed = parseCaip10(caip10);\n return buildDidPkh(parsed.namespace, parsed.reference, parsed.address);\n}\n\nfunction parseDidPkh(did: Did): { namespace: string; chainId: string; address: string } | null {\n if (!did.startsWith(\"did:pkh:\")) {\n return null;\n }\n\n const parts = did.split(\":\");\n if (parts.length !== 5) {\n return null;\n }\n\n const [, , namespace, chainId, address] = parts;\n if (!namespace || !chainId || !address) {\n return null;\n }\n\n return { namespace, chainId, address };\n}\n\nexport function getChainIdFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.chainId ?? null;\n}\n\nexport function getAddressFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.address ?? null;\n}\n\nexport function getNamespaceFromDidPkh(did: Did): string | null {\n return parseDidPkh(did)?.namespace ?? null;\n}\n\nexport function isEvmDidPkh(did: Did): boolean {\n return getNamespaceFromDidPkh(did) === \"eip155\";\n}\n\nexport function getDomainFromDidWeb(did: Did): string | null {\n if (!did.startsWith(\"did:web:\")) {\n return null;\n }\n\n const identifier = did.slice(\"did:web:\".length);\n const [domain] = identifier.split(\"/\");\n return domain || null;\n}\n\n/**\n * Extract an EVM address from a DID or address-like identifier.\n *\n * Supports:\n * - did:pkh (extracts the address portion — currently EVM only)\n * - did:ethr (extracts the Ethereum address)\n * - CAIP-10 format (e.g. eip155:1:0xABC)\n * - Raw EVM addresses (0x + 40 hex chars)\n *\n * NOTE: This function is EVM-specific. It does not support non-EVM chains\n * (e.g. Solana, Cosmos). Non-EVM did:pkh identifiers will throw.\n * A future version may generalize to support multiple chain families.\n *\n * @param identifier - A DID, CAIP-10 string, or raw EVM address\n * @returns The checksummed EVM address\n * @throws OmaTrustError if the identifier cannot be resolved to an EVM address\n */\nexport function extractAddressFromDid(identifier: string): string {\n assertString(identifier, \"identifier\", \"INVALID_DID\");\n\n if (identifier.startsWith(\"did:pkh:\")) {\n const pkh = parseDidPkh(normalizeDidPkh(identifier));\n if (!pkh) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:pkh identifier\", { identifier });\n }\n return pkh.address;\n }\n\n if (identifier.startsWith(\"did:ethr:\")) {\n const parts = identifier.replace(\"did:ethr:\", \"\").split(\":\");\n const address = parts.length === 1 ? parts[0] : parts[1];\n if (!address || !isAddress(address)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:ethr identifier\", { identifier });\n }\n return getAddress(address);\n }\n\n if (identifier.match(/^[a-z0-9-]+:[a-zA-Z0-9-]+:0x[a-fA-F0-9]{40}$/)) {\n const parsed = parseCaip10(identifier);\n return parsed.address;\n }\n\n if (isAddress(identifier)) {\n return getAddress(identifier);\n }\n\n throw new OmaTrustError(\"INVALID_DID\", \"Unsupported identifier format\", { identifier });\n}\n\n// ---------------------------------------------------------------------------\n// Private-Key DID Validation\n// ---------------------------------------------------------------------------\n\n/** Result of private-key DID validation */\nexport interface PrivateKeyDidValidation {\n valid: boolean;\n method: \"pkh\" | \"jwk\" | null;\n error?: string;\n}\n\n// CAIP-2 namespace: lowercase alphanumeric + hyphens, 3-8 chars per spec\nconst CAIP2_NAMESPACE_REGEX = /^[a-z0-9-]{3,8}$/;\n\n// Base64url character set (no padding required)\nconst BASE64URL_REGEX = /^[A-Za-z0-9_-]+$/;\n\nconst VALID_JWK_KTY = new Set([\"EC\", \"OKP\", \"RSA\"]);\n\n/**\n * Check if a DID uses a private-key method (can sign transactions/messages).\n * Quick boolean check — use validatePrivateKeyDid() for detailed errors.\n */\nexport function isPrivateKeyDid(did: string): boolean {\n return validatePrivateKeyDid(did).valid;\n}\n\n/**\n * Validate that a DID is a well-formed private-key DID.\n * Returns detailed validation result with method identification and error messages.\n *\n * Supported methods:\n * - did:pkh — CAIP-10 blockchain account (deep validation for eip155)\n * - did:jwk — JSON Web Key (structural validation)\n */\nexport function validatePrivateKeyDid(did: string): PrivateKeyDidValidation {\n if (typeof did !== \"string\" || did.trim().length === 0) {\n return { valid: false, method: null, error: \"DID must be a non-empty string\" };\n }\n\n const trimmed = did.trim();\n const method = extractDidMethod(trimmed);\n\n switch (method) {\n case \"pkh\":\n return validateDidPkh(trimmed);\n case \"jwk\":\n return validateDidJwk(trimmed);\n default:\n return {\n valid: false,\n method: null,\n error: method\n ? `DID method \"${method}\" is not a recognized private-key method`\n : \"Invalid DID format\"\n };\n }\n}\n\n/**\n * Validate a did:pkh DID.\n *\n * Format: did:pkh:<namespace>:<chainId>:<address>\n * - Must have exactly 5 colon-separated parts\n * - namespace must be a valid CAIP-2 namespace (lowercase alphanumeric + hyphens, 3-8 chars)\n * - chainId must be non-empty\n * - address must be non-empty\n * - For eip155 namespace: address must be a valid EVM address (0x + 40 hex chars)\n * - For other namespaces: address must be non-empty (permissive fallback)\n */\nfunction validateDidPkh(did: string): PrivateKeyDidValidation {\n const parts = did.split(\":\");\n if (parts.length !== 5) {\n return {\n valid: false,\n method: \"pkh\",\n error: `did:pkh must have exactly 5 colon-separated parts, got ${parts.length}`\n };\n }\n\n const [, , namespace, chainId, address] = parts;\n\n if (!namespace) {\n return { valid: false, method: \"pkh\", error: \"Missing namespace\" };\n }\n\n if (!CAIP2_NAMESPACE_REGEX.test(namespace)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid CAIP-2 namespace \"${namespace}\" (must be 3-8 lowercase alphanumeric/hyphen chars)`\n };\n }\n\n if (!chainId) {\n return { valid: false, method: \"pkh\", error: \"Missing chain ID (reference)\" };\n }\n\n if (!address) {\n return { valid: false, method: \"pkh\", error: \"Missing address\" };\n }\n\n // Deep validation for eip155 (EVM) namespace\n if (namespace === \"eip155\") {\n // Chain ID should be numeric for eip155\n if (!/^\\d+$/.test(chainId)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid eip155 chain ID \"${chainId}\" (must be numeric)`\n };\n }\n\n // Address must be a valid EVM address\n if (!isAddress(address)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid EVM address \"${address}\" (must be 0x + 40 hex chars)`\n };\n }\n }\n\n // Deep validation for solana namespace\n if (namespace === \"solana\") {\n // Solana addresses are base58-encoded public keys, 32-44 characters\n if (!/^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address)) {\n return {\n valid: false,\n method: \"pkh\",\n error: `Invalid Solana address \"${address}\" (must be 32-44 base58 characters)`\n };\n }\n }\n\n return { valid: true, method: \"pkh\" };\n}\n\n/**\n * Validate a did:jwk DID.\n *\n * Format: did:jwk:<base64url-encoded-JWK>\n * - Must have exactly 3 colon-separated parts\n * - Identifier must be valid base64url\n * - Decoded value must be valid JSON\n * - Decoded JSON must contain a valid kty field (EC, OKP, RSA)\n * - Must NOT contain d (private key component)\n */\nfunction validateDidJwk(did: string): PrivateKeyDidValidation {\n const parts = did.split(\":\");\n if (parts.length !== 3) {\n return {\n valid: false,\n method: \"jwk\",\n error: `did:jwk must have exactly 3 colon-separated parts, got ${parts.length}`\n };\n }\n\n const [, , encoded] = parts;\n\n if (!encoded || encoded.length === 0) {\n return { valid: false, method: \"jwk\", error: \"Missing base64url-encoded JWK identifier\" };\n }\n\n if (!BASE64URL_REGEX.test(encoded)) {\n return {\n valid: false,\n method: \"jwk\",\n error: \"Identifier contains invalid base64url characters\"\n };\n }\n\n // Decode base64url to JSON\n let decoded: string;\n try {\n const bytes = base64url.decode(encoded);\n decoded = new TextDecoder().decode(bytes);\n } catch {\n return { valid: false, method: \"jwk\", error: \"Failed to base64url-decode identifier\" };\n }\n\n let jwk: Record<string, unknown>;\n try {\n jwk = JSON.parse(decoded);\n } catch {\n return { valid: false, method: \"jwk\", error: \"Decoded identifier is not valid JSON\" };\n }\n\n if (!jwk || typeof jwk !