npm - @peac/audit - Versions diffs - 0.12.1 → 0.12.3 - Mend

@peac/audit 0.12.1 → 0.12.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/dispute-bundle-types.d.ts +3 -3
package/dist/dispute-bundle-types.d.ts.map +1 -1
package/dist/index.cjs.map +1 -1
package/dist/index.mjs.map +1 -1
package/package.json +4 -4

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/entry.ts","../src/jsonl.ts","../src/bundle.ts","../src/dispute-bundle-types.ts","../src/dispute-bundle.ts","../src/verification-report.ts","../src/index.ts"],"names":["BUNDLE_VERSION","BUNDLE_ERRORS","createHash","pathPosix","canonicalize","yazl","yauzl","sha256Hex","base64urlDecode","parseJws","verifyJws","CryptoError"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeO,IAAM,aAAA,GAAgB;AAKtB,IAAM,iBAAA,GAA+C;AAAA,EAC1D,gBAAA;AAAA,EACA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,eAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,eAAA;AAAA,EACA,qBAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA;AACF;AAKO,IAAM,gBAAA,GAA6C;AAAA,EACxD,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAQO,SAAS,eAAA,GAA0B;AAExC,EAAA,MAAM,QAAA,GAAW,kCAAA;AAGjB,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,IAAI,aAAA,GAAgB,EAAA;AACpB,EAAA,IAAI,IAAA,GAAO,GAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,aAAA,GAAgB,QAAA,CAAS,IAAA,GAAO,EAAE,CAAA,GAAI,aAAA;AACtC,IAAA,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,EAAE,CAAA;AAAA,EAC7B;AAGA,EAAA,IAAI,UAAA,GAAa,EAAA;AACjB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,UAAA,IAAc,SAAS,IAAA,CAAK,KAAA,CAAM,KAAK,MAAA,EAAO,GAAI,EAAE,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,aAAA,GAAgB,UAAA;AACzB;AAQO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,0BAAA,CAA2B,KAAK,EAAE,CAAA;AAC3C;AAQO,SAAS,oBAAoB,KAAA,EAA8B;AAEhE,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC3C,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA,EAAG;AAC1C,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,MAAM,cAAA,IAAkB,CAAC,kBAAkB,IAAA,CAAK,KAAA,CAAM,cAAc,CAAA,EAAG;AACzE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,MAAM,WAAA,IAAe,CAAC,iBAAiB,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA,EAAG;AAClE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAkBO,SAAS,iBAAiB,OAAA,EAA8C;AAC7E,EAAA,MAAM,KAAA,GAAoB;AAAA,IACxB,OAAA,EAAS,aAAA;AAAA,IACT,EAAA,EAAI,OAAA,CAAQ,EAAA,IAAM,eAAA,EAAgB;AAAA,IAClC,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,WAAW,OAAA,CAAQ,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACvD,QAAA,EAAU,QAAQ,QAAA,IAAY,MAAA;AAAA,IAC9B,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAEA,EAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,IAAA,KAAA,CAAM,QAAQ,OAAA,CAAQ,KAAA;AAAA,EACxB;AAEA,EAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,IAAA,KAAA,CAAM,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC1B;AAEA,EAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,IAAA,KAAA,CAAM,cAAc,OAAA,CAAQ,WAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAgBO,SAAS,mBAAmB,KAAA,EAAkC;AACnE,EAAA,MAAM,SAAmB,EAAC;AAE1B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAC,yBAAyB,CAAA,EAAE;AAAA,EAC7D;AAEA,EAAA,MAAM,CAAA,GAAI,KAAA;AAGV,EAAA,IAAI,CAAA,CAAE,YAAY,aAAA,EAAe;AAC/B,IAAA,MAAA,CAAO,KAAK,CAAA,2BAAA,EAA8B,aAAa,CAAA,QAAA,EAAW,CAAA,CAAE,OAAO,CAAA,CAAA,CAAG,CAAA;AAAA,EAChF;AAGA,EAAA,IAAI,OAAO,EAAE,EAAA,KAAO,QAAA,IAAY,CAAC,WAAA,CAAY,CAAA,CAAE,EAAE,CAAA,EAAG;AAClD,IAAA,MAAA,CAAO,KAAK,6CAA6C,CAAA;AAAA,EAC3D;AAGA,EAAA,IAAI,CAAC,iBAAA,CAAkB,QAAA,CAAS,CAAA,CAAE,UAA4B,CAAA,EAAG;AAC/D,IAAA,MAAA,CAAO,IAAA,CAAK,CAAA,qBAAA,EAAwB,CAAA,CAAE,UAAU,CAAA,CAAA,CAAG,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,OAAO,CAAA,CAAE,SAAA,KAAc,QAAA,IAAY,KAAA,CAAM,KAAK,KAAA,CAAM,CAAA,CAAE,SAAS,CAAC,CAAA,EAAG;AACrE,IAAA,MAAA,CAAO,KAAK,iDAAiD,CAAA;AAAA,EAC/D;AAGA,EAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,CAAA,CAAE,QAAyB,CAAA,EAAG;AAC3D,IAAA,MAAA,CAAO,IAAA,CAAK,CAAA,mBAAA,EAAsB,CAAA,CAAE,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,KAAA,IAAS,OAAO,CAAA,CAAE,UAAU,QAAA,EAAU;AAC3C,IAAA,MAAA,CAAO,KAAK,0BAA0B,CAAA;AAAA,EACxC,CAAA,MAAO;AACL,IAAA,MAAM,QAAQ,CAAA,CAAE,KAAA;AAChB,IAAA,IAAI,CAAC,CAAC,MAAA,EAAQ,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,KAAA,CAAM,IAAc,CAAA,EAAG;AAC/D,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,qBAAA,EAAwB,KAAA,CAAM,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,OAAO,KAAA,CAAM,EAAA,KAAO,YAAY,KAAA,CAAM,EAAA,CAAG,WAAW,CAAA,EAAG;AACzD,MAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,QAAA,IAAY,OAAO,CAAA,CAAE,aAAa,QAAA,EAAU;AACjD,IAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,EAC3C,CAAA,MAAO;AACL,IAAA,MAAM,WAAW,CAAA,CAAE,QAAA;AACnB,IAAA,MAAM,aAAa,CAAC,SAAA,EAAW,eAAe,UAAA,EAAY,QAAA,EAAU,WAAW,SAAS,CAAA;AACxF,IAAA,IAAI,CAAC,UAAA,CAAW,QAAA,CAAS,QAAA,CAAS,IAAc,CAAA,EAAG;AACjD,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,wBAAA,EAA2B,QAAA,CAAS,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACzD;AACA,IAAA,IAAI,OAAO,QAAA,CAAS,EAAA,KAAO,YAAY,QAAA,CAAS,EAAA,CAAG,WAAW,CAAA,EAAG;AAC/D,MAAA,MAAA,CAAO,KAAK,iCAAiC,CAAA;AAAA,IAC/C;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,OAAA,IAAW,OAAO,CAAA,CAAE,YAAY,QAAA,EAAU;AAC/C,IAAA,MAAA,CAAO,KAAK,4BAA4B,CAAA;AAAA,EAC1C,CAAA,MAAO;AACL,IAAA,MAAM,UAAU,CAAA,CAAE,OAAA;AAClB,IAAA,IAAI,OAAO,OAAA,CAAQ,OAAA,KAAY,SAAA,EAAW;AACxC,MAAA,MAAA,CAAO,KAAK,yCAAyC,CAAA;AAAA,IACvD;AAAA,EACF;AAGA,EAAA,IAAI,EAAE,KAAA,EAAO;AACX,IAAA,IAAI,CAAC,mBAAA,CAAoB,CAAA,CAAE,KAAqB,CAAA,EAAG;AACjD,MAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,EAAE,WAAA,EAAa;AACjB,IAAA,IAAI,OAAO,EAAE,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,CAAA,CAAE,WAAW,CAAA,EAAG;AACpE,MAAA,MAAA,CAAO,KAAK,2CAA2C,CAAA;AAAA,IACzD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB;AAAA,GACF;AACF;AAQO,SAAS,kBAAkB,KAAA,EAAqC;AACrE,EAAA,OAAO,kBAAA,CAAmB,KAAK,CAAA,CAAE,KAAA;AACnC;;;ACvPO,SAAS,eAAA,CAAgB,OAAmB,OAAA,EAAgC;AACjF,EAAA,IAAI,SAAS,MAAA,EAAQ;AACnB,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,KAAA,EAAO,IAAA,EAAM,CAAC,CAAA;AAAA,EACtC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAC7B;AAeO,SAAS,WAAA,CAAY,SAAuB,OAAA,EAAgC;AACjF,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,GAAA,CAAI,CAAC,KAAA,KAAU,eAAA,CAAgB,KAAA,EAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAC,CAAA;AAC9E,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAE9B,EAAA,IAAI,OAAA,EAAS,eAAA,IAAmB,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AACjD,IAAA,OAAO,MAAA,GAAS,IAAA;AAAA,EAClB;AAEA,EAAA,OAAO,MAAA;AACT;AA4BO,SAAS,cAAA,CACd,IAAA,EACA,UAAA,GAAqB,CAAA,EACuB;AAC5C,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAG1B,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,YAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAEjC,IAAA,IAAI,CAAC,iBAAA,CAAkB,MAAM,CAAA,EAAG;AAC9B,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,+BAAA;AAAA,QACP,UAAA;AAAA,QACA,GAAA,EAAK,QAAQ,MAAA,GAAS,GAAA,GAAM,QAAQ,SAAA,CAAU,CAAA,EAAG,GAAG,CAAA,GAAI,KAAA,GAAQ;AAAA,OAClE;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,KAAA,EAAO,MAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF,SAAS,CAAA,EAAG;AACV,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,CAAA,YAAa,KAAA,GAAQ,CAAA,CAAE,OAAA,GAAU,kBAAA;AAAA,MACxC,UAAA;AAAA,MACA,GAAA,EAAK,QAAQ,MAAA,GAAS,GAAA,GAAM,QAAQ,SAAA,CAAU,CAAA,EAAG,GAAG,CAAA,GAAI,KAAA,GAAQ;AAAA,KAClE;AAAA,EACF;AACF;AAmCO,SAAS,UAAA,CAAW,SAAiB,OAAA,EAA+C;AACzF,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAI,CAAA;AAChC,EAAA,MAAM,UAAwB,EAAC;AAC/B,EAAA,MAAM,SAAgC,EAAC;AACvC,EAAA,MAAM,QAAA,GAAW,SAAS,QAAA,IAAY,CAAA;AACtC,EAAA,IAAI,SAAA,GAAY,CAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AACpB,IAAA,MAAM,aAAa,CAAA,GAAI,CAAA;AAGvB,IAAA,IAAI,IAAA,CAAK,IAAA,EAAK,CAAE,MAAA,KAAW,CAAA,EAAG;AAC5B,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,QAAA,GAAW,CAAA,IAAK,SAAA,IAAa,QAAA,EAAU;AACzC,MAAA;AAAA,IACF;AAEA,IAAA,SAAA,EAAA;AAEA,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,IAAA,EAAM,UAAU,CAAA;AAE9C,IAAA,IAAI,OAAO,EAAA,EAAI;AACb,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,IAC3B,CAAA,MAAO;AACL,MAAA,IAAI,SAAS,WAAA,EAAa;AACxB,QAAA,MAAA,CAAO,KAAK,MAAM,CAAA;AAAA,MACpB,CAAA,MAAO;AAEL,QAAA,OAAO;AAAA,UACL,OAAA;AAAA,UACA,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA,UACf,UAAA,EAAY,SAAA;AAAA,UACZ,cAAc,OAAA,CAAQ,MAAA;AAAA,UACtB,UAAA,EAAY;AAAA,SACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,MAAA;AAAA,IACA,UAAA,EAAY,SAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,MAAA;AAAA,IACtB,YAAY,MAAA,CAAO;AAAA,GACrB;AACF;AAoBO,SAAS,oBAAoB,OAAA,EAAuD;AACzF,EAAA,OAAO,CAAC,KAAA,KAA8B;AACpC,IAAA,MAAM,OAAO,eAAA,CAAgB,KAAA,EAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AACrD,IAAA,OAAO,IAAA,GAAO,IAAA;AAAA,EAChB,CAAA;AACF;;;ACxNO,IAAM,cAAA,GAAiB;AAiBvB,SAAS,iBAAiB,OAAA,EAA8C;AAE7E,EAAA,MAAM,aAAA,GAAgB,CAAC,GAAG,OAAA,CAAQ,OAAO,CAAA,CAAE,IAAA;AAAA,IACzC,CAAC,CAAA,EAAG,CAAA,KAAM,IAAI,KAAK,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,KAAY,IAAI,IAAA,CAAK,CAAA,CAAE,SAAS,EAAE,OAAA;AAAQ,GAC5E;AAGA,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAY;AACjC,EAAA,KAAA,MAAW,SAAS,aAAA,EAAe;AACjC,IAAA,IAAI,KAAA,CAAM,OAAO,QAAA,EAAU;AACzB,MAAA,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,QAAQ,CAAA;AAAA,IACnC;AAAA,EACF;AAGA,EAAA,MAAM,OAAA,GAAU,sBAAsB,aAAa,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,YAAA,EAAA,iBAAc,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IACrC,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,OAAA,EAAS,aAAA;AAAA,IACT,SAAA,EAAW,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC9B;AAAA,GACF;AACF;AAQO,SAAS,sBAAsB,OAAA,EAA0C;AAE9E,EAAA,MAAM,cAAsC,EAAC;AAC7C,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,WAAA,CAAY,MAAM,UAAU,CAAA,GAAA,CAAK,YAAY,KAAA,CAAM,UAAU,KAAK,CAAA,IAAK,CAAA;AAAA,EACzE;AAGA,EAAA,MAAM,UAAA,GAA4C;AAAA,IAChD,IAAA,EAAM,CAAA;AAAA,IACN,IAAA,EAAM,CAAA;AAAA,IACN,KAAA,EAAO,CAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACZ;AACA,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,UAAA,CAAW,MAAM,QAAQ,CAAA,EAAA;AAAA,EAC3B;AAGA,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAC/B,EAAA,MAAM,SAAA,uBAAgB,GAAA,EAAY;AAClC,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA,CAAA,EAAI,KAAA,CAAM,KAAA,CAAM,EAAE,CAAA,CAAE,CAAA;AAClD,IAAA,SAAA,CAAU,GAAA,CAAI,GAAG,KAAA,CAAM,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,CAAA;AAAA,EAC7D;AAGA,EAAA,MAAM,aAAa,OAAA,CAAQ,MAAA,GAAS,IAAI,OAAA,CAAQ,CAAC,EAAE,SAAA,GAAY,EAAA;AAC/D,EAAA,MAAM,SAAA,GAAY,QAAQ,MAAA,GAAS,CAAA,GAAI,QAAQ,OAAA,CAAQ,MAAA,GAAS,CAAC,CAAA,CAAE,SAAA,GAAY,EAAA;AAE/E,EAAA,OAAO;AAAA,IACL,aAAa,OAAA,CAAQ,MAAA;AAAA,IACrB,aAAA,EAAe,WAAA;AAAA,IACf,WAAA,EAAa,UAAA;AAAA,IACb,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,SAAA;AAAA,IACZ,aAAa,MAAA,CAAO,IAAA;AAAA,IACpB,gBAAgB,SAAA,CAAU;AAAA,GAC5B;AACF;AASO,SAAS,eAAA,CAAgB,SAAuB,UAAA,EAAkC;AACvF,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,KAAA,KAAU,KAAA,CAAM,gBAAgB,UAAU,CAAA;AACnE;AASO,SAAS,eAAA,CAAgB,SAAuB,OAAA,EAA+B;AACpF,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,UAAU,KAAA,CAAM,KAAA,EAAO,aAAa,OAAO,CAAA;AACpE;AAUO,SAAS,iBAAA,CAAkB,OAAA,EAAuB,KAAA,EAAe,GAAA,EAA2B;AACjG,EAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,KAAK,EAAE,OAAA,EAAQ;AAC1C,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,CAAK,GAAG,EAAE,OAAA,EAAQ;AAEtC,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,KAAA,KAAU;AAC/B,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,EAAE,OAAA,EAAQ;AACpD,IAAA,OAAO,SAAA,IAAa,aAAa,SAAA,IAAa,OAAA;AAAA,EAChD,CAAC,CAAA;AACH;AAUO,SAAS,gBAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACc;AACd,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,KAAA,KAAU;AAC/B,IAAA,IAAI,KAAA,CAAM,QAAA,CAAS,IAAA,KAAS,YAAA,EAAc;AACxC,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,UAAA,IAAc,KAAA,CAAM,QAAA,CAAS,EAAA,KAAO,UAAA,EAAY;AAClD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAC,CAAA;AACH;AA2BO,SAAS,iBAAiB,OAAA,EAA2C;AAE1E,EAAA,MAAM,OAAA,uBAAc,GAAA,EAA0B;AAE9C,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,IAAI,KAAA,CAAM,OAAO,QAAA,EAAU;AACzB,MAAA,MAAM,WAAW,OAAA,CAAQ,GAAA,CAAI,MAAM,KAAA,CAAM,QAAQ,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AACnB,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,QAAA,EAAU,QAAQ,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,MAAM,eAAmC,EAAC;AAE1C,EAAA,KAAA,MAAW,CAAC,OAAA,EAAS,YAAY,CAAA,IAAK,OAAA,EAAS;AAE7C,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,YAAY,CAAA,CAAE,IAAA;AAAA,MAC/B,CAAC,CAAA,EAAG,CAAA,KAAM,IAAI,KAAK,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,KAAY,IAAI,IAAA,CAAK,CAAA,CAAE,SAAS,EAAE,OAAA;AAAQ,KAC5E;AAGA,IAAA,MAAM,OAAA,uBAAc,GAAA,EAAY;AAChC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,OAAO,OAAA,EAAS;AACxB,QAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,OAAO,CAAA;AAAA,MACjC;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,MAAA,CAAO,CAAC,CAAA,CAAE,SAAS,EAAE,OAAA,EAAQ;AACxD,IAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,SAAS,CAAC,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,EAAQ;AAEvE,IAAA,YAAA,CAAa,IAAA,CAAK;AAAA,MAChB,QAAA,EAAU,OAAA;AAAA,MACV,OAAA,EAAS,MAAA;AAAA,MACT,QAAA,EAAU,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,MAC5B,aAAa,QAAA,GAAW;AAAA,KACzB,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,YAAA;AACT;AASO,SAAS,eAAA,CAAgB,MAAA,EAAoB,MAAA,GAAkB,KAAA,EAAe;AACnF,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,EAAQ,IAAA,EAAM,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;;;AC3OO,IAAMA,eAAAA,GAAiB;AAKvB,IAAM,sBAAA,GAAyBA;AAM/B,IAAM,2BAAA,GAA8B;ACY3C,IAAM,eAAA,GAAkB,GAAA;AAGxB,IAAM,cAAA,GAAiB,KAAK,IAAA,GAAO,IAAA;AAGnC,IAAM,cAAA,GAAiB,MAAM,IAAA,GAAO,IAAA;AAGpC,IAAM,YAAA,GAAe,GAAA;AAGrB,IAAM,gBAAgB,CAAC,eAAA,EAAiB,YAAA,EAAc,iBAAA,EAAmB,SAAS,SAAS,CAAA;AAUpF,IAAM,gBAAA,GAAmBC,oBAAA;AAOhC,IAAM,aAAA,GAAgB,kCAAA;AAWtB,SAAS,gBAAA,GAA2B;AAClC,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAI3B,EAAA,MAAM,iBAA2B,EAAC;AAClC,EAAA,IAAI,EAAA,GAAK,SAAA;AACT,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC3B,IAAA,cAAA,CAAe,CAAC,CAAA,GAAI,aAAA,CAAc,EAAA,GAAK,EAAE,CAAA;AACzC,IAAA,EAAA,GAAK,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,EAAE,CAAA;AAAA,EACzB;AAIA,EAAA,MAAM,EAAE,WAAA,EAAa,iBAAA,EAAkB,GAAI,UAAQ,QAAa,CAAA;AAChE,EAAA,MAAM,SAAA,GAAY,kBAAkB,EAAE,CAAA;AACtC,EAAA,MAAM,cAAwB,EAAC;AAK/B,EAAA,IAAI,WAAA,GAAc,OAAO,CAAC,CAAA;AAC1B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,WAAA,GAAe,eAAe,MAAA,CAAO,CAAC,IAAK,MAAA,CAAO,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,EAChE;AAGA,EAAA,KAAA,IAAS,CAAA,GAAI,EAAA,EAAI,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC5B,IAAA,WAAA,CAAY,CAAC,IAAI,aAAA,CAAc,MAAA,CAAO,cAAc,MAAA,CAAO,EAAI,CAAC,CAAC,CAAA;AACjE,IAAA,WAAA,GAAc,WAAA,IAAe,OAAO,CAAC,CAAA;AAAA,EACvC;AAEA,EAAA,OAAO,eAAe,IAAA,CAAK,EAAE,CAAA,GAAI,WAAA,CAAY,KAAK,EAAE,CAAA;AACtD;AAMA,SAAS,UAAU,IAAA,EAA+B;AAChD,EAAA,MAAM,IAAA,GAAOC,oBAAW,QAAQ,CAAA;AAChC,EAAA,IAAA,CAAK,OAAO,IAAI,CAAA;AAChB,EAAA,OAAO,CAAA,OAAA,EAAU,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AACrC;AAGA,SAAS,gBAAgB,GAAA,EAAqB;AAC5C,EAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,MAAA,GAAS,KAAM,CAAC,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AACrC;AAGA,SAAS,SAAS,GAAA,EAKT;AACP,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,aAAa,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC5D,IAAA,MAAM,cAAc,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AAAA,MAC7B,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAAA,MAC/B,SAAA,EAAW,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MACnC,YAAA,EAAc,GAAG,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA,EAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,KACvC;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGA,SAAS,WAAA,CACP,IAAA,EACA,OAAA,EACA,OAAA,EACa;AACb,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAQ;AAClC;AAMA,SAAS,eAAe,MAAA,EAA4B;AAGlD,EAAA,MAAM,cACJ,MAAA,CAAO,OAAA,CAAQ,SAAS,uBAAuB,CAAA,IAC/C,OAAO,OAAA,CAAQ,QAAA,CAAS,eAAe,CAAA,IACvC,MAAA,CAAO,QAAQ,QAAA,CAAS,IAAI,KAC5B,MAAA,CAAO,OAAA,CAAQ,SAAS,IAAI,CAAA;AAE9B,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,YAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,uBAAA,EAA0B,MAAA,CAAO,OAAO,CAAA,CAAE,CAAA;AAAA,EAChG;AACA,EAAA,OAAO,YAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,WAAA,EAAc,MAAA,CAAO,OAAO,CAAA,CAAE,CAAA;AACpF;AAMA,IAAM,YAAA,GAAe,SAAA;AAcrB,SAAS,WAAW,SAAA,EAA4B;AAG9C,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,OAAO,KAAA;AAGrC,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,OAAO,KAAA;AAGrC,EAAA,MAAM,UAAA,GAAaC,UAAA,CAAU,SAAA,CAAU,SAAS,CAAA;AAMhD,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,EAAG,OAAO,KAAA;AACvC,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,IAAI,CAAA,EAAG,OAAO,KAAA;AACxC,EAAA,IAAI,UAAA,KAAe,KAAK,OAAO,KAAA;AAI/B,EAAA,MAAM,QAAA,GAAWA,UAAA,CAAU,OAAA,CAAQ,YAAA,EAAc,UAAU,CAAA;AAC3D,EAAA,IAAI,CAAC,QAAA,CAAS,UAAA,CAAW,eAAe,GAAG,CAAA,IAAK,aAAa,YAAA,EAAc;AACzE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,aAAA,CAAc,KAAK,CAAC,MAAA,KAAW,eAAe,MAAA,IAAU,UAAA,CAAW,UAAA,CAAW,MAAM,CAAC,CAAA;AAC9F;AAiBA,eAAsB,oBACpB,OAAA,EAC+B;AAC/B,EAAA,MAAM;AAAA,IACJ,IAAA,GAAO,SAAA;AAAA,IACP,IAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA,QAAA;AAAA,IACA,IAAA;AAAA,IACA,MAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAGJ,EAAA,MAAM,UAAA,GACJ,IAAA,KAAS,WAAA,GAAc,CAAC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,WAAA,EAAa,CAAA,GAAI,EAAC,CAAA;AAGnE,EAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AACzB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,sBAAsB;AAAA,KAC9E;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,SAAS,YAAA,EAAc;AAClC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,aAAA;AAAA,QACjB,CAAA,mBAAA,EAAsB,QAAA,CAAS,MAAM,CAAA,GAAA,EAAM,YAAY,CAAA;AAAA;AACzD,KACF;AAAA,EACF;AAGA,EAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,YAAA,EAAc,0BAA0B;AAAA,KAC9E;AAAA,EACF;AAGA,EAAA,MAAM,iBAAyC,EAAC;AAChD,EAAA,MAAM,cAAA,uBAAqB,GAAA,EAAY;AACvC,EAAA,MAAM,cAAwB,EAAC;AAC/B,EAAA,IAAI,WAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,MAAM,GAAA,GAAM,SAAS,CAAC,CAAA;AACtB,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAE3B,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,eAAA,EAAiB,CAAA,qBAAA,EAAwB,CAAC,CAAA,CAAE;AAAA,OAClF;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,MAAA,CAAO,OAAA;AACtB,IAAA,MAAM,YAAY,MAAA,CAAO,GAAA;AACzB,IAAA,MAAM,cAAc,MAAA,CAAO,GAAA;AAE3B,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,eAAA;AAAA,UACjB,oBAAoB,CAAC,CAAA,kBAAA;AAAA;AACvB,OACF;AAAA,IACF;AAGA,IAAA,IAAI,cAAA,CAAe,GAAA,CAAI,SAAS,CAAA,EAAG;AACjC,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,iBAAA;AAAA,UACjB,yBAAyB,SAAS,CAAA;AAAA;AACpC,OACF;AAAA,IACF;AACA,IAAA,cAAA,CAAe,IAAI,SAAS,CAAA;AAG5B,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,OAAO,gBAAgB,QAAA,EAAU;AACnC,MAAA,QAAA,GAAW,IAAI,IAAA,CAAK,WAAA,GAAc,GAAI,EAAE,WAAA,EAAY;AAAA,IACtD,CAAA,MAAA,IAAW,OAAO,WAAA,KAAgB,QAAA,EAAU;AAC1C,MAAA,QAAA,GAAW,WAAA;AAAA,IACb,CAAA,MAAO;AACL,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,eAAA;AAAA,UACjB,WAAW,SAAS,CAAA,6BAAA;AAAA;AACtB,OACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,WAAA,IAAe,QAAA,GAAW,WAAA,EAAa,WAAA,GAAc,QAAA;AAC1D,IAAA,IAAI,CAAC,WAAA,IAAe,QAAA,GAAW,WAAA,EAAa,WAAA,GAAc,QAAA;AAG1D,IAAA,MAAM,cAAc,SAAA,CAAU,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAC,CAAA;AAEtD,IAAA,cAAA,CAAe,IAAA,CAAK;AAAA,MAClB,UAAA,EAAY,SAAA;AAAA,MACZ,SAAA,EAAW,QAAA;AAAA,MACX,YAAA,EAAc;AAAA,KACf,CAAA;AAED,IAAA,WAAA,CAAY,KAAK,GAAG,CAAA;AAAA,EACtB;AAGA,EAAA,MAAM,aAAA,GAAgB,cAAA,CACnB,GAAA,CAAI,CAAC,OAAO,CAAA,MAAO,EAAE,KAAA,EAAO,CAAA,EAAE,CAAE,CAAA,CAChC,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AACd,IAAA,IAAI,CAAA,CAAE,KAAA,CAAM,SAAA,KAAc,CAAA,CAAE,MAAM,SAAA,EAAW;AAC3C,MAAA,OAAO,EAAE,KAAA,CAAM,SAAA,CAAU,aAAA,CAAc,CAAA,CAAE,MAAM,SAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,CAAA,CAAE,KAAA,CAAM,UAAA,KAAe,CAAA,CAAE,MAAM,UAAA,EAAY;AAC7C,MAAA,OAAO,EAAE,KAAA,CAAM,UAAA,CAAW,aAAA,CAAc,CAAA,CAAE,MAAM,UAAU,CAAA;AAAA,IAC5D;AACA,IAAA,OAAO,EAAE,KAAA,CAAM,YAAA,CAAa,aAAA,CAAc,CAAA,CAAE,MAAM,YAAY,CAAA;AAAA,EAChE,CAAC,CAAA;AAEH,EAAA,MAAM,uBAAuB,aAAA,CAAc,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,KAAK,CAAA;AAC7D,EAAA,MAAM,iBAAA,GAAoB,cAAc,GAAA,CAAI,CAAC,MAAM,WAAA,CAAY,CAAA,CAAE,CAAC,CAAC,CAAA;AAGnE,EAAA,MAAM,cAAA,GAAiB,iBAAA,CAAkB,IAAA,CAAK,IAAI,CAAA,GAAI,IAAA;AACtD,EAAA,MAAM,mBAAA,GAAsB,MAAA,CAAO,IAAA,CAAK,cAAA,EAAgB,MAAM,CAAA;AAG9D,EAAA,MAAM,UAAA,GAAiC,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAS;AAAA,IAC7D,KAAK,GAAA,CAAI,GAAA;AAAA,IACT,GAAA,EAAK,IAAI,GAAA,IAAO;AAAA,GAClB,CAAE,CAAA;AACF,EAAA,UAAA,CAAW,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,GAAA,CAAI,aAAA,CAAc,CAAA,CAAE,GAAG,CAAC,CAAA;AAEpD,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,MAAM,CAAC,CAAA;AAC7C,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAG9C,EAAA,MAAM,WAAA,GAAmC;AAAA,IACvC;AAAA,MACE,IAAA,EAAM,iBAAA;AAAA,MACN,MAAA,EAAQ,UAAU,mBAAmB,CAAA;AAAA,MACrC,MAAM,mBAAA,CAAoB;AAAA,KAC5B;AAAA,IACA;AAAA,MACE,IAAA,EAAM,gBAAA;AAAA,MACN,MAAA,EAAQ,UAAU,SAAS,CAAA;AAAA,MAC3B,MAAM,SAAA,CAAU;AAAA;AAClB,GACF;AAGA,EAAA,IAAI,UAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,WAAA,GAAc,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAA;AACxC,IAAA,UAAA,GAAa,UAAU,WAAW,CAAA;AAClC,IAAA,WAAA,CAAY,IAAA,CAAK;AAAA,MACf,IAAA,EAAM,oBAAA;AAAA,MACN,MAAA,EAAQ,UAAA;AAAA,MACR,MAAM,WAAA,CAAY;AAAA,KACnB,CAAA;AAAA,EACH;AAIA,EAAA,IAAI,YAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,YAAA,GAAe,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAC3C,IAAA,WAAA,GAAc,UAAU,YAAY,CAAA;AACpC,IAAA,WAAA,CAAY,IAAA,CAAK;AAAA,MACf,IAAA,EAAM,iBAAA;AAAA,MACN,MAAA,EAAQ,WAAA;AAAA,MACR,MAAM,YAAA,CAAa;AAAA,KACpB,CAAA;AAAA,EACH;AAGA,EAAA,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI,CAAC,CAAA;AAGvD,EAAA,MAAM,SAAA,GAA6B;AAAA,IACjC,KAAA,EAAO,WAAA;AAAA,IACP,GAAA,EAAK;AAAA,GACP;AAEA,EAAA,MAAM,mBAAA,GAAmE;AAAA,IACvE,OAAA,EAASH,eAAAA;AAAA,IACT,IAAA;AAAA,IACA,SAAA,EAAW,aAAa,gBAAA,EAAiB;AAAA,IACzC,IAAA,EAAM,UAAA;AAAA;AAAA,IAEN,WAAA;AAAA,IACA,UAAA;AAAA,IACA,UAAA,EAAY,UAAA,IAAA,iBAAc,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACjD,UAAA,EAAY,SAAA;AAAA,IACZ,QAAA,EAAU,oBAAA;AAAA,IACV,IAAA,EAAM,UAAA;AAAA,IACN,KAAA,EAAO;AAAA,GACT;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAC,oBAA8C,WAAA,GAAc,UAAA;AAAA,EAC/D;AAEA,EAAA,IAAI,WAAA,EAAa;AACf,IAAC,oBAA8C,aAAA,GAAgB,WAAA;AAAA,EACjE;AAGA,EAAA,MAAM,WAAA,GAAc,SAAA,CAAUI,mBAAA,CAAa,mBAAmB,CAAC,CAAA;AAE/D,EAAA,MAAM,QAAA,GAAkC;AAAA,IACtC,GAAG,mBAAA;AAAA,IACH,YAAA,EAAc;AAAA,GAChB;AAGA,EAAA,MAAM,OAAA,GAAU,IAASC,eAAA,CAAA,OAAA,EAAQ;AAIjC,EAAA,MAAM,KAAA,GAAQ,IAAI,IAAA,CAAK,QAAA,CAAS,UAAU,CAAA;AAC1C,EAAA,MAAM,UAAA,GAAa,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAM;AAG5C,EAAA,MAAM,YAAA,GAAe,IAAA,CAAK,SAAA,CAAU,QAAA,EAAU,MAAM,CAAC,CAAA;AACrD,EAAA,OAAA,CAAQ,UAAU,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA,EAAG,iBAAiB,UAAU,CAAA;AAGxE,EAAA,OAAA,CAAQ,SAAA,CAAU,mBAAA,EAAqB,iBAAA,EAAmB,UAAU,CAAA;AAGpE,EAAA,OAAA,CAAQ,SAAA,CAAU,SAAA,EAAW,gBAAA,EAAkB,UAAU,CAAA;AAGzD,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAa,oBAAA,EAAsB,UAAU,CAAA;AAAA,EACjE;AAGA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,SAAA,CAAU,YAAA,EAAc,iBAAA,EAAmB,UAAU,CAAA;AAAA,EAC/D;AAGA,EAAA,IAAI,eAAe,WAAA,EAAa;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAM,qBAAA,CAAsB,WAAA,EAAa,aAAa,WAAW,CAAA;AACnF,IAAA,IAAI,CAAC,UAAU,EAAA,EAAI;AACjB,MAAA,OAAO,SAAA;AAAA,IACT;AACA,IAAA,OAAA,CAAQ,UAAU,MAAA,CAAO,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,cAAc,UAAU,CAAA;AAAA,EAC1E;AAGA,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAA,MAAM,SAAmB,EAAC;AAE1B,IAAA,OAAA,CAAQ,YAAA,CACL,EAAA,CAAG,MAAA,EAAQ,CAAC,KAAA,KAAkB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA,CAChD,EAAA,CAAG,KAAA,EAAO,MAAM;AACf,MAAA,OAAA,CAAQ,EAAE,IAAI,IAAA,EAAM,KAAA,EAAO,OAAO,MAAA,CAAO,MAAM,GAAG,CAAA;AAAA,IACpD,CAAC,CAAA,CACA,EAAA,CAAG,OAAA,EAAS,CAAC,GAAA,KAAe;AAC3B,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,cAAA;AAAA,UACjB,CAAA,sBAAA,EAAyB,IAAI,OAAO,CAAA;AAAA;AACtC,OACD,CAAA;AAAA,IACH,CAAC,CAAA;AAEH,IAAA,OAAA,CAAQ,GAAA,EAAI;AAAA,EACd,CAAC,CAAA;AACH;AAKA,eAAe,qBAAA,CACb,WAAA,EACA,UAAA,EACA,GAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,OAAO,cAAc,CAAA;AAC5C,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,EAAE,cAAc,WAAA,EAAY,EAAG,YAAY,GAAG,CAAA;AACrE,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,GAAA,EAAI;AAAA,EAChC,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,iBAAA;AAAA,QACjB,CAAA,mCAAA,EAAuC,IAAc,OAAO,CAAA;AAAA;AAC9D,KACF;AAAA,EACF;AACF;AASA,eAAsB,kBACpB,SAAA,EAC8C;AAC9C,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAMC,gBAAA,CAAA,UAAA,CAAW,WAAW,EAAE,WAAA,EAAa,MAAK,EAAG,CAAC,KAAK,OAAA,KAAY;AACnE,MAAA,IAAI,GAAA,IAAO,CAAC,OAAA,EAAS;AACnB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,cAAA;AAAA,YACjB,CAAA,oBAAA,EAAuB,GAAA,EAAK,OAAA,IAAW,eAAe,CAAA;AAAA;AACxD,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,KAAA,uBAAY,GAAA,EAAoB;AACtC,MAAA,IAAI,UAAA,GAAa,CAAA;AACjB,MAAA,IAAI,SAAA,GAAY,CAAA;AAChB,MAAA,IAAI,gBAAA,GAAmB,CAAA;AAEvB,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAuB;AAC1C,QAAA,IAAI,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC9B,UAAA,OAAA,CAAQ,SAAA,EAAU;AAClB,UAAA;AAAA,QACF;AAEA,QAAA,UAAA,EAAA;AAGA,QAAA,IAAI,aAAa,eAAA,EAAiB;AAChC,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,2BAA2B,eAAe,CAAA;AAAA;AAC5C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAGA,QAAA,IAAI,CAAC,UAAA,CAAW,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC/B,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,cAAA;AAAA,cACjB,CAAA,uBAAA,EAA0B,MAAM,QAAQ,CAAA;AAAA;AAC1C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAGA,QAAA,IAAI,KAAA,CAAM,mBAAmB,cAAA,EAAgB;AAC3C,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,CAAA,iBAAA,EAAoB,MAAM,QAAQ,CAAA;AAAA;AACpC,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAEA,QAAA,SAAA,IAAa,KAAA,CAAM,gBAAA;AACnB,QAAA,IAAI,YAAY,cAAA,EAAgB;AAC9B,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,0BAA0B,cAAc,CAAA,MAAA;AAAA;AAC1C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAEA,QAAA,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,EAAS,UAAA,KAAe;AACrD,UAAA,IAAI,OAAA,IAAW,CAAC,UAAA,EAAY;AAC1B,YAAA,OAAA,CAAQ,KAAA,EAAM;AACd,YAAA,OAAA,CAAQ;AAAA,cACN,EAAA,EAAI,KAAA;AAAA,cACJ,KAAA,EAAO,WAAA;AAAA,gBACL,gBAAA,CAAiB,cAAA;AAAA,gBACjB,CAAA,eAAA,EAAkB,MAAM,QAAQ,CAAA;AAAA;AAClC,aACD,CAAA;AACD,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,SAAmB,EAAC;AAC1B,UAAA,IAAI,WAAA,GAAc,CAAA;AAClB,UAAoB,KAAA,CAAM,gBAAA,GAAmB,CAAA,GAAI,MAAM,gBAAA,GAAmB;AAE1E,UAAA,UAAA,CAAW,EAAA,CAAG,MAAA,EAAQ,CAAC,KAAA,KAAkB;AACvC,YAAA,WAAA,IAAe,KAAA,CAAM,MAAA;AACrB,YAAA,gBAAA,IAAoB,KAAA,CAAM,MAAA;AAI1B,YAAA,IAAI,cAAc,cAAA,EAAgB;AAChC,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,+CAAA,EAAkD,MAAM,QAAQ,CAAA,CAAA;AAAA,kBAChE,EAAE,OAAA,EAAS,KAAA,CAAM,kBAAkB,MAAA,EAAQ,WAAA,EAAa,OAAO,cAAA;AAAe;AAChF,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAGA,YAAA,IAAI,mBAAmB,cAAA,EAAgB;AACrC,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,uCAAA,EAA0C,gBAAgB,CAAA,GAAA,EAAM,cAAc,CAAA,CAAA;AAAA,kBAC9E,EAAE,MAAA,EAAQ,gBAAA,EAAkB,KAAA,EAAO,cAAA;AAAe;AACpD,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAGA,YAAA,IAAI,MAAM,gBAAA,GAAmB,CAAA,IAAK,WAAA,GAAc,KAAA,CAAM,mBAAmB,CAAA,EAAG;AAE1E,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,8CAAA,EAAiD,MAAM,QAAQ,CAAA,CAAA;AAAA,kBAC/D,EAAE,OAAA,EAAS,KAAA,CAAM,gBAAA,EAAkB,QAAQ,WAAA;AAAY;AACzD,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAEA,YAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,UACnB,CAAC,CAAA;AAED,UAAA,UAAA,CAAW,EAAA,CAAG,OAAO,MAAM;AACzB,YAAA,KAAA,CAAM,IAAI,KAAA,CAAM,QAAA,EAAU,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA;AAC/C,YAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,UACpB,CAAC,CAAA;AACD,UAAA,UAAA,CAAW,EAAA,CAAG,OAAA,EAAS,CAAC,SAAA,KAAqB;AAC3C,YAAA,OAAA,CAAQ,KAAA,EAAM;AACd,YAAA,OAAA,CAAQ;AAAA,cACN,EAAA,EAAI,KAAA;AAAA,cACJ,KAAA,EAAO,WAAA;AAAA,gBACL,gBAAA,CAAiB,cAAA;AAAA,gBACjB,CAAA,cAAA,EAAiB,UAAU,OAAO,CAAA;AAAA;AACpC,aACD,CAAA;AAAA,UACH,CAAC,CAAA;AAAA,QACH,CAAC,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAO,MAAM;AACtB,QAAA,qBAAA,CAAsB,OAAO,OAAO,CAAA;AAAA,MACtC,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,MAAA,KAAkB;AACrC,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,eAAe,MAAM;AAAA,SAC7B,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,IACpB,CAAC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AAKA,SAAS,qBAAA,CACP,OACA,OAAA,EACM;AAEN,EAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,GAAA,CAAI,eAAe,CAAA;AAChD,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,mCAAmC;AAAA,KAC1F,CAAA;AACD,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,QAAA,CAAS,MAAM,CAAC,CAAA;AAAA,EACvD,SAAS,QAAA,EAAU;AACjB,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,gBAAA;AAAA,QACjB,CAAA,+BAAA,EAAmC,SAAmB,OAAO,CAAA;AAAA;AAC/D,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,QAAA,CAAS,YAAYN,eAAAA,EAAgB;AACvC,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,gBAAA;AAAA,QACjB,CAAA,4BAAA,EAA+B,SAAS,OAAO,CAAA,CAAA;AAAA,QAC/C,EAAE,QAAA,EAAUA,eAAAA,EAAgB,MAAA,EAAQ,SAAS,OAAA;AAAQ;AACvD,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,MAAM,EAAE,YAAA,EAAc,GAAG,mBAAA,EAAoB,GAAI,QAAA;AACjD,EAAA,MAAM,YAAA,GAAe,SAAA,CAAUI,mBAAA,CAAa,mBAAmB,CAAC,CAAA;AAEhE,EAAA,IAAI,iBAAiB,YAAA,EAAc;AACjC,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,aAAA;AAAA,QACjB,yCAAA;AAAA,QACA,EAAE,QAAA,EAAU,YAAA,EAAc,QAAA,EAAU,YAAA;AAAa;AACnD,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,SAAA,IAAa,SAAS,KAAA,EAAO;AACtC,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CAAI,SAAA,CAAU,IAAI,CAAA;AAC3C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAgB,CAAA,gBAAA,EAAmB,SAAA,CAAU,IAAI,CAAA,CAAE;AAAA,OACxF,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,gBAAA,GAAmB,UAAU,UAAU,CAAA;AAC7C,IAAA,IAAI,gBAAA,KAAqB,UAAU,MAAA,EAAQ;AACzC,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,aAAA;AAAA,UACjB,CAAA,oBAAA,EAAuB,UAAU,IAAI,CAAA,CAAA;AAAA,UACrC,EAAE,QAAA,EAAU,SAAA,CAAU,MAAA,EAAQ,UAAU,gBAAA;AAAiB;AAC3D,OACD,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,UAAA,CAAW,MAAA,KAAW,SAAA,CAAU,IAAA,EAAM;AACxC,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,aAAA;AAAA,UACjB,CAAA,oBAAA,EAAuB,UAAU,IAAI,CAAA,CAAA;AAAA,UACrC,EAAE,QAAA,EAAU,SAAA,CAAU,IAAA,EAAM,MAAA,EAAQ,WAAW,MAAA;AAAO;AACxD,OACD,CAAA;AACD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAA;AAClD,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAoB;AAEzC,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,MAAM,KAAA,GAAQ,eAAe,QAAA,CAAS,MAAM,EAAE,IAAA,EAAK,CAAE,MAAM,IAAI,CAAA;AAG/D,IAAA,IAAI,OAAA,GAAU,EAAA;AACd,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,MAAA,MAAM,GAAA,GAAM,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK;AAC1B,MAAA,IAAI,CAAC,GAAA,EAAK;AAEV,MAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,iBAAiB,CAAA,oBAAA,EAAuB,CAAA,GAAI,CAAC,CAAA,CAAE;AAAA,SACpF,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,OAAO,OAAA,CAAQ,GAAA;AAGjC,MAAA,IAAI,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA,EAAG;AAC3B,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,iBAAA;AAAA,YACjB,mCAAmC,SAAS,CAAA,CAAA;AAAA,YAC5C,EAAE,UAAA,EAAY,SAAA,EAAW,IAAA,EAAM,IAAI,CAAA;AAAE;AACvC,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,WACJ,OAAO,MAAA,CAAO,QAAQ,GAAA,KAAQ,QAAA,GAC1B,IAAI,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,GAAA,GAAM,GAAI,CAAA,CAAE,WAAA,KACpC,MAAA,CAAO,MAAA,CAAO,QAAQ,GAAG,CAAA;AAC/B,MAAA,MAAM,cAAc,SAAA,CAAU,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAC,CAAA;AAGtD,MAAA,MAAM,aAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,SAAS,