@peac/protocol 0.10.6 → 0.10.8

package/dist/verifier-core.js

@@ -0,0 +1,578 @@
+"use strict";
+/**
+ * PEAC Verifier Core
+ *
+ * Implements the verification flow per VERIFIER-SECURITY-MODEL.md with:
+ * - Ordered checks with short-circuit behavior
+ * - Trust pinning (issuer allowlist + RFC 7638 thumbprints)
+ * - SSRF-safe network fetches
+ * - Deterministic verification reports
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyReceiptCore = verifyReceiptCore;
+exports.clearJWKSCache = clearJWKSCache;
+exports.getJWKSCacheSize = getJWKSCacheSize;
+const crypto_1 = require("@peac/crypto");
+const kernel_1 = require("@peac/kernel");
+const schema_1 = require("@peac/schema");
+const ssrf_safe_fetch_js_1 = require("./ssrf-safe-fetch.js");
+const verification_report_js_1 = require("./verification-report.js");
+const verifier_types_js_1 = require("./verifier-types.js");
+/**
+ * In-memory JWKS cache (5 minute TTL)
+ */
+const jwksCache = new Map();
+const CACHE_TTL_MS = 5 * 60 * 1000;
+// ---------------------------------------------------------------------------
+// Helper Functions
+// ---------------------------------------------------------------------------
+/**
+ * Normalize issuer to origin format (https://host[:port])
+ */
+function normalizeIssuer(issuer) {
+    try {
+        const url = new URL(issuer);
+        // Include port only if non-standard for HTTPS
+        if (url.port && url.port !== '443') {
+            return `${url.protocol}//${url.hostname}:${url.port}`;
+        }
+        return `${url.protocol}//${url.hostname}`;
+    }
+    catch {
+        return issuer;
+    }
+}
+/**
+ * Check if issuer is in the allowlist
+ */
+function isIssuerAllowed(issuer, allowlist) {
+    if (!allowlist || allowlist.length === 0) {
+        // No allowlist means all issuers are allowed
+        return true;
+    }
+    const normalized = normalizeIssuer(issuer);
+    return allowlist.some((allowed) => normalizeIssuer(allowed) === normalized);
+}
+/**
+ * Find pinned key for issuer and kid
+ */
+function findPinnedKey(issuer, kid, pinnedKeys) {
+    if (!pinnedKeys || pinnedKeys.length === 0) {
+        return undefined;
+    }
+    const normalizedIssuer = normalizeIssuer(issuer);
+    return pinnedKeys.find((pk) => normalizeIssuer(pk.issuer) === normalizedIssuer && pk.kid === kid);
+}
+/**
+ * Fetch issuer configuration
+ */
+async function fetchIssuerConfig(issuerOrigin) {
+    const configUrl = `${issuerOrigin}/.well-known/peac-issuer.json`;
+    const result = await (0, ssrf_safe_fetch_js_1.ssrfSafeFetch)(configUrl, {
+        maxBytes: 65536, // 64 KB
+        headers: { Accept: 'application/json' },
+    });
+    if (!result.ok) {
+        return null;
+    }
+    try {
+        return JSON.parse(result.body);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Fetch JWKS from issuer
+ */
+async function fetchIssuerJWKS(issuerOrigin) {
+    const now = Date.now();
+    // Check cache
+    const cached = jwksCache.get(issuerOrigin);
+    if (cached && cached.expiresAt > now) {
+        return { jwks: cached.jwks, fromCache: true };
+    }
+    // Fetch issuer config first
+    const config = await fetchIssuerConfig(issuerOrigin);
+    if (!config?.jwks_uri) {
+        // Fallback to well-known JWKS path
+        const fallbackUrl = `${issuerOrigin}/.well-known/jwks.json`;
+        const result = await (0, ssrf_safe_fetch_js_1.fetchJWKSSafe)(fallbackUrl);
+        if (!result.ok) {
+            return { error: result };
+        }
+        try {
+            const jwks = JSON.parse(result.body);
+            jwksCache.set(issuerOrigin, { jwks, expiresAt: now + CACHE_TTL_MS });
+            return { jwks, fromCache: false, rawBytes: result.rawBytes };
+        }
+        catch {
+            return {
+                error: {
+                    ok: false,
+                    reason: 'network_error',
+                    message: 'Invalid JWKS JSON',
+                },
+            };
+        }
+    }
+    // Fetch JWKS from discovered URI
+    const result = await (0, ssrf_safe_fetch_js_1.fetchJWKSSafe)(config.jwks_uri);
+    if (!result.ok) {
+        return { error: result };
+    }
+    try {
+        const jwks = JSON.parse(result.body);
+        // Validate JWKS limits
+        if (jwks.keys.length > kernel_1.VERIFIER_LIMITS.maxJwksKeys) {
+            return {
+                error: {
+                    ok: false,
+                    reason: 'jwks_too_many_keys',
+                    message: `JWKS has too many keys: ${jwks.keys.length} > ${kernel_1.VERIFIER_LIMITS.maxJwksKeys}`,
+                },
+            };
+        }
+        jwksCache.set(issuerOrigin, { jwks, expiresAt: now + CACHE_TTL_MS });
