@pan-sec/notebooklm-mcp 1.4.0

package/dist/utils/crypto.js

@@ -0,0 +1,612 @@
+/**
+ * Post-Quantum Cryptographic Utilities for NotebookLM MCP Server
+ *
+ * Provides quantum-resistant encryption at rest using hybrid encryption:
+ * - ML-KEM-768 (Kyber) for post-quantum key encapsulation
+ * - ChaCha20-Poly1305 for symmetric encryption (NOT AES-GCM)
+ * - PBKDF2 for key derivation from passwords
+ * - Machine-derived keys (fallback)
+ *
+ * Why ChaCha20-Poly1305 over AES-GCM:
+ * - Constant-time by design (no cache timing side-channels)
+ * - Faster in software without hardware AES-NI
+ * - Simpler construction, less prone to implementation errors
+ * - Used by Google, Cloudflare for TLS
+ *
+ * This hybrid approach ensures:
+ * 1. Current security via ChaCha20-Poly1305
+ * 2. Future quantum resistance via ML-KEM-768
+ *
+ * Added by Pantheon Security for hardened fork.
+ */
+import crypto from "crypto";
+import fs from "fs";
+import path from "path";
+import os from "os";
+import { ml_kem768 } from "@noble/post-quantum/ml-kem";
+import { log } from "./logger.js";
+import { audit } from "./audit-logger.js";
+/**
+ * Constants
+ */
+const ALGORITHM = "chacha20-poly1305";
+const PQ_ALGORITHM = "ML-KEM-768";
+const KEY_LENGTH = 32; // 256 bits
+const NONCE_LENGTH = 12; // 96 bits for ChaCha20
+const SALT_LENGTH = 32;
+const CURRENT_VERSION = 3; // Version 3 = Post-Quantum + ChaCha20-Poly1305
+const CLASSICAL_VERSION = 2; // Version 2 = ChaCha20-Poly1305 classical
+// Legacy versions for migration (detected by presence of 'iv' and 'tag' fields)
+// LEGACY_PQ_VERSION = 2 (old PQ with AES-GCM)
+// LEGACY_CLASSICAL_VERSION = 1 (old classical with AES-GCM)
+/**
+ * Get encryption configuration from environment
+ */
+function getEncryptionConfig() {
+    return {
+        enabled: process.env.NLMCP_ENCRYPTION_ENABLED !== "false",
+        key: process.env.NLMCP_ENCRYPTION_KEY,
+        keyFile: process.env.NLMCP_ENCRYPTION_KEY_FILE,
+        useMachineKey: process.env.NLMCP_USE_MACHINE_KEY !== "false",
+        pbkdf2Iterations: parseInt(process.env.NLMCP_PBKDF2_ITERATIONS || "100000", 10),
+        usePostQuantum: process.env.NLMCP_USE_POST_QUANTUM !== "false",
+    };
+}
+/**
+ * Derive a key from a passphrase using PBKDF2
+ */
+export function deriveKey(passphrase, salt, iterations = 100000) {
+    return crypto.pbkdf2Sync(passphrase, salt, iterations, KEY_LENGTH, "sha256");
+}
+/**
+ * Generate a machine-derived key based on hardware/OS identifiers
+ *
+ * Note: This provides obscurity, not true security. It's a fallback
+ * when no user key is provided.
