@peac/schema 0.10.9 → 0.10.10

package/dist/agent-identity.js

@@ -1,357 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AgentIdentityVerifiedSchema = exports.IdentityBindingSchema = exports.AgentIdentityAttestationSchema = exports.AGENT_IDENTITY_TYPE = exports.AgentIdentityEvidenceSchema = exports.AgentProofSchema = exports.BindingDetailsSchema = exports.PROOF_METHODS = exports.ProofMethodSchema = exports.CONTROL_TYPES = exports.ControlTypeSchema = void 0;
-exports.validateAgentIdentityAttestation = validateAgentIdentityAttestation;
-exports.isAgentIdentityAttestation = isAgentIdentityAttestation;
-exports.createAgentIdentityAttestation = createAgentIdentityAttestation;
-exports.validateIdentityBinding = validateIdentityBinding;
-exports.isAttestationExpired = isAttestationExpired;
-exports.isAttestationNotYetValid = isAttestationNotYetValid;
-/**
- * Agent Identity Attestation Types and Validators (v0.9.25+)
- *
- * Provides cryptographic proof-of-control binding for agents,
- * distinguishing operator-verified bots from user-delegated agents.
- *
- * @see docs/specs/AGENT-IDENTITY.md for normative specification
- */
-const zod_1 = require("zod");
-const json_1 = require("./json");
-// =============================================================================
-// CONTROL TYPE (v0.9.25+)
-// =============================================================================
-/**
- * Control type distinguishes operator-verified bots from user-delegated agents.
- *
- * - 'operator': Bot/crawler operated by a known organization (e.g., Googlebot, GPTBot)
- * - 'user-delegated': Agent acting on behalf of a human user (e.g., browser extension, AI assistant)
- */
-exports.ControlTypeSchema = zod_1.z.enum(['operator', 'user-delegated']);
-/**
- * Array of valid control types for runtime checks
- */
-exports.CONTROL_TYPES = ['operator', 'user-delegated'];
-// =============================================================================
-// PROOF METHOD (v0.9.25+)
-// =============================================================================
-/**
- * Proof method used to establish agent identity.
- *
- * - 'http-message-signature': RFC 9421 HTTP Message Signatures
- * - 'dpop': RFC 9449 DPoP token binding
- * - 'mtls': Mutual TLS client certificate
- * - 'jwk-thumbprint': JWK Thumbprint confirmation (RFC 7638)
- */
-exports.ProofMethodSchema = zod_1.z.enum([
-    'http-message-signature',
-    'dpop',
-    'mtls',
-    'jwk-thumbprint',
-]);
-/**
- * Array of valid proof methods for runtime checks
- */
-exports.PROOF_METHODS = ['http-message-signature', 'dpop', 'mtls', 'jwk-thumbprint'];
-// =============================================================================
-// BINDING DETAILS (v0.9.25+)
-// =============================================================================
-/**
- * Details of what was included in the binding message for http-message-signature.
- *
- * This allows verifiers to reconstruct the binding message for verification.
- */
-exports.BindingDetailsSchema = zod_1.z
-    .object({
-    /** HTTP method (uppercase: GET, POST, etc.) */
-    method: zod_1.z.string().min(1).max(16),
-    /** Target URI of the request */
-    target: zod_1.z.string().min(1).max(2048),
-    /** Headers included in the signature (lowercase) */
-    headers_included: zod_1.z.array(zod_1.z.string().max(64)).max(32),
-    /** SHA-256 hash of request body (base64url), empty string if no body */
-    body_hash: zod_1.z.string().max(64).optional(),
-    /** When the binding was signed (RFC 3339) */
-    signed_at: zod_1.z.string().datetime(),
-})
-    .strict();
-// =============================================================================
-// AGENT PROOF (v0.9.25+)
-// =============================================================================
-/**
- * Proof of control binding - cryptographic evidence that the agent controls the key.