+        return { jwks, fromCache: false, rawBytes: result.rawBytes };
+    }
+    catch {
+        return {
+            error: {
+                ok: false,
+                reason: 'network_error',
+                message: 'Invalid JWKS JSON',
+            },
+        };
+    }
+}
+// ---------------------------------------------------------------------------
+// Main Verification Function
+// ---------------------------------------------------------------------------
+/**
+ * Verify a PEAC receipt with full security checks and report emission
+ *
+ * Implements the verification flow per VERIFIER-SECURITY-MODEL.md:
+ * 1. jws.parse - Parse JWS structure
+ * 2. limits.receipt_bytes - Check receipt size
+ * 3. jws.protected_header - Validate protected header
+ * 4. claims.schema_unverified - Pre-signature schema check
+ * 5. issuer.trust_policy - Check issuer allowlist/pins
+ * 6. issuer.discovery - Fetch JWKS (if network mode)
+ * 7. key.resolve - Resolve signing key by kid
+ * 8. jws.signature - Verify signature
+ * 9. claims.time_window - Check iat/exp
+ * 10. extensions.limits - Check extension sizes
+ */
+async function verifyReceiptCore(options) {
+    const { receipt, policy = (0, verifier_types_js_1.createDefaultPolicy)('offline_preferred'), referenceTime, includeMeta = false, } = options;
+    // Convert receipt to string if needed
+    const receiptJws = typeof receipt === 'string' ? receipt : new TextDecoder().decode(receipt);
+    const receiptBytes = typeof receipt === 'string' ? new TextEncoder().encode(receipt) : receipt;
+    // Compute receipt digest for report
+    const receiptDigestHex = await (0, crypto_1.sha256Hex)(receiptBytes);
+    // Start building report
+    const builder = (0, verification_report_js_1.createReportBuilder)(policy);
+    builder.setInputWithDigest(receiptDigestHex);
+    // Current time (or reference time for deterministic verification)
+    const nowSeconds = referenceTime ?? Math.floor(Date.now() / 1000);
+    // Track issuer and kid for result
+    let issuer;
+    let kid;
+    let parsedClaims;
+    // ---------------------------------------------------------------------------
+    // Check 1: jws.parse - Parse JWS structure
+    // ---------------------------------------------------------------------------
+    let header;
+    let payload;
+    try {
+        const decoded = (0, crypto_1.decode)(receiptJws);
+        header = decoded.header;
+        payload = decoded.payload;
+        builder.pass('jws.parse');
+    }
+    catch (err) {
+        builder.fail('jws.parse', 'E_VERIFY_MALFORMED_RECEIPT', {
+            error: err instanceof Error ? err.message : String(err),
+        });
+        builder.failure('malformed_receipt');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    // ---------------------------------------------------------------------------
+    // Check 2: limits.receipt_bytes - Check receipt size
+    // ---------------------------------------------------------------------------
+    if (receiptBytes.length > policy.limits.max_receipt_bytes) {
+        builder.fail('limits.receipt_bytes', 'E_VERIFY_RECEIPT_TOO_LARGE', {
+            size: receiptBytes.length,
+            limit: policy.limits.max_receipt_bytes,
+        });
+        builder.failure('receipt_too_large');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    builder.pass('limits.receipt_bytes', { size: receiptBytes.length });
+    // ---------------------------------------------------------------------------
+    // Check 3: jws.protected_header - Validate protected header
+    // ---------------------------------------------------------------------------
+    if (header.alg !== 'EdDSA') {
+        builder.fail('jws.protected_header', 'E_VERIFY_MALFORMED_RECEIPT', {
+            expected_alg: 'EdDSA',
+            actual_alg: header.alg,
+        });
+        builder.failure('malformed_receipt');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    if (header.typ !== kernel_1.WIRE_TYPE) {
+        builder.fail('jws.protected_header', 'E_VERIFY_MALFORMED_RECEIPT', {
+            expected_typ: kernel_1.WIRE_TYPE,
+            actual_typ: header.typ,
+        });
+        builder.failure('malformed_receipt');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    if (!header.kid) {
+        builder.fail('jws.protected_header', 'E_VERIFY_MALFORMED_RECEIPT', {
+            error: 'Missing kid in protected header',
+        });
+        builder.failure('malformed_receipt');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    kid = header.kid;
+    builder.pass('jws.protected_header', { alg: header.alg, typ: header.typ, kid: header.kid });
+    // ---------------------------------------------------------------------------