+ */
+export function getMachineKey() {
+    const components = [
+        os.hostname(),
+        os.platform(),
+        os.arch(),
+        os.cpus()[0]?.model || "unknown",
+        os.homedir(),
+    ];
+    // Create a deterministic key from machine components
+    const combined = components.join("|");
+    const hash = crypto.createHash("sha256").update(combined).digest("hex");
+    return hash;
+}
+/**
+ * Generate ML-KEM key pair for post-quantum encryption
+ */
+export function generatePQKeyPair() {
+    const keys = ml_kem768.keygen();
+    return {
+        publicKey: keys.publicKey,
+        secretKey: keys.secretKey,
+    };
+}
+/**
+ * Encrypt data using hybrid post-quantum encryption
+ * ML-KEM-768 + ChaCha20-Poly1305
+ *
+ * Process:
+ * 1. Encapsulate a shared secret using recipient's public key (ML-KEM-768)
+ * 2. Derive ChaCha20 key from shared secret + salt
+ * 3. Encrypt data with ChaCha20-Poly1305 (AEAD)
+ */
+export function encryptPQ(data, recipientPublicKey) {
+    // Step 1: Encapsulate a shared secret using ML-KEM
+    const { cipherText: encapsulatedKey, sharedSecret } = ml_kem768.encapsulate(recipientPublicKey);
+    // Step 2: Generate nonce and salt
+    const salt = crypto.randomBytes(SALT_LENGTH);
+    const nonce = crypto.randomBytes(NONCE_LENGTH);
+    // Step 3: Derive ChaCha20 key from shared secret + salt
+    const chachaKey = crypto.createHash("sha256")
+        .update(Buffer.from(sharedSecret))
+        .update(salt)
+        .digest();
+    // Step 4: Encrypt with ChaCha20-Poly1305
+    const cipher = crypto.createCipheriv(ALGORITHM, chachaKey, nonce, {
+        authTagLength: 16,
+    });
+    const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, "utf-8");
+    const encrypted = Buffer.concat([cipher.update(dataBuffer), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Combine ciphertext + auth tag (standard practice for ChaCha20-Poly1305)
+    const ciphertextWithTag = Buffer.concat([encrypted, authTag]);
+    // Clear sensitive data from memory
+    chachaKey.fill(0);
+    return {
+        version: CURRENT_VERSION,
+        algorithm: ALGORITHM,
+        pqAlgorithm: PQ_ALGORITHM,
+        encapsulatedKey: Buffer.from(encapsulatedKey).toString("base64"),
+        nonce: nonce.toString("base64"),
+        salt: salt.toString("base64"),
+        ciphertext: ciphertextWithTag.toString("base64"),
+    };
+}
+/**
+ * Decrypt data using hybrid post-quantum decryption
+ * ML-KEM-768 + ChaCha20-Poly1305
+ */
+export function decryptPQ(encryptedData, recipientSecretKey) {
+    if (encryptedData.version !== CURRENT_VERSION) {
+        throw new Error(`Unsupported PQ encryption version: ${encryptedData.version}`);
+    }
+    // Step 1: Decapsulate the shared secret
+    const encapsulatedKey = new Uint8Array(Buffer.from(encryptedData.encapsulatedKey, "base64"));
+    const sharedSecret = ml_kem768.decapsulate(encapsulatedKey, recipientSecretKey);
+    // Step 2: Derive ChaCha20 key
+    const salt = Buffer.from(encryptedData.salt, "base64");
+    const chachaKey = crypto.createHash("sha256")
+        .update(Buffer.from(sharedSecret))
+        .update(salt)
+        .digest();
+    // Step 3: Split ciphertext and auth tag
+    const ciphertextWithTag = Buffer.from(encryptedData.ciphertext, "base64");
+    const ciphertext = ciphertextWithTag.subarray(0, -16);
+    const authTag = ciphertextWithTag.subarray(-16);
+    // Step 4: Decrypt with ChaCha20-Poly1305
+    const nonce = Buffer.from(encryptedData.nonce, "base64");
+    const decipher = crypto.createDecipheriv(ALGORITHM, chachaKey, nonce, {
+        authTagLength: 16,
+    });
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    // Clear sensitive data from memory
+    chachaKey.fill(0);
+    return decrypted;
+}
+/**
+ * Classical ChaCha20-Poly1305 encryption (fallback)
+ */
+export function encryptClassical(data, key) {
+    const nonce = crypto.randomBytes(NONCE_LENGTH);
+    const salt = crypto.randomBytes(SALT_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, nonce, {
+        authTagLength: 16,
+    });
+    const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, "utf-8");
+    const encrypted = Buffer.concat([cipher.update(dataBuffer), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Combine ciphertext + auth tag
+    const ciphertextWithTag = Buffer.concat([encrypted, authTag]);
+    return {
+        version: CLASSICAL_VERSION,
+        algorithm: ALGORITHM,
+        nonce: nonce.toString("base64"),
+        salt: salt.toString("base64"),
+        ciphertext: ciphertextWithTag.toString("base64"),
+    };
+}
+/**
+ * Classical ChaCha20-Poly1305 decryption (fallback)
+ */
+export function decryptClassical(encryptedData, key) {
+    if (encryptedData.version !== CLASSICAL_VERSION) {
+        throw new Error(`Unsupported classical encryption version: ${encryptedData.version}`);
+    }
+    const nonce = Buffer.from(encryptedData.nonce, "base64");
+    const ciphertextWithTag = Buffer.from(encryptedData.ciphertext, "base64");
+    const ciphertext = ciphertextWithTag.subarray(0, -16);
+    const authTag = ciphertextWithTag.subarray(-16);
+    const decipher = crypto.createDecipheriv(ALGORITHM, key, nonce, {