- */
-exports.AgentProofSchema = zod_1.z
-    .object({
-    /** Proof method used */
-    method: exports.ProofMethodSchema,
-    /** Key ID (matches kid in JWS header or JWKS) */
-    key_id: zod_1.z.string().min(1).max(256),
-    /** Algorithm used (default: EdDSA for Ed25519) */
-    alg: zod_1.z.string().max(32).default('EdDSA'),
-    /** Signature over binding message (base64url, for http-message-signature) */
-    signature: zod_1.z.string().max(512).optional(),
-    /** DPoP proof JWT (for dpop method) */
-    dpop_proof: zod_1.z.string().max(4096).optional(),
-    /** Certificate fingerprint (for mtls method, SHA-256 base64url) */
-    cert_thumbprint: zod_1.z.string().max(64).optional(),
-    /** Binding details for http-message-signature */
-    binding: exports.BindingDetailsSchema.optional(),
-})
-    .strict();
-// =============================================================================
-// AGENT IDENTITY EVIDENCE (v0.9.25+)
-// =============================================================================
-/**
- * Agent identity evidence - the payload of an AgentIdentityAttestation.
- *
- * Contains the agent identifier, control type, capabilities, and optional
- * cryptographic proof of key control.
- */
-exports.AgentIdentityEvidenceSchema = zod_1.z
-    .object({
-    /** Stable agent identifier (opaque string, REQUIRED) */
-    agent_id: zod_1.z.string().min(1).max(256),
-    /** Control type: operator-verified or user-delegated (REQUIRED) */
-    control_type: exports.ControlTypeSchema,
-    /** Agent capabilities/scopes (optional, for fine-grained access) */
-    capabilities: zod_1.z.array(zod_1.z.string().max(64)).max(32).optional(),
-    /** Delegation chain for user-delegated agents (optional) */
-    delegation_chain: zod_1.z.array(zod_1.z.string().max(256)).max(8).optional(),
-    /** Cryptographic proof of key control (optional) */
-    proof: exports.AgentProofSchema.optional(),
-    /** Key directory URL for public key discovery (optional) */
-    key_directory_url: zod_1.z.string().url().max(2048).optional(),
-    /** Agent operator/organization (optional, for operator type) */
-    operator: zod_1.z.string().max(256).optional(),
-    /** User identifier (optional, for user-delegated type, should be opaque) */
-    user_id: zod_1.z.string().max(256).optional(),
-    /** Additional type-specific metadata (optional) */
-    metadata: zod_1.z.record(zod_1.z.string(), json_1.JsonValueSchema).optional(),
-})
-    .strict();
-// =============================================================================
-// AGENT IDENTITY ATTESTATION (v0.9.25+)
-// =============================================================================
-/**
- * Attestation type literal for agent identity
- */
-exports.AGENT_IDENTITY_TYPE = 'peac/agent-identity';
-/**
- * AgentIdentityAttestation - extends generic Attestation with agent-specific evidence.
- *
- * This attestation proves cryptographic control over an agent identity,
- * distinguishing operator-verified bots from user-delegated agents.
- *
- * @example
- * ```typescript
- * const attestation: AgentIdentityAttestation = {
- *   type: 'peac/agent-identity',
- *   issuer: 'https://crawler.example.com',
- *   issued_at: '2026-01-03T12:00:00Z',
- *   evidence: {
- *     agent_id: 'bot:crawler-prod-001',
- *     control_type: 'operator',
- *     operator: 'Example Crawler Inc.',
- *     capabilities: ['crawl', 'index'],
- *     proof: {
- *       method: 'http-message-signature',
- *       key_id: 'key-2026-01',
- *       alg: 'EdDSA',
- *     },
- *   },
- * };
- * ```
- */
-exports.AgentIdentityAttestationSchema = zod_1.z
-    .object({
-    /** Attestation type (MUST be 'peac/agent-identity') */
-    type: zod_1.z.literal(exports.AGENT_IDENTITY_TYPE),
-    /** Issuer of the attestation (agent operator, IdP, or platform) */
-    issuer: zod_1.z.string().min(1).max(2048),
-    /** When the attestation was issued (RFC 3339) */
-    issued_at: zod_1.z.string().datetime(),
-    /** When the attestation expires (RFC 3339, optional) */
-    expires_at: zod_1.z.string().datetime().optional(),
-    /** Reference to external verification endpoint (optional) */
-    ref: zod_1.z.string().url().max(2048).optional(),
-    /** Agent identity evidence */
-    evidence: exports.AgentIdentityEvidenceSchema,
-})
-    .strict();
-// =============================================================================
-// IDENTITY BINDING (v0.9.25+)
-// =============================================================================
-/**
- * Identity binding result from constructBindingMessage().
- *
- * Used to tie an agent identity attestation to a specific HTTP request.