+    // Check 4: claims.schema_unverified - Pre-signature schema check
+    // ---------------------------------------------------------------------------
+    try {
+        schema_1.ReceiptClaims.parse(payload);
+        issuer = payload.iss;
+        builder.pass('claims.schema_unverified');
+    }
+    catch (err) {
+        builder.fail('claims.schema_unverified', 'E_VERIFY_SCHEMA_INVALID', {
+            error: err instanceof Error ? err.message : String(err),
+        });
+        builder.failure('schema_invalid');
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    // ---------------------------------------------------------------------------
+    // Check 5: issuer.trust_policy - Check issuer allowlist/pins
+    // ---------------------------------------------------------------------------
+    const normalizedIssuer = normalizeIssuer(issuer);
+    if (!isIssuerAllowed(issuer, policy.issuer_allowlist)) {
+        builder.fail('issuer.trust_policy', 'E_VERIFY_ISSUER_NOT_ALLOWED', {
+            issuer: normalizedIssuer,
+            allowlist: policy.issuer_allowlist,
+        });
+        builder.failure('issuer_not_allowed', normalizedIssuer, kid);
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    builder.pass('issuer.trust_policy', { issuer: normalizedIssuer });
+    // ---------------------------------------------------------------------------
+    // Check 6: issuer.discovery - Fetch JWKS (if network mode)
+    // Check 7: key.resolve - Resolve signing key by kid
+    // ---------------------------------------------------------------------------
+    let publicKey;
+    let keySource;
+    let keyThumbprint;
+    let jwksRawBytes;
+    // Check for pinned key first
+    const pinnedKey = findPinnedKey(issuer, kid, policy.pinned_keys);
+    if (pinnedKey) {
+        // Use pinned key - skip discovery
+        builder.skip('issuer.discovery', { reason: 'pinned_key_available' });
+        // Check if pinned key has key material for offline verification
+        if (pinnedKey.jwk) {
+            // Full JWK provided - verify thumbprint and use directly
+            const actualThumbprint = await (0, crypto_1.computeJwkThumbprint)(pinnedKey.jwk);
+            if (actualThumbprint !== pinnedKey.jwk_thumbprint_sha256) {
+                builder.fail('key.resolve', 'E_VERIFY_POLICY_VIOLATION', {
+                    error: 'Pinned JWK thumbprint does not match declared thumbprint',
+                    expected: pinnedKey.jwk_thumbprint_sha256,
+                    actual: actualThumbprint,
+                });
+                builder.failure('policy_violation', normalizedIssuer, kid);
+                return {
+                    valid: false,
+                    report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                };
+            }
+            publicKey = (0, crypto_1.jwkToPublicKeyBytes)(pinnedKey.jwk);
+            keySource = 'pinned_keys';
+            keyThumbprint = actualThumbprint;
+            builder.pass('key.resolve', {
+                source: keySource,
+                kid,
+                thumbprint_verified: true,
+                offline: true,
+            });
+        }
+        else if (pinnedKey.public_key) {
+            // Raw public key bytes provided (base64url, 32 bytes for Ed25519)
+            try {
+                publicKey = (0, crypto_1.base64urlDecode)(pinnedKey.public_key);
+                if (publicKey.length !== 32) {
+                    throw new Error(`Expected 32 bytes, got ${publicKey.length}`);
+                }
+                keySource = 'pinned_keys';
+                // Note: We can't compute thumbprint from raw key bytes alone
+                // The thumbprint is computed from canonical JWK JSON
+                // Use the declared thumbprint from the pinned key entry
+                keyThumbprint = pinnedKey.jwk_thumbprint_sha256;
+                builder.pass('key.resolve', {
+                    source: keySource,
+                    kid,
+                    offline: true,
+                    thumbprint_verified: false,
+                });
+            }
+            catch (err) {
+                builder.fail('key.resolve', 'E_VERIFY_KEY_NOT_FOUND', {
+                    error: `Invalid pinned public_key: ${err instanceof Error ? err.message : String(err)}`,
+                });
+                builder.failure('key_not_found', normalizedIssuer, kid);
+                return {
+                    valid: false,
+                    report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                };
+            }
+        }
+        else if (policy.mode === 'offline_only') {
+            // Offline mode but pinned key has no key material - fail