IAAI,WAAW,CAAA,CAAA;AAC1D,MAAA,IAAI,aAAa,OAAA,EAAS;AACxB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,kBAAA;AAAA,YACjB;AAAA;AACF,SACD,CAAA;AACD,QAAA;AAAA,MACF;AACA,MAAA,OAAA,GAAU,UAAA;AAEV,MAAA,QAAA,CAAS,GAAA,CAAI,WAAW,GAAG,CAAA;AAAA,IAC7B;AAAA,EACF;AAGA,EAAA,IAAI,IAAA,GAAsB,EAAE,IAAA,EAAM,EAAC,EAAE;AACrC,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CAAI,gBAAgB,CAAA;AAC7C,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,QAAA,CAAS,MAAM,CAAC,CAAA;AAAA,IAC/C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,gCAAgC;AAAA,OACvF,CAAA;AACD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,aAAA;AACJ,EAAA,MAAM,YAAA,GAAe,KAAA,CAAM,GAAA,CAAI,oBAAoB,CAAA;AACnD,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,aAAA,GAAgB,YAAA,CAAa,SAAS,MAAM,CAAA;AAG5C,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,MAAM,kBAAA,GAAqB,UAAU,YAAY,CAAA;AACjD,MAAA,IAAI,kBAAA,KAAuB,SAAS,WAAA,EAAa;AAC/C,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,oBAAA,EAAsB,sBAAA,EAAwB;AAAA,YAChF,UAAU,QAAA,CAAS,WAAA;AAAA,YACnB,QAAA,EAAU;AAAA,WACX;AAAA,SACF,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,cAAA;AACJ,EAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAA;AACjD,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,cAAA,GAAiB,aAAA,CAAc,SAAS,MAAM,CAAA;AAG9C,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,MAAM,mBAAA,GAAsB,UAAU,aAAa,CAAA;AACnD,MAAA,IAAI,mBAAA,KAAwB,SAAS,aAAA,EAAe;AAClD,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,oBAAA,EAAsB,wBAAA,EAA0B;AAAA,YAClF,UAAU,QAAA,CAAS,aAAA;AAAA,YACnB,QAAA,EAAU;AAAA,WACX;AAAA,SACF,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,SAAA;AACJ,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AACxC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,SAAA,GAAY,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ;AAAA,IACN,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,MACL,QAAA;AAAA,MACA,QAAA;AAAA,MACA,IAAA;AAAA,MACA,MAAA,EAAQ,aAAA;AAAA,MACR,QAAA,EAAU,cAAA;AAAA,MACV,UAAA,EAAY;AAAA;AACd,GACD,CAAA;AACH;AAKA,eAAsB,sBACpB,SAAA,EAC4D;AAC5D,EAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,SAAS,CAAA;AAChD,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAM,KAAA,EAAO,EAAE,QAAA,EAAU,MAAA,CAAO,KAAA,CAAM,QAAA,EAAS,EAAE;AAChE;AAKA,eAAsB,qBAAqB,SAAA,EAAkD;AAC3F,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAME,gBAAA,CAAA,UAAA,CAAW,WAAW,EAAE,WAAA,EAAa,MAAK,EAAG,CAAC,KAAK,OAAA,KAAY;AACnE,MAAA,IAAI,GAAA,IAAO,CAAC,OAAA,EAAS;AACnB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,cAAA;AAAA,YACjB,CAAA,oBAAA,EAAuB,GAAA,EAAK,OAAA,IAAW,SAAS,CAAA;AAAA;AAClD,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,GAAQ,KAAA;AAEZ,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAuB;AAC1C,QAAA,IAAI,KAAA,CAAM,aAAa,eAAA,EAAiB;AACtC,UAAA,KAAA,GAAQ,IAAA;AACR,UAAA,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,EAAS,UAAA,KAAe;AACrD,YAAA,IAAI,OAAA,IAAW,CAAC,UAAA,EAAY;AAC1B,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,4BAAA,CAA8B;AAAA,eACnF,CAAA;AACD,cAAA;AAAA,YACF;AAEA,YAAA,MAAM,SAAmB,EAAC;AAC1B,YAAA,UAAA,CAAW,GAAG,MAAA,EAAQ,CAAC,UAAkB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AAC3D,YAAA,UAAA,CAAW,EAAA,CAAG,OAAO,MAAM;AACzB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,IAAI;AACF,gBAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AAAA,kBACpB,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA,CAAE,SAAS,MAAM;AAAA,iBACvC;AACA,gBAAA,OAAA,CAAQ,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,QAAA,CAAS,cAAc,CAAA;AAAA,cACpD,SAAS,QAAA,EAAU;AACjB,gBAAA,OAAA,CAAQ;AAAA,kBACN,EAAA,EAAI,KAAA;AAAA,kBACJ,KAAA,EAAO,WAAA;AAAA,oBACL,gBAAA,CAAiB,gBAAA;AAAA,oBACjB,CAAA,6BAAA;AAAA;AACF,iBACD,CAAA;AAAA,cACH;AAAA,YACF,CAAC,CAAA;AAAA,UACH,CAAC,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,QACpB;AAAA,MACF,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAO,MAAM;AACtB,QAAA,IAAI,CAAC,KAAA,EAAO;AACV,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,yBAAyB;AAAA,WAChF,CAAA;AAAA,QACH;AAAA,MACF,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,MAAA,KAAkB;AACrC,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,eAAe,MAAM;AAAA,SAC7B,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,IACpB,CAAC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AC5hCA,SAASC,WAAU,IAAA,EAA+B;AAChD,EAAA,MAAM,IAAA,GAAOL,oBAAW,QAAQ,CAAA;AAChC,EAAA,IAAA,CAAK,OAAO,IAAI,CAAA;AAChB,EAAA,OAAO,CAAA,OAAA,EAAU,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AACrC;AAGA,SAASM,iBAAgB,GAAA,EAAqB;AAC5C,EAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,MAAA,GAAS,KAAM,CAAC,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AACrC;AAGA,SAASC,UAAS,GAAA,EAIT;AACP,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,aAAaD,gBAAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC5D,IAAA,MAAM,cAAcA,gBAAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AAAA,MAC7B,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAAA,MAC/B,SAAA,EAAW,MAAM,CAAC;AAAA,KACpB;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAeA,SAAS,eAAkB,GAAA,EAAW;AACpC,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,EAAW;AACrC,IAAA,OAAO,GAAA;AAAA,EACT;AACA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,GAAA,CAAI,IAAI,cAAc,CAAA;AAAA,EAC/B;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,MAAM,SAAkC,EAAC;AACzC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAA8B,CAAA,EAAG;AACzE,MAAA,IAAI,UAAU,MAAA,EAAW;AACvB,QAAA,MAAA,CAAO,GAAG,CAAA,GAAI,cAAA,CAAe,KAAK,CAAA;AAAA,MACpC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,GAAA;AACT;AAYA,SAAS,mBAAA,CACP,SACA,GAAA,EACsC;AACtC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,MAAM,SAAS,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,OAAA,KAAY,GAAI,CAAA;AAG9C,EAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC;AAEA,EAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC;AAEA,EAAA,IAAI,OAAA,CAAQ,QAAQ,MAAA,EAAW;AAC7B,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC,CAAA,MAAO;AACL,IAAA,MAAM,MAAM,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,GAAW,QAAQ,GAAA,GAAM,GAAA;AAC5D,IAAA,IAAI,KAAA,CAAM,GAAG,CAAA,EAAG;AACd,MAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,IACrC,CAAA,MAAA,IAAW,GAAA,GAAM,MAAA,GAAS,GAAA,EAAK;AAE7B,MAAA,MAAA,CAAO,KAAK,yBAAyB,CAAA;AAAA,IACvC;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,QAAQ,MAAA,EAAW;AAC7B,IAAA,MAAM,MAAM,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,GAAW,QAAQ,GAAA,GAAM,GAAA;AAC5D,IAAA,IAAI,KAAA,CAAM,GAAG,CAAA,EAAG;AACd,MAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,IACrC,CAAA,MAAA,IAAW,MAAM,MAAA,EAAQ;AACvB,MAAA,MAAA,CAAO,KAAK,mBAAmB,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB;AAAA,GACF;AACF;AAKA,SAAS,gBAAgB,MAAA,EAAqD;AAC5E,EAAA,OAAO,OAAO,MAAA,CAAO,GAAA,KAAQ,QAAA,GAAW,OAAO,GAAA,GAAM,MAAA;AACvD;AAMA,SAAS,oBAAoB,GAAA,EAAoC;AAC/D,EAAA,IAAI,GAAA,CAAI,QAAQ,KAAA,IAAS,GAAA,CAAI,QAAQ,SAAA,IAAa,CAAC,IAAI,CAAA,EAAG;AACxD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,CAAA,GAAI,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,CAAA,CAAE,MAAA,GAAS,CAAA,IAAM,CAAC,CAAA;AAC9D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AAC1C,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,WAAW,KAAK,CAAA;AAC7B;AAKA,SAAS,OAAA,CAAQ,MAAoB,GAAA,EAAqC;AACxE,EAAA,OAAO,KAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,GAAG,CAAA;AACvC;AAQA,eAAe,aAAA,CACb,SAAA,EACA,GAAA,EACA,cAAA,EACA,OAAA,EACoC;AACpC,EAAA,MAAM,MAAA,GAASC,UAAS,GAAG,CAAA;AAE3B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,CAAC,0BAA0B;AAAA,KACrC;AAAA,EACF;AAEA,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,MAAA;AAC5B,EAAA,MAAM,KAAA,GAAQ,gBAAgB,MAAM,CAAA;AACpC,EAAA,MAAM,SAAmB,EAAC;AAG1B,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,CAAC,uBAAuB;AAAA,KAClC;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,cAAA,CAAe,IAAA,CAAK,MAAM,KAAK,CAAA;AACnD,EAAA,IAAI,CAAC,GAAA,EAAK;AAER,IAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,UAAA,EAAY,SAAA;AAAA,QACZ,eAAA,EAAiB,KAAA;AAAA,QACjB,YAAA,EAAc,KAAA;AAAA,QACd,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,CAAC,gBAAA,CAAiB,WAAW;AAAA,OACvC;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,CAAC,gBAAA,CAAiB,WAAW;AAAA,KACvC;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,GAAG,CAAA;AAC9C,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,CAAC,8BAA8B;AAAA,KACzC;AAAA,EACF;AAGA,EAAA,IAAI,cAAA,GAAiB,KAAA;AACrB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAMC,aAAA,CAAU,GAAA,EAAK,cAAc,CAAA;AAClD,IAAA,cAAA,GAAiB,MAAA,CAAO,KAAA;AACxB,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,IAC3C;AAAA,EACF,SAAS,GAAA,EAAc;AAErB,IAAA,IAAI,eAAeC,kBAAA,EAAa;AAC9B,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,uBAAA,EAA0B,GAAA,CAAI,IAAI,CAAA,CAAE,CAAA;AAAA,IAClD,CAAA,MAAO;AACL,MAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,IAC3C;AACA,IAAA,cAAA,GAAiB,KAAA;AAAA,EACnB;AAGA,EAAA,MAAM,eAAe,mBAAA,CAAoB,OAAA,EAAS,QAAQ,GAAA,oBAAO,IAAI,MAAM,CAAA;AAC3E,EAAA,MAAA,CAAO,IAAA,CAAK,GAAG,YAAA,CAAa,MAAM,CAAA;AAElC,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,SAAA;AAAA,IACZ,eAAA,EAAiB,cAAA;AAAA,IACjB,cAAc,YAAA,CAAa,KAAA;AAAA,IAC3B,MAAA,EAAQ,KAAA;AAAA,IACR,MAAA;AAAA,IACA,QAAQ,cAAA,IAAkB,YAAA,CAAa,SAAS,MAAA,CAAO,MAAA,KAAW,IAAI,OAAA,GAAU;AAAA,GAClF;AACF;AAKA,SAAS,cAAc,OAAA,EAAuD;AAC5E,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAsB;AAExC,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,MAAM,WAAW,KAAA,CAAM,GAAA,CAAI,MAAA,CAAO,MAAM,KAAK,EAAC;AAC9C,MAAA,QAAA,CAAS,IAAA,CAAK,OAAO,UAAU,CAAA;AAC/B,MAAA,KAAA,CAAM,GAAA,CAAI,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAA;AAAA,IACnC;AAAA,EACF;AAEA,EAAA,MAAM,UAA2B,EAAC;AAClC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,UAAU,CAAA,IAAK,KAAA,EAAO;AACrC,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,MACX,GAAA;AAAA,MACA,iBAAiB,UAAA,CAAW,MAAA;AAAA,MAC5B,WAAA,EAAa,WAAW,IAAA;AAAK,KAC9B,CAAA;AAAA,EACH;AAGA,EAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,GAAA,CAAI,aAAA,CAAc,CAAA,CAAE,GAAG,CAAC,CAAA;AAC1D;AAKA,SAAS,sBAAA,CACP,aAAA,EACA,UAAA,EACA,YAAA,EACA,OAAA,EACgB;AAChB,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,UAAU,CAAA,CAAA,EAAI,aAAa,CAAA,eAAA,CAAA;AAE/C,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,CAAC,MAAA,CAAO,eAAA,IAAmB,CAAC,OAAO,YAAA,EAAc;AACnD,MAAA,MAAM,YAAA,GACJ,OAAO,MAAA,CAAO,MAAA,GAAS,IAAI,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,GAAI,mBAAA;AACxD,MAAA,MAAA,CAAO,KAAK,CAAA,QAAA,EAAW,MAAA,CAAO,UAAU,CAAA,EAAA,EAAK,YAAY,CAAA,CAAE,CAAA;AAAA,IAC7D;AAAA,EACF;AAGA,EAAA,MAAA,CAAO,IAAA,EAAK;AAEZ,EAAA,IAAI,cAAA;AACJ,EAAA,IAAI,iBAAiB,CAAA,EAAG;AACtB,IAAA,cAAA,GAAiB,OAAA;AAAA,EACnB,CAAA,MAAA,IAAW,iBAAiB,aAAA,EAAe;AACzC,IAAA,cAAA,GAAiB,SAAA;AAAA,EACnB,CAAA,MAAO;AACL,IAAA,cAAA,GAAiB,cAAA;AAAA,EACnB;AAEA,EAAA,OAAO;AAAA,IACL,QAAA;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAMA,eAAe,sBACb,cAAA,EACgC;AAChC,EAAA,MAAM,EAAE,UAAA,EAAY,IAAA,EAAM,QAAA,EAAS,GAAI,cAAA;AAGvC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,EAC1B;AAGA,EAAA,MAAM,MAAA,GAASF,UAAS,UAAU,CAAA;AAClC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAO,MAAA,CAAO,MAAA,CAAO,QAAQ,QAAA,GAAW,MAAA,CAAO,OAAO,GAAA,GAAM,MAAA;AAC1E,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,KAAK,IAAA,CAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,KAAK,CAAA;AACjD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,OAAO,gBAAA,CAAiB;AAAA,KAC1B;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,GAAG,CAAA;AAC9C,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAMC,aAAA,CAAoC,UAAA,EAAY,cAAc,CAAA;AAEnF,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,OAAO,gBAAA,CAAiB;AAAA,OAC1B;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,OAAA,CAAQ,YAAA,KAAiB,QAAA,CAAS,YAAA,EAAc;AACzD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,IAAA;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,SAAS,GAAA,EAAc;AACrB,IAAA,MAAM,WACJ,GAAA,YAAeC,kBAAA,GACX,mCAAmC,GAAA,CAAI,IAAI,KAC3C,gBAAA,CAAiB,iBAAA;AAEvB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AACF;AAoBA,eAAsB,YAAA,CACpB,WACA,OAAA,EAC2C;AAE3C,EAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,SAAS,CAAA;AACpD,EAAA,IAAI,CAAC,WAAW,EAAA,EAAI;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,iBAAiB,UAAA,CAAW,KAAA;AAClC,EAAA,MAAM,EAAE,QAAA,EAAU,QAAA,EAAS,GAAI,cAAA;AAG/B,EAAA,MAAM,eAAA,GAAkB,MAAM,qBAAA,CAAsB,cAAc,CAAA;AAGlE,EAAA,MAAM,UAAuC,EAAC;AAE9C,EAAA,KAAA,MAAW,YAAA,IAAgB,SAAS,QAAA,EAAU;AAC5C,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,GAAA,CAAI,YAAA,CAAa,UAAU,CAAA;AAChD,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,YAAY,YAAA,CAAa,UAAA;AAAA,QACzB,eAAA,EAAiB,KAAA;AAAA,QACjB,YAAA,EAAc,KAAA;AAAA,QACd,MAAA,EAAQ,CAAC,4BAA4B;AAAA,OACtC,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,MAAM,aAAA,CAAc,aAAa,UAAA,EAAY,GAAA,EAAK,gBAAgB,OAAO,CAAA;AACxF,IAAA,OAAA,CAAQ,KAAK,MAAM,CAAA;AAAA,EACrB;AAGA,EAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,UAAA,CAAW,aAAA,CAAc,CAAA,CAAE,UAAU,CAAC,CAAA;AAG/D,EAAA,MAAM,aAAa,OAAA,CAAQ,MAAA;AAAA,IACzB,CAAC,MAAM,CAAA,CAAE,eAAA,IAAmB,EAAE,YAAA,IAAgB,CAAA,CAAE,OAAO,MAAA,KAAW;AAAA,GACpE,CAAE,MAAA;AACF,EAAA,MAAM,YAAA,GAAe,QAAQ,MAAA,GAAS,UAAA;AAGtC,EAAA,MAAM,QAAA,GAAW,cAAc,OAAO,CAAA;AAGtC,EAAA,MAAM,iBAAiB,sBAAA,CAAuB,OAAA,CAAQ,MAAA,EAAQ,UAAA,EAAY,cAAc,OAAO,CAAA;AAG/F,EAAA,MAAM,iBAAA,GAA6D;AAAA,IACjE,OAAA,EAAS,2BAAA;AAAA,IACT,qBAAqB,QAAA,CAAS,YAAA;AAAA,IAC9B,gBAAA,EAAkB,eAAA;AAAA,IAClB,OAAA,EAAS;AAAA,MACP,gBAAgB,OAAA,CAAQ,MAAA;AAAA,MACxB,KAAA,EAAO,UAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,IACA,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW,QAAA;AAAA,IACX,eAAA,EAAiB;AAAA,GACnB;AAIA,EAAA,MAAM,aAAA,GAAgB,eAAe,iBAAiB,CAAA;AACtD,EAAA,MAAM,UAAA,GAAaJ,UAAAA,CAAUH,mBAAAA,CAAa,aAAa,CAAC,CAAA;AAExD,EAAA,MAAM,MAAA,GAA6B;AAAA,IACjC,GAAG,iBAAA;AAAA,IACH,WAAA,EAAa;AAAA,GACf;AAEA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,GACT;AACF;AASO,SAAS,eAAA,CAAgB,MAAA,EAA4B,MAAA,GAAkB,KAAA,EAAe;AAC3F,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,EAAQ,IAAA,EAAM,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;AAQO,SAAS,iBAAiB,MAAA,EAAoC;AACnE,EAAA,MAAM,QAAkB,EAAC;AAEzB,EAAA,KAAA,CAAM,KAAK,yCAAyC,CAAA;AACpD,EAAA,KAAA,CAAM,KAAK,0CAA0C,CAAA;AACrD,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,MAAA,CAAO,mBAAmB,CAAA,CAAE,CAAA;AAC/D,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,WAAW,CAAA,CAAE,CAAA;AAC/C,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAGb,EAAA,KAAA,CAAM,KAAK,kBAAkB,CAAA;AAC7B,EAAA,KAAA,CAAM,KAAK,kBAAkB,CAAA;AAC7B,EAAA,IAAI,CAAC,MAAA,CAAO,gBAAA,CAAiB,OAAA,EAAS;AACpC,IAAA,KAAA,CAAM,KAAK,sBAAsB,CAAA;AAAA,EACnC,CAAA,MAAA,IAAW,MAAA,CAAO,gBAAA,CAAiB,KAAA,EAAO;AACxC,IAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,gBAAA,CAAiB,MAAM,CAAA,CAAE,CAAA;AAAA,EAC1D,CAAA,MAAO;AACL,IAAA,KAAA,CAAM,KAAK,mBAAmB,CAAA;AAC9B,IAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,gBAAA,CAAiB,MAAM,CAAA,CAAE,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,MAAA,CAAO,iBAAiB,KAAA,EAAO;AACjC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,MAAA,CAAO,gBAAA,CAAiB,KAAK,CAAA,CAAE,CAAA;AAAA,IACxD;AAAA,EACF;AACA,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAEb,EAAA,KAAA,CAAM,KAAK,SAAS,CAAA;AACpB,EAAA,KAAA,CAAM,KAAK,SAAS,CAAA;AACpB,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,gBAAA,EAAmB,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,CAAE,CAAA;AAC7D,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,OAAA,EAAU,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,CAAA;AAC3C,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,CAAA;AAC/C,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,EAAA,KAAA,CAAM,KAAK,CAAA,gBAAA,EAAmB,MAAA,CAAO,gBAAgB,cAAA,CAAe,WAAA,EAAa,CAAA,CAAE,CAAA;AACnF,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,eAAA,CAAgB,QAAQ,CAAA,CAAE,CAAA;AACzD,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAEb,EAAA,IAAI,MAAA,CAAO,eAAA,CAAgB,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC5C,IAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,IAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,IAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,eAAA,CAAgB,MAAA,EAAQ;AACjD,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,IAAA,EAAO,KAAK,CAAA,CAAE,CAAA;AAAA,IAC3B;AACA,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,IAAI,MAAA,CAAO,SAAA,CAAU,MAAA,GAAS,CAAA,EAAG;AAC/B,IAAA,KAAA,CAAM,KAAK,WAAW,CAAA;AACtB,IAAA,KAAA,CAAM,KAAK,WAAW,CAAA;AACtB,IAAA,KAAA,MAAW,QAAA,IAAY,OAAO,SAAA,EAAW;AACvC,MAAA,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,QAAA,CAAS,GAAG,CAAA,EAAA,EAAK,QAAA,CAAS,eAAe,CAAA,WAAA,CAAa,CAAA;AAAA,IACxE;AACA,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,EAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,EAAA,KAAA,MAAW,OAAA,IAAW,OAAO,QAAA,EAAU;AACrC,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,eAAA,IAAmB,OAAA,CAAQ,eAAe,OAAA,GAAU,SAAA;AAC3E,IAAA,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,OAAA,CAAQ,UAAU,CAAA,EAAA,EAAK,MAAM,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AAAA,IACzC;AACA,IAAA,IAAI,OAAA,CAAQ,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC7B,MAAA,KAAA,CAAM,KAAK,CAAA,YAAA,EAAe,OAAA,CAAQ,OAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,IACvD;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;;;ACplBO,IAAM,qBAAA,GAAwB","file":"index.cjs","sourcesContent":["/*\n Audit Entry Creation and Validation (v0.9.27+)\n \n Functions for creating and validating PEAC audit entries.\n /\n\nimport type {\n AuditEntry,\n AuditEventType,\n AuditSeverity,\n CreateAuditEntryOptions,\n TraceContext,\n} from './types.js';\n\n/* PEAC audit format version /\nexport const AUDIT_VERSION = 'peac.audit/0.9' as const;\n\n/\n Valid audit event types.\n /\nexport const AUDIT_EVENT_TYPES: readonly AuditEventType[] = [\n 'receipt_issued',\n 'receipt_verified',\n 'receipt_denied',\n 'access_decision',\n 'dispute_filed',\n 'dispute_acknowledged',\n 'dispute_resolved',\n 'dispute_rejected',\n 'dispute_appealed',\n 'dispute_final',\n 'attribution_created',\n 'attribution_verified',\n 'identity_verified',\n 'identity_rejected',\n 'policy_evaluated',\n] as const;\n\n/\n Valid severity levels.\n /\nexport const AUDIT_SEVERITIES: readonly AuditSeverity[] = [\n 'info',\n 'warn',\n 'error',\n 'critical',\n] as const;\n\n/\n ULID-compatible ID generator.\n * Uses timestamp prefix + random suffix for time-ordered, unique IDs.\n \n Format: 26 uppercase alphanumeric characters (Crockford Base32)\n /\nexport function generateAuditId(): string {\n // Crockford Base32 alphabet (excludes I, L, O, U)\n const ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';\n\n // Timestamp component (10 chars, milliseconds since epoch)\n const now = Date.now();\n let timestampPart = '';\n let time = now;\n for (let i = 0; i < 10; i++) {\n timestampPart = ALPHABET[time % 32] + timestampPart;\n time = Math.floor(time / 32);\n }\n\n // Random component (16 chars)\n let randomPart = '';\n for (let i = 0; i < 16; i++) {\n randomPart += ALPHABET[Math.floor(Math.random() 32)];\n }\n\n return timestampPart + randomPart;\n}\n\n/*\n Validate ULID format.\n \n @param id - ID to validate\n * @returns True if valid ULID format\n /\nexport function isValidUlid(id: string): boolean {\n return /^[0-9A-HJKMNP-TV-Z]{26}$/.test(id);\n}\n\n/\n Validate trace context format.\n \n @param trace - Trace context to validate\n * @returns True if valid W3C Trace Context format\n /\nexport function isValidTraceContext(trace: TraceContext): boolean {\n // Trace ID: 32 hex characters\n if (!/^[0-9a-f]{32}$/i.test(trace.trace_id)) {\n return false;\n }\n\n // Span ID: 16 hex characters\n if (!/^[0-9a-f]{16}$/i.test(trace.span_id)) {\n return false;\n }\n\n // Parent span ID (optional): 16 hex characters\n if (trace.parent_span_id && !/^[0-9a-f]{16}$/i.test(trace.parent_span_id)) {\n return false;\n }\n\n // Trace flags (optional): 2 hex characters\n if (trace.trace_flags && !/^[0-9a-f]{2}$/i.test(trace.trace_flags)) {\n return false;\n }\n\n return true;\n}\n\n/\n Create an audit entry with defaults applied.\n \n @param options - Entry creation options\n * @returns A valid AuditEntry\n \n @example\n * ```typescript\n * const entry = createAuditEntry({\n * event_type: 'receipt_issued',\n * actor: { type: 'system', id: 'peac-issuer' },\n * resource: { type: 'receipt', id: 'jti:rec_abc123' },\n * outcome: { success: true, result: 'issued' },\n * });\n * ```\n /\nexport function createAuditEntry(options: CreateAuditEntryOptions): AuditEntry {\n const entry: AuditEntry = {\n version: AUDIT_VERSION,\n id: options.id ?? generateAuditId(),\n event_type: options.event_type,\n timestamp: options.timestamp ?? new Date().toISOString(),\n severity: options.severity ?? 'info',\n actor: options.actor,\n resource: options.resource,\n outcome: options.outcome,\n };\n\n if (options.trace) {\n entry.trace = options.trace;\n }\n\n if (options.context) {\n entry.context = options.context;\n }\n\n if (options.dispute_ref) {\n entry.dispute_ref = options.dispute_ref;\n }\n\n return entry;\n}\n\n/\n Validation result type.\n /\nexport interface ValidationResult {\n valid: boolean;\n errors: string[];\n}\n\n/\n Validate an audit entry.\n \n @param entry - Entry to validate\n * @returns Validation result with any errors\n /\nexport function validateAuditEntry(entry: unknown): ValidationResult {\n const errors: string[] = [];\n\n if (!entry \|\| typeof entry !== 'object') {\n return { valid: false, errors: ['Entry must be an object'] };\n }\n\n const e = entry as Record<string, unknown>;\n\n // Version check\n if (e.version !== AUDIT_VERSION) {\n errors.push(`Invalid version: expected \"${AUDIT_VERSION}\", got \"${e.version}\"`);\n }\n\n // ID check\n if (typeof e.id !== 'string' \|\| !isValidUlid(e.id)) {\n errors.push('Invalid or missing id (must be ULID format)');\n }\n\n // Event type check\n if (!AUDIT_EVENT_TYPES.includes(e.event_type as AuditEventType)) {\n errors.push(`Invalid event_type: \"${e.event_type}\"`);\n }\n\n // Timestamp check\n if (typeof e.timestamp !== 'string' \|\| isNaN(Date.parse(e.timestamp))) {\n errors.push('Invalid or missing timestamp (must be ISO 8601)');\n }\n\n // Severity check\n if (!AUDIT_SEVERITIES.includes(e.severity as AuditSeverity)) {\n errors.push(`Invalid severity: \"${e.severity}\"`);\n }\n\n // Actor check\n if (!e.actor \|\| typeof e.actor !== 'object') {\n errors.push('Missing or invalid actor');\n } else {\n const actor = e.actor as Record<string, unknown>;\n if (!['user', 'agent', 'system'].includes(actor.type as string)) {\n errors.push(`Invalid actor.type: \"${actor.type}\"`);\n }\n if (typeof actor.id !== 'string' \|\| actor.id.length === 0) {\n errors.push('Actor must have non-empty id');\n }\n }\n\n // Resource check\n if (!e.resource \|\| typeof e.resource !== 'object') {\n errors.push('Missing or invalid resource');\n } else {\n const resource = e.resource as Record<string, unknown>;\n const validTypes = ['receipt', 'attribution', 'identity', 'policy', 'dispute', 'content'];\n if (!validTypes.includes(resource.type as string)) {\n errors.push(`Invalid resource.type: \"${resource.type}\"`);\n }\n if (typeof resource.id !== 'string' \|\| resource.id.length === 0) {\n errors.push('Resource must have non-empty id');\n }\n }\n\n // Outcome check\n if (!e.outcome \|\| typeof e.outcome !== 'object') {\n errors.push('Missing or invalid outcome');\n } else {\n const outcome = e.outcome as Record<string, unknown>;\n if (typeof outcome.success !== 'boolean') {\n errors.push('Outcome must have boolean success field');\n }\n }\n\n // Trace check (optional but must be valid if present)\n if (e.trace) {\n if (!isValidTraceContext(e.trace as TraceContext)) {\n errors.push('Invalid trace context format');\n }\n }\n\n // Dispute ref check (optional but must be valid ULID if present)\n if (e.dispute_ref) {\n if (typeof e.dispute_ref !== 'string' \|\| !isValidUlid(e.dispute_ref)) {\n errors.push('Invalid dispute_ref (must be ULID format)');\n }\n }\n\n return {\n valid: errors.length === 0,\n errors,\n };\n}\n\n/\n Check if an object is a valid audit entry.\n \n @param entry - Object to check\n * @returns True if valid\n /\nexport function isValidAuditEntry(entry: unknown): entry is AuditEntry {\n return validateAuditEntry(entry).valid;\n}\n","/\n JSONL Formatting and Parsing (v0.9.27+)\n \n JSONL (JSON Lines) is the normative format for PEAC audit logs.\n * Each line is a complete, valid JSON object representing one audit entry.\n \n @see https://jsonlines.org/\n /\n\nimport type { AuditEntry, JsonlOptions, JsonlParseOptions } from './types.js';\nimport { isValidAuditEntry } from './entry.js';\n\n/\n Format an audit entry to a single JSONL line.\n \n @param entry - Audit entry to format\n * @param options - Formatting options\n * @returns JSON string (single line unless pretty=true)\n \n @example\n * ```typescript\n * const line = formatJsonlLine(entry);\n * // '{\"version\":\"peac.audit/0.9\",\"id\":\"01ARZ...\",\"event_type\":\"receipt_issued\",...}'\n * ```\n /\nexport function formatJsonlLine(entry: AuditEntry, options?: JsonlOptions): string {\n if (options?.pretty) {\n return JSON.stringify(entry, null, 2);\n }\n return JSON.stringify(entry);\n}\n\n/\n Format multiple audit entries to JSONL format.\n \n @param entries - Array of audit entries\n * @param options - Formatting options\n * @returns JSONL string (one entry per line)\n \n @example\n * ```typescript\n * const jsonl = formatJsonl(entries);\n * // '{\"version\":\"peac.audit/0.9\",...}\\n{\"version\":\"peac.audit/0.9\",...}'\n * ```\n /\nexport function formatJsonl(entries: AuditEntry[], options?: JsonlOptions): string {\n const lines = entries.map((entry) => formatJsonlLine(entry, { pretty: false }));\n const result = lines.join('\\n');\n\n if (options?.trailingNewline && result.length > 0) {\n return result + '\\n';\n }\n\n return result;\n}\n\n/\n Parse result for a single JSONL line.\n /\nexport interface JsonlParseLineResult {\n ok: true;\n entry: AuditEntry;\n lineNumber: number;\n}\n\n/\n Parse error for a single JSONL line.\n /\nexport interface JsonlParseLineError {\n ok: false;\n error: string;\n lineNumber: number;\n raw?: string;\n}\n\n/\n Parse a single JSONL line.\n \n @param line - JSON string to parse\n * @param lineNumber - Line number for error reporting\n * @returns Parse result with entry or error\n /\nexport function parseJsonlLine(\n line: string,\n lineNumber: number = 1\n): JsonlParseLineResult \| JsonlParseLineError {\n const trimmed = line.trim();\n\n // Skip empty lines\n if (trimmed.length === 0) {\n return {\n ok: false,\n error: 'Empty line',\n lineNumber,\n };\n }\n\n try {\n const parsed = JSON.parse(trimmed);\n\n if (!isValidAuditEntry(parsed)) {\n return {\n ok: false,\n error: 'Invalid audit entry structure',\n lineNumber,\n raw: trimmed.length > 100 ? trimmed.substring(0, 100) + '...' : trimmed,\n };\n }\n\n return {\n ok: true,\n entry: parsed,\n lineNumber,\n };\n } catch (e) {\n return {\n ok: false,\n error: e instanceof Error ? e.message : 'JSON parse error',\n lineNumber,\n raw: trimmed.length > 100 ? trimmed.substring(0, 100) + '...' : trimmed,\n };\n }\n}\n\n/\n Parse result for JSONL content.\n /\nexport interface JsonlParseResult {\n /* Successfully parsed entries /\n entries: AuditEntry[];\n\n /* Parse errors (if skipInvalid=true) /\n errors: JsonlParseLineError[];\n\n /* Total lines processed /\n totalLines: number;\n\n /* Lines successfully parsed /\n successCount: number;\n\n /* Lines that failed to parse /\n errorCount: number;\n}\n\n/\n Parse JSONL content to audit entries.\n \n @param content - JSONL string content\n * @param options - Parsing options\n * @returns Parse result with entries and errors\n \n @example\n * ```typescript\n * const result = parseJsonl(jsonlContent, { skipInvalid: true });\n * console.log(`Parsed ${result.successCount}/${result.totalLines} entries`);\n * ```\n /\nexport function parseJsonl(content: string, options?: JsonlParseOptions): JsonlParseResult {\n const lines = content.split('\\n');\n const entries: AuditEntry[] = [];\n const errors: JsonlParseLineError[] = [];\n const maxLines = options?.maxLines ?? 0;\n let processed = 0;\n\n for (let i = 0; i < lines.length; i++) {\n const line = lines[i];\n const lineNumber = i + 1;\n\n // Skip empty lines\n if (line.trim().length === 0) {\n continue;\n }\n\n // Check max lines limit\n if (maxLines > 0 && processed >= maxLines) {\n break;\n }\n\n processed++;\n\n const result = parseJsonlLine(line, lineNumber);\n\n if (result.ok) {\n entries.push(result.entry);\n } else {\n if (options?.skipInvalid) {\n errors.push(result);\n } else {\n // Return immediately on first error if not skipping\n return {\n entries,\n errors: [result],\n totalLines: processed,\n successCount: entries.length,\n errorCount: 1,\n };\n }\n }\n }\n\n return {\n entries,\n errors,\n totalLines: processed,\n successCount: entries.length,\n errorCount: errors.length,\n };\n}\n\n/\n Stream-friendly JSONL line appender.\n \n Creates a function that appends audit entries to a string buffer\n * in JSONL format, suitable for streaming to files or network.\n \n @param options - Formatting options\n * @returns Appender function\n \n @example\n * ```typescript\n * const appender = createJsonlAppender();\n * for (const entry of entries) {\n * const line = appender(entry);\n * await stream.write(line);\n * }\n * ```\n /\nexport function createJsonlAppender(options?: JsonlOptions): (entry: AuditEntry) => string {\n return (entry: AuditEntry): string => {\n const line = formatJsonlLine(entry, { pretty: false });\n return line + '\\n';\n };\n}\n","/\n Case Bundle Generation (v0.9.27+)\n \n Case bundles collect related audit entries for dispute resolution.\n * They provide a comprehensive view of all events related to a dispute.\n /\n\nimport type {\n AuditEntry,\n AuditSeverity,\n CaseBundle,\n CaseBundleSummary,\n CreateCaseBundleOptions,\n} from './types.js';\n\n/* PEAC case bundle format version /\nexport const BUNDLE_VERSION = 'peac.bundle/0.9' as const;\n\n/\n Create a case bundle from audit entries.\n \n @param options - Bundle creation options\n * @returns A CaseBundle with entries and summary\n \n @example\n * ```typescript\n * const bundle = createCaseBundle({\n * dispute_ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * generated_by: 'https://platform.example.com',\n * entries: auditEntries,\n * });\n * ```\n /\nexport function createCaseBundle(options: CreateCaseBundleOptions): CaseBundle {\n // Sort entries chronologically\n const sortedEntries = [...options.entries].sort(\n (a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()\n );\n\n // Collect unique trace IDs\n const traceIds = new Set<string>();\n for (const entry of sortedEntries) {\n if (entry.trace?.trace_id) {\n traceIds.add(entry.trace.trace_id);\n }\n }\n\n // Generate summary\n const summary = generateBundleSummary(sortedEntries);\n\n return {\n version: BUNDLE_VERSION,\n dispute_ref: options.dispute_ref,\n generated_at: new Date().toISOString(),\n generated_by: options.generated_by,\n entries: sortedEntries,\n trace_ids: Array.from(traceIds),\n summary,\n };\n}\n\n/\n Generate summary statistics for a set of audit entries.\n \n @param entries - Sorted audit entries\n * @returns Summary statistics\n /\nexport function generateBundleSummary(entries: AuditEntry[]): CaseBundleSummary {\n // Count by event type\n const byEventType: Record<string, number> = {};\n for (const entry of entries) {\n byEventType[entry.event_type] = (byEventType[entry.event_type] ?? 