== \"object\" || Array.isArray(jwk)) {\n return { valid: false, method: \"jwk\", error: \"Decoded JWK must be a JSON object\" };\n }\n\n // Must have kty\n const kty = jwk.kty;\n if (typeof kty !== \"string\" || !VALID_JWK_KTY.has(kty)) {\n return {\n valid: false,\n method: \"jwk\",\n error: `Invalid or missing kty field (must be one of: EC, OKP, RSA)`\n };\n }\n\n // Must NOT contain private key material\n if (\"d\" in jwk) {\n return {\n valid: false,\n method: \"jwk\",\n error: \"DID must reference a public key — private key component (d) is not allowed\"\n };\n }\n\n // Validate required public key fields per kty (crv/x/y for EC, crv/x for OKP, n/e for RSA)\n const jwkValidation = validatePublicJwk(jwk);\n if (!jwkValidation.valid) {\n return { valid: false, method: \"jwk\", error: jwkValidation.error };\n }\n\n return { valid: true, method: \"jwk\" };\n}\n\n/**\n * Normalize a did:jwk DID.\n * Validates structure and returns the DID unchanged (did:jwk is already canonical).\n */\nexport function normalizeDidJwk(input: string): Did {\n assertString(input, \"input\", \"INVALID_DID\");\n const trimmed = input.trim();\n if (!trimmed.startsWith(\"did:jwk:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected did:jwk DID\", { input });\n }\n\n const result = validateDidJwk(trimmed);\n if (!result.valid) {\n throw new OmaTrustError(\"INVALID_DID\", result.error ?? \"Invalid did:jwk\", { input });\n }\n\n return trimmed;\n}\n","/**\n * DID URL Parsing — Phase 1\n *\n * Parses DID URLs (e.g. did:web:api.example.com#key-1) into their components.\n * DID URLs are mutable key references / lookup handles, not durable controller DIDs.\n */\n\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Parsed DID URL components */\nexport interface ParsedDidUrl {\n /** The original full DID URL */\n didUrl: string;\n /** The base DID (without fragment) */\n did: string;\n /** The fragment identifier (without the '#'), or null if no fragment */\n fragment: string | null;\n}\n\n// ---------------------------------------------------------------------------\n// DID URL Parser\n// ---------------------------------------------------------------------------\n\nconst DID_URL_REGEX = /^did:[a-z0-9]+:.+$/i;\n\n/**\n * Parse a DID URL into its components.\n *\n * A DID URL may include a fragment (e.g. `did:web:api.example.com#key-1`).\n * The fragment identifies a verification method, key reference, or other\n * resource under the DID.\n *\n * DID URLs are mutable key references. They should not be used as durable\n * controller DIDs. Use `resolveDidUrlControllerDid()` to derive a durable\n * `did:jwk` from a DID URL.\n *\n * @param input - A DID URL string\n * @returns Parsed components: didUrl, did, fragment\n * @throws OmaTrustError with code INVALID_DID_URL if input is malformed\n */\nexport function parseDidUrl(input: string): ParsedDidUrl {\n assertString(input, \"input\", \"INVALID_DID_URL\");\n const trimmed = input.trim();\n\n // Split on first '#' to separate DID from fragment\n const hashIndex = trimmed.indexOf(\"#\");\n\n let did: string;\n let fragment: string | null;\n\n if (hashIndex === -1) {\n did = trimmed;\n fragment = null;\n } else {\n did = trimmed.slice(0, hashIndex);\n const rawFragment = trimmed.slice(hashIndex + 1);\n\n if (rawFragment.length === 0) {\n throw new OmaTrustError(\n \"INVALID_DID_URL\",\n \"DID URL has empty fragment (trailing '#' with no identifier)\",\n { input }\n );\n }\n\n fragment = rawFragment;\n }\n\n // Validate the base DID portion\n if (!DID_URL_REGEX.test(did)) {\n throw new OmaTrustError(\n \"INVALID_DID_URL\",\n \"Invalid DID URL: base DID portion is malformed\",\n { input, did }\n );\n }\n\n return {\n didUrl: trimmed,\n did,\n fragment,\n };\n}\n\n/**\n * Check whether a string is a DID URL (contains a fragment).\n * Useful for guards that need to reject DID URLs where a bare DID is expected.\n */\nexport function isDidUrl(input: string): boolean {\n if (typeof input !== \"string\") return false;\n const trimmed = input.trim();\n return trimmed.includes(\"#\") && DID_URL_REGEX.test(trimmed.split(\"#\")[0]);\n}\n\n/**\n * Assert that a string is a bare DID (not a DID URL with a fragment).\n * Throws if the input contains a fragment.\n *\n * Use this in functions that expect a subject DID and must reject DID URLs.\n */\nexport function assertBareDid(input: string, paramName = \"did\"): void {\n assertString(input, paramName, \"INVALID_DID\");\n if (isDidUrl(input)) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Expected a bare DID but received a DID URL with a fragment. Use parseDidUrl() to handle DID URLs.`,\n { input }\n );\n }\n}\n","/**\n * DID Document Fetching — shared utility\n *\n * Fetches did:web DID documents from the well-known endpoint.\n * Used by identity/resolve-key and reputation/proof/did-json.\n */\n\nimport { OmaTrustError } from \"./errors\";\n\n/**\n * Fetch a DID document for a did:web domain.\n *\n * Resolves `https://<domain>/.well-known/did.json` and returns the parsed JSON.\n *\n * @param domain - The domain to fetch the DID document from\n * @returns The parsed DID document\n * @throws OmaTrustError with code NETWORK_ERROR if fetch fails\n */\nexport async function fetchDidDocument(\n domain: string\n): Promise<Record<string, unknown>> {\n const normalized = domain.toLowerCase().replace(/\\.$/, \"\");\n const url = `https://${normalized}/.well-known/did.json`;\n\n let response: Response;\n try {\n response = await fetch(url, { headers: { Accept: \"application/json\" } });\n } catch (err) {\n throw new OmaTrustError(\"NETWORK_ERROR\", \"Failed to fetch DID document\", { domain, err });\n }\n\n if (!response.ok) {\n throw new OmaTrustError(\"NETWORK_ERROR\", `DID document fetch failed: ${response.status}`, {\n domain,\n status: response.status,\n });\n }\n\n return (await response.json()) as Record<string, unknown>;\n}\n","/**\n * DID URL Key Resolution — Phase 3\n *\n * Resolves DID URL key references (e.g. did:web:api.example.com#key-1) to\n * public key material and derives durable did:jwk controller DIDs.\n *\n * DID URLs are mutable key references. This module resolves them to the\n * actual public key material they currently point to, then converts that\n * material into an immutable did:jwk for use as a controller DID.\n */\n\nimport { OmaTrustError } from \"../shared/errors\";\nimport { assertString } from \"../shared/assert\";\nimport { fetchDidDocument } from \"../shared/did-document\";\nimport { parseDidUrl } from \"./did-url\";\nimport { extractDidMethod, getDomainFromDidWeb } from \"./did\";\nimport { validatePublicJwk, jwkToDidJwk, type PublicJwk } from \"./jwk\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Result of resolving a DID URL to public key material */\nexport interface ResolvedPublicKey {\n /** The original DID URL */\n didUrl: string;\n /** The base DID (without fragment) */\n did: string;\n /** The fragment identifier */\n fragment: string | null;\n /** The resolved public JWK */\n publicKeyJwk: PublicJwk;\n /** The verification method ID that matched */\n verificationMethodId: string;\n}\n\n/** Result of resolving a DID URL to a durable controller DID */\nexport interface ResolvedControllerDid extends ResolvedPublicKey {\n /** The durable did:jwk derived from the resolved public key */\n controllerDid: string;\n}\n\n/** Options for DID URL key resolution */\nexport interface ResolveKeyOptions {\n /**\n * Custom DID document fetcher. If not provided, uses the shared\n * fetchDidDocument which fetches from `/.well-known/did.json`.