+            builder.fail('key.resolve', 'E_VERIFY_KEY_NOT_FOUND', {
+                error: 'Offline mode requires key material (jwk or public_key) in pinned_keys',
+            });
+            builder.failure('key_not_found', normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+        else {
+            // Network mode - fetch JWKS and verify thumbprint
+            const jwksResult = await fetchIssuerJWKS(normalizedIssuer);
+            if ('error' in jwksResult) {
+                const reason = (0, verifier_types_js_1.ssrfErrorToReasonCode)(jwksResult.error.reason, 'key');
+                builder.fail('issuer.discovery', (0, verifier_types_js_1.reasonCodeToErrorCode)(reason), {
+                    error: jwksResult.error.message,
+                    url: jwksResult.error.blockedUrl,
+                });
+                builder.failure(reason, normalizedIssuer, kid);
+                return {
+                    valid: false,
+                    report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                };
+            }
+            // Store raw bytes for digest computation (only when not from cache)
+            if (jwksResult.rawBytes) {
+                jwksRawBytes = jwksResult.rawBytes;
+            }
+            builder.pass('issuer.discovery', {
+                from_cache: jwksResult.fromCache,
+                keys_count: jwksResult.jwks.keys.length,
+            });
+            // Find the key
+            const jwk = jwksResult.jwks.keys.find((k) => k.kid === kid);
+            if (!jwk) {
+                builder.fail('key.resolve', 'E_VERIFY_KEY_NOT_FOUND', {
+                    kid,
+                    available_kids: jwksResult.jwks.keys.map((k) => k.kid),
+                });
+                builder.failure('key_not_found', normalizedIssuer, kid);
+                return {
+                    valid: false,
+                    report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                };
+            }
+            // Verify thumbprint matches
+            const actualThumbprint = await (0, crypto_1.computeJwkThumbprint)(jwk);
+            if (actualThumbprint !== pinnedKey.jwk_thumbprint_sha256) {
+                builder.fail('key.resolve', 'E_VERIFY_POLICY_VIOLATION', {
+                    error: 'JWK thumbprint does not match pinned key',
+                    expected: pinnedKey.jwk_thumbprint_sha256,
+                    actual: actualThumbprint,
+                });
+                builder.failure('policy_violation', normalizedIssuer, kid);
+                return {
+                    valid: false,
+                    report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                };
+            }
+            publicKey = (0, crypto_1.jwkToPublicKeyBytes)(jwk);
+            keySource = 'pinned_keys';
+            keyThumbprint = actualThumbprint;
+            builder.pass('key.resolve', { source: keySource, kid, thumbprint_verified: true });
+        }
+    }
+    else {
+        // No pinned key - need to discover
+        if (policy.mode === 'offline_only') {
+            builder.fail('issuer.discovery', 'E_VERIFY_KEY_NOT_FOUND', {
+                error: 'Offline mode requires pinned keys',
+            });
+            builder.failure('key_not_found', normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+        const jwksResult = await fetchIssuerJWKS(normalizedIssuer);
+        if ('error' in jwksResult) {
+            const reason = (0, verifier_types_js_1.ssrfErrorToReasonCode)(jwksResult.error.reason, 'key');
+            builder.fail('issuer.discovery', (0, verifier_types_js_1.reasonCodeToErrorCode)(reason), {
+                error: jwksResult.error.message,
+                url: jwksResult.error.blockedUrl,
+            });
+            builder.failure(reason, normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+        // Store raw bytes for digest computation (only when not from cache)
+        if (jwksResult.rawBytes) {
+            jwksRawBytes = jwksResult.rawBytes;
+        }
+        builder.pass('issuer.discovery', {
+            from_cache: jwksResult.fromCache,
+            keys_count: jwksResult.jwks.keys.length,
+        });
+        // Find the key
+        const jwk = jwksResult.jwks.keys.find((k) => k.kid === kid);
+        if (!jwk) {
+            builder.fail('key.resolve', 'E_VERIFY_KEY_NOT_FOUND', {
+                kid,
+                available_kids: jwksResult.jwks.keys.map((k) => k.kid),
+            });
+            builder.failure('key_not_found', normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+        publicKey = (0, crypto_1.jwkToPublicKeyBytes)(jwk);
+        keySource = 'jwks_discovery';