0) + 1;\n }\n\n // Count by severity\n const bySeverity: Record<AuditSeverity, number> = {\n info: 0,\n warn: 0,\n error: 0,\n critical: 0,\n };\n for (const entry of entries) {\n bySeverity[entry.severity]++;\n }\n\n // Collect unique actors and resources\n const actors = new Set<string>();\n const resources = new Set<string>();\n for (const entry of entries) {\n actors.add(`${entry.actor.type}:${entry.actor.id}`);\n resources.add(`${entry.resource.type}:${entry.resource.id}`);\n }\n\n // First and last timestamps\n const firstEvent = entries.length > 0 ? entries[0].timestamp : '';\n const lastEvent = entries.length > 0 ? entries[entries.length - 1].timestamp : '';\n\n return {\n entry_count: entries.length,\n by_event_type: byEventType,\n by_severity: bySeverity,\n first_event: firstEvent,\n last_event: lastEvent,\n actor_count: actors.size,\n resource_count: resources.size,\n };\n}\n\n/\n Filter entries by dispute reference.\n \n @param entries - All audit entries\n * @param disputeRef - Dispute reference to filter by\n * @returns Entries related to the dispute\n /\nexport function filterByDispute(entries: AuditEntry[], disputeRef: string): AuditEntry[] {\n return entries.filter((entry) => entry.dispute_ref === disputeRef);\n}\n\n/\n Filter entries by trace ID.\n \n @param entries - All audit entries\n * @param traceId - Trace ID to filter by\n * @returns Entries with matching trace ID\n /\nexport function filterByTraceId(entries: AuditEntry[], traceId: string): AuditEntry[] {\n return entries.filter((entry) => entry.trace?.trace_id === traceId);\n}\n\n/\n Filter entries by time range.\n \n @param entries - All audit entries\n * @param start - Start of time range (ISO 8601)\n * @param end - End of time range (ISO 8601)\n * @returns Entries within the time range (inclusive)\n /\nexport function filterByTimeRange(entries: AuditEntry[], start: string, end: string): AuditEntry[] {\n const startTime = new Date(start).getTime();\n const endTime = new Date(end).getTime();\n\n return entries.filter((entry) => {\n const entryTime = new Date(entry.timestamp).getTime();\n return entryTime >= startTime && entryTime <= endTime;\n });\n}\n\n/\n Filter entries by resource.\n \n @param entries - All audit entries\n * @param resourceType - Resource type to filter by\n * @param resourceId - Resource ID (optional, filters by type only if not provided)\n * @returns Entries affecting the specified resource\n /\nexport function filterByResource(\n entries: AuditEntry[],\n resourceType: string,\n resourceId?: string\n): AuditEntry[] {\n return entries.filter((entry) => {\n if (entry.resource.type !== resourceType) {\n return false;\n }\n if (resourceId && entry.resource.id !== resourceId) {\n return false;\n }\n return true;\n });\n}\n\n/\n Correlation result for trace analysis.\n /\nexport interface TraceCorrelation {\n /* Trace ID /\n trace_id: string;\n\n /* Entries in this trace /\n entries: AuditEntry[];\n\n /* Span IDs in this trace /\n span_ids: string[];\n\n /* Time span (first to last entry) in milliseconds /\n duration_ms: number;\n}\n\n/\n Correlate entries by trace ID.\n \n Groups entries by their trace ID and computes correlation metrics.\n \n @param entries - Audit entries with trace context\n * @returns Array of trace correlations\n /\nexport function correlateByTrace(entries: AuditEntry[]): TraceCorrelation[] {\n // Group by trace ID\n const byTrace = new Map<string, AuditEntry[]>();\n\n for (const entry of entries) {\n if (entry.trace?.trace_id) {\n const existing = byTrace.get(entry.trace.trace_id) ?? [];\n existing.push(entry);\n byTrace.set(entry.trace.trace_id, existing);\n }\n }\n\n // Build correlations\n const correlations: TraceCorrelation[] = [];\n\n for (const [traceId, traceEntries] of byTrace) {\n // Sort by timestamp\n const sorted = [...traceEntries].sort(\n (a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()\n );\n\n // Collect unique span IDs\n const spanIds = new Set<string>();\n for (const entry of sorted) {\n if (entry.trace?.span_id) {\n spanIds.add(entry.trace.span_id);\n }\n }\n\n // Calculate duration\n const firstTime = new Date(sorted[0].timestamp).getTime();\n const lastTime = new Date(sorted[sorted.length - 1].timestamp).getTime();\n\n correlations.push({\n trace_id: traceId,\n entries: sorted,\n span_ids: Array.from(spanIds),\n duration_ms: lastTime - firstTime,\n });\n }\n\n return correlations;\n}\n\n/\n Serialize a case bundle to JSON.\n \n @param bundle - Case bundle to serialize\n * @param pretty - Pretty print (default: false)\n * @returns JSON string\n /\nexport function serializeBundle(bundle: CaseBundle, pretty: boolean = false): string {\n if (pretty) {\n return JSON.stringify(bundle, null, 2);\n }\n return JSON.stringify(bundle);\n}\n","/\n Dispute Bundle Types (v0.9.30+)\n \n DisputeBundle is a ZIP archive containing receipts, keys, and policy\n * for offline verification and audit. Distinct from CaseBundle (JSONL).\n \n Key design principles:\n * 1. ZIP is transport container, not what we hash\n * 2. Deterministic integrity at content layer (JCS-canonicalized manifest)\n * 3. receipts.ndjson format for determinism + streaming\n * 4. bundle.sig for authenticity\n /\n\n/\n Bundle format version.\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern.\n * The `kind` field distinguishes bundle types (dispute, audit, etc.).\n /\nexport const BUNDLE_VERSION = 'peac-bundle/0.1' as const;\n\n/\n @deprecated Use BUNDLE_VERSION instead. Will be removed in v1.0.\n /\nexport const DISPUTE_BUNDLE_VERSION = BUNDLE_VERSION;\n\n/\n Verification report format version.\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern.\n /\nexport const VERIFICATION_REPORT_VERSION = 'peac-verification-report/0.1' as const;\n\n/\n Bundle kind - identifies the purpose of the bundle.\n /\nexport type BundleKind = 'dispute' \| 'audit' \| 'archive';\n\n/\n File entry in the bundle manifest.\n * Each file has a SHA-256 hash for integrity verification.\n /\nexport interface ManifestFileEntry {\n /* Relative path within the bundle (e.g., \"receipts.ndjson\", \"keys/keys.json\") /\n path: string;\n\n /* SHA-256 hash of file contents (hex-encoded, lowercase) /\n sha256: string;\n\n /* File size in bytes /\n size: number;\n}\n\n/\n Receipt entry in the manifest.\n * Provides receipt metadata for ordering and lookup.\n /\nexport interface ManifestReceiptEntry {\n /* Receipt ID (from claims.jti) /\n receipt_id: string;\n\n /* When the receipt was issued (ISO 8601) /\n issued_at: string;\n\n /* SHA-256 hash of the JWS bytes (for deduplication and ordering) /\n receipt_hash: string;\n}\n\n/\n Key entry in the manifest.\n * Maps key IDs to their algorithms.\n /\nexport interface ManifestKeyEntry {\n /* Key ID (kid from JWK) /\n kid: string;\n\n /* Key algorithm (e.g., \"EdDSA\") /\n alg: string;\n}\n\n/\n Bundle time range.\n * All receipts must have issued_at within this range.\n /\nexport interface BundleTimeRange {\n /* Earliest receipt issued_at (ISO 8601) /\n start: string;\n\n /* Latest receipt issued_at (ISO 8601) /\n end: string;\n}\n\n/\n Bundle reference - identifies what this bundle is for.\n * Format: sha256:<hex> for hash-based refs, or ULID/UUID for ID refs.\n /\nexport interface BundleRef {\n /* Reference type /\n type: 'dispute' \| 'receipt' \| 'audit_case' \| 'external';\n\n /* Reference ID (ULID, UUID, or sha256:<hex> hash) /\n id: string;\n}\n\n/\n Bundle manifest (manifest.json).\n \n The manifest is the source of truth for bundle integrity.\n * `content_hash` is sha256:<hex> of JCS(manifest without content_hash).\n /\nexport interface DisputeBundleManifest {\n /* Bundle format version (peac-bundle/0.1) /\n version: typeof BUNDLE_VERSION;\n\n /* Bundle kind - what type of bundle this is /\n kind: BundleKind;\n\n /* Unique bundle identifier (ULID) /\n bundle_id: string;\n\n /* What this bundle references (replaces dispute_ref) /\n refs: BundleRef[];\n\n /\n @deprecated Use refs instead. Will be removed in v1.0.\n * Dispute reference this bundle is for (ULID)\n /\n dispute_ref?: string;\n\n /* Who created the bundle (URI) /\n created_by: string;\n\n /* When the bundle was created (ISO 8601) /\n created_at: string;\n\n /* Time range covered by receipts /\n time_range: BundleTimeRange;\n\n /* Receipt entries (sorted by issued_at, then receipt_id, then receipt_hash) /\n receipts: ManifestReceiptEntry[];\n\n /* Key entries (sorted by kid) /\n keys: ManifestKeyEntry[];\n\n /* All files in the bundle (sorted by path) /\n files: ManifestFileEntry[];\n\n /* sha256:<hex> hash of policy.yaml if included /\n policy_hash?: string;\n\n /\n sha256:<hex> hash of peac.txt file if included (DD-49).\n \n Enables offline policy binding verification: verifiers can compare this\n * hash against the policy digest in Wire 0.2 receipts to confirm the policy\n * in effect at issuance time matches what is bundled.\n \n Bundle path: policy/peac.txt (locked convention).\n /\n peac_txt_hash?: string;\n\n /* sha256:<hex> of JCS(manifest without content_hash) - deterministic bundle hash /\n content_hash: string;\n}\n\n/\n Options for creating a dispute bundle.\n /\nexport interface CreateDisputeBundleOptions {\n /* Bundle kind (defaults to 'dispute') /\n kind?: BundleKind;\n\n /* Bundle references (what this bundle is for) /\n refs?: BundleRef[];\n\n /\n @deprecated Use refs instead. Will be removed in v1.0.\n * Dispute reference (ULID)\n /\n dispute_ref?: string;\n\n /* Who is creating the bundle (URI) /\n created_by: string;\n\n /* Receipt JWS strings to include /\n receipts: string[];\n\n /* JWKS containing public keys for verification /\n keys: JsonWebKeySet;\n\n /* Optional policy YAML content /\n policy?: string;\n\n /\n Optional peac.txt file content (DD-49).\n \n If provided, stored as policy/peac.txt in the bundle and its SHA-256\n * hash is recorded in the manifest as peac_txt_hash.\n \n Bundle path: policy/peac.txt (locked convention).\n /\n peac_txt?: string;\n\n /* Optional bundle ID (generated if not provided) /\n bundle_id?: string;\n\n /* Optional created_at timestamp (for deterministic fixtures) /\n created_at?: string;\n\n /* Optional signing key for bundle.sig (Ed25519 private key, 32 bytes) /\n signing_key?: Uint8Array;\n\n /* Key ID for bundle.sig (required if signing_key is provided) /\n signing_kid?: string;\n}\n\n/\n JSON Web Key Set (JWKS) structure.\n /\nexport interface JsonWebKeySet {\n keys: JsonWebKey[];\n}\n\n/\n JSON Web Key (JWK) with required fields for PEAC.\n /\nexport interface JsonWebKey {\n /* Key type (e.g., \"OKP\" for Ed25519) /\n kty: string;\n\n /* Key ID /\n kid: string;\n\n /* Algorithm (e.g., \"EdDSA\") /\n alg?: string;\n\n /* Curve (e.g., \"Ed25519\") /\n crv?: string;\n\n /* Public key (base64url) /\n x?: string;\n\n /* Key use (e.g., \"sig\") /\n use?: string;\n\n /* Additional properties /\n [key: string]: unknown;\n}\n\n/\n Result of reading a dispute bundle.\n /\nexport interface DisputeBundleContents {\n /* Parsed manifest /\n manifest: DisputeBundleManifest;\n\n /* Receipt JWS strings by receipt_id /\n receipts: Map<string, string>;\n\n /* JWKS containing all keys /\n keys: JsonWebKeySet;\n\n /* Policy content if present /\n policy?: string;\n\n /* peac.txt file content if present (DD-49) /\n peac_txt?: string;\n\n /* bundle.sig JWS if present /\n bundle_sig?: string;\n}\n\n/\n Receipt verification result.\n /\nexport interface ReceiptVerificationResult {\n /* Receipt ID /\n receipt_id: string;\n\n /* Whether signature is valid /\n signature_valid: boolean;\n\n /* Whether claims are valid /\n claims_valid: boolean;\n\n /* Key ID used to sign /\n key_id?: string;\n\n /* Error codes if invalid /\n errors: string[];\n\n /* Parsed claims if valid /\n claims?: Record<string, unknown>;\n}\n\n/\n Key usage tracking.\n /\nexport interface KeyUsageEntry {\n /* Key ID /\n kid: string;\n\n /* Number of receipts signed with this key /\n receipts_signed: number;\n\n /* Receipt IDs signed with this key /\n receipt_ids: string[];\n}\n\n/\n Auditor-friendly summary.\n /\nexport interface AuditorSummary {\n /* One-line headline (e.g., \"17/20 receipts valid\") /\n headline: string;\n\n /* List of issues found /\n issues: string[];\n\n /* Recommendation based on findings /\n recommendation: 'valid' \| 'invalid' \| 'needs_review';\n}\n\n/\n Bundle signature verification result.\n /\nexport interface BundleSignatureResult {\n /* Whether bundle.sig was present /\n present: boolean;\n\n /* Whether the signature is valid (only set if present) /\n valid?: boolean;\n\n /* Key ID used to sign the bundle (only set if present) /\n key_id?: string;\n\n /* Error if signature verification failed /\n error?: string;\n}\n\n/\n Deterministic verification report.\n \n This is the canonical output format for bundle verification.\n * `report_hash` is SHA-256 of JCS(report without report_hash).\n /\nexport interface VerificationReport {\n /* Report format version /\n version: typeof VERIFICATION_REPORT_VERSION;\n\n /* Bundle content hash (from manifest) /\n bundle_content_hash: string;\n\n /* Bundle signature verification result /\n bundle_signature: BundleSignatureResult;\n\n /* Summary counts /\n summary: {\n total_receipts: number;\n valid: number;\n invalid: number;\n };\n\n /* Individual receipt results (sorted by receipt_id) /\n receipts: ReceiptVerificationResult[];\n\n /* Keys used in verification (sorted by kid) /\n keys_used: KeyUsageEntry[];\n\n /* Human-friendly summary /\n auditor_summary: AuditorSummary;\n\n /* SHA-256 of JCS(report without report_hash) - deterministic report hash /\n report_hash: string;\n}\n\n/\n Options for bundle verification.\n /\nexport interface VerifyBundleOptions {\n /* Use only keys from the bundle (no external key fetching) /\n offline: boolean;\n\n /* Custom time for validation (defaults to now) /\n now?: Date;\n}\n\n/\n Bundle read/write error.\n /\nexport interface BundleError {\n /* Error code (E_BUNDLE_) /\n code: string;\n\n /** Human-readable message /\n message: string;\n\n /* Additional context /\n details?: Record<string, unknown>;\n}\n\n/\n Result type for bundle operations.\n /\nexport type BundleResult<T> = { ok: true; value: T } \| { ok: false; error: BundleError };\n","/\n Dispute Bundle (v0.9.30+)\n \n DisputeBundle is a ZIP archive containing receipts, keys, and policy\n * for offline verification and audit.\n \n Key design principles:\n * 1. ZIP is transport container, not what we hash - deterministic integrity at content layer\n * 2. bundle.sig provides authenticity (JWS over content_hash)\n * 3. receipts.ndjson format for determinism + streaming\n * 4. Real Ed25519 signature verification\n /\n\nimport { createHash } from 'node:crypto';\nimport { posix as pathPosix } from 'node:path';\nimport { canonicalize } from '@peac/crypto';\nimport { BUNDLE_ERRORS } from '@peac/kernel';\nimport as yazl from 'yazl';\nimport * as yauzl from 'yauzl';\n\nimport type {\n BundleError,\n BundleResult,\n BundleTimeRange,\n CreateDisputeBundleOptions,\n DisputeBundleContents,\n DisputeBundleManifest,\n JsonWebKey,\n JsonWebKeySet,\n ManifestFileEntry,\n ManifestKeyEntry,\n ManifestReceiptEntry,\n} from './dispute-bundle-types.js';\n\nimport { BUNDLE_VERSION, type BundleKind, type BundleRef } from './dispute-bundle-types.js';\n\n// ============================================================================\n// Constants and Limits (DoS protection)\n// ============================================================================\n\n/** Maximum number of entries in a bundle ZIP /\nconst MAX_ZIP_ENTRIES = 10000;\n\n/* Maximum uncompressed size per entry (64MB) /\nconst MAX_ENTRY_SIZE = 64 1024 * 1024;\n\n/** Maximum total uncompressed size (512MB) /\nconst MAX_TOTAL_SIZE = 512 1024 * 1024;\n\n/** Maximum receipts in a bundle /\nconst MAX_RECEIPTS = 10000;\n\n/* Allowed path prefixes in bundle /\nconst ALLOWED_PATHS = ['manifest.json', 'bundle.sig', 'receipts.ndjson', 'keys/', 'policy/'];\n\n// ============================================================================\n// Error Codes (from @peac/kernel - generated from specs/kernel/errors.json)\n// ============================================================================\n\n/\n Re-export BUNDLE_ERRORS as BundleErrorCodes for backwards compatibility\n * @deprecated Use BUNDLE_ERRORS from @peac/kernel directly\n /\nexport const BundleErrorCodes = BUNDLE_ERRORS;\n\n// ============================================================================\n// Utilities\n// ============================================================================\n\n/* Crockford's Base32 alphabet for ULID /\nconst ULID_ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';\n\n/\n Generate a spec-compliant ULID (Universally Unique Lexicographically Sortable Identifier)\n \n ULID format: 26 characters using Crockford's Base32\n * - 10 chars timestamp (48 bits, ms since Unix epoch) - lexicographically sortable\n * - 16 chars randomness (80 bits from crypto.randomBytes)\n \n @see https://github.com/ulid/spec\n /\nfunction generateBundleId(): string {\n const timestamp = Date.now();\n\n // Encode 48-bit timestamp as 10 Crockford Base32 characters\n // Each character encodes 5 bits, but we encode from most significant\n const timestampChars: string[] = [];\n let ts = timestamp;\n for (let i = 9; i >= 0; i--) {\n timestampChars[i] = ULID_ALPHABET[ts % 32];\n ts = Math.floor(ts / 32);\n }\n\n // Generate 80 bits of randomness (16 Crockford Base32 characters)\n // Use crypto.randomBytes for cryptographic randomness\n const { randomBytes: cryptoRandomBytes } = require('node:crypto') as typeof import('node:crypto');\n const randBytes = cryptoRandomBytes(10); // 80 bits = 10 bytes\n const randomChars: string[] = [];\n\n // Encode 10 bytes as 16 base32 characters\n // Each base32 char = 5 bits, so we need to carefully extract 5-bit groups\n // We'll use BigInt for clean 80-bit handling\n let randomValue = BigInt(0);\n for (let i = 0; i < 10; i++) {\n randomValue = (randomValue << BigInt(8)) \| BigInt(randBytes[i]);\n }\n\n // Extract 16 characters (5 bits each) from the 80-bit value\n for (let i = 15; i >= 0; i--) {\n randomChars[i] = ULID_ALPHABET[Number(randomValue & BigInt(0x1f))];\n randomValue = randomValue >> BigInt(5);\n }\n\n return timestampChars.join('') + randomChars.join('');\n}\n\n/\n Compute SHA-256 hash of data with self-describing format.\n * Returns `sha256:<64 lowercase hex chars>` format.\n /\nfunction sha256Hex(data: string \| Buffer): string {\n const hash = createHash('sha256');\n hash.update(data);\n return `sha256:${hash.digest('hex')}`;\n}\n\n/* Decode base64url to Buffer /\nfunction base64urlDecode(str: string): Buffer {\n const padded = str + '='.repeat((4 - (str.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n return Buffer.from(base64, 'base64');\n}\n\n/* Parse JWS compact serialization to extract header and payload /\nfunction parseJws(jws: string): {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n signature: Buffer;\n signingInput: string;\n} \| null {\n const parts = jws.split('.');\n if (parts.length !== 3) {\n return null;\n }\n\n try {\n const headerJson = base64urlDecode(parts[0]).toString('utf8');\n const payloadJson = base64urlDecode(parts[1]).toString('utf8');\n return {\n header: JSON.parse(headerJson) as Record<string, unknown>,\n payload: JSON.parse(payloadJson) as Record<string, unknown>,\n signature: base64urlDecode(parts[2]),\n signingInput: `${parts[0]}.${parts[1]}`,\n };\n } catch {\n return null;\n }\n}\n\n/* Create a bundle error /\nfunction bundleError(\n code: string,\n message: string,\n details?: Record<string, unknown>\n): BundleError {\n return { code, message, details };\n}\n\n/\n Convert a yauzl ZIP error to the appropriate bundle error.\n * Detects path traversal attempts that yauzl catches and maps them to PATH_TRAVERSAL.\n /\nfunction handleZipError(zipErr: Error): BundleError {\n // Detect yauzl path validation errors and map to PATH_TRAVERSAL\n // yauzl throws \"invalid relative path\" for zip-slip attempts\n const isPathError =\n zipErr.message.includes('invalid relative path') \|\|\n zipErr.message.includes('absolute path') \|\|\n zipErr.message.includes('..') \|\|\n zipErr.message.includes('\\\\');\n\n if (isPathError) {\n return bundleError(BundleErrorCodes.PATH_TRAVERSAL, `Unsafe path in bundle: ${zipErr.message}`);\n }\n return bundleError(BundleErrorCodes.INVALID_FORMAT, `ZIP error: ${zipErr.message}`);\n}\n\n/\n Virtual root for path containment checks.\n * Using a fixed virtual root allows resolve-based containment verification.\n /\nconst VIRTUAL_ROOT = '/bundle';\n\n/\n Validate path for zip-slip and path traversal attacks.\n \n Security measures:\n * 1. Reject backslashes (Windows path separators can bypass Unix checks)\n * 2. Reject null bytes (can bypass string-based checks)\n * 3. Normalize with posix.normalize to handle . and .. components\n * 4. Reject absolute paths (starting with /)\n * 5. Reject paths that escape via .. after normalization\n * 6. Resolve-based containment check (defense in depth)\n * 7. Only allow explicitly whitelisted path prefixes\n /\nfunction isPathSafe(entryPath: string): boolean {\n // Reject backslashes - often used for zip-slip on Unix systems\n // since many ZIP tools will accept both separators\n if (entryPath.includes('\\\\')) return false;\n\n // Reject null bytes (can be used to bypass checks)\n if (entryPath.includes('\\0')) return false;\n\n // Normalize the path to resolve . and .. components\n const normalized = pathPosix.normalize(entryPath);\n\n // After normalization, reject if:\n // - Starts with / (absolute path)\n // - Starts with .. (escapes bundle root)\n // - Is exactly . (current dir, not a valid file)\n if (normalized.startsWith('/')) return false;\n if (normalized.startsWith('..')) return false;\n if (normalized === '.') return false;\n\n // Defense in depth: resolve-based containment check\n // Resolve the path relative to a virtual root and verify it stays contained\n const resolved = pathPosix.resolve(VIRTUAL_ROOT, normalized);\n if (!resolved.startsWith(VIRTUAL_ROOT + '/') && resolved !== VIRTUAL_ROOT) {\n return false;\n }\n\n // Only allow explicitly whitelisted paths\n return ALLOWED_PATHS.some((prefix) => normalized === prefix \|\| normalized.startsWith(prefix));\n}\n\n/* Convert JWK to raw Ed25519 public key bytes /\nfunction jwkToEd25519PublicKey(jwk: JsonWebKey): Buffer \| null {\n if (jwk.kty !== 'OKP' \|\| jwk.crv !== 'Ed25519' \|\| !jwk.x) {\n return null;\n }\n return base64urlDecode(jwk.x);\n}\n\n// ============================================================================\n// Bundle Creation\n// ============================================================================\n\n/\n Create a dispute bundle from receipts, keys, and optional policy.\n /\nexport async function createDisputeBundle(\n options: CreateDisputeBundleOptions\n): Promise<BundleResult<Buffer>> {\n const {\n kind = 'dispute',\n refs,\n dispute_ref,\n created_by,\n receipts,\n keys,\n policy,\n peac_txt,\n bundle_id,\n created_at,\n signing_key,\n signing_kid,\n } = options;\n\n // Build refs from either new refs or deprecated dispute_ref\n const bundleRefs: BundleRef[] =\n refs ?? (dispute_ref ? [{ type: 'dispute', id: dispute_ref }] : []);\n\n // Validate receipts\n if (receipts.length === 0) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.MISSING_RECEIPTS, 'No receipts provided'),\n };\n }\n\n if (receipts.length > MAX_RECEIPTS) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Too many receipts: ${receipts.length} > ${MAX_RECEIPTS}`\n ),\n };\n }\n\n // Validate keys\n if (keys.keys.length === 0) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.MISSING_KEYS, 'No keys provided in JWKS'),\n };\n }\n\n // Parse receipts and detect duplicates\n const receiptEntries: ManifestReceiptEntry[] = [];\n const seenReceiptIds = new Set<string>();\n const ndjsonLines: string[] = [];\n let minIssuedAt: string \| undefined;\n let maxIssuedAt: string \| undefined;\n\n for (let i = 0; i < receipts.length; i++) {\n const jws = receipts[i];\n const parsed = parseJws(jws);\n\n if (!parsed) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.RECEIPT_INVALID, `Invalid JWS at index ${i}`),\n };\n }\n\n const claims = parsed.payload;\n const receiptId = claims.jti as string \| undefined;\n const issuedAtRaw = claims.iat as number \| string \| undefined;\n\n if (!receiptId) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPT_INVALID,\n `Receipt at index ${i} missing jti claim`\n ),\n };\n }\n\n // Detect duplicates\n if (seenReceiptIds.has(receiptId)) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.DUPLICATE_RECEIPT,\n `Duplicate receipt ID: ${receiptId}`\n ),\n };\n }\n seenReceiptIds.add(receiptId);\n\n // Convert iat to ISO 8601 string\n let issuedAt: string;\n if (typeof issuedAtRaw === 'number') {\n issuedAt = new Date(issuedAtRaw 1000).toISOString();\n } else if (typeof issuedAtRaw === 'string') {\n issuedAt = issuedAtRaw;\n } else {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPT_INVALID,\n `Receipt ${receiptId} missing or invalid iat claim`\n ),\n };\n }\n\n // Track time range\n if (!minIssuedAt \|\| issuedAt < minIssuedAt) minIssuedAt = issuedAt;\n if (!maxIssuedAt \|\| issuedAt > maxIssuedAt) maxIssuedAt = issuedAt;\n\n // Compute receipt hash (SHA-256 of JWS bytes)\n const receiptHash = sha256Hex(Buffer.from(jws, 'utf8'));\n\n receiptEntries.push({\n receipt_id: receiptId,\n issued_at: issuedAt,\n receipt_hash: receiptHash,\n });\n\n ndjsonLines.push(jws);\n }\n\n // Sort receipts by (issued_at, receipt_id, receipt_hash) for determinism\n const sortedIndices = receiptEntries\n .map((entry, i) => ({ entry, i }))\n .sort((a, b) => {\n if (a.entry.issued_at !== b.entry.issued_at) {\n return a.entry.issued_at.localeCompare(b.entry.issued_at);\n }\n if (a.entry.receipt_id !== b.entry.receipt_id) {\n return a.entry.receipt_id.localeCompare(b.entry.receipt_id);\n }\n return a.entry.receipt_hash.localeCompare(b.entry.receipt_hash);\n });\n\n const sortedReceiptEntries = sortedIndices.map((x) => x.entry);\n const sortedNdjsonLines = sortedIndices.map((x) => ndjsonLines[x.i]);\n\n // Create receipts.ndjson content\n const receiptsNdjson = sortedNdjsonLines.join('\\n') + '\\n';\n const receiptsNdjsonBytes = Buffer.from(receiptsNdjson, 'utf8');\n\n // Process keys\n const keyEntries: ManifestKeyEntry[] = keys.keys.map((key) => ({\n kid: key.kid,\n alg: key.alg ?? 'EdDSA',\n }));\n keyEntries.sort((a, b) => a.kid.localeCompare(b.kid));\n\n const keysJson = JSON.stringify(keys, null, 2);\n const keysBytes = Buffer.from(keysJson, 'utf8');\n\n // Build file entries\n const fileEntries: ManifestFileEntry[] = [\n {\n path: 'receipts.ndjson',\n sha256: sha256Hex(receiptsNdjsonBytes),\n size: receiptsNdjsonBytes.length,\n },\n {\n path: 'keys/keys.json',\n sha256: sha256Hex(keysBytes),\n size: keysBytes.length,\n },\n ];\n\n // Process policy if present\n let policyHash: string \| undefined;\n let policyBytes: Buffer \| undefined;\n\n if (policy) {\n policyBytes = Buffer.from(policy, 'utf8');\n policyHash = sha256Hex(policyBytes);\n fileEntries.push({\n path: 'policy/policy.yaml',\n sha256: policyHash,\n size: policyBytes.length,\n });\n }\n\n // Include peac.txt if provided (DD-49)\n // Bundle path: policy/peac.txt (locked convention)\n let peacTxtBytes: Buffer \| undefined;\n let peacTxtHash: string \| undefined;\n\n if (peac_txt) {\n peacTxtBytes = Buffer.from(peac_txt, 'utf8');\n peacTxtHash = sha256Hex(peacTxtBytes);\n fileEntries.push({\n path: 'policy/peac.txt',\n sha256: peacTxtHash,\n size: peacTxtBytes.length,\n });\n }\n\n // Sort files by path\n fileEntries.sort((a, b) => a.path.localeCompare(b.path));\n\n // Build manifest (without content_hash first)\n const timeRange: BundleTimeRange = {\n start: minIssuedAt!,\n end: maxIssuedAt!,\n };\n\n const manifestWithoutHash: Omit<DisputeBundleManifest, 'content_hash'> = {\n version: BUNDLE_VERSION,\n kind,\n bundle_id: bundle_id ?? generateBundleId(),\n refs: bundleRefs,\n // Include deprecated dispute_ref for backwards compatibility\n dispute_ref: dispute_ref,\n created_by,\n created_at: created_at ?? new Date().toISOString(),\n time_range: timeRange,\n receipts: sortedReceiptEntries,\n keys: keyEntries,\n files: fileEntries,\n };\n\n if (policyHash) {\n (manifestWithoutHash as DisputeBundleManifest).policy_hash = policyHash;\n }\n\n if (peacTxtHash) {\n (manifestWithoutHash as DisputeBundleManifest).peac_txt_hash = peacTxtHash;\n }\n\n // Compute content_hash = SHA-256 of JCS(manifest without content_hash)\n const contentHash = sha256Hex(canonicalize(manifestWithoutHash));\n\n const manifest: DisputeBundleManifest = {\n ...manifestWithoutHash,\n content_hash: contentHash,\n };\n\n // Create ZIP archive\n const zipfile = new yazl.ZipFile();\n\n // Use manifest.created_at as the mtime for all entries to ensure deterministic ZIP output\n // Disable compression to ensure byte-identical output across platforms (zlib implementations vary)\n const mtime = new Date(manifest.created_at);\n const zipOptions = { mtime, compress: false };\n\n // Add manifest.json\n const manifestJson = JSON.stringify(manifest, null, 2);\n zipfile.addBuffer(Buffer.from(manifestJson), 'manifest.json', zipOptions);\n\n // Add receipts.ndjson\n zipfile.addBuffer(receiptsNdjsonBytes, 'receipts.ndjson', zipOptions);\n\n // Add keys\n zipfile.addBuffer(keysBytes, 'keys/keys.json', zipOptions);\n\n // Add policy if present\n if (policyBytes) {\n zipfile.addBuffer(policyBytes, 'policy/policy.yaml', zipOptions);\n }\n\n // Add peac.txt if present (DD-49)\n if (peacTxtBytes) {\n zipfile.addBuffer(peacTxtBytes, 'policy/peac.txt', zipOptions);\n }\n\n // Add bundle.sig if signing key is provided\n if (signing_key && signing_kid) {\n const sigResult = await createBundleSignature(contentHash, signing_key, signing_kid);\n if (!sigResult.ok) {\n return sigResult;\n }\n zipfile.addBuffer(Buffer.from(sigResult.value), 'bundle.sig', zipOptions);\n }\n\n // Finalize and collect the ZIP buffer\n return new Promise((resolve) => {\n const chunks: Buffer[] = [];\n\n zipfile.outputStream\n .on('data', (chunk: Buffer) => chunks.push(chunk))\n .on('end', () => {\n resolve({ ok: true, value: Buffer.concat(chunks) });\n })\n .on('error', (err: Error) => {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to create ZIP: ${err.message}`\n ),\n });\n });\n\n zipfile.end();\n });\n}\n\n/*\n Create bundle.sig JWS over the content_hash\n /\nasync function createBundleSignature(\n contentHash: string,\n privateKey: Uint8Array,\n kid: string\n): Promise<BundleResult<string>> {\n try {\n const { sign } = await import('@peac/crypto');\n const jws = await sign({ content_hash: contentHash }, privateKey, kid);\n return { ok: true, value: jws };\n } catch (err) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIGNATURE_INVALID,\n `Failed to create bundle signature: ${(err as Error).message}`\n ),\n };\n }\n}\n\n// ============================================================================\n// Bundle Reading\n// ============================================================================\n\n/\n Read and parse a dispute bundle from a ZIP buffer.\n /\nexport async function readDisputeBundle(\n zipBuffer: Buffer\n): Promise<BundleResult<DisputeBundleContents>> {\n return new Promise((resolve) => {\n yauzl.fromBuffer(zipBuffer, { lazyEntries: true }, (err, zipfile) => {\n if (err \|\| !zipfile) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to open ZIP: ${err?.message ?? 