- */
-exports.IdentityBindingSchema = zod_1.z
-    .object({
-    /** SHA-256 hash of the canonical binding message (base64url) */
-    binding_message_hash: zod_1.z.string().min(1).max(64),
-    /** Ed25519 signature over binding message (base64url) */
-    signature: zod_1.z.string().min(1).max(512),
-    /** Key ID used for signing */
-    key_id: zod_1.z.string().min(1).max(256),
-    /** When the binding was created (RFC 3339) */
-    signed_at: zod_1.z.string().datetime(),
-})
-    .strict();
-// =============================================================================
-// AGENT IDENTITY VERIFIED BLOCK (v0.9.25+)
-// =============================================================================
-/**
- * Agent identity verification result to include in receipt evidence.
- *
- * This block is added by the publisher after verifying an agent identity
- * attestation, binding the verified identity to the issued receipt.
- */
-exports.AgentIdentityVerifiedSchema = zod_1.z
-    .object({
-    /** Agent ID from the verified attestation */
-    agent_id: zod_1.z.string().min(1).max(256),
-    /** Control type from the verified attestation */
-    control_type: exports.ControlTypeSchema,
-    /** When the publisher verified the identity (RFC 3339) */
-    verified_at: zod_1.z.string().datetime(),
-    /** Key ID that was used for verification */
-    key_id: zod_1.z.string().min(1).max(256),
-    /** SHA-256 hash of the binding message (base64url) */
-    binding_hash: zod_1.z.string().min(1).max(64),
-})
-    .strict();
-// =============================================================================
-// VALIDATION HELPERS (v0.9.25+)
-// =============================================================================
-/**
- * Validate an AgentIdentityAttestation.
- *
- * @param data - Unknown data to validate
- * @returns Result with validated attestation or error message
- *
- * @example
- * ```typescript
- * const result = validateAgentIdentityAttestation(data);
- * if (result.ok) {
- *   console.log('Agent ID:', result.value.evidence.agent_id);
- * } else {
- *   console.error('Validation error:', result.error);
- * }
- * ```
- */
-function validateAgentIdentityAttestation(data) {
-    const result = exports.AgentIdentityAttestationSchema.safeParse(data);
-    if (result.success) {
-        return { ok: true, value: result.data };
-    }
-    return { ok: false, error: result.error.message };
-}
-/**
- * Check if an object is an AgentIdentityAttestation.
- *
- * @param attestation - Object with a type field
- * @returns True if the type is 'peac/agent-identity'
- */
-function isAgentIdentityAttestation(attestation) {
-    return attestation.type === exports.AGENT_IDENTITY_TYPE;
-}
-/**
- * Create an AgentIdentityAttestation with current timestamp.
- *
- * @param params - Attestation parameters
- * @returns A valid AgentIdentityAttestation
- *
- * @example
- * ```typescript
- * const attestation = createAgentIdentityAttestation({
- *   issuer: 'https://crawler.example.com',
- *   agent_id: 'bot:crawler-prod-001',
- *   control_type: 'operator',
- *   operator: 'Example Crawler Inc.',
- *   capabilities: ['crawl', 'index'],
- * });
- * ```
- */
-function createAgentIdentityAttestation(params) {
-    const evidence = {
-        agent_id: params.agent_id,
-        control_type: params.control_type,
-    };
-    if (params.capabilities) {
-        evidence.capabilities = params.capabilities;
-    }
-    if (params.delegation_chain) {
-        evidence.delegation_chain = params.delegation_chain;
-    }
-    if (params.proof) {
-        evidence.proof = params.proof;
-    }
-    if (params.key_directory_url) {
-        evidence.key_directory_url = params.key_directory_url;
-    }
-    if (params.operator) {
-        evidence.operator = params.operator;
-    }
-    if (params.user_id) {
-        evidence.user_id = params.user_id;
-    }
-    if (params.metadata) {
-        // Validate metadata is JSON-safe at runtime
-        evidence.metadata = params.metadata;
-    }
-    const attestation = {
-        type: exports.AGENT_IDENTITY_TYPE,
-        issuer: params.issuer,
-        issued_at: new Date().toISOString(),
-        evidence,
-    };
-    if (params.expires_at) {
-        attestation.expires_at = params.expires_at;
-    }
-    if (params.ref) {
-        attestation.ref = params.ref;
-    }
-    return attestation;
-}
-/**
- * Validate an IdentityBinding.