+        authTagLength: 16,
+    });
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return decrypted;
+}
+/**
+ * Decrypt legacy AES-GCM encrypted data (for migration)
+ */
+function decryptLegacyAES(encryptedData, key, pqSecretKey) {
+    let aesKey;
+    // Check if this is PQ encrypted (has encapsulatedKey)
+    if (encryptedData.encapsulatedKey && pqSecretKey) {
+        const encapsulatedKey = new Uint8Array(Buffer.from(encryptedData.encapsulatedKey, "base64"));
+        const sharedSecret = ml_kem768.decapsulate(encapsulatedKey, pqSecretKey);
+        const salt = Buffer.from(encryptedData.salt, "base64");
+        aesKey = crypto.createHash("sha256")
+            .update(Buffer.from(sharedSecret))
+            .update(salt)
+            .digest();
+    }
+    else {
+        aesKey = key;
+    }
+    const iv = Buffer.from(encryptedData.iv, "base64");
+    const tag = Buffer.from(encryptedData.tag, "base64");
+    const ciphertext = Buffer.from(encryptedData.ciphertext, "base64");
+    const decipher = crypto.createDecipheriv("aes-256-gcm", aesKey, iv, {
+        authTagLength: 16,
+    });
+    decipher.setAuthTag(tag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    // Clear key if we derived it
+    if (encryptedData.encapsulatedKey) {
+        aesKey.fill(0);
+    }
+    return decrypted;
+}
+/**
+ * Check if encrypted data is legacy AES-GCM format
+ */
+function isLegacyFormat(data) {
+    return data && data.iv !== undefined && data.tag !== undefined;
+}
+/**
+ * Post-Quantum Secure Storage Class
+ *
+ * Provides encrypted file storage using hybrid post-quantum encryption
+ * with ChaCha20-Poly1305 (NOT AES-GCM).
+ */
+export class SecureStorage {
+    config;
+    classicalKey = null;
+    pqKeyPair = null;
+    initialized = false;
+    keyStorePath;
+    constructor(config) {
+        this.config = { ...getEncryptionConfig(), ...config };
+        this.keyStorePath = path.join(process.env.NLMCP_CONFIG_DIR || path.join(os.homedir(), ".notebooklm-mcp"), "pq-keys.enc");
+    }
+    /**
+     * Initialize the secure storage (derive/load keys)
+     */
+    async initialize() {
+        if (this.initialized)
+            return;
+        if (!this.config.enabled) {
+            log.info("🔓 Encryption is disabled");
+            this.initialized = true;
+            return;
+        }
+        log.info("🔐 Initializing post-quantum secure storage (ChaCha20-Poly1305)...");
+        try {
+            // Initialize classical key for backward compatibility
+            await this.initializeClassicalKey();
+            // Initialize post-quantum keys if enabled
+            if (this.config.usePostQuantum) {
+                await this.initializePQKeys();
+            }
+            this.initialized = true;
+        }
+        catch (error) {
+            log.error(`  ❌ Failed to initialize encryption: ${error}`);
+            this.config.enabled = false;
+            await audit.security("encryption_init_failed", "error", { error: String(error) });
+        }
+    }
+    /**
+     * Initialize classical encryption key
+     */
+    async initializeClassicalKey() {
+        // Priority 1: Environment variable key
+        if (this.config.key) {
+            this.classicalKey = Buffer.from(this.config.key, "base64");
+            if (this.classicalKey.length !== KEY_LENGTH) {
+                throw new Error(`Invalid key length: expected ${KEY_LENGTH} bytes, got ${this.classicalKey.length}`);
+            }
+            log.success("  ✅ Using classical key from environment");
+            await audit.security("encryption_init", "info", { key_source: "environment", algorithm: ALGORITHM });
+            return;
+        }
+        // Priority 2: Key file
+        if (this.config.keyFile && fs.existsSync(this.config.keyFile)) {
+            const keyBase64 = fs.readFileSync(this.config.keyFile, "utf-8").trim();
+            this.classicalKey = Buffer.from(keyBase64, "base64");
+            if (this.classicalKey.length !== KEY_LENGTH) {
+                throw new Error(`Invalid key length in file: expected ${KEY_LENGTH} bytes`);
+            }
+            log.success("  ✅ Using classical key from file");
+            await audit.security("encryption_init", "info", { key_source: "file", algorithm: ALGORITHM });
+            return;
+        }
+        // Priority 3: Machine-derived key (fallback)
+        if (this.config.useMachineKey) {
+            const machineKey = getMachineKey();
+            const salt = Buffer.from("notebooklm-mcp-secure-salt-v3", "utf-8");
+            this.classicalKey = deriveKey(machineKey, salt, this.config.pbkdf2Iterations);
+            log.warning("  ⚠️ Using machine-derived classical key (less secure)");
+            log.info("     Set NLMCP_ENCRYPTION_KEY for better security");
+            await audit.security("encryption_init", "warning", { key_source: "machine_derived", algorithm: ALGORITHM });
+            return;
+        }
+        // No key available
+        log.warning("  ⚠️ No classical encryption key available");
+        this.config.enabled = false;
+        await audit.security("encryption_disabled", "warning", { reason: "no_key_available" });