\n */\n fetchDidDocument?: (domain: string) => Promise<Record<string, unknown>>;\n}\n\n// ---------------------------------------------------------------------------\n// Verification Method Search\n// ---------------------------------------------------------------------------\n\ninterface VerificationMethod {\n id: string;\n type?: string;\n publicKeyJwk?: Record<string, unknown>;\n [key: string]: unknown;\n}\n\n/**\n * Find a verification method in a DID document by DID URL or fragment.\n */\nfunction findVerificationMethod(\n didDocument: Record<string, unknown>,\n didUrl: string,\n fragment: string | null\n): VerificationMethod | null {\n const methods = didDocument.verificationMethod;\n if (!Array.isArray(methods)) {\n return null;\n }\n\n for (const method of methods as VerificationMethod[]) {\n if (!method || typeof method !== \"object\") continue;\n const id = method.id;\n if (typeof id !== \"string\") continue;\n\n // Match by full DID URL\n if (id === didUrl) return method;\n\n // Match by fragment (e.g. \"#key-1\" matches \"did:web:example.com#key-1\")\n if (fragment && (id === `#${fragment}` || id.endsWith(`#${fragment}`))) {\n return method;\n }\n }\n\n return null;\n}\n\n/**\n * Extract verification method IDs from a DID document for error reporting.\n */\nfunction extractMethodIdsFromDidDocument(didDocument: Record<string, unknown>): string[] {\n const methods = didDocument.verificationMethod;\n if (!Array.isArray(methods)) return [];\n return (methods as Array<Record<string, unknown>>)\n .filter((m) => m && typeof m.id === \"string\")\n .map((m) => m.id as string);\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve a DID URL to public key material.\n *\n * Currently supports:\n * - did:web with fragment (e.g. did:web:api.example.com#key-1)\n *\n * Resolution steps:\n * 1. Parse the DID URL\n * 2. Resolve the base DID (fetch DID document)\n * 3. Find the matching verification method\n * 4. Extract and validate publicKeyJwk\n *\n * This function only obtains key material. It does not make authorization\n * decisions or check Controller Witness / Key Binding records.\n *\n * @param didUrl - A DID URL string (e.g. \"did:web:api.example.com#key-1\")\n * @param options - Optional configuration (custom fetcher, etc.)\n * @returns Resolved public key information\n * @throws OmaTrustError if resolution fails\n */\nexport async function resolveDidUrlToPublicKey(\n didUrl: string,\n options?: ResolveKeyOptions\n): Promise<ResolvedPublicKey> {\n assertString(didUrl, \"didUrl\", \"INVALID_DID_URL\");\n\n const parsed = parseDidUrl(didUrl);\n const method = extractDidMethod(parsed.did);\n\n if (!method) {\n throw new OmaTrustError(\"INVALID_DID_URL\", \"Cannot extract DID method from DID URL\", {\n didUrl,\n did: parsed.did,\n });\n }\n\n switch (method) {\n case \"web\":\n return resolveDidUrlKey(parsed.didUrl, parsed.did, parsed.fragment, options);\n default:\n throw new OmaTrustError(\n \"UNSUPPORTED_DID_METHOD\",\n `DID URL key resolution is not supported for method \"${method}\"`,\n { didUrl, method }\n );\n }\n}\n\n/**\n * Resolve a DID URL to a durable controller DID.\n *\n * This wraps resolveDidUrlToPublicKey and adds the did:jwk conversion step.\n * The returned controllerDid is the durable DID that callers should pass\n * to getControllerAuthorization.\n *\n * @param didUrl - A DID URL string (e.g. \"did:web:api.example.com#key-1\")\n * @param options - Optional configuration (custom fetcher, etc.)\n * @returns Resolved public key plus derived did:jwk controller DID\n * @throws OmaTrustError if resolution fails\n */\nexport async function resolveDidUrlToControllerDid(\n didUrl: string,\n options?: ResolveKeyOptions\n): Promise<ResolvedControllerDid> {\n const resolved = await resolveDidUrlToPublicKey(didUrl, options);\n const controllerDid = jwkToDidJwk(resolved.publicKeyJwk);\n\n return {\n ...resolved,\n controllerDid,\n };\n}\n\n// ---------------------------------------------------------------------------\n// did:web Resolution\n// ---------------------------------------------------------------------------\n\nasync function resolveDidUrlKey(\n didUrl: string,\n did: string,\n fragment: string | null,\n options?: ResolveKeyOptions\n): Promise<ResolvedPublicKey> {\n const domain = getDomainFromDidWeb(did);\n if (!domain) {\n throw new OmaTrustError(\"INVALID_DID_URL\", \"Cannot extract domain from did:web DID\", {\n didUrl,\n did,\n });\n }\n\n // Fetch DID document\n const fetchFn = options?.fetchDidDocument ?? fetchDidDocument;\n const didDocument = await fetchFn(domain);\n\n // Find verification method\n const method = findVerificationMethod(didDocument, didUrl, fragment);\n if (!method) {\n throw new OmaTrustError(\n \"KEY_NOT_FOUND\",\n `No verification method found matching \"${fragment ? `#${fragment}` : didUrl}\"`,\n { didUrl, fragment, availableMethods: extractMethodIdsFromDidDocument(didDocument) }\n );\n }\n\n // Extract publicKeyJwk\n const publicKeyJwk = method.publicKeyJwk;\n if (!publicKeyJwk || typeof publicKeyJwk !== \"object\") {\n throw new OmaTrustError(\n \"KEY_NOT_FOUND\",\n `Verification method \"${method.id}\" does not contain publicKeyJwk`,\n { didUrl, verificationMethodId: method.id }\n );\n }\n\n // Validate the JWK is a valid public key\n const validation = validatePublicJwk(publicKeyJwk);\n if (!validation.valid) {\n throw new OmaTrustError(\n \"INVALID_JWK\",\n `publicKeyJwk in verification method \"${method.id}\" is invalid: ${validation.error}`,\n { didUrl, verificationMethodId: method.id }\n );\n }\n\n return {\n didUrl,\n did,\n fragment,\n publicKeyJwk: publicKeyJwk as PublicJwk,\n verificationMethodId: method.id,\n };\n}\n","/**\n * Controller ID Comparison\n *\n * Determines whether two controller DIDs refer to the same entity.\n * Handles DID normalization and EVM address-based fallback (chain-agnostic).\n */\n\nimport { normalizeDid, extractDidMethod, extractAddressFromDid } from \"./did\";\nimport { didJwkToJwk, publicJwkEquals } from \"./jwk\";\n\n/**\n * Check if two controller DIDs refer to the same entity.\n *\n * Matching strategies (tried in order):\n * 1. Exact normalized DID string match\n * 2. EVM address match (chain-agnostic): if both DIDs resolve to the same\n * EVM address, they match regardless of chain ID. This handles cases like\n * did:pkh:eip155:1:0xABC matching did:pkh:eip155:137:0xABC.\n * 3. JWK material match: if both are did:jwk, compare the decoded public key\n * material directly (handles non-canonical encoding differences).\n *\n * @param a - First controller DID\n * @param b - Second controller DID\n * @returns true if both DIDs refer to the same controller\n */\nexport function isSameControllerId(a: string, b: string): boolean {\n // Strategy 1: Exact normalized DID string match\n let normalizedA: string | null = null;\n let normalizedB: string | null = null;\n\n try {\n normalizedA = normalizeDid(a);\n } catch {\n // a may not be normalizable\n }\n\n try {\n normalizedB = normalizeDid(b);\n } catch {\n // b may not be normalizable\n }\n\n if (normalizedA && normalizedB && normalizedA === normalizedB) {\n return true;\n }\n\n // Strategy 2: EVM address match (chain-agnostic)\n const evmA = extractControllerEvmAddress(a);\n const evmB = extractControllerEvmAddress(b);\n\n if (evmA && evmB && evmA.toLowerCase() === evmB.toLowerCase()) {\n return true;\n }\n\n // Strategy 3: JWK material match (for did:jwk with different encodings)\n const methodA = extractDidMethod(a);\n const methodB = extractDidMethod(b);\n\n if (methodA === \"jwk\" && methodB === \"jwk\") {\n try {\n const jwkA = didJwkToJwk(a);\n const jwkB = didJwkToJwk(b);\n return publicJwkEquals(jwkA, jwkB);\n } catch {\n return false;\n }\n }\n\n return false;\n}\n\n/**\n * Extract an EVM address from a controller DID, if possible.\n * Returns null for non-EVM controllers (did:jwk, non-eip155 did:pkh, etc.)\n */\nexport function extractControllerEvmAddress(controllerDid: string): string | null {\n try {\n const method = extractDidMethod(controllerDid);\n if (method === \"pkh\" && controllerDid.includes(\"eip155\")) {\n return extractAddressFromDid(controllerDid);\n }\n } catch {\n // Not extractable\n }\n return null;\n}\n","/**\n * Identity Types — Phase 4\n *\n * Types for JWS verification results and authorization metadata.