- *
- * @param data - Unknown data to validate
- * @returns Result with validated binding or error message
- */
-function validateIdentityBinding(data) {
-    const result = exports.IdentityBindingSchema.safeParse(data);
-    if (result.success) {
-        return { ok: true, value: result.data };
-    }
-    return { ok: false, error: result.error.message };
-}
-/**
- * Check if an agent identity attestation is expired.
- *
- * @param attestation - The attestation to check
- * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)
- * @returns True if the attestation has expired
- */
-function isAttestationExpired(attestation, clockSkew = 30000) {
-    if (!attestation.expires_at) {
-        return false; // No expiry = never expires
-    }
-    const expiresAt = new Date(attestation.expires_at).getTime();
-    const now = Date.now();
-    return expiresAt < now - clockSkew;
-}
-/**
- * Check if an agent identity attestation is not yet valid.
- *
- * @param attestation - The attestation to check
- * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)
- * @returns True if the attestation is not yet valid (issued_at in the future)
- */
-function isAttestationNotYetValid(attestation, clockSkew = 30000) {
-    const issuedAt = new Date(attestation.issued_at).getTime();
-    const now = Date.now();
-    return issuedAt > now + clockSkew;
-}
-//# sourceMappingURL=agent-identity.js.map

package/dist/agent-identity.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"agent-identity.js","sourceRoot":"","sources":["../src/agent-identity.ts"],"names":[],"mappings":";;;AAqSA,4EAQC;AAQD,gEAIC;AAiDD,wEA8CC;AAQD,0DAQC;AASD,oDAUC;AASD,4DAOC;AA3cD;;;;;;;GAOG;AACH,6BAAwB;AAExB,iCAAyC;AAEzC,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;;GAKG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAGxE;;GAEG;AACU,QAAA,aAAa,GAAG,CAAC,UAAU,EAAE,gBAAgB,CAAU,CAAC;AAErE,gFAAgF;AAChF,0BAA0B;AAC1B,gFAAgF;AAEhF;;;;;;;GAOG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,IAAI,CAAC;IACtC,wBAAwB;IACxB,MAAM;IACN,MAAM;IACN,gBAAgB;CACjB,CAAC,CAAC;AAGH;;GAEG;AACU,QAAA,aAAa,GAAG,CAAC,wBAAwB,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAU,CAAC;AAEnG,gFAAgF;AAChF,6BAA6B;AAC7B,gFAAgF;AAEhF;;;;GAIG;AACU,QAAA,oBAAoB,GAAG,OAAC;KAClC,MAAM,CAAC;IACN,+CAA+C;IAC/C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAEjC,gCAAgC;IAChC,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAEnC,oDAAoD;IACpD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAErD,wEAAwE;IACxE,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAExC,6CAA6C;IAC7C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,yBAAyB;AACzB,gFAAgF;AAEhF;;GAEG;AACU,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,CAAC;IACN,wBAAwB;IACxB,MAAM,EAAE,yBAAiB;IAEzB,iDAAiD;IACjD,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAElC,kDAAkD;IAClD,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAExC,6EAA6E;IAC7E,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAEzC,uCAAuC;IACvC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IAE3C,mEAAmE;IACnE,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE9C,iDAAiD;IACjD,OAAO,EAAE,4BAAoB,CAAC,QAAQ,EAAE;CACzC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,qCAAqC;AACrC,gFAAgF;AAEhF;;;;;GAKG;AACU,QAAA,2BAA2B,GAAG,OAAC;KACzC,MAAM,CAAC;IACN,wDAAwD;IACxD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAEpC,mEAAmE;IACnE,YAAY,EAAE,yBAAiB;IAE/B,oEAAoE;IACpE,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE5D,4DAA4D;IAC5D,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEhE,oDAAoD;IACpD,KAAK,EAAE,wBAAgB,CAAC,QAAQ,EAAE;IAElC,4DAA4D;IAC5D,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IAExD,gEAAgE;IAChE,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAExC,4EAA4E;IAC5E,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAEvC,mDAAmD;IACnD,