+    }
+    /**
+     * Initialize post-quantum keys
+     */
+    async initializePQKeys() {
+        // Try to load existing PQ keys (may be in legacy or new format)
+        if (fs.existsSync(this.keyStorePath) && this.classicalKey) {
+            try {
+                const content = fs.readFileSync(this.keyStorePath, "utf-8");
+                const encrypted = JSON.parse(content);
+                let decrypted;
+                // Check if legacy AES-GCM format
+                if (isLegacyFormat(encrypted)) {
+                    log.info("  🔄 Migrating PQ keys from AES-GCM to ChaCha20-Poly1305...");
+                    decrypted = decryptLegacyAES(encrypted, this.classicalKey);
+                }
+                else {
+                    decrypted = decryptClassical(encrypted, this.classicalKey);
+                }
+                const keys = JSON.parse(decrypted.toString("utf-8"));
+                this.pqKeyPair = {
+                    publicKey: new Uint8Array(Buffer.from(keys.publicKey, "base64")),
+                    secretKey: new Uint8Array(Buffer.from(keys.secretKey, "base64")),
+                };
+                // Re-save with new format if it was legacy
+                if (isLegacyFormat(encrypted)) {
+                    await this.savePQKeys();
+                    log.success("  ✅ PQ keys migrated to ChaCha20-Poly1305");
+                }
+                else {
+                    log.success("  ✅ Loaded existing ML-KEM-768 key pair");
+                }
+                await audit.security("pq_keys_loaded", "info", { algorithm: ALGORITHM });
+                return;
+            }
+            catch (error) {
+                log.warning(`  ⚠️ Failed to load PQ keys, generating new: ${error}`);
+            }
+        }
+        // Generate new PQ key pair
+        log.info("  🔑 Generating new ML-KEM-768 key pair...");
+        this.pqKeyPair = generatePQKeyPair();
+        // Save encrypted PQ keys
+        await this.savePQKeys();
+        log.success("  ✅ Generated and saved ML-KEM-768 key pair");
+        await audit.security("pq_keys_generated", "info", { algorithm: ALGORITHM });
+    }
+    /**
+     * Save PQ keys with ChaCha20-Poly1305 encryption
+     */
+    async savePQKeys() {
+        if (!this.classicalKey || !this.pqKeyPair)
+            return;
+        const keysJson = JSON.stringify({
+            publicKey: Buffer.from(this.pqKeyPair.publicKey).toString("base64"),
+            secretKey: Buffer.from(this.pqKeyPair.secretKey).toString("base64"),
+        });
+        const encrypted = encryptClassical(keysJson, this.classicalKey);
+        const dir = path.dirname(this.keyStorePath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+        }
+        fs.writeFileSync(this.keyStorePath, JSON.stringify(encrypted, null, 2), {
+            mode: 0o600,
+        });
+    }
+    /**
+     * Save data to an encrypted file
+     */
+    async save(filePath, data) {
+        await this.initialize();
+        const dataStr = typeof data === "string" ? data : JSON.stringify(data, null, 2);
+        const dir = path.dirname(filePath);
+        // Ensure directory exists
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+        }
+        if (!this.config.enabled) {
+            // Save unencrypted
+            fs.writeFileSync(filePath, dataStr, { mode: 0o600 });
+            log.info(`📝 Saved (unencrypted): ${path.basename(filePath)}`);
+            return;
+        }
+        let encrypted;
+        let encryptedPath;
+        // Use post-quantum encryption if available
+        if (this.config.usePostQuantum && this.pqKeyPair) {
+            encrypted = encryptPQ(dataStr, this.pqKeyPair.publicKey);
+            encryptedPath = filePath + ".pqenc";
+            log.info(`🔐 Saved with ML-KEM-768 + ChaCha20-Poly1305: ${path.basename(encryptedPath)}`);
+        }
+        else if (this.classicalKey) {
+            encrypted = encryptClassical(dataStr, this.classicalKey);
+            encryptedPath = filePath + ".enc";
+            log.info(`🔐 Saved with ChaCha20-Poly1305: ${path.basename(encryptedPath)}`);
+        }
+        else {
+            // Save unencrypted as fallback
+            fs.writeFileSync(filePath, dataStr, { mode: 0o600 });
+            log.warning(`⚠️ Saved unencrypted (no keys): ${path.basename(filePath)}`);
+            return;
+        }
+        fs.writeFileSync(encryptedPath, JSON.stringify(encrypted, null, 2), {
+            mode: 0o600,
+        });
+        // Remove unencrypted and other encrypted versions if they exist
+        const extensions = ["", ".enc", ".pqenc"];
+        for (const ext of extensions) {
+            const oldPath = filePath + ext;
+            if (oldPath !== encryptedPath && fs.existsSync(oldPath)) {
+                fs.unlinkSync(oldPath);
+            }
+        }
+    }
+    /**
+     * Load data from an encrypted file
+     */
+    async load(filePath) {
+        await this.initialize();
+        // Check for PQ encrypted version first
+        const pqEncryptedPath = filePath + ".pqenc";
+        if (this.pqKeyPair && fs.existsSync(pqEncryptedPath)) {
+            try {