'unknown error'}`\n ),\n });\n return;\n }\n\n const files = new Map<string, Buffer>();\n let entryCount = 0;\n let totalSize = 0; // Claimed total from ZIP metadata\n let actualTotalBytes = 0; // Actual decompressed bytes (defense-in-depth)\n\n zipfile.on('entry', (entry: yauzl.Entry) => {\n if (/\\/$/.test(entry.fileName)) {\n zipfile.readEntry();\n return;\n }\n\n entryCount++;\n\n // DoS protection: entry count\n if (entryCount > MAX_ZIP_ENTRIES) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Too many ZIP entries: > ${MAX_ZIP_ENTRIES}`\n ),\n });\n return;\n }\n\n // Security: path validation\n if (!isPathSafe(entry.fileName)) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.PATH_TRAVERSAL,\n `Unsafe path in bundle: ${entry.fileName}`\n ),\n });\n return;\n }\n\n // DoS protection: entry size\n if (entry.uncompressedSize > MAX_ENTRY_SIZE) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry too large: ${entry.fileName}`\n ),\n });\n return;\n }\n\n totalSize += entry.uncompressedSize;\n if (totalSize > MAX_TOTAL_SIZE) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Total size exceeded: > ${MAX_TOTAL_SIZE} bytes`\n ),\n });\n return;\n }\n\n zipfile.openReadStream(entry, (readErr, readStream) => {\n if (readErr \|\| !readStream) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to read ${entry.fileName}`\n ),\n });\n return;\n }\n\n const chunks: Buffer[] = [];\n let actualBytes = 0;\n const entryBudget = entry.uncompressedSize > 0 ? entry.uncompressedSize : MAX_ENTRY_SIZE;\n\n readStream.on('data', (chunk: Buffer) => {\n actualBytes += chunk.length;\n actualTotalBytes += chunk.length;\n\n // Defense-in-depth: Track actual decompressed bytes, not just ZIP metadata.\n // A malicious ZIP can claim small uncompressedSize but decompress to much more.\n if (actualBytes > MAX_ENTRY_SIZE) {\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry exceeds size limit during decompression: ${entry.fileName}`,\n { claimed: entry.uncompressedSize, actual: actualBytes, limit: MAX_ENTRY_SIZE }\n ),\n });\n return;\n }\n\n // Defense-in-depth: Track actual total decompressed bytes across all entries\n if (actualTotalBytes > MAX_TOTAL_SIZE) {\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Total decompressed size exceeds limit: ${actualTotalBytes} > ${MAX_TOTAL_SIZE}`,\n { actual: actualTotalBytes, limit: MAX_TOTAL_SIZE }\n ),\n });\n return;\n }\n\n // Also check against claimed size (detect zip bombs with false metadata)\n if (entry.uncompressedSize > 0 && actualBytes > entry.uncompressedSize 2) {\n // Allow 2x tolerance for edge cases, but catch gross violations\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry decompressed size exceeds claimed size: ${entry.fileName}`,\n { claimed: entry.uncompressedSize, actual: actualBytes }\n ),\n });\n return;\n }\n\n chunks.push(chunk);\n });\n\n readStream.on('end', () => {\n files.set(entry.fileName, Buffer.concat(chunks));\n zipfile.readEntry();\n });\n readStream.on('error', (streamErr: Error) => {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Stream error: ${streamErr.message}`\n ),\n });\n });\n });\n });\n\n zipfile.on('end', () => {\n processExtractedFiles(files, resolve);\n });\n\n zipfile.on('error', (zipErr: Error) => {\n resolve({\n ok: false,\n error: handleZipError(zipErr),\n });\n });\n\n zipfile.readEntry();\n });\n });\n}\n\n/*\n Process extracted files and validate bundle integrity\n /\nfunction processExtractedFiles(\n files: Map<string, Buffer>,\n resolve: (result: BundleResult<DisputeBundleContents>) => void\n): void {\n // Parse manifest\n const manifestBuffer = files.get('manifest.json');\n if (!manifestBuffer) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_MISSING, 'manifest.json not found in bundle'),\n });\n return;\n }\n\n let manifest: DisputeBundleManifest;\n try {\n manifest = JSON.parse(manifestBuffer.toString('utf8')) as DisputeBundleManifest;\n } catch (parseErr) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Failed to parse manifest.json: ${(parseErr as Error).message}`\n ),\n });\n return;\n }\n\n // Validate version\n if (manifest.version !== BUNDLE_VERSION) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Unsupported bundle version: ${manifest.version}`,\n { expected: BUNDLE_VERSION, actual: manifest.version }\n ),\n });\n return;\n }\n\n // Verify content_hash\n const { content_hash, ...manifestWithoutHash } = manifest;\n const computedHash = sha256Hex(canonicalize(manifestWithoutHash));\n\n if (computedHash !== content_hash) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n 'Bundle content_hash verification failed',\n { expected: content_hash, computed: computedHash }\n ),\n });\n return;\n }\n\n // Verify file hashes\n for (const fileEntry of manifest.files) {\n const fileBuffer = files.get(fileEntry.path);\n if (!fileBuffer) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.INVALID_FORMAT, `File not found: ${fileEntry.path}`),\n });\n return;\n }\n\n const computedFileHash = sha256Hex(fileBuffer);\n if (computedFileHash !== fileEntry.sha256) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n `File hash mismatch: ${fileEntry.path}`,\n { expected: fileEntry.sha256, computed: computedFileHash }\n ),\n });\n return;\n }\n\n if (fileBuffer.length !== fileEntry.size) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n `File size mismatch: ${fileEntry.path}`,\n { expected: fileEntry.size, actual: fileBuffer.length }\n ),\n });\n return;\n }\n }\n\n // Parse receipts.ndjson\n const receiptsBuffer = files.get('receipts.ndjson');\n const receipts = new Map<string, string>();\n\n if (receiptsBuffer) {\n const lines = receiptsBuffer.toString('utf8').trim().split('\\n');\n\n // Verify receipts are in deterministic order\n let lastKey = '';\n for (let i = 0; i < lines.length; i++) {\n const jws = lines[i].trim();\n if (!jws) continue;\n\n const parsed = parseJws(jws);\n if (!parsed) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.RECEIPT_INVALID, `Invalid JWS at line ${i + 1}`),\n });\n return;\n }\n\n const receiptId = parsed.payload.jti as string;\n\n // Detect duplicate receipt IDs\n if (receipts.has(receiptId)) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.DUPLICATE_RECEIPT,\n `Duplicate receipt ID in bundle: ${receiptId}`,\n { receipt_id: receiptId, line: i + 1 }\n ),\n });\n return;\n }\n\n const issuedAt =\n typeof parsed.payload.iat === 'number'\n ? new Date(parsed.payload.iat 1000).toISOString()\n : String(parsed.payload.iat);\n const receiptHash = sha256Hex(Buffer.from(jws, 'utf8'));\n\n // Check ordering\n const currentKey = `${issuedAt}\|${receiptId}\|${receiptHash}`;\n if (currentKey < lastKey) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPTS_UNORDERED,\n 'receipts.ndjson is not in deterministic order'\n ),\n });\n return;\n }\n lastKey = currentKey;\n\n receipts.set(receiptId, jws);\n }\n }\n\n // Extract keys\n let keys: JsonWebKeySet = { keys: [] };\n const keysBuffer = files.get('keys/keys.json');\n if (keysBuffer) {\n try {\n keys = JSON.parse(keysBuffer.toString('utf8')) as JsonWebKeySet;\n } catch {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_INVALID, 'Failed to parse keys/keys.json'),\n });\n return;\n }\n }\n\n // Extract policy if present\n let policyContent: string \| undefined;\n const policyBuffer = files.get('policy/policy.yaml');\n if (policyBuffer) {\n policyContent = policyBuffer.toString('utf8');\n\n // Verify policy hash if declared\n if (manifest.policy_hash) {\n const computedPolicyHash = sha256Hex(policyBuffer);\n if (computedPolicyHash !== manifest.policy_hash) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.POLICY_HASH_MISMATCH, 'Policy hash mismatch', {\n expected: manifest.policy_hash,\n computed: computedPolicyHash,\n }),\n });\n return;\n }\n }\n }\n\n // Extract peac.txt if present (DD-49)\n let peacTxtContent: string \| undefined;\n const peacTxtBuffer = files.get('policy/peac.txt');\n if (peacTxtBuffer) {\n peacTxtContent = peacTxtBuffer.toString('utf8');\n\n // Verify peac.txt hash if declared\n if (manifest.peac_txt_hash) {\n const computedPeacTxtHash = sha256Hex(peacTxtBuffer);\n if (computedPeacTxtHash !== manifest.peac_txt_hash) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.POLICY_HASH_MISMATCH, 'peac.txt hash mismatch', {\n expected: manifest.peac_txt_hash,\n computed: computedPeacTxtHash,\n }),\n });\n return;\n }\n }\n }\n\n // Extract bundle.sig if present\n let bundleSig: string \| undefined;\n const sigBuffer = files.get('bundle.sig');\n if (sigBuffer) {\n bundleSig = sigBuffer.toString('utf8');\n }\n\n resolve({\n ok: true,\n value: {\n manifest,\n receipts,\n keys,\n policy: policyContent,\n peac_txt: peacTxtContent,\n bundle_sig: bundleSig,\n },\n });\n}\n\n/*\n Verify bundle integrity without verifying receipt signatures.\n /\nexport async function verifyBundleIntegrity(\n zipBuffer: Buffer\n): Promise<BundleResult<{ manifest: DisputeBundleManifest }>> {\n const result = await readDisputeBundle(zipBuffer);\n if (!result.ok) {\n return result;\n }\n return { ok: true, value: { manifest: result.value.manifest } };\n}\n\n/\n Get the content hash of a bundle without fully parsing it.\n /\nexport async function getBundleContentHash(zipBuffer: Buffer): Promise<BundleResult<string>> {\n return new Promise((resolve) => {\n yauzl.fromBuffer(zipBuffer, { lazyEntries: true }, (err, zipfile) => {\n if (err \|\| !zipfile) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to open ZIP: ${err?.message ?? 'unknown'}`\n ),\n });\n return;\n }\n\n let found = false;\n\n zipfile.on('entry', (entry: yauzl.Entry) => {\n if (entry.fileName === 'manifest.json') {\n found = true;\n zipfile.openReadStream(entry, (readErr, readStream) => {\n if (readErr \|\| !readStream) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.INVALID_FORMAT, `Failed to read manifest.json`),\n });\n return;\n }\n\n const chunks: Buffer[] = [];\n readStream.on('data', (chunk: Buffer) => chunks.push(chunk));\n readStream.on('end', () => {\n zipfile.close();\n try {\n const manifest = JSON.parse(\n Buffer.concat(chunks).toString('utf8')\n ) as DisputeBundleManifest;\n resolve({ ok: true, value: manifest.content_hash });\n } catch (parseErr) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Failed to parse manifest.json`\n ),\n });\n }\n });\n });\n } else {\n zipfile.readEntry();\n }\n });\n\n zipfile.on('end', () => {\n if (!found) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_MISSING, 'manifest.json not found'),\n });\n }\n });\n\n zipfile.on('error', (zipErr: Error) => {\n resolve({\n ok: false,\n error: handleZipError(zipErr),\n });\n });\n\n zipfile.readEntry();\n });\n });\n}\n\n// Re-export error codes for consumers\nexport { BundleErrorCodes as BUNDLE_ERROR_CODES };\n","/\n Verification Report (v0.9.30+)\n \n Deterministic verification of dispute bundles with JCS-canonicalized reports.\n * The report_hash enables cross-language parity: TS and Go implementations\n * must produce identical hashes for the same bundle verification.\n \n Key design principles:\n * 1. Real Ed25519 signature verification using @peac/crypto\n * 2. No timestamps in deterministic output\n * 3. All arrays sorted by stable keys for reproducibility\n /\n\nimport { createHash } from 'node:crypto';\nimport { canonicalize, verify as verifyJws, CryptoError } from '@peac/crypto';\n\nimport { readDisputeBundle } from './dispute-bundle.js';\nimport { BundleErrorCodes } from './dispute-bundle.js';\nimport type {\n AuditorSummary,\n BundleError,\n BundleResult,\n BundleSignatureResult,\n DisputeBundleContents,\n JsonWebKey,\n KeyUsageEntry,\n ReceiptVerificationResult,\n VerificationReport,\n VerifyBundleOptions,\n} from './dispute-bundle-types.js';\nimport { VERIFICATION_REPORT_VERSION } from './dispute-bundle-types.js';\n\n/\n Compute SHA-256 hash of data with self-describing format.\n * Returns `sha256:<64 lowercase hex chars>` format.\n /\nfunction sha256Hex(data: string \| Buffer): string {\n const hash = createHash('sha256');\n hash.update(data);\n return `sha256:${hash.digest('hex')}`;\n}\n\n/* Decode base64url to Buffer /\nfunction base64urlDecode(str: string): Buffer {\n const padded = str + '='.repeat((4 - (str.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n return Buffer.from(base64, 'base64');\n}\n\n/* Parse JWS to extract header and payload /\nfunction parseJws(jws: string): {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n signature: string;\n} \| null {\n const parts = jws.split('.');\n if (parts.length !== 3) {\n return null;\n }\n\n try {\n const headerJson = base64urlDecode(parts[0]).toString('utf8');\n const payloadJson = base64urlDecode(parts[1]).toString('utf8');\n return {\n header: JSON.parse(headerJson) as Record<string, unknown>,\n payload: JSON.parse(payloadJson) as Record<string, unknown>,\n signature: parts[2],\n };\n } catch {\n return null;\n }\n}\n\n/* Create a bundle error /\nfunction bundleError(\n code: string,\n message: string,\n details?: Record<string, unknown>\n): BundleError {\n return { code, message, details };\n}\n\n/\n Strip undefined values from an object recursively.\n * JCS canonicalization cannot handle undefined values.\n /\nfunction stripUndefined<T>(obj: T): T {\n if (obj === null \|\| obj === undefined) {\n return obj;\n }\n if (Array.isArray(obj)) {\n return obj.map(stripUndefined) as T;\n }\n if (typeof obj === 'object') {\n const result: Record<string, unknown> = {};\n for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {\n if (value !== undefined) {\n result[key] = stripUndefined(value);\n }\n }\n return result as T;\n }\n return obj;\n}\n\n/\n Verify receipt claims (basic validation without cryptographic signature check).\n \n This validates:\n * - Required claims are present (jti, iss, iat)\n * - Timestamps are valid (not expired, not in future)\n \n Note: Signature verification requires access to the signing key and is\n * handled separately. This function focuses on claim validation.\n /\nfunction verifyReceiptClaims(\n payload: Record<string, unknown>,\n now: Date\n): { valid: boolean; errors: string[] } {\n const errors: string[] = [];\n const nowSec = Math.floor(now.getTime() / 1000);\n\n // Required claims\n if (!payload.jti) {\n errors.push('E_RECEIPT_MISSING_JTI');\n }\n\n if (!payload.iss) {\n errors.push('E_RECEIPT_MISSING_ISS');\n }\n\n if (payload.iat === undefined) {\n errors.push('E_RECEIPT_MISSING_IAT');\n } else {\n const iat = typeof payload.iat === 'number' ? payload.iat : NaN;\n if (isNaN(iat)) {\n errors.push('E_RECEIPT_INVALID_IAT');\n } else if (iat > nowSec + 300) {\n // Allow 5 min clock skew\n errors.push('E_RECEIPT_NOT_YET_VALID');\n }\n }\n\n // Check expiry if present\n if (payload.exp !== undefined) {\n const exp = typeof payload.exp === 'number' ? payload.exp : NaN;\n if (isNaN(exp)) {\n errors.push('E_RECEIPT_INVALID_EXP');\n } else if (exp < nowSec) {\n errors.push('E_RECEIPT_EXPIRED');\n }\n }\n\n return {\n valid: errors.length === 0,\n errors,\n };\n}\n\n/\n Find the key ID used to sign a receipt.\n /\nfunction getReceiptKeyId(header: Record<string, unknown>): string \| undefined {\n return typeof header.kid === 'string' ? header.kid : undefined;\n}\n\n/\n Convert JWK to raw Ed25519 public key bytes (32 bytes).\n * Returns null if the JWK is not a valid Ed25519 key.\n /\nfunction jwkToPublicKeyBytes(jwk: JsonWebKey): Uint8Array \| null {\n if (jwk.kty !== 'OKP' \|\| jwk.crv !== 'Ed25519' \|\| !jwk.x) {\n return null;\n }\n // Decode base64url to bytes\n const padded = jwk.x + '='.repeat((4 - (jwk.x.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n const bytes = Buffer.from(base64, 'base64');\n if (bytes.length !== 32) {\n return null;\n }\n return new Uint8Array(bytes);\n}\n\n/\n Find a key by kid in the bundle's JWKS.\n /\nfunction findKey(keys: JsonWebKey[], kid: string): JsonWebKey \| undefined {\n return keys.find((k) => k.kid === kid);\n}\n\n/\n Verify a single receipt with real Ed25519 signature verification.\n \n In offline mode, we use only the keys bundled in the JWKS.\n * All signature verification is cryptographic - not just key presence.\n /\nasync function verifyReceipt(\n receiptId: string,\n jws: string,\n bundleContents: DisputeBundleContents,\n options: VerifyBundleOptions\n): Promise<ReceiptVerificationResult> {\n const parsed = parseJws(jws);\n\n if (!parsed) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_RECEIPT_INVALID_FORMAT'],\n };\n }\n\n const { header, payload } = parsed;\n const keyId = getReceiptKeyId(header);\n const errors: string[] = [];\n\n // Check key ID presence\n if (!keyId) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_RECEIPT_MISSING_KID'],\n };\n }\n\n // Find the key in the bundle's JWKS\n const jwk = findKey(bundleContents.keys.keys, keyId);\n if (!jwk) {\n // Key not found - in offline mode this is fatal\n if (options.offline) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: [BundleErrorCodes.KEY_MISSING],\n };\n }\n // In online mode, we could try to fetch the key, but for now fail\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: [BundleErrorCodes.KEY_MISSING],\n };\n }\n\n // Convert JWK to raw public key bytes\n const publicKeyBytes = jwkToPublicKeyBytes(jwk);\n if (!publicKeyBytes) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: ['E_RECEIPT_INVALID_KEY_FORMAT'],\n };\n }\n\n // Perform real Ed25519 signature verification\n let signatureValid = false;\n try {\n const result = await verifyJws(jws, publicKeyBytes);\n signatureValid = result.valid;\n if (!signatureValid) {\n errors.push('E_RECEIPT_SIGNATURE_INVALID');\n }\n } catch (err: unknown) {\n // Handle crypto errors\n if (err instanceof CryptoError) {\n errors.push(`E_RECEIPT_CRYPTO_ERROR:${err.code}`);\n } else {\n errors.push('E_RECEIPT_SIGNATURE_INVALID');\n }\n signatureValid = false;\n }\n\n // Validate claims\n const claimsResult = verifyReceiptClaims(payload, options.now ?? new Date());\n errors.push(...claimsResult.errors);\n\n return {\n receipt_id: receiptId,\n signature_valid: signatureValid,\n claims_valid: claimsResult.valid,\n key_id: keyId,\n errors,\n claims: signatureValid && claimsResult.valid && errors.length === 0 ? payload : undefined,\n };\n}\n\n/\n Build key usage tracking.\n /\nfunction buildKeyUsage(results: ReceiptVerificationResult[]): KeyUsageEntry[] {\n const usage = new Map<string, string[]>();\n\n for (const result of results) {\n if (result.key_id) {\n const existing = usage.get(result.key_id) ?? [];\n existing.push(result.receipt_id);\n usage.set(result.key_id, existing);\n }\n }\n\n const entries: KeyUsageEntry[] = [];\n for (const [kid, receiptIds] of usage) {\n entries.push({\n kid,\n receipts_signed: receiptIds.length,\n receipt_ids: receiptIds.sort(),\n });\n }\n\n // Sort by kid for determinism\n return entries.sort((a, b) => a.kid.localeCompare(b.kid));\n}\n\n/\n Generate auditor-friendly summary.\n /\nfunction generateAuditorSummary(\n totalReceipts: number,\n validCount: number,\n invalidCount: number,\n results: ReceiptVerificationResult[]\n): AuditorSummary {\n const headline = `${validCount}/${totalReceipts} receipts valid`;\n\n const issues: string[] = [];\n for (const result of results) {\n if (!result.signature_valid \|\| !result.claims_valid) {\n const errorSummary =\n result.errors.length > 0 ? result.errors.join(', ') : 'validation failed';\n issues.push(`Receipt ${result.receipt_id}: ${errorSummary}`);\n }\n }\n\n // Sort issues for determinism\n issues.sort();\n\n let recommendation: AuditorSummary['recommendation'];\n if (invalidCount === 0) {\n recommendation = 'valid';\n } else if (invalidCount === totalReceipts) {\n recommendation = 'invalid';\n } else {\n recommendation = 'needs_review';\n }\n\n return {\n headline,\n issues,\n recommendation,\n };\n}\n\n/\n Verify the bundle.sig if present.\n * The bundle.sig is a JWS over { content_hash: \"...\" } signed with a key from the JWKS.\n /\nasync function verifyBundleSignature(\n bundleContents: DisputeBundleContents\n): Promise<BundleSignatureResult> {\n const { bundle_sig, keys, manifest } = bundleContents;\n\n // No bundle.sig present\n if (!bundle_sig) {\n return { present: false };\n }\n\n // Parse the JWS to get the key ID\n const parsed = parseJws(bundle_sig);\n if (!parsed) {\n return {\n present: true,\n valid: false,\n error: 'E_BUNDLE_SIGNATURE_INVALID_FORMAT',\n };\n }\n\n const keyId = typeof parsed.header.kid === 'string' ? parsed.header.kid : undefined;\n if (!keyId) {\n return {\n present: true,\n valid: false,\n error: 'E_BUNDLE_SIGNATURE_MISSING_KID',\n };\n }\n\n // Find the key in JWKS\n const jwk = keys.keys.find((k) => k.kid === keyId);\n if (!jwk) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: BundleErrorCodes.KEY_MISSING,\n };\n }\n\n // Convert JWK to raw public key bytes\n const publicKeyBytes = jwkToPublicKeyBytes(jwk);\n if (!publicKeyBytes) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: 'E_BUNDLE_SIGNATURE_INVALID_KEY_FORMAT',\n };\n }\n\n // Verify the signature\n try {\n const result = await verifyJws<{ content_hash: string }>(bundle_sig, publicKeyBytes);\n\n if (!result.valid) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: BundleErrorCodes.SIGNATURE_INVALID,\n };\n }\n\n // Verify the content_hash in the payload matches the manifest\n if (result.payload.content_hash !== manifest.content_hash) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: 'E_BUNDLE_SIGNATURE_CONTENT_MISMATCH',\n };\n }\n\n return {\n present: true,\n valid: true,\n key_id: keyId,\n };\n } catch (err: unknown) {\n const errorMsg =\n err instanceof CryptoError\n ? `E_BUNDLE_SIGNATURE_CRYPTO_ERROR:${err.code}`\n : BundleErrorCodes.SIGNATURE_INVALID;\n\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: errorMsg,\n };\n }\n}\n\n/\n Verify all receipts in a dispute bundle and generate a deterministic report.\n \n @param zipBuffer - Buffer containing the ZIP archive\n * @param options - Verification options\n * @returns Promise resolving to a deterministic verification report\n \n @example\n * ```typescript\n * const zipData = fs.readFileSync('dispute-bundle.zip');\n * const result = await verifyBundle(zipData, { offline: true });\n \n if (result.ok) {\n * console.log('Report hash:', result.value.report_hash);\n * console.log('Summary:', result.value.auditor_summary.headline);\n * }\n * ```\n /\nexport async function verifyBundle(\n zipBuffer: Buffer,\n options: VerifyBundleOptions\n): Promise<BundleResult<VerificationReport>> {\n // Read and parse the bundle\n const readResult = await readDisputeBundle(zipBuffer);\n if (!readResult.ok) {\n return readResult;\n }\n\n const bundleContents = readResult.value;\n const { manifest, receipts } = bundleContents;\n\n // Verify bundle.sig if present (authenticity)\n const bundleSignature = await verifyBundleSignature(bundleContents);\n\n // Verify each receipt with real Ed25519 signature verification\n const results: ReceiptVerificationResult[] = [];\n\n for (const receiptEntry of manifest.receipts) {\n const jws = receipts.get(receiptEntry.receipt_id);\n if (!jws) {\n results.push({\n receipt_id: receiptEntry.receipt_id,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_BUNDLE_RECEIPT_NOT_FOUND'],\n });\n continue;\n }\n\n const result = await verifyReceipt(receiptEntry.receipt_id, jws, bundleContents, options);\n results.push(result);\n }\n\n // Sort results by receipt_id for determinism\n results.sort((a, b) => a.receipt_id.localeCompare(b.receipt_id));\n\n // Count valid/invalid\n const validCount = results.filter(\n (r) => r.signature_valid && r.claims_valid && r.errors.length === 0\n ).length;\n const invalidCount = results.length - validCount;\n\n // Build key usage\n const keysUsed = buildKeyUsage(results);\n\n // Generate auditor summary\n const auditorSummary = generateAuditorSummary(results.length, validCount, invalidCount, results);\n\n // Build report without report_hash\n const reportWithoutHash: Omit<VerificationReport, 'report_hash'> = {\n version: VERIFICATION_REPORT_VERSION,\n bundle_content_hash: manifest.content_hash,\n bundle_signature: bundleSignature,\n summary: {\n total_receipts: results.length,\n valid: validCount,\n invalid: invalidCount,\n },\n receipts: results,\n keys_used: keysUsed,\n auditor_summary: auditorSummary,\n };\n\n // Compute report_hash = SHA-256 of JCS(report without report_hash)\n // Strip undefined values first since JCS cannot handle them\n const cleanedReport = stripUndefined(reportWithoutHash);\n const reportHash = sha256Hex(canonicalize(cleanedReport));\n\n const report: VerificationReport = {\n ...reportWithoutHash,\n report_hash: reportHash,\n };\n\n return {\n ok: true,\n value: report,\n };\n}\n\n/\n Serialize a verification report to JSON.\n \n @param report - Verification report\n * @param pretty - Pretty print (default: false)\n * @returns JSON string\n /\nexport function serializeReport(report: VerificationReport, pretty: boolean = false): string {\n if (pretty) {\n return JSON.stringify(report, null, 2);\n }\n return JSON.stringify(report);\n}\n\n/\n Format verification report as human-readable text.\n \n @param report - Verification report\n * @returns Human-readable text summary\n /\nexport function formatReportText(report: VerificationReport): string {\n const lines: string[] = [];\n\n lines.push('PEAC Dispute Bundle Verification Report');\n lines.push('========================================');\n lines.push('');\n lines.push(`Bundle content hash: ${report.bundle_content_hash}`);\n lines.push(`Report hash: ${report.report_hash}`);\n lines.push('');\n\n // Bundle signature status\n lines.push('Bundle Signature');\n lines.push('----------------');\n if (!report.bundle_signature.present) {\n lines.push(' Status: NOT SIGNED');\n } else if (report.bundle_signature.valid) {\n lines.push(' Status: VALID');\n lines.push(` Key ID: ${report.bundle_signature.key_id}`);\n } else {\n lines.push(' Status: INVALID');\n if (report.bundle_signature.key_id) {\n lines.push(` Key ID: ${report.bundle_signature.key_id}`);\n }\n if (report.bundle_signature.error) {\n lines.push(` Error: ${report.bundle_signature.error}`);\n }\n }\n lines.push('');\n\n lines.push('Summary');\n lines.push('-------');\n lines.push(`Total receipts: ${report.summary.total_receipts}`);\n lines.push(`Valid: ${report.summary.valid}`);\n lines.push(`Invalid: ${report.summary.invalid}`);\n lines.push('');\n lines.push(`Recommendation: ${report.auditor_summary.recommendation.toUpperCase()}`);\n lines.push(`Headline: ${report.auditor_summary.headline}`);\n lines.push('');\n\n if (report.auditor_summary.issues.length > 0) {\n lines.push('Issues');\n lines.push('------');\n for (const issue of report.auditor_summary.issues) {\n lines.push(` - ${issue}`);\n }\n lines.push('');\n }\n\n if (report.keys_used.length > 0) {\n lines.push('Keys Used');\n lines.push('---------');\n for (const keyUsage of report.keys_used) {\n lines.push(` ${keyUsage.kid}: ${keyUsage.receipts_signed} receipt(s)`);\n }\n lines.push('');\n }\n\n lines.push('Receipt Details');\n lines.push('---------------');\n for (const receipt of report.receipts) {\n const status = receipt.signature_valid && receipt.claims_valid ? 'VALID' : 'INVALID';\n lines.push(` ${receipt.receipt_id}: ${status}`);\n if (receipt.key_id) {\n lines.push(` Key: ${receipt.key_id}`);\n }\n if (receipt.errors.length > 0) {\n lines.push(` Errors: ${receipt.errors.join(', ')}`);\n }\n }\n\n return lines.join('\\n');\n}\n","/\n @peac/audit\n \n Audit logging and case bundle generation for PEAC protocol (v0.9.27+).\n \n This package provides:\n * - JSONL audit log format (normative)\n * - Case bundle generation for dispute resolution\n * - Trace correlation for distributed system debugging\n * - Privacy-safe logging patterns\n \n ## Audit Log Format\n \n PEAC audit logs use JSONL (JSON Lines) format where each line is a\n * complete audit entry. This enables streaming, append-only logging,\n * and efficient line-by-line processing.\n \n ## Case Bundles\n \n Case bundles collect all audit entries related to a dispute,\n * organized chronologically with trace correlation data for\n * comprehensive dispute resolution.\n \n @example\n * ```typescript\n * import {\n * createAuditEntry,\n * formatJsonl,\n * createCaseBundle,\n * } from '@peac/audit';\n \n // Create an audit entry\n * const entry = createAuditEntry({\n * event_type: 'receipt_issued',\n * actor: { type: 'system', id: 'peac-issuer' },\n * resource: { type: 'receipt', id: 'jti:rec_abc123' },\n * outcome: { success: true, result: 'issued' },\n * });\n \n // Format to JSONL\n * const jsonl = formatJsonl([entry]);\n \n // Create a case bundle for dispute resolution\n * const bundle = createCaseBundle({\n * dispute_ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * generated_by: 'https://platform.example.com',\n * entries: disputeRelatedEntries,\n * });\n * ```\n \n @packageDocumentation\n */\n\nexport const AUDIT_PACKAGE_VERSION = '0.9.27';\n\n// Types\nexport type {\n AuditEventType,\n AuditSeverity,\n TraceContext,\n AuditActor,\n AuditResource,\n AuditOutcome,\n AuditEntry,\n CaseBundle,\n CaseBundleSummary,\n CreateAuditEntryOptions,\n CreateCaseBundleOptions,\n JsonlOptions,\n JsonlParseOptions,\n} from './types.js';\n\n// Entry creation and validation\nexport {\n AUDIT_VERSION,\n AUDIT_EVENT_TYPES,\n AUDIT_SEVERITIES,\n generateAuditId,\n isValidUlid,\n isValidTraceContext,\n createAuditEntry,\n validateAuditEntry,\n isValidAuditEntry,\n type ValidationResult,\n} from './entry.js';\n\n// JSONL formatting and parsing\nexport {\n formatJsonlLine,\n formatJsonl,\n parseJsonlLine,\n parseJsonl,\n createJsonlAppender,\n type JsonlParseLineResult,\n type JsonlParseLineError,\n type JsonlParseResult,\n} from './jsonl.js';\n\n// Case bundle generation\nexport {\n BUNDLE_VERSION,\n createCaseBundle,\n generateBundleSummary,\n filterByDispute,\n filterByTraceId,\n filterByTimeRange,\n filterByResource,\n correlateByTrace,\n serializeBundle,\n type TraceCorrelation,\n} from './bundle.js';\n\n// Dispute bundle (v0.9.30+, normalized in v0.10.0)\nexport {\n BUNDLE_VERSION as DISPUTE_BUNDLE_VERSION_v2,\n DISPUTE_BUNDLE_VERSION,\n VERIFICATION_REPORT_VERSION,\n type BundleKind,\n type BundleRef,\n type ManifestFileEntry,\n type ManifestReceiptEntry,\n type ManifestKeyEntry,\n type BundleTimeRange,\n type DisputeBundleManifest,\n type CreateDisputeBundleOptions,\n type JsonWebKeySet,\n type JsonWebKey,\n type DisputeBundleContents,\n type ReceiptVerificationResult,\n type KeyUsageEntry,\n type AuditorSummary,\n type VerificationReport,\n type VerifyBundleOptions,\n type BundleError,\n type BundleResult,\n} from './dispute-bundle-types.js';\n\nexport {\n createDisputeBundle,\n readDisputeBundle,\n verifyBundleIntegrity,\n getBundleContentHash,\n} from './dispute-bundle.js';\n\n// Verification report (v0.9.30+)\nexport { verifyBundle, serializeReport, formatReportText } from './verification-report.js';\n"]}