\n * These define the contract between signature verification and\n * downstream authorization checks via getControllerAuthorization.\n */\n\nimport type { PublicJwk } from \"./jwk\";\n\n// ---------------------------------------------------------------------------\n// JWS Verification Result\n// ---------------------------------------------------------------------------\n\n/** Source of the public key used for JWS signature verification */\nexport type PublicKeySource = \"embedded-jwk\" | \"kid-resolution\";\n\n/**\n * Structured result of JWS signature verification.\n *\n * This result is NOT an authorization result. It does not determine whether\n * the signing key was authorized to act for the service identified by resourceUrl.\n *\n * It provides enough information for callers to perform downstream authorization\n * checks via getControllerAuthorization:\n * - publicKeyDid (did:jwk) is the durable controller DID\n * - resourceUrl identifies the service subject\n * - issuedAt enables authorization-window checks for receipts\n */\nexport interface JwsVerificationResult {\n /** Whether the JWS signature is cryptographically valid */\n valid: boolean;\n\n /** Decoded JWS protected header */\n header: Record<string, unknown>;\n\n /** Decoded JWS payload */\n payload: Record<string, unknown>;\n\n /** kid from the JWS header (a key reference, NOT a controller DID) */\n kid: string | null;\n\n /** The public JWK used for signature verification */\n publicKeyJwk: PublicJwk;\n\n /** How the public key was obtained */\n publicKeySource: PublicKeySource;\n\n /**\n * The durable did:jwk derived from the public key.\n * This is the controller DID for downstream authorization checks.\n * Pass this as controllerDid to getControllerAuthorization.\n */\n publicKeyDid: string;\n\n /** Error details when valid is false */\n error?: JwsVerificationError;\n}\n\n/** Error details for failed JWS verification */\nexport interface JwsVerificationError {\n code: string;\n message: string;\n}\n\n/**\n * Failed JWS verification result.\n * Returned when parsing, decoding, or signature verification fails.\n */\nexport interface JwsVerificationFailure {\n valid: false;\n error: JwsVerificationError;\n header?: Record<string, unknown>;\n payload?: Record<string, unknown>;\n kid?: string | null;\n publicKeyJwk?: PublicJwk;\n publicKeySource?: PublicKeySource;\n publicKeyDid?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Metadata\n// ---------------------------------------------------------------------------\n\n/**\n * Authorization metadata extracted from a verified x402 artifact.\n *\n * This is the information a caller needs to perform an authorization check\n * after signature verification succeeds (JWS or EIP-712).\n *\n * Usage:\n * 1. Verify artifact → get JwsVerificationResult or Eip712VerificationResult\n * 2. Extract AuthorizationMetadata from the result\n * 3. Call getControllerAuthorization({ subjectDid, controllerDid, purpose })\n * 4. Evaluate the returned authorization window against policy\n */\nexport interface AuthorizationMetadata {\n /**\n * The durable controller DID derived from the verified key material.\n * - JWS: did:jwk derived from the public key\n * - EIP-712: did:pkh:eip155:1:<signer-address>\n * Pass this as controllerDid to getControllerAuthorization.\n */\n controllerDid: string;\n\n /**\n * The subject DID derived from resourceUrl.\n * For x402 artifacts, this is typically did:web:<domain-from-resourceUrl>.\n * Pass this as subjectDid to getControllerAuthorization.\n */\n subjectDid: string | null;\n\n /**\n * The resourceUrl from the signed payload.\n * Identifies the service/resource the artifact is associated with.\n */\n resourceUrl: string | null;\n\n /**\n * The issuedAt timestamp from the signed payload (receipts).\n * Used for authorization-window checks — was the controller authorized at this time?\n * May be a string (ISO) or number (unix seconds) depending on the payload.\n */\n issuedAt: string | number | null;\n\n /**\n * The kid from the JWS header (mutable key reference).\n * Useful for key-pinning lookups but NOT a controller DID.\n * Null for EIP-712 artifacts.\n */\n kid: string | null;\n\n /**\n * The public JWK used for signature verification.\n * Present for JWS artifacts, null for EIP-712.\n */\n publicKeyJwk: PublicJwk | null;\n\n /**\n * The recovered signer address (checksummed).\n * Present for EIP-712 artifacts, null for JWS.\n */\n signer: string | null;\n}\n\n// ---------------------------------------------------------------------------\n// Helper\n// ---------------------------------------------------------------------------\n\n/**\n * Input for extractAuthorizationMetadata.\n * Accepts either a JwsVerificationResult or an Eip712VerificationResult.\n */\nexport type VerificationResultInput =\n | JwsVerificationResult\n | { valid: true; payload: Record<string, unknown>; signer: string; artifactType: string };\n\n/**\n * Extract authorization metadata from a successful verification result.\n *\n * Works with both JWS and EIP-712 verification results:\n * - JWS: controllerDid is did:jwk, publicKeyJwk is populated, kid may be present\n * - EIP-712: controllerDid is did:pkh:eip155:1:<signer>, signer is populated\n *\n * Derives the subject DID from resourceUrl when possible (assumes did:web\n * for HTTPS URLs). Returns null for subjectDid if resourceUrl is missing\n * or cannot be parsed.\n *\n * @param result - A successful verification result (valid === true)\n * @returns Authorization metadata for downstream getControllerAuthorization calls\n */\nexport function extractAuthorizationMetadata(\n result: VerificationResultInput\n): AuthorizationMetadata {\n const payload = result.payload;\n\n const resourceUrl = typeof payload.resourceUrl === \"string\" ? payload.resourceUrl : null;\n const issuedAt =\n typeof payload.issuedAt === \"string\"\n ? payload.issuedAt\n : typeof payload.issuedAt === \"number\"\n ? payload.issuedAt\n : null;\n\n // Derive subject DID from resourceUrl\n let subjectDid: string | null = null;\n if (resourceUrl) {\n try {\n const url = new URL(resourceUrl);\n subjectDid = `did:web:${url.hostname}`;\n } catch {\n // Cannot parse URL — leave subjectDid null\n }\n }\n\n // Detect which result type we have\n if (\"publicKeyDid\" in result) {\n // JWS result\n const jwsResult = result as JwsVerificationResult;\n return {\n controllerDid: jwsResult.publicKeyDid,\n subjectDid,\n resourceUrl,\n issuedAt,\n kid: jwsResult.kid,\n publicKeyJwk: jwsResult.publicKeyJwk,\n signer: null,\n };\n }\n\n // EIP-712 result\n const eip712Result = result as { signer: string; payload: Record<string, unknown> };\n const signerAddress = eip712Result.signer.toLowerCase();\n return {\n controllerDid: `did:pkh:eip155:1:${signerAddress}`,\n subjectDid,\n resourceUrl,\n issuedAt,\n kid: null,\n publicKeyJwk: null,\n signer: eip712Result.signer,\n };\n}\n","import canonicalize from \"canonicalize\";\nimport { keccak256, sha256, toUtf8Bytes } from \"ethers\";\nimport { OmaTrustError } from \"../shared/errors\";\n\ntype Hex = `0x${string}`;\n\nconst VALID_ALGORITHMS = new Set([\"keccak256\", \"sha256\"]);\n\n/** Maximum JSON nesting depth allowed. */\nconst MAX_JSON_DEPTH = 32;\n\nfunction assertDepthLimit(depth: number, context?: string): void {\n if (depth > MAX_JSON_DEPTH) {\n const msg = context\n ? `JSON nesting depth exceeds maximum of ${MAX_JSON_DEPTH} at ${context}`\n : `JSON nesting depth exceeds maximum of ${MAX_JSON_DEPTH}`;\n throw new OmaTrustError(\"INVALID_INPUT\", msg);\n }\n}\n\n/**\n * Parse JSON strictly, rejecting duplicate keys.\n * Standard JSON.parse() silently accepts duplicates (last-wins).\n * This function detects duplicates at any nesting depth and throws.\n */\nexport function parseJsonStrict(input: string): unknown {\n if (typeof input !