@peac/schema 0.12.4 → 0.12.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/index.cjs +10 -4
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.ts +1 -1
  4. package/dist/index.d.ts.map +1 -1
  5. package/dist/index.mjs +9 -5
  6. package/dist/index.mjs.map +1 -1
  7. package/dist/receipt-parser.cjs +5 -4
  8. package/dist/receipt-parser.cjs.map +1 -1
  9. package/dist/receipt-parser.mjs +5 -4
  10. package/dist/receipt-parser.mjs.map +1 -1
  11. package/dist/wire-02-extensions/commerce.d.ts +16 -0
  12. package/dist/wire-02-extensions/commerce.d.ts.map +1 -1
  13. package/dist/wire-02-extensions/index.d.ts +1 -1
  14. package/dist/wire-02-extensions/index.d.ts.map +1 -1
  15. package/dist/wire-02-extensions.d.ts +1 -1
  16. package/dist/wire-02-extensions.d.ts.map +1 -1
  17. package/package.json +2 -2
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/normalize.ts","../src/purpose.ts","../src/constraints.ts","../src/json.ts","../src/agent-identity.ts","../src/attribution.ts","../src/constants.ts","../src/validators.ts","../src/actor-binding.ts","../src/extensions/credential-event.ts","../src/extensions/tool-registry.ts","../src/extensions/control-action.ts","../src/extensions/treaty.ts","../src/extensions/fingerprint-ref.ts","../src/dispute.ts","../src/workflow.ts","../src/interaction.ts","../src/obligations.ts","../src/attestation-receipt.ts","../src/carrier.ts","../src/wire-02-representation.ts","../src/wire-02-extensions/limits.ts","../src/wire-02-extensions/grammar.ts","../src/wire-02-extensions/commerce.ts","../src/wire-02-extensions/access.ts","../src/wire-02-extensions/challenge.ts","../src/wire-02-extensions/identity.ts","../src/wire-02-extensions/correlation.ts","../src/wire-02-extensions/shared-validators.ts","../src/wire-02-extensions/consent.ts","../src/wire-02-extensions/privacy.ts","../src/wire-02-extensions/safety.ts","../src/wire-02-extensions/compliance.ts","../src/wire-02-extensions/provenance.ts","../src/wire-02-extensions/attribution.ts","../src/wire-02-extensions/purpose-extension.ts","../src/wire-02-extensions/accessors.ts","../src/wire-02-extensions/schema-map.ts","../src/wire-02-extensions/validation.ts","../src/wire-02-envelope.ts","../src/receipt-parser.ts","../src/wire-02-warnings.ts","../src/wire-02-registries.ts","../src/policy-binding.ts","../src/issuer-config.ts"],"names":["z","httpsUrl","uuidv7","ReceiptRefSchema","KERNEL_ERROR_CODES","EXTENSION_BUDGET","HASH","result"],"mappings":";;;;;;AAkBO,IAAM,0BAAA,GAAoC,MAAA,CAAA;AAsG1C,IAAM,WAAA,GAAc;AAAA;AAAA,EAEzB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,uBAAA,EAAyB,yBAAA;AAAA,EACzB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,mBAAA,EAAqB,qBAAA;AAAA;AAAA,EAGrB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,cAAA,EAAgB,gBAAA;AAAA,EAChB,aAAA,EAAe,eAAA;AAAA,EACf,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,gBAAA,EAAkB,kBAAA;AAAA;AAAA,EAGlB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,eAAA,EAAiB,iBAAA;AAAA;AAAA,EAGjB,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,sBAAA,EAAwB,wBAAA;AAAA,EACxB,yBAAA,EAA2B,2BAAA;AAAA,EAC3B,qBAAA,EAAuB,uBAAA;AAAA,EACvB,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,2BAAA,EAA6B,6BAAA;AAAA,EAC7B,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,yBAAA,EAA2B,2BAAA;AAAA;AAAA,EAG3B,sBAAA,EAAwB,wBAAA;AAAA;AAAA,EAGxB,uBAAA,EAAyB;AAC3B;AAUO,SAAS,eAAA,CACd,IAAA,EACA,QAAA,EACA,QAAA,EACA,WACA,OAAA,EAMW;AACX,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,QAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA,GAAG;AAAA,GACL;AACF;AAQO,SAAS,0BAAA,CAA2B,SAAiB,IAAA,EAAuC;AACjG,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,mBAAA,EAAqB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACpF,WAAA,EAAa,GAAA;AAAA,IACb,SAAS,IAAA,GAAO,GAAA,GAAM,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA,GAAI,MAAA;AAAA,IACvC,WAAA,EACE,iHAAA;AAAA,IACF,OAAA,EAAS,EAAE,OAAA;AAAQ,GACpB,CAAA;AACH;AAWO,SAAS,kCAAkC,OAAA,EAA6B;AAC7E,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,0BAAA,EAA4B,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IAC3F,WAAA,EAAa,GAAA;AAAA,IACb,OAAA,EAAS,iCAAA;AAAA,IACT,WAAA,EAAa,2DAAA;AAAA,IACb,OAAA,EAAS,EAAE,OAAA,EAAS,OAAA,IAAW,0BAAA;AAA2B,GAC3D,CAAA;AACH;AAOO,SAAS,8BACd,MAAA,EACW;AACX,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,WAAA,EAAa,+BAAA;AAAA,IACb,gBAAA,EAAkB,gCAAA;AAAA,IAClB,KAAA,EAAO;AAAA,GACT;AACA,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,sBAAA,EAAwB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACvF,WAAA,EAAa,GAAA;AAAA,IACb,OAAA,EAAS,iDAAA;AAAA,IACT,WAAA,EAAa,4DAAA;AAAA,IACb,SAAS,EAAE,MAAA,EAAQ,OAAA,EAAS,QAAA,CAAS,MAAM,CAAA;AAAE,GAC9C,CAAA;AACH;AAYO,SAAS,+BACd,UAAA,EAMW;AACX,EAAA,MAAM,KAAA,GAAQ,WAAW,CAAC,CAAA;AAC1B,EAAA,MAAM,UAAU,UAAA,CACb,GAAA,CAAI,CAAC,CAAA,KAAM,GAAG,CAAA,CAAE,UAAU,CAAA,UAAA,EAAa,CAAA,CAAE,MAAM,CAAA,SAAA,EAAY,CAAA,CAAE,KAAK,CAAA,CAAA,CAAG,CAAA,CACrE,KAAK,IAAI,CAAA;AACZ,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,sBAAA,EAAwB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACvF,WAAA,EAAa,GAAA;AAAA,IACb,SAAS,KAAA,EAAO,IAAA;AAAA,IAChB,WAAA,EAAa,8DAAA;AAAA,IACb,SAAS,EAAE,OAAA,EAAS,CAAA,4BAAA,EAA+B,OAAO,IAAI,UAAA;AAAW,GAC1E,CAAA;AACH;;;ACjMA,SAAS,iBAAiB,OAAA,EAA6C;AACrE,EAAA,MAAM,MAAA,GAA4B;AAAA,IAChC,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,WAAW,OAAA,CAAQ,SAAA;AAAA,IACnB,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,KAAK,OAAA,CAAQ;AAAA,GACf;AAGA,EAAA,IAAI,OAAA,CAAQ,YAAY,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC3B;AACA,EAAA,IAAI,OAAA,CAAQ,eAAe,MAAA,EAAW;AACpC,IAAA,MAAA,CAAO,aAAa,OAAA,CAAQ,UAAA;AAAA,EAC9B;AACA,EAAA,IAAI,OAAA,CAAQ,YAAY,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,qBAAqB,IAAA,EAA0C;AACtE,EAAA,OAAO;AAAA,IACL,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,QAAQ,IAAA,CAAK;AAAA,GACf;AACF;AAKA,SAAS,iBAAiB,OAAA,EAA0C;AAClE,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,oBAAoB;AAAA,GAC/C;AACF;AAkCO,SAAS,aAAa,KAAA,EAAqD;AAEhF,EAAA,IAAI,QAAQ,KAAA,IAAS,KAAA,CAAM,EAAA,KAAO,IAAA,IAAQ,aAAa,KAAA,EAAO;AAC5D,IAAA,MAAM,MAAA,GAAS,KAAA;AACf,IAAA,IAAI,MAAA,CAAO,YAAY,UAAA,EAAY;AACjC,MAAA,OAAO,kBAAA,CAAmB,OAAO,MAA2B,CAAA;AAAA,IAC9D;AACA,IAAA,OAAO,qBAAA,CAAsB,OAAO,MAAkC,CAAA;AAAA,EACxE;AAEA,EAAA,OAAO,mBAAmB,KAA0B,CAAA;AACtD;AAEA,SAAS,mBAAmB,MAAA,EAAuC;AACjE,EAAA,MAAM,MAAA,GAAqB;AAAA,IACzB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,GAAI,MAAA,CAAO,GAAA,KAAQ,UAAa,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IAClD,GAAI,MAAA,CAAO,GAAA,KAAQ,UAAa,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IAClD,GAAI,OAAO,OAAA,KAAY,MAAA,IAAa,EAAE,OAAA,EAAS,gBAAA,CAAiB,MAAA,CAAO,OAAO,CAAA;AAAE,GAClF;AAEA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,MAAM,MAAA,CAAO,GAAA;AAAA,EACtB;AAEA,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,MAAA,CAAO,OAAA,GAAU,EAAE,GAAA,EAAK,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,EAC7C;AAEA,EAAA,IAAI,MAAA,CAAO,GAAA,EAAK,OAAA,KAAY,MAAA,EAAW;AACrC,IAAA,MAAA,CAAO,OAAA,GAAU,gBAAA,CAAiB,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAAA,EACtD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,sBAAsB,MAAA,EAA8C;AAC3E,EAAA,MAAM,MAAA,GAAqB;AAAA,IACzB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO;AAAA,GACd;AAEA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,MAAM,MAAA,CAAO,GAAA;AAAA,EACtB;AAIA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,OAAA,GAAU,EAAE,GAAA,EAAK,MAAA,CAAO,GAAA,EAAI;AAAA,EACrC;AAEA,EAAA,OAAO,MAAA;AACT;;;AChIO,IAAM,mBAAA,GACX;AAGK,IAAM,wBAAA,GAA2B;AAGjC,IAAM,8BAAA,GAAiC;AAGvC,IAAM,kBAAA,GAAkD;AAAA,EAC7D,OAAA;AAAA,EACA,QAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAGO,IAAM,eAAA,GAA4C;AAAA,EACvD,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAGO,IAAM,2BAAA,GAA+C;AAkBrD,SAAS,oBAAoB,KAAA,EAAsC;AACxE,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,KAAA,CAAM,MAAA,GAAS,0BAA0B,OAAO,KAAA;AAC1E,EAAA,OAAO,mBAAA,CAAoB,KAAK,KAAK,CAAA;AACvC;AAQO,SAAS,mBAAmB,KAAA,EAA0C;AAC3E,EAAA,OAAQ,kBAAA,CAAyC,SAAS,KAAK,CAAA;AACjE;AAQO,SAAS,gBAAgB,KAAA,EAAuC;AACrE,EAAA,OAAO,KAAA,KAAU,OAAA,IAAW,KAAA,KAAU,UAAA,IAAc,KAAA,KAAU,UAAA;AAChE;AAQO,SAAS,qBAAqB,MAAA,EAAyC;AAC5E,EAAA,OAAQ,eAAA,CAAsC,SAAS,MAAM,CAAA;AAC/D;AAUO,SAAS,oBAAoB,KAAA,EAAwB;AAC1D,EAAA,OAAO,KAAA,KAAU,2BAAA;AACnB;AAgBO,SAAS,sBAAsB,KAAA,EAAuB;AAC3D,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAgBO,SAAS,mBAAmB,WAAA,EAAqC;AACtE,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,OAAO,EAAC;AAAA,EACV;AAEA,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,MAAM,SAAyB,EAAC;AAEhC,EAAA,KAAA,MAAW,IAAA,IAAQ,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA,EAAG;AACzC,IAAA,MAAM,UAAA,GAAa,sBAAsB,IAAI,CAAA;AAC7C,IAAA,IAAI,WAAW,MAAA,GAAS,CAAA,IAAK,CAAC,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,EAAG;AAClD,MAAA,IAAA,CAAK,IAAI,UAAU,CAAA;AACnB,MAAA,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,IACxB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAqBO,SAAS,sBAAsB,MAAA,EAAiD;AACrF,EAAA,MAAM,gBAA0B,EAAC;AACjC,EAAA,IAAI,iBAAA,GAAoB,KAAA;AAExB,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,MAAA,iBAAA,GAAoB,IAAA;AAAA,IACtB;AACA,IAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,MAAA,aAAA,CAAc,KAAK,KAAK,CAAA;AAAA,IAC1B;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,aAAA,CAAc,MAAA,KAAW,CAAA,IAAK,CAAC,iBAAA;AAAA,IACtC,MAAA;AAAA,IACA,aAAA;AAAA,IACA;AAAA,GACF;AACF;AAWO,SAAS,oBAAoB,QAAA,EAA8C;AAChF,EAAA,OAAO,QAAA,CAAS,OAAO,kBAAkB,CAAA;AAC3C;AASA,IAAM,mBAAA,GAA+D;AAAA,EACnE,KAAA,EAAO,OAAA;AAAA;AAAA,EACP,QAAA,EAAU,WAAA;AAAA;AAAA,EACV,QAAA,EAAU;AAAA;AACZ,CAAA;AAeO,SAAS,qBAAqB,MAAA,EAA4C;AAC/E,EAAA,MAAM,SAAA,GAAY,oBAAoB,MAAM,CAAA;AAC5C,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,YAAA,EAAc,CAAA,eAAA,EAAkB,MAAM,CAAA,gBAAA,EAAmB,SAAS,CAAA,CAAA;AAAA,GACpE;AACF;AAUO,SAAS,+BACd,KAAA,EAI0D;AAC1D,EAAA,IAAI,kBAAA,CAAmB,KAAK,CAAA,EAAG;AAC7B,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAM;AAAA,EACzC;AACA,EAAA,IAAI,eAAA,CAAgB,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,EAAE,SAAS,mBAAA,CAAoB,KAAK,GAAG,MAAA,EAAQ,IAAA,EAAM,MAAM,KAAA,EAAM;AAAA,EAC1E;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,SAAS,IAAA,EAAK;AACxD;AA8DO,SAAS,uBAAuB,OAAA,EAA8C;AAEnF,EAAA,IAAI,CAAC,QAAQ,QAAA,EAAU;AACrB,IAAA,OAAO,oBAAA;AAAA,EACT;AAGA,EAAA,IAAI,QAAQ,gBAAA,EAAkB;AAC5B,IAAA,OAAO,mBAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,QAAQ,QAAA,IAAY,SAAA;AACrC,EAAA,QAAQ,QAAA;AAAU,IAChB,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,aAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,YAAA;AACH,MAAA,OAAO,YAAA;AAAA,IACT;AACE,MAAA,OAAO,SAAA;AAAA;AAEb;AAQO,SAAS,wBAAwB,MAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,IAAA,CAAK,CAAC,UAAU,CAAC,kBAAA,CAAmB,KAAK,CAAC,CAAA;AAC1D;;;ACxZO,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,gBAAA,EAAkB,EAAA;AAAA;AAAA,EAElB,gBAAA,EAAkB,GAAA;AAAA;AAAA,EAElB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,KAAA;AAAA;AAAA,EAEnB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,kBAAA,EAAoB;AACtB;AA0CO,SAAS,0BAA0B,MAAA,EAA6C;AACrF,EAAA,MAAM,aAAoC,EAAC;AAE3C,EAAA,IAAI,WAAW,IAAA,IAAQ,MAAA,KAAW,MAAA,IAAa,OAAO,WAAW,QAAA,EAAU;AACzE,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,UAAA,EAAW;AAAA,EACnC;AAMA,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,MAAM,KAAA,GAAgE;AAAA,IACpE,EAAE,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,MAAM,EAAA;AAAG,GACtC;AAEA,EAAA,OAAO,KAAA,CAAM,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,EAAI;AACvB,IAAA,UAAA,EAAA;AAGA,IAAA,IAAI,UAAA,GAAa,mBAAmB,eAAA,EAAiB;AACnD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,iBAAA;AAAA,QACZ,MAAA,EAAQ,UAAA;AAAA,QACR,OAAO,kBAAA,CAAmB,eAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AACD,MAAA;AAAA,IACF;AAKA,IAAA,IAAI,IAAA,CAAK,KAAA,GAAQ,kBAAA,CAAmB,gBAAA,EAAkB;AACpD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,kBAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,KAAA;AAAA,QACb,OAAO,kBAAA,CAAmB,gBAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,KAAA,KAAU,IAAA,IAAQ,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACzD,MAAA,IAAI,OAAO,IAAA,CAAK,KAAA,KAAU,QAAA,EAAU;AAElC,QAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,kBAAA,CAAmB,iBAAA,EAAmB;AAC5D,UAAA,UAAA,CAAW,IAAA,CAAK;AAAA,YACd,UAAA,EAAY,mBAAA;AAAA,YACZ,MAAA,EAAQ,KAAK,KAAA,CAAM,MAAA;AAAA,YACnB,OAAO,kBAAA,CAAmB,iBAAA;AAAA,YAC1B,MAAM,IAAA,CAAK;AAAA,WACZ,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AAC7B,MAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,kBAAA,CAAmB,gBAAA,EAAkB;AAC3D,QAAA,UAAA,CAAW,IAAA,CAAK;AAAA,UACd,UAAA,EAAY,kBAAA;AAAA,UACZ,MAAA,EAAQ,KAAK,KAAA,CAAM,MAAA;AAAA,UACnB,OAAO,kBAAA,CAAmB,gBAAA;AAAA,UAC1B,MAAM,IAAA,CAAK;AAAA,SACZ,CAAA;AAAA,MACH;AAEA,MAAA,KAAA,IAAS,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AAC/C,QAAA,KAAA,CAAM,IAAA,CAAK;AAAA,UACT,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,CAAC,CAAA;AAAA,UACnB,KAAA,EAAO,KAAK,KAAA,GAAQ,CAAA;AAAA,UACpB,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,IAAI,IAAI,CAAC,CAAA,CAAA;AAAA,SACxB,CAAA;AAAA,MACH;AACA,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,KAAgC,CAAA;AAC9D,IAAA,IAAI,IAAA,CAAK,MAAA,GAAS,kBAAA,CAAmB,eAAA,EAAiB;AACpD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,iBAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,OAAO,kBAAA,CAAmB,eAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,KAAA,IAAS,IAAI,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACzC,MAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAClB,MAAA,MAAM,SAAA,GAAY,KAAK,IAAA,GAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,GAAK,GAAA;AACtD,MAAA,KAAA,CAAM,IAAA,CAAK;AAAA,QACT,KAAA,EAAQ,IAAA,CAAK,KAAA,CAAkC,GAAG,CAAA;AAAA,QAClD,KAAA,EAAO,KAAK,KAAA,GAAQ,CAAA;AAAA,QACpB,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,UAAA,CAAW,MAAA,KAAW,GAAG,UAAA,EAAW;AACtD;;;ACtKA,SAAS,cAAc,KAAA,EAAkD;AACvE,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,OAAO,KAAA,KAAU,QAAA,EAAU;AAC/C,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,KAAK,CAAA;AACzC,EAAA,OAAO,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,IAAA;AACjD;AAQA,IAAM,gBAAA,GAAmB,CAAA,CAAE,MAAA,EAAO,CAAE,MAAA,EAAO;AAKpC,IAAM,mBAAA,GAAsB,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAO,EAAG,gBAAA,EAAkB,CAAA,CAAE,OAAA,EAAQ,EAAG,CAAA,CAAE,IAAA,EAAM,CAAC;AAKhG,IAAM,iBAAA,GAAoB,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAO,aAAA,EAAe;AAAA,EAC1D,OAAA,EAAS;AACX,CAAC,CAAA;AAmBM,IAAM,kBAAwC,CAAA,CAAE,IAAA;AAAA,EAAK,MAC1D,EAAE,KAAA,CAAM;AAAA,IACN,mBAAA;AAAA,IACA,CAAA,CAAE,MAAM,eAAe,CAAA;AAAA;AAAA,IAEvB,iBAAA,CAAkB,SAAA,CAAU,CAAC,GAAA,KAAQ,GAA8B,CAAA,CAAE,IAAA;AAAA,MACnE,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,IAAU,eAAe;AAAA;AACtC,GACD;AACH;AAOO,IAAM,mBAA0C,iBAAA,CAAkB,SAAA;AAAA,EACvE,CAAC,GAAA,KAAQ;AACX,CAAA,CAAE,KAAK,CAAA,CAAE,MAAA,CAAO,EAAE,MAAA,EAAO,EAAG,eAAe,CAAC;AAKrC,IAAM,eAAA,GAAwC,CAAA,CAAE,KAAA,CAAM,eAAe;AASrE,IAAM,oBAAA,GAAuB;AAAA;AAAA,EAElC,UAAU,kBAAA,CAAmB,gBAAA;AAAA;AAAA,EAE7B,gBAAgB,kBAAA,CAAmB,gBAAA;AAAA;AAAA,EAEnC,eAAe,kBAAA,CAAmB,eAAA;AAAA;AAAA,EAElC,iBAAiB,kBAAA,CAAmB,iBAAA;AAAA;AAAA,EAEpC,eAAe,kBAAA,CAAmB;AACpC;AA6DO,SAAS,uBAAA,CACd,KAAA,EACA,MAAA,GAA6B,EAAC,EACZ;AAClB,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,QAAA,IAAY,oBAAA,CAAqB,QAAA;AACzD,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,IAAkB,oBAAA,CAAqB,cAAA;AACrE,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,oBAAA,CAAqB,aAAA;AACnE,EAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,eAAA,IAAmB,oBAAA,CAAqB,eAAA;AACvE,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,oBAAA,CAAqB,aAAA;AAKnE,EAAA,MAAM,OAAA,uBAAc,OAAA,EAAgB;AAGpC,EAAA,IAAI,SAAA,GAAY,CAAA;AAGhB,EAAA,MAAM,KAAA,GAAsB,CAAC,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAO,IAAA,EAAM,EAAC,EAAG,KAAA,EAAO,CAAA,EAAG,CAAA;AAEzE,EAAA,OAAO,KAAA,CAAM,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,EAAI;AAGxB,IAAA,IAAI,KAAA,CAAM,SAAS,MAAA,EAAQ;AACzB,MAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,GAAG,CAAA;AACxB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,EAAE,KAAA,EAAO,OAAA,EAAS,IAAA,EAAM,OAAM,GAAI,KAAA;AAGxC,IAAA,SAAA,EAAA;AACA,IAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,wCAAwC,aAAa,CAAA,CAAA,CAAA;AAAA,QAC5D;AAAA,OACF;AAAA,IACF;AAGA,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,kCAAkC,QAAQ,CAAA,CAAA,CAAA;AAAA,QACjD;AAAA,OACF;AAAA,IACF;AAGA,IAAA,IAAI,YAAY,IAAA,EAAM;AACpB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,OAAO,OAAO,OAAA;AAEpB,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAK,OAAA,CAAmB,SAAS,eAAA,EAAiB;AAChD,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,yCAAyC,eAAe,CAAA,CAAA,CAAA;AAAA,UAC/D;AAAA,SACF;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,OAAiB,CAAA,EAAG;AACvC,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,sBAAsB,OAAO,CAAA,CAAA;AAAA,UACpC;AAAA,SACF;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAS,SAAA,EAAW;AACtB,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,+BAA+B,IAAA,EAAK;AAAA,IACjE;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,4BAA4B,IAAA,EAAK;AAAA,IAC9D;AAEA,IAAA,IAAI,SAAS,UAAA,EAAY;AACvB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,8BAA8B,IAAA,EAAK;AAAA,IAChE;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,4BAA4B,IAAA,EAAK;AAAA,IAC9D;AAGA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,MAAM,GAAA,GAAM,OAAA;AAIZ,MAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,EAAG;AACpB,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,kCAAkC,IAAA,EAAK;AAAA,MACpE;AAGA,MAAA,OAAA,CAAQ,IAAI,GAAG,CAAA;AACf,MAAA,KAAA,CAAM,IAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,KAAK,CAAA;AAGhC,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,QAAA,IAAI,GAAA,CAAI,SAAS,cAAA,EAAgB;AAC/B,UAAA,OAAO;AAAA,YACL,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,wCAAwC,cAAc,CAAA,CAAA,CAAA;AAAA,YAC7D;AAAA,WACF;AAAA,QACF;AAEA,QAAA,KAAA,IAAS,IAAI,GAAA,CAAI,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACxC,UAAA,KAAA,CAAM,KAAK,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAO,IAAI,CAAC,CAAA,EAAG,IAAA,EAAM,CAAC,GAAG,IAAA,EAAM,CAAC,GAAG,KAAA,EAAO,KAAA,GAAQ,GAAG,CAAA;AAAA,QACnF;AACA,QAAA;AAAA,MACF;AAGA,MAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AACvC,MAAA,IAAI,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,IAAA,EAAM;AAChD,QAAA,MAAM,eAAA,GAAkB,GAAA,CAAI,WAAA,EAAa,IAAA,IAAQ,SAAA;AACjD,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,qBAAqB,eAAe,CAAA,mBAAA,CAAA;AAAA,UAC3C;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC5B,MAAA,IAAI,IAAA,CAAK,SAAS,aAAA,EAAe;AAC/B,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,4CAA4C,aAAa,CAAA,CAAA,CAAA;AAAA,UAChE;AAAA,SACF;AAAA,MACF;AAEA,MAAA,KAAA,IAAS,IAAI,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACzC,QAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAClB,QAAA,KAAA,CAAM,IAAA,CAAK;AAAA,UACT,IAAA,EAAM,OAAA;AAAA,UACN,KAAA,EAAQ,IAAgC,GAAG,CAAA;AAAA,UAC3C,IAAA,EAAM,CAAC,GAAG,IAAA,EAAM,GAAG,CAAA;AAAA,UACnB,OAAO,KAAA,GAAQ;AAAA,SAChB,CAAA;AAAA,MACH;AACA,MAAA;AAAA,IACF;AAGA,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,OAAO,CAAA,cAAA,EAAiB,IAAI,IAAI,IAAA,EAAK;AAAA,EAC3D;AAEA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AACpB;;;AC9TO,IAAM,oBAAoBA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,gBAAgB,CAAC;AAM/D,IAAM,aAAA,GAAgB,CAAC,UAAA,EAAY,gBAAgB;AAgBnD,IAAM,iBAAA,GAAoBA,EAAE,IAAA,CAAK;AAAA,EACtC,wBAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,aAAA,GAAgB,CAAC,wBAAA,EAA0B,MAAA,EAAQ,QAAQ,gBAAgB;AAWjF,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAGhC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,gBAAA,EAAkBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA;AAAA;AAAA,EAGpD,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAUI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,MAAA,EAAQ,iBAAA;AAAA;AAAA,EAGR,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA,CAAE,QAAQ,OAAO,CAAA;AAAA;AAAA,EAGvC,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxC,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG1C,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAG7C,OAAA,EAAS,qBAAqB,QAAA;AAChC,CAAC,EACA,MAAA;AAaI,IAAM,2BAAA,GAA8BA,EACxC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,YAAA,EAAc,iBAAA;AAAA;AAAA,EAGd,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3D,gBAAA,EAAkBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA;AAAA,EAG/D,KAAA,EAAO,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGjC,iBAAA,EAAmBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGvD,UAAUA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvC,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtC,QAAA,EAAUA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAG,eAAe,EAAE,QAAA;AAClD,CAAC,EACA,MAAA;AAUI,IAAM,mBAAA,GAAsB;AA4B5B,IAAM,8BAAA,GAAiCA,EAC3C,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,mBAAmB,CAAA;AAAA;AAAA,EAGnC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAYI,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,oBAAA,EAAsBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAG9C,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGpC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAaI,IAAM,2BAAA,GAA8BA,EACxC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,YAAA,EAAc,iBAAA;AAAA;AAAA,EAGd,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGjC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE;AACxC,CAAC,EACA,MAAA;AAuBI,SAAS,iCACd,IAAA,EAC8E;AAC9E,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,IAAI,CAAA;AAC5D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,2BAA2B,WAAA,EAEC;AAC1C,EAAA,OAAO,YAAY,IAAA,KAAS,mBAAA;AAC9B;AAiDO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,MAAM,QAAA,GAAkC;AAAA,IACtC,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO;AAAA,GACvB;AAEA,EAAA,IAAI,OAAO,YAAA,EAAc;AACvB,IAAA,QAAA,CAAS,eAAe,MAAA,CAAO,YAAA;AAAA,EACjC;AACA,EAAA,IAAI,OAAO,gBAAA,EAAkB;AAC3B,IAAA,QAAA,CAAS,mBAAmB,MAAA,CAAO,gBAAA;AAAA,EACrC;AACA,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,QAAA,CAAS,QAAQ,MAAA,CAAO,KAAA;AAAA,EAC1B;AACA,EAAA,IAAI,OAAO,iBAAA,EAAmB;AAC5B,IAAA,QAAA,CAAS,oBAAoB,MAAA,CAAO,iBAAA;AAAA,EACtC;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AACA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,QAAA,CAAS,UAAU,MAAA,CAAO,OAAA;AAAA,EAC5B;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AAEnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,WAAA,GAAwC;AAAA,IAC5C,IAAA,EAAM,mBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AACA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,WAAA,CAAY,MAAM,MAAA,CAAO,GAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,WAAA;AACT;AAQO,SAAS,wBACd,IAAA,EACqE;AACrE,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,IAAI,CAAA;AACnD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,wBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;AC3bO,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,UAAA,EAAY,GAAA;AAAA;AAAA,EAEZ,QAAA,EAAU,CAAA;AAAA;AAAA,EAEV,kBAAA,EAAoB,KAAA;AAAA;AAAA,EAEpB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,mBAAA,EAAqB,IAAA;AAAA;AAAA,EAErB,gBAAA,EAAkB;AACpB;AAUO,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,OAAA,CAAQ,SAAS;AAM/C,IAAM,kBAAA,GAAqBA,CAAAA,CAAE,OAAA,CAAQ,WAAW;AAkBhD,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAK,mBAAA;AAAA;AAAA,EAGL,KAAA,EAAOA,CAAAA,CACJ,MAAA,EAAO,CACP,GAAA,CAAI,EAAE,CAAA,CACN,GAAA,CAAI,EAAE,CAAA,CACN,KAAA,CAAM,kBAAA,EAAoB,8BAA8B,CAAA;AAAA;AAAA,EAG3D,GAAA,EAAK;AACP,CAAC,EACA,MAAA;AAgBI,IAAM,sBAAA,GAAyBA,EAAE,IAAA,CAAK;AAAA,EAC3C,gBAAA;AAAA,EACA,aAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,kBAAA,GAAqB;AAAA,EAChC,gBAAA;AAAA,EACA,aAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF;AAeO,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK;AAAA,EACzC,UAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,mBAAmB,CAAC,UAAA,EAAY,WAAA,EAAa,KAAA,EAAO,aAAa,WAAW;AAczF,IAAM,gBAAA,GAAmBA,CAAAA,CACtB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,mBAAmB,CAAA,CAC1C,MAAA;AAAA,EACC,CAAC,GAAA,KAAQ;AAEP,IAAA,IAAI,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG,OAAO,IAAA;AAEnC,IAAA,IAAI,GAAA,CAAI,WAAW,UAAU,CAAA,IAAK,IAAI,UAAA,CAAW,SAAS,GAAG,OAAO,IAAA;AAEpE,IAAA,IAAI,GAAA,CAAI,UAAA,CAAW,mBAAmB,CAAA,EAAG,OAAO,IAAA;AAChD,IAAA,OAAO,KAAA;AAAA,EACT,CAAA;AAAA,EACA,EAAE,SAAS,mFAAA;AACb,CAAA;AAmBK,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,WAAA,EAAa,gBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASb,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGpD,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGzC,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGzC,KAAA,EAAO,sBAAA;AAAA;AAAA,EAGP,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA;AACnC,CAAC,EACA,MAAA;AAYI,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,UAAU,CAAA;AAAA;AAAA,EAGlF,eAAA,EAAiB,oBAAA;AAAA;AAAA,EAGjB,WAAA,EAAa,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGxC,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvE,kBAAA,EAAoBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGxD,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAUA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAG,eAAe,EAAE,QAAA;AAClD,CAAC,EACA,MAAA;AAUI,IAAM,gBAAA,GAAmB;AAyBzB,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,gBAAgB,CAAA;AAAA;AAAA,EAGhC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAiCI,SAAS,oBACd,IAAA,EACiE;AACjE,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,IAAI,CAAA;AAC/C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,0BACd,IAAA,EACuE;AACvE,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,SAAA,CAAU,IAAI,CAAA;AACrD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAkBO,SAAS,+BACd,IAAA,EAC4E;AAC5E,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,SAAA,CAAU,IAAI,CAAA;AAC1D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,yBAAyB,WAAA,EAEC;AACxC,EAAA,OAAO,YAAY,IAAA,KAAS,gBAAA;AAC9B;AA8CO,SAAS,6BACd,MAAA,EACwB;AACxB,EAAA,MAAM,QAAA,GAAgC;AAAA,IACpC,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,iBAAiB,MAAA,CAAO;AAAA,GAC1B;AAEA,EAAA,IAAI,OAAO,WAAA,EAAa;AACtB,IAAA,QAAA,CAAS,cAAc,MAAA,CAAO,WAAA;AAAA,EAChC;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AACA,EAAA,IAAI,OAAO,kBAAA,EAAoB;AAC7B,IAAA,QAAA,CAAS,qBAAqB,MAAA,CAAO,kBAAA;AAAA,EACvC;AACA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,QAAA,CAAS,aAAa,MAAA,CAAO,UAAA;AAAA,EAC/B;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,WAAA,GAAsC;AAAA,IAC1C,IAAA,EAAM,gBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AACA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,WAAA,CAAY,MAAM,MAAA,CAAO,GAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,WAAA;AACT;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,wBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;AAQO,SAAS,mBAAmB,OAAA,EAAkD;AACnF,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,MAAA,KAAW,MAAS,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAgB,CAAA;AAC3F,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,KAAK,CAAA,KAAM,GAAA,GAAM,GAAG,CAAC,CAAA;AAC9C;AASO,SAAS,oBAAA,CACd,OAAA,EACA,OAAA,mBAAuB,IAAI,KAAI,EACX;AACpB,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACnC,MAAA,OAAO,MAAA,CAAO,WAAA;AAAA,IAChB;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AC/hBO,IAAM,aAAA,GAAgB;AAKtB,IAAM,WAAW,UAAA,CAAW;AAK5B,IAAM,sBAAsB,OAAA,CAAQ;AAKpC,IAAM,sBAAsB,OAAA,CAAQ;AACpC,IAAM,8BAA8B,OAAA,CAAQ;AAC5C,IAAM,6BAA6B,OAAA,CAAQ;AAM3C,IAAM,mBAAmB,MAAA,CAAO;AAKhC,IAAM,4BAA4B,MAAA,CAAO;AAKzC,IAAM,wBAAwB,MAAA,CAAO;AAMrC,IAAM,0BAA0B,aAAA,CAAc;AAK9C,IAAM,6BAA6B,aAAA,CAAc;AAKjD,IAAM,+BAA+B,aAAA,CAAc;AAKnD,IAAM,sBAAsB,SAAA,CAAU;AAKtC,IAAM,wBAAA,GAA2B;AAUjC,IAAM,uBAAA,GACX;ACrEF,IAAM,QAAA,GAAWA,CAAAA,CACd,MAAA,EAAO,CACP,GAAA,EAAI,CACJ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,UAAA,CAAW,UAAU,GAAG,kBAAkB,CAAA;AAC7D,IAAM,OAAA,GAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,YAAY,CAAA;AAC7C,IAAM,MAAA,GAASA,CAAAA,CACZ,MAAA,EAAO,CACP,MAAM,wEAAwE,CAAA;AAE1E,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA,EACN,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EACrC,QAAA,EAAU,OAAA;AAAA,EACV,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,QAAA,EAAU,gBAAgB,QAAA,EAAS;AAAA,EACnC,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,EACA,MAAA;AAEI,IAAM,OAAA,GAAUA,EAAE,MAAA,CAAO,EAAE,KAAK,QAAA,EAAU,EAAE,MAAA;AAE5C,IAAM,cAAA,GAAiBA,EAC3B,MAAA,CAAO;AAAA,EACN,GAAA,EAAK,QAAA;AAAA,EACL,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC;AACxB,CAAC,EACA,MAAA;AAII,IAAM,UAAA,GAAaA,EACvB,MAAA,CAAO;AAAA,EACN,eAAA,EAAiB,eAAe,QAAA;AAAS;AAE3C,CAAC,CAAA,CACA,QAAA,CAASA,CAAAA,CAAE,OAAA,EAAS;AAShB,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA,EACN,GAAA,EAAKA,CAAAA,CAAE,OAAA,CAAQ,aAAa,CAAA;AAAA,EAC5B,GAAA,EAAKA,CAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,EACvB,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC;AACvB,CAAC,EACA,MAAA;AAMI,IAAM,SAAA,GAAY;AAIzB,IAAM,yBAAyB,CAAC,OAAA,EAAS,QAAA,EAAU,aAAA,EAAe,aAAa,OAAO,CAAA;AACtF,IAAM,mBAAA,GAAsB;AAAA,EAC1B,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF,CAAA;AAEO,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA,EACN,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EAClC,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EAC/B,GAAA,EAAK,MAAA;AAAA,EACL,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EAClC,GAAA,EAAK,OAAA;AAAA,EACL,OAAA,EAAS,iBAAA;AAAA,EACT,OAAA,EAAS,QAAQ,QAAA,EAAS;AAAA,EAC1B,GAAA,EAAK,WAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAGzB,kBAAkBA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA;AAAA,EAE/C,gBAAA,EAAkBA,CAAAA,CAAE,IAAA,CAAK,sBAAsB,EAAE,QAAA,EAAS;AAAA;AAAA,EAE1D,cAAA,EAAgBA,CAAAA,CAAE,IAAA,CAAK,mBAAmB,EAAE,QAAA;AAC9C,CAAC,EACA,MAAA;AAaI,IAAM,aAAA,GAAgB;AAEtB,IAAM,aAAA,GAAgBA,EAC1B,MAAA,CAAO;AAAA,EACN,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE;AAChC,CAAC,EACA,MAAA;AAeI,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK;AAAA,EACzC,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,WAAA;AAAA,EACA,aAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAC;AAKM,IAAM,0BAAA,GAA6BA,EAAE,IAAA,CAAK;AAAA,EAC/C,cAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF,CAAC;AAKM,IAAM,wBAAwBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAC;AAKhE,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,MAAA,EAAQ,qBAAA;AAAA,EACR,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC5B,OAAA,EAAS,qBAAqB,QAAA,EAAS;AAAA,EACvC,cAAA,EAAgB,2BAA2B,QAAA,EAAS;AAAA,EACpD,KAAA,EAAOA,CAAAA,CAAE,KAAA,CAAM,CAACA,EAAE,MAAA,EAAO,EAAGA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC3D,eAAA,EAAiBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACtC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA,EACN,OAAOA,CAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EACvC,QAAA,EAAU,qBAAA;AAAA,EACV,UAAA,EAAYA,CAAAA,CAAE,OAAA,CAAQ,cAAc,EAAE,QAAA;AACxC,CAAC,CAAA,CACA,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,MAAM,UAAA,GAAa,KAAK,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,MAAM,CAAA;AACnE,IAAA,MAAM,QAAA,GAAW,KAAK,KAAA,CAAM,KAAA,CAAM,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,KAAK,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,QAAQ,CAAA;AAEpE,IAAA,IAAI,UAAA,IAAc,IAAA,CAAK,QAAA,KAAa,MAAA,EAAQ;AAC1C,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,QAAA,IAAY,IAAA,CAAK,QAAA,KAAa,OAAA,EAAS;AACzC,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,IAAa,CAAC,UAAA,IAAc,IAAA,CAAK,aAAa,MAAA,EAAQ;AACxD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAgBK,IAAM,qBAAqBA,CAAAA,CAC/B,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,wBAAwB,CAAA,CAC5B,OAAO,CAAC,KAAA,KAAU,mBAAA,CAAoB,IAAA,CAAK,KAAK,CAAA,EAAG;AAAA,EAClD,OAAA,EACE;AACJ,CAAC;AAQI,IAAM,sBAAA,GAAyBA,EAAE,IAAA,CAAK;AAAA,EAC3C,OAAA;AAAA,EACA,QAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAOM,IAAM,mBAAA,GAAsBA,EAAE,IAAA,CAAK;AAAA,EACxC,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF,CAAC;AAeM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA,EACN,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA,EAChD,QAAA,EAAU,QAAQ,QAAA,EAAS;AAAA,EAC3B,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,MAAMA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACjC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACxC,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,CAAA,CACA,MAAA,EAAO,CACP,MAAA,CAAO,CAAC,IAAA,KAAS,IAAA,CAAK,MAAA,KAAW,MAAA,IAAa,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW;AAAA,EACvE,OAAA,EAAS;AACX,CAAC;AAkBI,IAAM,uBAAuBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,UAAA,EAAY,MAAM,CAAC;AAOlE,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA,EACN,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EACrC,QAAA,EAAU,OAAA;AAAA,EACV,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,KAAKA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,MAAM,CAAC,CAAA;AAAA,EAC5B,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACpC,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EAC5C,QAAA,EAAU,eAAA;AAAA,EACV,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACvC,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAM,kBAAkB,EAAE,QAAA,EAAS;AAAA,EAC7C,OAAA,EAAS,qBAAqB,QAAA;AAChC,CAAC,EACA,MAAA;AASI,IAAM,oBAAoBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,KAAA,EAAO,OAAO,CAAC;AAU1D,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA,EACN,EAAA,EAAIA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACpB,IAAA,EAAM,iBAAA;AAAA,EACN,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,EACA,MAAA;AAUI,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA,EACN,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC7B,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACnC,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA;AAC7B,CAAC,EACA,MAAA;AAYI,IAAM,mBAAmBA,CAAAA,CAAE,MAAA;AAAA,EAChCA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,8BAA8B,CAAA;AAAA,EAC/C;AACF;AAUO,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA,EACN,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC3C,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EAC/B,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAOH,IAAM,gBAAA,uBAAuB,GAAA,EAAY;AAKzC,SAAS,aAAa,EAAA,EAAqB;AAEzC,EAAA,IAAI,4BAAA,CAA6B,IAAA,CAAK,EAAE,CAAA,EAAG;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,IAAA,CAAK,EAAA,CAAG,QAAQ,WAAA,EAAa,EAAE,CAAC,CAAA,EAAG;AACtD,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,KAAA;AACT;AASO,SAAS,wBACd,QAAA,EACqD;AACrD,EAAA,IAAI,QAAA,KAAa,MAAA,IAAa,QAAA,KAAa,IAAA,EAAM;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,SAAA,GAAY,4BAAA,CAA6B,KAAA,CAAM,QAAQ,CAAA;AAG7D,EAAA,MAAM,SAAA,GAAY,UAAU,OAAA,CAAQ,EAAA;AACpC,EAAA,IAAI,aAAa,SAAS,CAAA,IAAK,CAAC,gBAAA,CAAiB,GAAA,CAAI,SAAS,CAAA,EAAG;AAC/D,IAAA,gBAAA,CAAiB,IAAI,SAAS,CAAA;AAC9B,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,wCAAwC,SAAS,CAAA,kEAAA;AAAA,KAEnD;AAAA,EACF;AAEA,EAAA,OAAO,SAAA;AACT;AAgCO,SAAS,gBAAA,CACd,UACA,MAAA,EAC0B;AAC1B,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,QAAA,EAAU,MAAM,CAAA;AAEvD,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,0BAAA,CAA2B,MAAA,CAAO,KAAA,EAAO,OAAO,IAAI;AAAA,KAC7D;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,QAAA,EAAS;AACrC;AC5dO,IAAM,WAAA,GAAc;AAAA,EACzB,oBAAA;AAAA,EACA,cAAA;AAAA,EACA,sBAAA;AAAA,EACA,eAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;AAEO,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,WAAW;AAe1C,SAAS,aAAa,KAAA,EAAwB;AACnD,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AAEzB,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,aAAa,OAAA,EAAS;AACzD,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,aAAa,GAAA,EAAK;AACxB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,IAAI,IAAI,IAAA,KAAS,EAAA,IAAM,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1C,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,aAAa,EAAA,EAAI;AAC9C,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,cAAA,EAAgB,EAAE,CAAA,CAAE,KAAA,CAAM,MAAM,CAAA,CAAE,CAAC,CAAA;AAClE,IAAA,IAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AASO,IAAM,2BAAA,GAA8B;AAcpC,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,EAAA,EAAIA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAG7B,UAAA,EAAY,eAAA;AAAA;AAAA,EAGZ,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,IAAI,CAAA,CAAE,OAAO,YAAA,EAAc;AAAA,IAChD,OAAA,EACE;AAAA,GACH,CAAA;AAAA;AAAA,EAGD,WAAA,EAAaA,CAAAA,CACV,MAAA,EAAO,CACP,MAAM,uBAAA,EAAyB;AAAA,IAC9B,OAAA,EAAS;AAAA,GACV,EACA,QAAA;AACL,CAAC,EACA,MAAA;AAqBI,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAII,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,OAAOA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA;AAC7B,CAAC,EACA,MAAA;AAII,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGlC,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGtC,WAAA,EAAa,oBAAA;AAAA;AAAA,EAGb,iBAAA,EAAmB;AACrB,CAAC,EACA,MAAA;AAcI,SAAS,qBACd,IAAA,EACkE;AAClE,EAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,IAAI,CAAA;AAChD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAYO,SAAS,aACd,IAAA,EACgE;AAChE,EAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,SAAA,CAAU,IAAI,CAAA;AAC9C,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAAA,EAClD;AAGA,EAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,MAAA,CAAO,KAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AACvE,EAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,MAAA,CAAO,KAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACrE,EAAA,IAAI,aAAa,QAAA,EAAU;AACzB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,qCAAA,EAAsC;AAAA,EACnE;AAGA,EAAA,MAAM,eAAA,GAAkB,GAAA,GAAM,MAAA,GAAS,EAAA,GAAK,KAAK,EAAA,GAAK,GAAA;AACtD,EAAA,IAAI,QAAA,GAAW,YAAY,eAAA,EAAiB;AAC1C,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,gDAAA,EAAiD;AAAA,EAC9E;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AACxC;AC1PO,IAAM,8BAAA,GAAiC;AAKvC,IAAM,oBAAoB,CAAC,QAAA,EAAU,QAAA,EAAU,SAAA,EAAW,WAAW,SAAS;AAE9E,IAAM,yBAAA,GAA4BA,CAAAA,CAAE,IAAA,CAAK,iBAAiB;AAQjE,IAAM,uBAAA,GAA0B,qCAAA;AAEzB,IAAM,mBAAA,GAAsBA,EAAE,MAAA,EAAO,CAAE,IAAI,GAAG,CAAA,CAAE,MAAM,uBAAA,EAAyB;AAAA,EACpF,OAAA,EACE;AACJ,CAAC;AAKM,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,KAAA,EAAO,yBAAA;AAAA;AAAA,EAGP,cAAA,EAAgB,mBAAA;AAAA;AAAA,EAGhB,SAAA,EAAWA,CAAAA,CACR,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,IAAI,CAAA,CACR,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,UAAA,CAAW,UAAU,CAAA,EAAG;AAAA,IACvC,OAAA,EAAS;AAAA,GACV,CAAA;AAAA;AAAA,EAGH,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,YAAA,EAAc,oBAAoB,QAAA;AACpC,CAAC,EACA,MAAA;AAOI,SAAS,wBACd,IAAA,EACqE;AACrE,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,IAAI,CAAA;AACnD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AChEO,IAAM,2BAAA,GAA8B;AAM3C,SAAS,qBAAqB,KAAA,EAAwB;AACpD,EAAA,IAAI,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,EAAG;AAC5B,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AACzB,IAAA,OAAO,IAAI,QAAA,KAAa,QAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGlC,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,IAAI,CAAA,CAAE,OAAO,oBAAA,EAAsB;AAAA,IAC9D,OAAA,EAAS;AAAA,GACV,CAAA;AAAA;AAAA,EAGD,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAGrC,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,EAAE,QAAA;AACpD,CAAC,EACA,MAAA;AAOI,SAAS,qBACd,IAAA,EACkE;AAClE,EAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,IAAI,CAAA;AAChD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;ACtDO,IAAM,4BAAA,GAA+B;AAKrC,IAAM,kBAAkB,CAAC,OAAA,EAAS,MAAA,EAAQ,UAAA,EAAY,YAAY,OAAO;AAEzE,IAAM,uBAAA,GAA0BA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAMtD,IAAM,gBAAA,GAAmB;AAAA,EAC9B,mBAAA;AAAA,EACA,eAAA;AAAA,EACA,mBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAEO,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAMpD,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,uBAAA;AAAA;AAAA,EAGR,OAAA,EAAS,oBAAA;AAAA;AAAA,EAGT,UAAUA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxC,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtC,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG1C,WAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AACnC,CAAC,EACA,MAAA;AAOI,SAAS,sBACd,IAAA,EACmE;AACnE,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,IAAI,CAAA;AACjD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;ACxDO,IAAM,oBAAA,GAAuB;AAM7B,IAAM,kBAAA,GAAqB,CAAC,eAAA,EAAiB,aAAA,EAAe,aAAa,OAAO;AAEhF,IAAM,qBAAA,GAAwBA,CAAAA,CAAE,IAAA,CAAK,kBAAkB;AAMvD,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,gBAAA,EAAkB,qBAAA;AAAA;AAAA,EAGlB,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/C,UAAA,EAAYA,CAAAA,CACT,MAAA,EAAO,CACP,MAAM,uBAAA,EAAyB;AAAA,IAC9B,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA,EAGZ,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3C,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG7C,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AACpC,CAAC,EACA,MAAA;AAOI,SAAS,eACd,IAAA,EAC4D;AAC5D,EAAA,MAAM,MAAA,GAAS,YAAA,CAAa,SAAA,CAAU,IAAI,CAAA;AAC1C,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAAA,EAClD;AAGA,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,YAAA,IAAgB,MAAA,CAAO,KAAK,UAAA,EAAY;AACtD,IAAA,MAAM,cAAc,IAAI,IAAA,CAAK,OAAO,IAAA,CAAK,YAAY,EAAE,OAAA,EAAQ;AAC/D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,OAAO,IAAA,CAAK,UAAU,EAAE,OAAA,EAAQ;AAC3D,IAAA,IAAI,cAAc,SAAA,EAAW;AAC3B,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,2CAAA,EAA4C;AAAA,IACzE;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AACxC;;;ACjDA,SAAS,eAAe,GAAA,EAAqB;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,GAAA,CAAI,SAAS,CAAC,CAAA;AAC3C,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,KAAK,CAAA,EAAG;AACtC,IAAA,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,UAAU,CAAA,EAAG,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,EACrD;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC/C,CAAA,MAAO;AAEL,IAAA,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,GAAG,KAAK,CAAC,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACzE;AAMA,SAAS,eAAe,MAAA,EAAwB;AAE9C,EAAA,IAAI,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAExD,EAAA,OAAO,MAAA,CAAO,MAAA,GAAS,CAAA,KAAM,CAAA,EAAG;AAC9B,IAAA,MAAA,IAAU,GAAA;AAAA,EACZ;AACA,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AAAA,EACtC,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,MAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,IAChC;AAAA,EACF;AACA,EAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,IAAM,UAAA,GAAa,CAAC,QAAA,EAAU,aAAa,CAAA;AAC3C,IAAM,mBAAA,GAAsB,uCAAA;AAMrB,IAAM,0BAAA,GAA6B,EAAA;AAM1C,IAAM,iBAAA,GAAoB,kBAAA;AAWnB,SAAS,uBAAuB,CAAA,EAAwC;AAC7E,EAAA,IAAI,CAAA,CAAE,SAAS,0BAAA,EAA4B;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,mBAAA,CAAoB,IAAA,CAAK,CAAC,CAAA;AACxC,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,GAAA,GAAM,MAAM,CAAC,CAAA;AACnB,EAAA,MAAM,GAAA,GAAM,MAAM,CAAC,CAAA;AACnB,EAAA,OAAO;AAAA,IACL,GAAA;AAAA,IACA,KAAA,EAAO,eAAe,GAAG;AAAA,GAC3B;AACF;AAWO,SAAS,uBAAuB,GAAA,EAA0C;AAC/E,EAAA,IAAI,CAAC,UAAA,CAAW,QAAA,CAAS,GAAA,CAAI,GAAkC,CAAA,EAAG;AAChE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,EAAG;AACtC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AACpC,IAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,CAAA,EAAG,GAAA,CAAI,GAAG,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AC1HO,IAAM,cAAA,GAAiB;AAAA;AAAA,EAE5B,UAAA,EAAY,EAAA;AAAA;AAAA,EAEZ,qBAAA,EAAuB,EAAA;AAAA;AAAA,EAEvB,yBAAA,EAA2B,EAAA;AAAA;AAAA,EAE3B,sBAAA,EAAwB,EAAA;AAAA;AAAA,EAExB,oBAAA,EAAsB,GAAA;AAAA;AAAA,EAEtB,sBAAA,EAAwB,GAAA;AAAA;AAAA,EAExB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAEpB,2BAAA,EAA6B,GAAA;AAAA;AAAA,EAE7B,yBAAA,EAA2B;AAC7B;AAyBA,IAAM,UAAA,GAAa,0BAAA;AAOZ,IAAM,kBAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,YAAY,qBAAqB;AAmB1E,IAAM,iBAAA,GAAoBA,EAAE,IAAA,CAAK;AAAA,EACtC,qBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,aAAA,GAAgB;AAAA,EAC3B,qBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF;AAcO,IAAM,uBAAA,GAA0BA,EAAE,IAAA,CAAK,CAAC,WAAW,aAAA,EAAe,UAAA,EAAY,QAAQ,CAAC;AAMvF,IAAM,oBAAA,GAAuB,CAAC,SAAA,EAAW,aAAA,EAAe,YAAY,QAAQ;AA+B5E,IAAM,wBAAA,GAA2BA,EAAE,IAAA,CAAK;AAAA;AAAA,EAE7C,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,gBAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EAEA,qBAAA;AAAA,EACA,gBAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EAEA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,qBAAA,GAAwB;AAAA,EACnC,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,gBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,qBAAA;AAAA,EACA,gBAAA;AAAA,EACA,oBAAA;AAAA,EACA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAKO,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,wBAAA;AAAA;AAAA,EAEN,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,cAAA,CAAe,sBAAsB,EAAE,QAAA;AACjE,CAAC,EACA,MAAA;AAsBI,IAAM,kBAAA,GAAqBA,EAAE,IAAA,CAAK;AAAA,EACvC,OAAA;AAAA,EACA,cAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,cAAA,GAAiB;AAAA,EAC5B,OAAA;AAAA,EACA,cAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;AAKO,IAAM,eAAA,GAA2C,CAAC,UAAA,EAAY,UAAA,EAAY,OAAO;AAQjF,IAAM,mBAAA,GAAqE;AAAA,EAChF,KAAA,EAAO,CAAC,cAAA,EAAgB,UAAU,CAAA;AAAA,EAClC,YAAA,EAAc,CAAC,cAAA,EAAgB,UAAU,CAAA;AAAA,EACzC,YAAA,EAAc,CAAC,UAAA,EAAY,WAAW,CAAA;AAAA,EACtC,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,EACtB,QAAA,EAAU,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,EAC9B,QAAA,EAAU,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,EAC9B,QAAA,EAAU,CAAC,cAAA,EAAgB,OAAO,CAAA;AAAA,EAClC,OAAO;AAAC;AACV;AASO,SAAS,eAAA,CAAgB,SAAuB,IAAA,EAA6B;AAClF,EAAA,OAAO,mBAAA,CAAoB,OAAO,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA;AACnD;AAQO,SAAS,gBAAgB,KAAA,EAA8B;AAC5D,EAAA,OAAO,eAAA,CAAgB,SAAS,KAAK,CAAA;AACvC;AAQO,SAAS,oBAAoB,OAAA,EAAgD;AAClF,EAAA,OAAO,oBAAoB,OAAO,CAAA;AACpC;AAcO,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK,CAAC,UAAU,WAAA,EAAa,kBAAA,EAAoB,SAAS,CAAC;AAM1F,IAAM,gBAAA,GAAmB,CAAC,QAAA,EAAU,WAAA,EAAa,oBAAoB,SAAS;AAa9E,IAAM,qBAAA,GAAwBA,EAAE,IAAA,CAAK;AAAA,EAC1C,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,cAAA;AAAA,EACA,gBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,iBAAA,GAAoB;AAAA,EAC/B,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,cAAA;AAAA,EACA,gBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAKO,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,qBAAA;AAAA;AAAA,EAEN,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,2BAA2B,CAAA;AAAA;AAAA,EAEzE,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AAClC,CAAC,EACA,MAAA;AAQI,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAAS,oBAAA;AAAA;AAAA,EAET,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAEtC,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,kBAAkB,CAAA;AAAA;AAAA,EAElE,WAAA,EAAa,kBAAkB,QAAA;AACjC,CAAC,EACA,MAAA;AAcI,IAAM,sBAAsBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,KAAA,EAAO,KAAK,CAAC;AAQ1D,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,mBAAA;AAAA;AAAA,EAER,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI;AACnC,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,SAAS,GAAA,KAAQ;AAC7B,EAAA,IAAI,OAAA,CAAQ,WAAW,OAAA,EAAS;AAE9B,IAAA,MAAM,UAAA,GAAa,4BAAA;AACnB,IAAA,IAAI,CAAC,UAAA,CAAW,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,sBAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF,CAAA,MAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,KAAA,EAAO;AAEnC,IAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,EAAG;AACrC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,4BAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF,CAAA,MAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,KAAA,EAAO;AAEnC,IAAA,IAAI;AACF,MAAA,IAAI,GAAA,CAAI,QAAQ,KAAK,CAAA;AAAA,IACvB,CAAA,CAAA,MAAQ;AACN,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,oBAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF;AACF,CAAC;AAUI,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,KAAKA,CAAAA,CAAE,MAAA,GAAS,GAAA,EAAI,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAE9B,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAEzC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA;AACnC,CAAC,EACA,MAAA;AAUH,IAAM,yBAAA,GAA4BA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAc,iBAAA;AAAA;AAAA,EAEd,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAEtC,WAAA,EAAa,uBAAA;AAAA;AAAA,EAEb,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAM,oBAAoB,CAAA,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,UAAU,CAAA;AAAA;AAAA,EAE3E,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,oBAAoB,CAAA;AAAA;AAAA,EAEtE,mBAAA,EAAqBA,CAAAA,CAClB,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,IAAI,CAAC,CAAA,CAC1B,GAAA,CAAI,cAAA,CAAe,qBAAqB,EACxC,QAAA,EAAS;AAAA;AAAA,EAEZ,uBAAA,EAAyBA,CAAAA,CACtB,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,IAAI,CAAC,CAAA,CAC1B,GAAA,CAAI,cAAA,CAAe,yBAAyB,EAC5C,QAAA,EAAS;AAAA;AAAA,EAEZ,oBAAA,EAAsBA,EACnB,KAAA,CAAM,iBAAiB,EACvB,GAAA,CAAI,cAAA,CAAe,sBAAsB,CAAA,CACzC,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAAS,qBAAqB,QAAA,EAAS;AAAA;AAAA,EAEvC,KAAA,EAAO,kBAAA;AAAA;AAAA,EAEP,kBAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAEjD,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,UAAA,EAAY,wBAAwB,QAAA,EAAS;AAAA;AAAA,EAE7C,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AACzD,CAAC,EACA,MAAA,EAAO;AAUH,IAAM,qBAAA,GAAwB,yBAAA,CAA0B,WAAA,CAAY,CAAC,UAAU,GAAA,KAAQ;AAC5F,EAAA,MAAM,cAAA,GAAiC,CAAC,UAAA,EAAY,UAAA,EAAY,OAAO,CAAA;AAGvE,EAAA,IAAI,eAAe,QAAA,CAAS,QAAA,CAAS,KAAK,CAAA,IAAK,CAAC,SAAS,UAAA,EAAY;AACnE,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,sCAAA,EAAyC,QAAA,CAAS,KAAK,CAAA,CAAA,CAAA;AAAA,MAChE,IAAA,EAAM,CAAC,YAAY;AAAA,KACpB,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,SAAS,UAAA,IAAc,CAAC,eAAe,QAAA,CAAS,QAAA,CAAS,KAAK,CAAA,EAAG;AACnE,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,+EAAA,EAAkF,QAAA,CAAS,KAAK,CAAA,CAAA,CAAA;AAAA,MACzG,IAAA,EAAM,CAAC,OAAO;AAAA,KACf,CAAA;AAAA,EACH;AAGA,EAAA,IACE,SAAS,YAAA,KAAiB,OAAA,IAC1B,SAAS,WAAA,CAAY,MAAA,GAAS,eAAe,yBAAA,EAC7C;AACA,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,sDAAA,EAAyD,cAAA,CAAe,yBAAyB,CAAA,WAAA,CAAA;AAAA,MAC1G,IAAA,EAAM,CAAC,aAAa;AAAA,KACrB,CAAA;AAAA,EACH;AACF,CAAC;AAUM,IAAM,YAAA,GAAe;AA0BrB,IAAM,wBAAA,GAA2BA,EACrC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,YAAY,CAAA;AAAA;AAAA,EAE5B,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAElC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAE3C,GAAA,EAAK,eAAA;AAAA;AAAA,EAEL,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAuBI,SAAS,2BACd,IAAA,EACwE;AACxE,EAAA,MAAM,MAAA,GAAS,wBAAA,CAAyB,SAAA,CAAU,IAAI,CAAA;AACtD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,0BAA0B,IAAA,EAA2C;AACnF,EAAA,OAAO,wBAAA,CAAyB,SAAA,CAAU,IAAI,CAAA,CAAE,OAAA;AAClD;AAQO,SAAS,qBAAqB,WAAA,EAEC;AACpC,EAAA,OAAO,YAAY,IAAA,KAAS,YAAA;AAC9B;AAQO,SAAS,0BACd,IAAA,EACuE;AACvE,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,SAAA,CAAU,IAAI,CAAA;AACrD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,uBACd,IAAA,EACoE;AACpE,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,IAAI,CAAA;AAClD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAyDO,SAAS,yBACd,MAAA,EACoB;AACpB,EAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAEnC,EAAA,MAAM,QAAA,GAA4B;AAAA,IAChC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,KAAA,EAAO;AAAA,GACT;AAEA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,QAAA,CAAS,UAAU,MAAA,CAAO,OAAA;AAAA,EAC5B;AACA,EAAA,IAAI,OAAO,mBAAA,EAAqB;AAC9B,IAAA,QAAA,CAAS,sBAAsB,MAAA,CAAO,mBAAA;AAAA,EACxC;AACA,EAAA,IAAI,OAAO,uBAAA,EAAyB;AAClC,IAAA,QAAA,CAAS,0BAA0B,MAAA,CAAO,uBAAA;AAAA,EAC5C;AACA,EAAA,IAAI,OAAO,oBAAA,EAAsB;AAC/B,IAAA,QAAA,CAAS,uBAAuB,MAAA,CAAO,oBAAA;AAAA,EACzC;AACA,EAAA,IAAI,MAAA,CAAO,qBAAqB,MAAA,EAAW;AACzC,IAAA,QAAA,CAAS,mBAAmB,MAAA,CAAO,gBAAA;AAAA,EACrC;AAEA,EAAA,MAAM,WAAA,GAAkC;AAAA,IACtC,IAAA,EAAM,YAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAW,GAAA;AAAA,IACX,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AAEA,EAAA,OAAO,WAAA;AACT;AAkCO,SAAS,sBAAA,CACd,OAAA,EACA,QAAA,EACA,MAAA,EACA,UAAA,EAOI;AACJ,EAAA,MAAM,YAAA,GAAe,QAAQ,QAAA,CAAS,KAAA;AAGtC,EAAA,IAAI,CAAC,eAAA,CAAgB,YAAA,EAAc,QAAQ,CAAA,EAAG;AAC5C,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,CAAA,yBAAA,EAA4B,YAAY,CAAA,MAAA,EAAS,QAAQ,CAAA,sBAAA,EAAyB,mBAAA,CAAoB,YAAY,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA,IAAK,MAAM,CAAA,CAAA;AAAA,MAC/I,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAGA,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,QAAQ,CAAA;AAEjD,EAAA,IAAI,gBAAA,IAAoB,CAAC,UAAA,EAAY;AACnC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,gEAAgE,QAAQ,CAAA,CAAA,CAAA;AAAA,MAC/E,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,oBAAoB,UAAA,EAAY;AACnC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,qDAAqD,QAAQ,CAAA,CAAA,CAAA;AAAA,MACpE,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAGnC,EAAA,MAAM,EAAE,UAAA,EAAY,mBAAA,EAAqB,GAAG,yBAAA,KAA8B,OAAA,CAAQ,QAAA;AAGlF,EAAA,MAAM,eAAA,GAAmC;AAAA,IACvC,GAAG,yBAAA;AAAA,IACH,KAAA,EAAO,QAAA;AAAA,IACP,gBAAA,EAAkB;AAAA,GACpB;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,eAAA,CAAgB,YAAA,GAAe,MAAA;AAAA,EACjC;AAGA,EAAA,IAAI,oBAAoB,UAAA,EAAY;AAClC,IAAA,eAAA,CAAgB,UAAA,GAAa,UAAA;AAAA,EAC/B;AAEA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,MACL,GAAG,OAAA;AAAA,MACH,QAAA,EAAU;AAAA;AACZ,GACF;AACF;AAaO,SAAS,gBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;ACv6BO,IAAM,sBAAA,GAAyB;AAK/B,IAAM,qBAAA,GAAwB;AAK9B,IAAM,iBAAA,GAAoB,CAAC,aAAA,EAAe,WAAA,EAAa,UAAU,WAAW;AAW5E,IAAM,qBAAA,GAAwB;AAAA,EACnC,KAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA;AAKO,IAAM,wBAAA,GAA2B;AASjC,IAAM,oBAAA,GAAuB,oBAAA;AAK7B,IAAM,eAAA,GAAkB;AAAA;AAAA,EAE7B,cAAA,EAAgB,EAAA;AAAA;AAAA,EAEhB,mBAAA,EAAqB,GAAA;AAAA;AAAA,EAErB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,kBAAA,EAAoB,EAAA;AAAA;AAAA,EAEpB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,cAAA,EAAgB,GAAA;AAAA;AAAA,EAEhB,qBAAA,EAAuB;AACzB;AAYO,IAAM,mBAAA,GAAsB;AAQ5B,IAAM,eAAA,GAAkB;AASxB,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA,CAAM,qBAAqB,sDAAsD,CAAA,CACjF,GAAA,CAAI,eAAA,CAAgB,mBAAmB;AAKnC,IAAM,YAAA,GAAeA,CAAAA,CACzB,MAAA,EAAO,CACP,KAAA,CAAM,iBAAiB,oDAAoD,CAAA,CAC3E,GAAA,CAAI,eAAA,CAAgB,eAAe;AAK/B,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,iBAAiB;AAWrD,IAAM,4BAAA,GAA+BA,CAAAA,CACzC,MAAA,EAAO,CACP,KAAA;AAAA,EACC,oBAAA;AAAA,EACA;AACF,CAAA,CACC,GAAA,CAAI,gBAAgB,kBAAkB;AAQlC,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA;AAAA,EAGN,WAAA,EAAa,gBAAA;AAAA;AAAA,EAGb,OAAA,EAAS,YAAA;AAAA;AAAA,EAGT,eAAA,EAAiBA,CAAAA,CAAE,KAAA,CAAM,YAAY,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,cAAc,CAAA,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA;AAAA;AAAA,EAIrF,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAG9C,0BAA0BA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA;AAAA,EAIvD,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA,EAGpD,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAIjD,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,eAAA,CAAgB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtE,SAAA,EAAW,6BAA6B,QAAA,EAAS;AAAA;AAAA;AAAA,EAIjD,mBAAmBA,CAAAA,CAChB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA;AACL,CAAC,EACA,MAAA;AAKI,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgB,YAAA;AAAA;AAAA,EAGhB,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAG7B,eAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,gBAAgB,qBAAqB;AACrE,CAAC,EACA,MAAA;AAQI,IAAM,6BAAA,GAAgCA,EAC1C,MAAA,CAAO;AAAA;AAAA,EAEN,WAAA,EAAa,gBAAA;AAAA;AAAA,EAGb,MAAA,EAAQ,oBAAA;AAAA;AAAA,EAGR,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGhC,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAI7C,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,cAAc,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxF,qBAAqBA,CAAAA,CAClB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA,EAAS;AAAA;AAAA,EAGZ,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA;AAAA,EAIvD,eAAA,EAAiBA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,eAAA,EAAiBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,iBAAiB,CAAA;AAAA;AAAA;AAAA,EAInF,mBAAmBA,CAAAA,CAChB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA,EAAS;AAAA;AAAA,EAGZ,aAAA,EAAe,2BAA2B,QAAA;AAC5C,CAAC,CAAA,CACA,QAAO,CACP,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,OAAO,IAAA,CAAK,YAAA,KAAiB,MAAA,IAAa,IAAA,CAAK,mBAAA,KAAwB,MAAA;AAAA,EACzE,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb,CAAA,CACC,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,IAAI,IAAA,CAAK,mBAAA,KAAwB,MAAA,IAAa,IAAA,CAAK,kBAAkB,MAAA,EAAW;AAC9E,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAOK,IAAM,gCAAA,GAAmCA,EAC7C,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,qBAAqB,CAAA;AAAA;AAAA,EAGrC,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,EAAI,CAAE,WAAW,UAAU,CAAA;AAAA;AAAA,EAG9C,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AA6CI,SAAS,+BAA+B,KAAA,EAA0C;AACvF,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,IACE,OAAO,GAAA,CAAI,WAAA,KAAgB,QAAA,IAC3B,CAAC,mBAAA,CAAoB,IAAA,CAAK,GAAA,CAAI,WAAW,CAAA,IACzC,GAAA,CAAI,WAAA,CAAY,MAAA,GAAS,gBAAgB,mBAAA,EACzC;AACA