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,sBAAe,CAAC,CAAC,QAAQ,EAAE;CAC3D,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,wCAAwC;AACxC,gFAAgF;AAEhF;;GAEG;AACU,QAAA,mBAAmB,GAAG,qBAA8B,CAAC;AAElE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACU,QAAA,8BAA8B,GAAG,OAAC;KAC5C,MAAM,CAAC;IACN,uDAAuD;IACvD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,2BAAmB,CAAC;IAEpC,mEAAmE;IACnE,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAEnC,iDAAiD;IACjD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEhC,wDAAwD;IACxD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAE5C,6DAA6D;IAC7D,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IAE1C,8BAA8B;IAC9B,QAAQ,EAAE,mCAA2B;CACtC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,8BAA8B;AAC9B,gFAAgF;AAEhF;;;;GAIG;AACU,QAAA,qBAAqB,GAAG,OAAC;KACnC,MAAM,CAAC;IACN,gEAAgE;IAChE,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAE/C,yDAAyD;IACzD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAErC,8BAA8B;IAC9B,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAElC,8CAA8C;IAC9C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,2CAA2C;AAC3C,gFAAgF;AAEhF;;;;;GAKG;AACU,QAAA,2BAA2B,GAAG,OAAC;KACzC,MAAM,CAAC;IACN,6CAA6C;IAC7C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAEpC,iDAAiD;IACjD,YAAY,EAAE,yBAAiB;IAE/B,0DAA0D;IAC1D,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAElC,4CAA4C;IAC5C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAElC,sDAAsD;IACtD,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;CACxC,CAAC;KACD,MAAM,EAAE,CAAC;AAGZ,gFAAgF;AAChF,gCAAgC;AAChC,gFAAgF;AAEhF;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,gCAAgC,CAC9C,IAAa;IAEb,MAAM,MAAM,GAAG,sCAA8B,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,WAE1C;IACC,OAAO,WAAW,CAAC,IAAI,KAAK,2BAAmB,CAAC;AAClD,CAAC;AAgCD;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,8BAA8B,CAC5C,MAA4C;IAE5C,MAAM,QAAQ,GAA0B;QACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;KAClC,CAAC;IAEF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,QAAQ,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;IAC9C,CAAC;IACD,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC5B,QAAQ,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,QAAQ,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAChC,CAAC;IACD,IAAI,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC7B,QAAQ,CAAC,iBAAiB,GAAG,MAAM,CAAC,iBAAiB,CAAC;IACxD,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACtC,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACpC,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,4CAA4C;QAC5C,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED,MAAM,WAAW,GAA6B;QAC5C,IAAI,EAAE,2BAAmB;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ;KACT,CAAC;IAEF,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,WAAW,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QACf,WAAW,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IAC/B,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CACrC,IAAa;IAEb,MAAM,MAAM,GAAG,6BAAqB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;AACpD,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAClC,WAAqC,EACrC,YAAoB,KAAK;IAEzB,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC,CAAC,4BAA4B;IAC5C,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC;AACrC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,wBAAwB,CACtC,WAAqC,EACrC,YAAoB,KAAK;IAEzB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO,QAAQ,GAAG,GAAG,GAAG,SAAS,CAAC;AACpC,CAAC"}

package/dist/attestation-receipt.js

@@ -1,249 +0,0 @@
-"use strict";
-/**
- * PEAC Attestation Receipt Types (v0.10.8+)
- *
- * Attestation receipts are lightweight signed tokens that attest to API
- * interactions WITHOUT payment fields. This is a distinct profile from
- * full payment receipts (PEACReceiptClaims).