== \"string\") {\n throw new OmaTrustError(\"INVALID_INPUT\", \"Input must be a string\");\n }\n\n // First pass: detect duplicate keys by scanning object literals\n const seen = new Map<string, Set<string>>();\n let pathStack: string[] = [];\n let depth = 0;\n\n // Use a reviver to track keys at each depth\n const keyTracker = new Map<number, Set<string>>();\n\n // Parse with a reviver that tracks keys per object depth\n // JSON.parse calls the reviver bottom-up, so we use a different approach:\n // scan the raw string for duplicate keys using a state machine.\n const duplicateKeys = detectDuplicateKeys(input);\n if (duplicateKeys.length > 0) {\n throw new OmaTrustError(\n \"INVALID_INPUT\",\n `Duplicate JSON key${duplicateKeys.length > 1 ? \"s\" : \"\"} detected: ${duplicateKeys.map(k => `\"${k}\"`).join(\", \")}`,\n { duplicateKeys }\n );\n }\n\n try {\n return JSON.parse(input);\n } catch {\n throw new OmaTrustError(\"INVALID_INPUT\", \"Input is not valid JSON\");\n }\n}\n\n/**\n * Detect duplicate keys in a JSON string.\n * Returns an array of key names that appear more than once in any single object.\n */\nfunction detectDuplicateKeys(input: string): string[] {\n const duplicates: string[] = [];\n // Stack of sets — each set tracks keys for the current object nesting level\n const objectKeyStack: Set<string>[] = [];\n let inString = false;\n let escaped = false;\n let currentKey = \"\";\n let collectingKey = false;\n let afterColon = false;\n let i = 0;\n\n while (i < input.length) {\n const ch = input[i];\n\n if (escaped) {\n if (collectingKey) currentKey += ch;\n escaped = false;\n i++;\n continue;\n }\n\n if (ch === \"\\\\\") {\n escaped = true;\n if (collectingKey) currentKey += ch;\n i++;\n continue;\n }\n\n if (ch === '\"') {\n if (!inString) {\n inString = true;\n // If we're in an object context and not after a colon, this is a key\n if (objectKeyStack.length > 0 && !afterColon) {\n collectingKey = true;\n currentKey = \"\";\n }\n } else {\n inString = false;\n if (collectingKey) {\n collectingKey = false;\n const keySet = objectKeyStack[objectKeyStack.length - 1];\n if (keySet.has(currentKey)) {\n if (!duplicates.includes(currentKey)) {\n duplicates.push(currentKey);\n }\n } else {\n keySet.add(currentKey);\n }\n }\n }\n i++;\n continue;\n }\n\n if (inString) {\n if (collectingKey) currentKey += ch;\n i++;\n continue;\n }\n\n // Outside string\n if (ch === \"{\") {\n objectKeyStack.push(new Set());\n assertDepthLimit(objectKeyStack.length);\n afterColon = false;\n } else if (ch === \"}\") {\n objectKeyStack.pop();\n afterColon = objectKeyStack.length > 0; // restore parent context\n } else if (ch === \"[\") {\n // Arrays don't have keys — push a sentinel\n objectKeyStack.push(new Set([\"__array__\"]));\n assertDepthLimit(objectKeyStack.length);\n afterColon = false;\n } else if (ch === \"]\") {\n objectKeyStack.pop();\n afterColon = objectKeyStack.length > 0;\n } else if (ch === \":\") {\n afterColon = true;\n } else if (ch === \",\") {\n afterColon = false;\n }\n\n i++;\n }\n\n return duplicates;\n}\n\n/**\n * Assert that a value is JSON-safe (representable in JSON without lossy conversion).\n * Rejects: undefined, NaN, Infinity, -Infinity, BigInt, functions, symbols, Date objects.\n * These values would be silently coerced or dropped by JSON.stringify / canonicalize.\n */\nexport function assertJsonSafe(value: unknown, path: string = \"$\", depth: number = 0): void {\n assertDepthLimit(depth, path);\n\n if (value === undefined) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: undefined`);\n }\n\n if (value === null) return;\n\n switch (typeof value) {\n case \"string\":\n case \"boolean\":\n return;\n case \"number\":\n if (!Number.isFinite(value)) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: ${value} (must be finite number)`);\n }\n return;\n case \"bigint\":\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: BigInt (use number or string)`);\n case \"function\":\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: function`);\n case \"symbol\":\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: Symbol`);\n case \"object\":\n if (value instanceof Date) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: Date (use ISO string or timestamp)`);\n }\n if (value instanceof RegExp) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: RegExp`);\n }\n if (Array.isArray(value)) {\n for (let i = 0; i < value.length; i++) {\n assertJsonSafe(value[i], `${path}[${i}]`, depth + 1);\n }\n return;\n }\n // Plain object\n for (const [key, val] of Object.entries(value)) {\n assertJsonSafe(val, `${path}.${key}`, depth + 1);\n }\n return;\n default:\n throw new OmaTrustError(\"INVALID_INPUT\", `Non-JSON-safe value at ${path}: unknown type \"${typeof value}\"`);\n }\n}\n\nexport function canonicalizeJson(obj: unknown): string {\n assertJsonSafe(obj);\n const jcs = canonicalize(obj);\n if (!jcs) {\n throw new OmaTrustError(\"INVALID_INPUT\", \"Object cannot be canonicalized\", { obj });\n }\n return jcs;\n}\n\n/**\n * Canonicalize a JSON object (JCS / RFC 8785) and compute its keccak256 hash.\n * Returns both the canonical JCS string and the 0x-prefixed hash.\n */\nexport function canonicalizeAndKeccak256(obj: unknown): { jcsJson: string; hash: Hex } {\n const jcsJson = canonicalizeJson(obj);\n return {\n jcsJson,\n hash: keccak256(toUtf8Bytes(jcsJson)) as Hex\n };\n}\n\n/** @deprecated Use canonicalizeAndKeccak256 instead. */\nexport function canonicalizeForHash(obj: unknown): { jcsJson: string; hash: Hex } {\n return canonicalizeAndKeccak256(obj);\n}\n\nexport function hashCanonicalizedJson(obj: unknown, algorithm: \"keccak256\" | \"sha256\"): Hex {\n if (!VALID_ALGORITHMS.has(algorithm)) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Unsupported hash algorithm: \"${algorithm}\". Must be \"keccak256\" or \"sha256\".`, { algorithm });\n }\n const jcs = canonicalizeJson(obj);\n const bytes = toUtf8Bytes(jcs);\n return (algorithm === \"keccak256\" ? keccak256(bytes) : sha256(bytes)) as Hex;\n}\n","/**\n * did:artifact — Content-Addressed DID Method\n *\n * Implements construction, parsing, and verification for the did:artifact DID method.\n * A did:artifact DID names an immutable byte sequence by its SHA-256 content hash,\n * encoded as a CIDv1 with raw multicodec and base32-lower multibase.\n *\n * Construction:\n * - artifactDidFromBytes: hash raw bytes (binary artifacts)\n * - artifactDidFromJson: canonicalize JSON then hash (JSON artifacts)\n *\n * Verification:\n * - verifyDidArtifact: verify content matches a did:artifact DID\n * (tries canonical JSON first, then raw bytes)\n *\n * Spec: https://oma3dao.github.io/omatrust-docs/specification/did-artifact-method-spec.html\n */\n\nimport { CID } from \"multiformats/cid\";\nimport { sha256 } from \"multiformats/hashes/sha2\";\nimport * as raw from \"multiformats/codecs/raw\";\nimport { base32 } from \"multiformats/bases/base32\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { canonicalizeJson, parseJsonStrict } from \"./data\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Parsed components of a did:artifact DID */\nexport interface ParsedArtifactDid {\n /** The full DID string */\n did: string;\n /** The method-specific identifier (base32-encoded CIDv1) */\n identifier: string;\n /** The SHA-256 digest as a Uint8Array (32 bytes) */\n digest: Uint8Array;\n /** The SHA-256 digest as lowercase hex */\n digestHex: string;\n}\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst DID_ARTIFACT_PREFIX = \"did:artifact:\";\n\n/** Expected binary CID length: 1 (version) + 1 (codec) + 2 (multihash header) + 32 (digest) */\nconst EXPECTED_CID_BYTES = 36;\n\n/** CID version 1 */\nconst CID_VERSION = 1;\n\n/** Multicodec for raw (0x55) */\nconst RAW_CODEC = raw.code; // 0x55\n\n/** Multihash function code for sha2-256 (0x12) */\nconst SHA2_256_CODE = 0x12;\n\n/** Expected digest length for SHA-256 */\nconst SHA2_256_DIGEST_LENGTH = 32;\n\n// ---------------------------------------------------------------------------\n// Construction\n// ---------------------------------------------------------------------------\n\n/**\n * Construct a did:artifact DID from raw bytes.