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,uBAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IACE,OAAO,GAAA,CAAI,OAAA,KAAY,QAAA,IACvB,CAAC,eAAA,CAAgB,IAAA,CAAK,GAAA,CAAI,OAAO,CAAA,IACjC,GAAA,CAAI,OAAA,CAAQ,MAAA,GAAS,gBAAgB,eAAA,EACrC;AACA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,MAAM,gBAAgB,GAAA,CAAI,eAAA;AAC1B,EAAA,IAAI,MAAM,OAAA,CAAQ,aAAa,KAAK,aAAA,CAAc,MAAA,GAAS,gBAAgB,cAAA,EAAgB;AACzF,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,2BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,cAAc,MAAA,EAAW;AAC/B,IAAA,IACE,OAAO,GAAA,CAAI,SAAA,KAAc,QAAA,IACzB,CAAC,oBAAA,CAAqB,IAAA,CAAK,GAAA,CAAI,SAAS,CAAA,IACxC,GAAA,CAAI,SAAA,CAAU,MAAA,GAAS,gBAAgB,kBAAA,EACvC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,4BAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,GAAA,CAAI,sBAAsB,MAAA,EAAW;AACvC,IAAA,IACE,OAAO,IAAI,iBAAA,KAAsB,QAAA,IACjC,CAAC,uBAAA,CAAwB,IAAA,CAAK,GAAA,CAAI,iBAAiB,CAAA,EACnD;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,4BAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,EAAG;AAChC,IAAA,IAAI,aAAA,CAAc,QAAA,CAAS,GAAA,CAAI,OAAO,CAAA,EAAG;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,wBAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AACA,IAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,aAAa,CAAA;AAC3C,IAAA,IAAI,aAAA,CAAc,IAAA,KAAS,aAAA,CAAc,MAAA,EAAQ;AAC/C,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,wBAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,KAAK,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,OAAO,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,GAAG,OAAA,IAAW;AAAA,KAC5C;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAC3C;AAYO,SAAS,iBAAiB,EAAA,EAAwB;AACvD,EAAA,MAAM,UAAA,GAAa,MAAM,EAAE,CAAA,CAAA;AAC3B,EAAA,OAAO,gBAAA,CAAiB,MAAM,UAAU,CAAA;AAC1C;AAQO,SAAS,aAAa,EAAA,EAAoB;AAC/C,EAAA,MAAM,MAAA,GAAS,QAAQ,EAAE,CAAA,CAAA;AACzB,EAAA,OAAO,YAAA,CAAa,MAAM,MAAM,CAAA;AAClC;AASO,SAAS,wBAAwB,OAAA,EAAmC;AACzE,EAAA,OAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC5C;AAQO,SAAS,uBAAuB,OAAA,EAA8C;AACnF,EAAA,OAAO,qBAAA,CAAsB,SAAA,CAAU,OAAO,CAAA,CAAE,OAAA;AAClD;AASO,SAAS,mCACd,WAAA,EAC4B;AAC5B,EAAA,OAAO,gCAAA,CAAiC,MAAM,WAAW,CAAA;AAC3D;AAQO,SAAS,6BACd,WAAA,EAC2C;AAC3C,EAAA,OAAO,gCAAA,CAAiC,SAAA,CAAU,WAAW,CAAA,CAAE,OAAA;AACjE;AAQO,SAAS,yBAAyB,MAAA,EAAiC;AACxE,EAAA,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,WAAA;AACrE;AAQO,SAAS,qBAAqB,OAAA,EAAmC;AAEtE,EAAA,IAAI,OAAA,CAAQ,eAAA,CAAgB,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA,EAAG;AACrD,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,OAAA,CAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,aAAA,CAAc,IAAA,KAAS,OAAA,CAAQ,eAAA,CAAgB,MAAA,EAAQ;AACzD,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA;AACT;AAQO,SAAS,sBAAsB,MAAA,EAWlB;AAClB,EAAA,MAAM,OAAA,GAA2B;AAAA,IAC/B,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,eAAA,EAAkB,MAAA,CAAO,eAAA,IAAmB,EAAC;AAAA,IAC7C,GAAI,MAAA,CAAO,eAAA,IAAmB,EAAE,eAAA,EAAiB,OAAO,eAAA,EAAgB;AAAA,IACxE,GAAI,OAAO,wBAAA,IAA4B;AAAA,MACrC,0BAA0B,MAAA,CAAO;AAAA,KACnC;AAAA,IACA,GAAI,MAAA,CAAO,UAAA,KAAe,UAAa,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACvE,GAAI,MAAA,CAAO,UAAA,KAAe,UAAa,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACvE,GAAI,MAAA,CAAO,SAAA,IAAa,EAAE,SAAA,EAAW,OAAO,SAAA,EAAU;AAAA,IACtD,GAAI,MAAA,CAAO,SAAA,IAAa,EAAE,SAAA,EAAW,OAAO,SAAA,EAAU;AAAA,IACtD,GAAI,MAAA,CAAO,iBAAA,IAAqB,EAAE,iBAAA,EAAmB,OAAO,iBAAA;AAAkB,GAChF;AAGA,EAAA,MAAM,SAAA,GAAY,wBAAwB,OAAO,CAAA;AAGjD,EAAA,IAAI,CAAC,oBAAA,CAAqB,SAAS,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,SAAA;AACT;AA4BO,SAAS,iCACd,MAAA,EAC4B;AAC5B,EAAA,MAAM,WAAA,GAA0C;AAAA,IAC9C,IAAA,EAAM,qBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,GAAI,MAAA,CAAO,UAAA,IAAc,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACzD,QAAA,EAAU;AAAA,MACR,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,MAC/D,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,MAC/D,GAAI,MAAA,CAAO,mBAAA,IAAuB,EAAE,mBAAA,EAAqB,OAAO,mBAAA,EAAoB;AAAA,MACpF,GAAI,MAAA,CAAO,aAAA,KAAkB,UAAa,EAAE,aAAA,EAAe,OAAO,aAAA,EAAc;AAAA,MAChF,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,GAAI,MAAA,CAAO,iBAAA,IAAqB,EAAE,iBAAA,EAAmB,OAAO,iBAAA,EAAkB;AAAA,MAC9E,GAAI,MAAA,CAAO,aAAA,IAAiB,EAAE,aAAA,EAAe,OAAO,aAAA;AAAc;AACpE,GACF;AAEA,EAAA,OAAO,mCAAmC,WAAW,CAAA;AACvD;ACznBO,IAAM,yBAAA,GAA4B;AAQlC,IAAM,qBAAA,GAAwB;AAAA,EACnC,SAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,IAAM,qBAAA,GAAwB;AAAA,EACnC,CAAA,EAAG,IAAA;AAAA;AAAA,EACH,GAAG,IAAA,GAAO,IAAA;AAAA;AAAA,EACV,WAAA,EAAa,KAAA;AAAA;AAAA,EACb,UAAA,EAAY;AAAA;AACd;AAKO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAM,OAAA,EAAS,WAAW,UAAU;AAK7D,IAAM,eAAA,GAAkB,CAAC,WAAA,EAAa,UAAA,EAAY,uBAAuB;AAKzE,IAAM,gBAAA,GAAmB,CAAC,OAAA,EAAS,MAAA,EAAQ,aAAa;AAWxD,IAAM,gBAAA,GAAmB;AAAA,EAC9B,WAAA;AAAA,EACA,cAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAQO,IAAM,sBAAA,GAAyB,CAAC,OAAA,EAAS,mBAAmB;AAK5D,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,sBAAA,EAAwB,GAAA;AAAA;AAAA,EAExB,aAAA,EAAe,GAAA;AAAA;AAAA,EAEf,iBAAA,EAAmB,EAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,EAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,YAAA,EAAc,IAAA;AAAA;AAAA,EAEd,eAAA,EAAiB,EAAA;AAAA;AAAA,EAEjB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAEpB,yBAAA,EAA2B,GAAA;AAAA;AAAA,EAE3B,mBAAA,EAAqB;AACvB;AASA,SAAS,aAAa,IAAA,EAAuB;AAC3C,EAAA,OAAO,IAAA,CAAK,WAAW,OAAO,CAAA;AAChC;AAKA,SAAS,iBAAiB,IAAA,EAAuB;AAC/C,EAAA,OAAO,KAAK,UAAA,CAAW,OAAO,CAAA,IAAK,IAAA,CAAK,WAAW,KAAK,CAAA;AAC1D;AAKA,SAAS,mBAAmB,IAAA,EAAuB;AACjD,EAAA,OAAO,uBAAuB,IAAA,CAAK,CAAC,WAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAA;AACxE;AAMA,SAAS,sBAAsB,QAAA,EAAwD;AACrF,EAAA,IAAI,CAAC,UAAU,OAAO,KAAA;AACtB,EAAA,IAAI,OAAO,SAAS,GAAA,KAAQ,QAAA,IAAY,SAAS,GAAA,CAAI,MAAA,GAAS,GAAG,OAAO,IAAA;AACxE,EAAA,OAAO,KAAA;AACT;AAeO,IAAM,mBAAA,GAAsB;AAa5B,IAAM,qBAAA,GACX;AAKK,IAAM,oBAAA,GAAuB;AAS7B,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,qBAAqB;AAKpD,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAK,eAAA;AAAA;AAAA,EAEL,OAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,sBAAsB,gCAAgC,CAAA;AAAA;AAAA,EAE9E,OAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA;AAC1B,CAAC,EACA,MAAA;AAKI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,YAAA;AAAA;AAAA,EAER,SAAA,EAAWA,CAAAA,CAAE,IAAA,CAAK,eAAe;AACnC,CAAC,EACA,MAAA;AAKI,IAAM,cAAA,GAAiBA,EAC3B,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,iBAAiB,CAAA;AAAA;AAAA,EAEpE,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEtE,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzE,aAAA,EAAe,aAAa,QAAA;AAC9B,CAAC,EACA,MAAA;AAKI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,iBAAiB,CAAA;AAAA;AAAA,EAEhE,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAExE,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA;AAC/D,CAAC,EACA,MAAA;AAKI,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,YAAY,EAAE,QAAA,EAAS;AAAA;AAAA,EAE9D,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,eAAe,EAAE,QAAA;AAC7D,CAAC,EACA,MAAA;AAKI,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,eAAe,CAAA;AAAA;AAAA,EAE9B,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,kBAAkB,EAAE,QAAA,EAAS;AAAA;AAAA,EAE3E,SAAA,EAAWA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACzB,CAAC,EACA,MAAA;AAKI,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,CAAAA,CAAE,IAAA,CAAK,gBAAgB,CAAA;AAAA;AAAA,EAEjC,eAAA,EAAiBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAEtC,QAAA,EAAUA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,uBAAA,EAAyB,aAAa,QAAA;AACxC,CAAC,EACA,MAAA;AAKI,IAAM,UAAA,GAAaA,EACvB,MAAA,CAAO;AAAA;AAAA,EAEN,iBAAA,EAAmBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,yBAAyB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzF,mBAAA,EAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,mBAAmB,EAAE,QAAA;AAC9E,CAAC,EACA,MAAA;AAKI,IAAM,UAAA,GAAaA,CAAAA,CACvB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA,CACpC,KAAA,CAAM,qBAAqB,qBAAqB;AAKnD,IAAM,gCAAA,GAAmCA,EACtC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,sBAAsB,CAAA;AAAA;AAAA,EAG/E,IAAA,EAAM,UAAA;AAAA;AAAA,EAGN,QAAA,EAAU,cAAA;AAAA;AAAA,EAGV,IAAA,EAAM,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGhC,QAAA,EAAU,qBAAqB,QAAA,EAAS;AAAA;AAAA,EAGxC,KAAA,EAAO,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGjC,MAAA,EAAQ,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGlC,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGhC,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG7C,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA,EAGrD,MAAA,EAAQ,aAAa,QAAA,EAAS;AAAA;AAAA,EAG9B,MAAA,EAAQ,oBAAoB,QAAA,EAAS;AAAA;AAAA,EAGrC,IAAA,EAAM,WAAW,QAAA,EAAS;AAAA;AAAA,EAG1B,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAChD,CAAC,EACA,MAAA,EAAO;AASH,IAAM,+BAA+B,gCAAA,CAAiC,WAAA;AAAA,EAC3E,CAAC,IAAI,GAAA,KAAQ;AAEX,IAAA,IAAI,EAAA,CAAG,YAAA,IAAgB,EAAA,CAAG,UAAA,EAAY;AACpC,MAAA,MAAM,YAAY,IAAI,IAAA,CAAK,EAAA,CAAG,UAAU,EAAE,OAAA,EAAQ;AAClD,MAAA,MAAM,cAAc,IAAI,IAAA,CAAK,EAAA,CAAG,YAAY,EAAE,OAAA,EAAQ;AACtD,MAAA,IAAI,cAAc,SAAA,EAAW;AAC3B,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,oCAAA;AAAA,UACT,IAAA,EAAM,CAAC,cAAc;AAAA,SACtB,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,EAAA,CAAG,MAAA,IAAU,CAAC,EAAA,CAAG,QAAQ,MAAA,EAAQ;AACnC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,kDAAA;AAAA,QACT,IAAA,EAAM,CAAC,QAAQ;AAAA,OAChB,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,EAAA,CAAG,MAAA,EAAQ,MAAA,KAAW,OAAA,EAAS;AACjC,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,EAAA,CAAG,MAAA,CAAO,UAAU,CAAA;AACjD,MAAA,MAAM,qBAAA,GACJ,GAAG,UAAA,KAAe,MAAA,IAAa,OAAO,IAAA,CAAK,EAAA,CAAG,UAAU,CAAA,CAAE,MAAA,GAAS,CAAA;AACrE,MAAA,IAAI,CAAC,YAAA,IAAgB,CAAC,qBAAA,EAAuB;AAC3C,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,kEAAA;AAAA,UACT,IAAA,EAAM,CAAC,QAAA,EAAU,YAAY;AAAA,SAC9B,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,GAAG,UAAA,EAAY;AACjB,MAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,EAAA,CAAG,UAAU,CAAA,EAAG;AAC5C,QAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,GAAG,CAAA,EAAG;AACpC,UAAA,GAAA,CAAI,QAAA,CAAS;AAAA,YACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,YACrB,OAAA,EAAS,iCAAiC,GAAG,CAAA,qCAAA,CAAA;AAAA,YAC7C,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,WACzB,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAIA,IAAA,IACE,kBAAA,CAAmB,GAAG,IAAI,CAAA,IAC1B,CAAC,gBAAA,CAAiB,QAAA,CAAS,EAAA,CAAG,IAAyC,CAAA,EACvE;AACA,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,sBAAA,CAAA;AAAA,QACzB,IAAA,EAAM,CAAC,MAAM;AAAA,OACd,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,aAAa,EAAA,CAAG,IAAI,CAAA,IAAK,CAAC,GAAG,IAAA,EAAM;AACrC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,qBAAA,CAAA;AAAA,QACzB,IAAA,EAAM,CAAC,MAAM;AAAA,OACd,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,gBAAA,CAAiB,EAAA,CAAG,IAAI,CAAA,EAAG;AAC7B,MAAA,IAAI,CAAC,GAAG,QAAA,EAAU;AAChB,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,yBAAA,CAAA;AAAA,UACzB,IAAA,EAAM,CAAC,UAAU;AAAA,SAClB,CAAA;AAAA,MACH,CAAA,MAAA,IAAW,CAAC,qBAAA,CAAsB,EAAA,CAAG,QAAmC,CAAA,EAAG;AACzE,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,uCAAA,CAAA;AAAA,UACzB,IAAA,EAAM,CAAC,UAAA,EAAY,KAAK;AAAA,SACzB,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAkFO,SAAS,2BAA2B,KAAA,EAA6C;AACtF,EAAA,MAAM,SAA4B,EAAC;AACnC,EAAA,MAAM,WAAgC,EAAC;AAGvC,EAAA,IAAI,OAAO,UAAU,QAAA,IAAY,KAAA,KAAU,QAAQ,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACvE,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ;AAAA,QACN;AAAA,UACE,IAAA,EAAM,8BAAA;AAAA,UACN,OAAA,EAAS;AAAA;AACX,OACF;AAAA,MACA,UAAU;AAAC,KACb;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,IAAI,OAAO,GAAA,CAAI,cAAA,KAAmB,YAAY,GAAA,CAAI,cAAA,CAAe,WAAW,CAAA,EAAG;AAC7E,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,0BAAA;AAAA,MACN,OAAA,EAAS,4BAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAA,IAAW,GAAA,CAAI,cAAA,CAAe,MAAA,GAAS,mBAAmB,sBAAA,EAAwB;AAChF,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,CAAA,mCAAA,EAAsC,kBAAA,CAAmB,sBAAsB,CAAA,CAAA,CAAA;AAAA,MACxF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAIA,EAAA,IAAI,OAAO,GAAA,CAAI,IAAA,KAAS,YAAY,GAAA,CAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACzD,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,4BAAA;AAAA,MACN,OAAA,EAAS,kBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAA,IAAW,IAAI,IAAA,CAAK,MAAA,GAAS,KAAK,GAAA,CAAI,IAAA,CAAK,MAAA,GAAS,kBAAA,CAAmB,aAAA,EAAe;AACpF,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,mCAAA;AAAA,MACN,OAAA,EAAS,CAAA,eAAA,EAAkB,kBAAA,CAAmB,aAAa,CAAA,WAAA,CAAA;AAAA,MAC3D,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,WAAW,CAAC,mBAAA,CAAoB,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,mCAAA;AAAA,MACN,OAAA,EAAS,8EAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AAEL,IAAA,KAAA,MAAW,UAAU,sBAAA,EAAwB;AAC3C,MAAA,IAAI,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA,IAAK,CAAC,gBAAA,CAAiB,QAAA,CAAS,GAAA,CAAI,IAAa,CAAA,EAAG;AAChF,QAAA,MAAA,CAAO,IAAA,CAAK;AAAA,UACV,IAAA,EAAM,6BAAA;AAAA,UACN,OAAA,EAAS,CAAA,MAAA,EAAS,GAAA,CAAI,IAAI,2BAA2B,MAAM,CAAA,CAAA,CAAA;AAAA,UAC3D,KAAA,EAAO;AAAA,SACR,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IACE,MAAA,CAAO,WAAW,CAAA,IAClB,CAAC,iBAAiB,QAAA,CAAS,GAAA,CAAI,IAAyC,CAAA,EACxE;AACA,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,IAAA,EAAM,iCAAA;AAAA,QACN,OAAA,EAAS,CAAA,MAAA,EAAS,GAAA,CAAI,IAAI,CAAA,mCAAA,CAAA;AAAA,QAC1B,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAKA,EAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,EAAU;AACtC,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,kCAAA;AAAA,MACN,OAAA,EAAS,wBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AACL,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA;AAC7C,IAAA,IAAI,KAAA,CAAM,aAAA,CAAc,OAAA,EAAS,CAAA,EAAG;AAClC,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,kCAAA;AAAA,QACN,OAAA,EAAS,8CAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,aAAa,IAAA,EAAM;AAC7D,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,gCAAA;AAAA,MACN,OAAA,EAAS,sBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AACL,IAAA,MAAM,WAAW,GAAA,CAAI,QAAA;AACrB,IAAA,IAAI,OAAO,QAAA,CAAS,QAAA,KAAa,YAAY,QAAA,CAAS,QAAA,CAAS,WAAW,CAAA,EAAG;AAC3E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,gCAAA;AAAA,QACN,OAAA,EAAS,+BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAA,IAAW,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,mBAAmB,iBAAA,EAAmB;AAC1E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,CAAA,sCAAA,EAAyC,kBAAA,CAAmB,iBAAiB,CAAA,CAAA,CAAA;AAAA,QACtF,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAS;AAAA,EAC1C;AAGA,EAAA,MAAM,cAAA,GAAiB,CACrB,MAAA,EACA,SAAA,KACkD;AAClD,IAAA,MAAM,eAAkC,EAAC;AACzC,IAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,IAAA,EAAM;AACjD,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,0BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AACD,MAAA,OAAO,EAAE,MAAA,EAAQ,YAAA,EAAc,KAAA,EAAO,KAAA,EAAM;AAAA,IAC9C;AACA,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,IAAI,CAAC,qBAAA,CAAsB,QAAA,CAAS,CAAA,CAAE,GAAgB,CAAA,EAAG;AACvD,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,kCAAA;AAAA,QACN,OAAA,EAAS,CAAA,2BAAA,EAA8B,qBAAA,CAAsB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,QACvE,KAAA,EAAO,GAAG,SAAS,CAAA,IAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,IAAI,OAAO,EAAE,KAAA,KAAU,QAAA,IAAY,CAAC,oBAAA,CAAqB,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA,EAAG;AACtE,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,6CAAA;AAAA,QACT,KAAA,EAAO,GAAG,SAAS,CAAA,MAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,IAAI,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IAAY,CAAC,MAAA,CAAO,SAAA,CAAU,CAAA,CAAE,KAAK,CAAA,IAAK,CAAA,CAAE,KAAA,GAAQ,CAAA,EAAG;AAC5E,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,6CAAA;AAAA,QACT,KAAA,EAAO,GAAG,SAAS,CAAA,MAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,YAAA,EAAc,KAAA,EAAO,YAAA,CAAa,WAAW,CAAA,EAAE;AAAA,EAClE,CAAA;AAGA,EAAA,IAAI,GAAA,CAAI,UAAU,MAAA,EAAW;AAC3B,IAAA,MAAM,WAAW,GAAA,CAAI,KAAA;AACrB,IAAA,IAAI,QAAA,CAAS,WAAW,MAAA,EAAW;AACjC,MAAA,MAAM,MAAA,GAAS,cAAA,CAAe,QAAA,CAAS,MAAA,EAAQ,cAAc,CAAA;AAC7D,MAAA,MAAA,CAAO,IAAA,CAAK,GAAG,MAAA,CAAO,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,YAAY,GAAA,CAAI,MAAA;AACtB,IAAA,IAAI,SAAA,CAAU,WAAW,MAAA,EAAW;AAClC,MAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,MAAA,EAAQ,eAAe,CAAA;AAC/D,MAAA,MAAA,CAAO,IAAA,CAAK,GAAG,MAAA,CAAO,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,CAAI,YAAA,KAAiB,YAAY,OAAO,GAAA,CAAI,eAAe,QAAA,EAAU;AAC9E,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,OAAA,EAAQ;AACnD,IAAA,MAAM,cAAc,IAAI,IAAA,CAAK,GAAA,CAAI,YAAY,EAAE,OAAA,EAAQ;AACvD,IAAA,IAAI,CAAC,MAAM,SAAS,CAAA,IAAK,CAAC,KAAA,CAAM,WAAW,CAAA,IAAK,WAAA,GAAc,SAAA,EAAW;AACvE,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,oCAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,IAAA,IAAI,CAAC,QAAQ,MAAA,EAAQ;AACnB,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,kDAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAIA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,IAAA,IAAI,MAAA,CAAO,WAAW,OAAA,EAAS;AAC7B,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,UAAU,CAAA;AAC9C,MAAA,MAAM,wBACJ,GAAA,CAAI,UAAA,KAAe,MAAA,IACnB,OAAO,IAAI,UAAA,KAAe,QAAA,IAC1B,GAAA,CAAI,UAAA,KAAe,QACnB,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,UAAoB,EAAE,MAAA,GAAS,CAAA;AACjD,MAAA,IAAI,CAAC,YAAA,IAAgB,CAAC,qBAAA,EAAuB;AAC3C,QAAA,MAAA,CAAO,IAAA,CAAK;AAAA,UACV,IAAA,EAAM,oCAAA;AAAA,UACN,OAAA,EAAS,yEAAA;AAAA,UACT,KAAA,EAAO;AAAA,SACR,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,eAAe,MAAA,EAAW;AAChC,IAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,eAAe,IAAA,EAAM;AACjE,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,8BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAO;AACL,MAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,UAAoB,CAAA,EAAG;AACvD,QAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,GAAG,CAAA,EAAG;AACpC,UAAA,MAAA,CAAO,IAAA,CAAK;AAAA,YACV,IAAA,EAAM,qCAAA;AAAA,YACN,OAAA,EAAS,kCAAkC,GAAG,CAAA,sCAAA,CAAA;AAAA,YAC9C,KAAA,EAAO,cAAc,GAAG,CAAA;AAAA,WACzB,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,KAAS,MAAA;AAC7B,EAAA,MAAM,WAAA,GAAc,IAAI,QAAA,KAAa,MAAA;AAGrC,EAAA,IAAI,YAAA,CAAa,IAAI,CAAA,IAAK,CAAC,OAAA,EAAS;AAClC,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,SAAS,IAAI,CAAA,qBAAA,CAAA;AAAA,MACtB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,gBAAA,CAAiB,IAAI,CAAA,EAAG;AAC1B,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,SAAS,IAAI,CAAA,yBAAA,CAAA;AAAA,QACtB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAA,IAAW,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAmC,CAAA,EAAG;AAC1E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,SAAS,IAAI,CAAA,uCAAA,CAAA;AAAA,QACtB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACnD,IAAA,QAAA,CAAS,IAAA,CAAK;AAAA,MACZ,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,4CAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAS;AAAA,EAC1C;AAGA,EAAA,MAAM,SAAA,GAAY,4BAAA,CAA6B,SAAA,CAAU,KAAK,CAAA;AAC9D,EAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ;AAAA,QACN;AAAA,UACE,IAAA,EAAM,8BAAA;AAAA,UACN,SAAS,SAAA,CAAU,KAAA,CAAM,MAAA,CAAO,CAAC,GAAG,OAAA,IAAW,0BAAA;AAAA,UAC/C,KAAA,EAAO,UAAU,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,EAAG,IAAA,CAAK,KAAK,GAAG;AAAA;AACjD,OACF;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,KAAA,EAAO,SAAA,CAAU,MAAM,QAAA,EAAS;AACxD;AA6CO,SAAS,oBAAoB,KAAA,EAAwC;AAC1E,EAAA,MAAM,MAAA,GAAS,2BAA2B,KAAK,CAAA;AAC/C,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA;AAClC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,YAAY,UAAA,EAAY,IAAA;AAAA,IACxB,aAAa,UAAA,EAAY;AAAA,GAC3B;AACF;AASO,SAAS,4BAA4B,QAAA,EAA2C;AACrF,EAAA,OAAO,4BAAA,CAA6B,MAAM,QAAQ,CAAA;AACpD;AAQO,SAAS,2BAA2B,QAAA,EAAuD;AAChG,EAAA,OAAO,4BAAA,CAA6B,SAAA,CAAU,QAAQ,CAAA,CAAE,OAAA;AAC1D;AAQO,SAAS,gBAAgB,IAAA,EAAyD;AACvF,EAAA,OAAO,gBAAA,CAAiB,SAAS,IAAyC,CAAA;AAC5E;AAQO,SAAS,qBAAqB,IAAA,EAAuB;AAC1D,EAAA,OAAO,uBAAuB,IAAA,CAAK,CAAC,WAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAA;AACxE;AAQO,SAAS,kBAAkB,MAAA,EAAyB;AACzD,EAAA,OAAO,MAAA,CAAO,GAAA,CAAI,UAAA,CAAW,gBAAgB,CAAA;AAC/C;AAYO,SAAS,eAAe,OAAA,EAA2D;AACxF,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,UAAA,GAAa,yBAAyB,CAAA;AAGjE;AAQO,SAAS,cAAA,CAAe,SAAuB,WAAA,EAA2C;AAC/F,EAAA,IAAI,CAAC,QAAQ,QAAA,EAAU;AACrB,IAAA,OAAA,CAAQ,WAAW,EAAC;AAAA,EACtB;AACA,EAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,CAAS,UAAA,EAAY;AAChC,IAAA,OAAA,CAAQ,QAAA,CAAS,aAAa,EAAC;AAAA,EACjC;AACA,EAAA,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,yBAAyB,CAAA,GAAI,WAAA;AAC3D;AAQO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,UAAA,GAAa,yBAAyB,CAAA,KAAM,MAAA;AACvE;AAwCO,SAAS,kBAAkB,QAAA,EAAqC;AACrE,EAAA,MAAM,WAAA,GAAc,eAAe,QAAQ,CAAA;AAC3C,EAAA,MAAM,QAAA,GAAW,QAAA,CAAS,IAAA,EAAM,UAAA,GAAa,2BAA2B,CAAA;AAIxE,EAAA,OAAO;AAAA,IACL,QAAA;AAAA,IACA,WAAA;AAAA,IACA,YAAA,EAAc,WAAA,GAAc,CAAC,WAAW,IAAI,EAAC;AAAA,IAC7C;AAAA,GACF;AACF;AA+DO,SAAS,0BAA0B,MAAA,EAAyD;AACjG,EAAA,MAAM,QAAA,GAAmC;AAAA,IACvC,gBAAgB,MAAA,CAAO,cAAA;AAAA,IACvB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,QAAA,EAAU;AAAA,MACR,QAAA,EAAU,OAAO,QAAA,CAAS,QAAA;AAAA,MAC1B,GAAI,OAAO,QAAA,CAAS,OAAA,IAAW,EAAE,OAAA,EAAS,MAAA,CAAO,SAAS,OAAA,EAAQ;AAAA,MAClE,GAAI,OAAO,QAAA,CAAS,SAAA,IAAa,EAAE,SAAA,EAAW,MAAA,CAAO,SAAS,SAAA,EAAU;AAAA,MACxE,GAAI,OAAO,QAAA,CAAS,aAAA,IAAiB,EAAE,aAAA,EAAe,MAAA,CAAO,SAAS,aAAA;AAAc,KACtF;AAAA,IACA,GAAI,MAAA,CAAO,IAAA,IAAQ,EAAE,IAAA,EAAM,OAAO,IAAA,EAAK;AAAA,IACvC,GAAI,MAAA,CAAO,QAAA,IAAY,EAAE,QAAA,EAAU,OAAO,QAAA,EAAS;AAAA,IACnD,GAAI,MAAA,CAAO,KAAA,IAAS,EAAE,KAAA,EAAO,OAAO,KAAA,EAAM;AAAA,IAC1C,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,IAC/D,GAAI,MAAA,CAAO,WAAA,KAAgB,UAAa,EAAE,WAAA,EAAa,OAAO,WAAA,EAAY;AAAA,IAC1E,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,GAAI,MAAA,CAAO,IAAA,IAAQ,EAAE,IAAA,EAAM,OAAO,IAAA,EAAK;AAAA,IACvC,GAAI,MAAA,CAAO,UAAA,IAAc,EAAE,UAAA,EAAY,OAAO,UAAA;AAAW,GAC3D;AAEA,EAAA,OAAO,4BAA4B,QAAQ,CAAA;AAC7C;ACxmCO,IAAM,qBAAqBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,YAAA,EAAc,YAAY,CAAC;AAMxE,IAAM,cAAA,GAAiB,CAAC,QAAA,EAAU,YAAA,EAAc,YAAY;AAa5D,IAAM,yBAAyBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,WAAA,EAAa,MAAM,CAAC;AAMrE,IAAM,kBAAA,GAAqB,CAAC,QAAA,EAAU,WAAA,EAAa,MAAM;AAqBzD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,OAAA,EAAQ;AAAA;AAAA,EAGpB,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGlD,MAAA,EAAQ,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAGpC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA;AACpC,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,MAAM,GAAA,KAAQ;AAE1B,EAAA,IAAI,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,IAAA,CAAK,WAAA,IAAe,CAAC,IAAA,CAAK,MAAA,EAAQ;AAC5E,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EACE,iGAAA;AAAA,MACF,IAAA,EAAM,CAAC,UAAU;AAAA,KAClB,CAAA;AAAA,EACH;AACF,CAAC;AAuBI,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,sBAAA;AAAA;AAAA,EAGN,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3C,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7C,QAAA,EAAUA,CAAAA,CACP,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,CAAC,CAAA,CACL,KAAA,CAAM,iBAAiB,EACvB,QAAA;AACL,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,MAAM,GAAA,KAAQ;AAE1B,EAAA,IAAA,CAAK,IAAA,CAAK,SAAS,QAAA,IAAY,IAAA,CAAK,SAAS,WAAA,KAAgB,CAAC,KAAK,WAAA,EAAa;AAC9E,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,mDAAA,EAAsD,IAAA,CAAK,IAAI,CAAA,CAAA,CAAA;AAAA,MACxE,IAAA,EAAM,CAAC,aAAa;AAAA,KACrB,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,KAAe,MAAA,IAAa,CAAC,KAAK,QAAA,EAAU;AACnD,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,mDAAA;AAAA,MACT,IAAA,EAAM,CAAC,UAAU;AAAA,KAClB,CAAA;AAAA,EACH;AACF,CAAC;AAUI,IAAM,yBAAA,GAA4B;AA2BlC,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,uBAAuB,QAAA,EAAS;AAAA;AAAA,EAGxC,YAAA,EAAc,6BAA6B,QAAA;AAC7C,CAAC,EACA,MAAA;AAaI,SAAS,yBACd,IAAA,EACsE;AACtE,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,IAAI,CAAA;AACpD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,+BACd,IAAA,EAC4E;AAC5E,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,SAAA,CAAU,IAAI,CAAA;AAC1D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAkBO,SAAS,6BACd,IAAA,EAC0E;AAC1E,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,SAAA,CAAU,IAAI,CAAA;AACxD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,4BACd,UAAA,EACkC;AAClC,EAAA,IAAI,CAAC,UAAA,IAAc,EAAE,yBAAA,IAA6B,UAAA,CAAA,EAAa;AAC7D,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,UAAA,CAAW,yBAAyB,CAAC,CAAA;AACjF,EAAA,IAAI,OAAO,EAAA,EAAI;AACb,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,iBAAiB,WAAA,EAAwD;AACvF,EAAA,OAAO,WAAA,EAAa,QAAQ,QAAA,KAAa,IAAA;AAC3C;AAQO,SAAS,uBAAuB,WAAA,EAAwD;AAC7F,EAAA,MAAM,IAAA,GAAO,aAAa,YAAA,EAAc,IAAA;AACxC,EAAA,OAAO,IAAA,KAAS,YAAY,IAAA,KAAS,WAAA;AACvC;AAQO,SAAS,uBAAuB,MAAA,EAKd;AACvB,EAAA,MAAM,MAAA,GAA2B,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA,EAAS;AAC7D,EAAA,IAAI,MAAA,CAAO,YAAA,EAAc,MAAA,CAAO,YAAA,GAAe,MAAA,CAAO,YAAA;AACtD,EAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,MAAA;AAC1C,EAAA,IAAI,MAAA,CAAO,WAAA,EAAa,MAAA,CAAO,WAAA,GAAc,MAAA,CAAO,WAAA;AACpD,EAAA,OAAO,EAAE,MAAA,EAAO;AAClB;AAQO,SAAS,6BAA6B,MAAA,EAKpB;AACvB,EAAA,MAAM,YAAA,GAAuC,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAK;AACjE,EAAA,IAAI,MAAA,CAAO,WAAA,EAAa,YAAA,CAAa,WAAA,GAAc,MAAA,CAAO,WAAA;AAC1D,EAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,YAAA,CAAa,aAAa,MAAA,CAAO,UAAA;AACtE,EAAA,IAAI,MAAA,CAAO,QAAA,EAAU,YAAA,CAAa,QAAA,GAAW,MAAA,CAAO,QAAA;AACpD,EAAA,OAAO,EAAE,YAAA,EAAa;AACxB;AASO,SAAS,0BAAA,CACd,QAMA,YAAA,EAMsB;AACtB,EAAA,MAAM,SAA+B,EAAC;AAEtC,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,MAAA,CAAO,MAAA,GAAS,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA,EAAS;AAC5C,IAAA,IAAI,MAAA,CAAO,YAAA,EAAc,MAAA,CAAO,MAAA,CAAO,eAAe,MAAA,CAAO,YAAA;AAC7D,IAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAA,CAAO,SAAS,MAAA,CAAO,MAAA;AACjD,IAAA,IAAI,MAAA,CAAO,WAAA,EAAa,MAAA,CAAO,MAAA,CAAO,cAAc,MAAA,CAAO,WAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAA,CAAO,YAAA,GAAe,EAAE,IAAA,EAAM,YAAA,CAAa,IAAA,EAAK;AAChD,IAAA,IAAI,YAAA,CAAa,WAAA,EAAa,MAAA,CAAO,YAAA,CAAa,cAAc,YAAA,CAAa,WAAA;AAC7E,IAAA,IAAI,aAAa,UAAA,KAAe,MAAA;AAC9B,MAAA,MAAA,CAAO,YAAA,CAAa,aAAa,YAAA,CAAa,UAAA;AAChD,IAAA,IAAI,YAAA,CAAa,QAAA,EAAU,MAAA,CAAO,YAAA,CAAa,WAAW,YAAA,CAAa,QAAA;AAAA,EACzE;AAEA,EAAA,OAAO,MAAA;AACT;AClWO,IAAM,wBAAA,GAA2B;AAQjC,IAAM,0BAAA,GAA6B;AAKnC,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,eAAA,EAAiB,IAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,IAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,GAAA;AAAA;AAAA,EAElB,aAAA,EAAe,IAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,EAAA;AAAA;AAAA,EAEjB,aAAA,EAAe,GAAA;AAAA;AAAA,EAEf,aAAA,EAAe;AACjB;AASA,IAAMC,YAAWD,CAAAA,CACd,MAAA,EAAO,CACP,GAAA,GACA,GAAA,CAAI,kBAAA,CAAmB,eAAe,CAAA,CACtC,OAAO,CAAC,GAAA,KAAQ,IAAI,UAAA,CAAW,UAAU,GAAG,mBAAmB,CAAA;AAKlE,IAAME,OAAAA,GAASF,CAAAA,CACZ,MAAA,EAAO,CACP,KAAA;AAAA,EACC,wEAAA;AAAA,EACA;AACF,CAAA;AAWK,IAAM,+BAAA,GAAkCA,EAC5C,MAAA,CAAO;AAAA;AAAA,EAEN,QAAQA,CAAAA,CACL,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,eAAe,EACtC,SAAA,CAAU,CAAC,CAAA,KAAM,CAAA,CAAE,aAAa,CAAA;AAAA;AAAA,EAEnC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA;AAAA;AAAA,EAE5D,MAAA,EAAQA,CAAAA,CACL,MAAA,EAAO,CACP,GAAA,EAAI,CACJ,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA,CACpC,GAAA,CAAI,kBAAA,CAAmB,aAAa;AACzC,CAAC,EACA,MAAA;AAOI,IAAM,2BAAA,GAA8BA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAGA,CAAAA,CAAE,SAAS;AASpE,IAAM,8BAAA,GAAiCA,EAC3C,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKC,SAAAA;AAAA;AAAA,EAEL,GAAA,EAAKA,SAAAA;AAAA;AAAA,EAEL,KAAKD,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA;AAAA,EAElC,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA;AAAA,EAElC,GAAA,EAAKE,OAAAA;AAAA;AAAA,EAEL,GAAA,EAAKF,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAElE,GAAA,EAAK,4BAA4B,QAAA;AACnC,CAAC,EACA,MAAA;AA6BI,SAAS,iCAAiC,KAAA,EAA6C;AAC5F,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,KAAK,CAAA;AAC7D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,UAAA,EAAY,8BAAA;AAAA,IACZ,aAAA,EAAe,YAAY,OAAA,IAAW;AAAA,GACxC;AACF;AAQO,SAAS,2BAA2B,MAAA,EAAqD;AAC9F,EAAA,OAAO,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,CAAE,OAAA;AAC1D;AAQO,SAAS,kCAAkC,KAAA,EAA6C;AAC7F,EAAA,MAAM,MAAA,GAAS,+BAAA,CAAgC,SAAA,CAAU,KAAK,CAAA;AAC9D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,UAAA,EAAY,mCAAA;AAAA,IACZ,aAAA,EAAe,YAAY,OAAA,IAAW;AAAA,GACxC;AACF;AAQO,SAAS,4BACd,OAAA,EACsC;AACtC,EAAA,OAAO,+BAAA,CAAgC,SAAA,CAAU,OAAO,CAAA,CAAE,OAAA;AAC5D;AAiCO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,OAAO,SAAA,IAAa,GAAA;AAItC,EAAA,IAAI,mBAAmB,MAAA,CAAO,MAAA;AAC9B,EAAA,OAAO,gBAAA,CAAiB,QAAA,CAAS,GAAG,CAAA,EAAG;AACrC,IAAA,gBAAA,GAAmB,gBAAA,CAAiB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,GAAA,GAA+B,EAAE,GAAG,MAAA,CAAO,UAAA,EAAW;AAC5D,EAAA,IAAI,OAAO,WAAA,EAAa;AACtB,IAAA,GAAA,CAAI,0BAA0B,IAAI,MAAA,CAAO,WAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,MAAA,GAAmC;AAAA,IACvC,GAAA,EAAK,gBAAA;AAAA,IACL,KAAK,MAAA,CAAO,QAAA;AAAA,IACZ,GAAA,EAAK,GAAA;AAAA,IACL,KAAK,GAAA,GAAM,SAAA;AAAA,IACX,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,GAAI,MAAA,CAAO,GAAA,IAAO,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IACpC,GAAI,OAAO,IAAA,CAAK,GAAG,EAAE,MAAA,GAAS,CAAA,IAAK,EAAE,GAAA;AAAI,GAC3C;AAEA,EAAA,OAAO,8BAAA,CAA+B,MAAM,MAAM,CAAA;AACpD;AAeO,SAAS,kBAAkB,MAAA,EAA0C;AAC1E,EAAA,OAAO,EAAE,KAAA,IAAS,MAAA,CAAA,IAAW,EAAE,KAAA,IAAS,MAAA,CAAA,IAAW,EAAE,SAAA,IAAa,MAAA,CAAA;AACpE;AAQO,SAAS,iBAAiB,MAAA,EAA0C;AACzE,EAAA,OAAO,KAAA,IAAS,MAAA,IAAU,KAAA,IAAS,MAAA,IAAU,SAAA,IAAa,MAAA;AAC5D;AChSO,IAAM,wBAAA,GAA2B;AAAA;AAAA,EAEtC,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,SAAA,EAAW,KAAA;AAAA,EACX,WAAA,EAAa,IAAA;AAAA;AAAA,EAEb,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,UAAA,EAAY,KAAA;AAAA,EACZ,YAAA,EAAc,IAAA;AAAA;AAAA,EAEd,IAAA,EAAM;AACR;AAOO,IAAMG,oBAAmBH,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA,CAAM,yBAAyB,2CAA2C;AAGtE,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA;AAAA,EACC,kDAAA;AAAA,EACA;AACF;AAGK,IAAM,sBAAsBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,WAAW,CAAC;AAMzD,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,IAAI,CAAA,CACR,OAAO,CAAC,GAAA,KAAQ,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAAA,EAC3C,OAAA,EAAS;AACX,CAAC,CAAA,CACA,MAAA;AAAA,EACC,CAAC,GAAA,KAAQ;AACP,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,MAAA,OAAO,CAAC,MAAA,CAAO,QAAA,IAAY,CAAC,MAAA,CAAO,QAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAGK,IAAM,yBAAA,GAA4BA,EAAE,MAAA,CAAO;AAAA,EAChD,WAAA,EAAaG,iBAAAA;AAAA,EACb,WAAA,EAAa,iBAAiB,QAAA,EAAS;AAAA,EACvC,WAAA,EAAa,iBAAiB,QAAA,EAAS;AAAA,EACvC,cAAA,EAAgBH,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC9E,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC7E,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC7E,uBAAA,EAAyBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EACvF,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC9E,kBAAA,EAAoBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAClF,eAAA,EAAiBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA;AACxE,CAAC;AAGM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,MAAA,EAAQ,mBAAA;AAAA,EACR,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EACpC,WAAWA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA;AACjC,CAAC;AAaD,eAAsB,kBAAkB,GAAA,EAAkC;AACxE,EAAA,IAAI,CAAC,UAAA,CAAW,MAAA,EAAQ,MAAA,EAAQ;AAC9B,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,GAAG,CAAA;AACzC,EAAA,MAAM,OAAO,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAClE,EAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAI,WAAW,IAAI,CAAC,EACxC,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAC,CAAA,CAC1C,IAAA,CAAK,EAAE,CAAA;AACV,EAAA,OAAO,UAAU,GAAG,CAAA,CAAA;AACtB;AAgBO,SAAS,0BAAA,CACd,SACA,IAAA,EACyB;AACzB,EAAA,MAAM,aAAuB,EAAC;AAG9B,EAAA,MAAM,SAAA,GAAYG,iBAAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,EAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,IAAA,UAAA,CAAW,IAAA,CAAK,CAAA,4BAAA,EAA+B,OAAA,CAAQ,WAAW,CAAA,CAAE,CAAA;AAAA,EACtE;AAGA,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,IAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,MAAA,UAAA,CAAW,KAAK,qDAAqD,CAAA;AAAA,IACvE;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AACzC,EAAA,MAAM,YAAY,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,UAAU,CAAA,CAAE,UAAA;AACvD,EAAA,IAAI,SAAA,GAAY,KAAK,QAAA,EAAU;AAC7B,IAAA,UAAA,CAAW,IAAA;AAAA,MACT,gBAAgB,SAAS,CAAA,+BAAA,EAAkC,KAAK,QAAQ,CAAA,WAAA,EAAc,KAAK,SAAS,CAAA;AAAA,KACtG;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,IAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,MAAA,KAAA,MAAW,KAAA,IAAS,SAAA,CAAU,KAAA,CAAM,MAAA,EAAQ;AAC1C,QAAA,UAAA,CAAW,IAAA,CAAK,CAAA,qBAAA,EAAwB,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,YAAA,GAAoD;AAAA,IACxD,CAAC,gBAAA,EAAkB,OAAA,CAAQ,cAAc,CAAA;AAAA,IACzC,CAAC,eAAA,EAAiB,OAAA,CAAQ,aAAa,CAAA;AAAA,IACvC,CAAC,eAAA,EAAiB,OAAA,CAAQ,aAAa,CAAA;AAAA,IACvC,CAAC,yBAAA,EAA2B,OAAA,CAAQ,uBAAuB,CAAA;AAAA,IAC3D,CAAC,gBAAA,EAAkB,OAAA,CAAQ,cAAc,CAAA;AAAA,IACzC,CAAC,oBAAA,EAAsB,OAAA,CAAQ,kBAAkB,CAAA;AAAA,IACjD,CAAC,iBAAA,EAAmB,OAAA,CAAQ,eAAe;AAAA,GAC7C;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,KAAK,CAAA,IAAK,YAAA,EAAc;AACxC,IAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,mBAAmB,iBAAA,EAAmB;AAC9E,MAAA,UAAA,CAAW,IAAA;AAAA,QACT,GAAG,IAAI,CAAA,QAAA,EAAW,MAAM,MAAM,CAAA,2BAAA,EAA8B,mBAAmB,iBAAiB,CAAA;AAAA,OAClG;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,UAAA,CAAW,MAAA,KAAW,GAAG,UAAA,EAAW;AACtD;AAYA,eAAsB,4BACpB,OAAA,EACwB;AACxB,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,QAAA,GAAW,MAAM,iBAAA,CAAkB,OAAA,CAAQ,WAAW,CAAA;AAC5D,EAAA,IAAI,QAAA,KAAa,QAAQ,WAAA,EAAa;AACpC,IAAA,OAAO,CAAA,+BAAA,EAAkC,QAAQ,CAAA,MAAA,EAAS,OAAA,CAAQ,WAAW,CAAA,CAAA;AAAA,EAC/E;AACA,EAAA,OAAO,IAAA;AACT;ACxMA,SAAS,mBAAmB,CAAA,EAAoB;AAC9C,EAAA,MAAM,GAAA,GAAM,uBAAuB,CAAC,CAAA;AACpC,EAAA,IAAI,GAAA,KAAQ,MAAM,OAAO,KAAA;AAEzB,EAAA,OAAO,IAAI,GAAA,KAAQ,QAAA;AACrB;AAWA,IAAM,YAAA,GACJ,wHAAA;AAEF,SAAS,gBAAgB,CAAA,EAAoB;AAC3C,EAAA,OAAO,YAAA,CAAa,KAAK,CAAC,CAAA;AAC5B;AAWO,IAAM,qBAAA,GAAwB;AAAA;AAAA,EAEnC,oBAAA,EAAsB,0BAAA;AAAA;AAAA,EAEtB,oBAAA,EAAsB;AACxB;AAiBO,IAAM,gCAAA,GAAmCH,EAC7C,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,YAAA,EAAcA,EACX,MAAA,EAAO,CACP,IAAI,qBAAA,CAAsB,oBAAoB,CAAA,CAC9C,MAAA,CAAO,kBAAA,EAAoB;AAAA,IAC1B,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAKZ,YAAA,EAAcA,EACX,MAAA,EAAO,CACP,IAAI,qBAAA,CAAsB,oBAAoB,CAAA,CAC9C,MAAA,CAAO,eAAA,EAAiB;AAAA,IACvB,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAKZ,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAI,CAAE,MAAA,EAAO,CAAE,WAAA,EAAY,CAAE,GAAA,CAAI,MAAA,CAAO,gBAAgB,EAAE,QAAA;AACvF,CAAC,EACA,MAAA;AClGI,IAAM,gBAAA,GAAmB;AAAA;AAAA,EAE9B,qBAAA,EAAuB,GAAA;AAAA,EACvB,iBAAA,EAAmB,EAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAGpB,oBAAA,EAAsB,GAAA;AAAA,EACtB,iBAAA,EAAmB,EAAA;AAAA,EACnB,oBAAA,EAAsB,EAAA;AAAA,EACtB,kBAAA,EAAoB,GAAA;AAAA,EACpB,cAAA,EAAgB,GAAA;AAAA,EAChB,sBAAA,EAAwB,EAAA;AAAA;AAAA,EAGxB,iBAAA,EAAmB,IAAA;AAAA,EACnB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAGjB,oBAAA,EAAsB,IAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,IAAA;AAAA,EACxB,wBAAA,EAA0B,IAAA;AAAA;AAAA,EAG1B,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAGnB,gBAAA,EAAkB,EAAA;AAAA,EAClB,eAAA,EAAiB,EAAA;AAAA,EACjB,mBAAA,EAAqB,GAAA;AAAA,EACrB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,EAAA;AAAA;AAAA,EAGpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,sBAAA,EAAwB,EAAA;AAAA,EACxB,qBAAA,EAAuB,GAAA;AAAA,EACvB,qBAAA,EAAuB,GAAA;AAAA,EACvB,qBAAA,EAAuB,EAAA;AAAA;AAAA,EAGvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,gBAAA,EAAkB,GAAA;AAAA,EAClB,wBAAA,EAA0B,GAAA;AAAA;AAAA,EAG1B,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,0BAAA,EAA4B,GAAA;AAAA;AAAA,EAG5B,yBAAA,EAA2B,GAAA;AAAA,EAC3B,sBAAA,EAAwB,EAAA;AAAA,EACxB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,iBAAA,EAAmB,GAAA;AAAA,EACnB,uBAAA,EAAyB,GAAA;AAAA;AAAA,EAGzB,mBAAA,EAAqB,GAAA;AAAA,EACrB,kBAAA,EAAoB,GAAA;AAAA,EACpB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,oBAAA,EAAsB,EAAA;AAAA,EACtB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,EAAA;AAAA,EACpB,oBAAA,EAAsB,EAAA;AAAA;AAAA,EAGtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,wBAAA,EAA0B,IAAA;AAAA,EAC1B,4BAAA,EAA8B,GAAA;AAAA;AAAA,EAG9B,wBAAA,EAA0B,EAAA;AAAA,EAC1B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,qBAAA,EAAuB,GAAA;AAAA,EACvB,0BAAA,EAA4B,EAAA;AAAA;AAAA,EAG5B,iBAAA,EAAmB,IAAA;AAAA,EACnB,qBAAA,EAAuB,EAAA;AAAA;AAAA,EACvB,wBAAA,EAA0B,EAAA;AAAA,EAC1B,oBAAA,EAAsB,EAAA;AAAA,EACtB,uBAAA,EAAyB;AAC3B;;;AC7FA,IAAM,SAAA,GAAY,mCAAA;AAMlB,IAAM,eAAA,GAAkB,uBAAA;AAkBjB,SAAS,oBAAoB,GAAA,EAAsB;AACxD,EAAA,IAAI,IAAI,MAAA,KAAW,CAAA,IAAK,IAAI,MAAA,GAAS,gBAAA,CAAiB,uBAAuB,OAAO,KAAA;AAEpF,EAAA,MAAM,QAAA,GAAW,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAChC,EAAA,IAAI,QAAA,IAAY,GAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AACpC,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAEtC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,GAAG,OAAO,KAAA;AAClC,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,gBAAA,CAAiB,kBAAA,EAAoB,OAAO,KAAA;AAEhE,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACjC,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,CAAK,OAAO,GAAG,OAAO,KAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,MAAA,GAAS,gBAAA,CAAiB,mBAAmB,OAAO,KAAA;AACpF,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,KAAK,GAAG,OAAO,KAAA;AAAA,EACrC;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,CAAA,EAAmB;AACtD,EAAA,OAAO,EAAE,OAAA,CAAQ,IAAA,EAAM,IAAI,CAAA,CAAE,OAAA,CAAQ,OAAO,IAAI,CAAA;AAClD;AAUO,SAAS,gBAAA,CAAiB,UAAkB,OAAA,EAAyC;AAC1F,EAAA,MAAM,OAAA,GAAU,qBAAqB,QAAQ,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,CAAC,MAAM,oBAAA,CAAqB,MAAA,CAAO,CAAC,CAAC,CAAC,CAAA;AACnE,EAAA,OAAO,CAAA,YAAA,EAAe,OAAO,CAAA,CAAA,IAAM,QAAA,CAAS,MAAA,GAAS,IAAI,GAAA,GAAM,QAAA,CAAS,IAAA,CAAK,GAAG,CAAA,GAAI,EAAA,CAAA;AACtF;ACzEO,IAAM,sBAAA,GAAyB;AAGtC,IAAM,oBAAA,GAAuB,YAAA;AAEtB,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMzE,YAAA,EAAcA,CAAAA,CACX,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CACzC,KAAA;AAAA,IACC,oBAAA;AAAA,IACA;AAAA,GACF;AAAA;AAAA,EAEF,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA;AAAA;AAAA,EAElE,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,kBAAkB,EAAE,QAAA,EAAS;AAAA;AAAA,EAExE,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,cAAc,EAAE,QAAA,EAAS;AAAA;AAAA,EAEhE,GAAA,EAAKA,EAAE,IAAA,CAAK,CAAC,QAAQ,MAAM,CAAC,EAAE,QAAA,EAAS;AAAA;AAAA,EAEvC,KAAA,EAAOA,CAAAA,CACJ,IAAA,CAAK,CAAC,eAAA,EAAiB,SAAA,EAAW,YAAA,EAAc,QAAA,EAAU,MAAA,EAAQ,YAAY,CAAC,CAAA,CAC/E,QAAA;AACL,CAAC,EACA,MAAA;ACnCI,IAAM,oBAAA,GAAuB;AAE7B,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA;AAAA;AAAA,EAElE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,eAAe,CAAA;AAAA;AAAA,EAE9D,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAC;AAC9C,CAAC,EACA,MAAA;ACXI,IAAM,uBAAA,GAA0B;AAMhC,IAAM,eAAA,GAAkB;AAAA,EAC7B,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,cAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAUlD,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,GAAA,CAAI,GAAG,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA;AAAA;AAAA,EAEzC,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CAAE,GAAA,EAAI;AAAA;AAAA,EAEvE,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,qBAAqB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEvE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,sBAAsB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzE,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,wBAAwB,EAAE,QAAA;AACtE,CAAC,EACA,WAAA;AAEI,IAAM,wBAAA,GAA2BA,EACrC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgB,mBAAA;AAAA;AAAA,EAEhB,OAAA,EAAS,oBAAA;AAAA;AAAA,EAET,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEtE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,eAAe,EAAE,QAAA,EAAS;AAAA;AAAA,EAElE,YAAA,EAAcA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAClD,CAAC,EACA,MAAA;ACtDI,IAAM,sBAAA,GAAyB;AAE/B,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,iBAAiB,EAAE,QAAA;AAChE,CAAC,EACA,MAAA;ACNI,IAAM,yBAAA,GAA4B;AAGzC,IAAM,gBAAA,GAAmB,gBAAA;AAGzB,IAAM,eAAA,GAAkB,gBAAA;AAEjB,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,CAAAA,CACP,MAAA,EAAO,CACP,MAAA,CAAO,gBAAA,CAAiB,gBAAgB,CAAA,CACxC,KAAA,CAAM,gBAAA,EAAkB,8CAA8C,CAAA,CACtE,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAASA,CAAAA,CACN,MAAA,EAAO,CACP,MAAA,CAAO,gBAAA,CAAiB,eAAe,CAAA,CACvC,KAAA,CAAM,eAAA,EAAiB,6CAA6C,CAAA,CACpE,QAAA,EAAS;AAAA;AAAA,EAEZ,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAElF,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhF,YAAYA,CAAAA,CACT,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAC,CAAA,CAChE,IAAI,gBAAA,CAAiB,kBAAkB,EACvC,QAAA;AACL,CAAC,EACA,MAAA;ACLI,IAAM,kBAAA,GAAqBA,CAAAA,CAC/B,MAAA,EAAO,CACP,GAAA,CAAI,EAAE,CAAA,CACN,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,4DAA4D;AAUnF,IAAM,oBAAA,GAAuB,iBAAA;AAwBtB,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,EAAO,CACP,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,IAAI,CAAA,CACR,MAAA;AAAA,EACC,CAAC,KAAA,KAAU;AAET,IAAA,IAAI,oBAAA,CAAqB,IAAA,CAAK,KAAK,CAAA,EAAG,OAAO,KAAA;AAG7C,IAAA,IAAI,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,KAAA;AAEhC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AAGzB,MAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,EAAU,OAAO,KAAA;AAGtC,MAAA,IAAI,IAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAGvD,MAAA,IAAI,CAAC,GAAA,CAAI,QAAA,EAAU,OAAO,KAAA;AAE1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAuBF,IAAM,qBAAA,GAAwB,CAAC,GAAA,EAAK,GAAA,EAAK,KAAK,GAAG,CAAA;AAMjD,IAAM,qBAAA,GAAwB,CAAC,GAAA,EAAK,GAAA,EAAK,GAAG,CAAA;AAoBrC,SAAS,qBAAqB,KAAA,EAA0C;AAC7E,EAAA,IAAI,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,WAAW,CAAA,IAAK,KAAA,CAAM,SAAS,EAAA,EAAI;AACxE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,KAAM,KAAK,OAAO,IAAA;AAEpC,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,MAAM,MAAM,KAAA,CAAM,MAAA;AAGlB,EAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AAEvB,EAAA,MAAM,MAAA,GAA6B;AAAA,IACjC,KAAA,EAAO,CAAA;AAAA,IACP,MAAA,EAAQ,CAAA;AAAA,IACR,KAAA,EAAO,CAAA;AAAA,IACP,IAAA,EAAM,CAAA;AAAA,IACN,KAAA,EAAO,CAAA;AAAA,IACP,OAAA,EAAS,CAAA;AAAA,IACT,OAAA,EAAS;AAAA,GACX;AAEA,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,IAAI,eAAA,GAAkB,KAAA;AAGtB,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAY;AAGxC,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,IAAI,YAAA,GAAe,CAAA;AAEnB,EAAA,OAAO,MAAM,GAAA,EAAK;AAChB,IAAA,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,KAAM,GAAA,EAAK;AAC7B,MAAA,IAAI,YAAY,OAAO,IAAA;AACvB,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,GAAA,EAAA;AACA,MAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AACvB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,QAAA,GAAW,GAAA;AACjB,IAAA,OAAO,GAAA,GAAM,GAAA,IAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,IAAK,GAAA,IAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,IAAK,GAAA,EAAK;AACxE,MAAA,GAAA,EAAA;AAAA,IACF;AACA,IAAA,IAAI,GAAA,KAAQ,UAAU,OAAO,IAAA;AAE7B,IAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,QAAA,EAAU,GAAG,CAAA;AAKxC,IAAA,IAAI,MAAA,CAAO,MAAA,GAAS,EAAA,EAAI,OAAO,IAAA;AAC/B,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,MAAA,EAAQ,EAAE,CAAA;AAC/B,IAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,IAAK,GAAA,GAAM,GAAG,OAAO,IAAA;AAE7C,IAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AAEvB,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA;AACnC,IAAA,GAAA,EAAA;AAGA,IAAA,MAAM,aAAA,GAAA,CAAiB,UAAA,GAAa,GAAA,GAAM,EAAA,IAAM,UAAA;AAChD,IAAA,IAAI,eAAA,CAAgB,GAAA,CAAI,aAAa,CAAA,EAAG,OAAO,IAAA;AAC/C,IAAA,eAAA,CAAgB,IAAI,aAAa,CAAA;AAEjC,IAAA,IAAI,UAAA,EAAY;AAEd,MAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,OAAA,CAAQ,UAA6B,CAAA;AAC3E,MAAA,IAAI,OAAA,KAAY,IAAI,OAAO,IAAA;AAC3B,MAAA,IAAI,OAAA,GAAU,cAAc,OAAO,IAAA;AACnC,MAAA,YAAA,GAAe,OAAA,GAAU,CAAA;AAEzB,MAAA,QAAQ,UAAA;AAAY,QAClB,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,OAAA,GAAU,GAAA;AACjB,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,OAAA,GAAU,GAAA;AACjB,UAAA;AAAA;AACJ,IACF,CAAA,MAAO;AAEL,MAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,OAAA,CAAQ,UAAmC,CAAA;AACjF,MAAA,IAAI,OAAA,KAAY,IAAI,OAAO,IAAA;AAC3B,MAAA,IAAI,OAAA,GAAU,cAAc,OAAO,IAAA;AACnC,MAAA,YAAA,GAAe,OAAA,GAAU,CAAA;AAEzB,MAAA,QAAQ,UAAA;AAAY,QAClB,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,MAAA,GAAS,GAAA;AAChB,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,IAAA,GAAO,GAAA;AACd,UAAA;AAAA;AACJ,IACF;AAEA,IAAA,eAAA,GAAkB,IAAA;AAAA,EACpB;AAEA,EAAA,IAAI,CAAC,iBAAiB,OAAO,IAAA;AAG7B,EAAA,IAAI,MAAA,CAAO,KAAA,GAAQ,CAAA,KAAM,MAAA,CAAO,KAAA,GAAQ,CAAA,IAAK,MAAA,CAAO,MAAA,GAAS,CAAA,IAAK,MAAA,CAAO,IAAA,GAAO,CAAA,CAAA,EAAI;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAiBO,IAAM,wBAAwBA,CAAAA,CAClC,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,EAAE,CAAA,CACN,OAAO,CAAC,KAAA,KAAU,oBAAA,CAAqB,KAAK,MAAM,IAAA,EAAM;AAAA,EACvD,OAAA,EAAS;AACX,CAAC;AAiBI,IAAM,uBAAA,GAA0BA,EACpC,MAAA,EAAO,CACP,OAAO,EAAE,CAAA,CACT,MAAM,mDAAA,EAAqD;AAAA,EAC1D,OAAA,EAAS;AACX,CAAC;AAKI,IAAM,iBAAA,GAAoB;AAmB1B,IAAM,8BAA8BA,CAAAA,CAAE,GAAA,CAAI,SAAS,EAAE,MAAA,EAAQ,MAAM;AAW1E,IAAM,uBAAA,GAA0B,oBAAA;AAkBzB,IAAM,qBAAA,GAAwBA,CAAAA,CAAE,GAAA,CACpC,QAAA,CAAS,EAAE,MAAA,EAAQ,IAAA,EAAM,CAAA,CACzB,OAAO,CAAC,KAAA,KAAkB,uBAAA,CAAwB,IAAA,CAAK,KAAK,CAAA,EAAG;AAAA,EAC9D,OAAA,EAAS;AACX,CAAC;AAQI,IAAM,sBAAA,GAAyB;AA0BtC,SAAS,4BAA4B,IAAA,EAAuB;AAC1D,EAAA,IAAI,OAAO,SAAS,QAAA,IAAY,IAAA,CAAK,WAAW,CAAA,IAAK,IAAA,CAAK,SAAS,GAAA,EAAK;AACtE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,IAAI,OAAA,GAAU,EAAA;AAEd,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AACpC,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,MAAA,CAAO,CAAC,CAAA;AACxB,IAAA,IAAI,EAAA,KAAO,GAAA,IAAO,EAAA,KAAO,GAAA,EAAK;AAC5B,MAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,QAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AACnB,QAAA,OAAA,GAAU,EAAA;AAAA,MACZ;AACA,MAAA,MAAA,CAAO,KAAK,EAAE,CAAA;AAAA,IAChB,CAAA,MAAA,IAAW,EAAA,KAAO,GAAA,IAAO,EAAA,KAAO,GAAA,EAAM;AACpC,MAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,QAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AACnB,QAAA,OAAA,GAAU,EAAA;AAAA,MACZ;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,EAAA;AAAA,IACb;AAAA,EACF;AACA,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,IAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AAAA,EACrB;AAEA,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAGhC,EAAA,IAAI,GAAA,GAAM,CAAA;AAEV,EAAA,SAAS,IAAA,GAA2B;AAClC,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB;AAEA,EAAA,SAAS,OAAA,GAAkB;AACzB,IAAA,OAAO,OAAO,GAAA,EAAK,CAAA;AAAA,EACrB;AAIA,EAAA,SAAS,YAAY,KAAA,EAAwB;AAC3C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,GAAG,IAAI,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,KAAA;AACxD,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE9B,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,EAAG;AAClC,MAAA,MAAM,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,EAAE,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,MAAA,GAAS,CAAA,IAAK,8BAAA,CAA+B,KAAK,GAAG,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,8BAAA,CAA+B,KAAK,IAAI,CAAA;AAAA,EACjD;AAEA,EAAA,SAAS,cAAc,KAAA,EAAwB;AAC7C,IAAA,OAAO,8BAAA,CAA+B,KAAK,KAAK,CAAA;AAAA,EAClD;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,IAAA,OAAO,GAAA,GAAM,OAAO,MAAA,EAAQ;AAC1B,MAAA,MAAM,KAAK,IAAA,EAAK;AAChB,MAAA,IAAI,EAAA,KAAO,KAAA,IAAS,EAAA,KAAO,IAAA,EAAM;AAC/B,QAAA,OAAA,EAAQ;AACR,QAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AAAA,MAC3B,CAAA,MAAO;AACL,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,IAAA,IAAI,IAAA,OAAW,MAAA,EAAQ;AACrB,MAAA,OAAA,EAAQ;AACR,MAAA,MAAM,YAAY,IAAA,EAAK;AACvB,MAAA,IAAI,cAAc,MAAA,IAAa,CAAC,aAAA,CAAc,SAAS,GAAG,OAAO,KAAA;AACjE,MAAA,OAAA,EAAQ;AAAA,IACV;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,MAAM,QAAQ,IAAA,EAAK;AACnB,IAAA,IAAI,KAAA,KAAU,QAAW,OAAO,KAAA;AAEhC,IAAA,IAAI,UAAU,GAAA,EAAK;AACjB,MAAA,OAAA,EAAQ;AACR,MAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,MAAA,IAAI,IAAA,EAAK,KAAM,GAAA,EAAK,OAAO,KAAA;AAC3B,MAAA,OAAA,EAAQ;AACR,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,UAAU,GAAA,IAAO,KAAA,KAAU,SAAS,KAAA,KAAU,IAAA,IAAQ,UAAU,MAAA,EAAQ;AAC1E,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAC,WAAA,CAAY,KAAK,CAAA,EAAG,OAAO,KAAA;AAChC,IAAA,OAAA,EAAQ;AACR,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,OAAO,MAAA,IAAU,QAAQ,MAAA,CAAO,MAAA;AAClC;AAWO,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,MAAA,CAAO,2BAAA,EAA6B;AAAA,EACjG,OAAA,EACE;AACJ,CAAC;;;ACtgBM,IAAM,qBAAA,GAAwB;AAQ9B,IAAM,gBAAA,GAAmB,CAAC,SAAA,EAAW,WAAA,EAAa,UAAU,SAAS;AACrE,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAGnD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA;AAAA;AAAA,EAG3E,cAAA,EAAgB,mBAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhB,iBAAiBA,CAAAA,CACd,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAC,CAAA,CACnE,IAAI,gBAAA,CAAiB,sBAAsB,EAC3C,QAAA,EAAS;AAAA;AAAA,EAGZ,gBAAA,EAAkB,sBAAsB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjD,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOxF,cAAA,EAAgB,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAG5C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9E,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA;AAC9E,CAAC,EACA,MAAA;AC1DI,IAAM,qBAAA,GAAwB;AAQ9B,IAAM,eAAA,GAAkB,CAAC,YAAA,EAAc,YAAA,EAAc,cAAc;AACnE,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAQlD,IAAM,gBAAA,GAAmB,CAAC,UAAA,EAAY,WAAA,EAAa,eAAe,QAAQ;AAC1E,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAGpD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,mBAAA,EAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,2BAA2B,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvF,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5F,gBAAA,EAAkB,sBAAsB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjD,cAAA,EAAgB,oBAAoB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7C,eAAA,EAAiB,qBAAqB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO/C,oBAAA,EAAsBA,CAAAA,CACnB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,4BAA4B,CAAA,CACjD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,qBAAA,EAAuBA,CAAAA,CACpB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,4BAA4B,CAAA,CACjD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,kBAAA,EAAoBA,CAAAA,CACjB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,0BAA0B,CAAA,CAC/C,QAAA;AACL,CAAC,EACA,MAAA;ACvFI,IAAM,oBAAA,GAAuB;AAQ7B,IAAM,eAAA,GAAkB,CAAC,UAAA,EAAY,SAAA,EAAW,WAAW,gBAAgB;AAC3E,IAAM,kBAAA,GAAqBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AASjD,IAAM,WAAA,GAAc,CAAC,cAAA,EAAgB,MAAA,EAAQ,WAAW,SAAS;AACjE,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,WAAW;AAG1C,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,aAAA,EAAe,kBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOf,UAAA,EAAY,gBAAgB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOrC,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,yBAAyB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9F,iBAAiBA,CAAAA,CACd,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAC,CAAA,CACpE,IAAI,gBAAA,CAAiB,sBAAsB,EAC3C,QAAA,EAAS;AAAA;AAAA,EAGZ,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGpF,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO9E,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,uBAAuB,CAAA,CAAE,QAAA;AAC5E,CAAC,EACA,MAAA;AC1DI,IAAM,wBAAA,GAA2B;AAQjC,IAAM,mBAAA,GAAsB;AAAA,EACjC,WAAA;AAAA,EACA,eAAA;AAAA,EACA,SAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF;AACO,IAAM,sBAAA,GAAyBA,CAAAA,CAAE,IAAA,CAAK,mBAAmB;AAGzD,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGpE,iBAAA,EAAmB,sBAAA;AAAA;AAAA,EAGnB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG9E,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,gBAAgB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG3E,UAAA,EAAY,wBAAwB,QAAA,EAAS;AAAA;AAAA,EAG7C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGjF,eAAA,EAAiB,sBAAsB,QAAA,EAAS;AAAA;AAAA,EAGhD,YAAA,EAAc,mBAAmB,QAAA;AACnC,CAAC,EACA,MAAA;ACrDI,IAAM,wBAAA,GAA2B;AAYjC,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGpE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAA;AAAA;AAAA,EAGrE,SAAA,EAAW;AACb,CAAC,EACA,MAAA;AAUI,IAAM,eAAA,GAAkBA,EAC5B,MAAA,CAAO;AAAA;AAAA,EAEN,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGhE,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA;AAAA;AAAA,EAGpC,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB;AACtE,CAAC,EACA,MAAA;AAQI,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA;AAAA;AAAA,EAGvE,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhF,UAAA,EAAY,mBAAmB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,oBAAA,EAAsB,mBAAmB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOlD,mBAAA,EAAqBA,CAAAA,CAClB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,2BAA2B,CAAA,CAChD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,aAAA,EAAeA,EACZ,KAAA,CAAM,kBAAkB,EACxB,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CACzC,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,IAAA,EAAM,gBAAgB,QAAA;AACxB,CAAC,EACA,MAAA;ACvGI,IAAM,yBAAA,GAA4B;AAQlC,IAAM,sBAAA,GAAyB;AAAA,EACpC,aAAA;AAAA,EACA,uBAAA;AAAA,EACA,sBAAA;AAAA,EACA,YAAA;AAAA,EACA;AACF;AACO,IAAM,yBAAA,GAA4BA,CAAAA,CAAE,IAAA,CAAK,sBAAsB;AAG/D,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA;AAAA;AAAA,EAGvE,YAAA,EAAc,qBAAqB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5C,eAAA,EAAiBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,uBAAuB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG1F,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG5F,qBAAA,EAAuB,0BAA0B,QAAA,EAAS;AAAA;AAAA,EAG1D,cAAA,EAAgB,mBAAmB,QAAA;AACrC,CAAC,EACA,MAAA;ACzCI,IAAM,qBAAA,GAAwB;AASrC,IAAM,6BAAA,GAAgCA,CAAAA,CACnC,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAC7C,KAAA,CAAM,qBAAqB,wCAAwC,CAAA;AAKtE,SAAS,eAAe,KAAA,EAA0B;AAChD,EAAA,OAAO,IAAI,GAAA,CAAI,KAAK,CAAA,CAAE,SAAS,KAAA,CAAM,MAAA;AACvC;AAEO,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQN,mBAAmBA,CAAAA,CAChB,KAAA,CAAM,6BAA6B,CAAA,CACnC,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAC7C,MAAA,CAAO,gBAAgB,EAAE,OAAA,EAAS,+CAA+C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMpF,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGtF,kBAAA,EAAoBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,iBAAA,EAAmBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOxC,qBAAqBA,CAAAA,CAClB,KAAA,CAAM,6BAA6B,CAAA,CACnC,IAAI,gBAAA,CAAiB,0BAA0B,CAAA,CAC/C,MAAA,CAAO,gBAAgB,EAAE,OAAA,EAAS,+CAAA,EAAiD,EACnF,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,oBAAA,EAAsBA,CAAAA,CACnB,MAAA,EAAO,CACP,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,wBAAwB,CAAA,CAC5B,KAAA,CAAM,mBAAA,EAAqB,oCAAoC,EAC/D,QAAA;AACL,CAAC,EACA,MAAA;;;AC3CH,SAAS,YAAA,CACP,UAAA,EACA,GAAA,EACA,MAAA,EACe;AACf,EAAA,IAAI,UAAA,KAAe,QAAW,OAAO,MAAA;AACrC,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,cAAA,CAAe,KAAK,UAAA,EAAY,GAAG,GAAG,OAAO,MAAA;AAEnE,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAC5B,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAErC,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,MAAM,UAAU,gBAAA,CAAiB,GAAA,EAAK,UAAA,EAAY,IAAA,IAAQ,EAAE,CAAA;AAE5D,EAAA,MAAM,eAAA,CAAgB,WAAA,CAAY,kBAAA,EAAoB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IAClF,WAAA,EAAa,GAAA;AAAA,IACb,OAAA;AAAA,IACA,WAAA,EAAa,WAAW,GAAG,CAAA,sBAAA,CAAA;AAAA,IAC3B,OAAA,EAAS;AAAA,MACP,OAAA,EAAS,YAAY,OAAA,IAAW,yBAAA;AAAA,MAChC,MAAA,EAAQ,OAAO,KAAA,CAAM;AAAA;AACvB,GACD,CAAA;AACH;AAOO,SAAS,qBACd,UAAA,EAC+B;AAC/B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,sBAAA,EAAwB,uBAAuB,CAAA;AACjF;AAGO,SAAS,mBACd,UAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,oBAAA,EAAsB,qBAAqB,CAAA;AAC7E;AAGO,SAAS,sBACd,UAAA,EACgC;AAChC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,uBAAA,EAAyB,wBAAwB,CAAA;AACnF;AAGO,SAAS,qBACd,UAAA,EAC+B;AAC/B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,sBAAA,EAAwB,uBAAuB,CAAA;AACjF;AAGO,SAAS,wBACd,UAAA,EACkC;AAClC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,yBAAA,EAA2B,0BAA0B,CAAA;AACvF;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;AAGO,SAAS,mBACd,UAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,oBAAA,EAAsB,qBAAqB,CAAA;AAC7E;AAGO,SAAS,uBACd,UAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,wBAAA,EAA0B,yBAAyB,CAAA;AACrF;AAGO,SAAS,uBACd,UAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,wBAAA,EAA0B,yBAAyB,CAAA;AACrF;AAGO,SAAS,wBACd,UAAA,EACkC;AAClC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,yBAAA,EAA2B,0BAA0B,CAAA;AACvF;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;;;ACzIO,IAAM,oBAAA,uBAA2B,GAAA,EAA0B;AAClE,oBAAA,CAAqB,GAAA,CAAI,wBAAwB,uBAAuB,CAAA;AACxE,oBAAA,CAAqB,GAAA,CAAI,sBAAsB,qBAAqB,CAAA;AACpE,oBAAA,CAAqB,GAAA,CAAI,yBAAyB,wBAAwB,CAAA;AAC1E,oBAAA,CAAqB,GAAA,CAAI,wBAAwB,uBAAuB,CAAA;AACxE,oBAAA,CAAqB,GAAA,CAAI,2BAA2B,0BAA0B,CAAA;AAC9E,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;AACtE,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;AACtE,oBAAA,CAAqB,GAAA,CAAI,sBAAsB,qBAAqB,CAAA;AACpE,oBAAA,CAAqB,GAAA,CAAI,0BAA0B,yBAAyB,CAAA;AAC5E,oBAAA,CAAqB,GAAA,CAAI,0BAA0B,yBAAyB,CAAA;AAC5E,oBAAA,CAAqB,GAAA,CAAI,2BAA2B,0BAA0B,CAAA;AAC9E,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;;;ACKtE,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AASpC,SAAS,mBAAmB,KAAA,EAAwB;AAClD,EAAA,IAAI;AACF,IAAA,OAAO,YAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA,CAAE,UAAA;AAAA,EACnD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,QAAA;AAAA,EACT;AACF;AAWA,IAAM,oBAAA,GAAuB,EAAA;AA2B7B,SAAS,yBAAA,CAA0B,KAAA,EAAgB,KAAA,EAAe,IAAA,EAAgC;AAEhG,EAAA,IAAI,KAAA,GAAQ,sBAAsB,OAAO,KAAA;AAGzC,EAAA,IAAI,KAAA,KAAU,MAAM,OAAO,IAAA;AAC3B,EAAA,MAAM,IAAI,OAAO,KAAA;AACjB,EAAA,IAAI,CAAA,KAAM,QAAA,IAAY,CAAA,KAAM,SAAA,EAAW,OAAO,IAAA;AAC9C,EAAA,IAAI,CAAA,KAAM,QAAA,EAAU,OAAO,MAAA,CAAO,SAAS,KAAe,CAAA;AAC1D,EAAA,IAAI,CAAA,KAAM,cAAc,CAAA,KAAM,QAAA,IAAY,MAAM,QAAA,IAAY,CAAA,KAAM,aAAa,OAAO,KAAA;AAGtF,EAAA,IAAI,CAAA,KAAM,UAAU,OAAO,KAAA;AAC3B,EAAA,MAAM,GAAA,GAAM,KAAA;AASZ,EAAA,IAAI,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,EAAG,OAAO,KAAA;AAC1B,EAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AAGZ,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,MAAA,IAAI,CAAC,0BAA0B,GAAA,CAAI,CAAC,GAAG,KAAA,GAAQ,CAAA,EAAG,IAAI,CAAA,EAAG,OAAO,KAAA;AAAA,IAClE;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AACvC,EAAA,IAAI,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,MAAM,OAAO,KAAA;AACzD,EAAA,IAAI,OAAQ,GAAA,CAAgC,MAAA,KAAW,UAAA,EAAY,OAAO,KAAA;AAG1E,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC5B,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,CAAC,0BAA2B,GAAA,CAAgC,GAAG,GAAG,KAAA,GAAQ,CAAA,EAAG,IAAI,CAAA,EAAG;AACtF,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAWA,SAAS,iBAAiB,KAAA,EAAyB;AACjD,EAAA,OAAO,yBAAA,CAA0B,KAAA,EAAO,CAAA,kBAAG,IAAI,SAAS,CAAA;AAC1D;AAkBO,SAAS,uBAAA,CACd,YACA,GAAA,EACM;AACN,EAAA,IAAI,eAAe,MAAA,EAAW;AAE9B,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAEnC,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AAEtB,IAAA,IAAI,CAAC,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC7B,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAAS,WAAA,CAAY,uBAAA;AAAA,QACrB,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,gBAAA,CAAiB,UAAA,CAAW,GAAG,CAAC,CAAA,EAAG;AACtC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAASI,aAAA,CAAmB,0BAAA;AAAA,QAC5B,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,GAAA,CAAI,GAAG,CAAA;AAC3C,IAAA,IAAI,WAAW,MAAA,EAAW;AACxB,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,UAAA,CAAW,GAAG,CAAC,CAAA;AAC/C,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,QAAA,MAAM,SAAA,GAA2B,UAAA,EAAY,IAAA,IAAQ,EAAC;AACtD,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAM,QAAA;AAAA,UACN,OAAA,EAAS,YAAY,OAAA,IAAW,yBAAA;AAAA,UAChC,IAAA,EAAM,CAAC,YAAA,EAAc,GAAA,EAAK,GAAG,SAAS;AAAA,SACvC,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,mBAAmB,UAAU,CAAA;AAChD,EAAA,IAAI,UAAA,GAAaC,iBAAiB,aAAA,EAAe;AAC/C,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,SAASD,aAAA,CAAmB,yBAAA;AAAA,MAC5B,IAAA,EAAM,CAAC,YAAY;AAAA,KACpB,CAAA;AACD,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,UAAA,GAAa,kBAAA,CAAmB,UAAA,CAAW,GAAG,CAAC,CAAA;AACrD,IAAA,IAAI,UAAA,GAAaC,iBAAiB,aAAA,EAAe;AAC/C,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAASD,aAAA,CAAmB,yBAAA;AAAA,QAC5B,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AAAA,IACH;AAAA,EACF;AACF;;;AC3MA,SAAS,kBAAkB,GAAA,EAAiC;AAC1D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,IAAI,IAAI,CAAC,CAAA,IAAK,IAAI,CAAA,GAAI,CAAC,GAAG,OAAO,KAAA;AAAA,EACnC;AACA,EAAA,OAAO,IAAA;AACT;AAqBO,SAAS,eAAe,GAAA,EAAsB;AACnD,EAAA,IAAI,OAAO,QAAQ,QAAA,IAAY,GAAA,CAAI,WAAW,CAAA,IAAK,GAAA,CAAI,MAAA,GAAS,aAAA,CAAc,SAAA,EAAW;AACvF,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAI1B,IAAA,OAAO,yBAAA,CAA0B,KAAK,GAAG,CAAA;AAAA,EAC3C;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAG,CAAA;AAGvB,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,EAAU,OAAO,KAAA;AAGtC,IAAA,IAAI,CAAC,GAAA,CAAI,QAAA,EAAU,OAAO,KAAA;AAG1B,IAAA,IAAI,IAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAMvD,IAAA,MAAM,SAAS,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK,IAAI,IAAI,CAAA,CAAA;AAC3C,IAAA,OAAO,GAAA,KAAQ,MAAA;AAAA,EACjB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAOA,IAAM,eAAA,GAAkB,yBAAA;AAajB,SAAS,mBAAmB,KAAA,EAAwB;AACzD,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,MAAA,GAAS,YAAA,CAAa,WAAW,OAAO,KAAA;AAGxE,EAAA,IAAI,eAAA,CAAgB,IAAA,CAAK,KAAK,CAAA,EAAG,OAAO,IAAA;AAGxC,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,QAAA,IAAY,GAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAGxC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,GAAG,OAAO,KAAA;AAGlC,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAGjC,EAAA,IAAI,CAAC,6BAAA,CAA8B,IAAA,CAAK,MAAM,GAAG,OAAO,KAAA;AAKxD,EAAA,IAAI,CAAC,8BAAA,CAA+B,IAAA,CAAK,OAAO,GAAG,OAAO,KAAA;AAE1D,EAAA,OAAO,IAAA;AACT;AAOA,IAAM,gBAAA,GAA8C;AAAA,EAClD,QAAA;AAAA,EACA,aAAA;AAAA,EACA,UAAA;AAAA,EACA,YAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EACA,YAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA;AAEO,IAAM,uBAAuBJ,CAAAA,CAAE,IAAA;AAAA,EACpC;AACF;AAMO,IAAM,aAAA,GAAgBA,CAAAA,CAC1B,KAAA,CAAM,oBAAoB,CAAA,CAC1B,GAAA,CAAI,CAAC,CAAA,CACL,WAAA,CAAY,CAAC,GAAA,EAAK,GAAA,KAAQ;AACzB,EAAA,IAAI,CAAC,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAC3B,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AACF,CAAC;AAMI,IAAM,mBAAmBA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,WAAW,CAAC;AAMzD,IAAM,iBAAA,GAAoBA,EAAE,MAAA,EAAO,CAAE,IAAI,YAAA,CAAa,SAAS,CAAA,CAAE,MAAA,CAAO,kBAAA,EAAoB;AAAA,EACjG,OAAA,EAAS;AACX,CAAC;AAMM,IAAM,kBAAA,GAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,aAAA,CAAc,SAAS,CAAA,CAAE,MAAA,CAAO,cAAA,EAAgB;AAAA,EAC/F,OAAA,EAAS;AACX,CAAC;AAMM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA;AAAA,EAExC,QAAQA,CAAAA,CAAE,MAAA,GAAS,KAAA,CAAMM,IAAAA,CAAK,SAAS,0CAA0C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjF,KAAKN,CAAAA,CACF,MAAA,GACA,GAAA,CAAI,YAAA,CAAa,YAAY,CAAA,CAC7B,GAAA,GACA,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,UAAA,CAAW,UAAU,CAAA,EAAG,oCAAoC,EAC5E,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,YAAA,CAAa,gBAAgB,EAAE,QAAA;AACzD,CAAC;AAQM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAcA,CAAAA,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAE7B,IAAA,EAAM,gBAAA;AAAA;AAAA,EAEN,IAAA,EAAM,iBAAA;AAAA;AAAA,EAEN,GAAA,EAAK,kBAAA;AAAA;AAAA,EAEL,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI;AAAA;AAAA,EAEpB,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,KAAKA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAEnC,OAAA,EAAS,cAAc,QAAA,EAAS;AAAA;AAAA,EAEhC,KAAA,EAAO,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAEnC,MAAA,EAAQ,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAEnC,cAAA,EAAgB,iCAAiC,QAAA,EAAS;AAAA;AAAA,EAE1D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,CAAS,EAAE,MAAA,EAAQ,IAAA,EAAM,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5D,kBAAkBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAE/C,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAChD,CAAC,CAAA,CACA,WAAA,CAAY,CAAC,IAAA,EAAM,GAAA,KAAQ;AAE1B,EAAA,IAAI,IAAA,CAAK,IAAA,KAAS,WAAA,IAAe,IAAA,CAAK,gBAAgB,MAAA,EAAW;AAC/D,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,uBAAA,CAAwB,IAAA,CAAK,YAAY,GAAG,CAAA;AAC9C,CAAC,EACA,MAAA;AAwBI,SAAS,mBAAA,CACd,UAAA,EACA,GAAA,EACA,GAAA,EACA,YAAoB,6BAAA,EACyB;AAC7C,EAAA,IAAI,UAAA,KAAe,QAAW,OAAO,IAAA;AAErC,EAAA,MAAM,EAAA,GAAK,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA,GAAI,GAAA;AACpC,EAAA,IAAI,KAAA,CAAM,EAAE,CAAA,EAAG,OAAO,IAAA;AAEtB,EAAA,IAAI,EAAA,GAAK,GAAA,GAAM,SAAA,EAAW,OAAO,cAAA;AAEjC,EAAA,IAAI,KAAK,GAAA,EAAK;AACZ,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,kBAAA;AAAA,MACN,OAAA,EAAS,0BAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;;;AC7OO,SAAS,kBAAkB,GAAA,EAAoC;AACpE,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,IAAa,OAAO,QAAQ,QAAA,IAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtF,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,MAAA,GAAS,GAAA;AACf,EAAA,IAAI,MAAA,CAAO,YAAA,KAAiB,KAAA,EAAO,OAAO,KAAA;AAC1C,EAAA,IAAI,cAAA,IAAkB,QAAQ,OAAO,IAAA;AACrC,EAAA,OAAO,KAAA;AACT;AAYA,SAAS,sBAAsB,GAAA,EAA0D;AACvF,EAAA,IAAI,KAAA,IAAS,GAAA,IAAO,KAAA,IAAS,GAAA,IAAO,aAAa,GAAA,EAAK;AACpD,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,OAAO,aAAA;AACT;AAqBO,SAAS,kBAAA,CAAmB,OAAgB,IAAA,EAAgD;AAEjG,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,IAAa,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9F,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,uBAAA;AAAA,QACN,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,MAAM,WAAA,GACJ,IAAA,EAAM,WAAA,KAAgB,KAAA,IAAS,IAAA,EAAM,gBAAgB,KAAA,GACjD,IAAA,CAAK,WAAA,GACL,iBAAA,CAAkB,GAAG,CAAA;AAE3B,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,4BAAA;AAAA,QACN,SAAS,CAAA,0CAAA,EAA6C,IAAA,CAAK,UAAU,GAAA,CAAI,cAAc,CAAC,CAAC,CAAA;AAAA;AAC3F,KACF;AAAA,EACF;AAKA,EAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,IAAA,MAAMO,OAAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,GAAG,CAAA;AAC/C,IAAA,IAAI,CAACA,QAAO,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO;AAAA,UACL,IAAA,EAAM,kBAAA;AAAA,UACN,OAAA,EAAS,CAAA,oCAAA,EAAuCA,OAAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,UACpG,MAAA,EAAQA,QAAO,KAAA,CAAM;AAAA;AACvB,OACF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,OAAA,EAAS,SAAA;AAAA,MACT,WAAA,EAAa,KAAA;AAAA,MACb,UAAU,EAAC;AAAA,MACX,QAAQA,OAAAA,CAAO;AAAA,KACjB;AAAA,EACF;AAKA,EAAA,MAAM,OAAA,GAAU,sBAAsB,GAAG,CAAA;AAEzC,EAAA,IAAI,YAAY,UAAA,EAAY;AAC1B,IAAA,MAAMA,OAAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,GAAG,CAAA;AAChD,IAAA,IAAI,CAACA,QAAO,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO;AAAA,UACL,IAAA,EAAM,0BAAA;AAAA,UACN,OAAA,EAAS,CAAA,oCAAA,EAAuCA,OAAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,UACpG,MAAA,EAAQA,QAAO,KAAA,CAAM;AAAA;AACvB,OACF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,OAAA,EAAS,UAAA;AAAA,MACT,WAAA,EAAa,KAAA;AAAA,MACb,UAAU,EAAC;AAAA,MACX,QAAQA,OAAAA,CAAO;AAAA,KACjB;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,GAAG,CAAA;AAC3D,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,6BAAA;AAAA,QACN,OAAA,EAAS,CAAA,uCAAA,EAA0C,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,QACvG,MAAA,EAAQ,OAAO,KAAA,CAAM;AAAA;AACvB,KACF;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,OAAA,EAAS,aAAA;AAAA,IACT,WAAA,EAAa,KAAA;AAAA,IACb,UAAU,EAAC;AAAA,IACX,QAAQ,MAAA,CAAO;AAAA,GACjB;AACF;;;ACrNO,IAAM,yBAAA,GAA4B;AAGlC,IAAM,yBAAA,GAA4B;AAGlC,IAAM,wBAAA,GAA2B;AAGjC,IAAM,mBAAA,GAAsB;AAG5B,IAAM,+BAAA,GAAkC;AAGxC,IAAM,gCAAA,GAAmC;AAazC,SAAS,aAAa,QAAA,EAAwD;AACnF,EAAA,OAAO,CAAC,GAAG,QAAQ,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAClC,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,KAAY,MAAA;AAC9B,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,KAAY,MAAA;AAG9B,IAAA,IAAI,CAAC,OAAA,IAAW,OAAA,EAAS,OAAO,EAAA;AAChC,IAAA,IAAI,OAAA,IAAW,CAAC,OAAA,EAAS,OAAO,CAAA;AAGhC,IAAA,IAAI,WAAW,OAAA,EAAS;AACtB,MAAA,MAAM,GAAA,GAAO,CAAA,CAAE,OAAA,CAAmB,aAAA,CAAc,EAAE,OAAiB,CAAA;AACnE,MAAA,IAAI,GAAA,KAAQ,GAAG,OAAO,GAAA;AAAA,IACxB;AAGA,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI,CAAA;AAAA,EACpC,CAAC,CAAA;AACH;AC7CO,IAAM,2BAAgD,IAAI,GAAA;AAAA,EAC/D,aAAA,CAAc,GAAA,CAAI,CAAC,KAAA,KAAU,MAAM,EAAE;AACvC;AAcO,IAAM,kCAAuD,IAAI,GAAA;AAAA,EACtE,gBAAA,CAAiB,GAAA,CAAI,CAAC,KAAA,KAAU,MAAM,EAAE;AAC1C;;;ACfO,SAAS,mBAAA,CACd,eACA,WAAA,EACuB;AACvB,EAAA,OAAO,aAAA,KAAkB,cAAc,UAAA,GAAa,QAAA;AACtD;ACbO,IAAM,kBAAA,GAAqB;AAAA,EAChC,gBAAA;AAAA,EACA,YAAA;AAAA,EACA,wBAAA;AAAA,EACA;AACF;AAOO,IAAM,qBAAA,GAAwBP,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,kBAAkB,EAAE,QAAA;AACrC,CAAC,EACA,MAAA;AASI,IAAM,yBAAyBA,CAAAA,CAAE,KAAA,CAAM,qBAAqB,CAAA,CAAE,IAAI,GAAG;AAMrE,SAAS,oBACd,IAAA,EAC6E;AAC7E,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,IAAI,CAAA;AACpD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA,EAAE;AAClF;AAMO,SAAS,cAAA,CACd,aACA,GAAA,EAC8B;AAC9B,EAAA,OAAO,YAAY,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,GAAA,KAAQ,GAAG,CAAA,IAAK,IAAA;AAC3D","file":"index.mjs","sourcesContent":["/**\n * PEAC Structured Error Model\n *\n * Standardized error responses for protocol failures.\n * See docs/specs/ERRORS.md for complete error registry.\n */\n\n// Import the generated categories from kernel (single source of truth: specs/kernel/errors.json)\n// Namespace import avoids tsup tree-shaking false positive in multi-entry builds\n// where ERROR_CATEGORIES appears unused in entry points that don't reference it.\nimport * as kernel from '@peac/kernel';\nimport type { ErrorCategory } from '@peac/kernel';\nexport type { ErrorCategory };\n\n/**\n * @deprecated Use ERROR_CATEGORIES from @peac/kernel instead.\n * Re-exported for backwards compatibility.\n */\nexport const ERROR_CATEGORIES_CANONICAL = kernel.ERROR_CATEGORIES;\n\n/**\n * Error severity\n */\nexport type ErrorSeverity = 'error' | 'warning';\n\n/**\n * Structured PEAC error\n *\n * Provides machine-readable error information with:\n * - Stable error codes\n * - Category classification\n * - Retryability hints\n * - Remediation guidance\n */\nexport interface PEACError {\n /**\n * Error code\n *\n * Stable identifier for this error type.\n * See docs/specs/ERRORS.md for registry.\n *\n * Examples:\n * - \"E_CONTROL_REQUIRED\"\n * - \"E_INVALID_SIGNATURE\"\n * - \"E_SSRF_BLOCKED\"\n * - \"E_DPOP_REPLAY\"\n */\n code: string;\n\n /**\n * Error category\n *\n * Broad classification for programmatic handling.\n */\n category: ErrorCategory;\n\n /**\n * Error severity\n *\n * - \"error\": Operation failed, cannot proceed\n * - \"warning\": Operation succeeded but with caveats\n */\n severity: ErrorSeverity;\n\n /**\n * Whether the operation is retryable\n *\n * - true: Client should retry (network, rate limit, transient)\n * - false: Client should not retry (validation, security, permanent)\n */\n retryable: boolean;\n\n /**\n * Suggested HTTP status code\n *\n * Maps error to appropriate HTTP response code.\n * Examples:\n * - 400: Validation errors\n * - 401: Verification failures (signature, attestation temporal)\n * - 403: Control denials (authorization)\n * - 502: Infrastructure failures (JWKS fetch, etc.)\n */\n http_status?: number;\n\n /**\n * JSON Pointer (RFC 6901) to problematic field\n *\n * Identifies the specific field that caused the error.\n * Examples:\n * - \"/auth/control\" - Missing control block\n * - \"/evidence/payment/amount\" - Invalid amount\n * - \"/auth/control/chain/0/result\" - Invalid result value\n */\n pointer?: string;\n\n /**\n * Human-readable remediation guidance\n *\n * Short hint for fixing the error.\n * Examples:\n * - \"Add control{} block when payment{} is present\"\n * - \"Ensure JWS signature is valid\"\n * - \"Retry after 60 seconds\"\n */\n remediation?: string;\n\n /**\n * Implementation-specific error details\n *\n * Additional context for debugging.\n * Structure varies by error code.\n */\n details?: unknown;\n}\n\n/**\n * Error code registry\n *\n * Well-known error codes. See docs/specs/ERRORS.md for complete list.\n */\nexport const ERROR_CODES = {\n // Validation errors (400)\n E_CONTROL_REQUIRED: 'E_CONTROL_REQUIRED',\n E_INVALID_ENVELOPE: 'E_INVALID_ENVELOPE',\n E_INVALID_CONTROL_CHAIN: 'E_INVALID_CONTROL_CHAIN',\n E_INVALID_PAYMENT: 'E_INVALID_PAYMENT',\n E_INVALID_POLICY_HASH: 'E_INVALID_POLICY_HASH',\n E_EXPIRED_RECEIPT: 'E_EXPIRED_RECEIPT',\n E_EVIDENCE_NOT_JSON: 'E_EVIDENCE_NOT_JSON',\n\n // Verification errors (401)\n E_INVALID_SIGNATURE: 'E_INVALID_SIGNATURE',\n E_SSRF_BLOCKED: 'E_SSRF_BLOCKED',\n E_DPOP_REPLAY: 'E_DPOP_REPLAY',\n E_DPOP_INVALID: 'E_DPOP_INVALID',\n\n // Control errors (403)\n E_CONTROL_DENIED: 'E_CONTROL_DENIED',\n\n // Infrastructure errors (502/503)\n E_JWKS_FETCH_FAILED: 'E_JWKS_FETCH_FAILED',\n E_POLICY_FETCH_FAILED: 'E_POLICY_FETCH_FAILED',\n E_NETWORK_ERROR: 'E_NETWORK_ERROR',\n\n // Workflow errors (400)\n E_WORKFLOW_CONTEXT_INVALID: 'E_WORKFLOW_CONTEXT_INVALID',\n E_WORKFLOW_DAG_INVALID: 'E_WORKFLOW_DAG_INVALID',\n E_WORKFLOW_LIMIT_EXCEEDED: 'E_WORKFLOW_LIMIT_EXCEEDED',\n E_WORKFLOW_ID_INVALID: 'E_WORKFLOW_ID_INVALID',\n E_WORKFLOW_STEP_ID_INVALID: 'E_WORKFLOW_STEP_ID_INVALID',\n E_WORKFLOW_PARENT_NOT_FOUND: 'E_WORKFLOW_PARENT_NOT_FOUND',\n E_WORKFLOW_SUMMARY_INVALID: 'E_WORKFLOW_SUMMARY_INVALID',\n E_WORKFLOW_CYCLE_DETECTED: 'E_WORKFLOW_CYCLE_DETECTED',\n\n // Constraint errors (400)\n E_CONSTRAINT_VIOLATION: 'E_CONSTRAINT_VIOLATION',\n\n // Wire 0.2 extension errors (400/)\n E_INVALID_EXTENSION_KEY: 'E_INVALID_EXTENSION_KEY',\n} as const;\n\n/**\n * Error code type\n */\nexport type ErrorCode = (typeof ERROR_CODES)[keyof typeof ERROR_CODES];\n\n/**\n * Helper to create a structured error\n */\nexport function createPEACError(\n code: ErrorCode,\n category: ErrorCategory,\n severity: ErrorSeverity,\n retryable: boolean,\n options?: {\n http_status?: number;\n pointer?: string;\n remediation?: string;\n details?: unknown;\n }\n): PEACError {\n return {\n code,\n category,\n severity,\n retryable,\n ...options,\n };\n}\n\n/**\n * Create an evidence validation error\n *\n * Used when evidence contains non-JSON-safe values like NaN, Infinity,\n * undefined, Date, Map, Set, BigInt, functions, or class instances.\n */\nexport function createEvidenceNotJsonError(message: string, path?: (string | number)[]): PEACError {\n return createPEACError(ERROR_CODES.E_EVIDENCE_NOT_JSON, 'validation', 'error', false, {\n http_status: 400,\n pointer: path ? '/' + path.join('/') : undefined,\n remediation:\n 'Ensure evidence contains only JSON-safe values (strings, finite numbers, booleans, null, arrays, plain objects)',\n details: { message },\n });\n}\n\n// ============================================================================\n// Workflow Error Helpers (v0.10.2+)\n// ============================================================================\n\n/**\n * Create a workflow context validation error\n *\n * Used when workflow_context does not conform to WorkflowContextSchema.\n */\nexport function createWorkflowContextInvalidError(details?: string): PEACError {\n return createPEACError(ERROR_CODES.E_WORKFLOW_CONTEXT_INVALID, 'validation', 'error', false, {\n http_status: 400,\n pointer: '/ext/org.peacprotocol~1workflow',\n remediation: 'Ensure workflow_context conforms to WorkflowContextSchema',\n details: { message: details ?? 'Invalid workflow context' },\n });\n}\n\n/**\n * Create a workflow DAG validation error\n *\n * Used when workflow DAG semantics are violated (self-parent, duplicate parents, cycle).\n */\nexport function createWorkflowDagInvalidError(\n reason: 'self_parent' | 'duplicate_parent' | 'cycle'\n): PEACError {\n const messages = {\n self_parent: 'Step cannot be its own parent',\n duplicate_parent: 'Parent step IDs must be unique',\n cycle: 'Workflow DAG contains a cycle',\n };\n return createPEACError(ERROR_CODES.E_WORKFLOW_DAG_INVALID, 'validation', 'error', false, {\n http_status: 400,\n pointer: '/ext/org.peacprotocol~1workflow/parent_step_ids',\n remediation: 'Ensure workflow forms a valid directed acyclic graph (DAG)',\n details: { reason, message: messages[reason] },\n });\n}\n\n// ============================================================================\n// Constraint Error Helpers (v0.11.0+)\n// ============================================================================\n\n/**\n * Create a kernel constraint violation error\n *\n * Used when receipt claims violate structural kernel constraints\n * (depth, array length, object keys, string length, total nodes).\n */\nexport function createConstraintViolationError(\n violations: Array<{\n constraint: string;\n actual: number;\n limit: number;\n path?: string;\n }>\n): PEACError {\n const first = violations[0];\n const summary = violations\n .map((v) => `${v.constraint} (actual: ${v.actual}, limit: ${v.limit})`)\n .join('; ');\n return createPEACError(ERROR_CODES.E_CONSTRAINT_VIOLATION, 'validation', 'error', false, {\n http_status: 400,\n pointer: first?.path,\n remediation: 'Reduce receipt claims size to stay within kernel constraints',\n details: { message: `Kernel constraint violated: ${summary}`, violations },\n });\n}\n","/**\n * Schema Normalization\n *\n * Functions to normalize receipt claims to a canonical form for comparison.\n * Produces byte-identical JCS output regardless of how the receipt was created.\n */\n\nimport type { PEACReceiptClaims, Subject } from './types.js';\nimport type { PaymentEvidence } from './evidence.js';\nimport type { ControlBlock, ControlStep } from './control.js';\nimport type { AttestationReceiptClaims } from './attestation-receipt.js';\nimport type { ParseSuccess } from './receipt-parser.js';\n\n/**\n * Normalized core claims for comparison.\n *\n * This is the minimal set of fields that represent the semantic meaning\n * of a receipt. All optional fields that are undefined are omitted.\n */\nexport interface CoreClaims {\n /** Issuer URL */\n iss: string;\n /** Audience / resource URL */\n aud: string;\n /** Receipt ID */\n rid: string;\n /** Issued at timestamp */\n iat: number;\n /** Expiry timestamp (omitted if not present) */\n exp?: number;\n /** Amount in smallest currency unit (commerce receipts) */\n amt?: number;\n /** Currency code (ISO 4217, commerce receipts) */\n cur?: string;\n /** Normalized payment evidence (commerce receipts) */\n payment?: NormalizedPayment;\n /** Subject (omitted if not present) */\n subject?: Subject;\n /** Control block (omitted if not present) */\n control?: NormalizedControl;\n}\n\n/**\n * Normalized payment evidence for comparison.\n *\n * Only includes the semantic fields, not rail-specific evidence.\n */\nexport interface NormalizedPayment {\n rail: string;\n reference: string;\n amount: number;\n currency: string;\n asset: string;\n env: 'live' | 'test';\n network?: string;\n aggregator?: string;\n routing?: 'direct' | 'callback' | 'role';\n}\n\n/**\n * Normalized control block for comparison.\n */\nexport interface NormalizedControl {\n chain: NormalizedControlStep[];\n}\n\n/**\n * Normalized control step for comparison.\n */\nexport interface NormalizedControlStep {\n engine: string;\n result: string;\n}\n\n/**\n * Normalize a payment evidence object.\n *\n * Extracts only the semantic fields, omitting rail-specific evidence\n * and optional fields that are undefined.\n */\nfunction normalizePayment(payment: PaymentEvidence): NormalizedPayment {\n const result: NormalizedPayment = {\n rail: payment.rail,\n reference: payment.reference,\n amount: payment.amount,\n currency: payment.currency,\n asset: payment.asset,\n env: payment.env,\n };\n\n // Only include optional fields if defined\n if (payment.network !== undefined) {\n result.network = payment.network;\n }\n if (payment.aggregator !== undefined) {\n result.aggregator = payment.aggregator;\n }\n if (payment.routing !== undefined) {\n result.routing = payment.routing;\n }\n\n return result;\n}\n\n/**\n * Normalize a control step.\n */\nfunction normalizeControlStep(step: ControlStep): NormalizedControlStep {\n return {\n engine: step.engine,\n result: step.result,\n };\n}\n\n/**\n * Normalize a control block.\n */\nfunction normalizeControl(control: ControlBlock): NormalizedControl {\n return {\n chain: control.chain.map(normalizeControlStep),\n };\n}\n\n/**\n * Extract core claims from a receipt for comparison.\n *\n * Supports both commerce and attestation receipts. Accepts either a\n * ParseSuccess result from parseReceiptClaims() (preferred) or bare\n * PEACReceiptClaims (backward compat).\n *\n * For attestation receipts, maps sub -> subject.uri (normative mapping\n * per PEAC attestation profile -- sub is a URI identifying the\n * interaction target).\n *\n * The output:\n * - Contains only semantically meaningful fields\n * - Omits undefined optional fields (not null, not empty string)\n * - Uses consistent field ordering (JCS handles this)\n * - Strips rail-specific evidence details\n *\n * @param input - Parsed receipt result or bare commerce claims\n * @returns Normalized core claims\n *\n * @example\n * ```ts\n * import { parseReceiptClaims, toCoreClaims } from '@peac/schema';\n *\n * const parsed = parseReceiptClaims(decodedPayload);\n * if (parsed.ok) {\n * const core = toCoreClaims(parsed);\n * }\n * ```\n */\nexport function toCoreClaims(parsed: ParseSuccess): CoreClaims;\nexport function toCoreClaims(claims: PEACReceiptClaims): CoreClaims;\nexport function toCoreClaims(input: ParseSuccess | PEACReceiptClaims): CoreClaims {\n // Detect ParseSuccess shape\n if ('ok' in input && input.ok === true && 'variant' in input) {\n const parsed = input as ParseSuccess;\n if (parsed.variant === 'commerce') {\n return commerceCoreClaims(parsed.claims as PEACReceiptClaims);\n }\n return attestationCoreClaims(parsed.claims as AttestationReceiptClaims);\n }\n // Legacy: bare PEACReceiptClaims (backward compat)\n return commerceCoreClaims(input as PEACReceiptClaims);\n}\n\nfunction commerceCoreClaims(claims: PEACReceiptClaims): CoreClaims {\n const result: CoreClaims = {\n iss: claims.iss,\n aud: claims.aud,\n rid: claims.rid,\n iat: claims.iat,\n ...(claims.amt !== undefined && { amt: claims.amt }),\n ...(claims.cur !== undefined && { cur: claims.cur }),\n ...(claims.payment !== undefined && { payment: normalizePayment(claims.payment) }),\n };\n\n if (claims.exp !== undefined) {\n result.exp = claims.exp;\n }\n\n if (claims.subject !== undefined) {\n result.subject = { uri: claims.subject.uri };\n }\n\n if (claims.ext?.control !== undefined) {\n result.control = normalizeControl(claims.ext.control);\n }\n\n return result;\n}\n\nfunction attestationCoreClaims(claims: AttestationReceiptClaims): CoreClaims {\n const result: CoreClaims = {\n iss: claims.iss,\n aud: claims.aud,\n rid: claims.rid,\n iat: claims.iat,\n };\n\n if (claims.exp !== undefined) {\n result.exp = claims.exp;\n }\n\n // sub -> subject.uri mapping: attestation profile uses sub (string)\n // as the interaction target URI, equivalent to commerce subject.uri\n if (claims.sub !== undefined) {\n result.subject = { uri: claims.sub };\n }\n\n return result;\n}\n","/**\n * PEAC Purpose Types (v0.9.24+)\n *\n * Purpose type hierarchy for forward-compatible purpose handling:\n * - PurposeToken: Wire format (string) - preserves unknown tokens\n * - CanonicalPurpose: PEAC's normative vocabulary - enforcement semantics\n * - PurposeReason: Audit spine for enforcement decisions\n *\n * @see specs/kernel/constants.json for canonical values\n */\n\n/**\n * PurposeToken - Wire format string with validation grammar\n *\n * Allows unknown tokens for forward compatibility. Any valid token\n * that matches the grammar is accepted and preserved.\n *\n * Grammar: lowercase, max 64 chars, [a-z0-9_-] + optional vendor prefix (vendor:token)\n * Hyphens allowed for interop with external systems (Cloudflare, IETF AIPREF, etc.)\n *\n * Examples: \"train\", \"search\", \"user_action\", \"user-action\", \"cf:ai_crawler\", \"cf:ai-crawler\"\n */\nexport type PurposeToken = string;\n\n/**\n * CanonicalPurpose - PEAC's normative vocabulary\n *\n * These are the only tokens PEAC enforces semantics for.\n * Matches specs/kernel/constants.json purpose.canonical_tokens.\n *\n * - train: Model training data collection\n * - search: Traditional search indexing\n * - user_action: Agent acting on user behalf (v0.9.24+)\n * - inference: Runtime inference / RAG\n * - index: Content indexing (store)\n */\nexport type CanonicalPurpose = 'train' | 'search' | 'user_action' | 'inference' | 'index';\n\n/**\n * Internal-only purpose value (never valid on wire)\n *\n * Applied when PEAC-Purpose header is missing or empty.\n * Explicit \"undeclared\" in request -> 400 Bad Request.\n */\nexport type InternalPurpose = 'undeclared';\n\n/**\n * PurposeReason - Audit spine for enforcement decisions\n *\n * Captures WHY a purpose was enforced differently than declared.\n * Matches specs/kernel/constants.json purpose.reason_values.\n */\nexport type PurposeReason =\n | 'allowed' // Purpose permitted as declared (happy path)\n | 'constrained' // Allowed with rate limits applied\n | 'denied' // Purpose rejected by policy\n | 'downgraded' // More restrictive purpose applied\n | 'undeclared_default' // No purpose declared, default applied\n | 'unknown_preserved'; // Unknown purpose token, preserved but flagged\n\n/**\n * Legacy purpose tokens from pre-v0.9.24\n *\n * These are mapped to CanonicalPurpose via mapLegacyToCanonical().\n * Retained for backward compatibility with existing ControlPurpose usage.\n */\nexport type LegacyPurpose = 'crawl' | 'ai_input' | 'ai_index';\n\n// ============================================================================\n// Validation Constants\n// ============================================================================\n\n/**\n * Grammar validation for PurposeToken\n *\n * Pattern: lowercase letter, optionally followed by alphanumeric/underscore/hyphen\n * characters that MUST end with a letter or digit (no trailing separators).\n * Optional vendor prefix separated by colon follows the same rules.\n *\n * Hyphens are allowed for interoperability with external systems (Cloudflare,\n * IETF AIPREF, etc.) that use hyphenated tokens like \"user-action\" or \"train-ai\".\n *\n * Valid: \"train\", \"user_action\", \"user-action\", \"cf:ai_crawler\", \"cf:ai-crawler\", \"a\", \"a1\"\n * Invalid: \"Train\", \"123abc\", \"\", \"-train\", \"train-\", \"train_\", \"cf:ai-\", \"cf:-ai\"\n */\nexport const PURPOSE_TOKEN_REGEX =\n /^[a-z](?:[a-z0-9_-]*[a-z0-9])?(?::[a-z](?:[a-z0-9_-]*[a-z0-9])?)?$/;\n\n/** Maximum length for a purpose token */\nexport const MAX_PURPOSE_TOKEN_LENGTH = 64;\n\n/** Maximum number of purpose tokens per request (RECOMMENDED, not MUST) */\nexport const MAX_PURPOSE_TOKENS_PER_REQUEST = 10;\n\n/** Canonical purpose tokens (from constants.json) */\nexport const CANONICAL_PURPOSES: readonly CanonicalPurpose[] = [\n 'train',\n 'search',\n 'user_action',\n 'inference',\n 'index',\n] as const;\n\n/** Purpose reason values (from constants.json) */\nexport const PURPOSE_REASONS: readonly PurposeReason[] = [\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n] as const;\n\n/** Internal-only purpose value */\nexport const INTERNAL_PURPOSE_UNDECLARED: InternalPurpose = 'undeclared';\n\n// ============================================================================\n// Validation Functions\n// ============================================================================\n\n/**\n * Check if a string is a valid PurposeToken\n *\n * Validates against the purpose token grammar:\n * - Lowercase letters, digits, underscores, hyphens\n * - Optional vendor prefix with colon\n * - Max 64 characters\n * - Must start with lowercase letter\n *\n * @param token - String to validate\n * @returns true if valid PurposeToken\n */\nexport function isValidPurposeToken(token: string): token is PurposeToken {\n if (typeof token !== 'string') return false;\n if (token.length === 0 || token.length > MAX_PURPOSE_TOKEN_LENGTH) return false;\n return PURPOSE_TOKEN_REGEX.test(token);\n}\n\n/**\n * Check if a PurposeToken is a CanonicalPurpose\n *\n * @param token - Token to check\n * @returns true if token is in canonical vocabulary\n */\nexport function isCanonicalPurpose(token: string): token is CanonicalPurpose {\n return (CANONICAL_PURPOSES as readonly string[]).includes(token);\n}\n\n/**\n * Check if a PurposeToken is a LegacyPurpose\n *\n * @param token - Token to check\n * @returns true if token is a legacy purpose\n */\nexport function isLegacyPurpose(token: string): token is LegacyPurpose {\n return token === 'crawl' || token === 'ai_input' || token === 'ai_index';\n}\n\n/**\n * Check if a string is a valid PurposeReason\n *\n * @param reason - String to check\n * @returns true if valid PurposeReason\n */\nexport function isValidPurposeReason(reason: string): reason is PurposeReason {\n return (PURPOSE_REASONS as readonly string[]).includes(reason);\n}\n\n/**\n * Check if a purpose token is the internal-only \"undeclared\" value\n *\n * Used to reject explicit \"undeclared\" on wire (400 Bad Request).\n *\n * @param token - Token to check\n * @returns true if token is \"undeclared\"\n */\nexport function isUndeclaredPurpose(token: string): boolean {\n return token === INTERNAL_PURPOSE_UNDECLARED;\n}\n\n// ============================================================================\n// Normalization Functions\n// ============================================================================\n\n/**\n * Normalize a purpose token\n *\n * Applies normalization rules:\n * - Trim whitespace\n * - Lowercase\n *\n * @param token - Raw token from header\n * @returns Normalized token\n */\nexport function normalizePurposeToken(token: string): string {\n return token.trim().toLowerCase();\n}\n\n/**\n * Parse PEAC-Purpose header value into array of tokens\n *\n * Applies parsing rules:\n * - Split on commas\n * - Trim optional whitespace (OWS) around tokens\n * - Lowercase all tokens\n * - Drop empty tokens\n * - Deduplicate\n * - Preserve input order\n *\n * @param headerValue - Raw PEAC-Purpose header value\n * @returns Array of normalized PurposeToken values\n */\nexport function parsePurposeHeader(headerValue: string): PurposeToken[] {\n if (!headerValue || typeof headerValue !== 'string') {\n return [];\n }\n\n const seen = new Set<string>();\n const tokens: PurposeToken[] = [];\n\n for (const part of headerValue.split(',')) {\n const normalized = normalizePurposeToken(part);\n if (normalized.length > 0 && !seen.has(normalized)) {\n seen.add(normalized);\n tokens.push(normalized);\n }\n }\n\n return tokens;\n}\n\n/**\n * Validate parsed purpose tokens\n *\n * Returns validation result with:\n * - valid: All tokens pass grammar validation\n * - tokens: All normalized tokens (including invalid ones)\n * - invalidTokens: Tokens that failed grammar validation\n * - undeclaredPresent: true if explicit \"undeclared\" was found (should reject)\n *\n * @param tokens - Array of parsed tokens\n * @returns Validation result\n */\nexport interface PurposeValidationResult {\n valid: boolean;\n tokens: PurposeToken[];\n invalidTokens: string[];\n undeclaredPresent: boolean;\n}\n\nexport function validatePurposeTokens(tokens: PurposeToken[]): PurposeValidationResult {\n const invalidTokens: string[] = [];\n let undeclaredPresent = false;\n\n for (const token of tokens) {\n if (isUndeclaredPurpose(token)) {\n undeclaredPresent = true;\n }\n if (!isValidPurposeToken(token)) {\n invalidTokens.push(token);\n }\n }\n\n return {\n valid: invalidTokens.length === 0 && !undeclaredPresent,\n tokens,\n invalidTokens,\n undeclaredPresent,\n };\n}\n\n/**\n * Derive known canonical purposes from declared tokens\n *\n * Filters purpose_declared to get only canonical purposes.\n * This is a helper derivation, NOT stored on wire.\n *\n * @param declared - Array of declared PurposeTokens\n * @returns Array of CanonicalPurpose tokens\n */\nexport function deriveKnownPurposes(declared: PurposeToken[]): CanonicalPurpose[] {\n return declared.filter(isCanonicalPurpose);\n}\n\n// ============================================================================\n// Legacy Mapping\n// ============================================================================\n\n/**\n * Legacy purpose to canonical mapping\n */\nconst LEGACY_TO_CANONICAL: Record<LegacyPurpose, CanonicalPurpose> = {\n crawl: 'index', // Crawl implies indexing\n ai_input: 'inference', // RAG/grounding -> inference context\n ai_index: 'index', // AI-powered indexing -> index\n};\n\n/**\n * Map legacy purpose to canonical purpose\n *\n * Used for backward compatibility with pre-v0.9.24 ControlPurpose values.\n *\n * @param legacy - Legacy purpose token\n * @returns Mapping result with canonical purpose and audit note\n */\nexport interface LegacyMappingResult {\n canonical: CanonicalPurpose;\n mapping_note: string;\n}\n\nexport function mapLegacyToCanonical(legacy: LegacyPurpose): LegacyMappingResult {\n const canonical = LEGACY_TO_CANONICAL[legacy];\n return {\n canonical,\n mapping_note: `Mapped legacy '${legacy}' to canonical '${canonical}'`,\n };\n}\n\n/**\n * Normalize any purpose token (canonical, legacy, or unknown)\n *\n * Returns the canonical form if known, otherwise preserves the token.\n *\n * @param token - Any valid PurposeToken\n * @returns Canonical purpose if mapped, otherwise original token\n */\nexport function normalizeToCanonicalOrPreserve(\n token: PurposeToken\n):\n | { purpose: CanonicalPurpose; mapped: false }\n | { purpose: PurposeToken; mapped: true; from: LegacyPurpose }\n | { purpose: PurposeToken; mapped: false; unknown: true } {\n if (isCanonicalPurpose(token)) {\n return { purpose: token, mapped: false };\n }\n if (isLegacyPurpose(token)) {\n return { purpose: LEGACY_TO_CANONICAL[token], mapped: true, from: token };\n }\n return { purpose: token, mapped: false, unknown: true };\n}\n\n// ============================================================================\n// Purpose Reason Determination (v0.9.24+)\n// ============================================================================\n\n/**\n * Decision type for purpose reason determination\n *\n * Maps to policy decisions that affect purpose enforcement.\n */\nexport type PurposeDecision = 'allowed' | 'constrained' | 'denied' | 'downgraded';\n\n/**\n * Context for determining purpose reason\n */\nexport interface PurposeReasonContext {\n /**\n * Whether purposes were declared (PEAC-Purpose header present and non-empty).\n * If false, reason will be 'undeclared_default'.\n */\n declared: boolean;\n\n /**\n * Whether any unknown (non-canonical) tokens are present in declared purposes.\n * If true and declared is true, reason will be 'unknown_preserved'.\n */\n hasUnknownTokens: boolean;\n\n /**\n * The policy decision (only used if declared and no unknown tokens).\n * Defaults to 'allowed' if not provided.\n */\n decision?: PurposeDecision;\n}\n\n/**\n * Determine the appropriate PurposeReason based on context\n *\n * This helper implements the decision logic for the audit spine:\n * 1. If no purposes declared -> 'undeclared_default'\n * 2. If unknown tokens present -> 'unknown_preserved'\n * 3. Otherwise -> maps to policy decision\n *\n * @param context - Context for determination\n * @returns The appropriate PurposeReason for the audit spine\n *\n * @example\n * ```typescript\n * // Missing PEAC-Purpose header\n * determinePurposeReason({ declared: false, hasUnknownTokens: false });\n * // => 'undeclared_default'\n *\n * // Has vendor-prefixed tokens\n * determinePurposeReason({ declared: true, hasUnknownTokens: true, decision: 'allowed' });\n * // => 'unknown_preserved'\n *\n * // All canonical tokens, allowed by policy\n * determinePurposeReason({ declared: true, hasUnknownTokens: false, decision: 'allowed' });\n * // => 'allowed'\n * ```\n */\nexport function determinePurposeReason(context: PurposeReasonContext): PurposeReason {\n // Priority 1: No purposes declared\n if (!context.declared) {\n return 'undeclared_default';\n }\n\n // Priority 2: Unknown tokens present (preserved for forward-compat)\n if (context.hasUnknownTokens) {\n return 'unknown_preserved';\n }\n\n // Priority 3: Map policy decision to reason\n const decision = context.decision ?? 'allowed';\n switch (decision) {\n case 'allowed':\n return 'allowed';\n case 'constrained':\n return 'constrained';\n case 'denied':\n return 'denied';\n case 'downgraded':\n return 'downgraded';\n default:\n return 'allowed';\n }\n}\n\n/**\n * Check if any tokens in an array are unknown (non-canonical)\n *\n * @param tokens - Array of purpose tokens\n * @returns true if any token is not a canonical purpose\n */\nexport function hasUnknownPurposeTokens(tokens: PurposeToken[]): boolean {\n return tokens.some((token) => !isCanonicalPurpose(token));\n}\n","/**\n * Normative kernel constraints for PEAC receipts.\n *\n * These limits are formalized from existing ad-hoc limits already\n * enforced in the codebase:\n * - JSON_EVIDENCE_LIMITS (json.ts): depth, array, keys, string, nodes\n * - CLOCK_SKEW_SECONDS: temporal validity tolerance\n *\n * String length is measured in code units (.length), matching the semantics\n * of assertJsonSafeIterative(). UTF-8 byte-length caps may be introduced\n * as an explicit tightening in a future version.\n *\n * Payment/rail-specific limits (x402 DoS guards) are intentionally\n * NOT included here -- they belong in the rail/adapter layer.\n */\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/**\n * Kernel constraints governing PEAC receipt structure and validation.\n * All packages MUST respect these limits.\n *\n * Provenance:\n * - MAX_NESTED_DEPTH..MAX_TOTAL_NODES: from JSON_EVIDENCE_LIMITS (json.ts)\n * - CLOCK_SKEW_SECONDS: from temporal validity\n */\nexport const KERNEL_CONSTRAINTS = {\n /** Maximum nesting depth for JSON evidence */\n MAX_NESTED_DEPTH: 32,\n /** Maximum array length in evidence */\n MAX_ARRAY_LENGTH: 10_000,\n /** Maximum object keys in a single object */\n MAX_OBJECT_KEYS: 1_000,\n /** Maximum string length in code units (JS .length). Matches assertJsonSafeIterative. */\n MAX_STRING_LENGTH: 65_536,\n /** Maximum total nodes to visit during traversal */\n MAX_TOTAL_NODES: 100_000,\n /** Temporal validity clock skew tolerance in seconds */\n CLOCK_SKEW_SECONDS: 60,\n} as const;\n\nexport type KernelConstraintKey = keyof typeof KERNEL_CONSTRAINTS;\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport interface ConstraintViolation {\n constraint: KernelConstraintKey;\n actual: number;\n limit: number;\n path?: string;\n}\n\nexport interface ConstraintValidationResult {\n valid: boolean;\n violations: ConstraintViolation[];\n}\n\n// ---------------------------------------------------------------------------\n// Validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate claims against structural kernel constraints using iterative\n * (stack-safe) traversal. Checks depth, array length, object keys, string\n * length, and total node count. Semantic constraints like CLOCK_SKEW_SECONDS\n * are enforced by receipt verification, not this structural validator.\n *\n * Traversal semantics are aligned with assertJsonSafeIterative(): every value\n * (including primitives) is pushed to the stack and counted when popped.\n * String length uses .length (code units), matching assertJsonSafeIterative.\n *\n * **Cycle safety:** This function assumes acyclic input (e.g., the output of\n * JSON.parse(), which is acyclic by construction). If passed a cyclic object\n * graph, traversal will terminate when MAX_TOTAL_NODES is reached -- it will\n * not hang -- but the violation report may be misleading. Callers with\n * potentially cyclic inputs should pre-check with a WeakSet guard.\n *\n * Never throws -- always returns a result object.\n */\nexport function validateKernelConstraints(claims: unknown): ConstraintValidationResult {\n const violations: ConstraintViolation[] = [];\n\n if (claims === null || claims === undefined || typeof claims !== 'object') {\n return { valid: true, violations };\n }\n\n // Iterative traversal aligned with assertJsonSafeIterative():\n // ALL values (primitives, arrays, objects) go on the stack and are\n // counted when popped. This ensures node counts match the existing\n // JSON safety validator.\n let totalNodes = 0;\n const stack: Array<{ value: unknown; depth: number; path: string }> = [\n { value: claims, depth: 0, path: '' },\n ];\n\n while (stack.length > 0) {\n const item = stack.pop()!;\n totalNodes++;\n\n // Total nodes check\n if (totalNodes > KERNEL_CONSTRAINTS.MAX_TOTAL_NODES) {\n violations.push({\n constraint: 'MAX_TOTAL_NODES',\n actual: totalNodes,\n limit: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES,\n path: item.path,\n });\n break; // Stop traversal to avoid runaway\n }\n\n // Depth check -- applies to ALL nodes (primitives and containers),\n // matching assertJsonSafeIterative() semantics. A primitive leaf at\n // depth 33 is a violation even though it has no children to descend into.\n if (item.depth > KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH) {\n violations.push({\n constraint: 'MAX_NESTED_DEPTH',\n actual: item.depth,\n limit: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,\n path: item.path,\n });\n continue; // Don't descend further (no-op for primitives, prevents deeper nesting for containers)\n }\n\n // Primitives\n if (item.value === null || typeof item.value !== 'object') {\n if (typeof item.value === 'string') {\n // Use .length (code units) to match assertJsonSafeIterative semantics\n if (item.value.length > KERNEL_CONSTRAINTS.MAX_STRING_LENGTH) {\n violations.push({\n constraint: 'MAX_STRING_LENGTH',\n actual: item.value.length,\n limit: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,\n path: item.path,\n });\n }\n }\n continue;\n }\n\n // Arrays\n if (Array.isArray(item.value)) {\n if (item.value.length > KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH) {\n violations.push({\n constraint: 'MAX_ARRAY_LENGTH',\n actual: item.value.length,\n limit: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,\n path: item.path,\n });\n }\n // Push all elements to stack (aligned with assertJsonSafeIterative)\n for (let i = item.value.length - 1; i >= 0; i--) {\n stack.push({\n value: item.value[i],\n depth: item.depth + 1,\n path: `${item.path}[${i}]`,\n });\n }\n continue;\n }\n\n // Objects\n const keys = Object.keys(item.value as Record<string, unknown>);\n if (keys.length > KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS) {\n violations.push({\n constraint: 'MAX_OBJECT_KEYS',\n actual: keys.length,\n limit: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,\n path: item.path,\n });\n }\n // Push all values to stack (aligned with assertJsonSafeIterative)\n for (let i = keys.length - 1; i >= 0; i--) {\n const key = keys[i];\n const childPath = item.path ? `${item.path}.${key}` : key;\n stack.push({\n value: (item.value as Record<string, unknown>)[key],\n depth: item.depth + 1,\n path: childPath,\n });\n }\n }\n\n return { valid: violations.length === 0, violations };\n}\n","/**\n * JSON-safe validation schemas\n *\n * Provides Zod schemas that guarantee JSON roundtrip safety:\n * - Rejects NaN, Infinity, -Infinity (not valid JSON numbers)\n * - Rejects undefined (dropped by JSON.stringify)\n * - Rejects non-plain objects (Date, Map, Set, class instances)\n * - Rejects functions, symbols, bigints\n */\n\nimport { z } from 'zod';\nimport type { JsonValue, JsonObject, JsonArray } from '@peac/kernel';\nimport { KERNEL_CONSTRAINTS } from './constraints';\n\n/**\n * Check if value is a plain object (not Date, Map, Set, class instance, etc.)\n *\n * A plain object has prototype of Object.prototype or null.\n * This rejects Date, Map, Set, Array, and class instances even when\n * they have zero enumerable properties (which would pass z.record()).\n */\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== 'object') {\n return false;\n }\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n/**\n * JSON number schema - rejects NaN and Infinity\n *\n * JSON.stringify(NaN) === \"null\" and JSON.stringify(Infinity) === \"null\"\n * which silently corrupts data. We reject these at validation time.\n */\nconst JsonNumberSchema = z.number().finite();\n\n/**\n * JSON primitive schema - string, finite number, boolean, null\n */\nexport const JsonPrimitiveSchema = z.union([z.string(), JsonNumberSchema, z.boolean(), z.null()]);\n\n/**\n * Plain object schema (internal) - validates object is plain before recursive validation\n */\nconst PlainObjectSchema = z.unknown().refine(isPlainObject, {\n message: 'Expected plain object, received non-plain object (Date, Map, Set, or class instance)',\n});\n\n/**\n * JSON value schema - recursive type for any valid JSON value\n *\n * Validates:\n * - Primitives: string, finite number, boolean, null\n * - Arrays: containing valid JSON values\n * - Objects: plain objects with string keys and valid JSON values\n *\n * Rejects:\n * - undefined (dropped by JSON.stringify)\n * - NaN, Infinity, -Infinity (become null in JSON)\n * - BigInt (throws in JSON.stringify)\n * - Date (becomes ISO string - implicit conversion)\n * - Map, Set (become {} in JSON)\n * - Functions, Symbols (dropped by JSON.stringify)\n * - Class instances (prototype chain lost)\n */\nexport const JsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n z.union([\n JsonPrimitiveSchema,\n z.array(JsonValueSchema),\n // Plain object check then record validation\n PlainObjectSchema.transform((obj) => obj as Record<string, unknown>).pipe(\n z.record(z.string(), JsonValueSchema)\n ),\n ])\n) as z.ZodType<JsonValue>;\n\n/**\n * JSON object schema - plain object with string keys and JSON values\n *\n * Rejects non-plain objects (Date, Map, Set, class instances).\n */\nexport const JsonObjectSchema: z.ZodType<JsonObject> = PlainObjectSchema.transform(\n (obj) => obj as Record<string, unknown>\n).pipe(z.record(z.string(), JsonValueSchema)) as z.ZodType<JsonObject>;\n\n/**\n * JSON array schema - array of JSON values\n */\nexport const JsonArraySchema: z.ZodType<JsonArray> = z.array(JsonValueSchema);\n\n/**\n * Default limits for JSON evidence validation.\n *\n * Derived from KERNEL_CONSTRAINTS (single source of truth).\n * These are conservative defaults to prevent DoS attacks via deeply nested\n * or excessively large JSON structures.\n */\nexport const JSON_EVIDENCE_LIMITS = {\n /** Maximum nesting depth (default: 32) */\n maxDepth: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,\n /** Maximum array length (default: 10,000) */\n maxArrayLength: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,\n /** Maximum object keys (default: 1,000) */\n maxObjectKeys: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,\n /** Maximum string length in code units (default: 65,536) */\n maxStringLength: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,\n /** Maximum total nodes to visit (default: 100,000) */\n maxTotalNodes: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES,\n} as const;\n\n/**\n * Limits for JSON evidence validation\n *\n * @internal - Not part of public API. Use validateEvidence() with defaults.\n *\n * For testing only: import via UNSAFE_JsonEvidenceLimits\n */\nexport interface JsonEvidenceLimits {\n maxDepth?: number;\n maxArrayLength?: number;\n maxObjectKeys?: number;\n maxStringLength?: number;\n maxTotalNodes?: number;\n}\n\n/**\n * Result of JSON safety validation\n */\nexport type JsonSafetyResult =\n | { ok: true }\n | { ok: false; error: string; path: (string | number)[] };\n\n/**\n * Stack entry type for iterative traversal\n *\n * - \"enter\": entering an object/array, need to validate and push children\n * - \"exit\": exiting an object/array, remove from current path (for cycle detection)\n */\ntype StackEntry =\n | { type: 'enter'; value: unknown; path: (string | number)[]; depth: number }\n | { type: 'exit'; obj: object };\n\n/**\n * Iterative JSON safety validator\n *\n * Validates that a value is JSON-safe without using recursion, preventing\n * stack overflow on deeply nested structures. Uses an explicit stack for\n * traversal with entry/exit markers for correct cycle detection.\n *\n * Cycle Detection:\n * Uses a path-based approach where only objects on the current traversal\n * path are tracked. This correctly allows diamond structures (same object\n * referenced from multiple paths) while rejecting actual cycles (object\n * references itself through its descendants).\n *\n * Rejects:\n * - Cycles (object references itself directly or indirectly)\n * - Non-plain objects (Date, Map, Set, class instances)\n * - Non-finite numbers (NaN, Infinity, -Infinity)\n * - undefined, BigInt, functions, symbols\n * - Structures exceeding depth/size limits\n *\n * Allows:\n * - Diamond structures (same object referenced from multiple paths)\n *\n * @param value - Value to validate\n * @param limits - Optional limits (defaults to JSON_EVIDENCE_LIMITS)\n * @returns Result indicating success or failure with error details\n */\nexport function assertJsonSafeIterative(\n value: unknown,\n limits: JsonEvidenceLimits = {}\n): JsonSafetyResult {\n const maxDepth = limits.maxDepth ?? JSON_EVIDENCE_LIMITS.maxDepth;\n const maxArrayLength = limits.maxArrayLength ?? JSON_EVIDENCE_LIMITS.maxArrayLength;\n const maxObjectKeys = limits.maxObjectKeys ?? JSON_EVIDENCE_LIMITS.maxObjectKeys;\n const maxStringLength = limits.maxStringLength ?? JSON_EVIDENCE_LIMITS.maxStringLength;\n const maxTotalNodes = limits.maxTotalNodes ?? JSON_EVIDENCE_LIMITS.maxTotalNodes;\n\n // Track objects on the current traversal path for cycle detection.\n // An object appearing twice on the same path is a cycle.\n // An object appearing on different paths (diamond) is NOT a cycle.\n const pathSet = new WeakSet<object>();\n\n // Track total nodes visited for DoS protection\n let nodeCount = 0;\n\n // Stack with entry/exit markers for path tracking\n const stack: StackEntry[] = [{ type: 'enter', value, path: [], depth: 0 }];\n\n while (stack.length > 0) {\n const entry = stack.pop()!;\n\n // Handle exit marker - remove object from current path\n if (entry.type === 'exit') {\n pathSet.delete(entry.obj);\n continue;\n }\n\n const { value: current, path, depth } = entry;\n\n // Check total node limit\n nodeCount++;\n if (nodeCount > maxTotalNodes) {\n return {\n ok: false,\n error: `Maximum total nodes exceeded (limit: ${maxTotalNodes})`,\n path,\n };\n }\n\n // Check depth limit\n if (depth > maxDepth) {\n return {\n ok: false,\n error: `Maximum depth exceeded (limit: ${maxDepth})`,\n path,\n };\n }\n\n // Handle null (valid JSON)\n if (current === null) {\n continue;\n }\n\n // Handle primitives\n const type = typeof current;\n\n if (type === 'string') {\n if ((current as string).length > maxStringLength) {\n return {\n ok: false,\n error: `String exceeds maximum length (limit: ${maxStringLength})`,\n path,\n };\n }\n continue;\n }\n\n if (type === 'number') {\n if (!Number.isFinite(current as number)) {\n return {\n ok: false,\n error: `Non-finite number: ${current}`,\n path,\n };\n }\n continue;\n }\n\n if (type === 'boolean') {\n continue;\n }\n\n // Reject non-JSON types\n if (type === 'undefined') {\n return { ok: false, error: 'undefined is not valid JSON', path };\n }\n\n if (type === 'bigint') {\n return { ok: false, error: 'BigInt is not valid JSON', path };\n }\n\n if (type === 'function') {\n return { ok: false, error: 'Function is not valid JSON', path };\n }\n\n if (type === 'symbol') {\n return { ok: false, error: 'Symbol is not valid JSON', path };\n }\n\n // Handle objects (arrays and plain objects)\n if (type === 'object') {\n const obj = current as object;\n\n // Cycle detection - check if object is already on the current path\n // (not just visited anywhere, but specifically an ancestor)\n if (pathSet.has(obj)) {\n return { ok: false, error: 'Cycle detected in object graph', path };\n }\n\n // Add to current path and push exit marker to remove when done\n pathSet.add(obj);\n stack.push({ type: 'exit', obj });\n\n // Handle arrays\n if (Array.isArray(obj)) {\n if (obj.length > maxArrayLength) {\n return {\n ok: false,\n error: `Array exceeds maximum length (limit: ${maxArrayLength})`,\n path,\n };\n }\n // Push array elements to stack in reverse order for correct traversal\n for (let i = obj.length - 1; i >= 0; i--) {\n stack.push({ type: 'enter', value: obj[i], path: [...path, i], depth: depth + 1 });\n }\n continue;\n }\n\n // Check for non-plain objects (Date, Map, Set, class instances, etc.)\n const proto = Object.getPrototypeOf(obj);\n if (proto !== Object.prototype && proto !== null) {\n const constructorName = obj.constructor?.name ?? 'unknown';\n return {\n ok: false,\n error: `Non-plain object (${constructorName}) is not valid JSON`,\n path,\n };\n }\n\n // Handle plain objects\n const keys = Object.keys(obj);\n if (keys.length > maxObjectKeys) {\n return {\n ok: false,\n error: `Object exceeds maximum key count (limit: ${maxObjectKeys})`,\n path,\n };\n }\n // Push object values to stack\n for (let i = keys.length - 1; i >= 0; i--) {\n const key = keys[i];\n stack.push({\n type: 'enter',\n value: (obj as Record<string, unknown>)[key],\n path: [...path, key],\n depth: depth + 1,\n });\n }\n continue;\n }\n\n // Shouldn't reach here, but reject unknown types\n return { ok: false, error: `Unknown type: ${type}`, path };\n }\n\n return { ok: true };\n}\n","/**\n * Agent Identity Attestation Types and Validators (v0.9.25+)\n *\n * Provides cryptographic proof-of-control binding for agents,\n * distinguishing operator-verified bots from user-delegated agents.