1	+ {"version":3,"sources":["../src/entry.ts","../src/jsonl.ts","../src/bundle.ts","../src/dispute-bundle-types.ts","../src/dispute-bundle.ts","../src/verification-report.ts","../src/index.ts"],"names":["BUNDLE_VERSION","BUNDLE_ERRORS","createHash","pathPosix","canonicalize","yazl","yauzl","sha256Hex","base64urlDecode","parseJws","verifyJws","CryptoError"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeO,IAAM,aAAA,GAAgB;AAKtB,IAAM,iBAAA,GAA+C;AAAA,EAC1D,gBAAA;AAAA,EACA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,eAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,eAAA;AAAA,EACA,qBAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,mBAAA;AAAA,EACA;AACF;AAKO,IAAM,gBAAA,GAA6C;AAAA,EACxD,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAQO,SAAS,eAAA,GAA0B;AAExC,EAAA,MAAM,QAAA,GAAW,kCAAA;AAGjB,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,IAAI,aAAA,GAAgB,EAAA;AACpB,EAAA,IAAI,IAAA,GAAO,GAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,aAAA,GAAgB,QAAA,CAAS,IAAA,GAAO,EAAE,CAAA,GAAI,aAAA;AACtC,IAAA,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,EAAE,CAAA;AAAA,EAC7B;AAGA,EAAA,IAAI,UAAA,GAAa,EAAA;AACjB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,UAAA,IAAc,SAAS,IAAA,CAAK,KAAA,CAAM,KAAK,MAAA,EAAO,GAAI,EAAE,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,aAAA,GAAgB,UAAA;AACzB;AAQO,SAAS,YAAY,EAAA,EAAqB;AAC/C,EAAA,OAAO,0BAAA,CAA2B,KAAK,EAAE,CAAA;AAC3C;AAQO,SAAS,oBAAoB,KAAA,EAA8B;AAEhE,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC3C,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA,EAAG;AAC1C,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,MAAM,cAAA,IAAkB,CAAC,kBAAkB,IAAA,CAAK,KAAA,CAAM,cAAc,CAAA,EAAG;AACzE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,MAAM,WAAA,IAAe,CAAC,iBAAiB,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA,EAAG;AAClE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAkBO,SAAS,iBAAiB,OAAA,EAA8C;AAC7E,EAAA,MAAM,KAAA,GAAoB;AAAA,IACxB,OAAA,EAAS,aAAA;AAAA,IACT,EAAA,EAAI,OAAA,CAAQ,EAAA,IAAM,eAAA,EAAgB;AAAA,IAClC,YAAY,OAAA,CAAQ,UAAA;AAAA,IACpB,WAAW,OAAA,CAAQ,SAAA,IAAA,iBAAa,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACvD,QAAA,EAAU,QAAQ,QAAA,IAAY,MAAA;AAAA,IAC9B,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAEA,EAAA,IAAI,QAAQ,KAAA,EAAO;AACjB,IAAA,KAAA,CAAM,QAAQ,OAAA,CAAQ,KAAA;AAAA,EACxB;AAEA,EAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,IAAA,KAAA,CAAM,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC1B;AAEA,EAAA,IAAI,QAAQ,WAAA,EAAa;AACvB,IAAA,KAAA,CAAM,cAAc,OAAA,CAAQ,WAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,KAAA;AACT;AAgBO,SAAS,mBAAmB,KAAA,EAAkC;AACnE,EAAA,MAAM,SAAmB,EAAC;AAE1B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,CAAC,yBAAyB,CAAA,EAAE;AAAA,EAC7D;AAEA,EAAA,MAAM,CAAA,GAAI,KAAA;AAGV,EAAA,IAAI,CAAA,CAAE,YAAY,aAAA,EAAe;AAC/B,IAAA,MAAA,CAAO,KAAK,CAAA,2BAAA,EAA8B,aAAa,CAAA,QAAA,EAAW,CAAA,CAAE,OAAO,CAAA,CAAA,CAAG,CAAA;AAAA,EAChF;AAGA,EAAA,IAAI,OAAO,EAAE,EAAA,KAAO,QAAA,IAAY,CAAC,WAAA,CAAY,CAAA,CAAE,EAAE,CAAA,EAAG;AAClD,IAAA,MAAA,CAAO,KAAK,6CAA6C,CAAA;AAAA,EAC3D;AAGA,EAAA,IAAI,CAAC,iBAAA,CAAkB,QAAA,CAAS,CAAA,CAAE,UAA4B,CAAA,EAAG;AAC/D,IAAA,MAAA,CAAO,IAAA,CAAK,CAAA,qBAAA,EAAwB,CAAA,CAAE,UAAU,CAAA,CAAA,CAAG,CAAA;AAAA,EACrD;AAGA,EAAA,IAAI,OAAO,CAAA,CAAE,SAAA,KAAc,QAAA,IAAY,KAAA,CAAM,KAAK,KAAA,CAAM,CAAA,CAAE,SAAS,CAAC,CAAA,EAAG;AACrE,IAAA,MAAA,CAAO,KAAK,iDAAiD,CAAA;AAAA,EAC/D;AAGA,EAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,CAAA,CAAE,QAAyB,CAAA,EAAG;AAC3D,IAAA,MAAA,CAAO,IAAA,CAAK,CAAA,mBAAA,EAAsB,CAAA,CAAE,QAAQ,CAAA,CAAA,CAAG,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,KAAA,IAAS,OAAO,CAAA,CAAE,UAAU,QAAA,EAAU;AAC3C,IAAA,MAAA,CAAO,KAAK,0BAA0B,CAAA;AAAA,EACxC,CAAA,MAAO;AACL,IAAA,MAAM,QAAQ,CAAA,CAAE,KAAA;AAChB,IAAA,IAAI,CAAC,CAAC,MAAA,EAAQ,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,KAAA,CAAM,IAAc,CAAA,EAAG;AAC/D,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,qBAAA,EAAwB,KAAA,CAAM,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,OAAO,KAAA,CAAM,EAAA,KAAO,YAAY,KAAA,CAAM,EAAA,CAAG,WAAW,CAAA,EAAG;AACzD,MAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,QAAA,IAAY,OAAO,CAAA,CAAE,aAAa,QAAA,EAAU;AACjD,IAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,EAC3C,CAAA,MAAO;AACL,IAAA,MAAM,WAAW,CAAA,CAAE,QAAA;AACnB,IAAA,MAAM,aAAa,CAAC,SAAA,EAAW,eAAe,UAAA,EAAY,QAAA,EAAU,WAAW,SAAS,CAAA;AACxF,IAAA,IAAI,CAAC,UAAA,CAAW,QAAA,CAAS,QAAA,CAAS,IAAc,CAAA,EAAG;AACjD,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,wBAAA,EAA2B,QAAA,CAAS,IAAI,CAAA,CAAA,CAAG,CAAA;AAAA,IACzD;AACA,IAAA,IAAI,OAAO,QAAA,CAAS,EAAA,KAAO,YAAY,QAAA,CAAS,EAAA,CAAG,WAAW,CAAA,EAAG;AAC/D,MAAA,MAAA,CAAO,KAAK,iCAAiC,CAAA;AAAA,IAC/C;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,CAAA,CAAE,OAAA,IAAW,OAAO,CAAA,CAAE,YAAY,QAAA,EAAU;AAC/C,IAAA,MAAA,CAAO,KAAK,4BAA4B,CAAA;AAAA,EAC1C,CAAA,MAAO;AACL,IAAA,MAAM,UAAU,CAAA,CAAE,OAAA;AAClB,IAAA,IAAI,OAAO,OAAA,CAAQ,OAAA,KAAY,SAAA,EAAW;AACxC,MAAA,MAAA,CAAO,KAAK,yCAAyC,CAAA;AAAA,IACvD;AAAA,EACF;AAGA,EAAA,IAAI,EAAE,KAAA,EAAO;AACX,IAAA,IAAI,CAAC,mBAAA,CAAoB,CAAA,CAAE,KAAqB,CAAA,EAAG;AACjD,MAAA,MAAA,CAAO,KAAK,8BAA8B,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,IAAI,EAAE,WAAA,EAAa;AACjB,IAAA,IAAI,OAAO,EAAE,WAAA,KAAgB,QAAA,IAAY,CAAC,WAAA,CAAY,CAAA,CAAE,WAAW,CAAA,EAAG;AACpE,MAAA,MAAA,CAAO,KAAK,2CAA2C,CAAA;AAAA,IACzD;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB;AAAA,GACF;AACF;AAQO,SAAS,kBAAkB,KAAA,EAAqC;AACrE,EAAA,OAAO,kBAAA,CAAmB,KAAK,CAAA,CAAE,KAAA;AACnC;;;ACvPO,SAAS,eAAA,CAAgB,OAAmB,OAAA,EAAgC;AACjF,EAAA,IAAI,SAAS,MAAA,EAAQ;AACnB,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,KAAA,EAAO,IAAA,EAAM,CAAC,CAAA;AAAA,EACtC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAC7B;AAeO,SAAS,WAAA,CAAY,SAAuB,OAAA,EAAgC;AACjF,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,GAAA,CAAI,CAAC,KAAA,KAAU,eAAA,CAAgB,KAAA,EAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAC,CAAA;AAC9E,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,IAAA,CAAK,IAAI,CAAA;AAE9B,EAAA,IAAI,OAAA,EAAS,eAAA,IAAmB,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AACjD,IAAA,OAAO,MAAA,GAAS,IAAA;AAAA,EAClB;AAEA,EAAA,OAAO,MAAA;AACT;AA4BO,SAAS,cAAA,CACd,IAAA,EACA,UAAA,GAAqB,CAAA,EACuB;AAC5C,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAG1B,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,YAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,OAAO,CAAA;AAEjC,IAAA,IAAI,CAAC,iBAAA,CAAkB,MAAM,CAAA,EAAG;AAC9B,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,+BAAA;AAAA,QACP,UAAA;AAAA,QACA,GAAA,EAAK,QAAQ,MAAA,GAAS,GAAA,GAAM,QAAQ,SAAA,CAAU,CAAA,EAAG,GAAG,CAAA,GAAI,KAAA,GAAQ;AAAA,OAClE;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,KAAA,EAAO,MAAA;AAAA,MACP;AAAA,KACF;AAAA,EACF,SAAS,CAAA,EAAG;AACV,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,CAAA,YAAa,KAAA,GAAQ,CAAA,CAAE,OAAA,GAAU,kBAAA;AAAA,MACxC,UAAA;AAAA,MACA,GAAA,EAAK,QAAQ,MAAA,GAAS,GAAA,GAAM,QAAQ,SAAA,CAAU,CAAA,EAAG,GAAG,CAAA,GAAI,KAAA,GAAQ;AAAA,KAClE;AAAA,EACF;AACF;AAmCO,SAAS,UAAA,CAAW,SAAiB,OAAA,EAA+C;AACzF,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,IAAI,CAAA;AAChC,EAAA,MAAM,UAAwB,EAAC;AAC/B,EAAA,MAAM,SAAgC,EAAC;AACvC,EAAA,MAAM,QAAA,GAAW,SAAS,QAAA,IAAY,CAAA;AACtC,EAAA,IAAI,SAAA,GAAY,CAAA;AAEhB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,MAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AACpB,IAAA,MAAM,aAAa,CAAA,GAAI,CAAA;AAGvB,IAAA,IAAI,IAAA,CAAK,IAAA,EAAK,CAAE,MAAA,KAAW,CAAA,EAAG;AAC5B,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,QAAA,GAAW,CAAA,IAAK,SAAA,IAAa,QAAA,EAAU;AACzC,MAAA;AAAA,IACF;AAEA,IAAA,SAAA,EAAA;AAEA,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,IAAA,EAAM,UAAU,CAAA;AAE9C,IAAA,IAAI,OAAO,EAAA,EAAI;AACb,MAAA,OAAA,CAAQ,IAAA,CAAK,OAAO,KAAK,CAAA;AAAA,IAC3B,CAAA,MAAO;AACL,MAAA,IAAI,SAAS,WAAA,EAAa;AACxB,QAAA,MAAA,CAAO,KAAK,MAAM,CAAA;AAAA,MACpB,CAAA,MAAO;AAEL,QAAA,OAAO;AAAA,UACL,OAAA;AAAA,UACA,MAAA,EAAQ,CAAC,MAAM,CAAA;AAAA,UACf,UAAA,EAAY,SAAA;AAAA,UACZ,cAAc,OAAA,CAAQ,MAAA;AAAA,UACtB,UAAA,EAAY;AAAA,SACd;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,MAAA;AAAA,IACA,UAAA,EAAY,SAAA;AAAA,IACZ,cAAc,OAAA,CAAQ,MAAA;AAAA,IACtB,YAAY,MAAA,CAAO;AAAA,GACrB;AACF;AAoBO,SAAS,oBAAoB,OAAA,EAAuD;AACzF,EAAA,OAAO,CAAC,KAAA,KAA8B;AACpC,IAAA,MAAM,OAAO,eAAA,CAAgB,KAAA,EAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AACrD,IAAA,OAAO,IAAA,GAAO,IAAA;AAAA,EAChB,CAAA;AACF;;;ACxNO,IAAM,cAAA,GAAiB;AAiBvB,SAAS,iBAAiB,OAAA,EAA8C;AAE7E,EAAA,MAAM,aAAA,GAAgB,CAAC,GAAG,OAAA,CAAQ,OAAO,CAAA,CAAE,IAAA;AAAA,IACzC,CAAC,CAAA,EAAG,CAAA,KAAM,IAAI,KAAK,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,KAAY,IAAI,IAAA,CAAK,CAAA,CAAE,SAAS,EAAE,OAAA;AAAQ,GAC5E;AAGA,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAY;AACjC,EAAA,KAAA,MAAW,SAAS,aAAA,EAAe;AACjC,IAAA,IAAI,KAAA,CAAM,OAAO,QAAA,EAAU;AACzB,MAAA,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,QAAQ,CAAA;AAAA,IACnC;AAAA,EACF;AAGA,EAAA,MAAM,OAAA,GAAU,sBAAsB,aAAa,CAAA;AAEnD,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,cAAA;AAAA,IACT,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,YAAA,EAAA,iBAAc,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IACrC,cAAc,OAAA,CAAQ,YAAA;AAAA,IACtB,OAAA,EAAS,aAAA;AAAA,IACT,SAAA,EAAW,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAA;AAAA,IAC9B;AAAA,GACF;AACF;AAQO,SAAS,sBAAsB,OAAA,EAA0C;AAE9E,EAAA,MAAM,cAAsC,EAAC;AAC7C,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,WAAA,CAAY,MAAM,UAAU,CAAA,GAAA,CAAK,YAAY,KAAA,CAAM,UAAU,KAAK,CAAA,IAAK,CAAA;AAAA,EACzE;AAGA,EAAA,MAAM,UAAA,GAA4C;AAAA,IAChD,IAAA,EAAM,CAAA;AAAA,IACN,IAAA,EAAM,CAAA;AAAA,IACN,KAAA,EAAO,CAAA;AAAA,IACP,QAAA,EAAU;AAAA,GACZ;AACA,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,UAAA,CAAW,MAAM,QAAQ,CAAA,EAAA;AAAA,EAC3B;AAGA,EAAA,MAAM,MAAA,uBAAa,GAAA,EAAY;AAC/B,EAAA,MAAM,SAAA,uBAAgB,GAAA,EAAY;AAClC,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,KAAA,CAAM,KAAA,CAAM,IAAI,CAAA,CAAA,EAAI,KAAA,CAAM,KAAA,CAAM,EAAE,CAAA,CAAE,CAAA;AAClD,IAAA,SAAA,CAAU,GAAA,CAAI,GAAG,KAAA,CAAM,QAAA,CAAS,IAAI,CAAA,CAAA,EAAI,KAAA,CAAM,QAAA,CAAS,EAAE,CAAA,CAAE,CAAA;AAAA,EAC7D;AAGA,EAAA,MAAM,aAAa,OAAA,CAAQ,MAAA,GAAS,IAAI,OAAA,CAAQ,CAAC,EAAE,SAAA,GAAY,EAAA;AAC/D,EAAA,MAAM,SAAA,GAAY,QAAQ,MAAA,GAAS,CAAA,GAAI,QAAQ,OAAA,CAAQ,MAAA,GAAS,CAAC,CAAA,CAAE,SAAA,GAAY,EAAA;AAE/E,EAAA,OAAO;AAAA,IACL,aAAa,OAAA,CAAQ,MAAA;AAAA,IACrB,aAAA,EAAe,WAAA;AAAA,IACf,WAAA,EAAa,UAAA;AAAA,IACb,WAAA,EAAa,UAAA;AAAA,IACb,UAAA,EAAY,SAAA;AAAA,IACZ,aAAa,MAAA,CAAO,IAAA;AAAA,IACpB,gBAAgB,SAAA,CAAU;AAAA,GAC5B;AACF;AASO,SAAS,eAAA,CAAgB,SAAuB,UAAA,EAAkC;AACvF,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,KAAA,KAAU,KAAA,CAAM,gBAAgB,UAAU,CAAA;AACnE;AASO,SAAS,eAAA,CAAgB,SAAuB,OAAA,EAA+B;AACpF,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,UAAU,KAAA,CAAM,KAAA,EAAO,aAAa,OAAO,CAAA;AACpE;AAUO,SAAS,iBAAA,CAAkB,OAAA,EAAuB,KAAA,EAAe,GAAA,EAA2B;AACjG,EAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,KAAK,EAAE,OAAA,EAAQ;AAC1C,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,CAAK,GAAG,EAAE,OAAA,EAAQ;AAEtC,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,KAAA,KAAU;AAC/B,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,EAAE,OAAA,EAAQ;AACpD,IAAA,OAAO,SAAA,IAAa,aAAa,SAAA,IAAa,OAAA;AAAA,EAChD,CAAC,CAAA;AACH;AAUO,SAAS,gBAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACc;AACd,EAAA,OAAO,OAAA,CAAQ,MAAA,CAAO,CAAC,KAAA,KAAU;AAC/B,IAAA,IAAI,KAAA,CAAM,QAAA,CAAS,IAAA,KAAS,YAAA,EAAc;AACxC,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,UAAA,IAAc,KAAA,CAAM,QAAA,CAAS,EAAA,KAAO,UAAA,EAAY;AAClD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAC,CAAA;AACH;AA2BO,SAAS,iBAAiB,OAAA,EAA2C;AAE1E,EAAA,MAAM,OAAA,uBAAc,GAAA,EAA0B;AAE9C,EAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,IAAA,IAAI,KAAA,CAAM,OAAO,QAAA,EAAU;AACzB,MAAA,MAAM,WAAW,OAAA,CAAQ,GAAA,CAAI,MAAM,KAAA,CAAM,QAAQ,KAAK,EAAC;AACvD,MAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AACnB,MAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,QAAA,EAAU,QAAQ,CAAA;AAAA,IAC5C;AAAA,EACF;AAGA,EAAA,MAAM,eAAmC,EAAC;AAE1C,EAAA,KAAA,MAAW,CAAC,OAAA,EAAS,YAAY,CAAA,IAAK,OAAA,EAAS;AAE7C,IAAA,MAAM,MAAA,GAAS,CAAC,GAAG,YAAY,CAAA,CAAE,IAAA;AAAA,MAC/B,CAAC,CAAA,EAAG,CAAA,KAAM,IAAI,KAAK,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,KAAY,IAAI,IAAA,CAAK,CAAA,CAAE,SAAS,EAAE,OAAA;AAAQ,KAC5E;AAGA,IAAA,MAAM,OAAA,uBAAc,GAAA,EAAY;AAChC,IAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,MAAA,IAAI,KAAA,CAAM,OAAO,OAAA,EAAS;AACxB,QAAA,OAAA,CAAQ,GAAA,CAAI,KAAA,CAAM,KAAA,CAAM,OAAO,CAAA;AAAA,MACjC;AAAA,IACF;AAGA,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,MAAA,CAAO,CAAC,CAAA,CAAE,SAAS,EAAE,OAAA,EAAQ;AACxD,IAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,MAAA,CAAO,MAAA,CAAO,SAAS,CAAC,CAAA,CAAE,SAAS,CAAA,CAAE,OAAA,EAAQ;AAEvE,IAAA,YAAA,CAAa,IAAA,CAAK;AAAA,MAChB,QAAA,EAAU,OAAA;AAAA,MACV,OAAA,EAAS,MAAA;AAAA,MACT,QAAA,EAAU,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,MAC5B,aAAa,QAAA,GAAW;AAAA,KACzB,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,YAAA;AACT;AASO,SAAS,eAAA,CAAgB,MAAA,EAAoB,MAAA,GAAkB,KAAA,EAAe;AACnF,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,EAAQ,IAAA,EAAM,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;;;AC3OO,IAAMA,eAAAA,GAAiB;AAKvB,IAAM,sBAAA,GAAyBA;AAM/B,IAAM,2BAAA,GAA8B;ACY3C,IAAM,eAAA,GAAkB,GAAA;AAGxB,IAAM,cAAA,GAAiB,KAAK,IAAA,GAAO,IAAA;AAGnC,IAAM,cAAA,GAAiB,MAAM,IAAA,GAAO,IAAA;AAGpC,IAAM,YAAA,GAAe,GAAA;AAGrB,IAAM,gBAAgB,CAAC,eAAA,EAAiB,YAAA,EAAc,iBAAA,EAAmB,SAAS,SAAS,CAAA;AAUpF,IAAM,gBAAA,GAAmBC,oBAAA;AAOhC,IAAM,aAAA,GAAgB,kCAAA;AAWtB,SAAS,gBAAA,GAA2B;AAClC,EAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAI3B,EAAA,MAAM,iBAA2B,EAAC;AAClC,EAAA,IAAI,EAAA,GAAK,SAAA;AACT,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC3B,IAAA,cAAA,CAAe,CAAC,CAAA,GAAI,aAAA,CAAc,EAAA,GAAK,EAAE,CAAA;AACzC,IAAA,EAAA,GAAK,IAAA,CAAK,KAAA,CAAM,EAAA,GAAK,EAAE,CAAA;AAAA,EACzB;AAIA,EAAA,MAAM,EAAE,WAAA,EAAa,iBAAA,EAAkB,GAAI,UAAQ,QAAa,CAAA;AAChE,EAAA,MAAM,SAAA,GAAY,kBAAkB,EAAE,CAAA;AACtC,EAAA,MAAM,cAAwB,EAAC;AAK/B,EAAA,IAAI,WAAA,GAAc,OAAO,CAAC,CAAA;AAC1B,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,WAAA,GAAe,eAAe,MAAA,CAAO,CAAC,IAAK,MAAA,CAAO,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,EAChE;AAGA,EAAA,KAAA,IAAS,CAAA,GAAI,EAAA,EAAI,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC5B,IAAA,WAAA,CAAY,CAAC,IAAI,aAAA,CAAc,MAAA,CAAO,cAAc,MAAA,CAAO,EAAI,CAAC,CAAC,CAAA;AACjE,IAAA,WAAA,GAAc,WAAA,IAAe,OAAO,CAAC,CAAA;AAAA,EACvC;AAEA,EAAA,OAAO,eAAe,IAAA,CAAK,EAAE,CAAA,GAAI,WAAA,CAAY,KAAK,EAAE,CAAA;AACtD;AAMA,SAAS,UAAU,IAAA,EAA+B;AAChD,EAAA,MAAM,IAAA,GAAOC,oBAAW,QAAQ,CAAA;AAChC,EAAA,IAAA,CAAK,OAAO,IAAI,CAAA;AAChB,EAAA,OAAO,CAAA,OAAA,EAAU,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AACrC;AAGA,SAAS,gBAAgB,GAAA,EAAqB;AAC5C,EAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,MAAA,GAAS,KAAM,CAAC,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AACrC;AAGA,SAAS,SAAS,GAAA,EAKT;AACP,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,aAAa,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC5D,IAAA,MAAM,cAAc,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AAAA,MAC7B,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAAA,MAC/B,SAAA,EAAW,eAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,MACnC,YAAA,EAAc,GAAG,KAAA,CAAM,CAAC,CAAC,CAAA,CAAA,EAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,KACvC;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAGA,SAAS,WAAA,CACP,IAAA,EACA,OAAA,EACA,OAAA,EACa;AACb,EAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAQ;AAClC;AAMA,SAAS,eAAe,MAAA,EAA4B;AAGlD,EAAA,MAAM,cACJ,MAAA,CAAO,OAAA,CAAQ,SAAS,uBAAuB,CAAA,IAC/C,OAAO,OAAA,CAAQ,QAAA,CAAS,eAAe,CAAA,IACvC,MAAA,CAAO,QAAQ,QAAA,CAAS,IAAI,KAC5B,MAAA,CAAO,OAAA,CAAQ,SAAS,IAAI,CAAA;AAE9B,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,YAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,uBAAA,EAA0B,MAAA,CAAO,OAAO,CAAA,CAAE,CAAA;AAAA,EAChG;AACA,EAAA,OAAO,YAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,WAAA,EAAc,MAAA,CAAO,OAAO,CAAA,CAAE,CAAA;AACpF;AAMA,IAAM,YAAA,GAAe,SAAA;AAcrB,SAAS,WAAW,SAAA,EAA4B;AAG9C,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,OAAO,KAAA;AAGrC,EAAA,IAAI,SAAA,CAAU,QAAA,CAAS,IAAI,CAAA,EAAG,OAAO,KAAA;AAGrC,EAAA,MAAM,UAAA,GAAaC,UAAA,CAAU,SAAA,CAAU,SAAS,CAAA;AAMhD,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,GAAG,CAAA,EAAG,OAAO,KAAA;AACvC,EAAA,IAAI,UAAA,CAAW,UAAA,CAAW,IAAI,CAAA,EAAG,OAAO,KAAA;AACxC,EAAA,IAAI,UAAA,KAAe,KAAK,OAAO,KAAA;AAI/B,EAAA,MAAM,QAAA,GAAWA,UAAA,CAAU,OAAA,CAAQ,YAAA,EAAc,UAAU,CAAA;AAC3D,EAAA,IAAI,CAAC,QAAA,CAAS,UAAA,CAAW,eAAe,GAAG,CAAA,IAAK,aAAa,YAAA,EAAc;AACzE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,aAAA,CAAc,KAAK,CAAC,MAAA,KAAW,eAAe,MAAA,IAAU,UAAA,CAAW,UAAA,CAAW,MAAM,CAAC,CAAA;AAC9F;AAiBA,eAAsB,oBACpB,OAAA,EAC+B;AAC/B,EAAA,MAAM;AAAA,IACJ,IAAA,GAAO,SAAA;AAAA,IACP,IAAA;AAAA,IACA,WAAA;AAAA,IACA,UAAA;AAAA,IACA,QAAA;AAAA,IACA,IAAA;AAAA,IACA,MAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAGJ,EAAA,MAAM,UAAA,GACJ,IAAA,KAAS,WAAA,GAAc,CAAC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,WAAA,EAAa,CAAA,GAAI,EAAC,CAAA;AAGnE,EAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AACzB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,sBAAsB;AAAA,KAC9E;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,SAAS,YAAA,EAAc;AAClC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,aAAA;AAAA,QACjB,CAAA,mBAAA,EAAsB,QAAA,CAAS,MAAM,CAAA,GAAA,EAAM,YAAY,CAAA;AAAA;AACzD,KACF;AAAA,EACF;AAGA,EAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC1B,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,YAAA,EAAc,0BAA0B;AAAA,KAC9E;AAAA,EACF;AAGA,EAAA,MAAM,iBAAyC,EAAC;AAChD,EAAA,MAAM,cAAA,uBAAqB,GAAA,EAAY;AACvC,EAAA,MAAM,cAAwB,EAAC;AAC/B,EAAA,IAAI,WAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,QAAQ,CAAA,EAAA,EAAK;AACxC,IAAA,MAAM,GAAA,GAAM,SAAS,CAAC,CAAA;AACtB,IAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAE3B,IAAA,IAAI,CAAC,MAAA,EAAQ;AACX,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,eAAA,EAAiB,CAAA,qBAAA,EAAwB,CAAC,CAAA,CAAE;AAAA,OAClF;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,MAAA,CAAO,OAAA;AACtB,IAAA,MAAM,YAAY,MAAA,CAAO,GAAA;AACzB,IAAA,MAAM,cAAc,MAAA,CAAO,GAAA;AAE3B,IAAA,IAAI,CAAC,SAAA,EAAW;AACd,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,eAAA;AAAA,UACjB,oBAAoB,CAAC,CAAA,kBAAA;AAAA;AACvB,OACF;AAAA,IACF;AAGA,IAAA,IAAI,cAAA,CAAe,GAAA,CAAI,SAAS,CAAA,EAAG;AACjC,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,iBAAA;AAAA,UACjB,yBAAyB,SAAS,CAAA;AAAA;AACpC,OACF;AAAA,IACF;AACA,IAAA,cAAA,CAAe,IAAI,SAAS,CAAA;AAG5B,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,OAAO,gBAAgB,QAAA,EAAU;AACnC,MAAA,QAAA,GAAW,IAAI,IAAA,CAAK,WAAA,GAAc,GAAI,EAAE,WAAA,EAAY;AAAA,IACtD,CAAA,MAAA,IAAW,OAAO,WAAA,KAAgB,QAAA,EAAU;AAC1C,MAAA,QAAA,GAAW,WAAA;AAAA,IACb,CAAA,MAAO;AACL,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,eAAA;AAAA,UACjB,WAAW,SAAS,CAAA,6BAAA;AAAA;AACtB,OACF;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,WAAA,IAAe,QAAA,GAAW,WAAA,EAAa,WAAA,GAAc,QAAA;AAC1D,IAAA,IAAI,CAAC,WAAA,IAAe,QAAA,GAAW,WAAA,EAAa,WAAA,GAAc,QAAA;AAG1D,IAAA,MAAM,cAAc,SAAA,CAAU,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAC,CAAA;AAEtD,IAAA,cAAA,CAAe,IAAA,CAAK;AAAA,MAClB,UAAA,EAAY,SAAA;AAAA,MACZ,SAAA,EAAW,QAAA;AAAA,MACX,YAAA,EAAc;AAAA,KACf,CAAA;AAED,IAAA,WAAA,CAAY,KAAK,GAAG,CAAA;AAAA,EACtB;AAGA,EAAA,MAAM,aAAA,GAAgB,cAAA,CACnB,GAAA,CAAI,CAAC,OAAO,CAAA,MAAO,EAAE,KAAA,EAAO,CAAA,EAAE,CAAE,CAAA,CAChC,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AACd,IAAA,IAAI,CAAA,CAAE,KAAA,CAAM,SAAA,KAAc,CAAA,CAAE,MAAM,SAAA,EAAW;AAC3C,MAAA,OAAO,EAAE,KAAA,CAAM,SAAA,CAAU,aAAA,CAAc,CAAA,CAAE,MAAM,SAAS,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,CAAA,CAAE,KAAA,CAAM,UAAA,KAAe,CAAA,CAAE,MAAM,UAAA,EAAY;AAC7C,MAAA,OAAO,EAAE,KAAA,CAAM,UAAA,CAAW,aAAA,CAAc,CAAA,CAAE,MAAM,UAAU,CAAA;AAAA,IAC5D;AACA,IAAA,OAAO,EAAE,KAAA,CAAM,YAAA,CAAa,aAAA,CAAc,CAAA,CAAE,MAAM,YAAY,CAAA;AAAA,EAChE,CAAC,CAAA;AAEH,EAAA,MAAM,uBAAuB,aAAA,CAAc,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,KAAK,CAAA;AAC7D,EAAA,MAAM,iBAAA,GAAoB,cAAc,GAAA,CAAI,CAAC,MAAM,WAAA,CAAY,CAAA,CAAE,CAAC,CAAC,CAAA;AAGnE,EAAA,MAAM,cAAA,GAAiB,iBAAA,CAAkB,IAAA,CAAK,IAAI,CAAA,GAAI,IAAA;AACtD,EAAA,MAAM,mBAAA,GAAsB,MAAA,CAAO,IAAA,CAAK,cAAA,EAAgB,MAAM,CAAA;AAG9D,EAAA,MAAM,UAAA,GAAiC,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAS;AAAA,IAC7D,KAAK,GAAA,CAAI,GAAA;AAAA,IACT,GAAA,EAAK,IAAI,GAAA,IAAO;AAAA,GAClB,CAAE,CAAA;AACF,EAAA,UAAA,CAAW,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,GAAA,CAAI,aAAA,CAAc,CAAA,CAAE,GAAG,CAAC,CAAA;AAEpD,EAAA,MAAM,QAAA,GAAW,IAAA,CAAK,SAAA,CAAU,IAAA,EAAM,MAAM,CAAC,CAAA;AAC7C,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAG9C,EAAA,MAAM,WAAA,GAAmC;AAAA,IACvC;AAAA,MACE,IAAA,EAAM,iBAAA;AAAA,MACN,MAAA,EAAQ,UAAU,mBAAmB,CAAA;AAAA,MACrC,MAAM,mBAAA,CAAoB;AAAA,KAC5B;AAAA,IACA;AAAA,MACE,IAAA,EAAM,gBAAA;AAAA,MACN,MAAA,EAAQ,UAAU,SAAS,CAAA;AAAA,MAC3B,MAAM,SAAA,CAAU;AAAA;AAClB,GACF;AAGA,EAAA,IAAI,UAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,WAAA,GAAc,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,MAAM,CAAA;AACxC,IAAA,UAAA,GAAa,UAAU,WAAW,CAAA;AAClC,IAAA,WAAA,CAAY,IAAA,CAAK;AAAA,MACf,IAAA,EAAM,oBAAA;AAAA,MACN,MAAA,EAAQ,UAAA;AAAA,MACR,MAAM,WAAA,CAAY;AAAA,KACnB,CAAA;AAAA,EACH;AAIA,EAAA,IAAI,YAAA;AACJ,EAAA,IAAI,WAAA;AAEJ,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,YAAA,GAAe,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,MAAM,CAAA;AAC3C,IAAA,WAAA,GAAc,UAAU,YAAY,CAAA;AACpC,IAAA,WAAA,CAAY,IAAA,CAAK;AAAA,MACf,IAAA,EAAM,iBAAA;AAAA,MACN,MAAA,EAAQ,WAAA;AAAA,MACR,MAAM,YAAA,CAAa;AAAA,KACpB,CAAA;AAAA,EACH;AAGA,EAAA,WAAA,CAAY,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI,CAAC,CAAA;AAGvD,EAAA,MAAM,SAAA,GAA6B;AAAA,IACjC,KAAA,EAAO,WAAA;AAAA,IACP,GAAA,EAAK;AAAA,GACP;AAEA,EAAA,MAAM,mBAAA,GAAmE;AAAA,IACvE,OAAA,EAASH,eAAAA;AAAA,IACT,IAAA;AAAA,IACA,SAAA,EAAW,aAAa,gBAAA,EAAiB;AAAA,IACzC,IAAA,EAAM,UAAA;AAAA;AAAA,IAEN,WAAA;AAAA,IACA,UAAA;AAAA,IACA,UAAA,EAAY,UAAA,IAAA,iBAAc,IAAI,IAAA,IAAO,WAAA,EAAY;AAAA,IACjD,UAAA,EAAY,SAAA;AAAA,IACZ,QAAA,EAAU,oBAAA;AAAA,IACV,IAAA,EAAM,UAAA;AAAA,IACN,KAAA,EAAO;AAAA,GACT;AAEA,EAAA,IAAI,UAAA,EAAY;AACd,IAAC,oBAA8C,WAAA,GAAc,UAAA;AAAA,EAC/D;AAEA,EAAA,IAAI,WAAA,EAAa;AACf,IAAC,oBAA8C,aAAA,GAAgB,WAAA;AAAA,EACjE;AAGA,EAAA,MAAM,WAAA,GAAc,SAAA,CAAUI,mBAAA,CAAa,mBAAmB,CAAC,CAAA;AAE/D,EAAA,MAAM,QAAA,GAAkC;AAAA,IACtC,GAAG,mBAAA;AAAA,IACH,YAAA,EAAc;AAAA,GAChB;AAGA,EAAA,MAAM,OAAA,GAAU,IAASC,eAAA,CAAA,OAAA,EAAQ;AAIjC,EAAA,MAAM,KAAA,GAAQ,IAAI,IAAA,CAAK,QAAA,CAAS,UAAU,CAAA;AAC1C,EAAA,MAAM,UAAA,GAAa,EAAE,KAAA,EAAO,QAAA,EAAU,KAAA,EAAM;AAG5C,EAAA,MAAM,YAAA,GAAe,IAAA,CAAK,SAAA,CAAU,QAAA,EAAU,MAAM,CAAC,CAAA;AACrD,EAAA,OAAA,CAAQ,UAAU,MAAA,CAAO,IAAA,CAAK,YAAY,CAAA,EAAG,iBAAiB,UAAU,CAAA;AAGxE,EAAA,OAAA,CAAQ,SAAA,CAAU,mBAAA,EAAqB,iBAAA,EAAmB,UAAU,CAAA;AAGpE,EAAA,OAAA,CAAQ,SAAA,CAAU,SAAA,EAAW,gBAAA,EAAkB,UAAU,CAAA;AAGzD,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAa,oBAAA,EAAsB,UAAU,CAAA;AAAA,EACjE;AAGA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,SAAA,CAAU,YAAA,EAAc,iBAAA,EAAmB,UAAU,CAAA;AAAA,EAC/D;AAGA,EAAA,IAAI,eAAe,WAAA,EAAa;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAM,qBAAA,CAAsB,WAAA,EAAa,aAAa,WAAW,CAAA;AACnF,IAAA,IAAI,CAAC,UAAU,EAAA,EAAI;AACjB,MAAA,OAAO,SAAA;AAAA,IACT;AACA,IAAA,OAAA,CAAQ,UAAU,MAAA,CAAO,IAAA,CAAK,UAAU,KAAK,CAAA,EAAG,cAAc,UAAU,CAAA;AAAA,EAC1E;AAGA,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAA,MAAM,SAAmB,EAAC;AAE1B,IAAA,OAAA,CAAQ,YAAA,CACL,EAAA,CAAG,MAAA,EAAQ,CAAC,KAAA,KAAkB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA,CAChD,EAAA,CAAG,KAAA,EAAO,MAAM;AACf,MAAA,OAAA,CAAQ,EAAE,IAAI,IAAA,EAAM,KAAA,EAAO,OAAO,MAAA,CAAO,MAAM,GAAG,CAAA;AAAA,IACpD,CAAC,CAAA,CACA,EAAA,CAAG,OAAA,EAAS,CAAC,GAAA,KAAe;AAC3B,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,cAAA;AAAA,UACjB,CAAA,sBAAA,EAAyB,IAAI,OAAO,CAAA;AAAA;AACtC,OACD,CAAA;AAAA,IACH,CAAC,CAAA;AAEH,IAAA,OAAA,CAAQ,GAAA,EAAI;AAAA,EACd,CAAC,CAAA;AACH;AAKA,eAAe,qBAAA,CACb,WAAA,EACA,UAAA,EACA,GAAA,EAC+B;AAC/B,EAAA,IAAI;AACF,IAAA,MAAM,EAAE,IAAA,EAAK,GAAI,MAAM,OAAO,cAAc,CAAA;AAC5C,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,EAAE,cAAc,WAAA,EAAY,EAAG,YAAY,GAAG,CAAA;AACrE,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,GAAA,EAAI;AAAA,EAChC,SAAS,GAAA,EAAK;AACZ,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,iBAAA;AAAA,QACjB,CAAA,mCAAA,EAAuC,IAAc,OAAO,CAAA;AAAA;AAC9D,KACF;AAAA,EACF;AACF;AASA,eAAsB,kBACpB,SAAA,EAC8C;AAC9C,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAMC,gBAAA,CAAA,UAAA,CAAW,WAAW,EAAE,WAAA,EAAa,MAAK,EAAG,CAAC,KAAK,OAAA,KAAY;AACnE,MAAA,IAAI,GAAA,IAAO,CAAC,OAAA,EAAS;AACnB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,cAAA;AAAA,YACjB,CAAA,oBAAA,EAAuB,GAAA,EAAK,OAAA,IAAW,eAAe,CAAA;AAAA;AACxD,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,KAAA,uBAAY,GAAA,EAAoB;AACtC,MAAA,IAAI,UAAA,GAAa,CAAA;AACjB,MAAA,IAAI,SAAA,GAAY,CAAA;AAChB,MAAA,IAAI,gBAAA,GAAmB,CAAA;AAEvB,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAuB;AAC1C,QAAA,IAAI,KAAA,CAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC9B,UAAA,OAAA,CAAQ,SAAA,EAAU;AAClB,UAAA;AAAA,QACF;AAEA,QAAA,UAAA,EAAA;AAGA,QAAA,IAAI,aAAa,eAAA,EAAiB;AAChC,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,2BAA2B,eAAe,CAAA;AAAA;AAC5C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAGA,QAAA,IAAI,CAAC,UAAA,CAAW,KAAA,CAAM,QAAQ,CAAA,EAAG;AAC/B,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,cAAA;AAAA,cACjB,CAAA,uBAAA,EAA0B,MAAM,QAAQ,CAAA;AAAA;AAC1C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAGA,QAAA,IAAI,KAAA,CAAM,mBAAmB,cAAA,EAAgB;AAC3C,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,CAAA,iBAAA,EAAoB,MAAM,QAAQ,CAAA;AAAA;AACpC,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAEA,QAAA,SAAA,IAAa,KAAA,CAAM,gBAAA;AACnB,QAAA,IAAI,YAAY,cAAA,EAAgB;AAC9B,UAAA,OAAA,CAAQ,KAAA,EAAM;AACd,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA;AAAA,cACL,gBAAA,CAAiB,aAAA;AAAA,cACjB,0BAA0B,cAAc,CAAA,MAAA;AAAA;AAC1C,WACD,CAAA;AACD,UAAA;AAAA,QACF;AAEA,QAAA,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,EAAS,UAAA,KAAe;AACrD,UAAA,IAAI,OAAA,IAAW,CAAC,UAAA,EAAY;AAC1B,YAAA,OAAA,CAAQ,KAAA,EAAM;AACd,YAAA,OAAA,CAAQ;AAAA,cACN,EAAA,EAAI,KAAA;AAAA,cACJ,KAAA,EAAO,WAAA;AAAA,gBACL,gBAAA,CAAiB,cAAA;AAAA,gBACjB,CAAA,eAAA,EAAkB,MAAM,QAAQ,CAAA;AAAA;AAClC,aACD,CAAA;AACD,YAAA;AAAA,UACF;AAEA,UAAA,MAAM,SAAmB,EAAC;AAC1B,UAAA,IAAI,WAAA,GAAc,CAAA;AAClB,UAAoB,KAAA,CAAM,gBAAA,GAAmB,CAAA,GAAI,MAAM,gBAAA,GAAmB;AAE1E,UAAA,UAAA,CAAW,EAAA,CAAG,MAAA,EAAQ,CAAC,KAAA,KAAkB;AACvC,YAAA,WAAA,IAAe,KAAA,CAAM,MAAA;AACrB,YAAA,gBAAA,IAAoB,KAAA,CAAM,MAAA;AAI1B,YAAA,IAAI,cAAc,cAAA,EAAgB;AAChC,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,+CAAA,EAAkD,MAAM,QAAQ,CAAA,CAAA;AAAA,kBAChE,EAAE,OAAA,EAAS,KAAA,CAAM,kBAAkB,MAAA,EAAQ,WAAA,EAAa,OAAO,cAAA;AAAe;AAChF,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAGA,YAAA,IAAI,mBAAmB,cAAA,EAAgB;AACrC,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,uCAAA,EAA0C,gBAAgB,CAAA,GAAA,EAAM,cAAc,CAAA,CAAA;AAAA,kBAC9E,EAAE,MAAA,EAAQ,gBAAA,EAAkB,KAAA,EAAO,cAAA;AAAe;AACpD,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAGA,YAAA,IAAI,MAAM,gBAAA,GAAmB,CAAA,IAAK,WAAA,GAAc,KAAA,CAAM,mBAAmB,CAAA,EAAG;AAE1E,cAAA,UAAA,CAAW,OAAA,EAAQ;AACnB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA;AAAA,kBACL,gBAAA,CAAiB,aAAA;AAAA,kBACjB,CAAA,8CAAA,EAAiD,MAAM,QAAQ,CAAA,CAAA;AAAA,kBAC/D,EAAE,OAAA,EAAS,KAAA,CAAM,gBAAA,EAAkB,QAAQ,WAAA;AAAY;AACzD,eACD,CAAA;AACD,cAAA;AAAA,YACF;AAEA,YAAA,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,UACnB,CAAC,CAAA;AAED,UAAA,UAAA,CAAW,EAAA,CAAG,OAAO,MAAM;AACzB,YAAA,KAAA,CAAM,IAAI,KAAA,CAAM,QAAA,EAAU,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA;AAC/C,YAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,UACpB,CAAC,CAAA;AACD,UAAA,UAAA,CAAW,EAAA,CAAG,OAAA,EAAS,CAAC,SAAA,KAAqB;AAC3C,YAAA,OAAA,CAAQ,KAAA,EAAM;AACd,YAAA,OAAA,CAAQ;AAAA,cACN,EAAA,EAAI,KAAA;AAAA,cACJ,KAAA,EAAO,WAAA;AAAA,gBACL,gBAAA,CAAiB,cAAA;AAAA,gBACjB,CAAA,cAAA,EAAiB,UAAU,OAAO,CAAA;AAAA;AACpC,aACD,CAAA;AAAA,UACH,CAAC,CAAA;AAAA,QACH,CAAC,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAO,MAAM;AACtB,QAAA,qBAAA,CAAsB,OAAO,OAAO,CAAA;AAAA,MACtC,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,MAAA,KAAkB;AACrC,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,eAAe,MAAM;AAAA,SAC7B,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,IACpB,CAAC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AAKA,SAAS,qBAAA,CACP,OACA,OAAA,EACM;AAEN,EAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,GAAA,CAAI,eAAe,CAAA;AAChD,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,mCAAmC;AAAA,KAC1F,CAAA;AACD,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,IAAI;AACF,IAAA,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,cAAA,CAAe,QAAA,CAAS,MAAM,CAAC,CAAA;AAAA,EACvD,SAAS,QAAA,EAAU;AACjB,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,gBAAA;AAAA,QACjB,CAAA,+BAAA,EAAmC,SAAmB,OAAO,CAAA;AAAA;AAC/D,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,IAAI,QAAA,CAAS,YAAYN,eAAAA,EAAgB;AACvC,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,gBAAA;AAAA,QACjB,CAAA,4BAAA,EAA+B,SAAS,OAAO,CAAA,CAAA;AAAA,QAC/C,EAAE,QAAA,EAAUA,eAAAA,EAAgB,MAAA,EAAQ,SAAS,OAAA;AAAQ;AACvD,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,MAAM,EAAE,YAAA,EAAc,GAAG,mBAAA,EAAoB,GAAI,QAAA;AACjD,EAAA,MAAM,YAAA,GAAe,SAAA,CAAUI,mBAAA,CAAa,mBAAmB,CAAC,CAAA;AAEhE,EAAA,IAAI,iBAAiB,YAAA,EAAc;AACjC,IAAA,OAAA,CAAQ;AAAA,MACN,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,WAAA;AAAA,QACL,gBAAA,CAAiB,aAAA;AAAA,QACjB,yCAAA;AAAA,QACA,EAAE,QAAA,EAAU,YAAA,EAAc,QAAA,EAAU,YAAA;AAAa;AACnD,KACD,CAAA;AACD,IAAA;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,SAAA,IAAa,SAAS,KAAA,EAAO;AACtC,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CAAI,SAAA,CAAU,IAAI,CAAA;AAC3C,IAAA,IAAI,CAAC,UAAA,EAAY;AACf,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAgB,CAAA,gBAAA,EAAmB,SAAA,CAAU,IAAI,CAAA,CAAE;AAAA,OACxF,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,gBAAA,GAAmB,UAAU,UAAU,CAAA;AAC7C,IAAA,IAAI,gBAAA,KAAqB,UAAU,MAAA,EAAQ;AACzC,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,aAAA;AAAA,UACjB,CAAA,oBAAA,EAAuB,UAAU,IAAI,CAAA,CAAA;AAAA,UACrC,EAAE,QAAA,EAAU,SAAA,CAAU,MAAA,EAAQ,UAAU,gBAAA;AAAiB;AAC3D,OACD,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,UAAA,CAAW,MAAA,KAAW,SAAA,CAAU,IAAA,EAAM;AACxC,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA;AAAA,UACL,gBAAA,CAAiB,aAAA;AAAA,UACjB,CAAA,oBAAA,EAAuB,UAAU,IAAI,CAAA,CAAA;AAAA,UACrC,EAAE,QAAA,EAAU,SAAA,CAAU,IAAA,EAAM,MAAA,EAAQ,WAAW,MAAA;AAAO;AACxD,OACD,CAAA;AACD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAA;AAClD,EAAA,MAAM,QAAA,uBAAe,GAAA,EAAoB;AAEzC,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,MAAM,KAAA,GAAQ,eAAe,QAAA,CAAS,MAAM,EAAE,IAAA,EAAK,CAAE,MAAM,IAAI,CAAA;AAG/D,IAAA,IAAI,OAAA,GAAU,EAAA;AACd,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,MAAA,MAAM,GAAA,GAAM,KAAA,CAAM,CAAC,CAAA,CAAE,IAAA,EAAK;AAC1B,MAAA,IAAI,CAAC,GAAA,EAAK;AAEV,MAAA,MAAM,MAAA,GAAS,SAAS,GAAG,CAAA;AAC3B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,OAAO,WAAA,CAAY,gBAAA,CAAiB,iBAAiB,CAAA,oBAAA,EAAuB,CAAA,GAAI,CAAC,CAAA,CAAE;AAAA,SACpF,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,SAAA,GAAY,OAAO,OAAA,CAAQ,GAAA;AAGjC,MAAA,IAAI,QAAA,CAAS,GAAA,CAAI,SAAS,CAAA,EAAG;AAC3B,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,iBAAA;AAAA,YACjB,mCAAmC,SAAS,CAAA,CAAA;AAAA,YAC5C,EAAE,UAAA,EAAY,SAAA,EAAW,IAAA,EAAM,IAAI,CAAA;AAAE;AACvC,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,MAAM,WACJ,OAAO,MAAA,CAAO,QAAQ,GAAA,KAAQ,QAAA,GAC1B,IAAI,IAAA,CAAK,MAAA,CAAO,OAAA,CAAQ,GAAA,GAAM,GAAI,CAAA,CAAE,WAAA,KACpC,MAAA,CAAO,MAAA,CAAO,QAAQ,GAAG,CAAA;AAC/B,MAAA,MAAM,cAAc,SAAA,CAAU,MAAA,CAAO,IAAA,CAAK,GAAA,EAAK,MAAM,CAAC,CAAA;AAGtD,MAAA,MAAM,aAAa,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,SAAS,IAAI,WAAW,CAAA,CAAA;AAC1D,MAAA,IAAI,aAAa,OAAA,EAAS;AACxB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,kBAAA;AAAA,YACjB;AAAA;AACF,SACD,CAAA;AACD,QAAA;AAAA,MACF;AACA,MAAA,OAAA,GAAU,UAAA;AAEV,MAAA,QAAA,CAAS,GAAA,CAAI,WAAW,GAAG,CAAA;AAAA,IAC7B;AAAA,EACF;AAGA,EAAA,IAAI,IAAA,GAAsB,EAAE,IAAA,EAAM,EAAC,EAAE;AACrC,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,GAAA,CAAI,gBAAgB,CAAA;AAC7C,EAAA,IAAI,UAAA,EAAY;AACd,IAAA,IAAI;AACF,MAAA,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,UAAA,CAAW,QAAA,CAAS,MAAM,CAAC,CAAA;AAAA,IAC/C,CAAA,CAAA,MAAQ;AACN,MAAA,OAAA,CAAQ;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,gCAAgC;AAAA,OACvF,CAAA;AACD,MAAA;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,aAAA;AACJ,EAAA,MAAM,YAAA,GAAe,KAAA,CAAM,GAAA,CAAI,oBAAoB,CAAA;AACnD,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,aAAA,GAAgB,YAAA,CAAa,SAAS,MAAM,CAAA;AAG5C,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,MAAM,kBAAA,GAAqB,UAAU,YAAY,CAAA;AACjD,MAAA,IAAI,kBAAA,KAAuB,SAAS,WAAA,EAAa;AAC/C,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,oBAAA,EAAsB,sBAAA,EAAwB;AAAA,YAChF,UAAU,QAAA,CAAS,WAAA;AAAA,YACnB,QAAA,EAAU;AAAA,WACX;AAAA,SACF,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,cAAA;AACJ,EAAA,MAAM,aAAA,GAAgB,KAAA,CAAM,GAAA,CAAI,iBAAiB,CAAA;AACjD,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,cAAA,GAAiB,aAAA,CAAc,SAAS,MAAM,CAAA;AAG9C,IAAA,IAAI,SAAS,aAAA,EAAe;AAC1B,MAAA,MAAM,mBAAA,GAAsB,UAAU,aAAa,CAAA;AACnD,MAAA,IAAI,mBAAA,KAAwB,SAAS,aAAA,EAAe;AAClD,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,oBAAA,EAAsB,wBAAA,EAA0B;AAAA,YAClF,UAAU,QAAA,CAAS,aAAA;AAAA,YACnB,QAAA,EAAU;AAAA,WACX;AAAA,SACF,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,SAAA;AACJ,EAAA,MAAM,SAAA,GAAY,KAAA,CAAM,GAAA,CAAI,YAAY,CAAA;AACxC,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,SAAA,GAAY,SAAA,CAAU,SAAS,MAAM,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ;AAAA,IACN,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,MACL,QAAA;AAAA,MACA,QAAA;AAAA,MACA,IAAA;AAAA,MACA,MAAA,EAAQ,aAAA;AAAA,MACR,QAAA,EAAU,cAAA;AAAA,MACV,UAAA,EAAY;AAAA;AACd,GACD,CAAA;AACH;AAKA,eAAsB,sBACpB,SAAA,EAC4D;AAC5D,EAAA,MAAM,MAAA,GAAS,MAAM,iBAAA,CAAkB,SAAS,CAAA;AAChD,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAM,KAAA,EAAO,EAAE,QAAA,EAAU,MAAA,CAAO,KAAA,CAAM,QAAA,EAAS,EAAE;AAChE;AAKA,eAAsB,qBAAqB,SAAA,EAAkD;AAC3F,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,KAAY;AAC9B,IAAME,gBAAA,CAAA,UAAA,CAAW,WAAW,EAAE,WAAA,EAAa,MAAK,EAAG,CAAC,KAAK,OAAA,KAAY;AACnE,MAAA,IAAI,GAAA,IAAO,CAAC,OAAA,EAAS;AACnB,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,WAAA;AAAA,YACL,gBAAA,CAAiB,cAAA;AAAA,YACjB,CAAA,oBAAA,EAAuB,GAAA,EAAK,OAAA,IAAW,SAAS,CAAA;AAAA;AAClD,SACD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,KAAA,GAAQ,KAAA;AAEZ,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,KAAA,KAAuB;AAC1C,QAAA,IAAI,KAAA,CAAM,aAAa,eAAA,EAAiB;AACtC,UAAA,KAAA,GAAQ,IAAA;AACR,UAAA,OAAA,CAAQ,cAAA,CAAe,KAAA,EAAO,CAAC,OAAA,EAAS,UAAA,KAAe;AACrD,YAAA,IAAI,OAAA,IAAW,CAAC,UAAA,EAAY;AAC1B,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,OAAA,CAAQ;AAAA,gBACN,EAAA,EAAI,KAAA;AAAA,gBACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,cAAA,EAAgB,CAAA,4BAAA,CAA8B;AAAA,eACnF,CAAA;AACD,cAAA;AAAA,YACF;AAEA,YAAA,MAAM,SAAmB,EAAC;AAC1B,YAAA,UAAA,CAAW,GAAG,MAAA,EAAQ,CAAC,UAAkB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AAC3D,YAAA,UAAA,CAAW,EAAA,CAAG,OAAO,MAAM;AACzB,cAAA,OAAA,CAAQ,KAAA,EAAM;AACd,cAAA,IAAI;AACF,gBAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AAAA,kBACpB,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA,CAAE,SAAS,MAAM;AAAA,iBACvC;AACA,gBAAA,OAAA,CAAQ,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,QAAA,CAAS,cAAc,CAAA;AAAA,cACpD,SAAS,QAAA,EAAU;AACjB,gBAAA,OAAA,CAAQ;AAAA,kBACN,EAAA,EAAI,KAAA;AAAA,kBACJ,KAAA,EAAO,WAAA;AAAA,oBACL,gBAAA,CAAiB,gBAAA;AAAA,oBACjB,CAAA,6BAAA;AAAA;AACF,iBACD,CAAA;AAAA,cACH;AAAA,YACF,CAAC,CAAA;AAAA,UACH,CAAC,CAAA;AAAA,QACH,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,QACpB;AAAA,MACF,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAO,MAAM;AACtB,QAAA,IAAI,CAAC,KAAA,EAAO;AACV,UAAA,OAAA,CAAQ;AAAA,YACN,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,WAAA,CAAY,gBAAA,CAAiB,gBAAA,EAAkB,yBAAyB;AAAA,WAChF,CAAA;AAAA,QACH;AAAA,MACF,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,EAAA,CAAG,OAAA,EAAS,CAAC,MAAA,KAAkB;AACrC,QAAA,OAAA,CAAQ;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,eAAe,MAAM;AAAA,SAC7B,CAAA;AAAA,MACH,CAAC,CAAA;AAED,MAAA,OAAA,CAAQ,SAAA,EAAU;AAAA,IACpB,CAAC,CAAA;AAAA,EACH,CAAC,CAAA;AACH;AC5hCA,SAASC,WAAU,IAAA,EAA+B;AAChD,EAAA,MAAM,IAAA,GAAOL,oBAAW,QAAQ,CAAA;AAChC,EAAA,IAAA,CAAK,OAAO,IAAI,CAAA;AAChB,EAAA,OAAO,CAAA,OAAA,EAAU,IAAA,CAAK,MAAA,CAAO,KAAK,CAAC,CAAA,CAAA;AACrC;AAGA,SAASM,iBAAgB,GAAA,EAAqB;AAC5C,EAAA,MAAM,MAAA,GAAS,MAAM,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,MAAA,GAAS,KAAM,CAAC,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AACrC;AAGA,SAASC,UAAS,GAAA,EAIT;AACP,EAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAC3B,EAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,aAAaD,gBAAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC5D,IAAA,MAAM,cAAcA,gBAAAA,CAAgB,KAAA,CAAM,CAAC,CAAC,CAAA,CAAE,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AAAA,MAC7B,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,WAAW,CAAA;AAAA,MAC/B,SAAA,EAAW,MAAM,CAAC;AAAA,KACpB;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AAeA,SAAS,eAAkB,GAAA,EAAW;AACpC,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,EAAW;AACrC,IAAA,OAAO,GAAA;AAAA,EACT;AACA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,GAAA,CAAI,IAAI,cAAc,CAAA;AAAA,EAC/B;AACA,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,MAAM,SAAkC,EAAC;AACzC,IAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,GAA8B,CAAA,EAAG;AACzE,MAAA,IAAI,UAAU,MAAA,EAAW;AACvB,QAAA,MAAA,CAAO,GAAG,CAAA,GAAI,cAAA,CAAe,KAAK,CAAA;AAAA,MACpC;AAAA,IACF;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,GAAA;AACT;AAYA,SAAS,mBAAA,CACP,SACA,GAAA,EACsC;AACtC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,MAAM,SAAS,IAAA,CAAK,KAAA,CAAM,GAAA,CAAI,OAAA,KAAY,GAAI,CAAA;AAG9C,EAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC;AAEA,EAAA,IAAI,CAAC,QAAQ,GAAA,EAAK;AAChB,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC;AAEA,EAAA,IAAI,OAAA,CAAQ,QAAQ,MAAA,EAAW;AAC7B,IAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,EACrC,CAAA,MAAO;AACL,IAAA,MAAM,MAAM,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,GAAW,QAAQ,GAAA,GAAM,GAAA;AAC5D,IAAA,IAAI,KAAA,CAAM,GAAG,CAAA,EAAG;AACd,MAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,IACrC,CAAA,MAAA,IAAW,GAAA,GAAM,MAAA,GAAS,GAAA,EAAK;AAE7B,MAAA,MAAA,CAAO,KAAK,yBAAyB,CAAA;AAAA,IACvC;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,QAAQ,MAAA,EAAW;AAC7B,IAAA,MAAM,MAAM,OAAO,OAAA,CAAQ,GAAA,KAAQ,QAAA,GAAW,QAAQ,GAAA,GAAM,GAAA;AAC5D,IAAA,IAAI,KAAA,CAAM,GAAG,CAAA,EAAG;AACd,MAAA,MAAA,CAAO,KAAK,uBAAuB,CAAA;AAAA,IACrC,CAAA,MAAA,IAAW,MAAM,MAAA,EAAQ;AACvB,MAAA,MAAA,CAAO,KAAK,mBAAmB,CAAA;AAAA,IACjC;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAO,MAAA,KAAW,CAAA;AAAA,IACzB;AAAA,GACF;AACF;AAKA,SAAS,gBAAgB,MAAA,EAAqD;AAC5E,EAAA,OAAO,OAAO,MAAA,CAAO,GAAA,KAAQ,QAAA,GAAW,OAAO,GAAA,GAAM,MAAA;AACvD;AAMA,SAAS,oBAAoB,GAAA,EAAoC;AAC/D,EAAA,IAAI,GAAA,CAAI,QAAQ,KAAA,IAAS,GAAA,CAAI,QAAQ,SAAA,IAAa,CAAC,IAAI,CAAA,EAAG;AACxD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,CAAA,GAAI,GAAA,CAAI,MAAA,CAAA,CAAQ,IAAK,GAAA,CAAI,CAAA,CAAE,MAAA,GAAS,CAAA,IAAM,CAAC,CAAA;AAC9D,EAAA,MAAM,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC1D,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AAC1C,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,WAAW,KAAK,CAAA;AAC7B;AAKA,SAAS,OAAA,CAAQ,MAAoB,GAAA,EAAqC;AACxE,EAAA,OAAO,KAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,GAAG,CAAA;AACvC;AAQA,eAAe,aAAA,CACb,SAAA,EACA,GAAA,EACA,cAAA,EACA,OAAA,EACoC;AACpC,EAAA,MAAM,MAAA,GAASC,UAAS,GAAG,CAAA;AAE3B,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,CAAC,0BAA0B;AAAA,KACrC;AAAA,EACF;AAEA,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,MAAA;AAC5B,EAAA,MAAM,KAAA,GAAQ,gBAAgB,MAAM,CAAA;AACpC,EAAA,MAAM,SAAmB,EAAC;AAG1B,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,CAAC,uBAAuB;AAAA,KAClC;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,cAAA,CAAe,IAAA,CAAK,MAAM,KAAK,CAAA;AACnD,EAAA,IAAI,CAAC,GAAA,EAAK;AAER,IAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,UAAA,EAAY,SAAA;AAAA,QACZ,eAAA,EAAiB,KAAA;AAAA,QACjB,YAAA,EAAc,KAAA;AAAA,QACd,MAAA,EAAQ,KAAA;AAAA,QACR,MAAA,EAAQ,CAAC,gBAAA,CAAiB,WAAW;AAAA,OACvC;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,CAAC,gBAAA,CAAiB,WAAW;AAAA,KACvC;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,GAAG,CAAA;AAC9C,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,SAAA;AAAA,MACZ,eAAA,EAAiB,KAAA;AAAA,MACjB,YAAA,EAAc,KAAA;AAAA,MACd,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,CAAC,8BAA8B;AAAA,KACzC;AAAA,EACF;AAGA,EAAA,IAAI,cAAA,GAAiB,KAAA;AACrB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAMC,aAAA,CAAU,GAAA,EAAK,cAAc,CAAA;AAClD,IAAA,cAAA,GAAiB,MAAA,CAAO,KAAA;AACxB,IAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,MAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,IAC3C;AAAA,EACF,SAAS,GAAA,EAAc;AAErB,IAAA,IAAI,eAAeC,kBAAA,EAAa;AAC9B,MAAA,MAAA,CAAO,IAAA,CAAK,CAAA,uBAAA,EAA0B,GAAA,CAAI,IAAI,CAAA,CAAE,CAAA;AAAA,IAClD,CAAA,MAAO;AACL,MAAA,MAAA,CAAO,KAAK,6BAA6B,CAAA;AAAA,IAC3C;AACA,IAAA,cAAA,GAAiB,KAAA;AAAA,EACnB;AAGA,EAAA,MAAM,eAAe,mBAAA,CAAoB,OAAA,EAAS,QAAQ,GAAA,oBAAO,IAAI,MAAM,CAAA;AAC3E,EAAA,MAAA,CAAO,IAAA,CAAK,GAAG,YAAA,CAAa,MAAM,CAAA;AAElC,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,SAAA;AAAA,IACZ,eAAA,EAAiB,cAAA;AAAA,IACjB,cAAc,YAAA,CAAa,KAAA;AAAA,IAC3B,MAAA,EAAQ,KAAA;AAAA,IACR,MAAA;AAAA,IACA,QAAQ,cAAA,IAAkB,YAAA,CAAa,SAAS,MAAA,CAAO,MAAA,KAAW,IAAI,OAAA,GAAU;AAAA,GAClF;AACF;AAKA,SAAS,cAAc,OAAA,EAAuD;AAC5E,EAAA,MAAM,KAAA,uBAAY,GAAA,EAAsB;AAExC,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,MAAM,WAAW,KAAA,CAAM,GAAA,CAAI,MAAA,CAAO,MAAM,KAAK,EAAC;AAC9C,MAAA,QAAA,CAAS,IAAA,CAAK,OAAO,UAAU,CAAA;AAC/B,MAAA,KAAA,CAAM,GAAA,CAAI,MAAA,CAAO,MAAA,EAAQ,QAAQ,CAAA;AAAA,IACnC;AAAA,EACF;AAEA,EAAA,MAAM,UAA2B,EAAC;AAClC,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,UAAU,CAAA,IAAK,KAAA,EAAO;AACrC,IAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,MACX,GAAA;AAAA,MACA,iBAAiB,UAAA,CAAW,MAAA;AAAA,MAC5B,WAAA,EAAa,WAAW,IAAA;AAAK,KAC9B,CAAA;AAAA,EACH;AAGA,EAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,GAAA,CAAI,aAAA,CAAc,CAAA,CAAE,GAAG,CAAC,CAAA;AAC1D;AAKA,SAAS,sBAAA,CACP,aAAA,EACA,UAAA,EACA,YAAA,EACA,OAAA,EACgB;AAChB,EAAA,MAAM,QAAA,GAAW,CAAA,EAAG,UAAU,CAAA,CAAA,EAAI,aAAa,CAAA,eAAA,CAAA;AAE/C,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,CAAC,MAAA,CAAO,eAAA,IAAmB,CAAC,OAAO,YAAA,EAAc;AACnD,MAAA,MAAM,YAAA,GACJ,OAAO,MAAA,CAAO,MAAA,GAAS,IAAI,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,GAAI,mBAAA;AACxD,MAAA,MAAA,CAAO,KAAK,CAAA,QAAA,EAAW,MAAA,CAAO,UAAU,CAAA,EAAA,EAAK,YAAY,CAAA,CAAE,CAAA;AAAA,IAC7D;AAAA,EACF;AAGA,EAAA,MAAA,CAAO,IAAA,EAAK;AAEZ,EAAA,IAAI,cAAA;AACJ,EAAA,IAAI,iBAAiB,CAAA,EAAG;AACtB,IAAA,cAAA,GAAiB,OAAA;AAAA,EACnB,CAAA,MAAA,IAAW,iBAAiB,aAAA,EAAe;AACzC,IAAA,cAAA,GAAiB,SAAA;AAAA,EACnB,CAAA,MAAO;AACL,IAAA,cAAA,GAAiB,cAAA;AAAA,EACnB;AAEA,EAAA,OAAO;AAAA,IACL,QAAA;AAAA,IACA,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAMA,eAAe,sBACb,cAAA,EACgC;AAChC,EAAA,MAAM,EAAE,UAAA,EAAY,IAAA,EAAM,QAAA,EAAS,GAAI,cAAA;AAGvC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAO,EAAE,SAAS,KAAA,EAAM;AAAA,EAC1B;AAGA,EAAA,MAAM,MAAA,GAASF,UAAS,UAAU,CAAA;AAClC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAO,MAAA,CAAO,MAAA,CAAO,QAAQ,QAAA,GAAW,MAAA,CAAO,OAAO,GAAA,GAAM,MAAA;AAC1E,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAM,KAAK,IAAA,CAAK,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,QAAQ,KAAK,CAAA;AACjD,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,OAAO,gBAAA,CAAiB;AAAA,KAC1B;AAAA,EACF;AAGA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,GAAG,CAAA;AAC9C,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAMC,aAAA,CAAoC,UAAA,EAAY,cAAc,CAAA;AAEnF,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACjB,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,OAAO,gBAAA,CAAiB;AAAA,OAC1B;AAAA,IACF;AAGA,IAAA,IAAI,MAAA,CAAO,OAAA,CAAQ,YAAA,KAAiB,QAAA,CAAS,YAAA,EAAc;AACzD,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,KAAA,EAAO,KAAA;AAAA,QACP,MAAA,EAAQ,KAAA;AAAA,QACR,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,IAAA;AAAA,MACP,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,SAAS,GAAA,EAAc;AACrB,IAAA,MAAM,WACJ,GAAA,YAAeC,kBAAA,GACX,mCAAmC,GAAA,CAAI,IAAI,KAC3C,gBAAA,CAAiB,iBAAA;AAEvB,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA;AAAA,MACR,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AACF;AAoBA,eAAsB,YAAA,CACpB,WACA,OAAA,EAC2C;AAE3C,EAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,SAAS,CAAA;AACpD,EAAA,IAAI,CAAC,WAAW,EAAA,EAAI;AAClB,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,iBAAiB,UAAA,CAAW,KAAA;AAClC,EAAA,MAAM,EAAE,QAAA,EAAU,QAAA,EAAS,GAAI,cAAA;AAG/B,EAAA,MAAM,eAAA,GAAkB,MAAM,qBAAA,CAAsB,cAAc,CAAA;AAGlE,EAAA,MAAM,UAAuC,EAAC;AAE9C,EAAA,KAAA,MAAW,YAAA,IAAgB,SAAS,QAAA,EAAU;AAC5C,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,GAAA,CAAI,YAAA,CAAa,UAAU,CAAA;AAChD,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,OAAA,CAAQ,IAAA,CAAK;AAAA,QACX,YAAY,YAAA,CAAa,UAAA;AAAA,QACzB,eAAA,EAAiB,KAAA;AAAA,QACjB,YAAA,EAAc,KAAA;AAAA,QACd,MAAA,EAAQ,CAAC,4BAA4B;AAAA,OACtC,CAAA;AACD,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,MAAM,aAAA,CAAc,aAAa,UAAA,EAAY,GAAA,EAAK,gBAAgB,OAAO,CAAA;AACxF,IAAA,OAAA,CAAQ,KAAK,MAAM,CAAA;AAAA,EACrB;AAGA,EAAA,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,EAAG,CAAA,KAAM,EAAE,UAAA,CAAW,aAAA,CAAc,CAAA,CAAE,UAAU,CAAC,CAAA;AAG/D,EAAA,MAAM,aAAa,OAAA,CAAQ,MAAA;AAAA,IACzB,CAAC,MAAM,CAAA,CAAE,eAAA,IAAmB,EAAE,YAAA,IAAgB,CAAA,CAAE,OAAO,MAAA,KAAW;AAAA,GACpE,CAAE,MAAA;AACF,EAAA,MAAM,YAAA,GAAe,QAAQ,MAAA,GAAS,UAAA;AAGtC,EAAA,MAAM,QAAA,GAAW,cAAc,OAAO,CAAA;AAGtC,EAAA,MAAM,iBAAiB,sBAAA,CAAuB,OAAA,CAAQ,MAAA,EAAQ,UAAA,EAAY,cAAc,OAAO,CAAA;AAG/F,EAAA,MAAM,iBAAA,GAA6D;AAAA,IACjE,OAAA,EAAS,2BAAA;AAAA,IACT,qBAAqB,QAAA,CAAS,YAAA;AAAA,IAC9B,gBAAA,EAAkB,eAAA;AAAA,IAClB,OAAA,EAAS;AAAA,MACP,gBAAgB,OAAA,CAAQ,MAAA;AAAA,MACxB,KAAA,EAAO,UAAA;AAAA,MACP,OAAA,EAAS;AAAA,KACX;AAAA,IACA,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW,QAAA;AAAA,IACX,eAAA,EAAiB;AAAA,GACnB;AAIA,EAAA,MAAM,aAAA,GAAgB,eAAe,iBAAiB,CAAA;AACtD,EAAA,MAAM,UAAA,GAAaJ,UAAAA,CAAUH,mBAAAA,CAAa,aAAa,CAAC,CAAA;AAExD,EAAA,MAAM,MAAA,GAA6B;AAAA,IACjC,GAAG,iBAAA;AAAA,IACH,WAAA,EAAa;AAAA,GACf;AAEA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,GACT;AACF;AASO,SAAS,eAAA,CAAgB,MAAA,EAA4B,MAAA,GAAkB,KAAA,EAAe;AAC3F,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,IAAA,CAAK,SAAA,CAAU,MAAA,EAAQ,IAAA,EAAM,CAAC,CAAA;AAAA,EACvC;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,MAAM,CAAA;AAC9B;AAQO,SAAS,iBAAiB,MAAA,EAAoC;AACnE,EAAA,MAAM,QAAkB,EAAC;AAEzB,EAAA,KAAA,CAAM,KAAK,yCAAyC,CAAA;AACpD,EAAA,KAAA,CAAM,KAAK,0CAA0C,CAAA;AACrD,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,qBAAA,EAAwB,MAAA,CAAO,mBAAmB,CAAA,CAAE,CAAA;AAC/D,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,aAAA,EAAgB,MAAA,CAAO,WAAW,CAAA,CAAE,CAAA;AAC/C,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAGb,EAAA,KAAA,CAAM,KAAK,kBAAkB,CAAA;AAC7B,EAAA,KAAA,CAAM,KAAK,kBAAkB,CAAA;AAC7B,EAAA,IAAI,CAAC,MAAA,CAAO,gBAAA,CAAiB,OAAA,EAAS;AACpC,IAAA,KAAA,CAAM,KAAK,sBAAsB,CAAA;AAAA,EACnC,CAAA,MAAA,IAAW,MAAA,CAAO,gBAAA,CAAiB,KAAA,EAAO;AACxC,IAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,IAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,gBAAA,CAAiB,MAAM,CAAA,CAAE,CAAA;AAAA,EAC1D,CAAA,MAAO;AACL,IAAA,KAAA,CAAM,KAAK,mBAAmB,CAAA;AAC9B,IAAA,IAAI,MAAA,CAAO,iBAAiB,MAAA,EAAQ;AAClC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,gBAAA,CAAiB,MAAM,CAAA,CAAE,CAAA;AAAA,IAC1D;AACA,IAAA,IAAI,MAAA,CAAO,iBAAiB,KAAA,EAAO;AACjC,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,MAAA,CAAO,gBAAA,CAAiB,KAAK,CAAA,CAAE,CAAA;AAAA,IACxD;AAAA,EACF;AACA,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAEb,EAAA,KAAA,CAAM,KAAK,SAAS,CAAA;AACpB,EAAA,KAAA,CAAM,KAAK,SAAS,CAAA;AACpB,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,gBAAA,EAAmB,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,CAAE,CAAA;AAC7D,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,OAAA,EAAU,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,CAAA;AAC3C,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,CAAE,CAAA;AAC/C,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AACb,EAAA,KAAA,CAAM,KAAK,CAAA,gBAAA,EAAmB,MAAA,CAAO,gBAAgB,cAAA,CAAe,WAAA,EAAa,CAAA,CAAE,CAAA;AACnF,EAAA,KAAA,CAAM,IAAA,CAAK,CAAA,UAAA,EAAa,MAAA,CAAO,eAAA,CAAgB,QAAQ,CAAA,CAAE,CAAA;AACzD,EAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAEb,EAAA,IAAI,MAAA,CAAO,eAAA,CAAgB,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC5C,IAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,IAAA,KAAA,CAAM,KAAK,QAAQ,CAAA;AACnB,IAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,eAAA,CAAgB,MAAA,EAAQ;AACjD,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,IAAA,EAAO,KAAK,CAAA,CAAE,CAAA;AAAA,IAC3B;AACA,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,IAAI,MAAA,CAAO,SAAA,CAAU,MAAA,GAAS,CAAA,EAAG;AAC/B,IAAA,KAAA,CAAM,KAAK,WAAW,CAAA;AACtB,IAAA,KAAA,CAAM,KAAK,WAAW,CAAA;AACtB,IAAA,KAAA,MAAW,QAAA,IAAY,OAAO,SAAA,EAAW;AACvC,MAAA,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,QAAA,CAAS,GAAG,CAAA,EAAA,EAAK,QAAA,CAAS,eAAe,CAAA,WAAA,CAAa,CAAA;AAAA,IACxE;AACA,IAAA,KAAA,CAAM,KAAK,EAAE,CAAA;AAAA,EACf;AAEA,EAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,EAAA,KAAA,CAAM,KAAK,iBAAiB,CAAA;AAC5B,EAAA,KAAA,MAAW,OAAA,IAAW,OAAO,QAAA,EAAU;AACrC,IAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,eAAA,IAAmB,OAAA,CAAQ,eAAe,OAAA,GAAU,SAAA;AAC3E,IAAA,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,OAAA,CAAQ,UAAU,CAAA,EAAA,EAAK,MAAM,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAI,QAAQ,MAAA,EAAQ;AAClB,MAAA,KAAA,CAAM,IAAA,CAAK,CAAA,SAAA,EAAY,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AAAA,IACzC;AACA,IAAA,IAAI,OAAA,CAAQ,MAAA,CAAO,MAAA,GAAS,CAAA,EAAG;AAC7B,MAAA,KAAA,CAAM,KAAK,CAAA,YAAA,EAAe,OAAA,CAAQ,OAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,IACvD;AAAA,EACF;AAEA,EAAA,OAAO,KAAA,CAAM,KAAK,IAAI,CAAA;AACxB;;;ACplBO,IAAM,qBAAA,GAAwB","file":"index.cjs","sourcesContent":["/*\n Audit Entry Creation and Validation (v0.9.27+)\n \n Functions for creating and validating PEAC audit entries.\n /\n\nimport type {\n AuditEntry,\n AuditEventType,\n AuditSeverity,\n CreateAuditEntryOptions,\n TraceContext,\n} from './types.js';\n\n/* PEAC audit format version /\nexport const AUDIT_VERSION = 'peac.audit/0.9' as const;\n\n/\n Valid audit event types.\n /\nexport const AUDIT_EVENT_TYPES: readonly AuditEventType[] = [\n 'receipt_issued',\n 'receipt_verified',\n 'receipt_denied',\n 'access_decision',\n 'dispute_filed',\n 'dispute_acknowledged',\n 'dispute_resolved',\n 'dispute_rejected',\n 'dispute_appealed',\n 'dispute_final',\n 'attribution_created',\n 'attribution_verified',\n 'identity_verified',\n 'identity_rejected',\n 'policy_evaluated',\n] as const;\n\n/\n Valid severity levels.\n /\nexport const AUDIT_SEVERITIES: readonly AuditSeverity[] = [\n 'info',\n 'warn',\n 'error',\n 'critical',\n] as const;\n\n/\n ULID-compatible ID generator.\n * Uses timestamp prefix + random suffix for time-ordered, unique IDs.\n \n Format: 26 uppercase alphanumeric characters (Crockford Base32)\n /\nexport function generateAuditId(): string {\n // Crockford Base32 alphabet (excludes I, L, O, U)\n const ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';\n\n // Timestamp component (10 chars, milliseconds since epoch)\n const now = Date.now();\n let timestampPart = '';\n let time = now;\n for (let i = 0; i < 10; i++) {\n timestampPart = ALPHABET[time % 32] + timestampPart;\n time = Math.floor(time / 32);\n }\n\n // Random component (16 chars)\n let randomPart = '';\n for (let i = 0; i < 16; i++) {\n randomPart += ALPHABET[Math.floor(Math.random() 32)];\n }\n\n return timestampPart + randomPart;\n}\n\n/*\n Validate ULID format.\n \n @param id - ID to validate\n * @returns True if valid ULID format\n /\nexport function isValidUlid(id: string): boolean {\n return /^[0-9A-HJKMNP-TV-Z]{26}$/.test(id);\n}\n\n/\n Validate trace context format.\n \n @param trace - Trace context to validate\n * @returns True if valid W3C Trace Context format\n /\nexport function isValidTraceContext(trace: TraceContext): boolean {\n // Trace ID: 32 hex characters\n if (!/^[0-9a-f]{32}$/i.test(trace.trace_id)) {\n return false;\n }\n\n // Span ID: 16 hex characters\n if (!/^[0-9a-f]{16}$/i.test(trace.span_id)) {\n return false;\n }\n\n // Parent span ID (optional): 16 hex characters\n if (trace.parent_span_id && !/^[0-9a-f]{16}$/i.test(trace.parent_span_id)) {\n return false;\n }\n\n // Trace flags (optional): 2 hex characters\n if (trace.trace_flags && !/^[0-9a-f]{2}$/i.test(trace.trace_flags)) {\n return false;\n }\n\n return true;\n}\n\n/\n Create an audit entry with defaults applied.\n \n @param options - Entry creation options\n * @returns A valid AuditEntry\n \n @example\n * ```typescript\n * const entry = createAuditEntry({\n * event_type: 'receipt_issued',\n * actor: { type: 'system', id: 'peac-issuer' },\n * resource: { type: 'receipt', id: 'jti:rec_abc123' },\n * outcome: { success: true, result: 'issued' },\n * });\n * ```\n /\nexport function createAuditEntry(options: CreateAuditEntryOptions): AuditEntry {\n const entry: AuditEntry = {\n version: AUDIT_VERSION,\n id: options.id ?? generateAuditId(),\n event_type: options.event_type,\n timestamp: options.timestamp ?? new Date().toISOString(),\n severity: options.severity ?? 'info',\n actor: options.actor,\n resource: options.resource,\n outcome: options.outcome,\n };\n\n if (options.trace) {\n entry.trace = options.trace;\n }\n\n if (options.context) {\n entry.context = options.context;\n }\n\n if (options.dispute_ref) {\n entry.dispute_ref = options.dispute_ref;\n }\n\n return entry;\n}\n\n/\n Validation result type.\n /\nexport interface ValidationResult {\n valid: boolean;\n errors: string[];\n}\n\n/\n Validate an audit entry.\n \n @param entry - Entry to validate\n * @returns Validation result with any errors\n /\nexport function validateAuditEntry(entry: unknown): ValidationResult {\n const errors: string[] = [];\n\n if (!entry \|\| typeof entry !== 'object') {\n return { valid: false, errors: ['Entry must be an object'] };\n }\n\n const e = entry as Record<string, unknown>;\n\n // Version check\n if (e.version !== AUDIT_VERSION) {\n errors.push(`Invalid version: expected \"${AUDIT_VERSION}\", got \"${e.version}\"`);\n }\n\n // ID check\n if (typeof e.id !== 'string' \|\| !isValidUlid(e.id)) {\n errors.push('Invalid or missing id (must be ULID format)');\n }\n\n // Event type check\n if (!AUDIT_EVENT_TYPES.includes(e.event_type as AuditEventType)) {\n errors.push(`Invalid event_type: \"${e.event_type}\"`);\n }\n\n // Timestamp check\n if (typeof e.timestamp !== 'string' \|\| isNaN(Date.parse(e.timestamp))) {\n errors.push('Invalid or missing timestamp (must be ISO 8601)');\n }\n\n // Severity check\n if (!AUDIT_SEVERITIES.includes(e.severity as AuditSeverity)) {\n errors.push(`Invalid severity: \"${e.severity}\"`);\n }\n\n // Actor check\n if (!e.actor \|\| typeof e.actor !== 'object') {\n errors.push('Missing or invalid actor');\n } else {\n const actor = e.actor as Record<string, unknown>;\n if (!['user', 'agent', 'system'].includes(actor.type as string)) {\n errors.push(`Invalid actor.type: \"${actor.type}\"`);\n }\n if (typeof actor.id !== 'string' \|\| actor.id.length === 0) {\n errors.push('Actor must have non-empty id');\n }\n }\n\n // Resource check\n if (!e.resource \|\| typeof e.resource !== 'object') {\n errors.push('Missing or invalid resource');\n } else {\n const resource = e.resource as Record<string, unknown>;\n const validTypes = ['receipt', 'attribution', 'identity', 'policy', 'dispute', 'content'];\n if (!validTypes.includes(resource.type as string)) {\n errors.push(`Invalid resource.type: \"${resource.type}\"`);\n }\n if (typeof resource.id !== 'string' \|\| resource.id.length === 0) {\n errors.push('Resource must have non-empty id');\n }\n }\n\n // Outcome check\n if (!e.outcome \|\| typeof e.outcome !== 'object') {\n errors.push('Missing or invalid outcome');\n } else {\n const outcome = e.outcome as Record<string, unknown>;\n if (typeof outcome.success !== 'boolean') {\n errors.push('Outcome must have boolean success field');\n }\n }\n\n // Trace check (optional but must be valid if present)\n if (e.trace) {\n if (!isValidTraceContext(e.trace as TraceContext)) {\n errors.push('Invalid trace context format');\n }\n }\n\n // Dispute ref check (optional but must be valid ULID if present)\n if (e.dispute_ref) {\n if (typeof e.dispute_ref !== 'string' \|\| !isValidUlid(e.dispute_ref)) {\n errors.push('Invalid dispute_ref (must be ULID format)');\n }\n }\n\n return {\n valid: errors.length === 0,\n errors,\n };\n}\n\n/\n Check if an object is a valid audit entry.\n \n @param entry - Object to check\n * @returns True if valid\n /\nexport function isValidAuditEntry(entry: unknown): entry is AuditEntry {\n return validateAuditEntry(entry).valid;\n}\n","/\n JSONL Formatting and Parsing (v0.9.27+)\n \n JSONL (JSON Lines) is the normative format for PEAC audit logs.\n * Each line is a complete, valid JSON object representing one audit entry.\n \n @see https://jsonlines.org/\n /\n\nimport type { AuditEntry, JsonlOptions, JsonlParseOptions } from './types.js';\nimport { isValidAuditEntry } from './entry.js';\n\n/\n Format an audit entry to a single JSONL line.\n \n @param entry - Audit entry to format\n * @param options - Formatting options\n * @returns JSON string (single line unless pretty=true)\n \n @example\n * ```typescript\n * const line = formatJsonlLine(entry);\n * // '{\"version\":\"peac.audit/0.9\",\"id\":\"01ARZ...\",\"event_type\":\"receipt_issued\",...}'\n * ```\n /\nexport function formatJsonlLine(entry: AuditEntry, options?: JsonlOptions): string {\n if (options?.pretty) {\n return JSON.stringify(entry, null, 2);\n }\n return JSON.stringify(entry);\n}\n\n/\n Format multiple audit entries to JSONL format.\n \n @param entries - Array of audit entries\n * @param options - Formatting options\n * @returns JSONL string (one entry per line)\n \n @example\n * ```typescript\n * const jsonl = formatJsonl(entries);\n * // '{\"version\":\"peac.audit/0.9\",...}\\n{\"version\":\"peac.audit/0.9\",...}'\n * ```\n /\nexport function formatJsonl(entries: AuditEntry[], options?: JsonlOptions): string {\n const lines = entries.map((entry) => formatJsonlLine(entry, { pretty: false }));\n const result = lines.join('\\n');\n\n if (options?.trailingNewline && result.length > 0) {\n return result + '\\n';\n }\n\n return result;\n}\n\n/\n Parse result for a single JSONL line.\n /\nexport interface JsonlParseLineResult {\n ok: true;\n entry: AuditEntry;\n lineNumber: number;\n}\n\n/\n Parse error for a single JSONL line.\n /\nexport interface JsonlParseLineError {\n ok: false;\n error: string;\n lineNumber: number;\n raw?: string;\n}\n\n/\n Parse a single JSONL line.\n \n @param line - JSON string to parse\n * @param lineNumber - Line number for error reporting\n * @returns Parse result with entry or error\n /\nexport function parseJsonlLine(\n line: string,\n lineNumber: number = 1\n): JsonlParseLineResult \| JsonlParseLineError {\n const trimmed = line.trim();\n\n // Skip empty lines\n if (trimmed.length === 0) {\n return {\n ok: false,\n error: 'Empty line',\n lineNumber,\n };\n }\n\n try {\n const parsed = JSON.parse(trimmed);\n\n if (!isValidAuditEntry(parsed)) {\n return {\n ok: false,\n error: 'Invalid audit entry structure',\n lineNumber,\n raw: trimmed.length > 100 ? trimmed.substring(0, 100) + '...' : trimmed,\n };\n }\n\n return {\n ok: true,\n entry: parsed,\n lineNumber,\n };\n } catch (e) {\n return {\n ok: false,\n error: e instanceof Error ? e.message : 'JSON parse error',\n lineNumber,\n raw: trimmed.length > 100 ? trimmed.substring(0, 100) + '...' : trimmed,\n };\n }\n}\n\n/\n Parse result for JSONL content.\n /\nexport interface JsonlParseResult {\n /* Successfully parsed entries /\n entries: AuditEntry[];\n\n /* Parse errors (if skipInvalid=true) /\n errors: JsonlParseLineError[];\n\n /* Total lines processed /\n totalLines: number;\n\n /* Lines successfully parsed /\n successCount: number;\n\n /* Lines that failed to parse /\n errorCount: number;\n}\n\n/\n Parse JSONL content to audit entries.\n \n @param content - JSONL string content\n * @param options - Parsing options\n * @returns Parse result with entries and errors\n \n @example\n * ```typescript\n * const result = parseJsonl(jsonlContent, { skipInvalid: true });\n * console.log(`Parsed ${result.successCount}/${result.totalLines} entries`);\n * ```\n /\nexport function parseJsonl(content: string, options?: JsonlParseOptions): JsonlParseResult {\n const lines = content.split('\\n');\n const entries: AuditEntry[] = [];\n const errors: JsonlParseLineError[] = [];\n const maxLines = options?.maxLines ?? 0;\n let processed = 0;\n\n for (let i = 0; i < lines.length; i++) {\n const line = lines[i];\n const lineNumber = i + 1;\n\n // Skip empty lines\n if (line.trim().length === 0) {\n continue;\n }\n\n // Check max lines limit\n if (maxLines > 0 && processed >= maxLines) {\n break;\n }\n\n processed++;\n\n const result = parseJsonlLine(line, lineNumber);\n\n if (result.ok) {\n entries.push(result.entry);\n } else {\n if (options?.skipInvalid) {\n errors.push(result);\n } else {\n // Return immediately on first error if not skipping\n return {\n entries,\n errors: [result],\n totalLines: processed,\n successCount: entries.length,\n errorCount: 1,\n };\n }\n }\n }\n\n return {\n entries,\n errors,\n totalLines: processed,\n successCount: entries.length,\n errorCount: errors.length,\n };\n}\n\n/\n Stream-friendly JSONL line appender.\n \n Creates a function that appends audit entries to a string buffer\n * in JSONL format, suitable for streaming to files or network.\n \n @param options - Formatting options\n * @returns Appender function\n \n @example\n * ```typescript\n * const appender = createJsonlAppender();\n * for (const entry of entries) {\n * const line = appender(entry);\n * await stream.write(line);\n * }\n * ```\n /\nexport function createJsonlAppender(options?: JsonlOptions): (entry: AuditEntry) => string {\n return (entry: AuditEntry): string => {\n const line = formatJsonlLine(entry, { pretty: false });\n return line + '\\n';\n };\n}\n","/\n Case Bundle Generation (v0.9.27+)\n \n Case bundles collect related audit entries for dispute resolution.\n * They provide a comprehensive view of all events related to a dispute.\n /\n\nimport type {\n AuditEntry,\n AuditSeverity,\n CaseBundle,\n CaseBundleSummary,\n CreateCaseBundleOptions,\n} from './types.js';\n\n/* PEAC case bundle format version /\nexport const BUNDLE_VERSION = 'peac.bundle/0.9' as const;\n\n/\n Create a case bundle from audit entries.\n \n @param options - Bundle creation options\n * @returns A CaseBundle with entries and summary\n \n @example\n * ```typescript\n * const bundle = createCaseBundle({\n * dispute_ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * generated_by: 'https://platform.example.com',\n * entries: auditEntries,\n * });\n * ```\n /\nexport function createCaseBundle(options: CreateCaseBundleOptions): CaseBundle {\n // Sort entries chronologically\n const sortedEntries = [...options.entries].sort(\n (a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()\n );\n\n // Collect unique trace IDs\n const traceIds = new Set<string>();\n for (const entry of sortedEntries) {\n if (entry.trace?.trace_id) {\n traceIds.add(entry.trace.trace_id);\n }\n }\n\n // Generate summary\n const summary = generateBundleSummary(sortedEntries);\n\n return {\n version: BUNDLE_VERSION,\n dispute_ref: options.dispute_ref,\n generated_at: new Date().toISOString(),\n generated_by: options.generated_by,\n entries: sortedEntries,\n trace_ids: Array.from(traceIds),\n summary,\n };\n}\n\n/\n Generate summary statistics for a set of audit entries.