- *
- * Use cases:
- * - API interaction logging with evidentiary value
- * - Middleware-issued receipts for non-payment flows
- * - Audit trails for agent/tool interactions
- *
- * Claims structure:
- * - Core JWT claims: iss, aud, iat, exp
- * - PEAC claims: rid (UUIDv7 receipt ID)
- * - Optional: sub, ext (extensions including interaction binding)
- *
- * @see docs/specs/ATTESTATION-RECEIPTS.md
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AttestationReceiptClaimsSchema = exports.AttestationExtensionsSchema = exports.MinimalInteractionBindingSchema = exports.ATTESTATION_LIMITS = exports.MIDDLEWARE_INTERACTION_KEY = exports.ATTESTATION_RECEIPT_TYPE = void 0;
-exports.validateAttestationReceiptClaims = validateAttestationReceiptClaims;
-exports.isAttestationReceiptClaims = isAttestationReceiptClaims;
-exports.validateMinimalInteractionBinding = validateMinimalInteractionBinding;
-exports.isMinimalInteractionBinding = isMinimalInteractionBinding;
-exports.createAttestationReceiptClaims = createAttestationReceiptClaims;
-exports.isAttestationOnly = isAttestationOnly;
-exports.isPaymentReceipt = isPaymentReceipt;
-const zod_1 = require("zod");
-// ============================================================================
-// Constants
-// ============================================================================
-/**
- * Attestation receipt type constant
- */
-exports.ATTESTATION_RECEIPT_TYPE = 'peac/attestation-receipt';
-/**
- * Extension key for minimal interaction binding (middleware profile)
- *
- * This is a simplified binding used by middleware packages. For full
- * interaction evidence, use INTERACTION_EXTENSION_KEY from ./interaction.ts
- */
-exports.MIDDLEWARE_INTERACTION_KEY = 'org.peacprotocol/middleware-interaction@0.1';
-/**
- * Limits for attestation receipt fields (DoS protection)
- */
-exports.ATTESTATION_LIMITS = {
-    /** Maximum issuer URL length */
-    maxIssuerLength: 2048,
-    /** Maximum audience URL length */
-    maxAudienceLength: 2048,
-    /** Maximum subject length */
-    maxSubjectLength: 256,
-    /** Maximum path length in interaction binding */
-    maxPathLength: 2048,
-    /** Maximum method length */
-    maxMethodLength: 16,
-    /** Maximum HTTP status code */
-    maxStatusCode: 599,
-    /** Minimum HTTP status code */
-    minStatusCode: 100,
-};
-// ============================================================================
-// Zod Schemas
-// ============================================================================
-/**
- * HTTPS URL validation (reused from validators.ts pattern)
- */
-const httpsUrl = zod_1.z
-    .string()
-    .url()
-    .max(exports.ATTESTATION_LIMITS.maxIssuerLength)
-    .refine((url) => url.startsWith('https://'), 'Must be HTTPS URL');
-/**
- * UUIDv7 format validation
- */
-const uuidv7 = zod_1.z
-    .string()
-    .regex(/^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i, 'Must be UUIDv7 format');
-/**
- * Minimal interaction binding schema (for middleware use)
- *
- * This is a simplified version of full interaction evidence.
- * Contains only: method, path, status.
- *
- * Privacy note: Query strings are excluded by default to avoid
- * leaking sensitive data (API keys, tokens, PII in parameters).
- */
-exports.MinimalInteractionBindingSchema = zod_1.z
-    .object({
-    /** HTTP method (uppercase, e.g., GET, POST) */
-    method: zod_1.z
-        .string()
-        .min(1)
-        .max(exports.ATTESTATION_LIMITS.maxMethodLength)
-        .transform((m) => m.toUpperCase()),
-    /** Request path (no query string by default) */
-    path: zod_1.z.string().min(1).max(exports.ATTESTATION_LIMITS.maxPathLength),
-    /** HTTP response status code */
-    status: zod_1.z
-        .number()
-        .int()
-        .min(exports.ATTESTATION_LIMITS.minStatusCode)
-        .max(exports.ATTESTATION_LIMITS.maxStatusCode),
-})
-    .strict();
-/**
- * Attestation receipt extensions schema
- *
- * Allows interaction binding and other namespaced extensions.
- */
-exports.AttestationExtensionsSchema = zod_1.z.record(zod_1.z.string(), zod_1.z.unknown());
-/**
- * PEAC Attestation Receipt Claims schema
- *
- * This is the claims structure for attestation receipts - lightweight
- * receipts without payment fields. For full payment receipts, use