+        keyThumbprint = await (0, crypto_1.computeJwkThumbprint)(jwk);
+        builder.pass('key.resolve', { source: keySource, kid, thumbprint: keyThumbprint });
+    }
+    // ---------------------------------------------------------------------------
+    // Check 8: jws.signature - Verify signature
+    // ---------------------------------------------------------------------------
+    try {
+        const result = await (0, crypto_1.verify)(receiptJws, publicKey);
+        if (!result.valid) {
+            builder.fail('jws.signature', 'E_VERIFY_SIGNATURE_INVALID', {
+                error: 'Ed25519 signature verification failed',
+            });
+            builder.failure('signature_invalid', normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+        parsedClaims = result.payload;
+        builder.pass('jws.signature');
+    }
+    catch (err) {
+        builder.fail('jws.signature', 'E_VERIFY_SIGNATURE_INVALID', {
+            error: err instanceof Error ? err.message : String(err),
+        });
+        builder.failure('signature_invalid', normalizedIssuer, kid);
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    // ---------------------------------------------------------------------------
+    // Check 9: claims.time_window - Check iat/exp
+    // ---------------------------------------------------------------------------
+    const iatTolerance = 60; // 60 seconds tolerance for future iat
+    // Check iat (issued at) - required field per schema
+    if (parsedClaims.iat > nowSeconds + iatTolerance) {
+        builder.fail('claims.time_window', 'E_VERIFY_NOT_YET_VALID', {
+            error: 'Receipt issued in the future',
+            iat: parsedClaims.iat,
+            now: nowSeconds,
+            tolerance: iatTolerance,
+        });
+        builder.failure('not_yet_valid', normalizedIssuer, kid);
+        return { valid: false, report: includeMeta ? builder.addTimestamp().build() : builder.build() };
+    }
+    // Check exp (expiration) - no tolerance
+    if (parsedClaims.exp) {
+        if (parsedClaims.exp < nowSeconds) {
+            builder.fail('claims.time_window', 'E_VERIFY_EXPIRED', {
+                error: 'Receipt expired',
+                exp: parsedClaims.exp,
+                now: nowSeconds,
+            });
+            builder.failure('expired', normalizedIssuer, kid);
+            return {
+                valid: false,
+                report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+            };
+        }
+    }
+    builder.pass('claims.time_window', {
+        iat: parsedClaims.iat,
+        exp: parsedClaims.exp,
+        now: nowSeconds,
+    });
+    // ---------------------------------------------------------------------------
+    // Check 10: extensions.limits - Check extension sizes
+    // ---------------------------------------------------------------------------
+    // Check for oversized extensions in ext object
+    if (parsedClaims.ext) {
+        for (const [extKey, extValue] of Object.entries(parsedClaims.ext)) {
+            if (extValue !== undefined) {
+                const extJson = JSON.stringify(extValue);
+                if (extJson.length > policy.limits.max_extension_bytes) {
+                    builder.fail('extensions.limits', 'E_VERIFY_EXTENSION_TOO_LARGE', {
+                        extension: extKey,
+                        size: extJson.length,
+                        limit: policy.limits.max_extension_bytes,
+                    });
+                    builder.failure('extension_too_large', normalizedIssuer, kid);
+                    return {
+                        valid: false,
+                        report: includeMeta ? builder.addTimestamp().build() : builder.build(),
+                    };
+                }
+            }
+        }
+    }
+    builder.pass('extensions.limits');
+    // ---------------------------------------------------------------------------
+    // Success!
+    // ---------------------------------------------------------------------------
+    builder.success(normalizedIssuer, kid);
+    // Add JWKS artifacts for enterprise debuggability
+    // Map internal key source to artifact format
+    const artifactKeySource = keySource === 'pinned_keys' ? 'pinned' : 'jwks_fetch';
+    builder.addArtifact('issuer_key_source', artifactKeySource);
+    if (keyThumbprint) {
+        builder.addArtifact('issuer_key_thumbprint', keyThumbprint);
+    }
+    // Add JWKS digest when fetched (not from cache)
+    // Computed over raw bytes to avoid encoding round-trip issues
+    if (jwksRawBytes) {
+        const jwksDigestHex = await (0, crypto_1.sha256Hex)(jwksRawBytes);