+                const content = fs.readFileSync(pqEncryptedPath, "utf-8");
+                const encrypted = JSON.parse(content);
+                let decrypted;
+                // Check if legacy AES-GCM format
+                if (isLegacyFormat(encrypted)) {
+                    log.info(`🔄 Migrating ${path.basename(pqEncryptedPath)} from AES-GCM to ChaCha20-Poly1305...`);
+                    decrypted = decryptLegacyAES(encrypted, this.classicalKey, this.pqKeyPair.secretKey);
+                    // Re-save with new format
+                    await this.save(filePath, decrypted.toString("utf-8"));
+                    log.success(`  ✅ Migration complete`);
+                }
+                else {
+                    decrypted = decryptPQ(encrypted, this.pqKeyPair.secretKey);
+                }
+                log.info(`🔓 Loaded (ML-KEM-768 + ChaCha20): ${path.basename(pqEncryptedPath)}`);
+                return decrypted.toString("utf-8");
+            }
+            catch (error) {
+                log.error(`❌ Failed to decrypt ${pqEncryptedPath}: ${error}`);
+                await audit.security("decryption_failed", "error", {
+                    file: pqEncryptedPath,
+                    type: "post-quantum",
+                    error: String(error),
+                });
+                return null;
+            }
+        }
+        // Check for classical encrypted version
+        const classicalEncryptedPath = filePath + ".enc";
+        if (this.classicalKey && fs.existsSync(classicalEncryptedPath)) {
+            try {
+                const content = fs.readFileSync(classicalEncryptedPath, "utf-8");
+                const encrypted = JSON.parse(content);
+                let decrypted;
+                // Check if legacy AES-GCM format
+                if (isLegacyFormat(encrypted)) {
+                    log.info(`🔄 Migrating ${path.basename(classicalEncryptedPath)} from AES-GCM to ChaCha20-Poly1305...`);
+                    decrypted = decryptLegacyAES(encrypted, this.classicalKey);
+                }
+                else {
+                    decrypted = decryptClassical(encrypted, this.classicalKey);
+                }
+                log.info(`🔓 Loaded (ChaCha20-Poly1305): ${path.basename(classicalEncryptedPath)}`);
+                // Migrate to PQ encryption if enabled
+                if (this.config.usePostQuantum && this.pqKeyPair) {
+                    log.info(`🔄 Upgrading ${path.basename(filePath)} to post-quantum encryption`);
+                    await this.save(filePath, decrypted.toString("utf-8"));
+                }
+                else if (isLegacyFormat(encrypted)) {
+                    // Re-save with ChaCha20-Poly1305 if it was legacy AES
+                    await this.save(filePath, decrypted.toString("utf-8"));
+                    log.success(`  ✅ Migration complete`);
+                }
+                return decrypted.toString("utf-8");
+            }
+            catch (error) {
+                log.error(`❌ Failed to decrypt ${classicalEncryptedPath}: ${error}`);
+                await audit.security("decryption_failed", "error", {
+                    file: classicalEncryptedPath,
+                    type: "classical",
+                    error: String(error),
+                });
+                return null;
+            }
+        }
+        // Fall back to unencrypted version
+        if (fs.existsSync(filePath)) {
+            const content = fs.readFileSync(filePath, "utf-8");
+            log.info(`📝 Loaded (unencrypted): ${path.basename(filePath)}`);
+            // Migrate to encrypted storage if enabled
+            if (this.config.enabled && (this.pqKeyPair || this.classicalKey)) {
+                log.info(`🔄 Encrypting ${path.basename(filePath)} with ChaCha20-Poly1305`);
+                await this.save(filePath, content);
+            }
+            return content;
+        }
+        return null;
+    }
+    /**
+     * Load JSON data from an encrypted file
+     */
+    async loadJSON(filePath) {
+        const content = await this.load(filePath);
+        if (!content)
+            return null;
+        try {
+            return JSON.parse(content);
+        }
+        catch (error) {
+            log.error(`❌ Failed to parse JSON from ${filePath}: ${error}`);
+            return null;
+        }
+    }
+    /**
+     * Delete an encrypted file
+     */
+    async delete(filePath) {
+        let deleted = false;
+        const extensions = ["", ".enc", ".pqenc"];
+        for (const ext of extensions) {
+            const fullPath = filePath + ext;
+            if (fs.existsSync(fullPath)) {
+                fs.unlinkSync(fullPath);
+                deleted = true;
+            }
+        }
+        return deleted;
+    }
+    /**
+     * Check if a file exists (any encrypted or unencrypted version)
+     */
+    exists(filePath) {
+        return (fs.existsSync(filePath) ||
+            fs.existsSync(filePath + ".enc") ||
+            fs.existsSync(filePath + ".pqenc"));
+    }
+    /**
+     * Get encryption status
+     */
+    getStatus() {
+        let classicalKeySource = "none";
+        if (this.config.enabled && this.classicalKey) {