- * ReceiptClaimsSchema from ./validators.ts
- */
-exports.AttestationReceiptClaimsSchema = zod_1.z
-    .object({
-    /** Issuer URL (normalized, no trailing slash) */
-    iss: httpsUrl,
-    /** Audience URL */
-    aud: httpsUrl,
-    /** Issued at (Unix seconds) */
-    iat: zod_1.z.number().int().nonnegative(),
-    /** Expiration (Unix seconds) */
-    exp: zod_1.z.number().int().nonnegative(),
-    /** Receipt ID (UUIDv7) */
-    rid: uuidv7,
-    /** Subject identifier (optional) */
-    sub: zod_1.z.string().max(exports.ATTESTATION_LIMITS.maxSubjectLength).optional(),
-    /** Extensions (optional) */
-    ext: exports.AttestationExtensionsSchema.optional(),
-})
-    .strict();
-/**
- * Validate attestation receipt claims
- *
- * @param input - Raw input to validate
- * @returns Validation result
- */
-function validateAttestationReceiptClaims(input) {
-    const result = exports.AttestationReceiptClaimsSchema.safeParse(input);
-    if (result.success) {
-        return { valid: true };
-    }
-    const firstIssue = result.error.issues[0];
-    return {
-        valid: false,
-        error_code: 'E_ATTESTATION_INVALID_CLAIMS',
-        error_message: firstIssue?.message || 'Invalid attestation receipt claims',
-    };
-}
-/**
- * Check if an object is valid attestation receipt claims (non-throwing)
- *
- * @param claims - Object to check
- * @returns True if valid AttestationReceiptClaims
- */
-function isAttestationReceiptClaims(claims) {
-    return exports.AttestationReceiptClaimsSchema.safeParse(claims).success;
-}
-/**
- * Validate minimal interaction binding
- *
- * @param input - Raw input to validate
- * @returns Validation result
- */
-function validateMinimalInteractionBinding(input) {
-    const result = exports.MinimalInteractionBindingSchema.safeParse(input);
-    if (result.success) {
-        return { valid: true };
-    }
-    const firstIssue = result.error.issues[0];
-    return {
-        valid: false,
-        error_code: 'E_ATTESTATION_INVALID_INTERACTION',
-        error_message: firstIssue?.message || 'Invalid interaction binding',
-    };
-}
-/**
- * Check if an object is valid minimal interaction binding (non-throwing)
- *
- * @param binding - Object to check
- * @returns True if valid MinimalInteractionBinding
- */
-function isMinimalInteractionBinding(binding) {
-    return exports.MinimalInteractionBindingSchema.safeParse(binding).success;
-}
-/**
- * Create validated attestation receipt claims
- *
- * @param params - Attestation receipt parameters
- * @returns Validated AttestationReceiptClaims
- * @throws ZodError if validation fails
- */
-function createAttestationReceiptClaims(params) {
-    const now = Math.floor(Date.now() / 1000);
-    const expiresIn = params.expiresIn ?? 300;
-    // Normalize issuer (remove trailing slashes)
-    // Using explicit loop instead of regex to avoid ReDoS with quantifiers
-    let normalizedIssuer = params.issuer;
-    while (normalizedIssuer.endsWith('/')) {
-        normalizedIssuer = normalizedIssuer.slice(0, -1);
-    }
-    // Build extensions
-    const ext = { ...params.extensions };
-    if (params.interaction) {
-        ext[exports.MIDDLEWARE_INTERACTION_KEY] = params.interaction;
-    }
-    const claims = {
-        iss: normalizedIssuer,
-        aud: params.audience,
-        iat: now,
-        exp: now + expiresIn,
-        rid: params.rid,
-        ...(params.sub && { sub: params.sub }),
-        ...(Object.keys(ext).length > 0 && { ext }),
-    };
-    return exports.AttestationReceiptClaimsSchema.parse(claims);
-}
-// ============================================================================
-// Type Guard for Receipt Profile Discrimination
-// ============================================================================
-/**
- * Check if claims are attestation-only (no payment fields)
- *
- * This helps discriminate between attestation receipts and
- * full payment receipts at runtime.
- *
- * @param claims - Receipt claims to check
- * @returns True if claims lack payment fields (amt, cur, payment)
- */
-function isAttestationOnly(claims) {
-    return !('amt' in claims) && !('cur' in claims) && !('payment' in claims);
-}
-/**
- * Check if claims are payment receipt (has payment fields)
- *
- * @param claims - Receipt claims to check
- * @returns True if claims have payment fields