\n *\n * Use this when the artifact is a binary blob (installer, archive, image, etc.)\n * where no canonicalization is needed. The bytes are hashed as-is.\n *\n * @param bytes - The artifact's raw octets\n * @returns The did:artifact DID string\n * @throws OmaTrustError if bytes is empty or not a Uint8Array\n */\nexport async function artifactDidFromBytes(bytes: Uint8Array): Promise<string> {\n if (!(bytes instanceof Uint8Array) || bytes.length === 0) {\n throw new OmaTrustError(\n \"INVALID_INPUT\",\n \"bytes must be a non-empty Uint8Array\"\n );\n }\n\n const digest = await sha256.digest(bytes);\n const cid = CID.createV1(RAW_CODEC, digest);\n return `${DID_ARTIFACT_PREFIX}${cid.toString(base32)}`;\n}\n\n/**\n * Construct a did:artifact DID from a JSON value.\n *\n * The input is canonicalized using JCS (RFC 8785), then the canonical UTF-8 bytes\n * are hashed with SHA-256. If the input is a string, it is parsed strictly\n * (rejecting duplicate keys, non-JSON-safe values, etc.) before canonicalization.\n *\n * Use this when the artifact is a JSON document and you want identity based on\n * the JSON *value* rather than the exact serialization.\n *\n * @param input - A parsed JSON value (object/array/primitive) or a JSON string\n * @returns The did:artifact DID string\n * @throws OmaTrustError if canonicalization fails (malformed JSON, duplicate keys, etc.)\n */\nexport async function artifactDidFromJson(input: unknown): Promise<string> {\n // If input is a string, parse it strictly first\n const value = typeof input === \"string\" ? parseJsonStrict(input) : input;\n\n // Canonicalize — this validates JSON safety and produces JCS output\n const jcs = canonicalizeJson(value);\n const bytes = new TextEncoder().encode(jcs);\n\n const digest = await sha256.digest(bytes);\n const cid = CID.createV1(RAW_CODEC, digest);\n return `${DID_ARTIFACT_PREFIX}${cid.toString(base32)}`;\n}\n\n// ---------------------------------------------------------------------------\n// Parsing\n// ---------------------------------------------------------------------------\n\n/**\n * Parse and validate a did:artifact DID string.\n *\n * Validates:\n * - Correct prefix\n * - Valid base32-lower multibase encoding\n * - CID version 1\n * - Multicodec is raw (0x55)\n * - Multihash function is sha2-256 (0x12) with 32-byte digest\n *\n * @param did - The DID string to parse\n * @returns Parsed components including the SHA-256 digest\n * @throws OmaTrustError if the DID is malformed or uses unsupported parameters\n */\nexport function parseArtifactDid(did: string): ParsedArtifactDid {\n if (typeof did !== \"string\" || !did.startsWith(DID_ARTIFACT_PREFIX)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected a did:artifact DID\", { did });\n }\n\n const identifier = did.slice(DID_ARTIFACT_PREFIX.length);\n if (!identifier || identifier.length === 0) {\n throw new OmaTrustError(\"INVALID_DID\", \"Missing method-specific identifier\", { did });\n }\n\n // Must start with 'b' (base32lower multibase prefix)\n if (identifier[0] !== \"b\") {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Invalid multibase prefix \"${identifier[0]}\", expected \"b\" (base32lower)`,\n { did }\n );\n }\n\n // Decode the CID from base32\n let cid: CID;\n try {\n cid = CID.parse(identifier, base32);\n } catch (err) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n \"Failed to decode base32 CID from did:artifact identifier\",\n { did, cause: err }\n );\n }\n\n // Validate CID version\n if (cid.version !== CID_VERSION) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `CID version must be 1, got ${cid.version}`,\n { did }\n );\n }\n\n // Validate multicodec (raw = 0x55)\n if (cid.code !== RAW_CODEC) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Multicodec must be raw (0x55), got 0x${cid.code.toString(16)}`,\n { did }\n );\n }\n\n // Validate multihash function (sha2-256 = 0x12)\n if (cid.multihash.code !== SHA2_256_CODE) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Multihash function must be sha2-256 (0x12), got 0x${cid.multihash.code.toString(16)}`,\n { did }\n );\n }\n\n // Validate digest length\n if (cid.multihash.digest.length !== SHA2_256_DIGEST_LENGTH) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `SHA-256 digest must be 32 bytes, got ${cid.multihash.digest.length}`,\n { did }\n );\n }\n\n const digest = cid.multihash.digest;\n const digestHex = Array.from(digest)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n\n return { did, identifier, digest, digestHex };\n}\n\n// ---------------------------------------------------------------------------\n// Verification\n// ---------------------------------------------------------------------------\n\n/** Result of artifact verification */\nexport interface ArtifactVerificationResult {\n /** Whether the content matches the DID */\n valid: boolean;\n /** Which interpretation matched: \"json\" if canonical JSON matched, \"binary\" if raw bytes matched */\n matchedAs?: \"json\" | \"binary\";\n /** Error reason when valid is false */\n reason?: string;\n}\n\n/**\n * Verify that content matches a did:artifact DID.\n *\n * Verification strategy:\n * 1. Try to interpret the content as JSON: parse strictly, canonicalize, hash, compare.\n * 2. If JSON interpretation fails or doesn't match, hash the raw bytes and compare.\n * 3. If either matches, verification succeeds.\n *\n * This dual approach is necessary because the verifier doesn't know which path\n * (artifactDidFromJson vs artifactDidFromBytes) was used at construction time.\n *\n * @param did - The did:artifact DID to verify against\n * @param content - The candidate content (Uint8Array for binary, or string/object for JSON)\n * @returns Verification result indicating whether and how the content matched\n */\nexport async function verifyDidArtifact(\n did: string,\n content: Uint8Array | string | unknown\n): Promise<ArtifactVerificationResult> {\n // Parse and validate the DID\n let parsed: ParsedArtifactDid;\n try {\n parsed = parseArtifactDid(did);\n } catch (err) {\n return {\n valid: false,\n reason: err instanceof OmaTrustError ? err.message : \"Invalid did:artifact DID\",\n };\n }\n\n const expectedHex = parsed.digestHex;\n\n // Strategy 1: Try JSON canonicalization\n if (typeof content === \"string\" || (typeof content === \"object\" && content !== null && !(content instanceof Uint8Array))) {\n try {\n const value = typeof content === \"string\" ? parseJsonStrict(content) : content;\n const jcs = canonicalizeJson(value);\n const jcsBytes = new TextEncoder().encode(jcs);\n const digest = await sha256.digest(jcsBytes);\n const digestHex = Array.from(digest.digest)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n\n if (digestHex === expectedHex) {\n return { valid: true, matchedAs: \"json\" };\n }\n } catch {\n // JSON canonicalization failed — fall through to binary\n }\n }\n\n // Strategy 2: Try raw bytes\n let rawBytes: Uint8Array;\n if (content instanceof Uint8Array) {\n rawBytes = content;\n } else if (typeof content === \"string\") {\n rawBytes = new TextEncoder().encode(content);\n } else {\n // For objects that didn't match as JSON, we can't try binary\n return {\n valid: false,\n reason: \"Content did not match as canonical JSON and is not raw bytes\",\n };\n }\n\n const digest = await sha256.digest(rawBytes);\n const digestHex = Array.from(digest.digest)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n\n if (digestHex === expectedHex) {\n return { valid: true, matchedAs: \"binary\" };\n }\n\n return {\n valid: false,\n reason: \"Content does not match the did:artifact identifier (neither as canonical JSON nor as raw bytes)\",\n };\n}\n","/**\n * DID Method Migration Helpers\n *\n * Provides conversion functions for deprecated DID methods:\n * - did:ethr → did:pkh:eip155 (wallet addresses)\n * - did:key → did:jwk (non-blockchain keys)\n *\n * These methods are being deprecated in favor of their canonical replacements.