\n *\n * @see docs/specs/AGENT-IDENTITY.md for normative specification\n */\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport { JsonValueSchema } from './json';\n\n// =============================================================================\n// CONTROL TYPE (v0.9.25+)\n// =============================================================================\n\n/**\n * Control type distinguishes operator-verified bots from user-delegated agents.\n *\n * - 'operator': Bot/crawler operated by a known organization (e.g., Googlebot, GPTBot)\n * - 'user-delegated': Agent acting on behalf of a human user (e.g., browser extension, AI assistant)\n */\nexport const ControlTypeSchema = z.enum(['operator', 'user-delegated']);\nexport type ControlType = z.infer<typeof ControlTypeSchema>;\n\n/**\n * Array of valid control types for runtime checks\n */\nexport const CONTROL_TYPES = ['operator', 'user-delegated'] as const;\n\n// =============================================================================\n// PROOF METHOD (v0.9.25+)\n// =============================================================================\n\n/**\n * @deprecated ProofMethodSchema is deprecated as of v0.12.2.\n * Transport-level binding methods (HTTP signatures, DPoP, mTLS, JWK thumbprint)\n * are semantically distinct from trust-root models (ProofTypeSchema).\n * This alias remains functional through v0.12.x. No consumer action required now.\n * In v0.13.0, AgentProofSchema.method will migrate to either an inline enum\n * or a dedicated TransportBindingMethodSchema. Remove-not-before: v0.13.0.\n *\n * @see ProofTypeSchema for the canonical trust-root model schema\n */\nexport const ProofMethodSchema = z.enum([\n 'http-message-signature',\n 'dpop',\n 'mtls',\n 'jwk-thumbprint',\n]);\nexport type ProofMethod = z.infer<typeof ProofMethodSchema>;\n\n/**\n * @deprecated See ProofMethodSchema deprecation note.\n */\nexport const PROOF_METHODS = ['http-message-signature', 'dpop', 'mtls', 'jwk-thumbprint'] as const;\n\n// =============================================================================\n// BINDING DETAILS (v0.9.25+)\n// =============================================================================\n\n/**\n * Details of what was included in the binding message for http-message-signature.\n *\n * This allows verifiers to reconstruct the binding message for verification.\n */\nexport const BindingDetailsSchema = z\n .object({\n /** HTTP method (uppercase: GET, POST, etc.) */\n method: z.string().min(1).max(16),\n\n /** Target URI of the request */\n target: z.string().min(1).max(2048),\n\n /** Headers included in the signature (lowercase) */\n headers_included: z.array(z.string().max(64)).max(32),\n\n /** SHA-256 hash of request body (base64url), empty string if no body */\n body_hash: z.string().max(64).optional(),\n\n /** When the binding was signed (RFC 3339) */\n signed_at: z.string().datetime(),\n })\n .strict();\nexport type BindingDetails = z.infer<typeof BindingDetailsSchema>;\n\n// =============================================================================\n// AGENT PROOF (v0.9.25+)\n// =============================================================================\n\n/**\n * Proof of control binding - cryptographic evidence that the agent controls the key.\n */\nexport const AgentProofSchema = z\n .object({\n /**\n * Proof method used.\n * @see ProofMethodSchema - deprecated in v0.12.2; will migrate in v0.13.0\n */\n method: ProofMethodSchema,\n\n /** Key ID (matches kid in JWS header or JWKS) */\n key_id: z.string().min(1).max(256),\n\n /** Algorithm used (default: EdDSA for Ed25519) */\n alg: z.string().max(32).default('EdDSA'),\n\n /** Signature over binding message (base64url, for http-message-signature) */\n signature: z.string().max(512).optional(),\n\n /** DPoP proof JWT (for dpop method) */\n dpop_proof: z.string().max(4096).optional(),\n\n /** Certificate fingerprint (for mtls method, SHA-256 base64url) */\n cert_thumbprint: z.string().max(64).optional(),\n\n /** Binding details for http-message-signature */\n binding: BindingDetailsSchema.optional(),\n })\n .strict();\nexport type AgentProof = z.infer<typeof AgentProofSchema>;\n\n// =============================================================================\n// AGENT IDENTITY EVIDENCE (v0.9.25+)\n// =============================================================================\n\n/**\n * Agent identity evidence - the payload of an AgentIdentityAttestation.\n *\n * Contains the agent identifier, control type, capabilities, and optional\n * cryptographic proof of key control.\n */\nexport const AgentIdentityEvidenceSchema = z\n .object({\n /** Stable agent identifier (opaque string, REQUIRED) */\n agent_id: z.string().min(1).max(256),\n\n /** Control type: operator-verified or user-delegated (REQUIRED) */\n control_type: ControlTypeSchema,\n\n /** Agent capabilities/scopes (optional, for fine-grained access) */\n capabilities: z.array(z.string().max(64)).max(32).optional(),\n\n /** Delegation chain for user-delegated agents (optional) */\n delegation_chain: z.array(z.string().max(256)).max(8).optional(),\n\n /** Cryptographic proof of key control (optional) */\n proof: AgentProofSchema.optional(),\n\n /** Key directory URL for public key discovery (optional) */\n key_directory_url: z.string().url().max(2048).optional(),\n\n /** Agent operator/organization (optional, for operator type) */\n operator: z.string().max(256).optional(),\n\n /** User identifier (optional, for user-delegated type, should be opaque) */\n user_id: z.string().max(256).optional(),\n\n /** Additional type-specific metadata (optional) */\n metadata: z.record(z.string(), JsonValueSchema).optional(),\n })\n .strict();\nexport type AgentIdentityEvidence = z.infer<typeof AgentIdentityEvidenceSchema>;\n\n// =============================================================================\n// AGENT IDENTITY ATTESTATION (v0.9.25+)\n// =============================================================================\n\n/**\n * Attestation type literal for agent identity\n */\nexport const AGENT_IDENTITY_TYPE = 'peac/agent-identity' as const;\n\n/**\n * AgentIdentityAttestation - extends generic Attestation with agent-specific evidence.\n *\n * This attestation proves cryptographic control over an agent identity,\n * distinguishing operator-verified bots from user-delegated agents.\n *\n * @example\n * ```typescript\n * const attestation: AgentIdentityAttestation = {\n * type: 'peac/agent-identity',\n * issuer: 'https://crawler.example.com',\n * issued_at: '2026-01-03T12:00:00Z',\n * evidence: {\n * agent_id: 'bot:crawler-prod-001',\n * control_type: 'operator',\n * operator: 'Example Crawler Inc.',\n * capabilities: ['crawl', 'index'],\n * proof: {\n * method: 'http-message-signature',\n * key_id: 'key-2026-01',\n * alg: 'EdDSA',\n * },\n * },\n * };\n * ```\n */\nexport const AgentIdentityAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/agent-identity') */\n type: z.literal(AGENT_IDENTITY_TYPE),\n\n /** Issuer of the attestation (agent operator, IdP, or platform) */\n issuer: z.string().min(1).max(2048),\n\n /** When the attestation was issued (RFC 3339) */\n issued_at: z.string().datetime(),\n\n /** When the attestation expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** Reference to external verification endpoint (optional) */\n ref: z.string().url().max(2048).optional(),\n\n /** Agent identity evidence */\n evidence: AgentIdentityEvidenceSchema,\n })\n .strict();\nexport type AgentIdentityAttestation = z.infer<typeof AgentIdentityAttestationSchema>;\n\n// =============================================================================\n// IDENTITY BINDING (v0.9.25+)\n// =============================================================================\n\n/**\n * Identity binding result from constructBindingMessage().\n *\n * Used to tie an agent identity attestation to a specific HTTP request.\n */\nexport const IdentityBindingSchema = z\n .object({\n /** SHA-256 hash of the canonical binding message (base64url) */\n binding_message_hash: z.string().min(1).max(64),\n\n /** Ed25519 signature over binding message (base64url) */\n signature: z.string().min(1).max(512),\n\n /** Key ID used for signing */\n key_id: z.string().min(1).max(256),\n\n /** When the binding was created (RFC 3339) */\n signed_at: z.string().datetime(),\n })\n .strict();\nexport type IdentityBinding = z.infer<typeof IdentityBindingSchema>;\n\n// =============================================================================\n// AGENT IDENTITY VERIFIED BLOCK (v0.9.25+)\n// =============================================================================\n\n/**\n * Agent identity verification result to include in receipt evidence.\n *\n * This block is added by the publisher after verifying an agent identity\n * attestation, binding the verified identity to the issued receipt.\n */\nexport const AgentIdentityVerifiedSchema = z\n .object({\n /** Agent ID from the verified attestation */\n agent_id: z.string().min(1).max(256),\n\n /** Control type from the verified attestation */\n control_type: ControlTypeSchema,\n\n /** When the publisher verified the identity (RFC 3339) */\n verified_at: z.string().datetime(),\n\n /** Key ID that was used for verification */\n key_id: z.string().min(1).max(256),\n\n /** SHA-256 hash of the binding message (base64url) */\n binding_hash: z.string().min(1).max(64),\n })\n .strict();\nexport type AgentIdentityVerified = z.infer<typeof AgentIdentityVerifiedSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.25+)\n// =============================================================================\n\n/**\n * Validate an AgentIdentityAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateAgentIdentityAttestation(data);\n * if (result.ok) {\n * console.log('Agent ID:', result.value.evidence.agent_id);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateAgentIdentityAttestation(\n data: unknown\n): { ok: true; value: AgentIdentityAttestation } | { ok: false; error: string } {\n const result = AgentIdentityAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is an AgentIdentityAttestation.\n *\n * @param attestation - Object with a type field\n * @returns True if the type is 'peac/agent-identity'\n */\nexport function isAgentIdentityAttestation(attestation: {\n type: string;\n}): attestation is AgentIdentityAttestation {\n return attestation.type === AGENT_IDENTITY_TYPE;\n}\n\n/**\n * Parameters for creating an AgentIdentityAttestation.\n */\nexport interface CreateAgentIdentityAttestationParams {\n /** Issuer of the attestation */\n issuer: string;\n /** Stable agent identifier */\n agent_id: string;\n /** Control type: operator or user-delegated */\n control_type: ControlType;\n /** Cryptographic proof (optional) */\n proof?: AgentProof;\n /** Agent capabilities (optional) */\n capabilities?: string[];\n /** Delegation chain for user-delegated (optional) */\n delegation_chain?: string[];\n /** Key directory URL (optional) */\n key_directory_url?: string;\n /** Agent operator name (optional, for operator type) */\n operator?: string;\n /** User ID (optional, for user-delegated type) */\n user_id?: string;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** External verification endpoint (optional) */\n ref?: string;\n /** Additional metadata (optional, must be JSON-safe) */\n metadata?: Record<string, JsonValue>;\n}\n\n/**\n * Create an AgentIdentityAttestation with current timestamp.\n *\n * @param params - Attestation parameters\n * @returns A valid AgentIdentityAttestation\n *\n * @example\n * ```typescript\n * const attestation = createAgentIdentityAttestation({\n * issuer: 'https://crawler.example.com',\n * agent_id: 'bot:crawler-prod-001',\n * control_type: 'operator',\n * operator: 'Example Crawler Inc.',\n * capabilities: ['crawl', 'index'],\n * });\n * ```\n */\nexport function createAgentIdentityAttestation(\n params: CreateAgentIdentityAttestationParams\n): AgentIdentityAttestation {\n const evidence: AgentIdentityEvidence = {\n agent_id: params.agent_id,\n control_type: params.control_type,\n };\n\n if (params.capabilities) {\n evidence.capabilities = params.capabilities;\n }\n if (params.delegation_chain) {\n evidence.delegation_chain = params.delegation_chain;\n }\n if (params.proof) {\n evidence.proof = params.proof;\n }\n if (params.key_directory_url) {\n evidence.key_directory_url = params.key_directory_url;\n }\n if (params.operator) {\n evidence.operator = params.operator;\n }\n if (params.user_id) {\n evidence.user_id = params.user_id;\n }\n if (params.metadata) {\n // Validate metadata is JSON-safe at runtime\n evidence.metadata = params.metadata;\n }\n\n const attestation: AgentIdentityAttestation = {\n type: AGENT_IDENTITY_TYPE,\n issuer: params.issuer,\n issued_at: new Date().toISOString(),\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n if (params.ref) {\n attestation.ref = params.ref;\n }\n\n return attestation;\n}\n\n/**\n * Validate an IdentityBinding.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated binding or error message\n */\nexport function validateIdentityBinding(\n data: unknown\n): { ok: true; value: IdentityBinding } | { ok: false; error: string } {\n const result = IdentityBindingSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an agent identity attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation has expired\n */\nexport function isAttestationExpired(\n attestation: AgentIdentityAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if an agent identity attestation is not yet valid.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation is not yet valid (issued_at in the future)\n */\nexport function isAttestationNotYetValid(\n attestation: AgentIdentityAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n","/**\n * Attribution Attestation Types and Validators (v0.9.26+)\n *\n * Provides content derivation and usage proof for PEAC receipts,\n * enabling chain tracking and compliance artifacts.\n *\n * @see docs/specs/ATTRIBUTION.md for normative specification\n */\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport { JsonValueSchema } from './json';\n\n// =============================================================================\n// ATTRIBUTION LIMITS (v0.9.26+)\n// =============================================================================\n\n/**\n * Attribution limits for DoS protection and verification feasibility.\n *\n * These are implementation safety limits, not protocol constraints.\n */\nexport const ATTRIBUTION_LIMITS = {\n /** Maximum sources per attestation */\n maxSources: 100,\n /** Maximum chain resolution depth */\n maxDepth: 8,\n /** Maximum attestation size in bytes (64KB) */\n maxAttestationSize: 65536,\n /** Per-hop resolution timeout in milliseconds */\n resolutionTimeout: 5000,\n /** Maximum receipt reference length */\n maxReceiptRefLength: 2048,\n /** Maximum model ID length */\n maxModelIdLength: 256,\n} as const;\n\n// =============================================================================\n// CONTENT HASH (v0.9.26+)\n// =============================================================================\n\n/**\n * Supported hash algorithms for content hashing.\n * Only sha-256 is supported in v0.9.26.\n */\nexport const HashAlgorithmSchema = z.literal('sha-256');\nexport type HashAlgorithm = z.infer<typeof HashAlgorithmSchema>;\n\n/**\n * Supported encoding formats for hash values.\n */\nexport const HashEncodingSchema = z.literal('base64url');\nexport type HashEncoding = z.infer<typeof HashEncodingSchema>;\n\n/**\n * ContentHash - deterministic content identification.\n *\n * Provides cryptographic verification of content identity using SHA-256.\n * The hash value is base64url-encoded without padding (RFC 4648 Section 5).\n *\n * @example\n * ```typescript\n * const hash: ContentHash = {\n * alg: 'sha-256',\n * value: 'n4bQgYhMfWWaL28IoEbM8Qa8jG7x0QXJZJqL-w_zZdA',\n * enc: 'base64url',\n * };\n * ```\n */\nexport const ContentHashSchema = z\n .object({\n /** Hash algorithm (REQUIRED, must be 'sha-256') */\n alg: HashAlgorithmSchema,\n\n /** Base64url-encoded hash value without padding (REQUIRED, 43 chars for SHA-256) */\n value: z\n .string()\n .min(43)\n .max(43)\n .regex(/^[A-Za-z0-9_-]+$/, 'Invalid base64url characters'),\n\n /** Encoding format (REQUIRED, must be 'base64url') */\n enc: HashEncodingSchema,\n })\n .strict();\nexport type ContentHash = z.infer<typeof ContentHashSchema>;\n\n// =============================================================================\n// ATTRIBUTION USAGE (v0.9.26+)\n// =============================================================================\n\n/**\n * How source content was used in derivation.\n *\n * - 'training_input': Used to train a model\n * - 'rag_context': Retrieved for RAG context\n * - 'direct_reference': Directly quoted or referenced\n * - 'synthesis_source': Combined with other sources to create new content\n * - 'embedding_source': Used to create embeddings/vectors\n */\nexport const AttributionUsageSchema = z.enum([\n 'training_input',\n 'rag_context',\n 'direct_reference',\n 'synthesis_source',\n 'embedding_source',\n]);\nexport type AttributionUsage = z.infer<typeof AttributionUsageSchema>;\n\n/**\n * Array of valid attribution usage types for runtime checks.\n */\nexport const ATTRIBUTION_USAGES = [\n 'training_input',\n 'rag_context',\n 'direct_reference',\n 'synthesis_source',\n 'embedding_source',\n] as const;\n\n// =============================================================================\n// DERIVATION TYPE (v0.9.26+)\n// =============================================================================\n\n/**\n * Type of content derivation.\n *\n * - 'training': Model training or fine-tuning\n * - 'inference': Runtime inference with RAG/grounding\n * - 'rag': Retrieval-augmented generation\n * - 'synthesis': Multi-source content synthesis\n * - 'embedding': Vector embedding generation\n */\nexport const DerivationTypeSchema = z.enum([\n 'training',\n 'inference',\n 'rag',\n 'synthesis',\n 'embedding',\n]);\nexport type DerivationType = z.infer<typeof DerivationTypeSchema>;\n\n/**\n * Array of valid derivation types for runtime checks.\n */\nexport const DERIVATION_TYPES = ['training', 'inference', 'rag', 'synthesis', 'embedding'] as const;\n\n// =============================================================================\n// ATTRIBUTION SOURCE (v0.9.26+)\n// =============================================================================\n\n/**\n * Receipt reference format validation.\n *\n * Valid formats:\n * - jti:{receipt_id} - Direct receipt identifier\n * - https://... - Resolvable receipt URL\n * - urn:peac:receipt:{id} - URN-formatted identifier\n */\nconst ReceiptRefSchema = z\n .string()\n .min(1)\n .max(ATTRIBUTION_LIMITS.maxReceiptRefLength)\n .refine(\n (ref) => {\n // jti: prefix\n if (ref.startsWith('jti:')) return true;\n // URL\n if (ref.startsWith('https://') || ref.startsWith('http://')) return true;\n // URN\n if (ref.startsWith('urn:peac:receipt:')) return true;\n return false;\n },\n { message: 'Invalid receipt reference format. Must be jti:{id}, URL, or urn:peac:receipt:{id}' }\n );\n\n/**\n * AttributionSource - links to a source receipt and describes how content was used.\n *\n * For cross-issuer resolution, include `receipt_issuer` when using `jti:*` references.\n * URL-based references (`https://...`) are self-resolvable.\n *\n * @example\n * ```typescript\n * const source: AttributionSource = {\n * receipt_ref: 'jti:rec_abc123def456',\n * receipt_issuer: 'https://publisher.example.com',\n * content_hash: { alg: 'sha-256', value: '...', enc: 'base64url' },\n * usage: 'rag_context',\n * weight: 0.3,\n * };\n * ```\n */\nexport const AttributionSourceSchema = z\n .object({\n /** Reference to source PEAC receipt (REQUIRED) */\n receipt_ref: ReceiptRefSchema,\n\n /**\n * Issuer of the referenced receipt (OPTIONAL but RECOMMENDED for jti: refs).\n *\n * Required for cross-issuer resolution when receipt_ref is jti:{id} format.\n * Not needed for URL-based references which are self-resolvable.\n * Used to construct resolution URL: {receipt_issuer}/.well-known/peac/receipts/{id}\n */\n receipt_issuer: z.string().url().max(2048).optional(),\n\n /** Hash of source content (OPTIONAL) */\n content_hash: ContentHashSchema.optional(),\n\n /** Hash of used excerpt (OPTIONAL, content-minimizing, not privacy-preserving for short text) */\n excerpt_hash: ContentHashSchema.optional(),\n\n /** How the source was used (REQUIRED) */\n usage: AttributionUsageSchema,\n\n /** Relative contribution weight 0.0-1.0 (OPTIONAL) */\n weight: z.number().min(0).max(1).optional(),\n })\n .strict();\nexport type AttributionSource = z.infer<typeof AttributionSourceSchema>;\n\n// =============================================================================\n// ATTRIBUTION EVIDENCE (v0.9.26+)\n// =============================================================================\n\n/**\n * AttributionEvidence - the payload of an AttributionAttestation.\n *\n * Contains the sources, derivation type, and optional output metadata.\n */\nexport const AttributionEvidenceSchema = z\n .object({\n /** Array of attribution sources (REQUIRED, 1-100 sources) */\n sources: z.array(AttributionSourceSchema).min(1).max(ATTRIBUTION_LIMITS.maxSources),\n\n /** Type of derivation (REQUIRED) */\n derivation_type: DerivationTypeSchema,\n\n /** Hash of derived output (OPTIONAL) */\n output_hash: ContentHashSchema.optional(),\n\n /** Model identifier (OPTIONAL) */\n model_id: z.string().max(ATTRIBUTION_LIMITS.maxModelIdLength).optional(),\n\n /** Inference provider URL (OPTIONAL) */\n inference_provider: z.string().url().max(2048).optional(),\n\n /** Session correlation ID (OPTIONAL) */\n session_id: z.string().max(256).optional(),\n\n /** Additional type-specific metadata (OPTIONAL) */\n metadata: z.record(z.string(), JsonValueSchema).optional(),\n })\n .strict();\nexport type AttributionEvidence = z.infer<typeof AttributionEvidenceSchema>;\n\n// =============================================================================\n// ATTRIBUTION ATTESTATION (v0.9.26+)\n// =============================================================================\n\n/**\n * Attestation type literal for attribution\n */\nexport const ATTRIBUTION_TYPE = 'peac/attribution' as const;\n\n/**\n * AttributionAttestation - proves content derivation and usage.\n *\n * This attestation provides cryptographic evidence that content was derived\n * from specific sources, enabling chain tracking and compliance.\n *\n * @example\n * ```typescript\n * const attestation: AttributionAttestation = {\n * type: 'peac/attribution',\n * issuer: 'https://ai.example.com',\n * issued_at: '2026-01-04T12:00:00Z',\n * evidence: {\n * sources: [\n * { receipt_ref: 'jti:rec_abc123', usage: 'rag_context', weight: 0.5 },\n * { receipt_ref: 'jti:rec_def456', usage: 'rag_context', weight: 0.5 },\n * ],\n * derivation_type: 'rag',\n * model_id: 'gpt-4',\n * },\n * };\n * ```\n */\nexport const AttributionAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/attribution') */\n type: z.literal(ATTRIBUTION_TYPE),\n\n /** Issuer of the attestation (inference provider, platform) */\n issuer: z.string().min(1).max(2048),\n\n /** When the attestation was issued (RFC 3339) */\n issued_at: z.string().datetime(),\n\n /** When the attestation expires (RFC 3339, OPTIONAL) */\n expires_at: z.string().datetime().optional(),\n\n /** Reference to external verification endpoint (OPTIONAL) */\n ref: z.string().url().max(2048).optional(),\n\n /** Attribution evidence */\n evidence: AttributionEvidenceSchema,\n })\n .strict();\nexport type AttributionAttestation = z.infer<typeof AttributionAttestationSchema>;\n\n// =============================================================================\n// CHAIN VERIFICATION RESULT (v0.9.26+)\n// =============================================================================\n\n/**\n * Result of chain verification including depth and resolved sources.\n */\nexport interface ChainVerificationResult {\n /** Whether the chain is valid */\n valid: boolean;\n /** Maximum depth encountered in the chain */\n maxDepth: number;\n /** Total number of sources across the chain */\n totalSources: number;\n /** Any cycle detected in the chain */\n cycleDetected?: string;\n /** Error message if validation failed */\n error?: string;\n}\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.26+)\n// =============================================================================\n\n/**\n * Validate a ContentHash.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated hash or error message\n */\nexport function validateContentHash(\n data: unknown\n): { ok: true; value: ContentHash } | { ok: false; error: string } {\n const result = ContentHashSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an AttributionSource.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated source or error message\n */\nexport function validateAttributionSource(\n data: unknown\n): { ok: true; value: AttributionSource } | { ok: false; error: string } {\n const result = AttributionSourceSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an AttributionAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateAttributionAttestation(data);\n * if (result.ok) {\n * console.log('Sources:', result.value.evidence.sources.length);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateAttributionAttestation(\n data: unknown\n): { ok: true; value: AttributionAttestation } | { ok: false; error: string } {\n const result = AttributionAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is an AttributionAttestation.\n *\n * @param attestation - Object with a type field\n * @returns True if the type is 'peac/attribution'\n */\nexport function isAttributionAttestation(attestation: {\n type: string;\n}): attestation is AttributionAttestation {\n return attestation.type === ATTRIBUTION_TYPE;\n}\n\n/**\n * Parameters for creating an AttributionAttestation.\n */\nexport interface CreateAttributionAttestationParams {\n /** Issuer of the attestation */\n issuer: string;\n /** Attribution sources */\n sources: AttributionSource[];\n /** Type of derivation */\n derivation_type: DerivationType;\n /** Hash of derived output (optional) */\n output_hash?: ContentHash;\n /** Model identifier (optional) */\n model_id?: string;\n /** Inference provider URL (optional) */\n inference_provider?: string;\n /** Session correlation ID (optional) */\n session_id?: string;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** External verification endpoint (optional) */\n ref?: string;\n /** Additional metadata (optional, must be JSON-safe) */\n metadata?: Record<string, JsonValue>;\n}\n\n/**\n * Create an AttributionAttestation with current timestamp.\n *\n * @param params - Attestation parameters\n * @returns A valid AttributionAttestation\n *\n * @example\n * ```typescript\n * const attestation = createAttributionAttestation({\n * issuer: 'https://ai.example.com',\n * sources: [\n * { receipt_ref: 'jti:rec_abc123', usage: 'rag_context' },\n * ],\n * derivation_type: 'rag',\n * model_id: 'gpt-4',\n * });\n * ```\n */\nexport function createAttributionAttestation(\n params: CreateAttributionAttestationParams\n): AttributionAttestation {\n const evidence: AttributionEvidence = {\n sources: params.sources,\n derivation_type: params.derivation_type,\n };\n\n if (params.output_hash) {\n evidence.output_hash = params.output_hash;\n }\n if (params.model_id) {\n evidence.model_id = params.model_id;\n }\n if (params.inference_provider) {\n evidence.inference_provider = params.inference_provider;\n }\n if (params.session_id) {\n evidence.session_id = params.session_id;\n }\n if (params.metadata) {\n evidence.metadata = params.metadata;\n }\n\n const attestation: AttributionAttestation = {\n type: ATTRIBUTION_TYPE,\n issuer: params.issuer,\n issued_at: new Date().toISOString(),\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n if (params.ref) {\n attestation.ref = params.ref;\n }\n\n return attestation;\n}\n\n/**\n * Check if an attribution attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation has expired\n */\nexport function isAttributionExpired(\n attestation: AttributionAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if an attribution attestation is not yet valid.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation is not yet valid (issued_at in the future)\n */\nexport function isAttributionNotYetValid(\n attestation: AttributionAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n\n/**\n * Compute total weight of sources (for validation).\n *\n * @param sources - Array of attribution sources\n * @returns Total weight, or undefined if no weights specified\n */\nexport function computeTotalWeight(sources: AttributionSource[]): number | undefined {\n const weights = sources.filter((s) => s.weight !== undefined).map((s) => s.weight as number);\n if (weights.length === 0) {\n return undefined;\n }\n return weights.reduce((sum, w) => sum + w, 0);\n}\n\n/**\n * Detect cycles in attribution sources (for chain validation).\n *\n * @param sources - Array of attribution sources\n * @param visited - Set of visited receipt refs (for recursion)\n * @returns Receipt ref that caused cycle, or undefined if no cycle\n */\nexport function detectCycleInSources(\n sources: AttributionSource[],\n visited: Set<string> = new Set()\n): string | undefined {\n for (const source of sources) {\n if (visited.has(source.receipt_ref)) {\n return source.receipt_ref;\n }\n }\n return undefined;\n}\n","/**\n * Wire format constants - FROZEN\n *\n * These constants are now sourced from @peac/kernel\n * (normative source: specs/kernel/constants.json)\n */\n\nimport { WIRE_TYPE, ALGORITHMS, HEADERS, POLICY, ISSUER_CONFIG, DISCOVERY } from '@peac/kernel';\n\n/**\n * Wire format version - peac-receipt/0.1\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern\n */\nexport const PEAC_WIRE_TYP = WIRE_TYPE;\n\n/**\n * Signature algorithm - FROZEN forever\n */\nexport const PEAC_ALG = ALGORITHMS.default;\n\n/**\n * Canonical header name\n */\nexport const PEAC_RECEIPT_HEADER = HEADERS.receipt;\n\n/**\n * Purpose header names (v0.9.24+)\n */\nexport const PEAC_PURPOSE_HEADER = HEADERS.purpose;\nexport const PEAC_PURPOSE_APPLIED_HEADER = HEADERS.purposeApplied;\nexport const PEAC_PURPOSE_REASON_HEADER = HEADERS.purposeReason;\n\n/**\n * Policy manifest path (/.well-known/peac.txt)\n * @see docs/specs/PEAC-TXT.md\n */\nexport const PEAC_POLICY_PATH = POLICY.manifestPath;\n\n/**\n * Policy manifest fallback path (/peac.txt)\n */\nexport const PEAC_POLICY_FALLBACK_PATH = POLICY.fallbackPath;\n\n/**\n * Maximum policy manifest size\n */\nexport const PEAC_POLICY_MAX_BYTES = POLICY.maxBytes;\n\n/**\n * Issuer configuration path (/.well-known/peac-issuer.json)\n * @see docs/specs/PEAC-ISSUER.md\n */\nexport const PEAC_ISSUER_CONFIG_PATH = ISSUER_CONFIG.configPath;\n\n/**\n * Issuer configuration version\n */\nexport const PEAC_ISSUER_CONFIG_VERSION = ISSUER_CONFIG.configVersion;\n\n/**\n * Maximum issuer configuration size\n */\nexport const PEAC_ISSUER_CONFIG_MAX_BYTES = ISSUER_CONFIG.maxBytes;\n\n/**\n * @deprecated Use PEAC_POLICY_PATH instead. Will be removed in v1.0.\n */\nexport const PEAC_DISCOVERY_PATH = DISCOVERY.manifestPath;\n\n/**\n * @deprecated Use PEAC_POLICY_MAX_BYTES instead. Will be removed in v1.0.\n */\nexport const PEAC_DISCOVERY_MAX_BYTES = 2000 as const;\n\n/**\n * JSON Schema URL for PEAC receipt wire format v0.1\n *\n * This is the canonical $id for the root schema.\n * Use for schema references and cross-implementation validation.\n *\n * @since v0.10.0\n */\nexport const PEAC_RECEIPT_SCHEMA_URL =\n 'https://www.peacprotocol.org/schemas/wire/0.1/peac-receipt.0.1.schema.json' as const;\n","/**\n * Zod validators for PEAC protocol types\n */\nimport { z } from 'zod';\nimport { PEAC_WIRE_TYP, PEAC_ALG } from './constants';\nimport {\n JsonValueSchema,\n JsonObjectSchema,\n assertJsonSafeIterative,\n type JsonEvidenceLimits,\n} from './json';\nimport { createEvidenceNotJsonError, type PEACError } from './errors';\nimport { PURPOSE_TOKEN_REGEX, MAX_PURPOSE_TOKEN_LENGTH } from './purpose';\n\nconst httpsUrl = z\n .string()\n .url()\n .refine((u) => u.startsWith('https://'), 'must be https://');\nconst iso4217 = z.string().regex(/^[A-Z]{3}$/);\nconst uuidv7 = z\n .string()\n .regex(/^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i);\n\nexport const NormalizedPayment = z\n .object({\n rail: z.string().min(1),\n reference: z.string().min(1),\n amount: z.number().int().nonnegative(),\n currency: iso4217,\n asset: z.string().optional(),\n env: z.string().optional(),\n evidence: JsonValueSchema.optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict();\n\nexport const Subject = z.object({ uri: httpsUrl }).strict();\n\nexport const AIPREFSnapshot = z\n .object({\n url: httpsUrl,\n hash: z.string().min(8),\n })\n .strict();\n\n// Note: Extensions uses a forward reference pattern since ControlBlockSchema\n// is defined after this. We use catchall for now and validate control separately.\nexport const Extensions = z\n .object({\n aipref_snapshot: AIPREFSnapshot.optional(),\n // control block validated via ControlBlockSchema when present\n })\n .catchall(z.unknown());\n\n/**\n * Wire 0.1 JWS header Zod schema (canonical name, v0.12.0-preview.1+).\n *\n * Note: `@peac/crypto` exports a TypeScript discriminated-union type also\n * named `JWSHeader` that covers Wire 0.1, Wire 0.2, and UnTyped variants.\n * This schema validates the runtime shape of Wire 0.1 headers only.\n */\nexport const Wire01JWSHeaderSchema = z\n .object({\n typ: z.literal(PEAC_WIRE_TYP),\n alg: z.literal(PEAC_ALG),\n kid: z.string().min(8),\n })\n .strict();\n\n/**\n * @deprecated Use `Wire01JWSHeaderSchema`. Kept for backward compatibility;\n * will be removed at v1.0.\n */\nexport const JWSHeader = Wire01JWSHeaderSchema;\n\n// Forward-declare purpose validators used in ReceiptClaims\n// Full definitions are below\nconst CanonicalPurposeValues = ['train', 'search', 'user_action', 'inference', 'index'] as const;\nconst PurposeReasonValues = [\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n] as const;\n\nexport const ReceiptClaimsSchema = z\n .object({\n iss: httpsUrl,\n aud: httpsUrl,\n iat: z.number().int().nonnegative(),\n exp: z.number().int().optional(),\n rid: uuidv7,\n amt: z.number().int().nonnegative(),\n cur: iso4217,\n payment: NormalizedPayment,\n subject: Subject.optional(),\n ext: Extensions.optional(),\n // Purpose claims (v0.9.24+)\n // purpose_declared: string[] - preserves unknown tokens for forward-compat\n purpose_declared: z.array(z.string()).optional(),\n // purpose_enforced: CanonicalPurpose - must be one with enforcement semantics\n purpose_enforced: z.enum(CanonicalPurposeValues).optional(),\n // purpose_reason: PurposeReason - audit spine for enforcement decisions\n purpose_reason: z.enum(PurposeReasonValues).optional(),\n })\n .strict();\n\n/**\n * Schema-derived receipt claims type (v0.9.30+)\n *\n * This is the canonical type for receipt claims - derived from the Zod schema.\n * Use this type instead of manually-defined interfaces to ensure type/schema parity.\n */\nexport type ReceiptClaimsType = z.infer<typeof ReceiptClaimsSchema>;\n\n/**\n * @deprecated Use ReceiptClaimsSchema instead. Renamed in v0.9.30.\n */\nexport const ReceiptClaims = ReceiptClaimsSchema;\n\nexport const VerifyRequest = z\n .object({\n receipt_jws: z.string().min(16),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Control Abstraction Layer (CAL) Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Control purpose - what the access is for\n *\n * v0.9.17+: Added ai_input, search for RSL alignment\n * v0.9.18+: Added ai_index (RSL 1.0 canonical token). Removed ai_search.\n * v0.9.24+: Added user_action for agent-on-behalf-of-user scenarios.\n *\n * @see https://rslstandard.org/rsl for RSL 1.0 specification\n */\nexport const ControlPurposeSchema = z.enum([\n 'crawl',\n 'index',\n 'train',\n 'inference',\n 'user_action',\n 'ai_input',\n 'ai_index',\n 'search',\n]);\n\n/**\n * Control licensing mode - how access is licensed\n */\nexport const ControlLicensingModeSchema = z.enum([\n 'subscription',\n 'pay_per_crawl',\n 'pay_per_inference',\n]);\n\n/**\n * Control decision type\n */\nexport const ControlDecisionSchema = z.enum(['allow', 'deny', 'review']);\n\n/**\n * Single control step in governance chain\n */\nexport const ControlStepSchema = z.object({\n engine: z.string().min(1),\n version: z.string().optional(),\n policy_id: z.string().optional(),\n result: ControlDecisionSchema,\n reason: z.string().optional(),\n purpose: ControlPurposeSchema.optional(),\n licensing_mode: ControlLicensingModeSchema.optional(),\n scope: z.union([z.string(), z.array(z.string())]).optional(),\n limits_snapshot: z.unknown().optional(),\n evidence_ref: z.string().optional(),\n});\n\n/**\n * Composable control block - multi-party governance\n */\nexport const ControlBlockSchema = z\n .object({\n chain: z.array(ControlStepSchema).min(1),\n decision: ControlDecisionSchema,\n combinator: z.literal('any_can_veto').optional(),\n })\n .refine(\n (data) => {\n // Validate decision consistency with chain\n const hasAnyDeny = data.chain.some((step) => step.result === 'deny');\n const allAllow = data.chain.every((step) => step.result === 'allow');\n const hasReview = data.chain.some((step) => step.result === 'review');\n\n if (hasAnyDeny && data.decision !== 'deny') {\n return false;\n }\n if (allAllow && data.decision !== 'allow') {\n return false;\n }\n // If has review but no deny, decision can be review or allow\n if (hasReview && !hasAnyDeny && data.decision === 'deny') {\n return false;\n }\n return true;\n },\n {\n message: 'Control block decision must be consistent with chain results',\n }\n );\n\n// -----------------------------------------------------------------------------\n// Purpose Type Validators (v0.9.24+)\n// -----------------------------------------------------------------------------\n\n/**\n * Purpose token validator\n *\n * PurposeToken is a string that matches the purpose grammar:\n * - Lowercase letters, digits, underscores\n * - Optional vendor prefix with colon (e.g., \"cf:ai_crawler\")\n * - Max 64 characters\n *\n * Uses string type (not enum) to preserve unknown tokens for forward-compat.\n */\nexport const PurposeTokenSchema = z\n .string()\n .min(1)\n .max(MAX_PURPOSE_TOKEN_LENGTH)\n .refine((token) => PURPOSE_TOKEN_REGEX.test(token), {\n message:\n 'Invalid purpose token format. Must be lowercase, alphanumeric with underscores, optional vendor prefix.',\n });\n\n/**\n * Canonical purpose validator\n *\n * CanonicalPurpose is one of PEAC's normative purpose tokens.\n * Only these tokens have enforcement semantics.\n */\nexport const CanonicalPurposeSchema = z.enum([\n 'train',\n 'search',\n 'user_action',\n 'inference',\n 'index',\n]);\n\n/**\n * Purpose reason validator\n *\n * PurposeReason is the audit spine explaining enforcement decisions.\n */\nexport const PurposeReasonSchema = z.enum([\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n]);\n\n// -----------------------------------------------------------------------------\n// Payment Evidence Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Payment split schema\n *\n * Invariants:\n * - party is required (non-empty string)\n * - amount if present must be >= 0\n * - share if present must be in [0,1]\n * - At least one of amount or share must be specified\n */\nexport const PaymentSplitSchema = z\n .object({\n party: z.string().min(1),\n amount: z.number().int().nonnegative().optional(),\n currency: iso4217.optional(),\n share: z.number().min(0).max(1).optional(),\n rail: z.string().min(1).optional(),\n account_ref: z.string().min(1).optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict()\n .refine((data) => data.amount !== undefined || data.share !== undefined, {\n message: 'At least one of amount or share must be specified',\n });\n\n/**\n * Payment routing mode schema (rail-agnostic)\n *\n * Describes how the payment is routed between payer, aggregator, and merchant.\n * This is a generic hint - specific rails populate it from their native formats.\n *\n * Values:\n * - \"direct\": Direct payment to merchant (no intermediary)\n * - \"callback\": Routed via callback URL / payment service\n * - \"role\": Role-based routing (e.g., \"publisher\", \"platform\")\n *\n * Examples of producers:\n * - x402 v2 `payTo.mode` -> routing\n * - Stripe Connect `destination` -> routing = 'direct' or 'callback'\n * - UPI `pa` (payee address) -> routing = 'direct'\n */\nexport const PaymentRoutingSchema = z.enum(['direct', 'callback', 'role']);\n\n/**\n * Payment evidence schema\n *\n * Full schema for PaymentEvidence including aggregator/splits support.\n */\nexport const PaymentEvidenceSchema = z\n .object({\n rail: z.string().min(1),\n reference: z.string().min(1),\n amount: z.number().int().nonnegative(),\n currency: iso4217,\n asset: z.string().min(1),\n env: z.enum(['live', 'test']),\n network: z.string().min(1).optional(),\n facilitator_ref: z.string().min(1).optional(),\n evidence: JsonValueSchema,\n aggregator: z.string().min(1).optional(),\n splits: z.array(PaymentSplitSchema).optional(),\n routing: PaymentRoutingSchema.optional(),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Subject Profile Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Subject type schema\n */\nexport const SubjectTypeSchema = z.enum(['human', 'org', 'agent']);\n\n/**\n * Subject profile schema\n *\n * Invariants:\n * - id is required (non-empty string)\n * - type is required (human, org, or agent)\n * - labels if present must be non-empty strings\n */\nexport const SubjectProfileSchema = z\n .object({\n id: z.string().min(1),\n type: SubjectTypeSchema,\n labels: z.array(z.string().min(1)).optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict();\n\n/**\n * Subject profile snapshot schema\n *\n * Invariants:\n * - subject is required (valid SubjectProfile)\n * - captured_at is required (non-empty string)\n * MUST be RFC 3339 / ISO 8601 UTC; format not enforced in schema for v0.9.16\n */\nexport const SubjectProfileSnapshotSchema = z\n .object({\n subject: SubjectProfileSchema,\n captured_at: z.string().min(1),\n source: z.string().min(1).optional(),\n version: z.string().min(1).optional(),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Attestation Validators (v0.9.21+)\n// -----------------------------------------------------------------------------\n\n/**\n * Namespaced extensions schema\n *\n * Keys must be namespaced (e.g., \"com.example/field\", \"io.vendor/data\").\n * This provides a forward-compatible extension mechanism.\n */\nexport const ExtensionsSchema = z.record(\n z.string().regex(/^[a-z0-9_.-]+\\/[a-z0-9_.-]+$/),\n JsonValueSchema\n);\n\n/**\n * Generic attestation schema\n *\n * Invariants:\n * - issuer, type, issued_at, evidence are required\n * - issued_at and expires_at must be RFC 3339 date-time\n * - ref if present must be a valid URI\n */\nexport const AttestationSchema = z\n .object({\n issuer: z.string().min(1),\n type: z.string().min(1),\n issued_at: z.string().datetime(),\n expires_at: z.string().datetime().optional(),\n ref: z.string().url().optional(),\n evidence: JsonValueSchema,\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Subject Snapshot Validation Helper (v0.9.17+)\n// -----------------------------------------------------------------------------\n\n// Module-level set for PII warning deduplication\nconst warnedSubjectIds = new Set<string>();\n\n/**\n * Heuristic check if a subject ID looks like PII (email/phone)\n */\nfunction looksLikePII(id: string): boolean {\n // Email pattern\n if (/^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$/.test(id)) {\n return true;\n }\n // Phone pattern (starts with + followed by digits)\n if (/^\\+?\\d{10,15}$/.test(id.replace(/[\\s\\-()]/g, ''))) {\n return true;\n }\n return false;\n}\n\n/**\n * Validate a subject snapshot (if present)\n *\n * - Returns validated snapshot or null if absent\n * - Throws ZodError for malformed data\n * - Logs advisory warning if id looks like PII (deduplicated)\n */\nexport function validateSubjectSnapshot(\n snapshot: unknown\n): z.infer<typeof SubjectProfileSnapshotSchema> | null {\n if (snapshot === undefined || snapshot === null) {\n return null;\n }\n\n // Validate against schema (throws on malformed data)\n const validated = SubjectProfileSnapshotSchema.parse(snapshot);\n\n // Advisory PII warning (deduplicated)\n const subjectId = validated.subject.id;\n if (looksLikePII(subjectId) && !warnedSubjectIds.has(subjectId)) {\n warnedSubjectIds.add(subjectId);\n console.warn(\n `[peac:subject] Advisory: subject.id \"${subjectId}\" looks like PII. ` +\n 'Prefer opaque identifiers (e.g., \"user:abc123\").'\n );\n }\n\n return validated;\n}\n\n// -----------------------------------------------------------------------------\n// Evidence Validation (v0.9.21+)\n// -----------------------------------------------------------------------------\n\n/**\n * Result type for evidence validation\n */\nexport type EvidenceValidationResult =\n | { ok: true; value: unknown }\n | { ok: false; error: PEACError };\n\n/**\n * Validate payment evidence for JSON safety\n *\n * Uses iterative validation (no recursion) to prevent stack overflow on\n * deeply nested structures. Enforces limits on depth, array length,\n * object keys, and string length.\n *\n * @param evidence - Evidence value to validate\n * @param limits - Optional limits (internal, not part of public API)\n * @returns Result indicating success with validated value, or failure with PEACError\n *\n * @example\n * ```ts\n * const result = validateEvidence({ txId: '123', amount: 100 });\n * if (!result.ok) {\n * console.error(result.error.code, result.error.remediation);\n * }\n * ```\n */\nexport function validateEvidence(\n evidence: unknown,\n limits?: JsonEvidenceLimits\n): EvidenceValidationResult {\n const result = assertJsonSafeIterative(evidence, limits);\n\n if (!result.ok) {\n return {\n ok: false,\n error: createEvidenceNotJsonError(result.error, result.path),\n };\n }\n\n return { ok: true, value: evidence };\n}\n","/**\n * ActorBinding and MVIS (Minimum Viable Identity Set) Schemas (v0.11.3+)\n *\n * Implements (ActorBinding) (Multi-Root Proof Types),\n * and (MVIS) for the Agent Identity Profile.\n *\n * ActorBinding lives in ext[\"org.peacprotocol/actor_binding\"] in Wire 0.1.\n * ProofTypeSchema is SEPARATE from ProofMethodSchema (agent-identity.ts)\n * to avoid breaking the v0.9.25+ API. Unification deferred to v0.12.0.\n *\n * @see docs/specs/AGENT-IDENTITY-PROFILE.md for normative specification\n */\nimport { z } from 'zod';\n\n// =============================================================================\n// PROOF TYPES (Multi-Root Proof Types)\n// =============================================================================\n\n/**\n * Proof types for ActorBinding.\n *\n * 8 methods covering attestation chains, RATS, keyless signing,\n * decentralized identity, workload identity, PKI, and vendor-defined.\n *\n * SEPARATE from ProofMethodSchema (4 transport-level methods in agent-identity.ts).\n * ProofMethodSchema covers how proof is transported (HTTP sig, DPoP, mTLS, JWK thumbprint).\n * ProofTypeSchema covers the trust root model used to establish identity.\n *\n * The 'custom' type: implementers MUST document their proof semantics externally.\n * proof_ref SHOULD use a reverse-DNS namespace (e.g., 'com.example.vendor/proof-type-v1').\n */\nexport const PROOF_TYPES = [\n 'ed25519-cert-chain',\n 'eat-passport',\n 'eat-background-check',\n 'sigstore-oidc',\n 'did',\n 'spiffe',\n 'x509-pki',\n 'custom',\n] as const;\n\nexport const ProofTypeSchema = z.enum(PROOF_TYPES);\nexport type ProofType = z.infer<typeof ProofTypeSchema>;\n\n// =============================================================================\n// ORIGIN VALIDATION\n// =============================================================================\n\n/**\n * Validate that a string is an origin-only URL (scheme + host + optional port).\n * Rejects URLs with path (other than '/'), query, or fragment components.\n * This prevents correlation leakage and ambiguity in ActorBinding.\n *\n * Valid: \"https://example.com\", \"https://example.com:8443\"\n * Invalid: \"https://example.com/api/v1\", \"https://example.com?q=1\", \"https://example.com#frag\"\n */\nexport function isOriginOnly(value: string): boolean {\n try {\n const url = new URL(value);\n // Must be http or https\n if (url.protocol !== 'https:' && url.protocol !== 'http:') {\n return false;\n }\n // pathname must be exactly '/' (the implicit root)\n if (url.pathname !== '/') {\n return false;\n }\n // No search params\n if (url.search !== '') {\n return false;\n }\n // No fragment: url.hash is '' for both no-fragment and bare '#',\n // so also check the raw string for a trailing '#'\n if (url.hash !== '' || value.includes('#')) {\n return false;\n }\n // Reject userinfo (credentials in origins are a security risk)\n if (url.username !== '' || url.password !== '') {\n return false;\n }\n // Reject trailing dot in hostname (FQDN notation leaks DNS internals)\n if (url.hostname.endsWith('.')) {\n return false;\n }\n // URL API may normalize trailing dots; also check raw input\n const hostPart = value.replace(/^https?:\\/\\//, '').split(/[/:]/)[0];\n if (hostPart.endsWith('.')) {\n return false;\n }\n // Reject IPv6 zone identifiers (link-local, not valid origins)\n if (url.hostname.includes('%')) {\n return false;\n }\n return true;\n } catch {\n return false;\n }\n}\n\n// =============================================================================\n// ACTOR BINDING\n// =============================================================================\n\n/**\n * Extension key for ActorBinding in Wire 0.1 ext[].\n */\nexport const ACTOR_BINDING_EXTENSION_KEY = 'org.peacprotocol/actor_binding' as const;\n\n/**\n * ActorBinding schema.\n *\n * Binds an actor identity to a receipt via ext[\"org.peacprotocol/actor_binding\"].\n * Wire 0.2 moves this to a kernel field.\n *\n * - id: Stable actor identifier (opaque, no PII)\n * - proof_type: Trust root model from vocabulary\n * - proof_ref: Optional URI or hash of external proof artifact\n * - origin: Origin-only URL (scheme + host + optional port; no path/query/fragment)\n * - intent_hash: Optional SHA-256 hash of the intent (hash-first per )\n */\nexport const ActorBindingSchema = z\n .object({\n /** Stable actor identifier (opaque, no PII) */\n id: z.string().min(1).max(256),\n\n /** Proof type from multi-root vocabulary */\n proof_type: ProofTypeSchema,\n\n /** URI or hash of external proof artifact */\n proof_ref: z.string().max(2048).optional(),\n\n /** Origin-only URL: scheme + host + optional port; NO path, query, or fragment */\n origin: z.string().max(2048).refine(isOriginOnly, {\n message:\n 'origin must be an origin-only URL (scheme + host + optional port; no path, query, or fragment)',\n }),\n\n /** SHA-256 hash of the intent (hash-first per ) */\n intent_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, {\n message: 'intent_hash must match sha256:<64 hex chars>',\n })\n .optional(),\n })\n .strict();\n\nexport type ActorBinding = z.infer<typeof ActorBindingSchema>;\n\n// =============================================================================\n// MVIS: Minimum Viable Identity Set\n// =============================================================================\n\n/**\n * MVIS (Minimum Viable Identity Set) fields.\n *\n * 5 required fields for any identity receipt to be considered complete.\n * validateMVIS() is a pure validation function with zero I/O.\n *\n * Fields:\n * - issuer: Who issued the identity assertion\n * - subject: Who the identity is about (opaque identifier)\n * - key_binding: Cryptographic binding to a key (kid or thumbprint)\n * - time_bounds: Validity period with not_before and not_after\n * - replay_protection: Unique token ID (jti) and optional nonce\n */\nexport const MVISTimeBoundsSchema = z\n .object({\n /** Earliest valid time (RFC 3339) */\n not_before: z.string().datetime(),\n /** Latest valid time (RFC 3339) */\n not_after: z.string().datetime(),\n })\n .strict();\n\nexport type MVISTimeBounds = z.infer<typeof MVISTimeBoundsSchema>;\n\nexport const MVISReplayProtectionSchema = z\n .object({\n /** Unique token identifier (jti from JWT or equivalent) */\n jti: z.string().min(1).max(256),\n /** Optional nonce for additional replay protection */\n nonce: z.string().max(256).optional(),\n })\n .strict();\n\nexport type MVISReplayProtection = z.infer<typeof MVISReplayProtectionSchema>;\n\nexport const MVISFieldsSchema = z\n .object({\n /** Who issued the identity assertion */\n issuer: z.string().min(1).max(2048),\n\n /** Who the identity is about (opaque identifier, no PII) */\n subject: z.string().min(1).max(256),\n\n /** Cryptographic binding: kid or JWK thumbprint */\n key_binding: z.string().min(1).max(256),\n\n /** Validity period */\n time_bounds: MVISTimeBoundsSchema,\n\n /** Replay protection */\n replay_protection: MVISReplayProtectionSchema,\n })\n .strict();\n\nexport type MVISFields = z.infer<typeof MVISFieldsSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS\n// =============================================================================\n\n/**\n * Validate an ActorBinding object.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated ActorBinding or error message\n */\nexport function validateActorBinding(\n data: unknown\n): { ok: true; value: ActorBinding } | { ok: false; error: string } {\n const result = ActorBindingSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate MVIS fields.\n *\n * Pure validation function with zero I/O.\n * Checks that all 5 required fields are present and valid.\n * Also validates that time_bounds.not_before < time_bounds.not_after.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated MVIS fields or error message\n */\nexport function validateMVIS(\n data: unknown\n): { ok: true; value: MVISFields } | { ok: false; error: string } {\n const result = MVISFieldsSchema.safeParse(data);\n if (!result.success) {\n return { ok: false, error: result.error.message };\n }\n\n // Semantic check: not_before must be before not_after\n const notBefore = new Date(result.data.time_bounds.not_before).getTime();\n const notAfter = new Date(result.data.time_bounds.not_after).getTime();\n if (notBefore >= notAfter) {\n return { ok: false, error: 'not_before must be before not_after' };\n }\n\n // Reject absurd durations (>100 years)\n const MAX_DURATION_MS = 100 * 365.25 * 24 * 60 * 60 * 1000;\n if (notAfter - notBefore > MAX_DURATION_MS) {\n return { ok: false, error: 'time_bounds duration must not exceed 100 years' };\n }\n\n return { ok: true, value: result.data };\n}\n","/**\n * Credential Event Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records credential lifecycle events in ext[\"org.peacprotocol/credential_event\"].\n * Events: issued, leased, rotated, revoked, expired.\n *\n * credential_ref is an opaque fingerprint reference: schema validates\n * format only (prefix + hex). Issuers compute values externally; verifiers\n * MUST NOT assume they can recompute the reference.\n */\nimport { z } from 'zod';\n\nexport const CREDENTIAL_EVENT_EXTENSION_KEY = 'org.peacprotocol/credential_event' as const;\n\n/**\n * Credential lifecycle events\n */\nexport const CREDENTIAL_EVENTS = ['issued', 'leased', 'rotated', 'revoked', 'expired'] as const;\n\nexport const CredentialEventTypeSchema = z.enum(CREDENTIAL_EVENTS);\nexport type CredentialEventType = z.infer<typeof CredentialEventTypeSchema>;\n\n/**\n * Opaque fingerprint reference format.\n * Validates prefix (sha256: or hmac-sha256:) + 64 hex chars.\n * Schema does NOT compute or derive this value.