- */
-function isPaymentReceipt(claims) {
-    return 'amt' in claims && 'cur' in claims && 'payment' in claims;
-}
-//# sourceMappingURL=attestation-receipt.js.map

package/dist/attestation-receipt.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"attestation-receipt.js","sourceRoot":"","sources":["../src/attestation-receipt.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;AAwJH,4EAWC;AAQD,gEAEC;AAQD,8EAWC;AAQD,kEAIC;AAiCD,wEA8BC;AAeD,8CAEC;AAQD,4CAEC;AApSD,6BAAwB;AAExB,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;GAEG;AACU,QAAA,wBAAwB,GAAG,0BAAmC,CAAC;AAE5E;;;;;GAKG;AACU,QAAA,0BAA0B,GAAG,6CAA6C,CAAC;AAExF;;GAEG;AACU,QAAA,kBAAkB,GAAG;IAChC,gCAAgC;IAChC,eAAe,EAAE,IAAI;IACrB,kCAAkC;IAClC,iBAAiB,EAAE,IAAI;IACvB,6BAA6B;IAC7B,gBAAgB,EAAE,GAAG;IACrB,iDAAiD;IACjD,aAAa,EAAE,IAAI;IACnB,4BAA4B;IAC5B,eAAe,EAAE,EAAE;IACnB,+BAA+B;IAC/B,aAAa,EAAE,GAAG;IAClB,+BAA+B;IAC/B,aAAa,EAAE,GAAG;CACV,CAAC;AAEX,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;GAEG;AACH,MAAM,QAAQ,GAAG,OAAC;KACf,MAAM,EAAE;KACR,GAAG,EAAE;KACL,GAAG,CAAC,0BAAkB,CAAC,eAAe,CAAC;KACvC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,mBAAmB,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,GAAG,OAAC;KACb,MAAM,EAAE;KACR,KAAK,CACJ,wEAAwE,EACxE,uBAAuB,CACxB,CAAC;AAEJ;;;;;;;;GAQG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,MAAM,CAAC;IACN,+CAA+C;IAC/C,MAAM,EAAE,OAAC;SACN,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,GAAG,CAAC,0BAAkB,CAAC,eAAe,CAAC;SACvC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACpC,gDAAgD;IAChD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,0BAAkB,CAAC,aAAa,CAAC;IAC7D,gCAAgC;IAChC,MAAM,EAAE,OAAC;SACN,MAAM,EAAE;SACR,GAAG,EAAE;SACL,GAAG,CAAC,0BAAkB,CAAC,aAAa,CAAC;SACrC,GAAG,CAAC,0BAAkB,CAAC,aAAa,CAAC;CACzC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ;;;;GAIG;AACU,QAAA,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AAE7E;;;;;;GAMG;AACU,QAAA,8BAA8B,GAAG,OAAC;KAC5C,MAAM,CAAC;IACN,iDAAiD;IACjD,GAAG,EAAE,QAAQ;IACb,mBAAmB;IACnB,GAAG,EAAE,QAAQ;IACb,+BAA+B;IAC/B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IACnC,gCAAgC;IAChC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IACnC,0BAA0B;IAC1B,GAAG,EAAE,MAAM;IACX,oCAAoC;IACpC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,0BAAkB,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;IACnE,4BAA4B;IAC5B,GAAG,EAAE,mCAA2B,CAAC,QAAQ,EAAE;CAC5C,CAAC;KACD,MAAM,EAAE,CAAC;AAuBZ;;;;;GAKG;AACH,SAAgB,gCAAgC,CAAC,KAAc;IAC7D,MAAM,MAAM,GAAG,sCAA8B,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,8BAA8B;QAC1C,aAAa,EAAE,UAAU,EAAE,OAAO,IAAI,oCAAoC;KAC3E,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,MAAe;IACxD,OAAO,sCAA8B,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;AAClE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iCAAiC,CAAC,KAAc;IAC9D,MAAM,MAAM,GAAG,uCAA+B,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAChE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,UAAU,EAAE,mCAAmC;QAC/C,aAAa,EAAE,UAAU,EAAE,OAAO,IAAI,6BAA6B;KACpE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CACzC,OAAgB;IAEhB,OAAO,uCAA+B,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;AACpE,CAAC;AA0BD;;;;;;GAMG;AACH,SAAgB,8BAA8B,CAC5C,MAAsC;IAEtC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC;IAE1C,6CAA6C;IAC7C,uEAAuE;IACvE,IAAI,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,gBAAgB,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,mBAAmB;IACnB,MAAM,GAAG,GAA4B,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAC9D,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QACvB,GAAG,CAAC,kCAA0B,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC;IACvD,CAAC;IAED,MAAM,MAAM,GAA6B;QACvC,GAAG,EAAE,gBAAgB;QACrB,GAAG,EAAE,MAAM,CAAC,QAAQ;QACpB,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,SAAS;QACpB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC;QACtC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;KAC5C,CAAC;IAEF,OAAO,sCAA8B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACtD,CAAC;AAED,+EAA+E;AAC/E,gDAAgD;AAChD,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAAC,MAA+B;IAC/D,OAAO,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;AAC5E,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,MAA+B;IAC9D,OAAO,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,MAAM,IAAI,SAAS,IAAI,MAAM,CAAC;AACnE,CAAC"}