+        builder.addArtifact('issuer_jwks_digest', (0, verifier_types_js_1.createDigest)(jwksDigestHex));
+    }
+    const report = includeMeta ? builder.addTimestamp().build() : builder.build();
+    return {
+        valid: true,
+        report,
+        claims: parsedClaims,
+    };
+}
+/**
+ * Clear the JWKS cache
+ */
+function clearJWKSCache() {
+    jwksCache.clear();
+}
+/**
+ * Get JWKS cache size (for testing)
+ */
+function getJWKSCacheSize() {
+    return jwksCache.size;
+}
+//# sourceMappingURL=verifier-core.js.map

package/dist/verifier-core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifier-core.js","sourceRoot":"","sources":["../src/verifier-core.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;AA8QH,8CAobC;AAKD,wCAEC;AAKD,4CAEC;AA9sBD,yCAOsB;AACtB,yCAA0D;AAC1D,yCAAgE;AAEhE,6DAAoE;AACpE,qEAA+D;AAE/D,2DAK6B;AAqE7B;;GAEG;AACH,MAAM,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;AACpD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnC,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;GAEG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,8CAA8C;QAC9C,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACnC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAc,EAAE,SAAoB;IAC3D,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,6CAA6C;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,UAAU,CAAC,CAAC;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,MAAc,EACd,GAAW,EACX,UAAwB;IAExB,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,gBAAgB,IAAI,EAAE,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;AACpG,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,YAAoB;IACnD,MAAM,SAAS,GAAG,GAAG,YAAY,+BAA+B,CAAC;IAEjE,MAAM,MAAM,GAAG,MAAM,IAAA,kCAAa,EAAC,SAAS,EAAE;QAC5C,QAAQ,EAAE,KAAK,EAAE,QAAQ;QACzB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;KACxC,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAiB,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAYD;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,YAAoB;IAEpB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,cAAc;IACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3C,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;QACrC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,4BAA4B;IAC5B,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;QACtB,mCAAmC;QACnC,MAAM,WAAW,GAAG,GAAG,YAAY,wBAAwB,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,IAAA,kCAAa,EAAC,WAAW,CAAC,CAAC;QAEhD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAS,CAAC;YAC7C,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,GAAG,YAAY,EAAE,CAAC,CAAC;YACrE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,KAAK,EAAE;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,eAAe;oBACvB,OAAO,EAAE,mBAAmB;iBACX;aACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,MAAM,MAAM,GAAG,MAAM,IAAA,kCAAa,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAS,CAAC;QAE7C,uBAAuB;QACvB,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,wBAAe,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO;gBACL,KAAK,EAAE;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,oBAAoB;oBAC5B,OAAO,EAAE,2BAA2B,IAAI,CAAC,IAAI,CAAC,MAAM,MAAM,wBAAe,CAAC,WAAW,EAAE;iBACtE;aACpB,CAAC;QACJ,CAAC;QAED,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,GAAG,YAAY,EAAE,CAAC,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,KAAK,EAAE;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,eAAe;gBACvB,OAAO,EAAE,mBAAmB;aACX;SACpB,CAAC;IACJ,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,EACJ,OAAO,EACP,MAAM,GAAG,IAAA,uCAAmB,EAAC,mBAAmB,CAAC,EACjD,aAAa,EACb,WAAW,GAAG,KAAK,GACpB,GAAG,OAAO,CAAC;IAEZ,sCAAsC;IACtC,MAAM,UAAU,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7F,MAAM,YAAY,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE/F,oCAAoC;IACpC,MAAM,gBAAgB,GAAG,MAAM,IAAA,kBAAS,EAAC,YAAY,CAAC,CAAC;IAEvD,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAA,4CAAmB,EAAC,MAAM,CAAC,CAAC;IAC5C,OAAO,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;IAE7C,kEAAkE;IAClE,MAAM,UAAU,GAAG,aAAa,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAElE,kCAAkC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,GAAuB,CAAC;IAC5B,IAAI,YAA2C,CAAC;IAEhD,8EAA8E;IAC9E,2CAA2C;IAC3C,8EAA8E;IAC9E,IAAI,MAAiD,CAAC;IACtD,IAAI,OAA0B,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,eAAM,EAAoB,UAAU,CAAC,CAAC;QACtD,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QACxB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,4BAA4B,EAAE;YACtD,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IAED,8EAA8E;IAC9E,qDAAqD;IACrD,8EAA8E;IAC9E,IAAI,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,4BAA4B,EAAE;YACjE,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,iBAAiB;SACvC,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAEpE,8EAA8E;IAC9E,4DAA4D;IAC5D,8EAA8E;IAC9E,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,4BAA4B,EAAE;YACjE,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,MAAM,CAAC,GAAG;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,KAAK,kBAAS,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,4BAA4B,EAAE;YACjE,YAAY,EAAE,kBAAS;YACvB,UAAU,EAAE,MAAM,CAAC,GAAG;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,4BAA4B,EAAE;YACjE,KAAK,EAAE,iCAAiC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IACjB,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;IAE5F,8EAA8E;IAC9E,iEAAiE;IACjE,8EAA8E;IAC9E,IAAI,CAAC;QACH,sBAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7B,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,yBAAyB,EAAE;YAClE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IAED,8EAA8E;IAC9E,6DAA6D;IAC7D,8EAA8E;IAC9E,MAAM,gBAAgB,GAAG,eAAe,CAAC,MAAO,CAAC,CAAC;IAElD,IAAI,CAAC,eAAe,CAAC,MAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,qBAAqB,EAAE,6BAA6B,EAAE;YACjE,MAAM,EAAE,gBAAgB;YACxB,SAAS,EAAE,MAAM,CAAC,gBAAgB;SACnC,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAC7D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAElE,8EAA8E;IAC9E,2DAA2D;IAC3D,oDAAoD;IACpD,8EAA8E;IAC9E,IAAI,SAAqB,CAAC;IAC1B,IAAI,SAA2C,CAAC;IAChD,IAAI,aAAiC,CAAC;IACtC,IAAI,YAAoC,CAAC;IAEzC,6BAA6B;IAC7B,MAAM,SAAS,GAAG,aAAa,CAAC,MAAO,EAAE,GAAI,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,SAAS,EAAE,CAAC;QACd,kCAAkC;QAClC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAC;QAErE,gEAAgE;QAChE,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;YAClB,yDAAyD;YACzD,MAAM,gBAAgB,GAAG,MAAM,IAAA,6BAAoB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnE,IAAI,gBAAgB,KAAK,SAAS,CAAC,qBAAqB,EAAE,CAAC;gBACzD,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,2BAA2B,EAAE;oBACvD,KAAK,EAAE,0DAA0D;oBACjE,QAAQ,EAAE,SAAS,CAAC,qBAAqB;oBACzC,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC3D,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;iBACvE,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,IAAA,4BAAmB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC/C,SAAS,GAAG,aAAa,CAAC;YAC1B,aAAa,GAAG,gBAAgB,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE;gBAC1B,MAAM,EAAE,SAAS;gBACjB,GAAG;gBACH,mBAAmB,EAAE,IAAI;gBACzB,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YAChC,kEAAkE;YAClE,IAAI,CAAC;gBACH,SAAS,GAAG,IAAA,wBAAe,EAAC,SAAS,CAAC,UAAU,CAAC,CAAC;gBAClD,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;oBAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;gBAChE,CAAC;gBACD,SAAS,GAAG,aAAa,CAAC;gBAC1B,6DAA6D;gBAC7D,qDAAqD;gBACrD,wDAAwD;gBACxD,aAAa,GAAG,SAAS,CAAC,qBAAqB,CAAC;gBAChD,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE;oBAC1B,MAAM,EAAE,SAAS;oBACjB,GAAG;oBACH,OAAO,EAAE,IAAI;oBACb,mBAAmB,EAAE,KAAK;iBAC3B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE;oBACpD,KAAK,EAAE,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;iBACxF,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBACxD,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;iBACvE,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YAC1C,yDAAyD;YACzD,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE;gBACpD,KAAK,EAAE,uEAAuE;aAC/E,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,kDAAkD;YAClD,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,gBAAgB,CAAC,CAAC;YAE3D,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,MAAM,MAAM,GAAG,IAAA,yCAAqB,EAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;gBACrE,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAA,yCAAqB,EAAC,MAAM,CAAC,EAAE;oBAC9D,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO;oBAC/B,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,UAAU;iBACjC,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC/C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;iBACvE,CAAC;YACJ,CAAC;YAED,oEAAoE;YACpE,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBACxB,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;YACrC,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE;gBAC/B,UAAU,EAAE,UAAU,CAAC,SAAS;gBAChC,UAAU,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM;aACxC,CAAC,CAAC;YAEH,eAAe;YACf,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAC5D,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE;oBACpD,GAAG;oBACH,cAAc,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;iBACvD,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBACxD,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;iBACvE,CAAC;YACJ,CAAC;YAED,4BAA4B;YAC5B,MAAM,gBAAgB,GAAG,MAAM,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC;YACzD,IAAI,gBAAgB,KAAK,SAAS,CAAC,qBAAqB,EAAE,CAAC;gBACzD,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,2BAA2B,EAAE;oBACvD,KAAK,EAAE,0CAA0C;oBACjD,QAAQ,EAAE,SAAS,CAAC,qBAAqB;oBACzC,MAAM,EAAE,gBAAgB;iBACzB,CAAC,CAAC;gBACH,OAAO,CAAC,OAAO,CAAC,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAC3D,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;iBACvE,CAAC;YACJ,CAAC;YAED,SAAS,GAAG,IAAA,4BAAmB,EAAC,GAAG,CAAC,CAAC;YACrC,SAAS,GAAG,aAAa,CAAC;YAC1B,aAAa,GAAG,gBAAgB,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;SAAM,CAAC;QACN,mCAAmC;QACnC,IAAI,MAAM,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,wBAAwB,EAAE;gBACzD,KAAK,EAAE,mCAAmC;aAC3C,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAE3D,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAA,yCAAqB,EAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACrE,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAA,yCAAqB,EAAC,MAAM,CAAC,EAAE;gBAC9D,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO;gBAC/B,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,UAAU;aACjC,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAC/C,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,oEAAoE;QACpE,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC;QACrC,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC/B,UAAU,EAAE,UAAU,CAAC,SAAS;YAChC,UAAU,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM;SACxC,CAAC,CAAC;QAEH,eAAe;QACf,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;QAC5D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,wBAAwB,EAAE;gBACpD,GAAG;gBACH,cAAc,EAAE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;aACvD,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,IAAA,4BAAmB,EAAC,GAAG,CAAC,CAAC;QACrC,SAAS,GAAG,gBAAgB,CAAC;QAC7B,aAAa,GAAG,MAAM,IAAA,6BAAoB,EAAC,GAAG,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,8EAA8E;IAC9E,4CAA4C;IAC5C,8EAA8E;IAC9E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,eAAS,EAAoB,UAAU,EAAE,SAAS,CAAC,CAAC;QAEzE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,4BAA4B,EAAE;gBAC1D,KAAK,EAAE,uCAAuC;aAC/C,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAC5D,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;QAED,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,4BAA4B,EAAE;YAC1D,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACxD,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAC5D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IAED,8EAA8E;IAC9E,8CAA8C;IAC9C,8EAA8E;IAC9E,MAAM,YAAY,GAAG,EAAE,CAAC,CAAC,sCAAsC;IAE/D,oDAAoD;IACpD,IAAI,YAAa,CAAC,GAAG,GAAG,UAAU,GAAG,YAAY,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE,wBAAwB,EAAE;YAC3D,KAAK,EAAE,8BAA8B;YACrC,GAAG,EAAE,YAAa,CAAC,GAAG;YACtB,GAAG,EAAE,UAAU;YACf,SAAS,EAAE,YAAY;SACxB,CAAC,CAAC;QACH,OAAO,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;QACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;IAClG,CAAC;IAED,wCAAwC;IACxC,IAAI,YAAa,CAAC,GAAG,EAAE,CAAC;QACtB,IAAI,YAAa,CAAC,GAAG,GAAG,UAAU,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE,kBAAkB,EAAE;gBACrD,KAAK,EAAE,iBAAiB;gBACxB,GAAG,EAAE,YAAa,CAAC,GAAG;gBACtB,GAAG,EAAE,UAAU;aAChB,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;aACvE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,oBAAoB,EAAE;QACjC,GAAG,EAAE,YAAa,CAAC,GAAG;QACtB,GAAG,EAAE,YAAa,CAAC,GAAG;QACtB,GAAG,EAAE,UAAU;KAChB,CAAC,CAAC;IAEH,8EAA8E;IAC9E,sDAAsD;IACtD,8EAA8E;IAC9E,+CAA+C;IAC/C,IAAI,YAAa,CAAC,GAAG,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAa,CAAC,GAAG,CAAC,EAAE,CAAC;YACnE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;gBACzC,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;oBACvD,OAAO,CAAC,IAAI,CAAC,mBAAmB,EAAE,8BAA8B,EAAE;wBAChE,SAAS,EAAE,MAAM;wBACjB,IAAI,EAAE,OAAO,CAAC,MAAM;wBACpB,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,mBAAmB;qBACzC,CAAC,CAAC;oBACH,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;oBAC9D,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE;qBACvE,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAElC,8EAA8E;IAC9E,WAAW;IACX,8EAA8E;IAC9E,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAI,CAAC,CAAC;IAExC,kDAAkD;IAClD,6CAA6C;IAC7C,MAAM,iBAAiB,GAAG,SAAS,KAAK,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;IAChF,OAAO,CAAC,WAAW,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;IAE5D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,CAAC,WAAW,CAAC,uBAAuB,EAAE,aAAa,CAAC,CAAC;IAC9D,CAAC;IAED,gDAAgD;IAChD,8DAA8D;IAC9D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,aAAa,GAAG,MAAM,IAAA,kBAAS,EAAC,YAAY,CAAC,CAAC;QACpD,OAAO,CAAC,WAAW,CAAC,oBAAoB,EAAE,IAAA,gCAAY,EAAC,aAAa,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IAE9E,OAAO;QACL,KAAK,EAAE,IAAI;QACX,MAAM;QACN,MAAM,EAAE,YAAY;KACrB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc;IAC5B,SAAS,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,OAAO,SAAS,CAAC,IAAI,CAAC;AACxB,CAAC"}