\n */\nconst FINGERPRINT_REF_PATTERN = /^(sha256|hmac-sha256):[a-f0-9]{64}$/;\n\nexport const CredentialRefSchema = z.string().max(256).regex(FINGERPRINT_REF_PATTERN, {\n message:\n 'credential_ref must be an opaque fingerprint reference: (sha256|hmac-sha256):<64 hex chars>',\n});\n\n/**\n * Credential Event extension schema\n */\nexport const CredentialEventSchema = z\n .object({\n /** Lifecycle event type */\n event: CredentialEventTypeSchema,\n\n /** Opaque fingerprint reference of the credential (format validation only) */\n credential_ref: CredentialRefSchema,\n\n /** Authority that performed the action (HTTPS URL) */\n authority: z\n .string()\n .url()\n .max(2048)\n .refine((v) => v.startsWith('https://'), {\n message: 'authority must be an HTTPS URL',\n }),\n\n /** When the credential expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** Previous credential reference for rotation chains (optional) */\n previous_ref: CredentialRefSchema.optional(),\n })\n .strict();\n\nexport type CredentialEvent = z.infer<typeof CredentialEventSchema>;\n\n/**\n * Validate a CredentialEvent object.\n */\nexport function validateCredentialEvent(\n data: unknown\n): { ok: true; value: CredentialEvent } | { ok: false; error: string } {\n const result = CredentialEventSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Tool Registry Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records tool registration and capability declarations in\n * ext[\"org.peacprotocol/tool_registry\"].\n *\n * Security: registry_uri validated against URL scheme allowlist\n * (HTTPS + URN only; no file:// or data:// for SSRF prevention).\n */\nimport { z } from 'zod';\n\nexport const TOOL_REGISTRY_EXTENSION_KEY = 'org.peacprotocol/tool_registry' as const;\n\n/**\n * URL scheme allowlist for registry_uri: HTTPS and URN only.\n * Prevents SSRF via file://, data://, or other local schemes.\n */\nfunction isAllowedRegistryUri(value: string): boolean {\n if (value.startsWith('urn:')) {\n return true;\n }\n try {\n const url = new URL(value);\n return url.protocol === 'https:';\n } catch {\n return false;\n }\n}\n\n/**\n * Tool Registry extension schema\n */\nexport const ToolRegistrySchema = z\n .object({\n /** Tool identifier */\n tool_id: z.string().min(1).max(256),\n\n /** Registry URI (HTTPS or URN only; no file:// or data:// for SSRF prevention) */\n registry_uri: z.string().max(2048).refine(isAllowedRegistryUri, {\n message: 'registry_uri must be an HTTPS URL or URN (file:// and data:// are prohibited)',\n }),\n\n /** Tool version (optional, semver-like) */\n version: z.string().max(64).optional(),\n\n /** Tool capabilities (optional) */\n capabilities: z.array(z.string().max(64)).max(32).optional(),\n })\n .strict();\n\nexport type ToolRegistry = z.infer<typeof ToolRegistrySchema>;\n\n/**\n * Validate a ToolRegistry object.\n */\nexport function validateToolRegistry(\n data: unknown\n): { ok: true; value: ToolRegistry } | { ok: false; error: string } {\n const result = ToolRegistrySchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Control Action Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records access control decisions in ext[\"org.peacprotocol/control_action\"].\n * Actions: grant, deny, escalate, delegate, audit.\n * Triggers: policy_evaluation, manual_review, anomaly_detection, scheduled, event_driven.\n */\nimport { z } from 'zod';\n\nexport const CONTROL_ACTION_EXTENSION_KEY = 'org.peacprotocol/control_action' as const;\n\n/**\n * Control action types\n */\nexport const CONTROL_ACTIONS = ['grant', 'deny', 'escalate', 'delegate', 'audit'] as const;\n\nexport const ControlActionTypeSchema = z.enum(CONTROL_ACTIONS);\nexport type ControlActionType = z.infer<typeof ControlActionTypeSchema>;\n\n/**\n * Control action triggers\n */\nexport const CONTROL_TRIGGERS = [\n 'policy_evaluation',\n 'manual_review',\n 'anomaly_detection',\n 'scheduled',\n 'event_driven',\n] as const;\n\nexport const ControlTriggerSchema = z.enum(CONTROL_TRIGGERS);\nexport type ControlTrigger = z.infer<typeof ControlTriggerSchema>;\n\n/**\n * Control Action extension schema\n */\nexport const ControlActionSchema = z\n .object({\n /** Action taken */\n action: ControlActionTypeSchema,\n\n /** What triggered the action */\n trigger: ControlTriggerSchema,\n\n /** Resource or scope the action applies to (optional) */\n resource: z.string().max(2048).optional(),\n\n /** Reason for the action (optional, human-readable) */\n reason: z.string().max(1024).optional(),\n\n /** Policy identifier that was evaluated (optional) */\n policy_ref: z.string().max(2048).optional(),\n\n /** When the action was taken (RFC 3339, optional; defaults to receipt iat) */\n action_at: z.string().datetime().optional(),\n })\n .strict();\n\nexport type ControlAction = z.infer<typeof ControlActionSchema>;\n\n/**\n * Validate a ControlAction object.\n */\nexport function validateControlAction(\n data: unknown\n): { ok: true; value: ControlAction } | { ok: false; error: string } {\n const result = ControlActionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Treaty Extension Schema (v0.11.3+)\n *\n * Records agreement commitment levels in ext[\"org.peacprotocol/treaty\"].\n * 4-level commitment_class vocabulary: informational, operational, financial, legal.\n *\n * Governance: commitment_class is a CLOSED vocabulary. Adding new levels requires\n * a registry update in registries.json and a minor version bump.\n *\n * Terms pairing: when terms_hash is provided alongside terms_ref, the hash\n * SHOULD correspond to the content at terms_ref. Future enforcement may\n * verify this binding at verification time.\n */\nimport { z } from 'zod';\n\nexport const TREATY_EXTENSION_KEY = 'org.peacprotocol/treaty' as const;\n\n/**\n * Commitment class vocabulary.\n * Ascending levels of binding commitment.\n */\nexport const COMMITMENT_CLASSES = ['informational', 'operational', 'financial', 'legal'] as const;\n\nexport const CommitmentClassSchema = z.enum(COMMITMENT_CLASSES);\nexport type CommitmentClass = z.infer<typeof CommitmentClassSchema>;\n\n/**\n * Treaty extension schema\n */\nexport const TreatySchema = z\n .object({\n /** Commitment level */\n commitment_class: CommitmentClassSchema,\n\n /** URL to full terms document (optional) */\n terms_ref: z.string().url().max(2048).optional(),\n\n /** SHA-256 hash of terms document for integrity verification (optional) */\n terms_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, {\n message: 'terms_hash must match sha256:<64 hex chars>',\n })\n .optional(),\n\n /** Counterparty identifier (optional) */\n counterparty: z.string().max(256).optional(),\n\n /** When the treaty becomes effective (RFC 3339, optional) */\n effective_at: z.string().datetime().optional(),\n\n /** When the treaty expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n })\n .strict();\n\nexport type Treaty = z.infer<typeof TreatySchema>;\n\n/**\n * Validate a Treaty object.\n */\nexport function validateTreaty(\n data: unknown\n): { ok: true; value: Treaty } | { ok: false; error: string } {\n const result = TreatySchema.safeParse(data);\n if (!result.success) {\n return { ok: false, error: result.error.message };\n }\n\n // Semantic check: effective_at must be before or equal to expires_at\n if (result.data.effective_at && result.data.expires_at) {\n const effectiveMs = new Date(result.data.effective_at).getTime();\n const expiresMs = new Date(result.data.expires_at).getTime();\n if (effectiveMs > expiresMs) {\n return { ok: false, error: 'effective_at must not be after expires_at' };\n }\n }\n\n return { ok: true, value: result.data };\n}\n","/**\n * Fingerprint Reference Conversion Functions (v0.11.3+)\n *\n * Pure string manipulation functions for converting between Wire 0.1\n * string form (\"alg:hex64\") and Wire 0.2 object form ({ alg, value, key_id? }).\n *\n * These are opaque references. The schema validates format only.\n * Issuers compute values externally; verifiers MUST NOT assume\n * they can recompute the reference.\n *\n * Lives in Layer 1 (@peac/schema) because it is pure string manipulation,\n * not cryptographic computation. Zero dependencies, zero I/O.\n */\n\n/**\n * Wire 0.2 object form of a fingerprint reference\n */\nexport interface FingerprintRefObject {\n /** Hash algorithm: 'sha256' or 'hmac-sha256' */\n alg: string;\n /** Base64url-encoded value */\n value: string;\n /** Optional key identifier (for hmac-sha256 references) */\n key_id?: string;\n}\n\n/**\n * Convert hex string to base64url encoding.\n * Pure function, no dependencies.\n */\nfunction hexToBase64url(hex: string): string {\n const bytes = new Uint8Array(hex.length / 2);\n for (let i = 0; i < hex.length; i += 2) {\n bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);\n }\n // Use Buffer in Node, or manual encoding\n let base64: string;\n if (typeof Buffer !== 'undefined') {\n base64 = Buffer.from(bytes).toString('base64');\n } else {\n // Fallback for non-Node environments\n base64 = btoa(String.fromCharCode(...bytes));\n }\n // base64 -> base64url\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n/**\n * Convert base64url string to hex encoding.\n * Pure function, no dependencies.\n */\nfunction base64urlToHex(b64url: string): string {\n // base64url -> base64\n let base64 = b64url.replace(/-/g, '+').replace(/_/g, '/');\n // Add padding\n while (base64.length % 4 !== 0) {\n base64 += '=';\n }\n let bytes: Uint8Array;\n if (typeof Buffer !== 'undefined') {\n bytes = Buffer.from(base64, 'base64');\n } else {\n const binary = atob(base64);\n bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n }\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n}\n\n/**\n * Supported algorithm prefixes\n */\nconst VALID_ALGS = ['sha256', 'hmac-sha256'] as const;\nconst STRING_FORM_PATTERN = /^(sha256|hmac-sha256):([a-f0-9]{64})$/;\n\n/**\n * Maximum length for fingerprint reference string form.\n * \"hmac-sha256:\" (12) + 64 hex chars = 76 chars max.\n */\nexport const MAX_FINGERPRINT_REF_LENGTH = 76;\n\n/**\n * Strict base64url character set (RFC 4648 section 5).\n * Only A-Z, a-z, 0-9, '-', '_'. No padding ('='), no whitespace.\n */\nconst BASE64URL_PATTERN = /^[A-Za-z0-9_-]+$/;\n\n/**\n * Parse a Wire 0.1 string form fingerprint reference (\"alg:hex64\")\n * into a Wire 0.2 object form ({ alg, value }).\n *\n * The hex value is converted to base64url for the object form.\n *\n * @param s - String form: \"sha256:<64 hex chars>\" or \"hmac-sha256:<64 hex chars>\"\n * @returns Object form with base64url value, or null if invalid\n */\nexport function stringToFingerprintRef(s: string): FingerprintRefObject | null {\n if (s.length > MAX_FINGERPRINT_REF_LENGTH) {\n return null;\n }\n const match = STRING_FORM_PATTERN.exec(s);\n if (!match) {\n return null;\n }\n const alg = match[1];\n const hex = match[2];\n return {\n alg,\n value: hexToBase64url(hex),\n };\n}\n\n/**\n * Convert a Wire 0.2 object form fingerprint reference back to\n * the Wire 0.1 string form (\"alg:hex64\").\n *\n * The base64url value is converted back to hex for the string form.\n *\n * @param obj - Object form with alg and base64url value\n * @returns String form \"alg:<64 hex chars>\", or null if invalid\n */\nexport function fingerprintRefToString(obj: FingerprintRefObject): string | null {\n if (!VALID_ALGS.includes(obj.alg as (typeof VALID_ALGS)[number])) {\n return null;\n }\n // Strict base64url validation (RFC 4648 section 5): no padding, no whitespace\n if (!BASE64URL_PATTERN.test(obj.value)) {\n return null;\n }\n try {\n const hex = base64urlToHex(obj.value);\n if (hex.length !== 64) {\n return null;\n }\n return `${obj.alg}:${hex}`;\n } catch {\n return null;\n }\n}\n","/**\n * Dispute Attestation Types and Validators (v0.9.27+)\n *\n * Provides formal mechanism for contesting PEAC receipts, attributions,\n * and identity claims with lifecycle state management.\n *\n * @see docs/specs/DISPUTE.md for normative specification\n */\nimport { z } from 'zod';\nimport { ContentHashSchema, type ContentHash } from './attribution';\n\n// =============================================================================\n// DISPUTE LIMITS (v0.9.27+)\n// =============================================================================\n\n/**\n * Dispute limits for DoS protection and validation.\n *\n * These are implementation safety limits, not protocol constraints.\n */\nexport const DISPUTE_LIMITS = {\n /** Maximum grounds per dispute */\n maxGrounds: 10,\n /** Maximum supporting receipts */\n maxSupportingReceipts: 50,\n /** Maximum supporting attributions */\n maxSupportingAttributions: 50,\n /** Maximum supporting documents */\n maxSupportingDocuments: 20,\n /** Maximum description length in chars */\n maxDescriptionLength: 4000,\n /** Maximum details length per ground in chars */\n maxGroundDetailsLength: 1000,\n /** Maximum rationale length in chars */\n maxRationaleLength: 4000,\n /** Maximum remediation details length in chars */\n maxRemediationDetailsLength: 4000,\n /** Minimum description for 'other' dispute type */\n minOtherDescriptionLength: 50,\n} as const;\n\n// =============================================================================\n// ULID VALIDATION (v0.9.27+)\n// =============================================================================\n\n/**\n * ULID format regex: 26 characters, Crockford Base32, UPPERCASE ONLY.\n *\n * ULIDs are time-ordered, globally unique identifiers that are URL-safe.\n * Format: 10 characters timestamp + 16 characters randomness\n *\n * CASE SENSITIVITY DECISION (v0.9.27):\n * While the ULID spec allows case-insensitive decoding (lowercase is valid),\n * PEAC enforces UPPERCASE as the canonical form for dispute IDs. This ensures:\n * 1. Consistent string comparison without normalization\n * 2. Predictable indexing and lookup in storage systems\n * 3. Deterministic hash computation for audit trails\n *\n * Implementations generating ULIDs MUST use uppercase encoding.\n * Implementations receiving ULIDs MAY normalize to uppercase before validation\n * if interoperating with systems that produce lowercase, but SHOULD warn.\n *\n * @see https://github.com/ulid/spec\n */\nconst ULID_REGEX = /^[0-9A-HJKMNP-TV-Z]{26}$/;\n\n/**\n * Dispute ID schema using ULID format.\n *\n * @example \"01ARZ3NDEKTSV4RRFFQ69G5FAV\"\n */\nexport const DisputeIdSchema = z.string().regex(ULID_REGEX, 'Invalid ULID format');\nexport type DisputeId = z.infer<typeof DisputeIdSchema>;\n\n// =============================================================================\n// DISPUTE TYPES (v0.9.27+)\n// =============================================================================\n\n/**\n * Type of dispute being filed.\n *\n * - 'unauthorized_access': Content accessed without valid receipt\n * - 'attribution_missing': Used content without attribution\n * - 'attribution_incorrect': Attribution exists but is wrong\n * - 'receipt_invalid': Receipt was fraudulently issued\n * - 'identity_spoofed': Agent identity was impersonated\n * - 'purpose_mismatch': Declared purpose doesn't match actual use\n * - 'policy_violation': Terms/policy violated despite receipt\n * - 'other': Catch-all (requires description >= 50 chars)\n */\nexport const DisputeTypeSchema = z.enum([\n 'unauthorized_access',\n 'attribution_missing',\n 'attribution_incorrect',\n 'receipt_invalid',\n 'identity_spoofed',\n 'purpose_mismatch',\n 'policy_violation',\n 'other',\n]);\nexport type DisputeType = z.infer<typeof DisputeTypeSchema>;\n\n/**\n * Array of valid dispute types for runtime checks.\n */\nexport const DISPUTE_TYPES = [\n 'unauthorized_access',\n 'attribution_missing',\n 'attribution_incorrect',\n 'receipt_invalid',\n 'identity_spoofed',\n 'purpose_mismatch',\n 'policy_violation',\n 'other',\n] as const;\n\n// =============================================================================\n// DISPUTE TARGET TYPES (v0.9.27+)\n// =============================================================================\n\n/**\n * Type of entity being disputed.\n *\n * - 'receipt': A PEAC receipt\n * - 'attribution': An attribution attestation\n * - 'identity': An agent identity attestation\n * - 'policy': A policy decision or enforcement\n */\nexport const DisputeTargetTypeSchema = z.enum(['receipt', 'attribution', 'identity', 'policy']);\nexport type DisputeTargetType = z.infer<typeof DisputeTargetTypeSchema>;\n\n/**\n * Array of valid target types for runtime checks.\n */\nexport const DISPUTE_TARGET_TYPES = ['receipt', 'attribution', 'identity', 'policy'] as const;\n\n// =============================================================================\n// DISPUTE GROUNDS (v0.9.27+)\n// =============================================================================\n\n/**\n * Specific grounds for the dispute.\n *\n * Evidence-based:\n * - 'missing_receipt': No receipt exists for access\n * - 'expired_receipt': Receipt was expired at time of use\n * - 'forged_receipt': Receipt signature invalid or tampered\n * - 'receipt_not_applicable': Receipt doesn't cover the resource\n *\n * Attribution-based:\n * - 'content_not_used': Content was not actually used\n * - 'source_misidentified': Wrong source attributed\n * - 'usage_type_wrong': RAG claimed but was training, etc.\n * - 'weight_inaccurate': Attribution weight is incorrect\n *\n * Identity-based:\n * - 'agent_impersonation': Agent ID was spoofed\n * - 'key_compromise': Signing key was compromised\n * - 'delegation_invalid': Delegation chain is broken\n *\n * Policy-based:\n * - 'purpose_exceeded': Used beyond declared purpose\n * - 'terms_violated': Specific terms were violated\n * - 'rate_limit_exceeded': Exceeded rate limits\n */\nexport const DisputeGroundsCodeSchema = z.enum([\n // Evidence-based\n 'missing_receipt',\n 'expired_receipt',\n 'forged_receipt',\n 'receipt_not_applicable',\n // Attribution-based\n 'content_not_used',\n 'source_misidentified',\n 'usage_type_wrong',\n 'weight_inaccurate',\n // Identity-based\n 'agent_impersonation',\n 'key_compromise',\n 'delegation_invalid',\n // Policy-based\n 'purpose_exceeded',\n 'terms_violated',\n 'rate_limit_exceeded',\n]);\nexport type DisputeGroundsCode = z.infer<typeof DisputeGroundsCodeSchema>;\n\n/**\n * Array of valid grounds codes for runtime checks.\n */\nexport const DISPUTE_GROUNDS_CODES = [\n 'missing_receipt',\n 'expired_receipt',\n 'forged_receipt',\n 'receipt_not_applicable',\n 'content_not_used',\n 'source_misidentified',\n 'usage_type_wrong',\n 'weight_inaccurate',\n 'agent_impersonation',\n 'key_compromise',\n 'delegation_invalid',\n 'purpose_exceeded',\n 'terms_violated',\n 'rate_limit_exceeded',\n] as const;\n\n/**\n * Individual dispute ground with supporting evidence reference.\n */\nexport const DisputeGroundsSchema = z\n .object({\n /** Specific code for this ground (REQUIRED) */\n code: DisputeGroundsCodeSchema,\n /** Reference to supporting evidence (OPTIONAL) */\n evidence_ref: z.string().max(2048).optional(),\n /** Additional context for this ground (OPTIONAL) */\n details: z.string().max(DISPUTE_LIMITS.maxGroundDetailsLength).optional(),\n })\n .strict();\nexport type DisputeGrounds = z.infer<typeof DisputeGroundsSchema>;\n\n// =============================================================================\n// DISPUTE LIFECYCLE STATES (v0.9.27+)\n// =============================================================================\n\n/**\n * Dispute lifecycle states.\n *\n * State flow:\n * ```\n * FILED -> ACKNOWLEDGED -> UNDER_REVIEW -> RESOLVED\n * | | |\n * +-> REJECTED +-> ESCALATED +-> APPEALED\n * |\n * +-> FINAL\n * ```\n *\n * Terminal states (REQUIRE resolution): resolved, rejected, final\n * Non-terminal states: filed, acknowledged, under_review, escalated, appealed\n */\nexport const DisputeStateSchema = z.enum([\n 'filed',\n 'acknowledged',\n 'under_review',\n 'escalated',\n 'resolved',\n 'rejected',\n 'appealed',\n 'final',\n]);\nexport type DisputeState = z.infer<typeof DisputeStateSchema>;\n\n/**\n * Array of valid dispute states for runtime checks.\n */\nexport const DISPUTE_STATES = [\n 'filed',\n 'acknowledged',\n 'under_review',\n 'escalated',\n 'resolved',\n 'rejected',\n 'appealed',\n 'final',\n] as const;\n\n/**\n * Terminal states that REQUIRE a resolution field.\n */\nexport const TERMINAL_STATES: readonly DisputeState[] = ['resolved', 'rejected', 'final'] as const;\n\n/**\n * Canonical state transition table for dispute lifecycle.\n *\n * This is the SINGLE SOURCE OF TRUTH for valid transitions.\n * Do not duplicate elsewhere - reference this constant.\n */\nexport const DISPUTE_TRANSITIONS: Record<DisputeState, readonly DisputeState[]> = {\n filed: ['acknowledged', 'rejected'],\n acknowledged: ['under_review', 'rejected'],\n under_review: ['resolved', 'escalated'],\n escalated: ['resolved'],\n resolved: ['appealed', 'final'],\n rejected: ['appealed', 'final'],\n appealed: ['under_review', 'final'],\n final: [], // Terminal - no transitions out\n} as const;\n\n/**\n * Check if a state transition is valid.\n *\n * @param current - Current dispute state\n * @param next - Proposed next state\n * @returns True if the transition is valid\n */\nexport function canTransitionTo(current: DisputeState, next: DisputeState): boolean {\n return DISPUTE_TRANSITIONS[current].includes(next);\n}\n\n/**\n * Check if a state is terminal (requires resolution).\n *\n * @param state - Dispute state to check\n * @returns True if the state is terminal\n */\nexport function isTerminalState(state: DisputeState): boolean {\n return TERMINAL_STATES.includes(state);\n}\n\n/**\n * Get valid next states from current state.\n *\n * @param current - Current dispute state\n * @returns Array of valid next states\n */\nexport function getValidTransitions(current: DisputeState): readonly DisputeState[] {\n return DISPUTE_TRANSITIONS[current];\n}\n\n// =============================================================================\n// DISPUTE OUTCOME AND RESOLUTION (v0.9.27+)\n// =============================================================================\n\n/**\n * Outcome of a resolved dispute.\n *\n * - 'upheld': Dispute was valid, in favor of filer\n * - 'dismissed': Dispute invalid or without merit\n * - 'partially_upheld': Some grounds upheld, others dismissed\n * - 'settled': Parties reached agreement\n */\nexport const DisputeOutcomeSchema = z.enum(['upheld', 'dismissed', 'partially_upheld', 'settled']);\nexport type DisputeOutcome = z.infer<typeof DisputeOutcomeSchema>;\n\n/**\n * Array of valid outcomes for runtime checks.\n */\nexport const DISPUTE_OUTCOMES = ['upheld', 'dismissed', 'partially_upheld', 'settled'] as const;\n\n/**\n * Type of remediation action taken.\n *\n * - 'attribution_corrected': Attribution was fixed\n * - 'receipt_revoked': Receipt was revoked\n * - 'access_restored': Access was restored\n * - 'compensation': Financial compensation provided\n * - 'policy_updated': Policy was updated\n * - 'no_action': No action required\n * - 'other': Other remediation\n */\nexport const RemediationTypeSchema = z.enum([\n 'attribution_corrected',\n 'receipt_revoked',\n 'access_restored',\n 'compensation',\n 'policy_updated',\n 'no_action',\n 'other',\n]);\nexport type RemediationType = z.infer<typeof RemediationTypeSchema>;\n\n/**\n * Array of valid remediation types for runtime checks.\n */\nexport const REMEDIATION_TYPES = [\n 'attribution_corrected',\n 'receipt_revoked',\n 'access_restored',\n 'compensation',\n 'policy_updated',\n 'no_action',\n 'other',\n] as const;\n\n/**\n * Remediation action taken to address the dispute.\n */\nexport const RemediationSchema = z\n .object({\n /** Type of remediation (REQUIRED) */\n type: RemediationTypeSchema,\n /** Details of the remediation action (REQUIRED) */\n details: z.string().min(1).max(DISPUTE_LIMITS.maxRemediationDetailsLength),\n /** Deadline for completing remediation (OPTIONAL) */\n deadline: z.string().datetime().optional(),\n })\n .strict();\nexport type Remediation = z.infer<typeof RemediationSchema>;\n\n/**\n * Resolution of a dispute.\n *\n * Required for terminal states (resolved, rejected, final).\n */\nexport const DisputeResolutionSchema = z\n .object({\n /** Outcome of the dispute (REQUIRED) */\n outcome: DisputeOutcomeSchema,\n /** When the decision was made (REQUIRED) */\n decided_at: z.string().datetime(),\n /** Who made the decision (REQUIRED) */\n decided_by: z.string().min(1).max(2048),\n /** Explanation of the decision (REQUIRED) */\n rationale: z.string().min(1).max(DISPUTE_LIMITS.maxRationaleLength),\n /** Remediation action if applicable (OPTIONAL) */\n remediation: RemediationSchema.optional(),\n })\n .strict();\nexport type DisputeResolution = z.infer<typeof DisputeResolutionSchema>;\n\n// =============================================================================\n// DISPUTE CONTACT (v0.9.27+)\n// =============================================================================\n\n/**\n * Contact method for dispute resolution.\n *\n * - 'email': Email address\n * - 'url': URL (webhook, contact form)\n * - 'did': Decentralized identifier\n */\nexport const ContactMethodSchema = z.enum(['email', 'url', 'did']);\nexport type ContactMethod = z.infer<typeof ContactMethodSchema>;\n\n/**\n * Contact information for dispute communication.\n *\n * Validated based on method type.\n */\nexport const DisputeContactSchema = z\n .object({\n /** Contact method (REQUIRED) */\n method: ContactMethodSchema,\n /** Contact value (REQUIRED) */\n value: z.string().min(1).max(2048),\n })\n .strict()\n .superRefine((contact, ctx) => {\n if (contact.method === 'email') {\n // Basic email validation (RFC 5322 simplified)\n const emailRegex = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n if (!emailRegex.test(contact.value)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Invalid email format',\n path: ['value'],\n });\n }\n } else if (contact.method === 'did') {\n // DID must start with did:\n if (!contact.value.startsWith('did:')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'DID must start with \"did:\"',\n path: ['value'],\n });\n }\n } else if (contact.method === 'url') {\n // URL validation\n try {\n new URL(contact.value);\n } catch {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Invalid URL format',\n path: ['value'],\n });\n }\n }\n });\nexport type DisputeContact = z.infer<typeof DisputeContactSchema>;\n\n// =============================================================================\n// DOCUMENT REFERENCE (v0.9.27+)\n// =============================================================================\n\n/**\n * Reference to an external document supporting the dispute.\n */\nexport const DocumentRefSchema = z\n .object({\n /** URI of the document (REQUIRED) */\n uri: z.string().url().max(2048),\n /** Content hash for integrity verification (OPTIONAL) */\n content_hash: ContentHashSchema.optional(),\n /** Brief description of the document (OPTIONAL) */\n description: z.string().max(500).optional(),\n })\n .strict();\nexport type DocumentRef = z.infer<typeof DocumentRefSchema>;\n\n// =============================================================================\n// DISPUTE EVIDENCE (v0.9.27+)\n// =============================================================================\n\n/**\n * Base evidence schema without invariants.\n */\nconst DisputeEvidenceBaseSchema = z\n .object({\n /** Type of dispute (REQUIRED) */\n dispute_type: DisputeTypeSchema,\n /** Reference to disputed target: jti:{id}, URL, or URN (REQUIRED) */\n target_ref: z.string().min(1).max(2048),\n /** Type of target being disputed (REQUIRED) */\n target_type: DisputeTargetTypeSchema,\n /** Grounds for the dispute (REQUIRED, at least 1) */\n grounds: z.array(DisputeGroundsSchema).min(1).max(DISPUTE_LIMITS.maxGrounds),\n /** Human-readable description (REQUIRED) */\n description: z.string().min(1).max(DISPUTE_LIMITS.maxDescriptionLength),\n /** Receipt references supporting the claim (OPTIONAL) */\n supporting_receipts: z\n .array(z.string().max(2048))\n .max(DISPUTE_LIMITS.maxSupportingReceipts)\n .optional(),\n /** Attribution references supporting the claim (OPTIONAL) */\n supporting_attributions: z\n .array(z.string().max(2048))\n .max(DISPUTE_LIMITS.maxSupportingAttributions)\n .optional(),\n /** External document references (OPTIONAL) */\n supporting_documents: z\n .array(DocumentRefSchema)\n .max(DISPUTE_LIMITS.maxSupportingDocuments)\n .optional(),\n /** Contact for dispute resolution (OPTIONAL) */\n contact: DisputeContactSchema.optional(),\n /** Current lifecycle state (REQUIRED) */\n state: DisputeStateSchema,\n /** When state was last changed (OPTIONAL) */\n state_changed_at: z.string().datetime().optional(),\n /** Reason for state change (OPTIONAL) */\n state_reason: z.string().max(1000).optional(),\n /** Resolution details (REQUIRED for terminal states) */\n resolution: DisputeResolutionSchema.optional(),\n /** Advisory: filing window used by issuer in days (OPTIONAL, informative only) */\n window_hint_days: z.number().int().positive().max(365).optional(),\n })\n .strict();\n\n/**\n * Dispute evidence with cross-field invariants enforced via superRefine.\n *\n * Invariants:\n * 1. Terminal states (resolved, rejected, final) REQUIRE resolution\n * 2. Resolution is ONLY valid for terminal states\n * 3. Dispute type 'other' requires description >= 50 characters\n */\nexport const DisputeEvidenceSchema = DisputeEvidenceBaseSchema.superRefine((evidence, ctx) => {\n const terminalStates: DisputeState[] = ['resolved', 'rejected', 'final'];\n\n // Invariant 1: Terminal states REQUIRE resolution\n if (terminalStates.includes(evidence.state) && !evidence.resolution) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Resolution is required when state is \"${evidence.state}\"`,\n path: ['resolution'],\n });\n }\n\n // Invariant 2: Resolution REQUIRES terminal state\n if (evidence.resolution && !terminalStates.includes(evidence.state)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Resolution is only valid for terminal states (resolved, rejected, final), not \"${evidence.state}\"`,\n path: ['state'],\n });\n }\n\n // Invariant 3: 'other' dispute type requires meaningful description\n if (\n evidence.dispute_type === 'other' &&\n evidence.description.length < DISPUTE_LIMITS.minOtherDescriptionLength\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Dispute type \"other\" requires description of at least ${DISPUTE_LIMITS.minOtherDescriptionLength} characters`,\n path: ['description'],\n });\n }\n});\nexport type DisputeEvidence = z.infer<typeof DisputeEvidenceSchema>;\n\n// =============================================================================\n// DISPUTE ATTESTATION (v0.9.27+)\n// =============================================================================\n\n/**\n * Attestation type literal for disputes.\n */\nexport const DISPUTE_TYPE = 'peac/dispute' as const;\n\n/**\n * DisputeAttestation - formal mechanism for contesting PEAC claims.\n *\n * This attestation provides a standardized way to dispute receipts,\n * attributions, identity claims, or policy decisions.\n *\n * @example\n * ```typescript\n * const dispute: DisputeAttestation = {\n * type: 'peac/dispute',\n * issuer: 'https://publisher.example.com',\n * issued_at: '2026-01-06T12:00:00Z',\n * ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * evidence: {\n * dispute_type: 'unauthorized_access',\n * target_ref: 'jti:01H5KPT9QZA123456789VWXYZG',\n * target_type: 'receipt',\n * grounds: [{ code: 'missing_receipt' }],\n * description: 'Content was accessed without a valid receipt.',\n * state: 'filed',\n * },\n * };\n * ```\n */\nexport const DisputeAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/dispute') */\n type: z.literal(DISPUTE_TYPE),\n /** Party filing the dispute (REQUIRED) */\n issuer: z.string().min(1).max(2048),\n /** When the dispute was filed (REQUIRED) */\n issued_at: z.string().datetime(),\n /** When the dispute expires (OPTIONAL) */\n expires_at: z.string().datetime().optional(),\n /** Unique dispute reference in ULID format (REQUIRED) */\n ref: DisputeIdSchema,\n /** Dispute evidence and state */\n evidence: DisputeEvidenceSchema,\n })\n .strict();\nexport type DisputeAttestation = z.infer<typeof DisputeAttestationSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Validate a DisputeAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateDisputeAttestation(data);\n * if (result.ok) {\n * console.log('Dispute ref:', result.value.ref);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateDisputeAttestation(\n data: unknown\n): { ok: true; value: DisputeAttestation } | { ok: false; error: string } {\n const result = DisputeAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is a valid DisputeAttestation.\n *\n * @param data - Unknown data to check\n * @returns True if valid\n */\nexport function isValidDisputeAttestation(data: unknown): data is DisputeAttestation {\n return DisputeAttestationSchema.safeParse(data).success;\n}\n\n/**\n * Check if an object has the dispute attestation type.\n *\n * @param attestation - Object with a type field\n * @returns True if type is 'peac/dispute'\n */\nexport function isDisputeAttestation(attestation: {\n type: string;\n}): attestation is DisputeAttestation {\n return attestation.type === DISPUTE_TYPE;\n}\n\n/**\n * Validate a DisputeResolution.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated resolution or error message\n */\nexport function validateDisputeResolution(\n data: unknown\n): { ok: true; value: DisputeResolution } | { ok: false; error: string } {\n const result = DisputeResolutionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate a DisputeContact.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated contact or error message\n */\nexport function validateDisputeContact(\n data: unknown\n): { ok: true; value: DisputeContact } | { ok: false; error: string } {\n const result = DisputeContactSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n// =============================================================================\n// FACTORY HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Parameters for creating a DisputeAttestation.\n */\nexport interface CreateDisputeAttestationParams {\n /** Party filing the dispute */\n issuer: string;\n /** Unique dispute reference (ULID format) */\n ref: string;\n /** Type of dispute */\n dispute_type: DisputeType;\n /** Reference to disputed target */\n target_ref: string;\n /** Type of target */\n target_type: DisputeTargetType;\n /** Grounds for dispute */\n grounds: DisputeGrounds[];\n /** Human-readable description */\n description: string;\n /** Contact information (optional) */\n contact?: DisputeContact;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** Supporting receipt references (optional) */\n supporting_receipts?: string[];\n /** Supporting attribution references (optional) */\n supporting_attributions?: string[];\n /** Supporting document references (optional) */\n supporting_documents?: DocumentRef[];\n /** Advisory filing window in days (optional) */\n window_hint_days?: number;\n}\n\n/**\n * Create a DisputeAttestation with current timestamp and 'filed' state.\n *\n * @param params - Attestation parameters\n * @returns A valid DisputeAttestation in 'filed' state\n *\n * @example\n * ```typescript\n * const dispute = createDisputeAttestation({\n * issuer: 'https://publisher.example.com',\n * ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * dispute_type: 'unauthorized_access',\n * target_ref: 'jti:01H5KPT9QZA123456789VWXYZG',\n * target_type: 'receipt',\n * grounds: [{ code: 'missing_receipt' }],\n * description: 'Content was accessed without a valid receipt.',\n * });\n * ```\n */\nexport function createDisputeAttestation(\n params: CreateDisputeAttestationParams\n): DisputeAttestation {\n const now = new Date().toISOString();\n\n const evidence: DisputeEvidence = {\n dispute_type: params.dispute_type,\n target_ref: params.target_ref,\n target_type: params.target_type,\n grounds: params.grounds,\n description: params.description,\n state: 'filed',\n };\n\n if (params.contact) {\n evidence.contact = params.contact;\n }\n if (params.supporting_receipts) {\n evidence.supporting_receipts = params.supporting_receipts;\n }\n if (params.supporting_attributions) {\n evidence.supporting_attributions = params.supporting_attributions;\n }\n if (params.supporting_documents) {\n evidence.supporting_documents = params.supporting_documents;\n }\n if (params.window_hint_days !== undefined) {\n evidence.window_hint_days = params.window_hint_days;\n }\n\n const attestation: DisputeAttestation = {\n type: DISPUTE_TYPE,\n issuer: params.issuer,\n issued_at: now,\n ref: params.ref,\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n\n return attestation;\n}\n\n/**\n * Transition a dispute to a new state.\n *\n * @param dispute - Current dispute attestation\n * @param newState - Target state\n * @param reason - Reason for transition (optional)\n * @param resolution - Resolution details (required for terminal states)\n * @returns Updated dispute attestation or error\n *\n * @example\n * ```typescript\n * // Acknowledge a filed dispute\n * const acknowledged = transitionDisputeState(\n * dispute,\n * 'acknowledged',\n * 'Dispute received and under review'\n * );\n *\n * // Resolve a dispute (terminal state requires resolution)\n * const resolved = transitionDisputeState(\n * dispute,\n * 'resolved',\n * 'Investigation complete',\n * {\n * outcome: 'upheld',\n * decided_at: new Date().toISOString(),\n * decided_by: 'https://platform.example.com',\n * rationale: 'Evidence supports the claim.',\n * }\n * );\n * ```\n */\nexport function transitionDisputeState(\n dispute: DisputeAttestation,\n newState: DisputeState,\n reason?: string,\n resolution?: DisputeResolution\n):\n | { ok: true; value: DisputeAttestation }\n | {\n ok: false;\n error: string;\n code: 'INVALID_TRANSITION' | 'RESOLUTION_REQUIRED' | 'RESOLUTION_NOT_ALLOWED';\n } {\n const currentState = dispute.evidence.state;\n\n // Check if transition is valid\n if (!canTransitionTo(currentState, newState)) {\n return {\n ok: false,\n error: `Invalid transition from \"${currentState}\" to \"${newState}\". Valid transitions: ${DISPUTE_TRANSITIONS[currentState].join(', ') || 'none'}`,\n code: 'INVALID_TRANSITION',\n };\n }\n\n // Check resolution requirements\n const isTargetTerminal = isTerminalState(newState);\n\n if (isTargetTerminal && !resolution) {\n return {\n ok: false,\n error: `Resolution is required when transitioning to terminal state \"${newState}\"`,\n code: 'RESOLUTION_REQUIRED',\n };\n }\n\n if (!isTargetTerminal && resolution) {\n return {\n ok: false,\n error: `Resolution is not allowed for non-terminal state \"${newState}\"`,\n code: 'RESOLUTION_NOT_ALLOWED',\n };\n }\n\n // Create updated dispute\n const now = new Date().toISOString();\n\n // Destructure to separate resolution from other evidence fields\n const { resolution: _existingResolution, ...evidenceWithoutResolution } = dispute.evidence;\n\n // Build updated evidence: start without resolution, add back only if terminal\n const updatedEvidence: DisputeEvidence = {\n ...evidenceWithoutResolution,\n state: newState,\n state_changed_at: now,\n };\n\n if (reason) {\n updatedEvidence.state_reason = reason;\n }\n\n // Only add resolution for terminal states\n if (isTargetTerminal && resolution) {\n updatedEvidence.resolution = resolution;\n }\n\n return {\n ok: true,\n value: {\n ...dispute,\n evidence: updatedEvidence,\n },\n };\n}\n\n// =============================================================================\n// TIME VALIDATION HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Check if a dispute attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Clock skew tolerance in milliseconds (default: 30000)\n * @returns True if expired\n */\nexport function isDisputeExpired(\n attestation: DisputeAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if a dispute attestation is not yet valid (issued_at in future).\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Clock skew tolerance in milliseconds (default: 30000)\n * @returns True if not yet valid\n */\nexport function isDisputeNotYetValid(\n attestation: DisputeAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n","/**\n * PEAC Workflow Correlation Types (v0.10.2+)\n *\n * Workflow correlation primitives for multi-agent orchestration.\n * These types enable tracking and verification of multi-step agentic workflows\n * across different frameworks (MCP, A2A, CrewAI, LangGraph, etc.).\n *\n * Design principles:\n * - Non-breaking: Uses extensions mechanism (auth.extensions['org.peacprotocol/workflow'])\n * - DAG semantics: Parent linking for execution graph reconstruction\n * - Framework-agnostic: Works with any orchestration layer\n * - Deterministic: Supports offline verification and audit\n *\n * @see docs/specs/WORKFLOW-CORRELATION.md\n */\n\nimport { z } from 'zod';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Extension key for workflow context\n * Used in auth.extensions['org.peacprotocol/workflow']\n */\nexport const WORKFLOW_EXTENSION_KEY = 'org.peacprotocol/workflow';\n\n/**\n * Attestation type for workflow summaries\n */\nexport const WORKFLOW_SUMMARY_TYPE = 'peac/workflow-summary' as const;\n\n/**\n * Workflow status values\n */\nexport const WORKFLOW_STATUSES = ['in_progress', 'completed', 'failed', 'cancelled'] as const;\n\n/**\n * Well-known orchestration frameworks (informational, not normative)\n *\n * The framework field accepts any string matching the framework grammar.\n * These well-known values are listed in the PEAC registries for interop.\n * New frameworks do NOT require protocol updates - just use the name.\n *\n * @see docs/specs/registries.json - orchestration_frameworks section\n */\nexport const WELL_KNOWN_FRAMEWORKS = [\n 'mcp',\n 'a2a',\n 'crewai',\n 'langgraph',\n 'autogen',\n 'custom',\n] as const;\n\n/**\n * @deprecated Use WELL_KNOWN_FRAMEWORKS instead. Kept for backwards compatibility.\n */\nexport const ORCHESTRATION_FRAMEWORKS = WELL_KNOWN_FRAMEWORKS;\n\n/**\n * Framework identifier grammar pattern\n *\n * Lowercase letters, digits, hyphens, underscores.\n * Must start with a letter. Max 64 characters.\n * Examples: \"mcp\", \"a2a\", \"crewai\", \"langgraph\", \"dspy\", \"smolagents\"\n */\nexport const FRAMEWORK_ID_PATTERN = /^[a-z][a-z0-9_-]*$/;\n\n/**\n * Workflow correlation limits (DoS protection)\n */\nexport const WORKFLOW_LIMITS = {\n /** Maximum parent steps per step (DAG fan-in) */\n maxParentSteps: 16,\n /** Maximum workflow ID length */\n maxWorkflowIdLength: 128,\n /** Maximum step ID length */\n maxStepIdLength: 128,\n /** Maximum tool name length */\n maxToolNameLength: 256,\n /** Maximum framework identifier length */\n maxFrameworkLength: 64,\n /** Maximum agents in a workflow summary */\n maxAgentsInvolved: 100,\n /** Maximum receipt refs in a workflow summary */\n maxReceiptRefs: 10000,\n /** Maximum error message length */\n maxErrorMessageLength: 1024,\n} as const;\n\n// ============================================================================\n// ID Format Patterns\n// ============================================================================\n\n/**\n * Workflow ID format: wf_{ulid} or wf_{uuid}\n * Examples:\n * - wf_01HXYZ... (ULID)\n * - wf_550e8400-e29b-41d4-a716-446655440000 (UUID)\n */\nexport const WORKFLOW_ID_PATTERN = /^wf_[a-zA-Z0-9_-]{20,48}$/;\n\n/**\n * Step ID format: step_{ulid} or step_{uuid}\n * Examples:\n * - step_01HXYZ... (ULID)\n * - step_550e8400-e29b-41d4-a716-446655440000 (UUID)\n */\nexport const STEP_ID_PATTERN = /^step_[a-zA-Z0-9_-]{20,48}$/;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * Workflow ID schema\n */\nexport const WorkflowIdSchema = z\n .string()\n .regex(WORKFLOW_ID_PATTERN, 'Invalid workflow ID format (expected wf_{ulid|uuid})')\n .max(WORKFLOW_LIMITS.maxWorkflowIdLength);\n\n/**\n * Step ID schema\n */\nexport const StepIdSchema = z\n .string()\n .regex(STEP_ID_PATTERN, 'Invalid step ID format (expected step_{ulid|uuid})')\n .max(WORKFLOW_LIMITS.maxStepIdLength);\n\n/**\n * Workflow status schema\n */\nexport const WorkflowStatusSchema = z.enum(WORKFLOW_STATUSES);\n\n/**\n * Orchestration framework schema\n *\n * Open string field with constrained grammar. Any lowercase identifier\n * matching the framework grammar is valid. Well-known values are listed\n * in WELL_KNOWN_FRAMEWORKS and the PEAC registries.\n *\n * Grammar: /^[a-z][a-z0-9_-]*$/ (max 64 chars)\n */\nexport const OrchestrationFrameworkSchema = z\n .string()\n .regex(\n FRAMEWORK_ID_PATTERN,\n 'Invalid framework identifier (must be lowercase alphanumeric with hyphens/underscores, starting with a letter)'\n )\n .max(WORKFLOW_LIMITS.maxFrameworkLength);\n\n/**\n * Workflow context schema - attached to individual receipts\n *\n * This is the core primitive that links receipts into a workflow DAG.\n * Place in auth.extensions['org.peacprotocol/workflow']\n */\nexport const WorkflowContextSchema = z\n .object({\n // Correlation\n /** Globally unique workflow/run ID */\n workflow_id: WorkflowIdSchema,\n\n /** This step's unique ID */\n step_id: StepIdSchema,\n\n /** DAG parent step IDs (empty array for root step) */\n parent_step_ids: z.array(StepIdSchema).max(WORKFLOW_LIMITS.maxParentSteps).default([]),\n\n // Orchestration identity\n /** Agent identity ref of the orchestrator (optional) */\n orchestrator_id: z.string().max(256).optional(),\n\n /** Receipt ID that initiated this workflow (optional) */\n orchestrator_receipt_ref: z.string().max(256).optional(),\n\n // Sequencing (for linear workflows)\n /** 0-based position in sequential runs (optional) */\n step_index: z.number().int().nonnegative().optional(),\n\n /** Total steps if known upfront (optional) */\n step_total: z.number().int().positive().optional(),\n\n // Metadata\n /** Tool or skill name (MCP tool, A2A skill, etc.) */\n tool_name: z.string().max(WORKFLOW_LIMITS.maxToolNameLength).optional(),\n\n /** Orchestration framework */\n framework: OrchestrationFrameworkSchema.optional(),\n\n // Hash chain (for streaming/progressive receipts)\n /** SHA-256 hash of previous receipt in chain (for ordering) */\n prev_receipt_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n })\n .strict();\n\n/**\n * Error context for failed workflows\n */\nexport const WorkflowErrorContextSchema = z\n .object({\n /** Step ID where failure occurred */\n failed_step_id: StepIdSchema,\n\n /** Error code (E_* format preferred) */\n error_code: z.string().max(64),\n\n /** Human-readable error message */\n error_message: z.string().max(WORKFLOW_LIMITS.maxErrorMessageLength),\n })\n .strict();\n\n/**\n * Workflow summary evidence - the \"proof of run\" artifact\n *\n * Used in peac/workflow-summary attestations.\n * This is the single handle auditors use to verify an entire workflow.\n */\nexport const WorkflowSummaryEvidenceSchema = z\n .object({\n /** Workflow ID this summary describes */\n workflow_id: WorkflowIdSchema,\n\n /** Workflow status */\n status: WorkflowStatusSchema,\n\n /** When the workflow started (ISO 8601) */\n started_at: z.string().datetime(),\n\n /** When the workflow completed (ISO 8601, undefined if in_progress) */\n completed_at: z.string().datetime().optional(),\n\n // Receipt commitment\n /** Ordered list of receipt IDs (for small workflows) */\n receipt_refs: z.array(z.string().max(256)).max(WORKFLOW_LIMITS.maxReceiptRefs).optional(),\n\n /** Merkle root of receipt digests (for large workflows, RFC 6962 style) */\n receipt_merkle_root: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n\n /** Total receipt count (required if using Merkle root) */\n receipt_count: z.number().int().nonnegative().optional(),\n\n // Orchestration\n /** Agent identity ref of the orchestrator */\n orchestrator_id: z.string().max(256),\n\n /** List of agent IDs involved in the workflow */\n agents_involved: z.array(z.string().max(256)).max(WORKFLOW_LIMITS.maxAgentsInvolved),\n\n // Outcome\n /** SHA-256 hash of final output artifact (optional) */\n final_result_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n\n /** Error context if workflow failed */\n error_context: WorkflowErrorContextSchema.optional(),\n })\n .strict()\n .refine(\n (data) => {\n // Must have either receipt_refs or receipt_merkle_root (or both)\n return data.receipt_refs !== undefined || data.receipt_merkle_root !== undefined;\n },\n {\n message: 'Workflow summary must include receipt_refs or receipt_merkle_root',\n }\n )\n .refine(\n (data) => {\n // If using Merkle root, must include receipt_count\n if (data.receipt_merkle_root !== undefined && data.receipt_count === undefined) {\n return false;\n }\n return true;\n },\n {\n message: 'receipt_count is required when using receipt_merkle_root',\n }\n );\n\n/**\n * Workflow summary attestation schema\n *\n * A signed attestation containing the workflow summary evidence.\n */\nexport const WorkflowSummaryAttestationSchema = z\n .object({\n /** Attestation type (must be 'peac/workflow-summary') */\n type: z.literal(WORKFLOW_SUMMARY_TYPE),\n\n /** Who issued this attestation (HTTPS URL) */\n issuer: z.string().url().startsWith('https://'),\n\n /** When this attestation was issued (ISO 8601) */\n issued_at: z.string().datetime(),\n\n /** When this attestation expires (ISO 8601, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** The workflow summary evidence */\n evidence: WorkflowSummaryEvidenceSchema,\n })\n .strict();\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type WorkflowId = z.infer<typeof WorkflowIdSchema>;\nexport type StepId = z.infer<typeof StepIdSchema>;\nexport type WorkflowStatus = z.infer<typeof WorkflowStatusSchema>;\nexport type OrchestrationFramework = z.infer<typeof OrchestrationFrameworkSchema>;\nexport type WorkflowContext = z.infer<typeof WorkflowContextSchema>;\nexport type WorkflowErrorContext = z.infer<typeof WorkflowErrorContextSchema>;\nexport type WorkflowSummaryEvidence = z.infer<typeof WorkflowSummaryEvidenceSchema>;\nexport type WorkflowSummaryAttestation = z.infer<typeof WorkflowSummaryAttestationSchema>;\n\n// ============================================================================\n// Ordered Validation (Conformance)\n// ============================================================================\n\n/**\n * Result of ordered workflow context validation.\n *\n * Returns a canonical error code per Section 6.5.1 validation ordering\n * instead of Zod error messages, enabling language-neutral conformance testing.\n */\nexport type WorkflowValidationResult =\n | { valid: true; value: WorkflowContext }\n | { valid: false; error_code: string; error: string };\n\n/**\n * Validate a WorkflowContext with explicit evaluation ordering.\n *\n * Implements Section 6.5.1 of WORKFLOW-CORRELATION.md:\n * 1. Required field format (rules 4, 5)\n * 2. Structural constraints (rule 3)\n * 3. Optional field format (rules 6, 7)\n * 4. Semantic DAG checks (rules 1, 2)\n *\n * This function does NOT depend on Zod's internal validation ordering.\n * Cross-language implementations MUST produce identical error_code values\n * for the same invalid input.\n *\n * @param input - Raw input to validate\n * @returns Validation result with canonical error code on failure\n */\nexport function validateWorkflowContextOrdered(input: unknown): WorkflowValidationResult {\n if (typeof input !== 'object' || input === null) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Input must be an object',\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Step 1: Required field format (rules 4, 5)\n if (\n typeof obj.workflow_id !== 'string' ||\n !WORKFLOW_ID_PATTERN.test(obj.workflow_id) ||\n obj.workflow_id.length > WORKFLOW_LIMITS.maxWorkflowIdLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_ID_INVALID',\n error: 'Invalid workflow ID format',\n };\n }\n\n if (\n typeof obj.step_id !== 'string' ||\n !STEP_ID_PATTERN.test(obj.step_id) ||\n obj.step_id.length > WORKFLOW_LIMITS.maxStepIdLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_STEP_ID_INVALID',\n error: 'Invalid step ID format',\n };\n }\n\n // Step 2: Structural constraints (rule 3)\n const parentStepIds = obj.parent_step_ids;\n if (Array.isArray(parentStepIds) && parentStepIds.length > WORKFLOW_LIMITS.maxParentSteps) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_LIMIT_EXCEEDED',\n error: 'Exceeds maximum parent steps',\n };\n }\n\n // Step 3: Optional field format (rules 6, 7)\n if (obj.framework !== undefined) {\n if (\n typeof obj.framework !== 'string' ||\n !FRAMEWORK_ID_PATTERN.test(obj.framework) ||\n obj.framework.length > WORKFLOW_LIMITS.maxFrameworkLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Invalid framework identifier grammar',\n };\n }\n }\n\n if (obj.prev_receipt_hash !== undefined) {\n if (\n typeof obj.prev_receipt_hash !== 'string' ||\n !/^sha256:[a-f0-9]{64}$/.test(obj.prev_receipt_hash)\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Invalid hash format',\n };\n }\n }\n\n // Step 4: Semantic DAG checks (rules 1, 2)\n if (Array.isArray(parentStepIds)) {\n if (parentStepIds.includes(obj.step_id)) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_DAG_INVALID',\n error: 'Self-parent cycle detected',\n };\n }\n const uniqueParents = new Set(parentStepIds);\n if (uniqueParents.size !== parentStepIds.length) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_DAG_INVALID',\n error: 'Duplicate parent step IDs',\n };\n }\n }\n\n // Full schema validation for remaining structural rules (types, strict mode, etc.)\n const result = WorkflowContextSchema.safeParse(input);\n if (!result.success) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: result.error.issues[0]?.message || 'Schema validation failed',\n };\n }\n\n return { valid: true, value: result.data };\n}\n\n// ============================================================================\n// Helper Functions\n// ============================================================================\n\n/**\n * Generate a workflow ID with the wf_ prefix\n *\n * @param id - ULID or UUID payload (without prefix)\n * @returns Prefixed workflow ID\n */\nexport function createWorkflowId(id: string): WorkflowId {\n const workflowId = `wf_${id}`;\n return WorkflowIdSchema.parse(workflowId);\n}\n\n/**\n * Generate a step ID with the step_ prefix\n *\n * @param id - ULID or UUID payload (without prefix)\n * @returns Prefixed step ID\n */\nexport function createStepId(id: string): StepId {\n const stepId = `step_${id}`;\n return StepIdSchema.parse(stepId);\n}\n\n/**\n * Validate a workflow context object\n *\n * @param context - Object to validate\n * @returns Validated WorkflowContext\n * @throws ZodError if validation fails\n */\nexport function validateWorkflowContext(context: unknown): WorkflowContext {\n return WorkflowContextSchema.parse(context);\n}\n\n/**\n * Check if an object is a valid workflow context (non-throwing)\n *\n * @param context - Object to check\n * @returns True if valid WorkflowContext\n */\nexport function isValidWorkflowContext(context: unknown): context is WorkflowContext {\n return WorkflowContextSchema.safeParse(context).success;\n}\n\n/**\n * Validate a workflow summary attestation\n *\n * @param attestation - Object to validate\n * @returns Validated WorkflowSummaryAttestation\n * @throws ZodError if validation fails\n */\nexport function validateWorkflowSummaryAttestation(\n attestation: unknown\n): WorkflowSummaryAttestation {\n return WorkflowSummaryAttestationSchema.parse(attestation);\n}\n\n/**\n * Check if an object is a workflow summary attestation (non-throwing)\n *\n * @param attestation - Object to check\n * @returns True if valid WorkflowSummaryAttestation\n */\nexport function isWorkflowSummaryAttestation(\n attestation: unknown\n): attestation is WorkflowSummaryAttestation {\n return WorkflowSummaryAttestationSchema.safeParse(attestation).success;\n}\n\n/**\n * Check if a workflow summary is in a terminal state\n *\n * @param status - Workflow status\n * @returns True if completed, failed, or cancelled\n */\nexport function isTerminalWorkflowStatus(status: WorkflowStatus): boolean {\n return status === 'completed' || status === 'failed' || status === 'cancelled';\n}\n\n/**\n * Check if workflow context has valid DAG semantics (no self-parent)\n *\n * @param context - Workflow context to check\n * @returns True if DAG semantics are valid\n */\nexport function hasValidDagSemantics(context: WorkflowContext): boolean {\n // Step cannot be its own parent\n if (context.parent_step_ids.includes(context.step_id)) {\n return false;\n }\n // No duplicate parents\n const uniqueParents = new Set(context.parent_step_ids);\n if (uniqueParents.size !== context.parent_step_ids.length) {\n return false;\n }\n return true;\n}\n\n/**\n * Create a workflow context for attaching to a receipt\n *\n * @param params - Workflow context parameters\n * @returns Validated WorkflowContext\n */\nexport function createWorkflowContext(params: {\n workflow_id: string;\n step_id: string;\n parent_step_ids?: string[];\n orchestrator_id?: string;\n orchestrator_receipt_ref?: string;\n step_index?: number;\n step_total?: number;\n tool_name?: string;\n framework?: string;\n prev_receipt_hash?: string;\n}): WorkflowContext {\n const context: WorkflowContext = {\n workflow_id: params.workflow_id as WorkflowId,\n step_id: params.step_id as StepId,\n parent_step_ids: (params.parent_step_ids ?? []) as StepId[],\n ...