\n \n @param entries - Sorted audit entries\n * @returns Summary statistics\n /\nexport function generateBundleSummary(entries: AuditEntry[]): CaseBundleSummary {\n // Count by event type\n const byEventType: Record<string, number> = {};\n for (const entry of entries) {\n byEventType[entry.event_type] = (byEventType[entry.event_type] ?? 0) + 1;\n }\n\n // Count by severity\n const bySeverity: Record<AuditSeverity, number> = {\n info: 0,\n warn: 0,\n error: 0,\n critical: 0,\n };\n for (const entry of entries) {\n bySeverity[entry.severity]++;\n }\n\n // Collect unique actors and resources\n const actors = new Set<string>();\n const resources = new Set<string>();\n for (const entry of entries) {\n actors.add(`${entry.actor.type}:${entry.actor.id}`);\n resources.add(`${entry.resource.type}:${entry.resource.id}`);\n }\n\n // First and last timestamps\n const firstEvent = entries.length > 0 ? entries[0].timestamp : '';\n const lastEvent = entries.length > 0 ? entries[entries.length - 1].timestamp : '';\n\n return {\n entry_count: entries.length,\n by_event_type: byEventType,\n by_severity: bySeverity,\n first_event: firstEvent,\n last_event: lastEvent,\n actor_count: actors.size,\n resource_count: resources.size,\n };\n}\n\n/\n Filter entries by dispute reference.\n \n @param entries - All audit entries\n * @param disputeRef - Dispute reference to filter by\n * @returns Entries related to the dispute\n /\nexport function filterByDispute(entries: AuditEntry[], disputeRef: string): AuditEntry[] {\n return entries.filter((entry) => entry.dispute_ref === disputeRef);\n}\n\n/\n Filter entries by trace ID.\n \n @param entries - All audit entries\n * @param traceId - Trace ID to filter by\n * @returns Entries with matching trace ID\n /\nexport function filterByTraceId(entries: AuditEntry[], traceId: string): AuditEntry[] {\n return entries.filter((entry) => entry.trace?.trace_id === traceId);\n}\n\n/\n Filter entries by time range.\n \n @param entries - All audit entries\n * @param start - Start of time range (ISO 8601)\n * @param end - End of time range (ISO 8601)\n * @returns Entries within the time range (inclusive)\n /\nexport function filterByTimeRange(entries: AuditEntry[], start: string, end: string): AuditEntry[] {\n const startTime = new Date(start).getTime();\n const endTime = new Date(end).getTime();\n\n return entries.filter((entry) => {\n const entryTime = new Date(entry.timestamp).getTime();\n return entryTime >= startTime && entryTime <= endTime;\n });\n}\n\n/\n Filter entries by resource.\n \n @param entries - All audit entries\n * @param resourceType - Resource type to filter by\n * @param resourceId - Resource ID (optional, filters by type only if not provided)\n * @returns Entries affecting the specified resource\n /\nexport function filterByResource(\n entries: AuditEntry[],\n resourceType: string,\n resourceId?: string\n): AuditEntry[] {\n return entries.filter((entry) => {\n if (entry.resource.type !== resourceType) {\n return false;\n }\n if (resourceId && entry.resource.id !== resourceId) {\n return false;\n }\n return true;\n });\n}\n\n/\n Correlation result for trace analysis.\n /\nexport interface TraceCorrelation {\n /* Trace ID /\n trace_id: string;\n\n /* Entries in this trace /\n entries: AuditEntry[];\n\n /* Span IDs in this trace /\n span_ids: string[];\n\n /* Time span (first to last entry) in milliseconds /\n duration_ms: number;\n}\n\n/\n Correlate entries by trace ID.\n \n Groups entries by their trace ID and computes correlation metrics.\n \n @param entries - Audit entries with trace context\n * @returns Array of trace correlations\n /\nexport function correlateByTrace(entries: AuditEntry[]): TraceCorrelation[] {\n // Group by trace ID\n const byTrace = new Map<string, AuditEntry[]>();\n\n for (const entry of entries) {\n if (entry.trace?.trace_id) {\n const existing = byTrace.get(entry.trace.trace_id) ?? [];\n existing.push(entry);\n byTrace.set(entry.trace.trace_id, existing);\n }\n }\n\n // Build correlations\n const correlations: TraceCorrelation[] = [];\n\n for (const [traceId, traceEntries] of byTrace) {\n // Sort by timestamp\n const sorted = [...traceEntries].sort(\n (a, b) => new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()\n );\n\n // Collect unique span IDs\n const spanIds = new Set<string>();\n for (const entry of sorted) {\n if (entry.trace?.span_id) {\n spanIds.add(entry.trace.span_id);\n }\n }\n\n // Calculate duration\n const firstTime = new Date(sorted[0].timestamp).getTime();\n const lastTime = new Date(sorted[sorted.length - 1].timestamp).getTime();\n\n correlations.push({\n trace_id: traceId,\n entries: sorted,\n span_ids: Array.from(spanIds),\n duration_ms: lastTime - firstTime,\n });\n }\n\n return correlations;\n}\n\n/\n Serialize a case bundle to JSON.\n \n @param bundle - Case bundle to serialize\n * @param pretty - Pretty print (default: false)\n * @returns JSON string\n /\nexport function serializeBundle(bundle: CaseBundle, pretty: boolean = false): string {\n if (pretty) {\n return JSON.stringify(bundle, null, 2);\n }\n return JSON.stringify(bundle);\n}\n","/\n Dispute Bundle Types (v0.9.30+)\n \n DisputeBundle is a ZIP archive containing receipts, keys, and policy\n * for offline verification and audit. Distinct from CaseBundle (JSONL).\n \n Key design principles:\n * 1. ZIP is transport container, not what we hash\n * 2. Deterministic integrity at content layer (JCS-canonicalized manifest)\n * 3. receipts.ndjson format for determinism + streaming\n * 4. bundle.sig for authenticity\n /\n\n/\n Bundle format version.\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern.\n * The `kind` field distinguishes bundle types (dispute, audit, etc.).\n /\nexport const BUNDLE_VERSION = 'peac-bundle/0.1' as const;\n\n/\n @deprecated Use BUNDLE_VERSION instead. Will be removed in v1.0.\n /\nexport const DISPUTE_BUNDLE_VERSION = BUNDLE_VERSION;\n\n/\n Verification report format version.\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern.\n /\nexport const VERIFICATION_REPORT_VERSION = 'peac-verification-report/0.1' as const;\n\n/\n Bundle kind - identifies the purpose of the bundle.\n /\nexport type BundleKind = 'dispute' \| 'audit' \| 'archive';\n\n/\n File entry in the bundle manifest.\n * Each file has a SHA-256 hash for integrity verification.\n /\nexport interface ManifestFileEntry {\n /* Relative path within the bundle (e.g., \"receipts.ndjson\", \"keys/keys.json\") /\n path: string;\n\n /* SHA-256 hash of file contents (hex-encoded, lowercase) /\n sha256: string;\n\n /* File size in bytes /\n size: number;\n}\n\n/\n Receipt entry in the manifest.\n * Provides receipt metadata for ordering and lookup.\n /\nexport interface ManifestReceiptEntry {\n /* Receipt ID (from claims.jti) /\n receipt_id: string;\n\n /* When the receipt was issued (ISO 8601) /\n issued_at: string;\n\n /* SHA-256 hash of the JWS bytes (for deduplication and ordering) /\n receipt_hash: string;\n}\n\n/\n Key entry in the manifest.\n * Maps key IDs to their algorithms.\n /\nexport interface ManifestKeyEntry {\n /* Key ID (kid from JWK) /\n kid: string;\n\n /* Key algorithm (e.g., \"EdDSA\") /\n alg: string;\n}\n\n/\n Bundle time range.\n * All receipts must have issued_at within this range.\n /\nexport interface BundleTimeRange {\n /* Earliest receipt issued_at (ISO 8601) /\n start: string;\n\n /* Latest receipt issued_at (ISO 8601) /\n end: string;\n}\n\n/\n Bundle reference - identifies what this bundle is for.\n * Format: sha256:<hex> for hash-based refs, or ULID/UUID for ID refs.\n /\nexport interface BundleRef {\n /* Reference type /\n type: 'dispute' \| 'receipt' \| 'audit_case' \| 'external';\n\n /* Reference ID (ULID, UUID, or sha256:<hex> hash) /\n id: string;\n}\n\n/\n Bundle manifest (manifest.json).\n \n The manifest is the source of truth for bundle integrity.\n * `content_hash` is sha256:<hex> of JCS(manifest without content_hash).\n /\nexport interface DisputeBundleManifest {\n /* Bundle format version (peac-bundle/0.1) /\n version: typeof BUNDLE_VERSION;\n\n /* Bundle kind - what type of bundle this is /\n kind: BundleKind;\n\n /* Unique bundle identifier (ULID) /\n bundle_id: string;\n\n /* What this bundle references (replaces dispute_ref) /\n refs: BundleRef[];\n\n /\n @deprecated Use refs instead. Will be removed in v1.0.\n * Dispute reference this bundle is for (ULID)\n /\n dispute_ref?: string;\n\n /* Who created the bundle (URI) /\n created_by: string;\n\n /* When the bundle was created (ISO 8601) /\n created_at: string;\n\n /* Time range covered by receipts /\n time_range: BundleTimeRange;\n\n /* Receipt entries (sorted by issued_at, then receipt_id, then receipt_hash) /\n receipts: ManifestReceiptEntry[];\n\n /* Key entries (sorted by kid) /\n keys: ManifestKeyEntry[];\n\n /* All files in the bundle (sorted by path) /\n files: ManifestFileEntry[];\n\n /* sha256:<hex> hash of policy.yaml if included /\n policy_hash?: string;\n\n /\n sha256:<hex> hash of peac.txt file if included.\n \n Enables offline policy binding verification: verifiers can compare this\n * hash against the policy digest in Wire 0.2 receipts to confirm the policy\n * in effect at issuance time matches what is bundled.\n \n Bundle path: policy/peac.txt (locked convention).\n /\n peac_txt_hash?: string;\n\n /* sha256:<hex> of JCS(manifest without content_hash) - deterministic bundle hash /\n content_hash: string;\n}\n\n/\n Options for creating a dispute bundle.\n /\nexport interface CreateDisputeBundleOptions {\n /* Bundle kind (defaults to 'dispute') /\n kind?: BundleKind;\n\n /* Bundle references (what this bundle is for) /\n refs?: BundleRef[];\n\n /\n @deprecated Use refs instead. Will be removed in v1.0.\n * Dispute reference (ULID)\n /\n dispute_ref?: string;\n\n /* Who is creating the bundle (URI) /\n created_by: string;\n\n /* Receipt JWS strings to include /\n receipts: string[];\n\n /* JWKS containing public keys for verification /\n keys: JsonWebKeySet;\n\n /* Optional policy YAML content /\n policy?: string;\n\n /\n Optional peac.txt file content.\n \n If provided, stored as policy/peac.txt in the bundle and its SHA-256\n * hash is recorded in the manifest as peac_txt_hash.\n \n Bundle path: policy/peac.txt (locked convention).\n /\n peac_txt?: string;\n\n /* Optional bundle ID (generated if not provided) /\n bundle_id?: string;\n\n /* Optional created_at timestamp (for deterministic fixtures) /\n created_at?: string;\n\n /* Optional signing key for bundle.sig (Ed25519 private key, 32 bytes) /\n signing_key?: Uint8Array;\n\n /* Key ID for bundle.sig (required if signing_key is provided) /\n signing_kid?: string;\n}\n\n/\n JSON Web Key Set (JWKS) structure.\n /\nexport interface JsonWebKeySet {\n keys: JsonWebKey[];\n}\n\n/\n JSON Web Key (JWK) with required fields for PEAC.\n /\nexport interface JsonWebKey {\n /* Key type (e.g., \"OKP\" for Ed25519) /\n kty: string;\n\n /* Key ID /\n kid: string;\n\n /* Algorithm (e.g., \"EdDSA\") /\n alg?: string;\n\n /* Curve (e.g., \"Ed25519\") /\n crv?: string;\n\n /* Public key (base64url) /\n x?: string;\n\n /* Key use (e.g., \"sig\") /\n use?: string;\n\n /* Additional properties /\n [key: string]: unknown;\n}\n\n/\n Result of reading a dispute bundle.\n /\nexport interface DisputeBundleContents {\n /* Parsed manifest /\n manifest: DisputeBundleManifest;\n\n /* Receipt JWS strings by receipt_id /\n receipts: Map<string, string>;\n\n /* JWKS containing all keys /\n keys: JsonWebKeySet;\n\n /* Policy content if present /\n policy?: string;\n\n /* peac.txt file content if present /\n peac_txt?: string;\n\n /* bundle.sig JWS if present /\n bundle_sig?: string;\n}\n\n/\n Receipt verification result.\n /\nexport interface ReceiptVerificationResult {\n /* Receipt ID /\n receipt_id: string;\n\n /* Whether signature is valid /\n signature_valid: boolean;\n\n /* Whether claims are valid /\n claims_valid: boolean;\n\n /* Key ID used to sign /\n key_id?: string;\n\n /* Error codes if invalid /\n errors: string[];\n\n /* Parsed claims if valid /\n claims?: Record<string, unknown>;\n}\n\n/\n Key usage tracking.\n /\nexport interface KeyUsageEntry {\n /* Key ID /\n kid: string;\n\n /* Number of receipts signed with this key /\n receipts_signed: number;\n\n /* Receipt IDs signed with this key /\n receipt_ids: string[];\n}\n\n/\n Auditor-friendly summary.\n /\nexport interface AuditorSummary {\n /* One-line headline (e.g., \"17/20 receipts valid\") /\n headline: string;\n\n /* List of issues found /\n issues: string[];\n\n /* Recommendation based on findings /\n recommendation: 'valid' \| 'invalid' \| 'needs_review';\n}\n\n/\n Bundle signature verification result.\n /\nexport interface BundleSignatureResult {\n /* Whether bundle.sig was present /\n present: boolean;\n\n /* Whether the signature is valid (only set if present) /\n valid?: boolean;\n\n /* Key ID used to sign the bundle (only set if present) /\n key_id?: string;\n\n /* Error if signature verification failed /\n error?: string;\n}\n\n/\n Deterministic verification report.\n \n This is the canonical output format for bundle verification.\n * `report_hash` is SHA-256 of JCS(report without report_hash).\n /\nexport interface VerificationReport {\n /* Report format version /\n version: typeof VERIFICATION_REPORT_VERSION;\n\n /* Bundle content hash (from manifest) /\n bundle_content_hash: string;\n\n /* Bundle signature verification result /\n bundle_signature: BundleSignatureResult;\n\n /* Summary counts /\n summary: {\n total_receipts: number;\n valid: number;\n invalid: number;\n };\n\n /* Individual receipt results (sorted by receipt_id) /\n receipts: ReceiptVerificationResult[];\n\n /* Keys used in verification (sorted by kid) /\n keys_used: KeyUsageEntry[];\n\n /* Human-friendly summary /\n auditor_summary: AuditorSummary;\n\n /* SHA-256 of JCS(report without report_hash) - deterministic report hash /\n report_hash: string;\n}\n\n/\n Options for bundle verification.\n /\nexport interface VerifyBundleOptions {\n /* Use only keys from the bundle (no external key fetching) /\n offline: boolean;\n\n /* Custom time for validation (defaults to now) /\n now?: Date;\n}\n\n/\n Bundle read/write error.\n /\nexport interface BundleError {\n /* Error code (E_BUNDLE_) /\n code: string;\n\n /** Human-readable message /\n message: string;\n\n /* Additional context /\n details?: Record<string, unknown>;\n}\n\n/\n Result type for bundle operations.\n /\nexport type BundleResult<T> = { ok: true; value: T } \| { ok: false; error: BundleError };\n","/\n Dispute Bundle (v0.9.30+)\n \n DisputeBundle is a ZIP archive containing receipts, keys, and policy\n * for offline verification and audit.\n \n Key design principles:\n * 1. ZIP is transport container, not what we hash - deterministic integrity at content layer\n * 2. bundle.sig provides authenticity (JWS over content_hash)\n * 3. receipts.ndjson format for determinism + streaming\n * 4. Real Ed25519 signature verification\n /\n\nimport { createHash } from 'node:crypto';\nimport { posix as pathPosix } from 'node:path';\nimport { canonicalize } from '@peac/crypto';\nimport { BUNDLE_ERRORS } from '@peac/kernel';\nimport as yazl from 'yazl';\nimport * as yauzl from 'yauzl';\n\nimport type {\n BundleError,\n BundleResult,\n BundleTimeRange,\n CreateDisputeBundleOptions,\n DisputeBundleContents,\n DisputeBundleManifest,\n JsonWebKey,\n JsonWebKeySet,\n ManifestFileEntry,\n ManifestKeyEntry,\n ManifestReceiptEntry,\n} from './dispute-bundle-types.js';\n\nimport { BUNDLE_VERSION, type BundleKind, type BundleRef } from './dispute-bundle-types.js';\n\n// ============================================================================\n// Constants and Limits (DoS protection)\n// ============================================================================\n\n/** Maximum number of entries in a bundle ZIP /\nconst MAX_ZIP_ENTRIES = 10000;\n\n/* Maximum uncompressed size per entry (64MB) /\nconst MAX_ENTRY_SIZE = 64 1024 * 1024;\n\n/** Maximum total uncompressed size (512MB) /\nconst MAX_TOTAL_SIZE = 512 1024 * 1024;\n\n/** Maximum receipts in a bundle /\nconst MAX_RECEIPTS = 10000;\n\n/* Allowed path prefixes in bundle /\nconst ALLOWED_PATHS = ['manifest.json', 'bundle.sig', 'receipts.ndjson', 'keys/', 'policy/'];\n\n// ============================================================================\n// Error Codes (from @peac/kernel - generated from specs/kernel/errors.json)\n// ============================================================================\n\n/\n Re-export BUNDLE_ERRORS as BundleErrorCodes for backwards compatibility\n * @deprecated Use BUNDLE_ERRORS from @peac/kernel directly\n /\nexport const BundleErrorCodes = BUNDLE_ERRORS;\n\n// ============================================================================\n// Utilities\n// ============================================================================\n\n/* Crockford's Base32 alphabet for ULID /\nconst ULID_ALPHABET = '0123456789ABCDEFGHJKMNPQRSTVWXYZ';\n\n/\n Generate a spec-compliant ULID (Universally Unique Lexicographically Sortable Identifier)\n \n ULID format: 26 characters using Crockford's Base32\n * - 10 chars timestamp (48 bits, ms since Unix epoch) - lexicographically sortable\n * - 16 chars randomness (80 bits from crypto.randomBytes)\n \n @see https://github.com/ulid/spec\n /\nfunction generateBundleId(): string {\n const timestamp = Date.now();\n\n // Encode 48-bit timestamp as 10 Crockford Base32 characters\n // Each character encodes 5 bits, but we encode from most significant\n const timestampChars: string[] = [];\n let ts = timestamp;\n for (let i = 9; i >= 0; i--) {\n timestampChars[i] = ULID_ALPHABET[ts % 32];\n ts = Math.floor(ts / 32);\n }\n\n // Generate 80 bits of randomness (16 Crockford Base32 characters)\n // Use crypto.randomBytes for cryptographic randomness\n const { randomBytes: cryptoRandomBytes } = require('node:crypto') as typeof import('node:crypto');\n const randBytes = cryptoRandomBytes(10); // 80 bits = 10 bytes\n const randomChars: string[] = [];\n\n // Encode 10 bytes as 16 base32 characters\n // Each base32 char = 5 bits, so we need to carefully extract 5-bit groups\n // We'll use BigInt for clean 80-bit handling\n let randomValue = BigInt(0);\n for (let i = 0; i < 10; i++) {\n randomValue = (randomValue << BigInt(8)) \| BigInt(randBytes[i]);\n }\n\n // Extract 16 characters (5 bits each) from the 80-bit value\n for (let i = 15; i >= 0; i--) {\n randomChars[i] = ULID_ALPHABET[Number(randomValue & BigInt(0x1f))];\n randomValue = randomValue >> BigInt(5);\n }\n\n return timestampChars.join('') + randomChars.join('');\n}\n\n/\n Compute SHA-256 hash of data with self-describing format.\n * Returns `sha256:<64 lowercase hex chars>` format.\n /\nfunction sha256Hex(data: string \| Buffer): string {\n const hash = createHash('sha256');\n hash.update(data);\n return `sha256:${hash.digest('hex')}`;\n}\n\n/* Decode base64url to Buffer /\nfunction base64urlDecode(str: string): Buffer {\n const padded = str + '='.repeat((4 - (str.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n return Buffer.from(base64, 'base64');\n}\n\n/* Parse JWS compact serialization to extract header and payload /\nfunction parseJws(jws: string): {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n signature: Buffer;\n signingInput: string;\n} \| null {\n const parts = jws.split('.');\n if (parts.length !== 3) {\n return null;\n }\n\n try {\n const headerJson = base64urlDecode(parts[0]).toString('utf8');\n const payloadJson = base64urlDecode(parts[1]).toString('utf8');\n return {\n header: JSON.parse(headerJson) as Record<string, unknown>,\n payload: JSON.parse(payloadJson) as Record<string, unknown>,\n signature: base64urlDecode(parts[2]),\n signingInput: `${parts[0]}.${parts[1]}`,\n };\n } catch {\n return null;\n }\n}\n\n/* Create a bundle error /\nfunction bundleError(\n code: string,\n message: string,\n details?: Record<string, unknown>\n): BundleError {\n return { code, message, details };\n}\n\n/\n Convert a yauzl ZIP error to the appropriate bundle error.\n * Detects path traversal attempts that yauzl catches and maps them to PATH_TRAVERSAL.\n /\nfunction handleZipError(zipErr: Error): BundleError {\n // Detect yauzl path validation errors and map to PATH_TRAVERSAL\n // yauzl throws \"invalid relative path\" for zip-slip attempts\n const isPathError =\n zipErr.message.includes('invalid relative path') \|\|\n zipErr.message.includes('absolute path') \|\|\n zipErr.message.includes('..') \|\|\n zipErr.message.includes('\\\\');\n\n if (isPathError) {\n return bundleError(BundleErrorCodes.PATH_TRAVERSAL, `Unsafe path in bundle: ${zipErr.message}`);\n }\n return bundleError(BundleErrorCodes.INVALID_FORMAT, `ZIP error: ${zipErr.message}`);\n}\n\n/\n Virtual root for path containment checks.\n * Using a fixed virtual root allows resolve-based containment verification.\n /\nconst VIRTUAL_ROOT = '/bundle';\n\n/\n Validate path for zip-slip and path traversal attacks.\n \n Security measures:\n * 1. Reject backslashes (Windows path separators can bypass Unix checks)\n * 2. Reject null bytes (can bypass string-based checks)\n * 3. Normalize with posix.normalize to handle . and .. components\n * 4. Reject absolute paths (starting with /)\n * 5. Reject paths that escape via .. after normalization\n * 6. Resolve-based containment check (defense in depth)\n * 7. Only allow explicitly whitelisted path prefixes\n /\nfunction isPathSafe(entryPath: string): boolean {\n // Reject backslashes - often used for zip-slip on Unix systems\n // since many ZIP tools will accept both separators\n if (entryPath.includes('\\\\')) return false;\n\n // Reject null bytes (can be used to bypass checks)\n if (entryPath.includes('\\0')) return false;\n\n // Normalize the path to resolve . and .. components\n const normalized = pathPosix.normalize(entryPath);\n\n // After normalization, reject if:\n // - Starts with / (absolute path)\n // - Starts with .. (escapes bundle root)\n // - Is exactly . (current dir, not a valid file)\n if (normalized.startsWith('/')) return false;\n if (normalized.startsWith('..')) return false;\n if (normalized === '.') return false;\n\n // Defense in depth: resolve-based containment check\n // Resolve the path relative to a virtual root and verify it stays contained\n const resolved = pathPosix.resolve(VIRTUAL_ROOT, normalized);\n if (!resolved.startsWith(VIRTUAL_ROOT + '/') && resolved !== VIRTUAL_ROOT) {\n return false;\n }\n\n // Only allow explicitly whitelisted paths\n return ALLOWED_PATHS.some((prefix) => normalized === prefix \|\| normalized.startsWith(prefix));\n}\n\n/* Convert JWK to raw Ed25519 public key bytes /\nfunction jwkToEd25519PublicKey(jwk: JsonWebKey): Buffer \| null {\n if (jwk.kty !== 'OKP' \|\| jwk.crv !== 'Ed25519' \|\| !jwk.x) {\n return null;\n }\n return base64urlDecode(jwk.x);\n}\n\n// ============================================================================\n// Bundle Creation\n// ============================================================================\n\n/\n Create a dispute bundle from receipts, keys, and optional policy.\n /\nexport async function createDisputeBundle(\n options: CreateDisputeBundleOptions\n): Promise<BundleResult<Buffer>> {\n const {\n kind = 'dispute',\n refs,\n dispute_ref,\n created_by,\n receipts,\n keys,\n policy,\n peac_txt,\n bundle_id,\n created_at,\n signing_key,\n signing_kid,\n } = options;\n\n // Build refs from either new refs or deprecated dispute_ref\n const bundleRefs: BundleRef[] =\n refs ?? (dispute_ref ? [{ type: 'dispute', id: dispute_ref }] : []);\n\n // Validate receipts\n if (receipts.length === 0) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.MISSING_RECEIPTS, 'No receipts provided'),\n };\n }\n\n if (receipts.length > MAX_RECEIPTS) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Too many receipts: ${receipts.length} > ${MAX_RECEIPTS}`\n ),\n };\n }\n\n // Validate keys\n if (keys.keys.length === 0) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.MISSING_KEYS, 'No keys provided in JWKS'),\n };\n }\n\n // Parse receipts and detect duplicates\n const receiptEntries: ManifestReceiptEntry[] = [];\n const seenReceiptIds = new Set<string>();\n const ndjsonLines: string[] = [];\n let minIssuedAt: string \| undefined;\n let maxIssuedAt: string \| undefined;\n\n for (let i = 0; i < receipts.length; i++) {\n const jws = receipts[i];\n const parsed = parseJws(jws);\n\n if (!parsed) {\n return {\n ok: false,\n error: bundleError(BundleErrorCodes.RECEIPT_INVALID, `Invalid JWS at index ${i}`),\n };\n }\n\n const claims = parsed.payload;\n const receiptId = claims.jti as string \| undefined;\n const issuedAtRaw = claims.iat as number \| string \| undefined;\n\n if (!receiptId) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPT_INVALID,\n `Receipt at index ${i} missing jti claim`\n ),\n };\n }\n\n // Detect duplicates\n if (seenReceiptIds.has(receiptId)) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.DUPLICATE_RECEIPT,\n `Duplicate receipt ID: ${receiptId}`\n ),\n };\n }\n seenReceiptIds.add(receiptId);\n\n // Convert iat to ISO 8601 string\n let issuedAt: string;\n if (typeof issuedAtRaw === 'number') {\n issuedAt = new Date(issuedAtRaw 1000).toISOString();\n } else if (typeof issuedAtRaw === 'string') {\n issuedAt = issuedAtRaw;\n } else {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPT_INVALID,\n `Receipt ${receiptId} missing or invalid iat claim`\n ),\n };\n }\n\n // Track time range\n if (!minIssuedAt \|\| issuedAt < minIssuedAt) minIssuedAt = issuedAt;\n if (!maxIssuedAt \|\| issuedAt > maxIssuedAt) maxIssuedAt = issuedAt;\n\n // Compute receipt hash (SHA-256 of JWS bytes)\n const receiptHash = sha256Hex(Buffer.from(jws, 'utf8'));\n\n receiptEntries.push({\n receipt_id: receiptId,\n issued_at: issuedAt,\n receipt_hash: receiptHash,\n });\n\n ndjsonLines.push(jws);\n }\n\n // Sort receipts by (issued_at, receipt_id, receipt_hash) for determinism\n const sortedIndices = receiptEntries\n .map((entry, i) => ({ entry, i }))\n .sort((a, b) => {\n if (a.entry.issued_at !== b.entry.issued_at) {\n return a.entry.issued_at.localeCompare(b.entry.issued_at);\n }\n if (a.entry.receipt_id !== b.entry.receipt_id) {\n return a.entry.receipt_id.localeCompare(b.entry.receipt_id);\n }\n return a.entry.receipt_hash.localeCompare(b.entry.receipt_hash);\n });\n\n const sortedReceiptEntries = sortedIndices.map((x) => x.entry);\n const sortedNdjsonLines = sortedIndices.map((x) => ndjsonLines[x.i]);\n\n // Create receipts.ndjson content\n const receiptsNdjson = sortedNdjsonLines.join('\\n') + '\\n';\n const receiptsNdjsonBytes = Buffer.from(receiptsNdjson, 'utf8');\n\n // Process keys\n const keyEntries: ManifestKeyEntry[] = keys.keys.map((key) => ({\n kid: key.kid,\n alg: key.alg ?? 'EdDSA',\n }));\n keyEntries.sort((a, b) => a.kid.localeCompare(b.kid));\n\n const keysJson = JSON.stringify(keys, null, 2);\n const keysBytes = Buffer.from(keysJson, 'utf8');\n\n // Build file entries\n const fileEntries: ManifestFileEntry[] = [\n {\n path: 'receipts.ndjson',\n sha256: sha256Hex(receiptsNdjsonBytes),\n size: receiptsNdjsonBytes.length,\n },\n {\n path: 'keys/keys.json',\n sha256: sha256Hex(keysBytes),\n size: keysBytes.length,\n },\n ];\n\n // Process policy if present\n let policyHash: string \| undefined;\n let policyBytes: Buffer \| undefined;\n\n if (policy) {\n policyBytes = Buffer.from(policy, 'utf8');\n policyHash = sha256Hex(policyBytes);\n fileEntries.push({\n path: 'policy/policy.yaml',\n sha256: policyHash,\n size: policyBytes.length,\n });\n }\n\n // Include peac.txt if provided\n // Bundle path: policy/peac.txt (locked convention)\n let peacTxtBytes: Buffer \| undefined;\n let peacTxtHash: string \| undefined;\n\n if (peac_txt) {\n peacTxtBytes = Buffer.from(peac_txt, 'utf8');\n peacTxtHash = sha256Hex(peacTxtBytes);\n fileEntries.push({\n path: 'policy/peac.txt',\n sha256: peacTxtHash,\n size: peacTxtBytes.length,\n });\n }\n\n // Sort files by path\n fileEntries.sort((a, b) => a.path.localeCompare(b.path));\n\n // Build manifest (without content_hash first)\n const timeRange: BundleTimeRange = {\n start: minIssuedAt!,\n end: maxIssuedAt!,\n };\n\n const manifestWithoutHash: Omit<DisputeBundleManifest, 'content_hash'> = {\n version: BUNDLE_VERSION,\n kind,\n bundle_id: bundle_id ?? generateBundleId(),\n refs: bundleRefs,\n // Include deprecated dispute_ref for backwards compatibility\n dispute_ref: dispute_ref,\n created_by,\n created_at: created_at ?? new Date().toISOString(),\n time_range: timeRange,\n receipts: sortedReceiptEntries,\n keys: keyEntries,\n files: fileEntries,\n };\n\n if (policyHash) {\n (manifestWithoutHash as DisputeBundleManifest).policy_hash = policyHash;\n }\n\n if (peacTxtHash) {\n (manifestWithoutHash as DisputeBundleManifest).peac_txt_hash = peacTxtHash;\n }\n\n // Compute content_hash = SHA-256 of JCS(manifest without content_hash)\n const contentHash = sha256Hex(canonicalize(manifestWithoutHash));\n\n const manifest: DisputeBundleManifest = {\n ...manifestWithoutHash,\n content_hash: contentHash,\n };\n\n // Create ZIP archive\n const zipfile = new yazl.ZipFile();\n\n // Use manifest.created_at as the mtime for all entries to ensure deterministic ZIP output\n // Disable compression to ensure byte-identical output across platforms (zlib implementations vary)\n const mtime = new Date(manifest.created_at);\n const zipOptions = { mtime, compress: false };\n\n // Add manifest.json\n const manifestJson = JSON.stringify(manifest, null, 2);\n zipfile.addBuffer(Buffer.from(manifestJson), 'manifest.json', zipOptions);\n\n // Add receipts.ndjson\n zipfile.addBuffer(receiptsNdjsonBytes, 'receipts.ndjson', zipOptions);\n\n // Add keys\n zipfile.addBuffer(keysBytes, 'keys/keys.json', zipOptions);\n\n // Add policy if present\n if (policyBytes) {\n zipfile.addBuffer(policyBytes, 'policy/policy.yaml', zipOptions);\n }\n\n // Add peac.txt if present\n if (peacTxtBytes) {\n zipfile.addBuffer(peacTxtBytes, 'policy/peac.txt', zipOptions);\n }\n\n // Add bundle.sig if signing key is provided\n if (signing_key && signing_kid) {\n const sigResult = await createBundleSignature(contentHash, signing_key, signing_kid);\n if (!sigResult.ok) {\n return sigResult;\n }\n zipfile.addBuffer(Buffer.from(sigResult.value), 'bundle.sig', zipOptions);\n }\n\n // Finalize and collect the ZIP buffer\n return new Promise((resolve) => {\n const chunks: Buffer[] = [];\n\n zipfile.outputStream\n .on('data', (chunk: Buffer) => chunks.push(chunk))\n .on('end', () => {\n resolve({ ok: true, value: Buffer.concat(chunks) });\n })\n .on('error', (err: Error) => {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to create ZIP: ${err.message}`\n ),\n });\n });\n\n zipfile.end();\n });\n}\n\n/*\n Create bundle.sig JWS over the content_hash\n /\nasync function createBundleSignature(\n contentHash: string,\n privateKey: Uint8Array,\n kid: string\n): Promise<BundleResult<string>> {\n try {\n const { sign } = await import('@peac/crypto');\n const jws = await sign({ content_hash: contentHash }, privateKey, kid);\n return { ok: true, value: jws };\n } catch (err) {\n return {\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIGNATURE_INVALID,\n `Failed to create bundle signature: ${(err as Error).message}`\n ),\n };\n }\n}\n\n// ============================================================================\n// Bundle Reading\n// ============================================================================\n\n/\n Read and parse a dispute bundle from a ZIP buffer.