\n * Use these functions to convert existing identifiers to the preferred format.\n */\n\nimport { base58btc } from \"multiformats/bases/base58\";\nimport { isAddress, getAddress } from \"ethers\";\nimport { base64url } from \"jose\";\nimport { OmaTrustError } from \"../shared/errors\";\nimport { jwkToDidJwk } from \"./jwk\";\n\n// ---------------------------------------------------------------------------\n// did:ethr → did:pkh\n// ---------------------------------------------------------------------------\n\n/**\n * Convert a did:ethr DID to the equivalent did:pkh:eip155 DID.\n *\n * did:ethr format: did:ethr:<address> or did:ethr:<chainId>:<address>\n * did:pkh format: did:pkh:eip155:<chainId>:<address>\n *\n * If the did:ethr DID omits the chain ID, defaults to chain 1 (Ethereum mainnet).\n *\n * @param did - A did:ethr DID string\n * @returns The equivalent did:pkh:eip155 DID\n * @throws OmaTrustError if the input is not a valid did:ethr DID\n */\nexport function didEthrToDidPkh(did: string): string {\n if (typeof did !== \"string\" || !did.startsWith(\"did:ethr:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected a did:ethr DID\", { did });\n }\n\n const remainder = did.slice(\"did:ethr:\".length);\n if (!remainder) {\n throw new OmaTrustError(\"INVALID_DID\", \"Missing identifier in did:ethr DID\", { did });\n }\n\n let chainId: string;\n let address: string;\n\n // Check for chain-specific format: did:ethr:<network>:<address>\n // Networks can be hex chain IDs (0x1), named networks, or numeric\n const parts = remainder.split(\":\");\n if (parts.length === 1) {\n // did:ethr:<address> — default to chain 1\n chainId = \"1\";\n address = parts[0];\n } else if (parts.length === 2) {\n // did:ethr:<chainId>:<address>\n const rawChainId = parts[0];\n address = parts[1];\n\n // Parse chain ID: support hex (0x1), numeric, and named networks\n if (rawChainId.startsWith(\"0x\")) {\n chainId = String(parseInt(rawChainId, 16));\n } else if (/^\\d+$/.test(rawChainId)) {\n chainId = rawChainId;\n } else {\n // Named networks — map common names\n const networkMap: Record<string, string> = {\n mainnet: \"1\",\n goerli: \"5\",\n sepolia: \"11155111\",\n polygon: \"137\",\n arbitrum: \"42161\",\n optimism: \"10\",\n base: \"8453\",\n };\n const mapped = networkMap[rawChainId.toLowerCase()];\n if (!mapped) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Unknown did:ethr network \"${rawChainId}\"`,\n { did, network: rawChainId }\n );\n }\n chainId = mapped;\n }\n } else {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid did:ethr format\", { did });\n }\n\n if (!isAddress(address)) {\n throw new OmaTrustError(\"INVALID_DID\", \"Invalid Ethereum address in did:ethr DID\", {\n did,\n address,\n });\n }\n\n const checksummed = getAddress(address);\n return `did:pkh:eip155:${chainId}:${checksummed.toLowerCase()}`;\n}\n\n// ---------------------------------------------------------------------------\n// did:key → did:jwk\n// ---------------------------------------------------------------------------\n\n/**\n * Multicodec prefixes for key types used in did:key.\n * Each prefix identifies the key algorithm and curve.\n */\nconst MULTICODEC_KEY_TYPES: Record<number, { kty: string; crv: string; coordSize?: number }> = {\n // Ed25519 public key: 0xed (varint encoded as [0xed, 0x01])\n 0xed: { kty: \"OKP\", crv: \"Ed25519\" },\n // X25519 public key: 0xec (varint encoded as [0xec, 0x01])\n 0xec: { kty: \"OKP\", crv: \"X25519\" },\n // secp256k1 public key (compressed): 0xe7 (varint encoded as [0xe7, 0x01])\n 0xe7: { kty: \"EC\", crv: \"secp256k1\", coordSize: 33 },\n // P-256 public key (compressed): 0x80 0x24 (varint 0x1200)\n 0x1200: { kty: \"EC\", crv: \"P-256\", coordSize: 33 },\n // P-384 public key (compressed): 0x81 0x24 (varint 0x1201)\n 0x1201: { kty: \"EC\", crv: \"P-384\", coordSize: 49 },\n};\n\n/**\n * Read a varint from a byte array (unsigned LEB128).\n * Returns the decoded value and the number of bytes consumed.\n */\nfunction readVarint(bytes: Uint8Array, offset: number): { value: number; bytesRead: number } {\n let value = 0;\n let shift = 0;\n let bytesRead = 0;\n\n while (offset + bytesRead < bytes.length) {\n const byte = bytes[offset + bytesRead];\n value |= (byte & 0x7f) << shift;\n bytesRead++;\n if ((byte & 0x80) === 0) {\n return { value, bytesRead };\n }\n shift += 7;\n if (shift > 28) {\n throw new OmaTrustError(\"INVALID_DID\", \"Varint too long in did:key multicodec prefix\");\n }\n }\n\n throw new OmaTrustError(\"INVALID_DID\", \"Truncated varint in did:key multicodec prefix\");\n}\n\n/**\n * Decompress a compressed EC public key to x, y coordinates.\n * Supports secp256k1, P-256, and P-384 (all use the same compressed format).\n *\n * For OKP keys (Ed25519, X25519), the raw bytes ARE the public key — no decompression needed.\n */\nfunction decompressEcKey(\n compressedKey: Uint8Array,\n crv: string\n): { x: Uint8Array; y: Uint8Array } {\n // For EC curves, a compressed key is 33 bytes (P-256, secp256k1) or 49 bytes (P-384)\n // Format: 0x02/0x03 prefix + x-coordinate\n // We can't decompress to y without doing the curve math, but for did:jwk we can\n // use the compressed representation directly IF the curve supports it.\n // However, JWK requires uncompressed x and y for EC keys.\n //\n // Since full decompression requires curve-specific modular arithmetic that's complex\n // to implement in pure JS, and the did:key spec stores compressed keys, we'll use\n // a simpler approach: for secp256k1 keys (the most common case in did:ethr migration),\n // we store just the x-coordinate and mark it with the compression prefix.\n //\n // Actually, for did:key → did:jwk conversion, the standard approach is:\n // - Ed25519/X25519: x = raw 32-byte key (base64url encoded)\n // - EC keys: requires the full uncompressed point\n //\n // The practical path: since did:key typically stores compressed EC keys,\n // and converting compressed → uncompressed requires elliptic curve operations,\n // we reject compressed EC keys that we can't fully decompress and suggest\n // using did:pkh for EVM keys instead.\n\n throw new OmaTrustError(\n \"UNSUPPORTED_KEY_TYPE\",\n `Cannot convert compressed EC key (${crv}) from did:key to did:jwk. ` +\n `Decompressing EC points requires elliptic curve arithmetic. ` +\n `For EVM keys, use didEthrToDidPkh() instead.`,\n { crv, keyLength: compressedKey.length }\n );\n}\n\n/**\n * Convert a did:key DID to the equivalent did:jwk DID.\n *\n * did:key encodes a public key as a multicodec-prefixed, base58btc-encoded value.\n * This function decodes the key, identifies the algorithm from the multicodec prefix,\n * constructs a JWK, and wraps it as did:jwk.\n *\n * Supported key types:\n * - Ed25519 (multicodec 0xed)\n * - X25519 (multicodec 0xec)\n *\n * EC keys (secp256k1, P-256, P-384) are stored compressed in did:key and require\n * elliptic curve decompression to produce a valid JWK. This is not supported;\n * use didEthrToDidPkh() for EVM wallet keys instead.\n *\n * @param did - A did:key DID string\n * @returns The equivalent did:jwk DID\n * @throws OmaTrustError if the input is invalid or uses an unsupported key type\n */\nexport function didKeyToDidJwk(did: string): string {\n if (typeof did !== \"string\" || !did.startsWith(\"did:key:\")) {\n throw new OmaTrustError(\"INVALID_DID\", \"Expected a did:key DID\", { did });\n }\n\n const identifier = did.slice(\"did:key:\".length);\n if (!identifier || !identifier.startsWith(\"z\")) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n \"did:key identifier must start with 'z' (base58btc multibase prefix)\",\n { did }\n );\n }\n\n // Decode base58btc (the 'z' prefix is the multibase indicator)\n let decoded: Uint8Array;\n try {\n decoded = base58btc.decode(identifier);\n } catch (err) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n \"Failed to decode base58btc from did:key identifier\",\n { did, cause: err }\n );\n }\n\n if (decoded.length < 3) {\n throw new OmaTrustError(\"INVALID_DID\", \"did:key decoded bytes too short\", { did });\n }\n\n // Read the multicodec prefix (varint)\n const { value: codecValue, bytesRead } = readVarint(decoded, 0);\n\n const keyType = MULTICODEC_KEY_TYPES[codecValue];\n if (!keyType) {\n throw new OmaTrustError(\n \"UNSUPPORTED_KEY_TYPE\",\n `Unsupported multicodec key type 0x${codecValue.toString(16)} in did:key`,\n { did, codec: `0x${codecValue.toString(16)}` }\n );\n }\n\n // Extract the raw key bytes after the multicodec prefix\n const keyBytes = decoded.slice(bytesRead);\n\n if (keyType.kty === \"OKP\") {\n // Ed25519 or X25519: raw 32-byte key → JWK with x field\n if (keyBytes.length !== 32) {\n throw new OmaTrustError(\n \"INVALID_DID\",\n `Expected 32-byte ${keyType.crv} key, got ${keyBytes.length} bytes`,\n { did, crv: keyType.crv }\n );\n }\n\n const jwk = {\n kty: keyType.kty,\n crv: keyType.crv,\n x: base64url.encode(keyBytes),\n };\n\n return jwkToDidJwk(jwk);\n }\n\n // EC keys — compressed, need decompression\n return decompressEcKey(keyBytes, keyType.crv).x.toString(); // This throws\n}\n"]}