(params.orchestrator_id && { orchestrator_id: params.orchestrator_id }),\n ...(params.orchestrator_receipt_ref && {\n orchestrator_receipt_ref: params.orchestrator_receipt_ref,\n }),\n ...(params.step_index !== undefined && { step_index: params.step_index }),\n ...(params.step_total !== undefined && { step_total: params.step_total }),\n ...(params.tool_name && { tool_name: params.tool_name }),\n ...(params.framework && { framework: params.framework }),\n ...(params.prev_receipt_hash && { prev_receipt_hash: params.prev_receipt_hash }),\n };\n\n // Validate\n const validated = validateWorkflowContext(context);\n\n // Check DAG semantics\n if (!hasValidDagSemantics(validated)) {\n throw new Error(\n 'Invalid DAG semantics: step cannot be its own parent or have duplicate parents'\n );\n }\n\n return validated;\n}\n\n/**\n * Create parameters for a workflow summary attestation\n */\nexport interface CreateWorkflowSummaryParams {\n workflow_id: string;\n status: WorkflowStatus;\n started_at: string;\n completed_at?: string;\n orchestrator_id: string;\n agents_involved: string[];\n receipt_refs?: string[];\n receipt_merkle_root?: string;\n receipt_count?: number;\n final_result_hash?: string;\n error_context?: WorkflowErrorContext;\n issuer: string;\n issued_at: string;\n expires_at?: string;\n}\n\n/**\n * Create a workflow summary attestation\n *\n * @param params - Attestation parameters\n * @returns Validated WorkflowSummaryAttestation\n */\nexport function createWorkflowSummaryAttestation(\n params: CreateWorkflowSummaryParams\n): WorkflowSummaryAttestation {\n const attestation: WorkflowSummaryAttestation = {\n type: WORKFLOW_SUMMARY_TYPE,\n issuer: params.issuer,\n issued_at: params.issued_at,\n ...(params.expires_at && { expires_at: params.expires_at }),\n evidence: {\n workflow_id: params.workflow_id as WorkflowId,\n status: params.status,\n started_at: params.started_at,\n ...(params.completed_at && { completed_at: params.completed_at }),\n ...(params.receipt_refs && { receipt_refs: params.receipt_refs }),\n ...(params.receipt_merkle_root && { receipt_merkle_root: params.receipt_merkle_root }),\n ...(params.receipt_count !== undefined && { receipt_count: params.receipt_count }),\n orchestrator_id: params.orchestrator_id,\n agents_involved: params.agents_involved,\n ...(params.final_result_hash && { final_result_hash: params.final_result_hash }),\n ...(params.error_context && { error_context: params.error_context }),\n },\n };\n\n return validateWorkflowSummaryAttestation(attestation);\n}\n","/**\n * PEAC Interaction Evidence Types (v0.10.7+)\n *\n * Interaction evidence captures what happened during agent execution.\n * This is an extension type - stored at evidence.extensions[\"org.peacprotocol/interaction@0.1\"]\n *\n * Design principles:\n * - Wire-stable: Uses extensions mechanism (NOT a top-level evidence field)\n * - Hash-only by default: Privacy-preserving content digests\n * - Open kind registry: Not a closed enum, converges through convention\n * - 1 receipt = 1 interaction: No batching (use bundles for that)\n *\n * @see docs/specs/INTERACTION-EVIDENCE.md\n */\n\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport type { PEACEnvelope } from './envelope.js';\nimport type { WorkflowContext } from './workflow.js';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Extension key for interaction evidence\n * Used in evidence.extensions['org.peacprotocol/interaction@0.1']\n */\nexport const INTERACTION_EXTENSION_KEY = 'org.peacprotocol/interaction@0.1';\n\n/**\n * Canonical digest algorithms (NORMATIVE)\n *\n * k = 1024 bytes (binary), m = 1024*1024 bytes (binary)\n * NO case-insensitivity, NO regex matching - strict canonical set only.\n */\nexport const CANONICAL_DIGEST_ALGS = [\n 'sha-256', // Full SHA-256\n 'sha-256:trunc-64k', // First 64KB (65536 bytes)\n 'sha-256:trunc-1m', // First 1MB (1048576 bytes)\n] as const;\n\n/**\n * Size constants for digest truncation (NORMATIVE)\n */\nexport const DIGEST_SIZE_CONSTANTS = {\n k: 1024, // 1 KB = 1024 bytes (binary)\n m: 1024 * 1024, // 1 MB = 1048576 bytes (binary)\n 'trunc-64k': 65536, // 64 * 1024\n 'trunc-1m': 1048576, // 1024 * 1024\n} as const;\n\n/**\n * Result status values for interaction outcomes\n */\nexport const RESULT_STATUSES = ['ok', 'error', 'timeout', 'canceled'] as const;\n\n/**\n * Redaction modes for payload references\n */\nexport const REDACTION_MODES = ['hash_only', 'redacted', 'plaintext_allowlisted'] as const;\n\n/**\n * Policy decision values\n */\nexport const POLICY_DECISIONS = ['allow', 'deny', 'constrained'] as const;\n\n/**\n * Well-known interaction kinds (informational, not normative)\n *\n * The kind field accepts any string matching the kind grammar.\n * These well-known values are listed in the PEAC registries for interop.\n * New kinds do NOT require protocol updates - just use the name.\n *\n * Custom kinds: use \"custom:<reverse-dns>\" or \"<reverse-dns>:<token>\"\n */\nexport const WELL_KNOWN_KINDS = [\n 'tool.call',\n 'http.request',\n 'fs.read',\n 'fs.write',\n 'message',\n 'inference.chat_completion',\n] as const;\n\n/**\n * Reserved kind prefixes (NORMATIVE)\n *\n * Kinds starting with these prefixes that are NOT in WELL_KNOWN_KINDS\n * MUST be rejected to prevent namespace pollution.\n */\nexport const RESERVED_KIND_PREFIXES = ['peac.', 'org.peacprotocol.'] as const;\n\n/**\n * Interaction evidence limits (DoS protection)\n */\nexport const INTERACTION_LIMITS = {\n /** Maximum interaction ID length */\n maxInteractionIdLength: 256,\n /** Maximum kind length */\n maxKindLength: 128,\n /** Maximum platform name length */\n maxPlatformLength: 64,\n /** Maximum version string length */\n maxVersionLength: 64,\n /** Maximum plugin ID length */\n maxPluginIdLength: 128,\n /** Maximum tool name length */\n maxToolNameLength: 256,\n /** Maximum provider length */\n maxProviderLength: 128,\n /** Maximum URI length */\n maxUriLength: 2048,\n /** Maximum method length */\n maxMethodLength: 16,\n /** Maximum error code length */\n maxErrorCodeLength: 128,\n /** Maximum payment reference length */\n maxPaymentReferenceLength: 256,\n /** Maximum receipt RID length */\n maxReceiptRidLength: 128,\n} as const;\n\n// ============================================================================\n// Shared Invariant Helpers (used by both schema and ordered validator)\n// ============================================================================\n\n/**\n * Check if a kind requires a tool target (internal helper)\n */\nfunction requiresTool(kind: string): boolean {\n return kind.startsWith('tool.');\n}\n\n/**\n * Check if a kind requires a resource target (internal helper)\n */\nfunction requiresResource(kind: string): boolean {\n return kind.startsWith('http.') || kind.startsWith('fs.');\n}\n\n/**\n * Check if a kind uses a reserved prefix (internal helper)\n */\nfunction usesReservedPrefix(kind: string): boolean {\n return RESERVED_KIND_PREFIXES.some((prefix) => kind.startsWith(prefix));\n}\n\n/**\n * Check if a resource object is meaningful - has at least uri (internal helper)\n * Empty resource objects {} are not valid targets.\n */\nfunction hasMeaningfulResource(resource: Record<string, unknown> | undefined): boolean {\n if (!resource) return false;\n if (typeof resource.uri === 'string' && resource.uri.length > 0) return true;\n return false;\n}\n\n// ============================================================================\n// Format Patterns\n// ============================================================================\n\n/**\n * Kind format pattern\n *\n * Lowercase letters, digits, dots, underscores, colons, hyphens.\n * Must start with a letter, end with letter or digit.\n * Min 2 chars, max 128 chars.\n *\n * Examples: \"tool.call\", \"http.request\", \"custom:com.example.foo\"\n */\nexport const KIND_FORMAT_PATTERN = /^[a-z][a-z0-9._:-]{0,126}[a-z0-9]$/;\n\n/**\n * Extension key format pattern (NORMATIVE)\n *\n * Reverse-DNS domain + '/' + key name + optional version\n * Pattern: ^([a-z0-9-]+\\.)+[a-z0-9-]+\\/[a-z][a-z0-9._:-]{0,126}[a-z0-9](?:@[0-9]+(?:\\.[0-9]+)*)?$\n *\n * Examples:\n * - \"com.example/foo\"\n * - \"org.peacprotocol/interaction@0.1\"\n * - \"io.vendor/custom-data\"\n */\nexport const EXTENSION_KEY_PATTERN =\n /^([a-z0-9-]+\\.)+[a-z0-9-]+\\/[a-z][a-z0-9._:-]{0,126}[a-z0-9](?:@[0-9]+(?:\\.[0-9]+)*)?$/;\n\n/**\n * Digest value format (64 lowercase hex chars)\n */\nexport const DIGEST_VALUE_PATTERN = /^[a-f0-9]{64}$/;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * Digest algorithm schema - strict canonical set\n */\nexport const DigestAlgSchema = z.enum(CANONICAL_DIGEST_ALGS);\n\n/**\n * Digest schema for privacy-preserving content hashing\n */\nexport const DigestSchema = z\n .object({\n /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */\n alg: DigestAlgSchema,\n /** 64 lowercase hex chars (SHA-256 output) */\n value: z.string().regex(DIGEST_VALUE_PATTERN, 'Must be 64 lowercase hex chars'),\n /** Original byte length before any truncation (REQUIRED) */\n bytes: z.number().int().nonnegative(),\n })\n .strict();\n\n/**\n * Payload reference schema (on-wire, portable)\n */\nexport const PayloadRefSchema = z\n .object({\n /** Content digest */\n digest: DigestSchema,\n /** Redaction mode */\n redaction: z.enum(REDACTION_MODES),\n })\n .strict();\n\n/**\n * Executor identity schema (who ran this)\n */\nexport const ExecutorSchema = z\n .object({\n /** Platform identifier: 'openclaw', 'mcp', 'a2a', 'claude-code' */\n platform: z.string().min(1).max(INTERACTION_LIMITS.maxPlatformLength),\n /** Platform version */\n version: z.string().max(INTERACTION_LIMITS.maxVersionLength).optional(),\n /** Plugin that captured this */\n plugin_id: z.string().max(INTERACTION_LIMITS.maxPluginIdLength).optional(),\n /** Hash of plugin package (provenance) */\n plugin_digest: DigestSchema.optional(),\n })\n .strict();\n\n/**\n * Tool target schema (for tool.call kind)\n */\nexport const ToolTargetSchema = z\n .object({\n /** Tool name */\n name: z.string().min(1).max(INTERACTION_LIMITS.maxToolNameLength),\n /** Tool provider */\n provider: z.string().max(INTERACTION_LIMITS.maxProviderLength).optional(),\n /** Tool version */\n version: z.string().max(INTERACTION_LIMITS.maxVersionLength).optional(),\n })\n .strict();\n\n/**\n * Resource target schema (for http/fs kinds)\n */\nexport const ResourceTargetSchema = z\n .object({\n /** Resource URI */\n uri: z.string().max(INTERACTION_LIMITS.maxUriLength).optional(),\n /** HTTP method or operation */\n method: z.string().max(INTERACTION_LIMITS.maxMethodLength).optional(),\n })\n .strict();\n\n/**\n * Execution result schema\n */\nexport const ResultSchema = z\n .object({\n /** Result status */\n status: z.enum(RESULT_STATUSES),\n /** Error code (PEAC error code or namespaced) */\n error_code: z.string().max(INTERACTION_LIMITS.maxErrorCodeLength).optional(),\n /** Whether the operation can be retried */\n retryable: z.boolean().optional(),\n })\n .strict();\n\n/**\n * Policy context schema (policy state at execution time)\n */\nexport const PolicyContextSchema = z\n .object({\n /** Policy decision */\n decision: z.enum(POLICY_DECISIONS),\n /** Whether sandbox mode was enabled */\n sandbox_enabled: z.boolean().optional(),\n /** Whether elevated permissions were granted */\n elevated: z.boolean().optional(),\n /** Hash of effective policy document */\n effective_policy_digest: DigestSchema.optional(),\n })\n .strict();\n\n/**\n * References schema (links to related evidence)\n */\nexport const RefsSchema = z\n .object({\n /** Links to evidence.payment.reference */\n payment_reference: z.string().max(INTERACTION_LIMITS.maxPaymentReferenceLength).optional(),\n /** Correlation across receipts */\n related_receipt_rid: z.string().max(INTERACTION_LIMITS.maxReceiptRidLength).optional(),\n })\n .strict();\n\n/**\n * Kind schema with format validation\n */\nexport const KindSchema = z\n .string()\n .min(2)\n .max(INTERACTION_LIMITS.maxKindLength)\n .regex(KIND_FORMAT_PATTERN, 'Invalid kind format');\n\n/**\n * Interaction evidence schema (base, without cross-field refinements)\n */\nconst InteractionEvidenceV01BaseSchema = z\n .object({\n /** Stable ID for idempotency/dedupe (REQUIRED) */\n interaction_id: z.string().min(1).max(INTERACTION_LIMITS.maxInteractionIdLength),\n\n /** Event kind - open string, not closed enum (REQUIRED) */\n kind: KindSchema,\n\n /** Executor identity (REQUIRED) */\n executor: ExecutorSchema,\n\n /** Tool target (when kind is tool-related) */\n tool: ToolTargetSchema.optional(),\n\n /** Resource target (when kind is http/fs-related) */\n resource: ResourceTargetSchema.optional(),\n\n /** Input payload reference */\n input: PayloadRefSchema.optional(),\n\n /** Output payload reference */\n output: PayloadRefSchema.optional(),\n\n /** Start time (RFC 3339) (REQUIRED) */\n started_at: z.string().datetime(),\n\n /** Completion time (RFC 3339) */\n completed_at: z.string().datetime().optional(),\n\n /** Duration in milliseconds (OPTIONAL, non-normative) */\n duration_ms: z.number().int().nonnegative().optional(),\n\n /** Execution outcome */\n result: ResultSchema.optional(),\n\n /** Policy context at execution */\n policy: PolicyContextSchema.optional(),\n\n /** References to related evidence */\n refs: RefsSchema.optional(),\n\n /** Platform-specific extensions (MUST be namespaced) */\n extensions: z.record(z.string(), z.unknown()).optional(),\n })\n .strict();\n\n/**\n * Interaction evidence schema with invariant refinements\n *\n * ALL REJECT invariants are enforced here. This ensures that\n * both direct schema validation and ordered validation produce\n * consistent results.\n */\nexport const InteractionEvidenceV01Schema = InteractionEvidenceV01BaseSchema.superRefine(\n (ev, ctx) => {\n // Invariant 1: completed_at >= started_at\n if (ev.completed_at && ev.started_at) {\n const startedAt = new Date(ev.started_at).getTime();\n const completedAt = new Date(ev.completed_at).getTime();\n if (completedAt < startedAt) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'completed_at must be >= started_at',\n path: ['completed_at'],\n });\n }\n }\n\n // Invariant 2: output requires result.status\n if (ev.output && !ev.result?.status) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'result.status is required when output is present',\n path: ['result'],\n });\n }\n\n // Invariant 3: error status requires error_code or NON-EMPTY extensions\n // Empty extensions object {} is not valid detail\n if (ev.result?.status === 'error') {\n const hasErrorCode = Boolean(ev.result.error_code);\n const hasNonEmptyExtensions =\n ev.extensions !== undefined && Object.keys(ev.extensions).length > 0;\n if (!hasErrorCode && !hasNonEmptyExtensions) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'error_code or non-empty extensions required when status is error',\n path: ['result', 'error_code'],\n });\n }\n }\n\n // Invariant 4: extension keys must be properly namespaced\n if (ev.extensions) {\n for (const key of Object.keys(ev.extensions)) {\n if (!EXTENSION_KEY_PATTERN.test(key)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Invalid extension key format: ${key} (must be reverse-DNS/name[@version])`,\n path: ['extensions', key],\n });\n }\n }\n }\n\n // Invariant 5: reserved kind prefixes (REJECT rule)\n // Kinds starting with peac.* or org.peacprotocol.* that are NOT in WELL_KNOWN_KINDS are rejected\n if (\n usesReservedPrefix(ev.kind) &&\n !WELL_KNOWN_KINDS.includes(ev.kind as (typeof WELL_KNOWN_KINDS)[number])\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" uses reserved prefix`,\n path: ['kind'],\n });\n }\n\n // Invariant 6: target consistency (REJECT rule)\n // tool.* kinds MUST have tool field with name\n if (requiresTool(ev.kind) && !ev.tool) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires tool field`,\n path: ['tool'],\n });\n }\n // http.* and fs.* kinds MUST have resource field with meaningful content (at least uri)\n if (requiresResource(ev.kind)) {\n if (!ev.resource) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires resource field`,\n path: ['resource'],\n });\n } else if (!hasMeaningfulResource(ev.resource as Record<string, unknown>)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires resource.uri to be non-empty`,\n path: ['resource', 'uri'],\n });\n }\n }\n }\n);\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type DigestAlg = z.infer<typeof DigestAlgSchema>;\nexport type Digest = z.infer<typeof DigestSchema>;\nexport type PayloadRef = z.infer<typeof PayloadRefSchema>;\nexport type Executor = z.infer<typeof ExecutorSchema>;\nexport type ToolTarget = z.infer<typeof ToolTargetSchema>;\nexport type ResourceTarget = z.infer<typeof ResourceTargetSchema>;\nexport type ResultStatus = z.infer<typeof ResultSchema>['status'];\nexport type Result = z.infer<typeof ResultSchema>;\nexport type PolicyDecision = z.infer<typeof PolicyContextSchema>['decision'];\nexport type PolicyContext = z.infer<typeof PolicyContextSchema>;\nexport type Refs = z.infer<typeof RefsSchema>;\nexport type InteractionEvidenceV01 = z.infer<typeof InteractionEvidenceV01Schema>;\n\n// ============================================================================\n// Validation Result Types\n// ============================================================================\n\n/**\n * Validation error with code and optional field path\n */\nexport interface ValidationError {\n /** Machine-readable error code (E_INTERACTION_*) */\n code: string;\n /** Human-readable message */\n message: string;\n /** JSON path to the problematic field */\n field?: string;\n}\n\n/**\n * Validation warning with code and optional field path\n */\nexport interface ValidationWarning {\n /** Machine-readable warning code (W_INTERACTION_*) */\n code: string;\n /** Human-readable message */\n message: string;\n /** JSON path to the problematic field */\n field?: string;\n}\n\n/**\n * Result of interaction evidence validation.\n *\n * Warning-capable API: returns both errors (fatal) and warnings (non-fatal).\n * This enables conformance testing with warning fixtures.\n */\nexport type InteractionValidationResult =\n | { valid: true; value: InteractionEvidenceV01; warnings: ValidationWarning[] }\n | { valid: false; errors: ValidationError[]; warnings: ValidationWarning[] };\n\n// ============================================================================\n// Ordered Validation (Conformance)\n// ============================================================================\n\n/**\n * Validate interaction evidence with explicit evaluation ordering.\n *\n * Returns canonical error codes per validation ordering.\n * This function does NOT depend on Zod's internal validation ordering.\n * Cross-language implementations MUST produce identical error_code values\n * for the same invalid input.\n *\n * Validation order:\n * 1. Required field presence\n * 2. Required field format (interaction_id, kind, started_at)\n * 3. Kind format and reserved prefix check\n * 4. Executor field validation\n * 5. Optional field format (completed_at, digests, etc.)\n * 6. Cross-field invariants (timing, output-result, error-detail)\n * 7. Extension key namespacing\n * 8. Target consistency (kind prefix -> target field)\n *\n * @param input - Raw input to validate\n * @returns Validation result with canonical error codes on failure\n */\nexport function validateInteractionOrdered(input: unknown): InteractionValidationResult {\n const errors: ValidationError[] = [];\n const warnings: ValidationWarning[] = [];\n\n // Step 1: Type check (arrays are typeof 'object' but not valid input)\n if (typeof input !== 'object' || input === null || Array.isArray(input)) {\n return {\n valid: false,\n errors: [\n {\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: 'Input must be an object',\n },\n ],\n warnings: [],\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Step 2: Required field presence\n if (typeof obj.interaction_id !== 'string' || obj.interaction_id.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_ID',\n message: 'interaction_id is required',\n field: 'interaction_id',\n });\n } else if (obj.interaction_id.length > INTERACTION_LIMITS.maxInteractionIdLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: `interaction_id exceeds max length (${INTERACTION_LIMITS.maxInteractionIdLength})`,\n field: 'interaction_id',\n });\n }\n\n // Step 3: Kind format validation\n // Empty string is semantically \"missing\", not \"invalid format\"\n if (typeof obj.kind !== 'string' || obj.kind.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_KIND',\n message: 'kind is required',\n field: 'kind',\n });\n } else if (obj.kind.length < 2 || obj.kind.length > INTERACTION_LIMITS.maxKindLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_KIND_FORMAT',\n message: `kind must be 2-${INTERACTION_LIMITS.maxKindLength} characters`,\n field: 'kind',\n });\n } else if (!KIND_FORMAT_PATTERN.test(obj.kind)) {\n errors.push({\n code: 'E_INTERACTION_INVALID_KIND_FORMAT',\n message: 'kind must match pattern: lowercase, start with letter, end with alphanumeric',\n field: 'kind',\n });\n } else {\n // Check reserved prefixes\n for (const prefix of RESERVED_KIND_PREFIXES) {\n if (obj.kind.startsWith(prefix) && !WELL_KNOWN_KINDS.includes(obj.kind as never)) {\n errors.push({\n code: 'E_INTERACTION_KIND_RESERVED',\n message: `kind \"${obj.kind}\" uses reserved prefix \"${prefix}\"`,\n field: 'kind',\n });\n break;\n }\n }\n // Warn if not in well-known registry (but valid format)\n if (\n errors.length === 0 &&\n !WELL_KNOWN_KINDS.includes(obj.kind as (typeof WELL_KNOWN_KINDS)[number])\n ) {\n warnings.push({\n code: 'W_INTERACTION_KIND_UNREGISTERED',\n message: `kind \"${obj.kind}\" is not in the well-known registry`,\n field: 'kind',\n });\n }\n }\n\n // Step 4: started_at validation\n // Invalid format is treated as \"missing\" because the value is unusable\n // E_INTERACTION_INVALID_TIMING is reserved for relational errors (completed_at < started_at)\n if (typeof obj.started_at !== 'string') {\n errors.push({\n code: 'E_INTERACTION_MISSING_STARTED_AT',\n message: 'started_at is required',\n field: 'started_at',\n });\n } else {\n const startedAtDate = new Date(obj.started_at);\n if (isNaN(startedAtDate.getTime())) {\n errors.push({\n code: 'E_INTERACTION_MISSING_STARTED_AT',\n message: 'started_at must be a valid ISO 8601 datetime',\n field: 'started_at',\n });\n }\n }\n\n // Step 5: Executor validation\n if (typeof obj.executor !== 'object' || obj.executor === null) {\n errors.push({\n code: 'E_INTERACTION_MISSING_EXECUTOR',\n message: 'executor is required',\n field: 'executor',\n });\n } else {\n const executor = obj.executor as Record<string, unknown>;\n if (typeof executor.platform !== 'string' || executor.platform.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_EXECUTOR',\n message: 'executor.platform is required',\n field: 'executor.platform',\n });\n } else if (executor.platform.length > INTERACTION_LIMITS.maxPlatformLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: `executor.platform exceeds max length (${INTERACTION_LIMITS.maxPlatformLength})`,\n field: 'executor.platform',\n });\n }\n }\n\n // Return early if we have fatal errors from required fields\n if (errors.length > 0) {\n return { valid: false, errors, warnings };\n }\n\n // Step 6: Digest validation (optional fields)\n const validateDigest = (\n digest: unknown,\n fieldPath: string\n ): { errors: ValidationError[]; valid: boolean } => {\n const digestErrors: ValidationError[] = [];\n if (typeof digest !== 'object' || digest === null) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest must be an object',\n field: fieldPath,\n });\n return { errors: digestErrors, valid: false };\n }\n const d = digest as Record<string, unknown>;\n if (!CANONICAL_DIGEST_ALGS.includes(d.alg as DigestAlg)) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST_ALG',\n message: `digest.alg must be one of: ${CANONICAL_DIGEST_ALGS.join(', ')}`,\n field: `${fieldPath}.alg`,\n });\n }\n if (typeof d.value !== 'string' || !DIGEST_VALUE_PATTERN.test(d.value)) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest.value must be 64 lowercase hex chars',\n field: `${fieldPath}.value`,\n });\n }\n if (typeof d.bytes !== 'number' || !Number.isInteger(d.bytes) || d.bytes < 0) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest.bytes must be a non-negative integer',\n field: `${fieldPath}.bytes`,\n });\n }\n return { errors: digestErrors, valid: digestErrors.length === 0 };\n };\n\n // Validate input digest if present\n if (obj.input !== undefined) {\n const inputObj = obj.input as Record<string, unknown>;\n if (inputObj.digest !== undefined) {\n const result = validateDigest(inputObj.digest, 'input.digest');\n errors.push(...result.errors);\n }\n }\n\n // Validate output digest if present\n if (obj.output !== undefined) {\n const outputObj = obj.output as Record<string, unknown>;\n if (outputObj.digest !== undefined) {\n const result = validateDigest(outputObj.digest, 'output.digest');\n errors.push(...result.errors);\n }\n }\n\n // Step 7: Timing invariant (completed_at >= started_at)\n if (typeof obj.completed_at === 'string' && typeof obj.started_at === 'string') {\n const startedAt = new Date(obj.started_at).getTime();\n const completedAt = new Date(obj.completed_at).getTime();\n if (!isNaN(startedAt) && !isNaN(completedAt) && completedAt < startedAt) {\n errors.push({\n code: 'E_INTERACTION_INVALID_TIMING',\n message: 'completed_at must be >= started_at',\n field: 'completed_at',\n });\n }\n }\n\n // Step 8: Output requires result invariant\n if (obj.output !== undefined) {\n const result = obj.result as Record<string, unknown> | undefined;\n if (!result?.status) {\n errors.push({\n code: 'E_INTERACTION_MISSING_RESULT',\n message: 'result.status is required when output is present',\n field: 'result',\n });\n }\n }\n\n // Step 9: Error status requires detail (error_code OR non-empty extensions)\n // Empty extensions object {} is not valid detail\n if (obj.result !== undefined) {\n const result = obj.result as Record<string, unknown>;\n if (result.status === 'error') {\n const hasErrorCode = Boolean(result.error_code);\n const hasNonEmptyExtensions =\n obj.extensions !== undefined &&\n typeof obj.extensions === 'object' &&\n obj.extensions !== null &&\n Object.keys(obj.extensions as object).length > 0;\n if (!hasErrorCode && !hasNonEmptyExtensions) {\n errors.push({\n code: 'E_INTERACTION_MISSING_ERROR_DETAIL',\n message: 'error_code or non-empty extensions required when result.status is error',\n field: 'result.error_code',\n });\n }\n }\n }\n\n // Step 10: Extension key namespacing\n if (obj.extensions !== undefined) {\n if (typeof obj.extensions !== 'object' || obj.extensions === null) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: 'extensions must be an object',\n field: 'extensions',\n });\n } else {\n for (const key of Object.keys(obj.extensions as object)) {\n if (!EXTENSION_KEY_PATTERN.test(key)) {\n errors.push({\n code: 'E_INTERACTION_INVALID_EXTENSION_KEY',\n message: `Invalid extension key format: \"${key}\" (must be reverse-DNS/name[@version])`,\n field: `extensions.${key}`,\n });\n }\n }\n }\n }\n\n // Step 11: Target consistency (prefix-aware, using shared helpers)\n const kind = obj.kind as string;\n const hasTool = obj.tool !== undefined;\n const hasResource = obj.resource !== undefined;\n\n // tool.* kinds MUST have tool field\n if (requiresTool(kind) && !hasTool) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires tool field`,\n field: 'tool',\n });\n }\n\n // http.* and fs.* kinds MUST have resource field with meaningful content\n if (requiresResource(kind)) {\n if (!hasResource) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires resource field`,\n field: 'resource',\n });\n } else if (!hasMeaningfulResource(obj.resource as Record<string, unknown>)) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires resource.uri to be non-empty`,\n field: 'resource.uri',\n });\n }\n }\n\n // Warn if neither target present (non-strict kinds like 'message')\n if (!hasTool && !hasResource && errors.length === 0) {\n warnings.push({\n code: 'W_INTERACTION_MISSING_TARGET',\n message: 'Neither tool nor resource field is present',\n field: 'tool',\n });\n }\n\n // Return early if we have errors\n if (errors.length > 0) {\n return { valid: false, errors, warnings };\n }\n\n // Final Zod validation for strict schema compliance\n const zodResult = InteractionEvidenceV01Schema.safeParse(input);\n if (!zodResult.success) {\n return {\n valid: false,\n errors: [\n {\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: zodResult.error.issues[0]?.message || 'Schema validation failed',\n field: zodResult.error.issues[0]?.path.join('.'),\n },\n ],\n warnings,\n };\n }\n\n return { valid: true, value: zodResult.data, warnings };\n}\n\n// ============================================================================\n// Compatibility Result Type\n// ============================================================================\n\n/**\n * Simple validation result for conformance harness compatibility.\n *\n * This matches the pattern used by other PEAC validators (workflow, etc.)\n * and allows conformance fixtures to test without needing to handle the\n * full warning-capable API shape.\n */\nexport interface SimpleValidationResult {\n /** Whether the input is valid */\n valid: boolean;\n /** Error code on failure */\n error_code?: string;\n /** Field path on failure */\n error_field?: string;\n}\n\n// ============================================================================\n// Helper Functions\n// ============================================================================\n\n/**\n * Validate interaction evidence (simple API for conformance harness)\n *\n * This is the recommended entry point for conformance testing.\n * Returns a simple result matching the existing harness contract.\n *\n * ## Warnings Contract\n *\n * This compat API intentionally **omits warnings** from the result.\n * Warnings are available via validateInteractionOrdered() for consumers\n * who explicitly opt in. Stable consumers should:\n * - Use this function for pass/fail validation\n * - Use validateInteractionOrdered() only when warnings are needed\n *\n * This prevents breaking changes if warning codes are added/modified.\n *\n * @param input - Raw input to validate\n * @returns Simple validation result with error_code on failure (no warnings)\n */\nexport function validateInteraction(input: unknown): SimpleValidationResult {\n const result = validateInteractionOrdered(input);\n if (result.valid) {\n return { valid: true };\n }\n const firstError = result.errors[0];\n return {\n valid: false,\n error_code: firstError?.code,\n error_field: firstError?.field,\n };\n}\n\n/**\n * Validate interaction evidence (throwing)\n *\n * @param evidence - Object to validate\n * @returns Validated InteractionEvidenceV01\n * @throws ZodError if validation fails\n */\nexport function validateInteractionEvidence(evidence: unknown): InteractionEvidenceV01 {\n return InteractionEvidenceV01Schema.parse(evidence);\n}\n\n/**\n * Check if an object is valid interaction evidence (non-throwing)\n *\n * @param evidence - Object to check\n * @returns True if valid InteractionEvidenceV01\n */\nexport function isValidInteractionEvidence(evidence: unknown): evidence is InteractionEvidenceV01 {\n return InteractionEvidenceV01Schema.safeParse(evidence).success;\n}\n\n/**\n * Check if a kind is in the well-known registry\n *\n * @param kind - Kind string to check\n * @returns True if well-known\n */\nexport function isWellKnownKind(kind: string): kind is (typeof WELL_KNOWN_KINDS)[number] {\n return WELL_KNOWN_KINDS.includes(kind as (typeof WELL_KNOWN_KINDS)[number]);\n}\n\n/**\n * Check if a kind uses a reserved prefix\n *\n * @param kind - Kind string to check\n * @returns True if uses reserved prefix\n */\nexport function isReservedKindPrefix(kind: string): boolean {\n return RESERVED_KIND_PREFIXES.some((prefix) => kind.startsWith(prefix));\n}\n\n/**\n * Check if a digest uses truncation\n *\n * @param digest - Digest to check\n * @returns True if truncated\n */\nexport function isDigestTruncated(digest: Digest): boolean {\n return digest.alg.startsWith('sha-256:trunc-');\n}\n\n// ============================================================================\n// SDK Accessors\n// ============================================================================\n\n/**\n * Get interaction evidence from a PEAC envelope\n *\n * @param receipt - PEAC envelope to read from\n * @returns Interaction evidence if present, undefined otherwise\n */\nexport function getInteraction(receipt: PEACEnvelope): InteractionEvidenceV01 | undefined {\n return receipt.evidence?.extensions?.[INTERACTION_EXTENSION_KEY] as\n | InteractionEvidenceV01\n | undefined;\n}\n\n/**\n * Set interaction evidence on a PEAC envelope (mutates)\n *\n * @param receipt - PEAC envelope to modify\n * @param interaction - Interaction evidence to set\n */\nexport function setInteraction(receipt: PEACEnvelope, interaction: InteractionEvidenceV01): void {\n if (!receipt.evidence) {\n receipt.evidence = {};\n }\n if (!receipt.evidence.extensions) {\n receipt.evidence.extensions = {};\n }\n receipt.evidence.extensions[INTERACTION_EXTENSION_KEY] = interaction as unknown as JsonValue;\n}\n\n/**\n * Check if a PEAC envelope has interaction evidence\n *\n * @param receipt - PEAC envelope to check\n * @returns True if interaction evidence is present\n */\nexport function hasInteraction(receipt: PEACEnvelope): boolean {\n return receipt.evidence?.extensions?.[INTERACTION_EXTENSION_KEY] !== undefined;\n}\n\n// ============================================================================\n// Projection API\n// ============================================================================\n\n/**\n * ReceiptView - pure view layer that makes extensions feel like top-level fields\n *\n * Does NOT modify the underlying envelope; just provides convenient access.\n * This projection allows code to work with interaction evidence as if it were\n * a first-class field while maintaining wire format stability.\n */\nexport interface ReceiptView {\n /** The underlying envelope (unchanged) */\n readonly envelope: PEACEnvelope;\n\n /** Interaction evidence (from extension) - feels like top-level */\n readonly interaction?: InteractionEvidenceV01;\n\n /** Array form for uniform pipeline processing */\n readonly interactions: readonly InteractionEvidenceV01[];\n\n /** Workflow context (from auth.extensions) */\n readonly workflow?: WorkflowContext;\n}\n\n/**\n * Create a view over a PEAC envelope that provides first-class access\n * to extension data without modifying the wire format.\n *\n * @param envelope - PEAC envelope to create view for\n * @returns ReceiptView with convenient accessors\n *\n * @example\n * const view = createReceiptView(envelope);\n * if (view.interaction) {\n * console.log(view.interaction.kind);\n * }\n */\nexport function createReceiptView(envelope: PEACEnvelope): ReceiptView {\n const interaction = getInteraction(envelope);\n const workflow = envelope.auth?.extensions?.['org.peacprotocol/workflow'] as\n | WorkflowContext\n | undefined;\n\n return {\n envelope,\n interaction,\n interactions: interaction ? [interaction] : [],\n workflow,\n };\n}\n\n// ============================================================================\n// Factory Functions\n// ============================================================================\n\n/**\n * Parameters for creating interaction evidence\n */\nexport interface CreateInteractionParams {\n interaction_id: string;\n kind: string;\n executor: {\n platform: string;\n version?: string;\n plugin_id?: string;\n plugin_digest?: Digest;\n };\n tool?: {\n name: string;\n provider?: string;\n version?: string;\n };\n resource?: {\n uri?: string;\n method?: string;\n };\n input?: {\n digest: Digest;\n redaction: (typeof REDACTION_MODES)[number];\n };\n output?: {\n digest: Digest;\n redaction: (typeof REDACTION_MODES)[number];\n };\n started_at: string;\n completed_at?: string;\n duration_ms?: number;\n result?: {\n status: (typeof RESULT_STATUSES)[number];\n error_code?: string;\n retryable?: boolean;\n };\n policy?: {\n decision: (typeof POLICY_DECISIONS)[number];\n sandbox_enabled?: boolean;\n elevated?: boolean;\n effective_policy_digest?: Digest;\n };\n refs?: {\n payment_reference?: string;\n related_receipt_rid?: string;\n };\n extensions?: Record<string, JsonValue>;\n}\n\n/**\n * Create validated interaction evidence\n *\n * @param params - Interaction parameters\n * @returns Validated InteractionEvidenceV01\n * @throws ZodError if validation fails\n */\nexport function createInteractionEvidence(params: CreateInteractionParams): InteractionEvidenceV01 {\n const evidence: InteractionEvidenceV01 = {\n interaction_id: params.interaction_id,\n kind: params.kind,\n executor: {\n platform: params.executor.platform,\n ...(params.executor.version && { version: params.executor.version }),\n ...(params.executor.plugin_id && { plugin_id: params.executor.plugin_id }),\n ...(params.executor.plugin_digest && { plugin_digest: params.executor.plugin_digest }),\n },\n ...(params.tool && { tool: params.tool }),\n ...(params.resource && { resource: params.resource }),\n ...(params.input && { input: params.input }),\n ...(params.output && { output: params.output }),\n started_at: params.started_at,\n ...(params.completed_at && { completed_at: params.completed_at }),\n ...(params.duration_ms !== undefined && { duration_ms: params.duration_ms }),\n ...(params.result && { result: params.result }),\n ...(params.policy && { policy: params.policy }),\n ...(params.refs && { refs: params.refs }),\n ...(params.extensions && { extensions: params.extensions }),\n };\n\n return validateInteractionEvidence(evidence);\n}\n","/**\n * PEAC Obligations Extension Types (v0.9.26+)\n *\n * Defines credit and contribution obligations for receipts,\n * aligned with Creative Commons Signals framework.\n *\n * The `peac/obligations` extension allows content owners to specify\n * requirements for credit/attribution and contribution models.\n *\n * @see https://creativecommons.org/signals/ for CC Signals background\n */\nimport { z } from 'zod';\n\n// =============================================================================\n// CREDIT METHOD (v0.9.26+)\n// =============================================================================\n\n/**\n * How credit/attribution should be provided.\n *\n * - 'inline': Credit appears inline with the generated content\n * - 'references': Credit appears in a references/sources section\n * - 'model-card': Credit appears in model documentation/card\n */\nexport const CreditMethodSchema = z.enum(['inline', 'references', 'model-card']);\nexport type CreditMethod = z.infer<typeof CreditMethodSchema>;\n\n/**\n * Array of valid credit methods for runtime checks.\n */\nexport const CREDIT_METHODS = ['inline', 'references', 'model-card'] as const;\n\n// =============================================================================\n// CONTRIBUTION TYPE (v0.9.26+)\n// =============================================================================\n\n/**\n * Type of contribution model.\n *\n * - 'direct': Direct payment to content owner\n * - 'ecosystem': Contribution to ecosystem fund/coalition\n * - 'open': Freely usable (no payment required)\n */\nexport const ContributionTypeSchema = z.enum(['direct', 'ecosystem', 'open']);\nexport type ContributionType = z.infer<typeof ContributionTypeSchema>;\n\n/**\n * Array of valid contribution types for runtime checks.\n */\nexport const CONTRIBUTION_TYPES = ['direct', 'ecosystem', 'open'] as const;\n\n// =============================================================================\n// CREDIT OBLIGATION (v0.9.26+)\n// =============================================================================\n\n/**\n * CreditObligation - specifies attribution/credit requirements.\n *\n * Content owners can require credit when their content is used,\n * specifying where and how the credit should appear.\n *\n * @example\n * ```typescript\n * const credit: CreditObligation = {\n * required: true,\n * citation_url: 'https://publisher.example/collection',\n * method: 'references',\n * };\n * ```\n */\nexport const CreditObligationSchema = z\n .object({\n /** Whether credit is required (REQUIRED) */\n required: z.boolean(),\n\n /** URL for citation/attribution (OPTIONAL) */\n citation_url: z.string().url().max(2048).optional(),\n\n /** How credit should be provided (OPTIONAL, defaults to implementation choice) */\n method: CreditMethodSchema.optional(),\n\n /** Human-readable credit text template (OPTIONAL) */\n credit_text: z.string().max(1024).optional(),\n })\n .strict()\n .superRefine((data, ctx) => {\n // If credit is required, at least one of citation_url, credit_text, or method must be specified\n if (data.required && !data.citation_url && !data.credit_text && !data.method) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message:\n 'When credit is required, at least one of citation_url, credit_text, or method must be specified',\n path: ['required'],\n });\n }\n });\nexport type CreditObligation = z.infer<typeof CreditObligationSchema>;\n\n// =============================================================================\n// CONTRIBUTION OBLIGATION (v0.9.26+)\n// =============================================================================\n\n/**\n * ContributionObligation - specifies contribution/payment model.\n *\n * Aligned with CC Signals reciprocity framework:\n * - direct: Payment goes directly to content owner\n * - ecosystem: Payment goes to shared ecosystem fund\n * - open: Content is freely usable\n *\n * @example\n * ```typescript\n * const contribution: ContributionObligation = {\n * type: 'ecosystem',\n * destination: 'https://fund.creativecommons.org',\n * };\n * ```\n */\nexport const ContributionObligationSchema = z\n .object({\n /** Type of contribution (REQUIRED) */\n type: ContributionTypeSchema,\n\n /** Destination for contributions (OPTIONAL, e.g., fund URL, wallet address) */\n destination: z.string().max(2048).optional(),\n\n /** Minimum contribution amount in minor units (OPTIONAL) */\n min_amount: z.number().int().min(0).optional(),\n\n /** Currency for min_amount (OPTIONAL, ISO 4217 or crypto symbol like USDC) */\n currency: z\n .string()\n .min(3)\n .max(8)\n .regex(/^[A-Z0-9]{3,8}$/)\n .optional(),\n })\n .strict()\n .superRefine((data, ctx) => {\n // If type is 'direct' or 'ecosystem', destination is required\n if ((data.type === 'direct' || data.type === 'ecosystem') && !data.destination) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Destination is required when contribution type is '${data.type}'`,\n path: ['destination'],\n });\n }\n // min_amount requires currency\n if (data.min_amount !== undefined && !data.currency) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Currency is required when min_amount is specified',\n path: ['currency'],\n });\n }\n });\nexport type ContributionObligation = z.infer<typeof ContributionObligationSchema>;\n\n// =============================================================================\n// OBLIGATIONS EXTENSION (v0.9.26+)\n// =============================================================================\n\n/**\n * Extension key for obligations\n */\nexport const OBLIGATIONS_EXTENSION_KEY = 'peac/obligations' as const;\n\n/**\n * ObligationsExtension - the full obligations extension block.\n *\n * This extension is added to receipt extensions under the key `peac/obligations`.\n *\n * @example\n * ```typescript\n * const receipt = {\n * // ... receipt fields ...\n * extensions: {\n * 'peac/obligations': {\n * credit: {\n * required: true,\n * citation_url: 'https://publisher.example/collection',\n * method: 'references',\n * },\n * contribution: {\n * type: 'ecosystem',\n * destination: 'https://fund.example.org',\n * },\n * },\n * },\n * };\n * ```\n */\nexport const ObligationsExtensionSchema = z\n .object({\n /** Credit/attribution obligations (OPTIONAL) */\n credit: CreditObligationSchema.optional(),\n\n /** Contribution/payment model (OPTIONAL) */\n contribution: ContributionObligationSchema.optional(),\n })\n .strict();\nexport type ObligationsExtension = z.infer<typeof ObligationsExtensionSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.26+)\n// =============================================================================\n\n/**\n * Validate a CreditObligation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated obligation or error message\n */\nexport function validateCreditObligation(\n data: unknown\n): { ok: true; value: CreditObligation } | { ok: false; error: string } {\n const result = CreditObligationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate a ContributionObligation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated obligation or error message\n */\nexport function validateContributionObligation(\n data: unknown\n): { ok: true; value: ContributionObligation } | { ok: false; error: string } {\n const result = ContributionObligationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an ObligationsExtension.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated extension or error message\n *\n * @example\n * ```typescript\n * const result = validateObligationsExtension(data);\n * if (result.ok) {\n * if (result.value.credit?.required) {\n * console.log('Credit required:', result.value.credit.citation_url);\n * }\n * }\n * ```\n */\nexport function validateObligationsExtension(\n data: unknown\n): { ok: true; value: ObligationsExtension } | { ok: false; error: string } {\n const result = ObligationsExtensionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Extract obligations extension from a receipt's extensions object.\n *\n * @param extensions - Extensions object from receipt\n * @returns Validated obligations or undefined if not present\n */\nexport function extractObligationsExtension(\n extensions: Record<string, unknown> | undefined\n): ObligationsExtension | undefined {\n if (!extensions || !(OBLIGATIONS_EXTENSION_KEY in extensions)) {\n return undefined;\n }\n\n const result = validateObligationsExtension(extensions[OBLIGATIONS_EXTENSION_KEY]);\n if (result.ok) {\n return result.value;\n }\n return undefined;\n}\n\n/**\n * Check if credit is required based on obligations.\n *\n * @param obligations - Obligations extension\n * @returns True if credit is explicitly required\n */\nexport function isCreditRequired(obligations: ObligationsExtension | undefined): boolean {\n return obligations?.credit?.required === true;\n}\n\n/**\n * Check if contribution is required (non-open type).\n *\n * @param obligations - Obligations extension\n * @returns True if contribution type is 'direct' or 'ecosystem'\n */\nexport function isContributionRequired(obligations: ObligationsExtension | undefined): boolean {\n const type = obligations?.contribution?.type;\n return type === 'direct' || type === 'ecosystem';\n}\n\n/**\n * Create a credit-only obligations extension.\n *\n * @param params - Credit parameters\n * @returns ObligationsExtension with credit only\n */\nexport function createCreditObligation(params: {\n required: boolean;\n citation_url?: string;\n method?: CreditMethod;\n credit_text?: string;\n}): ObligationsExtension {\n const credit: CreditObligation = { required: params.required };\n if (params.citation_url) credit.citation_url = params.citation_url;\n if (params.method) credit.method = params.method;\n if (params.credit_text) credit.credit_text = params.credit_text;\n return { credit };\n}\n\n/**\n * Create a contribution-only obligations extension.\n *\n * @param params - Contribution parameters\n * @returns ObligationsExtension with contribution only\n */\nexport function createContributionObligation(params: {\n type: ContributionType;\n destination?: string;\n min_amount?: number;\n currency?: string;\n}): ObligationsExtension {\n const contribution: ContributionObligation = { type: params.type };\n if (params.destination) contribution.destination = params.destination;\n if (params.min_amount !== undefined) contribution.min_amount = params.min_amount;\n if (params.currency) contribution.currency = params.currency;\n return { contribution };\n}\n\n/**\n * Create a full obligations extension with both credit and contribution.\n *\n * @param credit - Credit obligation parameters\n * @param contribution - Contribution obligation parameters\n * @returns Full ObligationsExtension\n */\nexport function createObligationsExtension(\n credit?: {\n required: boolean;\n citation_url?: string;\n method?: CreditMethod;\n credit_text?: string;\n },\n contribution?: {\n type: ContributionType;\n destination?: string;\n min_amount?: number;\n currency?: string;\n }\n): ObligationsExtension {\n const result: ObligationsExtension = {};\n\n if (credit) {\n result.credit = { required: credit.required };\n if (credit.citation_url) result.credit.citation_url = credit.citation_url;\n if (credit.method) result.credit.method = credit.method;\n if (credit.credit_text) result.credit.credit_text = credit.credit_text;\n }\n\n if (contribution) {\n result.contribution = { type: contribution.type };\n if (contribution.destination) result.contribution.destination = contribution.destination;\n if (contribution.min_amount !== undefined)\n result.contribution.min_amount = contribution.min_amount;\n if (contribution.currency) result.contribution.currency = contribution.currency;\n }\n\n return result;\n}\n","/**\n * PEAC Attestation Receipt Types (v0.10.8+)\n *\n * Attestation receipts are lightweight signed tokens that attest to API\n * interactions WITHOUT payment fields. This is a distinct profile from\n * full payment receipts (PEACReceiptClaims).\n *\n * Use cases:\n * - API interaction logging with evidentiary value\n * - Middleware-issued receipts for non-payment flows\n * - Audit trails for agent/tool interactions\n *\n * Claims structure:\n * - Core JWT claims: iss, aud, iat, exp\n * - PEAC claims: rid (UUIDv7 receipt ID)\n * - Optional: sub, ext (extensions including interaction binding)\n *\n * @see docs/specs/ATTESTATION-RECEIPTS.md\n */\n\nimport { z } from 'zod';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Attestation receipt type constant\n */\nexport const ATTESTATION_RECEIPT_TYPE = 'peac/attestation-receipt' as const;\n\n/**\n * Extension key for minimal interaction binding (middleware profile)\n *\n * This is a simplified binding used by middleware packages. For full\n * interaction evidence, use INTERACTION_EXTENSION_KEY from ./interaction.ts\n */\nexport const MIDDLEWARE_INTERACTION_KEY = 'org.peacprotocol/middleware-interaction@0.1';\n\n/**\n * Limits for attestation receipt fields (DoS protection)\n */\nexport const ATTESTATION_LIMITS = {\n /** Maximum issuer URL length */\n maxIssuerLength: 2048,\n /** Maximum audience URL length */\n maxAudienceLength: 2048,\n /** Maximum subject length */\n maxSubjectLength: 256,\n /** Maximum path length in interaction binding */\n maxPathLength: 2048,\n /** Maximum method length */\n maxMethodLength: 16,\n /** Maximum HTTP status code */\n maxStatusCode: 599,\n /** Minimum HTTP status code */\n minStatusCode: 100,\n} as const;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * HTTPS URL validation (reused from validators.ts pattern)\n */\nconst httpsUrl = z\n .string()\n .url()\n .max(ATTESTATION_LIMITS.maxIssuerLength)\n .refine((url) => url.startsWith('https://'), 'Must be HTTPS URL');\n\n/**\n * UUIDv7 format validation\n */\nconst uuidv7 = z\n .string()\n .regex(\n /^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i,\n 'Must be UUIDv7 format'\n );\n\n/**\n * Minimal interaction binding schema (for middleware use)\n *\n * This is a simplified version of full interaction evidence.\n * Contains only: method, path, status.\n *\n * Privacy note: Query strings are excluded by default to avoid\n * leaking sensitive data (API keys, tokens, PII in parameters).\n */\nexport const MinimalInteractionBindingSchema = z\n .object({\n /** HTTP method (uppercase, e.g., GET, POST) */\n method: z\n .string()\n .min(1)\n .max(ATTESTATION_LIMITS.maxMethodLength)\n .transform((m) => m.toUpperCase()),\n /** Request path (no query string by default) */\n path: z.string().min(1).max(ATTESTATION_LIMITS.maxPathLength),\n /** HTTP response status code */\n status: z\n .number()\n .int()\n .min(ATTESTATION_LIMITS.minStatusCode)\n .max(ATTESTATION_LIMITS.maxStatusCode),\n })\n .strict();\n\n/**\n * Attestation receipt extensions schema\n *\n * Allows interaction binding and other namespaced extensions.\n */\nexport const AttestationExtensionsSchema = z.record(z.string(), z.unknown());\n\n/**\n * PEAC Attestation Receipt Claims schema\n *\n * This is the claims structure for attestation receipts - lightweight\n * receipts without payment fields. For full payment receipts, use\n * ReceiptClaimsSchema from ./validators.ts\n */\nexport const AttestationReceiptClaimsSchema = z\n .object({\n /** Issuer URL (normalized, no trailing slash) */\n iss: httpsUrl,\n /** Audience URL */\n aud: httpsUrl,\n /** Issued at (Unix seconds) */\n iat: z.number().int().nonnegative(),\n /** Expiration (Unix seconds) */\n exp: z.number().int().nonnegative(),\n /** Receipt ID (UUIDv7) */\n rid: uuidv7,\n /** Subject identifier (optional) */\n sub: z.string().max(ATTESTATION_LIMITS.maxSubjectLength).optional(),\n /** Extensions (optional) */\n ext: AttestationExtensionsSchema.optional(),\n })\n .strict();\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type MinimalInteractionBinding = z.infer<typeof MinimalInteractionBindingSchema>;\nexport type AttestationExtensions = z.infer<typeof AttestationExtensionsSchema>;\nexport type AttestationReceiptClaims = z.infer<typeof AttestationReceiptClaimsSchema>;\n\n// ============================================================================\n// Validation Helpers\n// ============================================================================\n\n/**\n * Validation result type\n */\nexport interface AttestationValidationResult {\n valid: boolean;\n error_code?: string;\n error_message?: string;\n}\n\n/**\n * Validate attestation receipt claims\n *\n * @param input - Raw input to validate\n * @returns Validation result\n */\nexport function validateAttestationReceiptClaims(input: unknown): AttestationValidationResult {\n const result = AttestationReceiptClaimsSchema.safeParse(input);\n if (result.success) {\n return { valid: true };\n }\n const firstIssue = result.error.issues[0];\n return {\n valid: false,\n error_code: 'E_ATTESTATION_INVALID_CLAIMS',\n error_message: firstIssue?.message || 'Invalid attestation receipt claims',\n };\n}\n\n/**\n * Check if an object is valid attestation receipt claims (non-throwing)\n *\n * @param claims - Object to check\n * @returns True if valid AttestationReceiptClaims\n */\nexport function isAttestationReceiptClaims(claims: unknown): claims is AttestationReceiptClaims {\n return AttestationReceiptClaimsSchema.safeParse(claims).success;\n}\n\n/**\n * Validate minimal interaction binding\n *\n * @param input - Raw input to validate\n * @returns Validation result\n */\nexport function validateMinimalInteractionBinding(input: unknown): AttestationValidationResult {\n const result = MinimalInteractionBindingSchema.safeParse(input);\n if (result.success) {\n return { valid: true };\n }\n const firstIssue = result.error.issues[0];\n return {\n valid: false,\n error_code: 'E_ATTESTATION_INVALID_INTERACTION',\n error_message: firstIssue?.message || 'Invalid interaction binding',\n };\n}\n\n/**\n * Check if an object is valid minimal interaction binding (non-throwing)\n *\n * @param binding - Object to check\n * @returns True if valid MinimalInteractionBinding\n */\nexport function isMinimalInteractionBinding(\n binding: unknown\n): binding is MinimalInteractionBinding {\n return MinimalInteractionBindingSchema.safeParse(binding).success;\n}\n\n// ============================================================================\n// Factory Functions\n// ============================================================================\n\n/**\n * Parameters for creating attestation receipt claims\n */\nexport interface CreateAttestationReceiptParams {\n /** Issuer URL (will be normalized) */\n issuer: string;\n /** Audience URL */\n audience: string;\n /** Receipt ID (UUIDv7) */\n rid: string;\n /** Subject identifier (optional) */\n sub?: string;\n /** Interaction binding (optional) */\n interaction?: MinimalInteractionBinding;\n /** Additional extensions (optional) */\n extensions?: Record<string, unknown>;\n /** Expiration in seconds from now (default: 300) */\n expiresIn?: number;\n}\n\n/**\n * Create validated attestation receipt claims\n *\n * @param params - Attestation receipt parameters\n * @returns Validated AttestationReceiptClaims\n * @throws ZodError if validation fails\n */\nexport function createAttestationReceiptClaims(\n params: CreateAttestationReceiptParams\n): AttestationReceiptClaims {\n const now = Math.floor(Date.now() / 1000);\n const expiresIn = params.expiresIn ?? 300;\n\n // Normalize issuer (remove trailing slashes)\n // Using explicit loop instead of regex to avoid ReDoS with quantifiers\n let normalizedIssuer = params.issuer;\n while (normalizedIssuer.endsWith('/')) {\n normalizedIssuer = normalizedIssuer.slice(0, -1);\n }\n\n // Build extensions\n const ext: Record<string, unknown> = { ...params.extensions };\n if (params.interaction) {\n ext[MIDDLEWARE_INTERACTION_KEY] = params.interaction;\n }\n\n const claims: AttestationReceiptClaims = {\n iss: normalizedIssuer,\n aud: params.audience,\n iat: now,\n exp: now + expiresIn,\n rid: params.rid,\n ...(params.sub && { sub: params.sub }),\n ...(Object.keys(ext).length > 0 && { ext }),\n };\n\n return AttestationReceiptClaimsSchema.parse(claims);\n}\n\n// ============================================================================\n// Type Guard for Receipt Profile Discrimination\n// ============================================================================\n\n/**\n * Check if claims are attestation-only (no payment fields)\n *\n * This helps discriminate between attestation receipts and\n * full payment receipts at runtime.\n *\n * @param claims - Receipt claims to check\n * @returns True if claims lack payment fields (amt, cur, payment)\n */\nexport function isAttestationOnly(claims: Record<string, unknown>): boolean {\n return !('amt' in claims) && !('cur' in claims) && !('payment' in claims);\n}\n\n/**\n * Check if claims are payment receipt (has payment fields)\n *\n * @param claims - Receipt claims to check\n * @returns True if claims have payment fields\n */\nexport function isPaymentReceipt(claims: Record<string, unknown>): boolean {\n return 'amt' in claims && 'cur' in claims && 'payment' in claims;\n}\n","/**\n * Evidence Carrier Contract schemas and helpers\n *\n * Zod validation schemas for PeacEvidenceCarrier and CarrierMeta,\n * plus the canonical computeReceiptRef() and validateCarrierConstraints()\n * functions used by all carrier adapters.\n */\nimport { z } from 'zod';\n\nimport type {\n CarrierFormat,\n CarrierMeta,\n CarrierValidationResult,\n PeacEvidenceCarrier,\n ReceiptRef,\n} from '@peac/kernel';\n\nimport { KERNEL_CONSTRAINTS } from './constraints';\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Maximum carrier size per transport */\nexport const CARRIER_TRANSPORT_LIMITS = {\n /** MCP _meta: 64 KB */\n mcp: 65_536,\n /** A2A metadata: 64 KB */\n a2a: 65_536,\n /** ACP embed in body: 64 KB; headers only: 8 KB */\n acp_embed: 65_536,\n acp_headers: 8_192,\n /** UCP webhook body: 64 KB */\n ucp: 65_536,\n /** x402 embed in body: 64 KB; headers only: 8 KB */\n x402_embed: 65_536,\n x402_headers: 8_192,\n /** HTTP headers only: 8 KB */\n http: 8_192,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Schemas\n// ---------------------------------------------------------------------------\n\n/** Validates a content-addressed receipt reference: sha256:<64 hex chars> */\nexport const ReceiptRefSchema = z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, 'receipt_ref must be sha256:<64 hex chars>');\n\n/** Validates a compact JWS: header.payload.signature (base64url parts) */\nexport const CompactJwsSchema = z\n .string()\n .regex(\n /^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/,\n 'receipt_jws must be a valid compact JWS (header.payload.signature)'\n );\n\n/** Carrier format schema */\nexport const CarrierFormatSchema = z.enum(['embed', 'reference']);\n\n/**\n * Validates receipt_url: HTTPS-only, max 2048 chars, no credentials.\n * Validation only: no I/O, no fetch. Resolution lives in Layer 4.\n */\nexport const ReceiptUrlSchema = z\n .string()\n .url()\n .max(2048)\n .refine((url) => url.startsWith('https://'), {\n message: 'receipt_url must use HTTPS scheme',\n })\n .refine(\n (url) => {\n try {\n const parsed = new URL(url);\n return !parsed.username && !parsed.password;\n } catch {\n return false;\n }\n },\n {\n message: 'receipt_url must not contain credentials',\n }\n );\n\n/** Schema for PeacEvidenceCarrier */\nexport const PeacEvidenceCarrierSchema = z.object({\n receipt_ref: ReceiptRefSchema,\n receipt_jws: CompactJwsSchema.optional(),\n receipt_url: ReceiptUrlSchema.optional(),\n policy_binding: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n actor_binding: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n request_nonce: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n verification_report_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n use_policy_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n representation_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n attestation_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n});\n\n/** Schema for CarrierMeta */\nexport const CarrierMetaSchema = z.object({\n transport: z.string().min(1),\n format: CarrierFormatSchema,\n max_size: z.number().int().positive(),\n redaction: z.array(z.string()).optional(),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Canonical receipt_ref computation (single source of truth).\n *\n * Computes SHA-256 of the UTF-8 bytes of the compact JWS string as emitted.\n * All carrier adapters MUST use this function rather than computing SHA-256\n * locally, to ensure consistency across protocols (correction item 4).\n */\nexport async function computeReceiptRef(jws: string): Promise<ReceiptRef> {\n if (!globalThis.crypto?.subtle) {\n throw new Error(\n 'computeReceiptRef requires WebCrypto (crypto.subtle). ' +\n 'Supported runtimes: Node >= 20, Cloudflare Workers, Deno, Bun.'\n );\n }\n const data = new TextEncoder().encode(jws);\n const hash = await globalThis.crypto.subtle.digest('SHA-256', data);\n const hex = Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n return `sha256:${hex}` as ReceiptRef;\n}\n\n/**\n * Canonical carrier constraint validator.\n *\n * Validates a carrier against transport-specific constraints using\n * the provided CarrierMeta. This is the single validation function\n * that all CarrierAdapter.validateConstraints() implementations delegate to.\n *\n * Checks performed:\n * 1. receipt_ref format (sha256:<hex64>)\n * 2. receipt_jws format (if present): valid compact JWS\n * 3. Total serialized size within meta.max_size\n * 4. If receipt_jws present: receipt_ref consistency\n * 5. All string fields within MAX_STRING_LENGTH\n */\nexport function validateCarrierConstraints(\n carrier: PeacEvidenceCarrier,\n meta: CarrierMeta\n): CarrierValidationResult {\n const violations: string[] = [];\n\n // 1. receipt_ref format\n const refResult = ReceiptRefSchema.safeParse(carrier.receipt_ref);\n if (!refResult.success) {\n violations.push(`invalid receipt_ref format: ${carrier.receipt_ref}`);\n }\n\n // 2. receipt_jws format (if present)\n if (carrier.receipt_jws !== undefined) {\n const jwsResult = CompactJwsSchema.safeParse(carrier.receipt_jws);\n if (!jwsResult.success) {\n violations.push('invalid receipt_jws format: not a valid compact JWS');\n }\n }\n\n // 3. Total serialized size check\n const serialized = JSON.stringify(carrier);\n const sizeBytes = new TextEncoder().encode(serialized).byteLength;\n if (sizeBytes > meta.max_size) {\n violations.push(\n `carrier size ${sizeBytes} bytes exceeds transport limit ${meta.max_size} bytes for ${meta.transport}`\n );\n }\n\n // 4. receipt_url validation (HTTPS-only, max 2048, no credentials)\n if (carrier.receipt_url !== undefined) {\n const urlResult = ReceiptUrlSchema.safeParse(carrier.receipt_url);\n if (!urlResult.success) {\n for (const issue of urlResult.error.issues) {\n violations.push(`invalid receipt_url: ${issue.message}`);\n }\n }\n }\n\n // 5. String field length checks\n const stringFields: Array<[string, string | undefined]> = [\n ['policy_binding', carrier.policy_binding],\n ['actor_binding', carrier.actor_binding],\n ['request_nonce', carrier.request_nonce],\n ['verification_report_ref', carrier.verification_report_ref],\n ['use_policy_ref', carrier.use_policy_ref],\n ['representation_ref', carrier.representation_ref],\n ['attestation_ref', carrier.attestation_ref],\n ];\n\n for (const [name, value] of stringFields) {\n if (value !== undefined && value.length > KERNEL_CONSTRAINTS.MAX_STRING_LENGTH) {\n violations.push(\n `${name} length ${value.length} exceeds MAX_STRING_LENGTH ${KERNEL_CONSTRAINTS.MAX_STRING_LENGTH}`\n );\n }\n }\n\n return { valid: violations.length === 0, violations };\n}\n\n/**\n * Verify receipt_ref consistency with receipt_jws.\n *\n * If both receipt_ref and receipt_jws are present, verifies that\n * sha256(receipt_jws) equals receipt_ref. This prevents carrier\n * tampering after attachment.\n *\n * Returns null if consistent or receipt_jws is absent;\n * returns an error string if inconsistent.\n */\nexport async function verifyReceiptRefConsistency(\n carrier: PeacEvidenceCarrier\n): Promise<string | null> {\n if (carrier.receipt_jws === undefined) {\n return null;\n }\n const computed = await computeReceiptRef(carrier.receipt_jws);\n if (computed !== carrier.receipt_ref) {\n return `receipt_ref mismatch: expected ${computed}, got ${carrier.receipt_ref}`;\n }\n return null;\n}\n\n// ---------------------------------------------------------------------------\n// Re-export types for convenience\n// ---------------------------------------------------------------------------\n\nexport type {\n CarrierFormat,\n CarrierMeta,\n CarrierValidationResult,\n PeacEvidenceCarrier,\n ReceiptRef,\n CarrierAdapter,\n} from '@peac/kernel';\n","/**\n * Wire 0.2 RepresentationFields schema\n *\n * Records metadata about the content representation that was observed or served,\n * enabling reproducible content drift detection.\n *\n * Layer 1 (@peac/schema): pure Zod validation, zero I/O.\n *\n * content_hash validation uses stringToFingerprintRef() as the parser gate\n * and additionally requires alg === 'sha256'. The hmac-sha256 algorithm is\n * not permitted for representation hashes (sha256-only by design).\n */\n\nimport { z } from 'zod';\nimport {\n stringToFingerprintRef,\n MAX_FINGERPRINT_REF_LENGTH,\n} from './extensions/fingerprint-ref.js';\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that a content_hash string is a valid sha256 FingerprintRef.\n *\n * Uses stringToFingerprintRef() as the parser gate (format correctness),\n * then additionally requires alg === 'sha256'. hmac-sha256 is rejected\n * for representation content hashes.\n */\nfunction isValidContentHash(s: string): boolean {\n const ref = stringToFingerprintRef(s);\n if (ref === null) return false;\n // Only sha256 is permitted for representation.content_hash\n return ref.alg === 'sha256';\n}\n\n/**\n * Conservative MIME type validation.\n *\n * Accepts the token/token form with optional parameters (type/subtype;key=value).\n * Does NOT attempt full RFC 9110/6838 grammar parsing.\n *\n * Valid examples: text/plain, application/json, application/json; charset=utf-8\n * Invalid examples: \"text\", \"text/\", \" text/plain\", \"\"\n */\nconst MIME_PATTERN =\n /^[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*\\/[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*(;\\s*[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*=[^\\s;]+)*$/;\n\nfunction isValidMimeType(s: string): boolean {\n return MIME_PATTERN.test(s);\n}\n\n// ---------------------------------------------------------------------------\n// Bounds constants (follows repo _LIMITS convention)\n// ---------------------------------------------------------------------------\n\n/**\n * Normative bounds for Wire 0.2 representation fields.\n *\n * Centralised to prevent magic numbers and allow external reference.\n */\nexport const REPRESENTATION_LIMITS = {\n /** Max content_hash string length (sha256:<64 hex> = 71 chars, capped at FingerprintRef max) */\n maxContentHashLength: MAX_FINGERPRINT_REF_LENGTH,\n /** Max content_type string length */\n maxContentTypeLength: 256,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Wire02RepresentationFieldsSchema\n// ---------------------------------------------------------------------------\n\n/**\n * Zod schema for Wire 0.2 representation fields.\n *\n * All fields are optional; an empty object is valid.\n * Unknown keys are rejected (.strict()).\n *\n * Bounds:\n * - content_hash: max 76 chars (MAX_FINGERPRINT_REF_LENGTH), sha256-only\n * - content_type: max 256 chars, conservative MIME pattern\n * - content_length: non-negative integer, <= Number.MAX_SAFE_INTEGER\n */\nexport const Wire02RepresentationFieldsSchema = z\n .object({\n /**\n * FingerprintRef of the served content body.\n * Format: sha256:<64 lowercase hex>\n * hmac-sha256 is NOT permitted for representation hashes.\n */\n content_hash: z\n .string()\n .max(REPRESENTATION_LIMITS.maxContentHashLength)\n .refine(isValidContentHash, {\n message: 'content_hash must be a valid sha256 FingerprintRef (sha256:<64 lowercase hex>)',\n })\n .optional(),\n /**\n * MIME type of the served content (e.g., 'text/plain', 'application/json').\n * Conservative pattern validation: type/subtype with optional parameters.\n */\n content_type: z\n .string()\n .max(REPRESENTATION_LIMITS.maxContentTypeLength)\n .refine(isValidMimeType, {\n message: 'content_type must be a valid MIME type (type/subtype with optional parameters)',\n })\n .optional(),\n /**\n * Size of the served content in bytes.\n * Non-negative integer, bounded by Number.MAX_SAFE_INTEGER.\n */\n content_length: z.number().int().finite().nonnegative().max(Number.MAX_SAFE_INTEGER).optional(),\n })\n .strict();\n\n/** Inferred type for Wire 0.2 representation fields */\nexport type Wire02RepresentationFields = z.infer<typeof Wire02RepresentationFieldsSchema>;\n\n/**\n * Public export alias.\n * Internal name is Wire02RepresentationFieldsSchema to prevent wire-version\n * collisions; exported as RepresentationFieldsSchema for ergonomic use.\n */\nexport { Wire02RepresentationFieldsSchema as RepresentationFieldsSchema };\n","/**\n * Wire 0.2 Extension Group Limits\n *\n * Centralized per-field bounds for all Wire 0.2 extension group fields.\n * Prevents magic numbers and allows external reference.\n * Follows repo _LIMITS convention.\n *\n * Byte-budget constants are normative and live in @peac/kernel\n * (EXTENSION_BUDGET). Re-exported here for schema-layer convenience.\n */\n\n// Re-export kernel byte-budget constants for schema-layer consumers\nexport { EXTENSION_BUDGET } from '@peac/kernel';\n\n/**\n * Normative per-field bounds for Wire 0.2 extension group fields.\n */\nexport const EXTENSION_LIMITS = {\n // Extension key grammar\n maxExtensionKeyLength: 512,\n maxDnsLabelLength: 63,\n maxDnsDomainLength: 253,\n\n // Commerce\n maxPaymentRailLength: 128,\n maxCurrencyLength: 16,\n maxAmountMinorLength: 64,\n maxReferenceLength: 256,\n maxAssetLength: 256,\n maxCommerceEventLength: 64,\n\n // Access\n maxResourceLength: 2048,\n maxActionLength: 256,\n\n // Challenge\n maxProblemTypeLength: 2048,\n maxProblemTitleLength: 256,\n maxProblemDetailLength: 4096,\n maxProblemInstanceLength: 2048,\n\n // Identity\n maxProofRefLength: 256,\n\n // Correlation\n maxTraceIdLength: 32,\n maxSpanIdLength: 16,\n maxWorkflowIdLength: 256,\n maxParentJtiLength: 256,\n maxDependsOnLength: 64,\n\n // Consent\n maxConsentBasisLength: 128,\n maxConsentMethodLength: 128,\n maxDataCategoriesCount: 64,\n maxDataCategoryLength: 128,\n maxConsentScopeLength: 256,\n maxJurisdictionLength: 16,\n\n // Compliance\n maxFrameworkLength: 256,\n maxAuditRefLength: 256,\n maxAuditorLength: 256,\n maxComplianceScopeLength: 512,\n\n // Privacy\n maxDataClassificationLength: 128,\n maxProcessingBasisLength: 128,\n maxAnonymizationMethodLength: 128,\n maxDataSubjectCategoryLength: 128,\n maxTransferMechanismLength: 128,\n\n // Safety\n maxAssessmentMethodLength: 256,\n maxSafetyMeasuresCount: 32,\n maxSafetyMeasureLength: 256,\n maxIncidentRefLength: 256,\n maxModelRefLength: 256,\n maxSafetyCategoryLength: 128,\n\n // Provenance\n maxSourceTypeLength: 128,\n maxSourceRefLength: 256,\n maxVerificationMethodLength: 128,\n maxCustodyChainCount: 16,\n maxCustodianLength: 256,\n maxCustodyActionLength: 128,\n maxSlsaTrackLength: 64,\n maxSlsaVersionLength: 16,\n\n // Attribution\n maxCreatorRefLength: 256,\n maxObligationTypeLength: 128,\n maxAttributionTextLength: 1024,\n maxContentSignalSourceLength: 128,\n\n // Purpose\n maxExternalPurposesCount: 32,\n maxExternalPurposeLength: 128,\n maxPurposeBasisLength: 128,\n maxCompatiblePurposesCount: 32,\n\n // Shared field bounds\n maxHttpsUriLength: 2048,\n maxSha256DigestLength: 71, // \"sha256:\" (7) + 64 hex = 71 chars\n maxIso8601DurationLength: 64,\n maxIso8601DateLength: 10,\n maxSpdxExpressionLength: 128,\n} as const;\n","/**\n * Wire 0.2 Extension Key Grammar Validator\n *\n * Validates that extension keys conform to the Wire 0.2 reverse-DNS\n * extension key grammar: `<domain>/<segment>`.\n *\n * Extracted from the monolithic wire-02-extensions.ts for maintainability.\n */\n\nimport { EXTENSION_LIMITS } from './limits.js';\n\n/**\n * DNS label pattern: lowercase alphanumeric, may contain hyphens but not at\n * start or end. Single-char labels are valid (e.g., \"a\").\n */\nconst DNS_LABEL = /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/;\n\n/**\n * Segment pattern: lowercase alphanumeric start, may contain lowercase\n * alphanumeric, underscores, and hyphens.\n */\nconst SEGMENT_PATTERN = /^[a-z0-9][a-z0-9_-]*$/;\n\n/**\n * Validate that an extension key conforms to the Wire 0.2 extension key\n * grammar: `<domain>/<segment>`.\n *\n * Domain rules:\n * - At least one dot (distinguishes from single-label paths)\n * - Each label matches [a-z0-9]([a-z0-9-]*[a-z0-9])? (lowercase only)\n * - No uppercase letters anywhere in the domain\n *\n * Segment rules:\n * - Matches [a-z0-9][a-z0-9_-]* (lowercase only)\n * - Underscores are permitted (for extension names like credential_event)\n *\n * @param key - Extension key to validate\n * @returns true if valid extension key grammar; false otherwise\n */\nexport function isValidExtensionKey(key: string): boolean {\n if (key.length === 0 || key.length > EXTENSION_LIMITS.maxExtensionKeyLength) return false;\n\n const slashIdx = key.indexOf('/');\n if (slashIdx <= 0) return false;\n\n const domain = key.slice(0, slashIdx);\n const segment = key.slice(slashIdx + 1);\n\n if (!domain.includes('.')) return false;\n if (domain.length > EXTENSION_LIMITS.maxDnsDomainLength) return false;\n\n if (segment.length === 0) return false;\n if (!SEGMENT_PATTERN.test(segment)) return false;\n\n const labels = domain.split('.');\n for (const label of labels) {\n if (label.length === 0 || label.length > EXTENSION_LIMITS.maxDnsLabelLength) return false;\n if (!DNS_LABEL.test(label)) return false;\n }\n\n return true;\n}\n\n/**\n * Escape a single path segment per RFC 6901.\n * '~' -> '~0', '/' -> '~1'\n */\nexport function escapePointerSegment(s: string): string {\n return s.replace(/~/g, '~0').replace(/\\//g, '~1');\n}\n\n/**\n * Build a leaf-precise RFC 6901 JSON Pointer from a group key and Zod\n * issue path.\n *\n * @param groupKey - Extension group key (e.g., 'org.peacprotocol/commerce')\n * @param zodPath - Path array from the first Zod issue\n * @returns RFC 6901 pointer string\n */\nexport function zodPathToPointer(groupKey: string, zodPath: readonly PropertyKey[]): string {\n const escaped = escapePointerSegment(groupKey);\n const segments = zodPath.map((s) => escapePointerSegment(String(s)));\n return `/extensions/${escaped}` + (segments.length > 0 ? '/' + segments.join('/') : '');\n}\n","/**\n * Commerce Extension Group (org.peacprotocol/commerce)\n *\n * Records payment transaction evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const COMMERCE_EXTENSION_KEY = 'org.peacprotocol/commerce' as const;\n\n/** Base-10 integer string: optional leading minus, one or more digits */\nconst AMOUNT_MINOR_PATTERN = /^-?[0-9]+$/;\n\nexport const CommerceExtensionSchema = z\n .object({\n /** Payment rail identifier (e.g., 'stripe', 'x402', 'lightning') */\n payment_rail: z.string().min(1).max(EXTENSION_LIMITS.maxPaymentRailLength),\n /**\n * Amount in smallest currency unit as a string for arbitrary precision.\n * Base-10 integer: optional leading minus, one or more digits.\n * Decimals and empty strings are rejected.\n */\n amount_minor: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxAmountMinorLength)\n .regex(\n AMOUNT_MINOR_PATTERN,\n 'amount_minor must be a base-10 integer string (e.g., \"1000\", \"-50\")'\n ),\n /** ISO 4217 currency code or asset identifier */\n currency: z.string().min(1).max(EXTENSION_LIMITS.maxCurrencyLength),\n /** Caller-assigned payment reference */\n reference: z.string().max(EXTENSION_LIMITS.maxReferenceLength).optional(),\n /** Asset identifier for non-fiat (e.g., token address) */\n asset: z.string().max(EXTENSION_LIMITS.maxAssetLength).optional(),\n /** Environment discriminant */\n env: z.enum(['live', 'test']).optional(),\n /** Commerce lifecycle phase. Observational metadata only: does not encode settlement finality or protocol state transitions */\n event: z\n .enum(['authorization', 'capture', 'settlement', 'refund', 'void', 'chargeback'])\n .optional(),\n })\n .strict();\n\nexport type CommerceExtension = z.infer<typeof CommerceExtensionSchema>;\n","/**\n * Access Extension Group (org.peacprotocol/access)\n *\n * Records access control decision evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const ACCESS_EXTENSION_KEY = 'org.peacprotocol/access' as const;\n\nexport const AccessExtensionSchema = z\n .object({\n /** Resource being accessed (URI or identifier) */\n resource: z.string().min(1).max(EXTENSION_LIMITS.maxResourceLength),\n /** Action performed on the resource */\n action: z.string().min(1).max(EXTENSION_LIMITS.maxActionLength),\n /** Access decision */\n decision: z.enum(['allow', 'deny', 'review']),\n })\n .strict();\n\nexport type AccessExtension = z.infer<typeof AccessExtensionSchema>;\n","/**\n * Challenge Extension Group (org.peacprotocol/challenge)\n *\n * Records challenge issuance with RFC 9457 Problem Details.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const CHALLENGE_EXTENSION_KEY = 'org.peacprotocol/challenge' as const;\n\n/**\n * Challenge type values (7 total, P0-6).\n * Includes purpose_disallowed (reviewer fix: 7 not 6).\n */\nexport const CHALLENGE_TYPES = [\n 'payment_required',\n 'identity_required',\n 'consent_required',\n 'attestation_required',\n 'rate_limited',\n 'purpose_disallowed',\n 'custom',\n] as const;\n\nexport const ChallengeTypeSchema = z.enum(CHALLENGE_TYPES);\nexport type ChallengeType = z.infer<typeof ChallengeTypeSchema>;\n\n/**\n * RFC 9457 Problem Details schema (P0-5).\n *\n * Uses .passthrough() for extension members per RFC 9457 Section 6.2.\n * Required fields: status (HTTP status code), type (problem type URI).\n * Optional fields: title, detail, instance.\n */\nexport const ProblemDetailsSchema = z\n .object({\n /** HTTP status code (100-599) */\n status: z.number().int().min(100).max(599),\n /** Problem type URI */\n type: z.string().min(1).max(EXTENSION_LIMITS.maxProblemTypeLength).url(),\n /** Short human-readable summary */\n title: z.string().max(EXTENSION_LIMITS.maxProblemTitleLength).optional(),\n /** Human-readable explanation specific to this occurrence */\n detail: z.string().max(EXTENSION_LIMITS.maxProblemDetailLength).optional(),\n /** URI reference identifying the specific occurrence */\n instance: z.string().max(EXTENSION_LIMITS.maxProblemInstanceLength).optional(),\n })\n .passthrough();\n\nexport const ChallengeExtensionSchema = z\n .object({\n /** Challenge type (7 values) */\n challenge_type: ChallengeTypeSchema,\n /** RFC 9457 Problem Details */\n problem: ProblemDetailsSchema,\n /** Resource that triggered the challenge */\n resource: z.string().max(EXTENSION_LIMITS.maxResourceLength).optional(),\n /** Action that triggered the challenge */\n action: z.string().max(EXTENSION_LIMITS.maxActionLength).optional(),\n /** Caller-defined requirements for resolving the challenge */\n requirements: z.record(z.string(), z.unknown()).optional(),\n })\n .strict();\n\nexport type ChallengeExtension = z.infer<typeof ChallengeExtensionSchema>;\n","/**\n * Identity Extension Group (org.peacprotocol/identity)\n *\n * Records identity verification or attestation evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const IDENTITY_EXTENSION_KEY = 'org.peacprotocol/identity' as const;\n\nexport const IdentityExtensionSchema = z\n .object({\n /** Proof reference (opaque string; no actor_binding: top-level actor is sole location) */\n proof_ref: z.string().max(EXTENSION_LIMITS.maxProofRefLength).optional(),\n })\n .strict();\n\nexport type IdentityExtension = z.infer<typeof IdentityExtensionSchema>;\n","/**\n * Correlation Extension Group (org.peacprotocol/correlation)\n *\n * Records workflow correlation and traceability metadata.\n * OpenTelemetry-compatible trace and span IDs.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const CORRELATION_EXTENSION_KEY = 'org.peacprotocol/correlation' as const;\n\n/** OpenTelemetry trace ID: exactly 32 lowercase hex chars */\nconst TRACE_ID_PATTERN = /^[0-9a-f]{32}$/;\n\n/** OpenTelemetry span ID: exactly 16 lowercase hex chars */\nconst SPAN_ID_PATTERN = /^[0-9a-f]{16}$/;\n\nexport const CorrelationExtensionSchema = z\n .object({\n /** OpenTelemetry-compatible trace ID (32 lowercase hex chars) */\n trace_id: z\n .string()\n .length(EXTENSION_LIMITS.maxTraceIdLength)\n .regex(TRACE_ID_PATTERN, 'trace_id must be 32 lowercase hex characters')\n .optional(),\n /** OpenTelemetry-compatible span ID (16 lowercase hex chars) */\n span_id: z\n .string()\n .length(EXTENSION_LIMITS.maxSpanIdLength)\n .regex(SPAN_ID_PATTERN, 'span_id must be 16 lowercase hex characters')\n .optional(),\n /** Workflow identifier */\n workflow_id: z.string().min(1).max(EXTENSION_LIMITS.maxWorkflowIdLength).optional(),\n /** Parent receipt JTI for causal chains */\n parent_jti: z.string().min(1).max(EXTENSION_LIMITS.maxParentJtiLength).optional(),\n /** JTIs this receipt depends on */\n depends_on: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxParentJtiLength))\n .max(EXTENSION_LIMITS.maxDependsOnLength)\n .optional(),\n })\n .strict();\n\nexport type CorrelationExtension = z.infer<typeof CorrelationExtensionSchema>;\n","/**\n * Wire 0.2 Shared Validator Schemas\n *\n * Protocol-grade Zod validators for common field patterns reused across\n * multiple extension groups. Consolidated to prevent drift, improve interop,\n * and keep Layer 1 clean.\n *\n * All validators are pure Zod schemas with zero I/O.\n *\n * @see HASH.pattern from @peac/kernel for SHA-256 digest grammar\n * @see PolicyBlockSchema.uri for HTTPS URI hint pattern origin\n */\n\nimport { z } from 'zod';\nimport { HASH } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// SHA-256 Digest (hash-first content references)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates a SHA-256 digest string in the canonical PEAC format.\n *\n * Format: `sha256:<64 lowercase hex chars>`\n * Max length: 71 chars (\"sha256:\" = 7 chars + 64 hex chars = 71 total)\n *\n * Reuses `HASH.pattern` from `@peac/kernel` (same regex used in\n * `PolicyBlockSchema.digest` and `ReceiptRefSchema`).\n *\n * INTEROPERABILITY NOTE: This is a PEAC-internal self-describing digest\n * string grammar. It is NOT the same as:\n * - RFC 9530 `Content-Digest` / `Repr-Digest`, which use structured\n * HTTP fields with base64 encoding (e.g., `sha-256=:base64:`)\n * - RFC 9421 HTTP Message Signatures digest components\n * PEAC digest strings are used within JWS payloads and extension fields,\n * not as HTTP headers. When bridging to HTTP digest headers, adapters\n * (Layer 4+) must convert between formats.\n */\nexport const Sha256DigestSchema = z\n .string()\n .max(71)\n .regex(HASH.pattern, 'must be a valid SHA-256 digest (sha256:<64 lowercase hex>)');\n\n// ---------------------------------------------------------------------------\n// HTTPS URI Hint (locator hints only, SSRF prevention)\n// ---------------------------------------------------------------------------\n\n/**\n * Control character ranges that must not appear in URI hints.\n * Covers C0 controls (U+0000-U+001F) and DEL (U+007F).\n */\nconst CONTROL_CHAR_PATTERN = /[\\x00-\\x1f\\x7f]/;\n\n/**\n * Validates an HTTPS URI hint field.\n *\n * Security hardening beyond basic URL validation:\n * - MUST be https:// scheme (rejects http, ftp, data, javascript, file)\n * - MUST NOT contain embedded credentials (userinfo@)\n * - MUST NOT contain fragment identifiers (#)\n * - MUST NOT contain ASCII control characters (U+0000-U+001F, U+007F)\n * - Max 2048 chars (aligned with POLICY_BLOCK.uriMaxLength)\n *\n * These are locator hints only: callers MUST NOT auto-fetch.\n *\n * NORMATIVE: Localhost and private-network hosts (e.g., 10.x, 192.168.x,\n * localhost) are intentionally accepted at Layer 1 (schema). URI hints\n * are metadata, not fetch targets; restricting to public hosts would\n * break enterprise/internal deployments without improving security at\n * this layer. SSRF prevention is enforced by the non-fetch invariant\n *, not by host filtering in schema validation.\n *\n * Test suite covers: IDN/punycode, IPv6 literals, localhost-style\n * hosts, percent-encoded confusion, and parser ambiguity cases.\n */\nexport const HttpsUriHintSchema = z\n .string()\n .min(1)\n .max(2048)\n .refine(\n (value) => {\n // Reject control characters before URL parsing (prevents parser confusion)\n if (CONTROL_CHAR_PATTERN.test(value)) return false;\n\n // Reject fragments (not meaningful for locator hints)\n if (value.includes('#')) return false;\n\n try {\n const url = new URL(value);\n\n // MUST be https:// only\n if (url.protocol !== 'https:') return false;\n\n // MUST NOT contain embedded credentials\n if (url.username !== '' || url.password !== '') return false;\n\n // MUST have a non-empty hostname\n if (!url.hostname) return false;\n\n return true;\n } catch {\n return false;\n }\n },\n {\n message: 'must be a valid HTTPS URI (no credentials, no fragments, no control characters)',\n }\n );\n\n// ---------------------------------------------------------------------------\n// ISO 8601 Duration (parser-grade, strict)\n// ---------------------------------------------------------------------------\n\n/**\n * ISO 8601 duration component descriptor.\n */\ninterface DurationComponents {\n years: number;\n months: number;\n weeks: number;\n days: number;\n hours: number;\n minutes: number;\n seconds: number;\n}\n\n/**\n * Valid date-part designators in canonical order.\n * ISO 8601 requires Y before M before W before D.\n */\nconst DATE_DESIGNATOR_ORDER = ['Y', 'M', 'W', 'D'] as const;\n\n/**\n * Valid time-part designators in canonical order.\n * ISO 8601 requires H before M before S.\n */\nconst TIME_DESIGNATOR_ORDER = ['H', 'M', 'S'] as const;\n\n/**\n * Parse an ISO 8601 duration string into components.\n *\n * Enforces:\n * - No duplicate designators (P1Y2Y rejected)\n * - Canonical component ordering (P1D1Y rejected; must be P1Y1D)\n * - Weeks cannot be combined with other date components (ISO 8601)\n * - At least one component must be present (bare P rejected)\n * - At least one time component after T (bare PT rejected)\n * - Zero-value durations are accepted (P0D, PT0S are valid ISO 8601)\n *\n * Zero durations: P0D and PT0S are valid per ISO 8601. The spec says\n * \"a zero duration\" is representable. Consumers decide if a zero\n * duration is semantically meaningful for their use case.\n *\n * @param value - String to parse\n * @returns Parsed components, or null if invalid\n */\nexport function parseIso8601Duration(value: string): DurationComponents | null {\n if (typeof value !== 'string' || value.length === 0 || value.length > 64) {\n return null;\n }\n\n if (value.charAt(0) !== 'P') return null;\n\n let pos = 1;\n const len = value.length;\n\n // Bare \"P\" is invalid\n if (pos >= len) return null;\n\n const result: DurationComponents = {\n years: 0,\n months: 0,\n weeks: 0,\n days: 0,\n hours: 0,\n minutes: 0,\n seconds: 0,\n };\n\n let inTimePart = false;\n let hasAnyComponent = false;\n\n // Track seen designators to reject duplicates\n const seenDesignators = new Set<string>();\n\n // Track ordering: index into the relevant order array\n let dateOrderIdx = 0;\n let timeOrderIdx = 0;\n\n while (pos < len) {\n if (value.charAt(pos) === 'T') {\n if (inTimePart) return null; // Double T\n inTimePart = true;\n pos++;\n if (pos >= len) return null; // Bare \"PT\"\n continue;\n }\n\n // Parse digits\n const numStart = pos;\n while (pos < len && value.charAt(pos) >= '0' && value.charAt(pos) <= '9') {\n pos++;\n }\n if (pos === numStart) return null; // No digits before designator\n\n const digits = value.slice(numStart, pos);\n // Reject components that would lose precision as JS numbers.\n // Number.MAX_SAFE_INTEGER = 9007199254740991 (16 digits).\n // Duration components beyond this are structurally malformed for any\n // real-world use and would silently truncate.\n if (digits.length > 15) return null;\n const num = parseInt(digits, 10);\n if (!Number.isFinite(num) || num < 0) return null;\n\n if (pos >= len) return null; // No designator after number\n\n const designator = value.charAt(pos);\n pos++;\n\n // Reject duplicate designators\n const designatorKey = (inTimePart ? 'T' : '') + designator;\n if (seenDesignators.has(designatorKey)) return null;\n seenDesignators.add(designatorKey);\n\n if (inTimePart) {\n // Enforce canonical time ordering: H before M before S\n const timeIdx = TIME_DESIGNATOR_ORDER.indexOf(designator as 'H' | 'M' | 'S');\n if (timeIdx === -1) return null; // Invalid time designator\n if (timeIdx < timeOrderIdx) return null; // Out of order\n timeOrderIdx = timeIdx + 1;\n\n switch (designator) {\n case 'H':\n result.hours = num;\n break;\n case 'M':\n result.minutes = num;\n break;\n case 'S':\n result.seconds = num;\n break;\n }\n } else {\n // Enforce canonical date ordering: Y before M before W before D\n const dateIdx = DATE_DESIGNATOR_ORDER.indexOf(designator as 'Y' | 'M' | 'W' | 'D');\n if (dateIdx === -1) return null; // Invalid date designator\n if (dateIdx < dateOrderIdx) return null; // Out of order\n dateOrderIdx = dateIdx + 1;\n\n switch (designator) {\n case 'Y':\n result.years = num;\n break;\n case 'M':\n result.months = num;\n break;\n case 'W':\n result.weeks = num;\n break;\n case 'D':\n result.days = num;\n break;\n }\n }\n\n hasAnyComponent = true;\n }\n\n if (!hasAnyComponent) return null;\n\n // ISO 8601: weeks cannot be combined with other date components\n if (result.weeks > 0 && (result.years > 0 || result.months > 0 || result.days > 0)) {\n return null;\n }\n\n return result;\n}\n\n/**\n * Validates an ISO 8601 duration string.\n *\n * Parser-grade strict validation:\n * - Rejects bare P, bare PT\n * - Rejects duplicate designators (P1Y2Y)\n * - Enforces canonical component ordering (P1D1Y rejected)\n * - Rejects mixed weeks and other date components\n * - Accepts zero-value durations (P0D, PT0S are valid ISO 8601)\n * - Only non-negative integer components (no decimals, no negatives)\n *\n * Examples:\n * Valid: \"P30D\", \"P1Y\", \"P1Y6M\", \"PT1H30M\", \"P1W\", \"P0D\", \"PT0S\"\n * Invalid: \"P\", \"PT\", \"30D\", \"\", \"P1D1Y\", \"P1Y2Y\", \"P1WD3\", \"P-1D\"\n */\nexport const Iso8601DurationSchema = z\n .string()\n .min(2)\n .max(64)\n .refine((value) => parseIso8601Duration(value) !== null, {\n message: 'must be a valid ISO 8601 duration (e.g., P30D, P1Y6M, PT1H30M)',\n });\n\n// ---------------------------------------------------------------------------\n// ISO 8601 Date String (YYYY-MM-DD, structural only)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates a structurally valid ISO 8601 date string (YYYY-MM-DD).\n *\n * Structural validation only: checks 4-digit year, 2-digit month 01-12,\n * 2-digit day 01-31. Does NOT validate calendar correctness (e.g.,\n * Feb 30 or Jun 31 would pass structural check). Calendar validation\n * is left to the application layer since this is an evidence record,\n * not a scheduling system.\n *\n * Named \"StructuralDate\" to avoid implying full calendar validation.\n */\nexport const Iso8601DateStringSchema = z\n .string()\n .length(10)\n .regex(/^\\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\\d|3[01])$/, {\n message: 'must be a structurally valid date string (YYYY-MM-DD)',\n });\n\n/**\n * @deprecated Use Iso8601DateStringSchema. Alias preserved for backward compat.\n */\nexport const Iso8601DateSchema = Iso8601DateStringSchema;\n\n// ---------------------------------------------------------------------------\n// ISO 8601 DateTime with Offset (Zod 4 top-level API)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates an ISO 8601 datetime string with timezone offset.\n *\n * Uses Zod 4 top-level `z.iso.datetime({ offset: true })` (preferred\n * over the deprecated method-style `z.string().datetime()`).\n *\n * This is NOT strictly RFC 3339: it accepts minute-precision timestamps\n * (e.g., `2026-03-14T12:00+05:30` without seconds), which ISO 8601\n * allows but RFC 3339 does not. Use Rfc3339DateTimeSchema for strict\n * RFC 3339 compliance.\n *\n * Consistent with Wire 0.2 `occurred_at` field validation semantics.\n */\nexport const Iso8601OffsetDateTimeSchema = z.iso.datetime({ offset: true });\n\n// ---------------------------------------------------------------------------\n// RFC 3339 DateTime (strict: offset + seconds required, fractional optional)\n// ---------------------------------------------------------------------------\n\n/**\n * RFC 3339 seconds-presence pattern.\n * Matches the `T<HH>:<MM>:<SS>` portion, ensuring seconds are present.\n * Fractional seconds (.nnn) are optional per RFC 3339 Section 5.6.\n */\nconst RFC3339_SECONDS_PATTERN = /T\\d{2}:\\d{2}:\\d{2}/;\n\n/**\n * Validates a datetime string against a practical strict RFC 3339 profile.\n *\n * Enforces the key RFC 3339 Section 5.6 constraints:\n * - Timezone offset always present (Z or +/-HH:MM)\n * - Seconds always present (minute-only timestamps rejected)\n * - Fractional seconds optional (after the seconds component)\n * - No local timestamps\n *\n * This is a practical strict profile, not a proven ABNF implementation.\n * It uses `z.iso.datetime({ offset: true })` as the base (which handles\n * most RFC 3339 grammar) plus a seconds-presence refine. Edge cases\n * like leap seconds or two-digit year forms are not explicitly tested.\n *\n * @see https://www.rfc-editor.org/rfc/rfc3339#section-5.6\n */\nexport const Rfc3339DateTimeSchema = z.iso\n .datetime({ offset: true })\n .refine((value: string) => RFC3339_SECONDS_PATTERN.test(value), {\n message: 'RFC 3339 requires seconds precision (e.g., 2026-03-14T12:00:00Z)',\n });\n\n/**\n * @deprecated Use Iso8601OffsetDateTimeSchema or Rfc3339DateTimeSchema.\n * This alias points to Iso8601OffsetDateTimeSchema (which accepts\n * minute-precision and is therefore NOT strictly RFC 3339). Preserved\n * for backward compatibility only. Remove-not-before: v0.13.0.\n */\nexport const Rfc3339TimestampSchema = Iso8601OffsetDateTimeSchema;\n\n// ---------------------------------------------------------------------------\n// SPDX License Expression (documented structural subset)\n// ---------------------------------------------------------------------------\n\n/**\n * SPDX License Expression validator: documented structural subset.\n *\n * This is a structural subset validator for v0.12.2, NOT full SPDX 3.0.1\n * support. It validates expression grammar without checking license IDs\n * against the SPDX license list.\n *\n * Supported subset:\n * - Simple license IDs: MIT, Apache-2.0, GPL-3.0-only\n * - LicenseRef custom references: LicenseRef-custom\n * - Or-later suffix: GPL-2.0+\n * - Compound expressions: MIT AND Apache-2.0, MIT OR GPL-2.0-only\n * - Exception clauses: Apache-2.0 WITH Classpath-exception-2.0\n * - Parenthesized sub-expressions: (MIT OR Apache-2.0) AND GPL-3.0-only\n *\n * NOT supported (deferred to attribution extension PR, v0.12.2 PR 4):\n * - DocumentRef-*: prefixes (rare in practice; not seen in npm/PyPI/crates.io)\n *\n * @see https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/\n */\nfunction isValidSpdxSubsetExpression(expr: string): boolean {\n if (typeof expr !== 'string' || expr.length === 0 || expr.length > 128) {\n return false;\n }\n\n // Tokenize: split on whitespace, preserving parentheses as separate tokens\n const tokens: string[] = [];\n let current = '';\n\n for (let i = 0; i < expr.length; i++) {\n const ch = expr.charAt(i);\n if (ch === '(' || ch === ')') {\n if (current.length > 0) {\n tokens.push(current);\n current = '';\n }\n tokens.push(ch);\n } else if (ch === ' ' || ch === '\\t') {\n if (current.length > 0) {\n tokens.push(current);\n current = '';\n }\n } else {\n current += ch;\n }\n }\n if (current.length > 0) {\n tokens.push(current);\n }\n\n if (tokens.length === 0) return false;\n\n // Recursive-descent parser\n let pos = 0;\n\n function peek(): string | undefined {\n return tokens[pos];\n }\n\n function advance(): string {\n return tokens[pos++];\n }\n\n // license-id: [A-Za-z0-9][A-Za-z0-9.-]* with optional + suffix\n // LicenseRef-: LicenseRef-[A-Za-z0-9.-]+\n function isLicenseId(token: string): boolean {\n const base = token.endsWith('+') ? token.slice(0, -1) : token;\n if (base.length === 0) return false;\n\n if (base.startsWith('LicenseRef-')) {\n const ref = base.slice(11);\n return ref.length > 0 && /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(ref);\n }\n\n return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(base);\n }\n\n function isExceptionId(token: string): boolean {\n return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(token);\n }\n\n // expr = term ((AND | OR) term)*\n function parseExpr(): boolean {\n if (!parseTerm()) return false;\n while (pos < tokens.length) {\n const op = peek();\n if (op === 'AND' || op === 'OR') {\n advance();\n if (!parseTerm()) return false;\n } else {\n break;\n }\n }\n return true;\n }\n\n // term = atom (WITH exception-id)?\n function parseTerm(): boolean {\n if (!parseAtom()) return false;\n if (peek() === 'WITH') {\n advance();\n const exception = peek();\n if (exception === undefined || !isExceptionId(exception)) return false;\n advance();\n }\n return true;\n }\n\n // atom = '(' expr ')' | license-id\n function parseAtom(): boolean {\n const token = peek();\n if (token === undefined) return false;\n\n if (token === '(') {\n advance();\n if (!parseExpr()) return false;\n if (peek() !== ')') return false;\n advance();\n return true;\n }\n\n if (token === ')' || token === 'AND' || token === 'OR' || token === 'WITH') {\n return false;\n }\n\n if (!isLicenseId(token)) return false;\n advance();\n return true;\n }\n\n const result = parseExpr();\n return result && pos === tokens.length;\n}\n\n/**\n * Validates an SPDX license expression (documented structural subset).\n *\n * Uses a recursive-descent parser for the supported grammar subset.\n * Does NOT validate against the SPDX license list (structure only).\n * Does NOT support DocumentRef-* prefixes (deferred).\n *\n * @see isValidSpdxSubsetExpression for the supported grammar\n */\nexport const SpdxExpressionSchema = z.string().min(1).max(128).refine(isValidSpdxSubsetExpression, {\n message:\n 'must be a valid SPDX license expression (e.g., MIT, Apache-2.0, MIT AND Apache-2.0). DocumentRef-* not yet supported.',\n});\n\n// ---------------------------------------------------------------------------\n// Exported internals for testing\n// ---------------------------------------------------------------------------\n\n/** @internal Exported for testing only */\nexport { parseIso8601Duration as _parseIso8601Duration };\n\n/** @internal Exported for testing only */\nexport { isValidSpdxSubsetExpression as _isValidSpdxExpression };\n","/**\n * Consent Extension Group (org.peacprotocol/consent)\n *\n * Records consent collection or withdrawal as an observation.\n * Jurisdiction-neutral. Aligned with ISO/IEC 29184:2020 concepts.\n *\n * Design:\n * - Open taxonomy for consent_basis, consent_method (jurisdiction-specific)\n * - Closed enum for consent_status (universal lifecycle states)\n * - URI fields are locator hints only; callers MUST NOT auto-fetch\n * - ISO 8601 durations for retention periods\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.10\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { HttpsUriHintSchema, Iso8601DurationSchema } from './shared-validators.js';\n\nexport const CONSENT_EXTENSION_KEY = 'org.peacprotocol/consent' as const;\n\n/**\n * Consent status: universal lifecycle states across GDPR Art 7,\n * CCPA Sec 1798.120, LGPD Art 8, ISO/IEC 29184.\n *\n * Closed enum: these 4 states cover all consent lifecycle transitions.\n */\nexport const CONSENT_STATUSES = ['granted', 'withdrawn', 'denied', 'expired'] as const;\nexport const ConsentStatusSchema = z.enum(CONSENT_STATUSES);\nexport type ConsentStatus = z.infer<typeof ConsentStatusSchema>;\n\nexport const ConsentExtensionSchema = z\n .object({\n /**\n * Legal basis identifier for consent.\n * Open string: jurisdictions define different bases\n * (e.g., explicit, implied, opt_out, legitimate_interest, contractual, legal_obligation).\n */\n consent_basis: z.string().min(1).max(EXTENSION_LIMITS.maxConsentBasisLength),\n\n /** Consent lifecycle state (closed vocabulary) */\n consent_status: ConsentStatusSchema,\n\n /**\n * Data categories covered by this consent.\n * Open vocabulary (e.g., personal, sensitive, biometric).\n */\n data_categories: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxDataCategoryLength))\n .max(EXTENSION_LIMITS.maxDataCategoriesCount)\n .optional(),\n\n /** Data retention period as ISO 8601 duration. */\n retention_period: Iso8601DurationSchema.optional(),\n\n /**\n * How consent was collected.\n * Open vocabulary (e.g., click_through, double_opt_in, verbal, written).\n */\n consent_method: z.string().min(1).max(EXTENSION_LIMITS.maxConsentMethodLength).optional(),\n\n /**\n * HTTPS URI hint for consent withdrawal.\n * Locator hint only: callers MUST NOT auto-fetch.\n * Rejects non-HTTPS, embedded credentials, fragments, control chars.\n */\n withdrawal_uri: HttpsUriHintSchema.optional(),\n\n /** Free-text scope description */\n scope: z.string().min(1).max(EXTENSION_LIMITS.maxConsentScopeLength).optional(),\n\n /**\n * Jurisdiction code: ISO 3166-1 alpha-2 or composite.\n * Examples: EU, US-CA, BR, GB, DE, JP, IN.\n */\n jurisdiction: z.string().min(1).max(EXTENSION_LIMITS.maxJurisdictionLength).optional(),\n })\n .strict();\n\nexport type ConsentExtension = z.infer<typeof ConsentExtensionSchema>;\n","/**\n * Privacy Extension Group (org.peacprotocol/privacy)\n *\n * Records data classification and handling observations.\n * Aligned with ISO/IEC 27701 concepts.\n *\n * Design:\n * - Open taxonomy for data_classification, processing_basis, methods\n * - Closed enums for retention_mode, recipient_scope (universal categories)\n * - retention_period (ISO 8601 duration) and retention_mode are separate fields\n * to keep duration grammar and non-duration semantics distinct\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.11\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { Iso8601DurationSchema } from './shared-validators.js';\n\nexport const PRIVACY_EXTENSION_KEY = 'org.peacprotocol/privacy' as const;\n\n/**\n * Retention mode: non-duration retention semantics.\n * Separate from retention_period to keep duration grammar distinct.\n *\n * Closed enum: 3 values cover all non-duration retention patterns.\n */\nexport const RETENTION_MODES = ['time_bound', 'indefinite', 'session_only'] as const;\nexport const RetentionModeSchema = z.enum(RETENTION_MODES);\nexport type RetentionMode = z.infer<typeof RetentionModeSchema>;\n\n/**\n * Recipient scope: aligned with GDPR Art 13-14 disclosure categories.\n *\n * Closed enum: 4 values cover standard data recipient classifications.\n */\nexport const RECIPIENT_SCOPES = ['internal', 'processor', 'third_party', 'public'] as const;\nexport const RecipientScopeSchema = z.enum(RECIPIENT_SCOPES);\nexport type RecipientScope = z.infer<typeof RecipientScopeSchema>;\n\nexport const PrivacyExtensionSchema = z\n .object({\n /**\n * Data classification level.\n * Open taxonomy (e.g., public, internal, confidential, restricted, pii, sensitive_pii).\n */\n data_classification: z.string().min(1).max(EXTENSION_LIMITS.maxDataClassificationLength),\n\n /**\n * Legal basis for data processing.\n * Open vocabulary (e.g., consent, legitimate_interest, contract, legal_obligation).\n */\n processing_basis: z.string().min(1).max(EXTENSION_LIMITS.maxProcessingBasisLength).optional(),\n\n /**\n * Data retention period as ISO 8601 duration.\n * For non-duration retention semantics, use retention_mode instead.\n */\n retention_period: Iso8601DurationSchema.optional(),\n\n /**\n * Retention mode for non-duration semantics.\n * Closed enum: time_bound, indefinite, session_only.\n * When time_bound, retention_period SHOULD also be present.\n */\n retention_mode: RetentionModeSchema.optional(),\n\n /**\n * Data recipient classification.\n * Closed enum aligned with GDPR Art 13-14 disclosure categories.\n */\n recipient_scope: RecipientScopeSchema.optional(),\n\n /**\n * Anonymization or pseudonymization method applied.\n * Open vocabulary (e.g., k_anonymity, differential_privacy, pseudonymization,\n * tokenization, aggregation).\n */\n anonymization_method: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxAnonymizationMethodLength)\n .optional(),\n\n /**\n * Data subject category.\n * Open vocabulary (e.g., customer, employee, minor, patient, student).\n */\n data_subject_category: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxDataSubjectCategoryLength)\n .optional(),\n\n /**\n * Cross-border data transfer mechanism.\n * Open vocabulary (e.g., adequacy_decision, scc, bcr, derogation, consent).\n */\n transfer_mechanism: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxTransferMechanismLength)\n .optional(),\n })\n .strict();\n\nexport type PrivacyExtension = z.infer<typeof PrivacyExtensionSchema>;\n","/**\n * Safety Extension Group (org.peacprotocol/safety)\n *\n * Records safety assessment evidence. Jurisdiction-neutral design.\n * Usage profiles decide when regulatory-specific fields become required.\n *\n * Design:\n * - review_status required (universal assessment lifecycle)\n * - risk_level optional at schema layer; usage profiles may require it\n * - Open taxonomy for assessment_method, safety_measures, category\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.12\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const SAFETY_EXTENSION_KEY = 'org.peacprotocol/safety' as const;\n\n/**\n * Review status: universal safety assessment lifecycle.\n *\n * Closed enum: 4 states cover the assessment lifecycle across\n * EU AI Act, NIST AI RMF, ISO 23894, and general safety review.\n */\nexport const REVIEW_STATUSES = ['reviewed', 'pending', 'flagged', 'not_applicable'] as const;\nexport const ReviewStatusSchema = z.enum(REVIEW_STATUSES);\nexport type ReviewStatus = z.infer<typeof ReviewStatusSchema>;\n\n/**\n * Risk level: converges across EU AI Act Art 6, NIST AI RMF, ISO 23894.\n *\n * Closed enum: 4 risk tiers. Optional at schema level to maintain\n * jurisdiction neutrality; usage profiles may require this field.\n */\nexport const RISK_LEVELS = ['unacceptable', 'high', 'limited', 'minimal'] as const;\nexport const RiskLevelSchema = z.enum(RISK_LEVELS);\nexport type RiskLevel = z.infer<typeof RiskLevelSchema>;\n\nexport const SafetyExtensionSchema = z\n .object({\n /** Safety review status (closed vocabulary, universal lifecycle) */\n review_status: ReviewStatusSchema,\n\n /**\n * Risk classification level.\n * Optional at schema level; usage profiles may require it.\n * Converges across EU AI Act Art 6, NIST AI RMF, ISO 23894.\n */\n risk_level: RiskLevelSchema.optional(),\n\n /**\n * Assessment method used.\n * Open vocabulary (e.g., automated_scan, human_review, red_team,\n * penetration_test, static_analysis, model_evaluation).\n */\n assessment_method: z.string().min(1).max(EXTENSION_LIMITS.maxAssessmentMethodLength).optional(),\n\n /**\n * Safety measures applied.\n * Open vocabulary. Array bounded by maxSafetyMeasuresCount.\n */\n safety_measures: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxSafetyMeasureLength))\n .max(EXTENSION_LIMITS.maxSafetyMeasuresCount)\n .optional(),\n\n /** Incident report reference. Opaque identifier (e.g., ticket ID or digest). */\n incident_ref: z.string().min(1).max(EXTENSION_LIMITS.maxIncidentRefLength).optional(),\n\n /** AI model reference. Opaque identifier (e.g., model version string). */\n model_ref: z.string().min(1).max(EXTENSION_LIMITS.maxModelRefLength).optional(),\n\n /**\n * Safety category.\n * Open vocabulary (e.g., content_safety, bias, hallucination,\n * toxicity, fairness, robustness, privacy_risk).\n */\n category: z.string().min(1).max(EXTENSION_LIMITS.maxSafetyCategoryLength).optional(),\n })\n .strict();\n\nexport type SafetyExtension = z.infer<typeof SafetyExtensionSchema>;\n","/**\n * Compliance Extension Group (org.peacprotocol/compliance)\n *\n * Records regulatory compliance check evidence as an observation.\n * Framework-neutral. Does not assert or certify compliance; records\n * that a check occurred, what framework was evaluated, and what the\n * observed outcome was.\n *\n * Design:\n * - Open taxonomy for framework, auditor, scope (domain-specific)\n * - Closed enum for compliance_status (universal audit conclusion categories)\n * - ISO 8601 durations for validity periods\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport {\n Iso8601DateStringSchema,\n Iso8601DurationSchema,\n Sha256DigestSchema,\n} from './shared-validators.js';\n\nexport const COMPLIANCE_EXTENSION_KEY = 'org.peacprotocol/compliance' as const;\n\n/**\n * Compliance status: maps to ISO 19011 audit conclusion categories.\n *\n * Closed enum: 5 values cover the universal compliance assessment\n * lifecycle across regulatory frameworks.\n */\nexport const COMPLIANCE_STATUSES = [\n 'compliant',\n 'non_compliant',\n 'partial',\n 'under_review',\n 'exempt',\n] as const;\nexport const ComplianceStatusSchema = z.enum(COMPLIANCE_STATUSES);\nexport type ComplianceStatus = z.infer<typeof ComplianceStatusSchema>;\n\nexport const ComplianceExtensionSchema = z\n .object({\n /**\n * Framework identifier evaluated.\n * Open string: preferred grammar is lowercase slugs with hyphens\n * (e.g., eu-ai-act, soc2-type2, iso-27001, nist-ai-rmf, gdpr, hipaa).\n */\n framework: z.string().min(1).max(EXTENSION_LIMITS.maxFrameworkLength),\n\n /** Observed compliance status (closed vocabulary) */\n compliance_status: ComplianceStatusSchema,\n\n /** Opaque reference to audit report or evidence (e.g., report ID, ticket number). */\n audit_ref: z.string().min(1).max(EXTENSION_LIMITS.maxAuditRefLength).optional(),\n\n /** Auditor identifier (organization name or DID). */\n auditor: z.string().min(1).max(EXTENSION_LIMITS.maxAuditorLength).optional(),\n\n /** Date the compliance check was performed (YYYY-MM-DD). */\n audit_date: Iso8601DateStringSchema.optional(),\n\n /** Scope of the compliance check. */\n scope: z.string().min(1).max(EXTENSION_LIMITS.maxComplianceScopeLength).optional(),\n\n /** How long this finding remains valid as an ISO 8601 duration. */\n validity_period: Iso8601DurationSchema.optional(),\n\n /** SHA-256 digest of supporting evidence document. */\n evidence_ref: Sha256DigestSchema.optional(),\n })\n .strict();\n\nexport type ComplianceExtension = z.infer<typeof ComplianceExtensionSchema>;\n","/**\n * Provenance Extension Group (org.peacprotocol/provenance)\n *\n * Records origin tracking and chain of custody as observations.