\n /\nexport async function readDisputeBundle(\n zipBuffer: Buffer\n): Promise<BundleResult<DisputeBundleContents>> {\n return new Promise((resolve) => {\n yauzl.fromBuffer(zipBuffer, { lazyEntries: true }, (err, zipfile) => {\n if (err \|\| !zipfile) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to open ZIP: ${err?.message ?? 'unknown error'}`\n ),\n });\n return;\n }\n\n const files = new Map<string, Buffer>();\n let entryCount = 0;\n let totalSize = 0; // Claimed total from ZIP metadata\n let actualTotalBytes = 0; // Actual decompressed bytes (defense-in-depth)\n\n zipfile.on('entry', (entry: yauzl.Entry) => {\n if (/\\/$/.test(entry.fileName)) {\n zipfile.readEntry();\n return;\n }\n\n entryCount++;\n\n // DoS protection: entry count\n if (entryCount > MAX_ZIP_ENTRIES) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Too many ZIP entries: > ${MAX_ZIP_ENTRIES}`\n ),\n });\n return;\n }\n\n // Security: path validation\n if (!isPathSafe(entry.fileName)) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.PATH_TRAVERSAL,\n `Unsafe path in bundle: ${entry.fileName}`\n ),\n });\n return;\n }\n\n // DoS protection: entry size\n if (entry.uncompressedSize > MAX_ENTRY_SIZE) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry too large: ${entry.fileName}`\n ),\n });\n return;\n }\n\n totalSize += entry.uncompressedSize;\n if (totalSize > MAX_TOTAL_SIZE) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Total size exceeded: > ${MAX_TOTAL_SIZE} bytes`\n ),\n });\n return;\n }\n\n zipfile.openReadStream(entry, (readErr, readStream) => {\n if (readErr \|\| !readStream) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to read ${entry.fileName}`\n ),\n });\n return;\n }\n\n const chunks: Buffer[] = [];\n let actualBytes = 0;\n const entryBudget = entry.uncompressedSize > 0 ? entry.uncompressedSize : MAX_ENTRY_SIZE;\n\n readStream.on('data', (chunk: Buffer) => {\n actualBytes += chunk.length;\n actualTotalBytes += chunk.length;\n\n // Defense-in-depth: Track actual decompressed bytes, not just ZIP metadata.\n // A malicious ZIP can claim small uncompressedSize but decompress to much more.\n if (actualBytes > MAX_ENTRY_SIZE) {\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry exceeds size limit during decompression: ${entry.fileName}`,\n { claimed: entry.uncompressedSize, actual: actualBytes, limit: MAX_ENTRY_SIZE }\n ),\n });\n return;\n }\n\n // Defense-in-depth: Track actual total decompressed bytes across all entries\n if (actualTotalBytes > MAX_TOTAL_SIZE) {\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Total decompressed size exceeds limit: ${actualTotalBytes} > ${MAX_TOTAL_SIZE}`,\n { actual: actualTotalBytes, limit: MAX_TOTAL_SIZE }\n ),\n });\n return;\n }\n\n // Also check against claimed size (detect zip bombs with false metadata)\n if (entry.uncompressedSize > 0 && actualBytes > entry.uncompressedSize 2) {\n // Allow 2x tolerance for edge cases, but catch gross violations\n readStream.destroy();\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.SIZE_EXCEEDED,\n `Entry decompressed size exceeds claimed size: ${entry.fileName}`,\n { claimed: entry.uncompressedSize, actual: actualBytes }\n ),\n });\n return;\n }\n\n chunks.push(chunk);\n });\n\n readStream.on('end', () => {\n files.set(entry.fileName, Buffer.concat(chunks));\n zipfile.readEntry();\n });\n readStream.on('error', (streamErr: Error) => {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Stream error: ${streamErr.message}`\n ),\n });\n });\n });\n });\n\n zipfile.on('end', () => {\n processExtractedFiles(files, resolve);\n });\n\n zipfile.on('error', (zipErr: Error) => {\n resolve({\n ok: false,\n error: handleZipError(zipErr),\n });\n });\n\n zipfile.readEntry();\n });\n });\n}\n\n/*\n Process extracted files and validate bundle integrity\n /\nfunction processExtractedFiles(\n files: Map<string, Buffer>,\n resolve: (result: BundleResult<DisputeBundleContents>) => void\n): void {\n // Parse manifest\n const manifestBuffer = files.get('manifest.json');\n if (!manifestBuffer) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_MISSING, 'manifest.json not found in bundle'),\n });\n return;\n }\n\n let manifest: DisputeBundleManifest;\n try {\n manifest = JSON.parse(manifestBuffer.toString('utf8')) as DisputeBundleManifest;\n } catch (parseErr) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Failed to parse manifest.json: ${(parseErr as Error).message}`\n ),\n });\n return;\n }\n\n // Validate version\n if (manifest.version !== BUNDLE_VERSION) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Unsupported bundle version: ${manifest.version}`,\n { expected: BUNDLE_VERSION, actual: manifest.version }\n ),\n });\n return;\n }\n\n // Verify content_hash\n const { content_hash, ...manifestWithoutHash } = manifest;\n const computedHash = sha256Hex(canonicalize(manifestWithoutHash));\n\n if (computedHash !== content_hash) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n 'Bundle content_hash verification failed',\n { expected: content_hash, computed: computedHash }\n ),\n });\n return;\n }\n\n // Verify file hashes\n for (const fileEntry of manifest.files) {\n const fileBuffer = files.get(fileEntry.path);\n if (!fileBuffer) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.INVALID_FORMAT, `File not found: ${fileEntry.path}`),\n });\n return;\n }\n\n const computedFileHash = sha256Hex(fileBuffer);\n if (computedFileHash !== fileEntry.sha256) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n `File hash mismatch: ${fileEntry.path}`,\n { expected: fileEntry.sha256, computed: computedFileHash }\n ),\n });\n return;\n }\n\n if (fileBuffer.length !== fileEntry.size) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.HASH_MISMATCH,\n `File size mismatch: ${fileEntry.path}`,\n { expected: fileEntry.size, actual: fileBuffer.length }\n ),\n });\n return;\n }\n }\n\n // Parse receipts.ndjson\n const receiptsBuffer = files.get('receipts.ndjson');\n const receipts = new Map<string, string>();\n\n if (receiptsBuffer) {\n const lines = receiptsBuffer.toString('utf8').trim().split('\\n');\n\n // Verify receipts are in deterministic order\n let lastKey = '';\n for (let i = 0; i < lines.length; i++) {\n const jws = lines[i].trim();\n if (!jws) continue;\n\n const parsed = parseJws(jws);\n if (!parsed) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.RECEIPT_INVALID, `Invalid JWS at line ${i + 1}`),\n });\n return;\n }\n\n const receiptId = parsed.payload.jti as string;\n\n // Detect duplicate receipt IDs\n if (receipts.has(receiptId)) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.DUPLICATE_RECEIPT,\n `Duplicate receipt ID in bundle: ${receiptId}`,\n { receipt_id: receiptId, line: i + 1 }\n ),\n });\n return;\n }\n\n const issuedAt =\n typeof parsed.payload.iat === 'number'\n ? new Date(parsed.payload.iat 1000).toISOString()\n : String(parsed.payload.iat);\n const receiptHash = sha256Hex(Buffer.from(jws, 'utf8'));\n\n // Check ordering\n const currentKey = `${issuedAt}\|${receiptId}\|${receiptHash}`;\n if (currentKey < lastKey) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.RECEIPTS_UNORDERED,\n 'receipts.ndjson is not in deterministic order'\n ),\n });\n return;\n }\n lastKey = currentKey;\n\n receipts.set(receiptId, jws);\n }\n }\n\n // Extract keys\n let keys: JsonWebKeySet = { keys: [] };\n const keysBuffer = files.get('keys/keys.json');\n if (keysBuffer) {\n try {\n keys = JSON.parse(keysBuffer.toString('utf8')) as JsonWebKeySet;\n } catch {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_INVALID, 'Failed to parse keys/keys.json'),\n });\n return;\n }\n }\n\n // Extract policy if present\n let policyContent: string \| undefined;\n const policyBuffer = files.get('policy/policy.yaml');\n if (policyBuffer) {\n policyContent = policyBuffer.toString('utf8');\n\n // Verify policy hash if declared\n if (manifest.policy_hash) {\n const computedPolicyHash = sha256Hex(policyBuffer);\n if (computedPolicyHash !== manifest.policy_hash) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.POLICY_HASH_MISMATCH, 'Policy hash mismatch', {\n expected: manifest.policy_hash,\n computed: computedPolicyHash,\n }),\n });\n return;\n }\n }\n }\n\n // Extract peac.txt if present\n let peacTxtContent: string \| undefined;\n const peacTxtBuffer = files.get('policy/peac.txt');\n if (peacTxtBuffer) {\n peacTxtContent = peacTxtBuffer.toString('utf8');\n\n // Verify peac.txt hash if declared\n if (manifest.peac_txt_hash) {\n const computedPeacTxtHash = sha256Hex(peacTxtBuffer);\n if (computedPeacTxtHash !== manifest.peac_txt_hash) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.POLICY_HASH_MISMATCH, 'peac.txt hash mismatch', {\n expected: manifest.peac_txt_hash,\n computed: computedPeacTxtHash,\n }),\n });\n return;\n }\n }\n }\n\n // Extract bundle.sig if present\n let bundleSig: string \| undefined;\n const sigBuffer = files.get('bundle.sig');\n if (sigBuffer) {\n bundleSig = sigBuffer.toString('utf8');\n }\n\n resolve({\n ok: true,\n value: {\n manifest,\n receipts,\n keys,\n policy: policyContent,\n peac_txt: peacTxtContent,\n bundle_sig: bundleSig,\n },\n });\n}\n\n/*\n Verify bundle integrity without verifying receipt signatures.\n /\nexport async function verifyBundleIntegrity(\n zipBuffer: Buffer\n): Promise<BundleResult<{ manifest: DisputeBundleManifest }>> {\n const result = await readDisputeBundle(zipBuffer);\n if (!result.ok) {\n return result;\n }\n return { ok: true, value: { manifest: result.value.manifest } };\n}\n\n/\n Get the content hash of a bundle without fully parsing it.\n /\nexport async function getBundleContentHash(zipBuffer: Buffer): Promise<BundleResult<string>> {\n return new Promise((resolve) => {\n yauzl.fromBuffer(zipBuffer, { lazyEntries: true }, (err, zipfile) => {\n if (err \|\| !zipfile) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.INVALID_FORMAT,\n `Failed to open ZIP: ${err?.message ?? 'unknown'}`\n ),\n });\n return;\n }\n\n let found = false;\n\n zipfile.on('entry', (entry: yauzl.Entry) => {\n if (entry.fileName === 'manifest.json') {\n found = true;\n zipfile.openReadStream(entry, (readErr, readStream) => {\n if (readErr \|\| !readStream) {\n zipfile.close();\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.INVALID_FORMAT, `Failed to read manifest.json`),\n });\n return;\n }\n\n const chunks: Buffer[] = [];\n readStream.on('data', (chunk: Buffer) => chunks.push(chunk));\n readStream.on('end', () => {\n zipfile.close();\n try {\n const manifest = JSON.parse(\n Buffer.concat(chunks).toString('utf8')\n ) as DisputeBundleManifest;\n resolve({ ok: true, value: manifest.content_hash });\n } catch (parseErr) {\n resolve({\n ok: false,\n error: bundleError(\n BundleErrorCodes.MANIFEST_INVALID,\n `Failed to parse manifest.json`\n ),\n });\n }\n });\n });\n } else {\n zipfile.readEntry();\n }\n });\n\n zipfile.on('end', () => {\n if (!found) {\n resolve({\n ok: false,\n error: bundleError(BundleErrorCodes.MANIFEST_MISSING, 'manifest.json not found'),\n });\n }\n });\n\n zipfile.on('error', (zipErr: Error) => {\n resolve({\n ok: false,\n error: handleZipError(zipErr),\n });\n });\n\n zipfile.readEntry();\n });\n });\n}\n\n// Re-export error codes for consumers\nexport { BundleErrorCodes as BUNDLE_ERROR_CODES };\n","/\n Verification Report (v0.9.30+)\n \n Deterministic verification of dispute bundles with JCS-canonicalized reports.\n * The report_hash enables cross-language parity: TS and Go implementations\n * must produce identical hashes for the same bundle verification.\n \n Key design principles:\n * 1. Real Ed25519 signature verification using @peac/crypto\n * 2. No timestamps in deterministic output\n * 3. All arrays sorted by stable keys for reproducibility\n /\n\nimport { createHash } from 'node:crypto';\nimport { canonicalize, verify as verifyJws, CryptoError } from '@peac/crypto';\n\nimport { readDisputeBundle } from './dispute-bundle.js';\nimport { BundleErrorCodes } from './dispute-bundle.js';\nimport type {\n AuditorSummary,\n BundleError,\n BundleResult,\n BundleSignatureResult,\n DisputeBundleContents,\n JsonWebKey,\n KeyUsageEntry,\n ReceiptVerificationResult,\n VerificationReport,\n VerifyBundleOptions,\n} from './dispute-bundle-types.js';\nimport { VERIFICATION_REPORT_VERSION } from './dispute-bundle-types.js';\n\n/\n Compute SHA-256 hash of data with self-describing format.\n * Returns `sha256:<64 lowercase hex chars>` format.\n /\nfunction sha256Hex(data: string \| Buffer): string {\n const hash = createHash('sha256');\n hash.update(data);\n return `sha256:${hash.digest('hex')}`;\n}\n\n/* Decode base64url to Buffer /\nfunction base64urlDecode(str: string): Buffer {\n const padded = str + '='.repeat((4 - (str.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n return Buffer.from(base64, 'base64');\n}\n\n/* Parse JWS to extract header and payload /\nfunction parseJws(jws: string): {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n signature: string;\n} \| null {\n const parts = jws.split('.');\n if (parts.length !== 3) {\n return null;\n }\n\n try {\n const headerJson = base64urlDecode(parts[0]).toString('utf8');\n const payloadJson = base64urlDecode(parts[1]).toString('utf8');\n return {\n header: JSON.parse(headerJson) as Record<string, unknown>,\n payload: JSON.parse(payloadJson) as Record<string, unknown>,\n signature: parts[2],\n };\n } catch {\n return null;\n }\n}\n\n/* Create a bundle error /\nfunction bundleError(\n code: string,\n message: string,\n details?: Record<string, unknown>\n): BundleError {\n return { code, message, details };\n}\n\n/\n Strip undefined values from an object recursively.\n * JCS canonicalization cannot handle undefined values.\n /\nfunction stripUndefined<T>(obj: T): T {\n if (obj === null \|\| obj === undefined) {\n return obj;\n }\n if (Array.isArray(obj)) {\n return obj.map(stripUndefined) as T;\n }\n if (typeof obj === 'object') {\n const result: Record<string, unknown> = {};\n for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {\n if (value !== undefined) {\n result[key] = stripUndefined(value);\n }\n }\n return result as T;\n }\n return obj;\n}\n\n/\n Verify receipt claims (basic validation without cryptographic signature check).\n \n This validates:\n * - Required claims are present (jti, iss, iat)\n * - Timestamps are valid (not expired, not in future)\n \n Note: Signature verification requires access to the signing key and is\n * handled separately. This function focuses on claim validation.\n /\nfunction verifyReceiptClaims(\n payload: Record<string, unknown>,\n now: Date\n): { valid: boolean; errors: string[] } {\n const errors: string[] = [];\n const nowSec = Math.floor(now.getTime() / 1000);\n\n // Required claims\n if (!payload.jti) {\n errors.push('E_RECEIPT_MISSING_JTI');\n }\n\n if (!payload.iss) {\n errors.push('E_RECEIPT_MISSING_ISS');\n }\n\n if (payload.iat === undefined) {\n errors.push('E_RECEIPT_MISSING_IAT');\n } else {\n const iat = typeof payload.iat === 'number' ? payload.iat : NaN;\n if (isNaN(iat)) {\n errors.push('E_RECEIPT_INVALID_IAT');\n } else if (iat > nowSec + 300) {\n // Allow 5 min clock skew\n errors.push('E_RECEIPT_NOT_YET_VALID');\n }\n }\n\n // Check expiry if present\n if (payload.exp !== undefined) {\n const exp = typeof payload.exp === 'number' ? payload.exp : NaN;\n if (isNaN(exp)) {\n errors.push('E_RECEIPT_INVALID_EXP');\n } else if (exp < nowSec) {\n errors.push('E_RECEIPT_EXPIRED');\n }\n }\n\n return {\n valid: errors.length === 0,\n errors,\n };\n}\n\n/\n Find the key ID used to sign a receipt.\n /\nfunction getReceiptKeyId(header: Record<string, unknown>): string \| undefined {\n return typeof header.kid === 'string' ? header.kid : undefined;\n}\n\n/\n Convert JWK to raw Ed25519 public key bytes (32 bytes).\n * Returns null if the JWK is not a valid Ed25519 key.\n /\nfunction jwkToPublicKeyBytes(jwk: JsonWebKey): Uint8Array \| null {\n if (jwk.kty !== 'OKP' \|\| jwk.crv !== 'Ed25519' \|\| !jwk.x) {\n return null;\n }\n // Decode base64url to bytes\n const padded = jwk.x + '='.repeat((4 - (jwk.x.length % 4)) % 4);\n const base64 = padded.replace(/-/g, '+').replace(/_/g, '/');\n const bytes = Buffer.from(base64, 'base64');\n if (bytes.length !== 32) {\n return null;\n }\n return new Uint8Array(bytes);\n}\n\n/\n Find a key by kid in the bundle's JWKS.\n /\nfunction findKey(keys: JsonWebKey[], kid: string): JsonWebKey \| undefined {\n return keys.find((k) => k.kid === kid);\n}\n\n/\n Verify a single receipt with real Ed25519 signature verification.\n \n In offline mode, we use only the keys bundled in the JWKS.\n * All signature verification is cryptographic - not just key presence.\n /\nasync function verifyReceipt(\n receiptId: string,\n jws: string,\n bundleContents: DisputeBundleContents,\n options: VerifyBundleOptions\n): Promise<ReceiptVerificationResult> {\n const parsed = parseJws(jws);\n\n if (!parsed) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_RECEIPT_INVALID_FORMAT'],\n };\n }\n\n const { header, payload } = parsed;\n const keyId = getReceiptKeyId(header);\n const errors: string[] = [];\n\n // Check key ID presence\n if (!keyId) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_RECEIPT_MISSING_KID'],\n };\n }\n\n // Find the key in the bundle's JWKS\n const jwk = findKey(bundleContents.keys.keys, keyId);\n if (!jwk) {\n // Key not found - in offline mode this is fatal\n if (options.offline) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: [BundleErrorCodes.KEY_MISSING],\n };\n }\n // In online mode, we could try to fetch the key, but for now fail\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: [BundleErrorCodes.KEY_MISSING],\n };\n }\n\n // Convert JWK to raw public key bytes\n const publicKeyBytes = jwkToPublicKeyBytes(jwk);\n if (!publicKeyBytes) {\n return {\n receipt_id: receiptId,\n signature_valid: false,\n claims_valid: false,\n key_id: keyId,\n errors: ['E_RECEIPT_INVALID_KEY_FORMAT'],\n };\n }\n\n // Perform real Ed25519 signature verification\n let signatureValid = false;\n try {\n const result = await verifyJws(jws, publicKeyBytes);\n signatureValid = result.valid;\n if (!signatureValid) {\n errors.push('E_RECEIPT_SIGNATURE_INVALID');\n }\n } catch (err: unknown) {\n // Handle crypto errors\n if (err instanceof CryptoError) {\n errors.push(`E_RECEIPT_CRYPTO_ERROR:${err.code}`);\n } else {\n errors.push('E_RECEIPT_SIGNATURE_INVALID');\n }\n signatureValid = false;\n }\n\n // Validate claims\n const claimsResult = verifyReceiptClaims(payload, options.now ?? new Date());\n errors.push(...claimsResult.errors);\n\n return {\n receipt_id: receiptId,\n signature_valid: signatureValid,\n claims_valid: claimsResult.valid,\n key_id: keyId,\n errors,\n claims: signatureValid && claimsResult.valid && errors.length === 0 ? payload : undefined,\n };\n}\n\n/\n Build key usage tracking.\n /\nfunction buildKeyUsage(results: ReceiptVerificationResult[]): KeyUsageEntry[] {\n const usage = new Map<string, string[]>();\n\n for (const result of results) {\n if (result.key_id) {\n const existing = usage.get(result.key_id) ?? [];\n existing.push(result.receipt_id);\n usage.set(result.key_id, existing);\n }\n }\n\n const entries: KeyUsageEntry[] = [];\n for (const [kid, receiptIds] of usage) {\n entries.push({\n kid,\n receipts_signed: receiptIds.length,\n receipt_ids: receiptIds.sort(),\n });\n }\n\n // Sort by kid for determinism\n return entries.sort((a, b) => a.kid.localeCompare(b.kid));\n}\n\n/\n Generate auditor-friendly summary.\n /\nfunction generateAuditorSummary(\n totalReceipts: number,\n validCount: number,\n invalidCount: number,\n results: ReceiptVerificationResult[]\n): AuditorSummary {\n const headline = `${validCount}/${totalReceipts} receipts valid`;\n\n const issues: string[] = [];\n for (const result of results) {\n if (!result.signature_valid \|\| !result.claims_valid) {\n const errorSummary =\n result.errors.length > 0 ? result.errors.join(', ') : 'validation failed';\n issues.push(`Receipt ${result.receipt_id}: ${errorSummary}`);\n }\n }\n\n // Sort issues for determinism\n issues.sort();\n\n let recommendation: AuditorSummary['recommendation'];\n if (invalidCount === 0) {\n recommendation = 'valid';\n } else if (invalidCount === totalReceipts) {\n recommendation = 'invalid';\n } else {\n recommendation = 'needs_review';\n }\n\n return {\n headline,\n issues,\n recommendation,\n };\n}\n\n/\n Verify the bundle.sig if present.\n * The bundle.sig is a JWS over { content_hash: \"...\" } signed with a key from the JWKS.\n /\nasync function verifyBundleSignature(\n bundleContents: DisputeBundleContents\n): Promise<BundleSignatureResult> {\n const { bundle_sig, keys, manifest } = bundleContents;\n\n // No bundle.sig present\n if (!bundle_sig) {\n return { present: false };\n }\n\n // Parse the JWS to get the key ID\n const parsed = parseJws(bundle_sig);\n if (!parsed) {\n return {\n present: true,\n valid: false,\n error: 'E_BUNDLE_SIGNATURE_INVALID_FORMAT',\n };\n }\n\n const keyId = typeof parsed.header.kid === 'string' ? parsed.header.kid : undefined;\n if (!keyId) {\n return {\n present: true,\n valid: false,\n error: 'E_BUNDLE_SIGNATURE_MISSING_KID',\n };\n }\n\n // Find the key in JWKS\n const jwk = keys.keys.find((k) => k.kid === keyId);\n if (!jwk) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: BundleErrorCodes.KEY_MISSING,\n };\n }\n\n // Convert JWK to raw public key bytes\n const publicKeyBytes = jwkToPublicKeyBytes(jwk);\n if (!publicKeyBytes) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: 'E_BUNDLE_SIGNATURE_INVALID_KEY_FORMAT',\n };\n }\n\n // Verify the signature\n try {\n const result = await verifyJws<{ content_hash: string }>(bundle_sig, publicKeyBytes);\n\n if (!result.valid) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: BundleErrorCodes.SIGNATURE_INVALID,\n };\n }\n\n // Verify the content_hash in the payload matches the manifest\n if (result.payload.content_hash !== manifest.content_hash) {\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: 'E_BUNDLE_SIGNATURE_CONTENT_MISMATCH',\n };\n }\n\n return {\n present: true,\n valid: true,\n key_id: keyId,\n };\n } catch (err: unknown) {\n const errorMsg =\n err instanceof CryptoError\n ? `E_BUNDLE_SIGNATURE_CRYPTO_ERROR:${err.code}`\n : BundleErrorCodes.SIGNATURE_INVALID;\n\n return {\n present: true,\n valid: false,\n key_id: keyId,\n error: errorMsg,\n };\n }\n}\n\n/\n Verify all receipts in a dispute bundle and generate a deterministic report.\n \n @param zipBuffer - Buffer containing the ZIP archive\n * @param options - Verification options\n * @returns Promise resolving to a deterministic verification report\n \n @example\n * ```typescript\n * const zipData = fs.readFileSync('dispute-bundle.zip');\n * const result = await verifyBundle(zipData, { offline: true });\n \n if (result.ok) {\n * console.log('Report hash:', result.value.report_hash);\n * console.log('Summary:', result.value.auditor_summary.headline);\n * }\n * ```\n /\nexport async function verifyBundle(\n zipBuffer: Buffer,\n options: VerifyBundleOptions\n): Promise<BundleResult<VerificationReport>> {\n // Read and parse the bundle\n const readResult = await readDisputeBundle(zipBuffer);\n if (!readResult.ok) {\n return readResult;\n }\n\n const bundleContents = readResult.value;\n const { manifest, receipts } = bundleContents;\n\n // Verify bundle.sig if present (authenticity)\n const bundleSignature = await verifyBundleSignature(bundleContents);\n\n // Verify each receipt with real Ed25519 signature verification\n const results: ReceiptVerificationResult[] = [];\n\n for (const receiptEntry of manifest.receipts) {\n const jws = receipts.get(receiptEntry.receipt_id);\n if (!jws) {\n results.push({\n receipt_id: receiptEntry.receipt_id,\n signature_valid: false,\n claims_valid: false,\n errors: ['E_BUNDLE_RECEIPT_NOT_FOUND'],\n });\n continue;\n }\n\n const result = await verifyReceipt(receiptEntry.receipt_id, jws, bundleContents, options);\n results.push(result);\n }\n\n // Sort results by receipt_id for determinism\n results.sort((a, b) => a.receipt_id.localeCompare(b.receipt_id));\n\n // Count valid/invalid\n const validCount = results.filter(\n (r) => r.signature_valid && r.claims_valid && r.errors.length === 0\n ).length;\n const invalidCount = results.length - validCount;\n\n // Build key usage\n const keysUsed = buildKeyUsage(results);\n\n // Generate auditor summary\n const auditorSummary = generateAuditorSummary(results.length, validCount, invalidCount, results);\n\n // Build report without report_hash\n const reportWithoutHash: Omit<VerificationReport, 'report_hash'> = {\n version: VERIFICATION_REPORT_VERSION,\n bundle_content_hash: manifest.content_hash,\n bundle_signature: bundleSignature,\n summary: {\n total_receipts: results.length,\n valid: validCount,\n invalid: invalidCount,\n },\n receipts: results,\n keys_used: keysUsed,\n auditor_summary: auditorSummary,\n };\n\n // Compute report_hash = SHA-256 of JCS(report without report_hash)\n // Strip undefined values first since JCS cannot handle them\n const cleanedReport = stripUndefined(reportWithoutHash);\n const reportHash = sha256Hex(canonicalize(cleanedReport));\n\n const report: VerificationReport = {\n ...reportWithoutHash,\n report_hash: reportHash,\n };\n\n return {\n ok: true,\n value: report,\n };\n}\n\n/\n Serialize a verification report to JSON.\n \n @param report - Verification report\n * @param pretty - Pretty print (default: false)\n * @returns JSON string\n /\nexport function serializeReport(report: VerificationReport, pretty: boolean = false): string {\n if (pretty) {\n return JSON.stringify(report, null, 2);\n }\n return JSON.stringify(report);\n}\n\n/\n Format verification report as human-readable text.\n \n @param report - Verification report\n * @returns Human-readable text summary\n /\nexport function formatReportText(report: VerificationReport): string {\n const lines: string[] = [];\n\n lines.push('PEAC Dispute Bundle Verification Report');\n lines.push('========================================');\n lines.push('');\n lines.push(`Bundle content hash: ${report.bundle_content_hash}`);\n lines.push(`Report hash: ${report.report_hash}`);\n lines.push('');\n\n // Bundle signature status\n lines.push('Bundle Signature');\n lines.push('----------------');\n if (!report.bundle_signature.present) {\n lines.push(' Status: NOT SIGNED');\n } else if (report.bundle_signature.valid) {\n lines.push(' Status: VALID');\n lines.push(` Key ID: ${report.bundle_signature.key_id}`);\n } else {\n lines.push(' Status: INVALID');\n if (report.bundle_signature.key_id) {\n lines.push(` Key ID: ${report.bundle_signature.key_id}`);\n }\n if (report.bundle_signature.error) {\n lines.push(` Error: ${report.bundle_signature.error}`);\n }\n }\n lines.push('');\n\n lines.push('Summary');\n lines.push('-------');\n lines.push(`Total receipts: ${report.summary.total_receipts}`);\n lines.push(`Valid: ${report.summary.valid}`);\n lines.push(`Invalid: ${report.summary.invalid}`);\n lines.push('');\n lines.push(`Recommendation: ${report.auditor_summary.recommendation.toUpperCase()}`);\n lines.push(`Headline: ${report.auditor_summary.headline}`);\n lines.push('');\n\n if (report.auditor_summary.issues.length > 0) {\n lines.push('Issues');\n lines.push('------');\n for (const issue of report.auditor_summary.issues) {\n lines.push(` - ${issue}`);\n }\n lines.push('');\n }\n\n if (report.keys_used.length > 0) {\n lines.push('Keys Used');\n lines.push('---------');\n for (const keyUsage of report.keys_used) {\n lines.push(` ${keyUsage.kid}: ${keyUsage.receipts_signed} receipt(s)`);\n }\n lines.push('');\n }\n\n lines.push('Receipt Details');\n lines.push('---------------');\n for (const receipt of report.receipts) {\n const status = receipt.signature_valid && receipt.claims_valid ? 'VALID' : 'INVALID';\n lines.push(` ${receipt.receipt_id}: ${status}`);\n if (receipt.key_id) {\n lines.push(` Key: ${receipt.key_id}`);\n }\n if (receipt.errors.length > 0) {\n lines.push(` Errors: ${receipt.errors.join(', ')}`);\n }\n }\n\n return lines.join('\\n');\n}\n","/\n @peac/audit\n \n Audit logging and case bundle generation for PEAC protocol (v0.9.27+).\n \n This package provides:\n * - JSONL audit log format (normative)\n * - Case bundle generation for dispute resolution\n * - Trace correlation for distributed system debugging\n * - Privacy-safe logging patterns\n \n ## Audit Log Format\n \n PEAC audit logs use JSONL (JSON Lines) format where each line is a\n * complete audit entry. This enables streaming, append-only logging,\n * and efficient line-by-line processing.\n \n ## Case Bundles\n \n Case bundles collect all audit entries related to a dispute,\n * organized chronologically with trace correlation data for\n * comprehensive dispute resolution.\n \n @example\n * ```typescript\n * import {\n * createAuditEntry,\n * formatJsonl,\n * createCaseBundle,\n * } from '@peac/audit';\n \n // Create an audit entry\n * const entry = createAuditEntry({\n * event_type: 'receipt_issued',\n * actor: { type: 'system', id: 'peac-issuer' },\n * resource: { type: 'receipt', id: 'jti:rec_abc123' },\n * outcome: { success: true, result: 'issued' },\n * });\n \n // Format to JSONL\n * const jsonl = formatJsonl([entry]);\n \n // Create a case bundle for dispute resolution\n * const bundle = createCaseBundle({\n * dispute_ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * generated_by: 'https://platform.example.com',\n * entries: disputeRelatedEntries,\n * });\n * ```\n \n @packageDocumentation\n */\n\nexport const AUDIT_PACKAGE_VERSION = '0.9.27';\n\n// Types\nexport type {\n AuditEventType,\n AuditSeverity,\n TraceContext,\n AuditActor,\n AuditResource,\n AuditOutcome,\n AuditEntry,\n CaseBundle,\n CaseBundleSummary,\n CreateAuditEntryOptions,\n CreateCaseBundleOptions,\n JsonlOptions,\n JsonlParseOptions,\n} from './types.js';\n\n// Entry creation and validation\nexport {\n AUDIT_VERSION,\n AUDIT_EVENT_TYPES,\n AUDIT_SEVERITIES,\n generateAuditId,\n isValidUlid,\n isValidTraceContext,\n createAuditEntry,\n validateAuditEntry,\n isValidAuditEntry,\n type ValidationResult,\n} from './entry.js';\n\n// JSONL formatting and parsing\nexport {\n formatJsonlLine,\n formatJsonl,\n parseJsonlLine,\n parseJsonl,\n createJsonlAppender,\n type JsonlParseLineResult,\n type JsonlParseLineError,\n type JsonlParseResult,\n} from './jsonl.js';\n\n// Case bundle generation\nexport {\n BUNDLE_VERSION,\n createCaseBundle,\n generateBundleSummary,\n filterByDispute,\n filterByTraceId,\n filterByTimeRange,\n filterByResource,\n correlateByTrace,\n serializeBundle,\n type TraceCorrelation,\n} from './bundle.js';\n\n// Dispute bundle (v0.9.30+, normalized in v0.10.0)\nexport {\n BUNDLE_VERSION as DISPUTE_BUNDLE_VERSION_v2,\n DISPUTE_BUNDLE_VERSION,\n VERIFICATION_REPORT_VERSION,\n type BundleKind,\n type BundleRef,\n type ManifestFileEntry,\n type ManifestReceiptEntry,\n type ManifestKeyEntry,\n type BundleTimeRange,\n type DisputeBundleManifest,\n type CreateDisputeBundleOptions,\n type JsonWebKeySet,\n type JsonWebKey,\n type DisputeBundleContents,\n type ReceiptVerificationResult,\n type KeyUsageEntry,\n type AuditorSummary,\n type VerificationReport,\n type VerifyBundleOptions,\n type BundleError,\n type BundleResult,\n} from './dispute-bundle-types.js';\n\nexport {\n createDisputeBundle,\n readDisputeBundle,\n verifyBundleIntegrity,\n getBundleContentHash,\n} from './dispute-bundle.js';\n\n// Verification report (v0.9.30+)\nexport { verifyBundle, serializeReport, formatReportText } from './verification-report.js';\n"]}