@@ -1,2 +1,2 @@
1
- export { C as Caip10, D as Did, H as Hex, P as ParsedCaip10, a as ParsedCaip2, b as ParsedDidUrl, c as PrivateKeyDidValidation, d as assertBareDid, e as buildCaip10, f as buildCaip2, g as buildDidPkh, h as buildDidPkhFromCaip10, j as buildDidWeb, k as buildEvmDidPkh, l as canonicalizeForHash, m as canonicalizeJson, n as computeDidAddress, o as computeDidHash, p as didToAddress, q as extractAddressFromDid, r as extractControllerEvmAddress, s as extractDidIdentifier, t as extractDidMethod, u as getAddressFromDidPkh, v as getChainIdFromDidPkh, w as getDomainFromDidWeb, x as getNamespaceFromDidPkh, y as hashCanonicalizedJson, z as isDidUrl, A as isEvmDidPkh, B as isPrivateKeyDid, E as isSameControllerId, F as isValidDid, G as normalizeCaip10, I as normalizeDid, J as normalizeDidHandle, K as normalizeDidJwk, L as normalizeDidKey, M as normalizeDidPkh, N as normalizeDidWeb, O as normalizeDomain, Q as parseCaip10, R as parseCaip2, S as parseDidUrl, T as validateDidAddress, U as validatePrivateKeyDid } from '../index-BOvk-7Ku.cjs';
2
- export { A as AuthorizationMetadata, J as JwkValidationResult, a as JwsVerificationError, b as JwsVerificationFailure, c as JwsVerificationResult, P as PublicJwk, d as PublicKeySource, R as ResolveKeyOptions, e as ResolvedControllerDid, f as ResolvedPublicKey, g as computeJwkThumbprint, h as didJwkToJwk, i as extractAuthorizationMetadata, j as formatJktValue, k as jwkToDidJwk, p as publicJwkEquals, r as resolveDidUrlToControllerDid, l as resolveDidUrlToPublicKey, v as validatePublicJwk } from '../types-dpYxRq8N.cjs';
1
+ export { A as ArtifactVerificationResult, C as Caip10, D as Did, H as Hex, P as ParsedArtifactDid, a as ParsedCaip10, b as ParsedCaip2, c as ParsedDidUrl, d as PrivateKeyDidValidation, e as artifactDidFromBytes, f as artifactDidFromJson, g as assertBareDid, h as assertJsonSafe, j as buildCaip10, k as buildCaip2, l as buildDidPkh, m as buildDidPkhFromCaip10, n as buildDidWeb, o as buildEvmDidPkh, p as canonicalizeAndKeccak256, q as canonicalizeForHash, r as canonicalizeJson, s as computeDidAddress, t as computeDidHash, u as didEthrToDidPkh, v as didKeyToDidJwk, w as didToAddress, x as extractAddressFromDid, y as extractControllerEvmAddress, z as extractDidIdentifier, B as extractDidMethod, E as getAddressFromDidPkh, F as getChainIdFromDidPkh, G as getDomainFromDidWeb, I as getNamespaceFromDidPkh, J as hashCanonicalizedJson, K as isDidUrl, L as isEvmDidPkh, M as isPrivateKeyDid, N as isSameControllerId, O as isValidDid, Q as normalizeCaip10, R as normalizeDid, S as normalizeDidHandle, T as normalizeDidJwk, U as normalizeDidKey, V as normalizeDidPkh, W as normalizeDidWeb, X as normalizeDomain, Y as parseArtifactDid, Z as parseCaip10, _ as parseCaip2, $ as parseDidUrl, a0 as parseJsonStrict, a1 as validateDidAddress, a2 as validatePrivateKeyDid, a3 as verifyDidArtifact } from '../index-C7odEbp6.cjs';
2
+ export { A as AuthorizationMetadata, J as JwkValidationResult, a as JwsVerificationError, b as JwsVerificationFailure, c as JwsVerificationResult, P as PublicJwk, d as PublicKeySource, R as ResolveKeyOptions, e as ResolvedControllerDid, f as ResolvedPublicKey, V as VerificationResultInput, g as computeJwkThumbprint, h as didJwkToJwk, i as extractAuthorizationMetadata, j as formatJktValue, k as jwkToDidJwk, p as publicJwkEquals, r as resolveDidUrlToControllerDid, l as resolveDidUrlToPublicKey, v as validatePublicJwk } from '../types-Dn0OwaNj.cjs';
@@ -1,2 +1,2 @@
1
- export { C as Caip10, D as Did, H as Hex, P as ParsedCaip10, a as ParsedCaip2, b as ParsedDidUrl, c as PrivateKeyDidValidation, d as assertBareDid, e as buildCaip10, f as buildCaip2, g as buildDidPkh, h as buildDidPkhFromCaip10, j as buildDidWeb, k as buildEvmDidPkh, l as canonicalizeForHash, m as canonicalizeJson, n as computeDidAddress, o as computeDidHash, p as didToAddress, q as extractAddressFromDid, r as extractControllerEvmAddress, s as extractDidIdentifier, t as extractDidMethod, u as getAddressFromDidPkh, v as getChainIdFromDidPkh, w as getDomainFromDidWeb, x as getNamespaceFromDidPkh, y as hashCanonicalizedJson, z as isDidUrl, A as isEvmDidPkh, B as isPrivateKeyDid, E as isSameControllerId, F as isValidDid, G as normalizeCaip10, I as normalizeDid, J as normalizeDidHandle, K as normalizeDidJwk, L as normalizeDidKey, M as normalizeDidPkh, N as normalizeDidWeb, O as normalizeDomain, Q as parseCaip10, R as parseCaip2, S as parseDidUrl, T as validateDidAddress, U as validatePrivateKeyDid } from '../index-R78TpAhN.js';
2
- export { A as AuthorizationMetadata, J as JwkValidationResult, a as JwsVerificationError, b as JwsVerificationFailure, c as JwsVerificationResult, P as PublicJwk, d as PublicKeySource, R as ResolveKeyOptions, e as ResolvedControllerDid, f as ResolvedPublicKey, g as computeJwkThumbprint, h as didJwkToJwk, i as extractAuthorizationMetadata, j as formatJktValue, k as jwkToDidJwk, p as publicJwkEquals, r as resolveDidUrlToControllerDid, l as resolveDidUrlToPublicKey, v as validatePublicJwk } from '../types-dpYxRq8N.js';
1
+ export { A as ArtifactVerificationResult, C as Caip10, D as Did, H as Hex, P as ParsedArtifactDid, a as ParsedCaip10, b as ParsedCaip2, c as ParsedDidUrl, d as PrivateKeyDidValidation, e as artifactDidFromBytes, f as artifactDidFromJson, g as assertBareDid, h as assertJsonSafe, j as buildCaip10, k as buildCaip2, l as buildDidPkh, m as buildDidPkhFromCaip10, n as buildDidWeb, o as buildEvmDidPkh, p as canonicalizeAndKeccak256, q as canonicalizeForHash, r as canonicalizeJson, s as computeDidAddress, t as computeDidHash, u as didEthrToDidPkh, v as didKeyToDidJwk, w as didToAddress, x as extractAddressFromDid, y as extractControllerEvmAddress, z as extractDidIdentifier, B as extractDidMethod, E as getAddressFromDidPkh, F as getChainIdFromDidPkh, G as getDomainFromDidWeb, I as getNamespaceFromDidPkh, J as hashCanonicalizedJson, K as isDidUrl, L as isEvmDidPkh, M as isPrivateKeyDid, N as isSameControllerId, O as isValidDid, Q as normalizeCaip10, R as normalizeDid, S as normalizeDidHandle, T as normalizeDidJwk, U as normalizeDidKey, V as normalizeDidPkh, W as normalizeDidWeb, X as normalizeDomain, Y as parseArtifactDid, Z as parseCaip10, _ as parseCaip2, $ as parseDidUrl, a0 as parseJsonStrict, a1 as validateDidAddress, a2 as validatePrivateKeyDid, a3 as verifyDidArtifact } from '../index-Bu-xxcv9.js';
2
+ export { A as AuthorizationMetadata, J as JwkValidationResult, a as JwsVerificationError, b as JwsVerificationFailure, c as JwsVerificationResult, P as PublicJwk, d as PublicKeySource, R as ResolveKeyOptions, e as ResolvedControllerDid, f as ResolvedPublicKey, V as VerificationResultInput, g as computeJwkThumbprint, h as didJwkToJwk, i as extractAuthorizationMetadata, j as formatJktValue, k as jwkToDidJwk, p as publicJwkEquals, r as resolveDidUrlToControllerDid, l as resolveDidUrlToPublicKey, v as validatePublicJwk } from '../types-Dn0OwaNj.js';