+            if (this.config.key)
+                classicalKeySource = "environment";
+            else if (this.config.keyFile)
+                classicalKeySource = "file";
+            else
+                classicalKeySource = "machine_derived";
+        }
+        return {
+            enabled: this.config.enabled,
+            classicalKeySource,
+            postQuantumEnabled: this.config.usePostQuantum && this.pqKeyPair !== null,
+            algorithm: ALGORITHM,
+            pqAlgorithm: this.pqKeyPair ? PQ_ALGORITHM : null,
+        };
+    }
+    /**
+     * Generate a new random encryption key (classical)
+     */
+    static generateKey() {
+        const key = crypto.randomBytes(KEY_LENGTH);
+        return key.toString("base64");
+    }
+    /**
+     * Export public key for sharing (e.g., for external encryption)
+     */
+    getPublicKey() {
+        if (!this.pqKeyPair)
+            return null;
+        return Buffer.from(this.pqKeyPair.publicKey).toString("base64");
+    }
+}
+/**
+ * Global secure storage instance
+ */
+let globalSecureStorage = null;
+/**
+ * Get or create the global secure storage
+ */
+export function getSecureStorage() {
+    if (!globalSecureStorage) {
+        globalSecureStorage = new SecureStorage();
+    }
+    return globalSecureStorage;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/utils/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/utils/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AA4D1C;;GAEG;AACH,MAAM,SAAS,GAAG,mBAAmB,CAAC;AACtC,MAAM,YAAY,GAAG,YAAY,CAAC;AAClC,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,WAAW;AAClC,MAAM,YAAY,GAAG,EAAE,CAAC,CAAE,uBAAuB;AACjD,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,+CAA+C;AAC1E,MAAM,iBAAiB,GAAG,CAAC,CAAC,CAAC,0CAA0C;AACvE,gFAAgF;AAChF,8CAA8C;AAC9C,4DAA4D;AAE5D;;GAEG;AACH,SAAS,mBAAmB;IAC1B,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,OAAO;QACzD,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB;QACrC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QAC9C,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,OAAO;QAC5D,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,QAAQ,EAAE,EAAE,CAAC;QAC/E,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,OAAO;KAC/D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,UAAkB,EAAE,IAAY,EAAE,aAAqB,MAAM;IACrF,OAAO,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;AAC/E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,UAAU,GAAG;QACjB,EAAE,CAAC,QAAQ,EAAE;QACb,EAAE,CAAC,QAAQ,EAAE;QACb,EAAE,CAAC,IAAI,EAAE;QACT,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,SAAS;QAChC,EAAE,CAAC,OAAO,EAAE;KACb,CAAC;IAEF,qDAAqD;IACrD,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAExE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;IAChC,OAAO;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,SAAS,CACvB,IAAqB,EACrB,kBAA8B;IAE9B,mDAAmD;IACnD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;IAEhG,kCAAkC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAE/C,wDAAwD;IACxD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;SAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;SACjC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,EAAE,CAAC;IAEZ,yCAAyC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE;QAChE,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,0EAA0E;IAC1E,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAE9D,mCAAmC;IACnC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAElB,OAAO;QACL,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,YAAY;QACzB,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAChE,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACjD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CACvB,aAA8B,EAC9B,kBAA8B;IAE9B,IAAI,aAAa,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,wCAAwC;IACxC,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC7F,MAAM,YAAY,GAAG,SAAS,CAAC,WAAW,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;IAEhF,8BAA8B;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;SAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;SACjC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,EAAE,CAAC;IAEZ,wCAAwC;IACxC,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;IAEhD,yCAAyC;IACzC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE;QACpE,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IACH,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEjF,mCAAmC;IACnC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAElB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAqB,EAAE,GAAW;IACjE,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE;QAC1D,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,gCAAgC;IAChC,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAE9D,OAAO;QACL,OAAO,EAAE,iBAAiB;QAC1B,SAAS,EAAE,SAAS;QACpB,KAAK,EAAE,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACjD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,aAAqC,EAAE,GAAW;IACjF,IAAI,aAAa,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,6CAA6C,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE;QAC9D,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IACH,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACjF,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CACvB,aAAqC,EACrC,GAAW,EACX,WAAwB;IAExB,IAAI,MAAc,CAAC;IAEnB,sDAAsD;IACtD,IAAI,aAAa,CAAC,eAAe,IAAI,WAAW,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC7F,MAAM,YAAY,GAAG,SAAS,CAAC,WAAW,CAAC,eAAe,EAAE,WAAW,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;aACjC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;aACjC,MAAM,CAAC,IAAI,CAAC;aACZ,MAAM,EAAE,CAAC;IACd,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC;IACf,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE;QAClE,aAAa,EAAE,EAAE;KAClB,CAAC,CAAC;IACH,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAEjF,6BAA6B;IAC7B,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAS;IAC/B,OAAO,IAAI,IAAI,IAAI,CAAC,EAAE,KAAK,SAAS,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,CAAC;AACjE,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,aAAa;IAChB,MAAM,CAAmB;IACzB,YAAY,GAAkB,IAAI,CAAC;IACnC,SAAS,GAA4D,IAAI,CAAC;IAC1E,WAAW,GAAY,KAAK,CAAC;IAC7B,YAAY,CAAS;IAE7B,YAAY,MAAkC;QAC5C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,mBAAmB,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;QACtD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAC3B,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,iBAAiB,CAAC,EAC1E,aAAa,CACd,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YACtC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QAE/E,IAAI,CAAC;YACH,sDAAsD;YACtD,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAEpC,0CAA0C;YAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC/B,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAChC,CAAC;YAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,wCAAwC,KAAK,EAAE,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;YAC5B,MAAM,KAAK,CAAC,QAAQ,CAAC,wBAAwB,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB;QAClC,uCAAuC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpB,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC3D,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gCAAgC,UAAU,eAAe,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YACvG,CAAC;YACD,GAAG,CAAC,OAAO,CAAC,0CAA0C,CAAC,CAAC;YACxD,MAAM,KAAK,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YACrG,OAAO;QACT,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YACvE,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACrD,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,wCAAwC,UAAU,QAAQ,CAAC,CAAC;YAC9E,CAAC;YACD,GAAG,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YAC9F,OAAO;QACT,CAAC;QAED,6CAA6C;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC9B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,OAAO,CAAC,CAAC;YACnE,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC9E,GAAG,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;YAC9D,MAAM,KAAK,CAAC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,EAAE,EAAE,UAAU,EAAE,iBAAiB,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;YAC5G,OAAO;QACT,CAAC;QAED,mBAAmB;QACnB,GAAG,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;QAC5B,MAAM,KAAK,CAAC,QAAQ,CAAC,qBAAqB,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACzF,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB;QAC5B,gEAAgE;QAChE,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;gBAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAEtC,IAAI,SAAiB,CAAC;gBAEtB,iCAAiC;gBACjC,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,GAAG,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;oBACxE,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC7D,CAAC;gBAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBAErD,IAAI,CAAC,SAAS,GAAG;oBACf,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;oBAChE,SAAS,EAAE,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;iBACjE,CAAC;gBAEF,2CAA2C;gBAC3C,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;oBACxB,GAAG,CAAC,OAAO,CAAC,2CAA2C,CAAC,CAAC;gBAC3D,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC;gBACzD,CAAC;gBAED,MAAM,KAAK,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;gBACzE,OAAO;YACT,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,OAAO,CAAC,gDAAgD,KAAK,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,GAAG,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACvD,IAAI,CAAC,SAAS,GAAG,iBAAiB,EAAE,CAAC;QAErC,yBAAyB;QACzB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxB,GAAG,CAAC,OAAO,CAAC,6CAA6C,CAAC,CAAC;QAC3D,MAAM,KAAK,CAAC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO;QAElD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;YAC9B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;SACpE,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAEhE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YACtE,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE,IAAqB;QAChD,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,MAAM,OAAO,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEnC,0BAA0B;QAC1B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,mBAAmB;YACnB,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,IAAI,CAAC,2BAA2B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,SAAwB,CAAC;QAC7B,IAAI,aAAqB,CAAC;QAE1B,2CAA2C;QAC3C,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjD,SAAS,GAAG,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzD,aAAa,GAAG,QAAQ,GAAG,QAAQ,CAAC;YACpC,GAAG,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAC5F,CAAC;aAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7B,SAAS,GAAG,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;YACzD,aAAa,GAAG,QAAQ,GAAG,MAAM,CAAC;YAClC,GAAG,CAAC,IAAI,CAAC,oCAAoC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,OAAO,CAAC,mCAAmC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC1E,OAAO;QACT,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAClE,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QAEH,gEAAgE;QAChE,MAAM,UAAU,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,QAAQ,GAAG,GAAG,CAAC;YAC/B,IAAI,OAAO,KAAK,aAAa,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB;QACzB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,uCAAuC;QACvC,MAAM,eAAe,GAAG,QAAQ,GAAG,QAAQ,CAAC;QAC5C,IAAI,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;gBAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAEtC,IAAI,SAAiB,CAAC;gBAEtB,iCAAiC;gBACjC,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,uCAAuC,CAAC,CAAC;oBAChG,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,YAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;oBACtF,0BAA0B;oBAC1B,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;oBACvD,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;gBACxC,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,SAAS,CAAC,SAA4B,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;gBAChF,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,sCAAsC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;gBACjF,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,KAAK,CAAC,uBAAuB,eAAe,KAAK,KAAK,EAAE,CAAC,CAAC;gBAC9D,MAAM,KAAK,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,EAAE;oBACjD,IAAI,EAAE,eAAe;oBACrB,IAAI,EAAE,cAAc;oBACpB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,MAAM,sBAAsB,GAAG,QAAQ,GAAG,MAAM,CAAC;QACjD,IAAI,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC/D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,sBAAsB,EAAE,OAAO,CAAC,CAAC;gBACjE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAEtC,IAAI,SAAiB,CAAC;gBAEtB,iCAAiC;gBACjC,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9B,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,uCAAuC,CAAC,CAAC;oBACvG,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,gBAAgB,CAAC,SAAmC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;gBACvF,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,kCAAkC,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;gBAEpF,sCAAsC;gBACtC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACjD,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;oBAC/E,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBACzD,CAAC;qBAAM,IAAI,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;oBACrC,sDAAsD;oBACtD,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;oBACvD,GAAG,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;gBACxC,CAAC;gBAED,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,KAAK,CAAC,uBAAuB,sBAAsB,KAAK,KAAK,EAAE,CAAC,CAAC;gBACrE,MAAM,KAAK,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,EAAE;oBACjD,IAAI,EAAE,sBAAsB;oBAC5B,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;iBACrB,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,GAAG,CAAC,IAAI,CAAC,4BAA4B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAEhE,0CAA0C;YAC1C,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjE,GAAG,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;gBAC5E,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrC,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAI,QAAgB;QAChC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAM,CAAC;QAClC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,+BAA+B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB;QAC3B,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,UAAU,GAAG,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,QAAQ,GAAG,GAAG,CAAC;YAChC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACxB,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAgB;QACrB,OAAO,CACL,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;YACvB,EAAE,CAAC,UAAU,CAAC,QAAQ,GAAG,MAAM,CAAC;YAChC,EAAE,CAAC,UAAU,CAAC,QAAQ,GAAG,QAAQ,CAAC,CACnC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QAOP,IAAI,kBAAkB,GAAG,MAAM,CAAC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG;gBAAE,kBAAkB,GAAG,aAAa,CAAC;iBACnD,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,kBAAkB,GAAG,MAAM,CAAC;;gBACrD,kBAAkB,GAAG,iBAAiB,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,kBAAkB;YAClB,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,SAAS,KAAK,IAAI;YACzE,SAAS,EAAE,SAAS;YACpB,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI;SAClD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW;QAChB,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC3C,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACjC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClE,CAAC;CACF;AAED;;GAEG;AACH,IAAI,mBAAmB,GAAyB,IAAI,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,mBAAmB,GAAG,IAAI,aAAa,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC"}