\n *\n * Design:\n * - source_type required, open vocabulary for derivation categories\n * - custody_chain: ordered array of strict nested entries\n * - slsa: structured object recording SLSA-aligned metadata\n * (track-based model; does not certify SLSA compliance)\n * - URI fields are locator hints only; callers MUST NOT auto-fetch\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { HttpsUriHintSchema, Rfc3339DateTimeSchema } from './shared-validators.js';\n\nexport const PROVENANCE_EXTENSION_KEY = 'org.peacprotocol/provenance' as const;\n\n// ---------------------------------------------------------------------------\n// Nested schemas\n// ---------------------------------------------------------------------------\n\n/**\n * A single entry in the custody chain.\n *\n * Records one transfer-of-custody event: who held it, what action\n * occurred, and when. Ordered within the custody_chain array.\n */\nexport const CustodyEntrySchema = z\n .object({\n /** Custodian identifier (organization name, DID, or opaque ID). */\n custodian: z.string().min(1).max(EXTENSION_LIMITS.maxCustodianLength),\n\n /** Action performed (e.g., received, transformed, verified, released). */\n action: z.string().min(1).max(EXTENSION_LIMITS.maxCustodyActionLength),\n\n /** When the custody event occurred (RFC 3339 with seconds). */\n timestamp: Rfc3339DateTimeSchema,\n })\n .strict();\n\nexport type CustodyEntry = z.infer<typeof CustodyEntrySchema>;\n\n/**\n * Structured SLSA-aligned provenance metadata.\n *\n * Uses a track-based model rather than a flat scalar.\n * Records metadata; does not certify compliance.\n */\nexport const SlsaLevelSchema = z\n .object({\n /** SLSA track identifier (e.g., build, source). */\n track: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaTrackLength),\n\n /** SLSA level within the track (0-4). */\n level: z.number().int().min(0).max(4),\n\n /** SLSA spec version this metadata references (e.g., 1.0, 1.2). */\n version: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaVersionLength),\n })\n .strict();\n\nexport type SlsaLevel = z.infer<typeof SlsaLevelSchema>;\n\n// ---------------------------------------------------------------------------\n// Main schema\n// ---------------------------------------------------------------------------\n\nexport const ProvenanceExtensionSchema = z\n .object({\n /**\n * Type of source or derivation.\n * Open vocabulary (e.g., original, derived, curated, synthetic, aggregated, transformed).\n */\n source_type: z.string().min(1).max(EXTENSION_LIMITS.maxSourceTypeLength),\n\n /** Opaque source reference identifier (e.g., commit hash, artifact ID). */\n source_ref: z.string().min(1).max(EXTENSION_LIMITS.maxSourceRefLength).optional(),\n\n /**\n * HTTPS URI hint for the source artifact.\n * Locator hint only: callers MUST NOT auto-fetch.\n */\n source_uri: HttpsUriHintSchema.optional(),\n\n /**\n * HTTPS URI hint for build provenance metadata.\n * Locator hint only: callers MUST NOT auto-fetch.\n */\n build_provenance_uri: HttpsUriHintSchema.optional(),\n\n /**\n * How provenance was verified.\n * Open vocabulary (e.g., signature_check, hash_chain,\n * manual_attestation, transparency_log).\n */\n verification_method: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxVerificationMethodLength)\n .optional(),\n\n /**\n * Ordered custody chain entries.\n * Each entry records a custodian, action, and timestamp.\n */\n custody_chain: z\n .array(CustodyEntrySchema)\n .max(EXTENSION_LIMITS.maxCustodyChainCount)\n .optional(),\n\n /**\n * Structured SLSA-aligned provenance metadata.\n * Records track, level, and spec version.\n */\n slsa: SlsaLevelSchema.optional(),\n })\n .strict();\n\nexport type ProvenanceExtension = z.infer<typeof ProvenanceExtensionSchema>;\n","/**\n * Attribution Extension Group (org.peacprotocol/attribution)\n *\n * Records credit, obligations, and content signal observations.\n *\n * Design:\n * - Identifier and reference-based fields; not identity attestation\n * - Closed enum for content_signal_source (known observation sources)\n * - SPDX license expressions via parser-grade shared validator\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { Sha256DigestSchema, SpdxExpressionSchema } from './shared-validators.js';\n\nexport const ATTRIBUTION_EXTENSION_KEY = 'org.peacprotocol/attribution' as const;\n\n/**\n * Content signal observation source.\n *\n * Closed enum: maps to the known observation sources in the\n * content signals precedence chain.\n */\nexport const CONTENT_SIGNAL_SOURCES = [\n 'tdmrep_json',\n 'content_signal_header',\n 'content_usage_header',\n 'robots_txt',\n 'custom',\n] as const;\nexport const ContentSignalSourceSchema = z.enum(CONTENT_SIGNAL_SOURCES);\nexport type ContentSignalSource = z.infer<typeof ContentSignalSourceSchema>;\n\nexport const AttributionExtensionSchema = z\n .object({\n /**\n * Creator identifier (DID, URI, or opaque ID).\n * Not an identity attestation; records observed attribution metadata.\n */\n creator_ref: z.string().min(1).max(EXTENSION_LIMITS.maxCreatorRefLength),\n\n /** SPDX license expression (parser-grade structural subset validator). */\n license_spdx: SpdxExpressionSchema.optional(),\n\n /**\n * Obligation type.\n * Open vocabulary (e.g., attribution_required, share_alike, non_commercial).\n */\n obligation_type: z.string().min(1).max(EXTENSION_LIMITS.maxObligationTypeLength).optional(),\n\n /** Required attribution text. */\n attribution_text: z.string().min(1).max(EXTENSION_LIMITS.maxAttributionTextLength).optional(),\n\n /** Content signal observation source (closed vocabulary). */\n content_signal_source: ContentSignalSourceSchema.optional(),\n\n /** SHA-256 digest of the attributed content. */\n content_digest: Sha256DigestSchema.optional(),\n })\n .strict();\n\nexport type AttributionExtension = z.infer<typeof AttributionExtensionSchema>;\n","/**\n * Purpose Extension Group (org.peacprotocol/purpose)\n *\n * Records external/legal/business purpose declarations as observations.\n * Explicitly separated from PEAC operational purpose tokens\n * (CanonicalPurpose in purpose.ts).\n *\n * Design:\n * - external_purposes: token-based array (machine-safe, bounded, unique)\n * - peac_purpose_mapping: optional bridge to PEAC operational tokens\n * via PURPOSE_TOKEN_REGEX\n * - No prose-heavy fields at schema layer\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { PURPOSE_TOKEN_REGEX, MAX_PURPOSE_TOKEN_LENGTH } from '../purpose.js';\n\nexport const PURPOSE_EXTENSION_KEY = 'org.peacprotocol/purpose' as const;\n\n/**\n * Machine-safe token schema for purpose label arrays.\n *\n * Reuses PURPOSE_TOKEN_REGEX from purpose.ts for the lexical grammar\n * (lowercase alphanumeric, underscores, hyphens, optional vendor prefix).\n * Semantically independent from PEAC operational CanonicalPurpose tokens.\n */\nconst MachineSafePurposeTokenSchema = z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxExternalPurposeLength)\n .regex(PURPOSE_TOKEN_REGEX, 'must be a machine-safe lowercase token');\n\n/**\n * Check that all items in a string array are unique.\n */\nfunction hasUniqueItems(items: string[]): boolean {\n return new Set(items).size === items.length;\n}\n\nexport const PurposeExtensionSchema = z\n .object({\n /**\n * External/legal/business purpose labels.\n * Machine-safe tokens: lowercase alphanumeric with underscores, hyphens,\n * and optional vendor prefix (e.g., ai_training, analytics, marketing).\n * Not PEAC operational tokens; use peac_purpose_mapping for bridging.\n * Items must be unique.\n */\n external_purposes: z\n .array(MachineSafePurposeTokenSchema)\n .min(1)\n .max(EXTENSION_LIMITS.maxExternalPurposesCount)\n .refine(hasUniqueItems, { message: 'external_purposes must contain unique items' }),\n\n /**\n * Legal or policy basis for the declared purposes.\n * Open vocabulary (e.g., consent, legitimate_interest, contract).\n */\n purpose_basis: z.string().min(1).max(EXTENSION_LIMITS.maxPurposeBasisLength).optional(),\n\n /** Whether purpose limitation applies. */\n purpose_limitation: z.boolean().optional(),\n\n /** Whether data minimization was applied. */\n data_minimization: z.boolean().optional(),\n\n /**\n * Compatible purposes for secondary use.\n * Same machine-safe token grammar as external_purposes.\n * Items must be unique.\n */\n compatible_purposes: z\n .array(MachineSafePurposeTokenSchema)\n .max(EXTENSION_LIMITS.maxCompatiblePurposesCount)\n .refine(hasUniqueItems, { message: 'compatible_purposes must contain unique items' })\n .optional(),\n\n /**\n * Explicit mapping to a PEAC operational CanonicalPurpose token.\n * Validated against PURPOSE_TOKEN_REGEX from purpose.ts.\n * Bridges external purpose vocabulary to operational tokens.\n */\n peac_purpose_mapping: z\n .string()\n .min(1)\n .max(MAX_PURPOSE_TOKEN_LENGTH)\n .regex(PURPOSE_TOKEN_REGEX, 'must be a valid PEAC purpose token')\n .optional(),\n })\n .strict();\n\nexport type PurposeExtension = z.infer<typeof PurposeExtensionSchema>;\n","/**\n * Wire 0.2 Typed Extension Accessor Helpers\n *\n * Each accessor returns the parsed typed value if the key is present,\n * undefined if the key is absent, or throws PEACError with a leaf-precise\n * RFC 6901 JSON Pointer if the key is present but the value is invalid.\n */\n\nimport { z } from 'zod';\nimport { createPEACError, ERROR_CODES } from '../errors.js';\nimport { zodPathToPointer } from './grammar.js';\n\nimport { COMMERCE_EXTENSION_KEY, CommerceExtensionSchema } from './commerce.js';\nimport type { CommerceExtension } from './commerce.js';\nimport { ACCESS_EXTENSION_KEY, AccessExtensionSchema } from './access.js';\nimport type { AccessExtension } from './access.js';\nimport { CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema } from './challenge.js';\nimport type { ChallengeExtension } from './challenge.js';\nimport { IDENTITY_EXTENSION_KEY, IdentityExtensionSchema } from './identity.js';\nimport type { IdentityExtension } from './identity.js';\nimport { CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema } from './correlation.js';\nimport type { CorrelationExtension } from './correlation.js';\nimport { CONSENT_EXTENSION_KEY, ConsentExtensionSchema } from './consent.js';\nimport type { ConsentExtension } from './consent.js';\nimport { PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema } from './privacy.js';\nimport type { PrivacyExtension } from './privacy.js';\nimport { SAFETY_EXTENSION_KEY, SafetyExtensionSchema } from './safety.js';\nimport type { SafetyExtension } from './safety.js';\nimport { COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema } from './compliance.js';\nimport type { ComplianceExtension } from './compliance.js';\nimport { PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema } from './provenance.js';\nimport type { ProvenanceExtension } from './provenance.js';\nimport { ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema } from './attribution.js';\nimport type { AttributionExtension } from './attribution.js';\nimport { PURPOSE_EXTENSION_KEY, PurposeExtensionSchema } from './purpose-extension.js';\nimport type { PurposeExtension } from './purpose-extension.js';\n\n// ---------------------------------------------------------------------------\n// Internal helper\n// ---------------------------------------------------------------------------\n\n/**\n * Extract and validate a known extension group.\n *\n * Returns undefined if the key is absent from extensions.\n * Throws PEACError with leaf-precise RFC 6901 pointer if key is present\n * but value fails schema validation.\n */\nfunction getExtension<T>(\n extensions: Record<string, unknown> | undefined,\n key: string,\n schema: z.ZodType<T>\n): T | undefined {\n if (extensions === undefined) return undefined;\n if (!Object.prototype.hasOwnProperty.call(extensions, key)) return undefined;\n\n const value = extensions[key];\n const result = schema.safeParse(value);\n\n if (result.success) {\n return result.data;\n }\n\n const firstIssue = result.error.issues[0];\n const pointer = zodPathToPointer(key, firstIssue?.path ?? []);\n\n throw createPEACError(ERROR_CODES.E_INVALID_ENVELOPE, 'validation', 'error', false, {\n http_status: 400,\n pointer,\n remediation: `Fix the ${key} extension group value`,\n details: {\n message: firstIssue?.message ?? 'Invalid extension value',\n issues: result.error.issues,\n },\n });\n}\n\n// ---------------------------------------------------------------------------\n// Public typed accessors\n// ---------------------------------------------------------------------------\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getCommerceExtension(\n extensions?: Record<string, unknown>\n): CommerceExtension | undefined {\n return getExtension(extensions, COMMERCE_EXTENSION_KEY, CommerceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getAccessExtension(\n extensions?: Record<string, unknown>\n): AccessExtension | undefined {\n return getExtension(extensions, ACCESS_EXTENSION_KEY, AccessExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getChallengeExtension(\n extensions?: Record<string, unknown>\n): ChallengeExtension | undefined {\n return getExtension(extensions, CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getIdentityExtension(\n extensions?: Record<string, unknown>\n): IdentityExtension | undefined {\n return getExtension(extensions, IDENTITY_EXTENSION_KEY, IdentityExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getCorrelationExtension(\n extensions?: Record<string, unknown>\n): CorrelationExtension | undefined {\n return getExtension(extensions, CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getConsentExtension(\n extensions?: Record<string, unknown>\n): ConsentExtension | undefined {\n return getExtension(extensions, CONSENT_EXTENSION_KEY, ConsentExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getPrivacyExtension(\n extensions?: Record<string, unknown>\n): PrivacyExtension | undefined {\n return getExtension(extensions, PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getSafetyExtension(\n extensions?: Record<string, unknown>\n): SafetyExtension | undefined {\n return getExtension(extensions, SAFETY_EXTENSION_KEY, SafetyExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getComplianceExtension(\n extensions?: Record<string, unknown>\n): ComplianceExtension | undefined {\n return getExtension(extensions, COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getProvenanceExtension(\n extensions?: Record<string, unknown>\n): ProvenanceExtension | undefined {\n return getExtension(extensions, PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getAttributionExtension(\n extensions?: Record<string, unknown>\n): AttributionExtension | undefined {\n return getExtension(extensions, ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getPurposeExtension(\n extensions?: Record<string, unknown>\n): PurposeExtension | undefined {\n return getExtension(extensions, PURPOSE_EXTENSION_KEY, PurposeExtensionSchema);\n}\n","/**\n * Wire 0.2 Extension Schema Map\n *\n * Maps known extension group keys to their Zod schemas.\n * Used by validateKnownExtensions() for group-level validation\n * and by type-to-extension enforcement.\n *\n * This file is the single mutation point for group registration.\n */\n\nimport type { z } from 'zod';\n\nimport { COMMERCE_EXTENSION_KEY, CommerceExtensionSchema } from './commerce.js';\nimport { ACCESS_EXTENSION_KEY, AccessExtensionSchema } from './access.js';\nimport { CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema } from './challenge.js';\nimport { IDENTITY_EXTENSION_KEY, IdentityExtensionSchema } from './identity.js';\nimport { CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema } from './correlation.js';\nimport { CONSENT_EXTENSION_KEY, ConsentExtensionSchema } from './consent.js';\nimport { PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema } from './privacy.js';\nimport { SAFETY_EXTENSION_KEY, SafetyExtensionSchema } from './safety.js';\nimport { COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema } from './compliance.js';\nimport { PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema } from './provenance.js';\nimport { ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema } from './attribution.js';\nimport { PURPOSE_EXTENSION_KEY, PurposeExtensionSchema } from './purpose-extension.js';\n\n/** Map from known extension key to its Zod schema */\nexport const EXTENSION_SCHEMA_MAP = new Map<string, z.ZodTypeAny>();\nEXTENSION_SCHEMA_MAP.set(COMMERCE_EXTENSION_KEY, CommerceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(ACCESS_EXTENSION_KEY, AccessExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(IDENTITY_EXTENSION_KEY, IdentityExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CONSENT_EXTENSION_KEY, ConsentExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(SAFETY_EXTENSION_KEY, SafetyExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PURPOSE_EXTENSION_KEY, PurposeExtensionSchema);\n","/**\n * Wire 0.2 Extension Validation (envelope-level superRefine helper)\n *\n * Validates the extensions record inside Wire02ClaimsSchema.superRefine():\n * 1. Extension key grammar validation\n * 2. Recursive plain-JSON-value guard (rejects non-JSON-safe values)\n * 3. Known extension group schema validation\n * 4. Byte-budget enforcement\n *\n * NORMATIVE: Extension group values MUST be plain JSON values all the\n * way down (objects, arrays, strings, finite numbers, booleans, null).\n * Arbitrary JavaScript objects (functions, Symbols, Dates, BigInt,\n * objects with toJSON(), circular references, non-finite numbers, etc.)\n * are not a supported input class and are rejected at the validation\n * boundary via E_EXTENSION_NON_JSON_VALUE. This ensures cross-language\n * portability and reproducible byte-budget measurement.\n *\n * MEASUREMENT BASIS: Byte budgets are measured as the UTF-8 byte length\n * of ECMAScript JSON.stringify() output on plain JSON data. This is\n * explicitly ECMAScript-defined, not language-neutral canonical JSON.\n * Equivalent objects with different member order can yield different\n * byte counts; if cross-language reproducibility is needed in the\n * future, a canonical JSON profile (e.g., JCS / RFC 8785) can be\n * adopted via a future DD without changing the budget constants.\n * See EXTENSION_BUDGET in @peac/kernel for the full specification.\n *\n * Schema does NOT emit warnings (unknown_extension_preserved belongs\n * in @peac/protocol.verifyLocal(), Layer 3).\n *\n * Layer 1 (@peac/schema): pure Zod validation, zero I/O.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_BUDGET, ERROR_CODES as KERNEL_ERROR_CODES } from '@peac/kernel';\nimport { ERROR_CODES } from '../errors.js';\nimport { isValidExtensionKey } from './grammar.js';\nimport { EXTENSION_SCHEMA_MAP } from './schema-map.js';\n\n// ---------------------------------------------------------------------------\n// UTF-8 byte measurement (browser-safe, no Buffer dependency)\n// ---------------------------------------------------------------------------\n\n/** Shared TextEncoder instance (Layer 1 safe: no I/O, no fetch) */\nconst textEncoder = new TextEncoder();\n\n/**\n * Measure UTF-8 byte length of a JSON-serialized value.\n *\n * Returns Infinity if serialization fails (circular references, BigInt,\n * etc.). Callers treat Infinity as over-budget, which produces a clear\n * E_EXTENSION_SIZE_EXCEEDED error.\n */\nfunction jsonUtf8ByteLength(value: unknown): number {\n try {\n return textEncoder.encode(JSON.stringify(value)).byteLength;\n } catch {\n return Infinity;\n }\n}\n\n// ---------------------------------------------------------------------------\n// Recursive plain-JSON-value guard\n// ---------------------------------------------------------------------------\n\n/**\n * Maximum recursion depth for the plain-JSON guard. Prevents stack\n * overflow on pathologically deep but structurally valid JSON trees.\n * 64 levels deep is far beyond any reasonable extension group shape.\n */\nconst MAX_JSON_GUARD_DEPTH = 64;\n\n/**\n * Recursively check whether a value is a plain JSON value.\n *\n * A plain JSON value is one of:\n * - null\n * - boolean\n * - finite number (NaN, Infinity, -Infinity rejected)\n * - string\n * - plain array where every element is a plain JSON value\n * - plain object (prototype === Object.prototype or null, no toJSON)\n * where every own enumerable value is a plain JSON value\n *\n * Rejects:\n * - Functions, Symbols, BigInt, undefined\n * - Non-finite numbers (NaN, Infinity, -Infinity)\n * - Date, RegExp, Map, Set, TypedArray, Error, Promise\n * - Objects with toJSON() methods (non-reproducible serialization)\n * - Any object with a non-plain prototype\n * - Circular references (detected via depth limit + seen set)\n *\n * @param value - Value to check\n * @param depth - Current recursion depth (bounded by MAX_JSON_GUARD_DEPTH)\n * @param seen - WeakSet for circular reference detection\n * @returns true if the value is a plain JSON value all the way down\n */\nfunction isPlainJsonValueRecursive(value: unknown, depth: number, seen: WeakSet<object>): boolean {\n // Depth guard: reject pathologically deep structures\n if (depth > MAX_JSON_GUARD_DEPTH) return false;\n\n // Primitives\n if (value === null) return true;\n const t = typeof value;\n if (t === 'string' || t === 'boolean') return true;\n if (t === 'number') return Number.isFinite(value as number);\n if (t === 'function' || t === 'symbol' || t === 'bigint' || t === 'undefined') return false;\n\n // Must be an object type from here\n if (t !== 'object') return false;\n const obj = value as object;\n\n // Reference cycle / shared-reference detection.\n // Intentionally rejects shared-but-acyclic subobjects (same JS reference\n // appearing in two places). JSON has no concept of object identity;\n // extensions must be JSON trees, not arbitrary JS object graphs. If the\n // same object appears twice, JSON.stringify would serialize it twice\n // (inflating byte count), and the data model is ambiguous. Rejecting\n // shared references ensures the extension tree matches a true JSON tree.\n if (seen.has(obj)) return false;\n seen.add(obj);\n\n // Array: recursively check every element\n if (Array.isArray(obj)) {\n for (let i = 0; i < obj.length; i++) {\n if (!isPlainJsonValueRecursive(obj[i], depth + 1, seen)) return false;\n }\n return true;\n }\n\n // Must be a plain object (no exotic prototype, no toJSON)\n const proto = Object.getPrototypeOf(obj);\n if (proto !== Object.prototype && proto !== null) return false;\n if (typeof (obj as Record<string, unknown>).toJSON === 'function') return false;\n\n // Recursively check every own enumerable value\n const keys = Object.keys(obj);\n for (const key of keys) {\n if (!isPlainJsonValueRecursive((obj as Record<string, unknown>)[key], depth + 1, seen)) {\n return false;\n }\n }\n\n return true;\n}\n\n/**\n * Check whether a value is a plain JSON value all the way down.\n *\n * This is the public entry point for the recursive guard. It initializes\n * the depth counter and circular-reference detection set.\n *\n * @param value - Value to check\n * @returns true if the entire value tree is plain JSON\n */\nfunction isPlainJsonValue(value: unknown): boolean {\n return isPlainJsonValueRecursive(value, 0, new WeakSet());\n}\n\n// ---------------------------------------------------------------------------\n// Envelope-level extension validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate extensions record in Wire02ClaimsSchema.superRefine().\n *\n * Steps:\n * 1. Validate extension key grammar\n * 2. Recursive guard: reject non-plain-JSON values (E_EXTENSION_NON_JSON_VALUE)\n * 3. Validate known extension groups against their Zod schemas\n * 4. Unconditional byte-budget enforcement\n *\n * @param extensions - The extensions record from Wire 0.2 claims\n * @param ctx - Zod refinement context\n */\nexport function validateKnownExtensions(\n extensions: Record<string, unknown> | undefined,\n ctx: z.RefinementCtx\n): void {\n if (extensions === undefined) return;\n\n const keys = Object.keys(extensions);\n\n for (const key of keys) {\n // Step 1: Validate extension key grammar\n if (!isValidExtensionKey(key)) {\n ctx.addIssue({\n code: 'custom',\n message: ERROR_CODES.E_INVALID_EXTENSION_KEY,\n path: ['extensions', key],\n });\n continue;\n }\n\n // Step 2: Recursive plain-JSON guard\n if (!isPlainJsonValue(extensions[key])) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_NON_JSON_VALUE,\n path: ['extensions', key],\n });\n continue;\n }\n\n // Step 3: Validate known extension groups against their schemas\n const schema = EXTENSION_SCHEMA_MAP.get(key);\n if (schema !== undefined) {\n const result = schema.safeParse(extensions[key]);\n if (!result.success) {\n const firstIssue = result.error.issues[0];\n const issuePath: PropertyKey[] = firstIssue?.path ?? [];\n ctx.addIssue({\n code: 'custom',\n message: firstIssue?.message ?? 'Invalid extension value',\n path: ['extensions', key, ...issuePath],\n });\n }\n }\n }\n\n // Step 4: Byte-budget enforcement (unconditional)\n const totalBytes = jsonUtf8ByteLength(extensions);\n if (totalBytes > EXTENSION_BUDGET.maxTotalBytes) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_SIZE_EXCEEDED,\n path: ['extensions'],\n });\n return;\n }\n\n for (const key of keys) {\n const groupBytes = jsonUtf8ByteLength(extensions[key]);\n if (groupBytes > EXTENSION_BUDGET.maxGroupBytes) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_SIZE_EXCEEDED,\n path: ['extensions', key],\n });\n }\n }\n}\n\n// Exported for testing only\nexport { isPlainJsonValue as _isPlainJsonValue };\n","/**\n * Wire 0.2 Zod schemas and types (v0.12.0-preview.1)\n *\n * This file contains:\n * - Wire02ClaimsSchema: the canonical Zod schema for Wire 0.2 envelopes\n * - Wire02Claims: inferred TypeScript type (z.infer<typeof Wire02ClaimsSchema>)\n * - Supporting schemas: EvidencePillarSchema, PillarsSchema, Wire02KindSchema,\n * ReceiptTypeSchema, CanonicalIssSchema, PolicyBlockSchema\n * - isCanonicalIss(): exported canonical-iss validator\n * - isValidReceiptType(): exported type-grammar validator\n * - checkOccurredAtSkew(): cross-field skew check helper\n *\n * Wire02Claims does NOT live in @peac/kernel (layer violation);\n * it lives here because it references schema-layer types (Correction 4).\n */\n\nimport { z } from 'zod';\nimport {\n ISS_CANONICAL,\n TYPE_GRAMMAR,\n POLICY_BLOCK,\n OCCURRED_AT_TOLERANCE_SECONDS,\n HASH,\n} from '@peac/kernel';\nimport type { EvidencePillar, VerificationWarning } from '@peac/kernel';\nimport { ActorBindingSchema } from './actor-binding.js';\nimport { Wire02RepresentationFieldsSchema } from './wire-02-representation.js';\nimport { validateKnownExtensions } from './wire-02-extensions.js';\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Check that an array is sorted in ascending order with no duplicates.\n * Used to validate the pillars array.\n */\nfunction isSortedAndUnique(arr: readonly string[]): boolean {\n for (let i = 1; i < arr.length; i++) {\n if (arr[i] <= arr[i - 1]) return false;\n }\n return true;\n}\n\n// ---------------------------------------------------------------------------\n// isCanonicalIss (exported helper)\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that an issuer (iss) claim is in canonical form.\n *\n * Accepted schemes:\n * - `https://`: ASCII origin (lowercase scheme+host, no explicit default port\n * (:443 rejected), origin-only, no path/query/fragment/userinfo).\n * Raw Unicode hosts are rejected; punycode (xn--...) is accepted.\n * - `did:`: DID Core identifier (`did:<method>:<id>`) where method is\n * `[a-z0-9]+` and the method-specific-id contains no `#`, `?`, or `/`.\n *\n * All other schemes produce E_ISS_NOT_CANONICAL.\n *\n * @param iss - Issuer claim value to validate\n * @returns true if canonical form; false otherwise\n */\nexport function isCanonicalIss(iss: string): boolean {\n if (typeof iss !== 'string' || iss.length === 0 || iss.length > ISS_CANONICAL.maxLength) {\n return false;\n }\n\n // did: branch: check before URL parsing (did: is a valid URL scheme in some parsers)\n if (iss.startsWith('did:')) {\n // did:<method>:<method-specific-id>\n // Method: lowercase letters and digits only ([a-z0-9]+)\n // Method-specific-id: non-empty, no literal '/', '?', or '#'\n return /^did:[a-z0-9]+:[^#?/]+$/.test(iss);\n }\n\n // https:// branch: try URL constructor for comprehensive validation\n try {\n const url = new URL(iss);\n\n // Must be https: scheme only\n if (url.protocol !== 'https:') return false;\n\n // Non-empty host required\n if (!url.hostname) return false;\n\n // No userinfo (credentials in origins are a security risk)\n if (url.username !== '' || url.password !== '') return false;\n\n // Reconstruct canonical origin (URL spec normalizes hostname to lowercase\n // and removes the default port 443 from url.host).\n // Exact match rejects: uppercase host, trailing slash, default port (:443),\n // path, query, fragment, userinfo, raw Unicode hostname.\n const origin = `${url.protocol}//${url.host}`;\n return iss === origin;\n } catch {\n return false;\n }\n}\n\n// ---------------------------------------------------------------------------\n// isValidReceiptType (exported helper)\n// ---------------------------------------------------------------------------\n\n/** Absolute URI pattern: scheme followed by '://' (RFC 3986 generic-URI) */\nconst ABS_URI_PATTERN = /^[a-z][a-z0-9+.-]*:\\/\\//;\n\n/**\n * Validate that a type claim conforms to the Wire 0.2 type grammar.\n *\n * Accepted forms:\n * - Reverse-DNS notation: `<domain>/<segment>` where `<domain>` has at\n * least one dot (e.g., `org.peacprotocol/commerce`, `com.example/flow`)\n * - Absolute URI: starts with `scheme://` (e.g., `https://example.com/type`)\n *\n * @param value - Type claim value to validate\n * @returns true if valid type grammar; false otherwise\n */\nexport function isValidReceiptType(value: string): boolean {\n if (value.length === 0 || value.length > TYPE_GRAMMAR.maxLength) return false;\n\n // Absolute URI form\n if (ABS_URI_PATTERN.test(value)) return true;\n\n // Reverse-DNS form: <domain>/<segment>\n const slashIdx = value.indexOf('/');\n if (slashIdx <= 0) return false; // no slash, or slash at position 0\n\n const domain = value.slice(0, slashIdx);\n const segment = value.slice(slashIdx + 1);\n\n // Domain must have at least one dot (distinguishes from single-label paths)\n if (!domain.includes('.')) return false;\n\n // Segment must be non-empty\n if (segment.length === 0) return false;\n\n // Domain: letters, digits, dots, hyphens; must start with alphanumeric\n if (!/^[a-zA-Z0-9][a-zA-Z0-9.-]*$/.test(domain)) return false;\n\n // Segment: letters, digits, hyphens, underscores, dots.\n // Additional slashes are NOT permitted in the reverse-DNS form; use an\n // absolute URI (handled by ABS_URI_PATTERN above) for multi-segment paths.\n if (!/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/.test(segment)) return false;\n\n return true;\n}\n\n// ---------------------------------------------------------------------------\n// EvidencePillar schema (closed 10-value taxonomy)\n// ---------------------------------------------------------------------------\n\n/** All 10 registered pillar values in ascending lexicographic order */\nconst EVIDENCE_PILLARS: readonly EvidencePillar[] = [\n 'access',\n 'attribution',\n 'commerce',\n 'compliance',\n 'consent',\n 'identity',\n 'privacy',\n 'provenance',\n 'purpose',\n 'safety',\n];\n\nexport const EvidencePillarSchema = z.enum(\n EVIDENCE_PILLARS as [EvidencePillar, ...EvidencePillar[]]\n);\n\n// ---------------------------------------------------------------------------\n// PillarsSchema (non-empty array, sorted + unique)\n// ---------------------------------------------------------------------------\n\nexport const PillarsSchema = z\n .array(EvidencePillarSchema)\n .min(1)\n .superRefine((arr, ctx) => {\n if (!isSortedAndUnique(arr)) {\n ctx.addIssue({\n code: 'custom',\n message: 'E_PILLARS_NOT_SORTED',\n });\n }\n });\n\n// ---------------------------------------------------------------------------\n// Wire02KindSchema\n// ---------------------------------------------------------------------------\n\nexport const Wire02KindSchema = z.enum(['evidence', 'challenge']);\n\n// ---------------------------------------------------------------------------\n// ReceiptTypeSchema\n// ---------------------------------------------------------------------------\n\nexport const ReceiptTypeSchema = z.string().max(TYPE_GRAMMAR.maxLength).refine(isValidReceiptType, {\n message: 'type must be reverse-DNS notation (e.g., org.example/flow) or an absolute URI',\n});\n\n// ---------------------------------------------------------------------------\n// CanonicalIssSchema\n// ---------------------------------------------------------------------------\n\nexport const CanonicalIssSchema = z.string().max(ISS_CANONICAL.maxLength).refine(isCanonicalIss, {\n message: 'E_ISS_NOT_CANONICAL',\n});\n\n// ---------------------------------------------------------------------------\n// PolicyBlockSchema\n// ---------------------------------------------------------------------------\n\nexport const PolicyBlockSchema = z.object({\n /** JCS+SHA-256 digest: 'sha256:<64 lowercase hex>' */\n digest: z.string().regex(HASH.pattern, 'digest must be sha256:<64 lowercase hex>'),\n /**\n * HTTPS locator hint for the policy document.\n * MUST be an https:// URL (max 2048 chars).\n * MUST NOT trigger auto-fetch; callers use this as a hint only.\n */\n uri: z\n .string()\n .max(POLICY_BLOCK.uriMaxLength)\n .url()\n .refine((u) => u.startsWith('https://'), 'policy.uri must be an https:// URL')\n .optional(),\n /** Caller-assigned version label (max 256 chars) */\n version: z.string().max(POLICY_BLOCK.versionMaxLength).optional(),\n});\n\n// RepresentationFieldsSchema: see wire-02-representation.ts (PR 15)\n\n// ---------------------------------------------------------------------------\n// Wire02ClaimsSchema\n// ---------------------------------------------------------------------------\n\nexport const Wire02ClaimsSchema = z\n .object({\n /** Wire format version discriminant; always '0.2' for Wire 0.2 */\n peac_version: z.literal('0.2'),\n /** Structural kind: 'evidence' or 'challenge' */\n kind: Wire02KindSchema,\n /** Open semantic type (reverse-DNS or absolute URI) */\n type: ReceiptTypeSchema,\n /** Canonical issuer (https:// ASCII origin or did: identifier) */\n iss: CanonicalIssSchema,\n /** Issued-at time (Unix seconds). REQUIRED. */\n iat: z.number().int(),\n /** Unique receipt identifier; 1 to 256 chars */\n jti: z.string().min(1).max(256),\n /** Subject identifier; max 2048 chars */\n sub: z.string().max(2048).optional(),\n /** Evidence pillars (closed 10-value taxonomy); sorted ascending, unique */\n pillars: PillarsSchema.optional(),\n /** Top-level actor binding (sole location for ActorBinding in Wire 0.2) */\n actor: ActorBindingSchema.optional(),\n /** Policy binding block */\n policy: PolicyBlockSchema.optional(),\n /** Representation fields: FingerprintRef validation, sha256-only, strict */\n representation: Wire02RepresentationFieldsSchema.optional(),\n /** ISO 8601 / RFC 3339 timestamp when the interaction occurred; evidence kind only */\n occurred_at: z.string().datetime({ offset: true }).optional(),\n /** Declared purpose string; max 256 chars */\n purpose_declared: z.string().max(256).optional(),\n /** Extension groups (open; known group keys validated by group schema) */\n extensions: z.record(z.string(), z.unknown()).optional(),\n })\n .superRefine((data, ctx) => {\n // occurred_at is prohibited on challenge-kind receipts\n if (data.kind === 'challenge' && data.occurred_at !== undefined) {\n ctx.addIssue({\n code: 'custom',\n message: 'E_OCCURRED_AT_ON_CHALLENGE',\n });\n }\n // Validate known extension groups + reject malformed key grammar\n validateKnownExtensions(data.extensions, ctx);\n })\n .strict();\n\n/** Inferred type for Wire 0.2 receipt claims */\nexport type Wire02Claims = z.infer<typeof Wire02ClaimsSchema>;\n\n// ---------------------------------------------------------------------------\n// checkOccurredAtSkew (Correction 5)\n// ---------------------------------------------------------------------------\n\n/**\n * Check the occurred_at field for temporal consistency.\n *\n * Rules (evidence kind only; caller must not call for challenge kind):\n * - If occurred_at > now + tolerance: hard error (E_OCCURRED_AT_FUTURE)\n * - If occurred_at > iat (within tolerance): warning (occurred_at_skew)\n * - If occurred_at <= iat: valid, no warning\n * - If occurred_at is undefined: no check performed\n *\n * @param occurredAt - Value of the occurred_at claim, or undefined\n * @param iat - iat claim value (Unix seconds)\n * @param now - Current time (Unix seconds)\n * @param tolerance - Allowed future skew in seconds (default: OCCURRED_AT_TOLERANCE_SECONDS)\n * @returns 'future_error' for hard error, VerificationWarning for skew warning, null for valid\n */\nexport function checkOccurredAtSkew(\n occurredAt: string | undefined,\n iat: number,\n now: number,\n tolerance: number = OCCURRED_AT_TOLERANCE_SECONDS\n): VerificationWarning | 'future_error' | null {\n if (occurredAt === undefined) return null;\n\n const ts = Date.parse(occurredAt) / 1000;\n if (isNaN(ts)) return null; // unparseable; parse error surfaces from schema validation\n\n if (ts > now + tolerance) return 'future_error';\n\n if (ts > iat) {\n return {\n code: 'occurred_at_skew',\n message: 'occurred_at is after iat',\n pointer: '/occurred_at',\n };\n }\n\n return null;\n}\n","/**\n * Unified Receipt Parser\n *\n * Single entry point for classifying and validating receipt claims.\n * Supports Wire 0.1 (commerce and attestation) and Wire 0.2 receipts.\n *\n * Wire 0.1 classification uses key presence ('amt' in obj), NOT truthy values.\n * If any of amt|cur|payment are present, the receipt is classified as commerce.\n * If commerce validation fails, it returns a commerce error -- never falls\n * through to attestation.\n *\n * Wire 0.2 detection uses the peac_version field (value '0.2').\n */\n\nimport { ZodError } from 'zod';\nimport type { VerificationWarning } from '@peac/kernel';\nimport { ReceiptClaimsSchema, type ReceiptClaimsType } from './validators.js';\nimport {\n AttestationReceiptClaimsSchema,\n type AttestationReceiptClaims,\n} from './attestation-receipt.js';\nimport { Wire02ClaimsSchema, type Wire02Claims } from './wire-02-envelope.js';\n\n/**\n * Receipt variant discriminator for Wire 0.1\n */\nexport type ReceiptVariant = 'commerce' | 'attestation' | 'wire-02';\n\n/**\n * Parse error with canonical error code\n */\nexport interface PEACParseError {\n /** Canonical error code from specs/kernel/errors.json */\n code: string;\n /** Human-readable message */\n message: string;\n /** Zod issues (if schema validation failed) */\n issues?: ZodError['issues'];\n}\n\n/**\n * Successful parse result (v0.12.0-preview.1: adds wireVersion and warnings)\n */\nexport interface ParseSuccess {\n ok: true;\n variant: ReceiptVariant;\n /** Wire version of the parsed receipt */\n wireVersion: '0.1' | '0.2';\n /** Verification warnings collected during parsing (Wire 0.1: always []) */\n warnings: VerificationWarning[];\n claims: ReceiptClaimsType | AttestationReceiptClaims | Wire02Claims;\n}\n\n/**\n * Failed parse result\n */\nexport interface ParseFailure {\n ok: false;\n error: PEACParseError;\n}\n\n/**\n * Parse result type\n */\nexport type ParseReceiptResult = ParseSuccess | ParseFailure;\n\n/**\n * Options for parseReceiptClaims\n */\nexport interface ParseReceiptOptions {\n /** Wire version hint; if provided, skips auto-detection */\n wireVersion?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Wire version detection\n// ---------------------------------------------------------------------------\n\n/**\n * Detect the wire version of a receipt payload.\n *\n * Wire 0.2 receipts contain a `peac_version: '0.2'` field.\n * Wire 0.1 receipts have no `peac_version` field.\n *\n * @param obj - Raw claims object\n * @returns '0.2' if Wire 0.2, '0.1' if Wire 0.1, null if indeterminate\n */\nexport function detectWireVersion(obj: unknown): '0.1' | '0.2' | null {\n if (obj === null || obj === undefined || typeof obj !== 'object' || Array.isArray(obj)) {\n return null;\n }\n const record = obj as Record<string, unknown>;\n if (record.peac_version === '0.2') return '0.2';\n if ('peac_version' in record) return null; // peac_version present but not '0.2'\n return '0.1';\n}\n\n// ---------------------------------------------------------------------------\n// Wire 0.1 helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Classify a Wire 0.1 claims object as commerce or attestation.\n *\n * Uses key presence (not truthiness). If ANY of amt, cur, payment\n * are present as keys, the receipt is classified as commerce.\n */\nfunction classifyWire01Receipt(obj: Record<string, unknown>): 'commerce' | 'attestation' {\n if ('amt' in obj || 'cur' in obj || 'payment' in obj) {\n return 'commerce';\n }\n return 'attestation';\n}\n\n// ---------------------------------------------------------------------------\n// Main parser\n// ---------------------------------------------------------------------------\n\n/**\n * Parse and validate receipt claims.\n *\n * Unified entry point for Wire 0.1 (commerce + attestation) and Wire 0.2\n * receipt validation. Wire version is auto-detected from the `peac_version`\n * field unless `opts.wireVersion` overrides it.\n *\n * Wire 0.1 classification is strict: if any commerce key (amt, cur, payment)\n * is present, the receipt MUST validate as commerce. There is no fallback to\n * attestation for Wire 0.1.\n *\n * @param input - Raw claims object (typically decoded from JWS payload)\n * @param opts - Optional parse options\n * @returns Parse result with variant discrimination, wireVersion, warnings, and validated claims\n */\nexport function parseReceiptClaims(input: unknown, opts?: ParseReceiptOptions): ParseReceiptResult {\n // Guard: input must be a non-null object\n if (input === null || input === undefined || typeof input !== 'object' || Array.isArray(input)) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_INVALID_INPUT',\n message: 'Input must be a non-null object',\n },\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Determine wire version\n const wireVersion =\n opts?.wireVersion === '0.2' || opts?.wireVersion === '0.1'\n ? opts.wireVersion\n : detectWireVersion(obj);\n\n if (wireVersion === null) {\n return {\n ok: false,\n error: {\n code: 'E_UNSUPPORTED_WIRE_VERSION',\n message: `Unsupported or unrecognized peac_version: ${JSON.stringify(obj['peac_version'])}`,\n },\n };\n }\n\n // ---------------------------------------------------------------------------\n // Wire 0.2 path\n // ---------------------------------------------------------------------------\n if (wireVersion === '0.2') {\n const result = Wire02ClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_INVALID_FORMAT',\n message: `Wire 0.2 receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'wire-02',\n wireVersion: '0.2',\n warnings: [],\n claims: result.data,\n };\n }\n\n // ---------------------------------------------------------------------------\n // Wire 0.1 path (existing logic unchanged)\n // ---------------------------------------------------------------------------\n const variant = classifyWire01Receipt(obj);\n\n if (variant === 'commerce') {\n const result = ReceiptClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_COMMERCE_INVALID',\n message: `Commerce receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'commerce',\n wireVersion: '0.1',\n warnings: [],\n claims: result.data,\n };\n }\n\n // Attestation path\n const result = AttestationReceiptClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_ATTESTATION_INVALID',\n message: `Attestation receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'attestation',\n wireVersion: '0.1',\n warnings: [],\n claims: result.data,\n };\n}\n","/**\n * Wire 0.2 verification warning codes and collector (v0.12.0-preview.1)\n *\n * Warning codes are append-only stable string literals. Warnings do NOT affect\n * the allow/deny decision unless caller policy requires it.\n *\n * Warnings MUST be sorted by (pointer ascending, code ascending);\n * undefined pointer sorts before any string value.\n *\n * RFC 6901 JSON Pointer escaping: '/' in keys is escaped as '~1', '~' as '~0'.\n */\n\nimport type { VerificationWarning } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// Warning code constants (append-only)\n// ---------------------------------------------------------------------------\n\n/** type claim does not match any registered type in the receipt_types registry */\nexport const WARNING_TYPE_UNREGISTERED = 'type_unregistered' as const;\n\n/** Unknown extension key was encountered and preserved (no schema validation) */\nexport const WARNING_UNKNOWN_EXTENSION = 'unknown_extension_preserved' as const;\n\n/** occurred_at is after iat by more than zero but within the tolerance window */\nexport const WARNING_OCCURRED_AT_SKEW = 'occurred_at_skew' as const;\n\n/** JWS typ header was absent; interop mode accepted the token without typ */\nexport const WARNING_TYP_MISSING = 'typ_missing' as const;\n\n/** Registered type has a mapped extension group, but that group is absent from extensions */\nexport const WARNING_EXTENSION_GROUP_MISSING = 'extension_group_missing' as const;\n\n/** Registered type has a mapped extension group, but a different registered group is present instead */\nexport const WARNING_EXTENSION_GROUP_MISMATCH = 'extension_group_mismatch' as const;\n\n// ---------------------------------------------------------------------------\n// Warning sorting\n// ---------------------------------------------------------------------------\n\n/**\n * Sort warnings by (pointer ascending, code ascending).\n * Warnings with undefined pointer sort before those with a defined pointer.\n *\n * @param warnings - Array of VerificationWarning objects to sort\n * @returns New array sorted in canonical order\n */\nexport function sortWarnings(warnings: VerificationWarning[]): VerificationWarning[] {\n return [...warnings].sort((a, b) => {\n const aHasPtr = a.pointer !== undefined;\n const bHasPtr = b.pointer !== undefined;\n\n // undefined pointer sorts before any defined pointer\n if (!aHasPtr && bHasPtr) return -1;\n if (aHasPtr && !bHasPtr) return 1;\n\n // Both have the same pointer presence; compare values if both defined\n if (aHasPtr && bHasPtr) {\n const cmp = (a.pointer as string).localeCompare(b.pointer as string);\n if (cmp !== 0) return cmp;\n }\n\n // Same pointer (or both undefined): sort by code\n return a.code.localeCompare(b.code);\n });\n}\n","/**\n * Wire 0.2 recommended receipt type and extension group registries.\n *\n * Single source of truth: specs/kernel/registries.json\n * Generated constants: @peac/kernel registries.generated.ts\n *\n * Used by @peac/protocol.verifyLocal() to emit type_unregistered and\n * unknown_extension_preserved warnings for valid-but-unrecognized values.\n */\n\nimport { RECEIPT_TYPES, EXTENSION_GROUPS } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// Recommended receipt types (derived from generated registry)\n// ---------------------------------------------------------------------------\n\n/**\n * Recommended receipt type values from the receipt_types registry.\n * A type NOT in this set triggers a type_unregistered warning (not an error).\n */\nexport const REGISTERED_RECEIPT_TYPES: ReadonlySet<string> = new Set(\n RECEIPT_TYPES.map((entry) => entry.id)\n);\n\n// ---------------------------------------------------------------------------\n// Core extension group keys (derived from generated registry)\n// ---------------------------------------------------------------------------\n\n/**\n * Core extension group keys that have typed schemas in @peac/schema.\n * An extension key NOT in this set (but passing grammar validation)\n * triggers an unknown_extension_preserved warning (not an error).\n *\n * Derived from EXTENSION_GROUPS in @peac/kernel (generated from\n * specs/kernel/registries.json). No manual maintenance required.\n */\nexport const REGISTERED_EXTENSION_GROUP_KEYS: ReadonlySet<string> = new Set(\n EXTENSION_GROUPS.map((entry) => entry.id)\n);\n","/**\n * Policy binding comparison (Layer 1)\n *\n * Pure string comparison with no I/O and no crypto imports.\n * The digest format is 'sha256:<64 lowercase hex>'.\n *\n * This function handles only the binary match/mismatch decision. The full\n * 3-state result ('verified' | 'failed' | 'unavailable') is computed by\n * checkPolicyBinding() in @peac/protocol (Layer 3), which handles the\n * absent-digest case and invokes computePolicyDigestJcs() for hashing.\n */\n\n/**\n * Compare a receipt policy digest against a locally-computed digest.\n *\n * Returns 'verified' if the two digests match exactly, 'failed' otherwise.\n * Both arguments must be present; callers must handle the absent-digest case\n * (producing 'unavailable') before calling this function.\n *\n * @param receiptDigest - policy.digest from the receipt claims\n * @param localDigest - digest computed from the caller's local policy bytes\n * @returns 'verified' on exact match, 'failed' on mismatch\n */\nexport function verifyPolicyBinding(\n receiptDigest: string,\n localDigest: string\n): 'verified' | 'failed' {\n return receiptDigest === localDigest ? 'verified' : 'failed';\n}\n","/**\n * Issuer Configuration Schema Extensions (v0.11.3+)\n *\n * Zod schemas for revoked_keys field in peac-issuer.json.\n * Reason values aligned with RFC 5280 CRLReason subset\n * (only values meaningful for receipt signing keys).\n *\n * @packageDocumentation\n */\n\nimport { z } from 'zod';\n\n/**\n * Revocation reasons: RFC 5280 CRLReason subset relevant to receipt signing keys.\n */\nexport const REVOCATION_REASONS = [\n 'key_compromise',\n 'superseded',\n 'cessation_of_operation',\n 'privilege_withdrawn',\n] as const;\n\nexport type RevocationReason = (typeof REVOCATION_REASONS)[number];\n\n/**\n * Schema for a single revoked key entry.\n */\nexport const RevokedKeyEntrySchema = z\n .object({\n /** Key ID that was revoked */\n kid: z.string().min(1).max(256),\n /** ISO 8601 timestamp of revocation */\n revoked_at: z.string().datetime(),\n /** Revocation reason (optional, RFC 5280 CRLReason subset) */\n reason: z.enum(REVOCATION_REASONS).optional(),\n })\n .strict();\n\nexport type RevokedKeyEntryInput = z.input<typeof RevokedKeyEntrySchema>;\nexport type RevokedKeyEntryOutput = z.output<typeof RevokedKeyEntrySchema>;\n\n/**\n * Schema for the revoked_keys array in issuer configuration.\n * Maximum 100 entries to prevent unbounded growth.\n */\nexport const RevokedKeysArraySchema = z.array(RevokedKeyEntrySchema).max(100);\n\n/**\n * Validate a revoked_keys array.\n * Returns a discriminated result (no exceptions).\n */\nexport function validateRevokedKeys(\n data: unknown\n): { ok: true; value: RevokedKeyEntryOutput[] } | { ok: false; error: string } {\n const result = RevokedKeysArraySchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.issues.map((i) => i.message).join('; ') };\n}\n\n/**\n * Check if a kid is present in a revoked_keys array.\n * Returns the revocation entry if found, null otherwise.\n */\nexport function findRevokedKey(\n revokedKeys: RevokedKeyEntryOutput[],\n kid: string\n): RevokedKeyEntryOutput | null {\n return revokedKeys.find((entry) => entry.kid === kid) ?? null;\n}\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/normalize.ts","../src/purpose.ts","../src/constraints.ts","../src/json.ts","../src/agent-identity.ts","../src/attribution.ts","../src/constants.ts","../src/validators.ts","../src/actor-binding.ts","../src/extensions/credential-event.ts","../src/extensions/tool-registry.ts","../src/extensions/control-action.ts","../src/extensions/treaty.ts","../src/extensions/fingerprint-ref.ts","../src/dispute.ts","../src/workflow.ts","../src/interaction.ts","../src/obligations.ts","../src/attestation-receipt.ts","../src/carrier.ts","../src/wire-02-representation.ts","../src/wire-02-extensions/limits.ts","../src/wire-02-extensions/grammar.ts","../src/wire-02-extensions/commerce.ts","../src/wire-02-extensions/access.ts","../src/wire-02-extensions/challenge.ts","../src/wire-02-extensions/identity.ts","../src/wire-02-extensions/correlation.ts","../src/wire-02-extensions/shared-validators.ts","../src/wire-02-extensions/consent.ts","../src/wire-02-extensions/privacy.ts","../src/wire-02-extensions/safety.ts","../src/wire-02-extensions/compliance.ts","../src/wire-02-extensions/provenance.ts","../src/wire-02-extensions/attribution.ts","../src/wire-02-extensions/purpose-extension.ts","../src/wire-02-extensions/accessors.ts","../src/wire-02-extensions/schema-map.ts","../src/wire-02-extensions/validation.ts","../src/wire-02-envelope.ts","../src/receipt-parser.ts","../src/wire-02-warnings.ts","../src/wire-02-registries.ts","../src/policy-binding.ts","../src/issuer-config.ts"],"names":["z","httpsUrl","uuidv7","ReceiptRefSchema","KERNEL_ERROR_CODES","EXTENSION_BUDGET","HASH","result"],"mappings":";;;;;;AAkBO,IAAM,0BAAA,GAAoC,MAAA,CAAA;AAsG1C,IAAM,WAAA,GAAc;AAAA;AAAA,EAEzB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,uBAAA,EAAyB,yBAAA;AAAA,EACzB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,iBAAA,EAAmB,mBAAA;AAAA,EACnB,mBAAA,EAAqB,qBAAA;AAAA;AAAA,EAGrB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,cAAA,EAAgB,gBAAA;AAAA,EAChB,aAAA,EAAe,eAAA;AAAA,EACf,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,gBAAA,EAAkB,kBAAA;AAAA;AAAA,EAGlB,mBAAA,EAAqB,qBAAA;AAAA,EACrB,qBAAA,EAAuB,uBAAA;AAAA,EACvB,eAAA,EAAiB,iBAAA;AAAA;AAAA,EAGjB,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,sBAAA,EAAwB,wBAAA;AAAA,EACxB,yBAAA,EAA2B,2BAAA;AAAA,EAC3B,qBAAA,EAAuB,uBAAA;AAAA,EACvB,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,2BAAA,EAA6B,6BAAA;AAAA,EAC7B,0BAAA,EAA4B,4BAAA;AAAA,EAC5B,yBAAA,EAA2B,2BAAA;AAAA;AAAA,EAG3B,sBAAA,EAAwB,wBAAA;AAAA;AAAA,EAGxB,uBAAA,EAAyB;AAC3B;AAUO,SAAS,eAAA,CACd,IAAA,EACA,QAAA,EACA,QAAA,EACA,WACA,OAAA,EAMW;AACX,EAAA,OAAO;AAAA,IACL,IAAA;AAAA,IACA,QAAA;AAAA,IACA,QAAA;AAAA,IACA,SAAA;AAAA,IACA,GAAG;AAAA,GACL;AACF;AAQO,SAAS,0BAAA,CAA2B,SAAiB,IAAA,EAAuC;AACjG,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,mBAAA,EAAqB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACpF,WAAA,EAAa,GAAA;AAAA,IACb,SAAS,IAAA,GAAO,GAAA,GAAM,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA,GAAI,MAAA;AAAA,IACvC,WAAA,EACE,iHAAA;AAAA,IACF,OAAA,EAAS,EAAE,OAAA;AAAQ,GACpB,CAAA;AACH;AAWO,SAAS,kCAAkC,OAAA,EAA6B;AAC7E,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,0BAAA,EAA4B,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IAC3F,WAAA,EAAa,GAAA;AAAA,IACb,OAAA,EAAS,iCAAA;AAAA,IACT,WAAA,EAAa,2DAAA;AAAA,IACb,OAAA,EAAS,EAAE,OAAA,EAAS,OAAA,IAAW,0BAAA;AAA2B,GAC3D,CAAA;AACH;AAOO,SAAS,8BACd,MAAA,EACW;AACX,EAAA,MAAM,QAAA,GAAW;AAAA,IACf,WAAA,EAAa,+BAAA;AAAA,IACb,gBAAA,EAAkB,gCAAA;AAAA,IAClB,KAAA,EAAO;AAAA,GACT;AACA,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,sBAAA,EAAwB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACvF,WAAA,EAAa,GAAA;AAAA,IACb,OAAA,EAAS,iDAAA;AAAA,IACT,WAAA,EAAa,4DAAA;AAAA,IACb,SAAS,EAAE,MAAA,EAAQ,OAAA,EAAS,QAAA,CAAS,MAAM,CAAA;AAAE,GAC9C,CAAA;AACH;AAYO,SAAS,+BACd,UAAA,EAMW;AACX,EAAA,MAAM,KAAA,GAAQ,WAAW,CAAC,CAAA;AAC1B,EAAA,MAAM,UAAU,UAAA,CACb,GAAA,CAAI,CAAC,CAAA,KAAM,GAAG,CAAA,CAAE,UAAU,CAAA,UAAA,EAAa,CAAA,CAAE,MAAM,CAAA,SAAA,EAAY,CAAA,CAAE,KAAK,CAAA,CAAA,CAAG,CAAA,CACrE,KAAK,IAAI,CAAA;AACZ,EAAA,OAAO,eAAA,CAAgB,WAAA,CAAY,sBAAA,EAAwB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IACvF,WAAA,EAAa,GAAA;AAAA,IACb,SAAS,KAAA,EAAO,IAAA;AAAA,IAChB,WAAA,EAAa,8DAAA;AAAA,IACb,SAAS,EAAE,OAAA,EAAS,CAAA,4BAAA,EAA+B,OAAO,IAAI,UAAA;AAAW,GAC1E,CAAA;AACH;;;ACjMA,SAAS,iBAAiB,OAAA,EAA6C;AACrE,EAAA,MAAM,MAAA,GAA4B;AAAA,IAChC,MAAM,OAAA,CAAQ,IAAA;AAAA,IACd,WAAW,OAAA,CAAQ,SAAA;AAAA,IACnB,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,UAAU,OAAA,CAAQ,QAAA;AAAA,IAClB,OAAO,OAAA,CAAQ,KAAA;AAAA,IACf,KAAK,OAAA,CAAQ;AAAA,GACf;AAGA,EAAA,IAAI,OAAA,CAAQ,YAAY,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC3B;AACA,EAAA,IAAI,OAAA,CAAQ,eAAe,MAAA,EAAW;AACpC,IAAA,MAAA,CAAO,aAAa,OAAA,CAAQ,UAAA;AAAA,EAC9B;AACA,EAAA,IAAI,OAAA,CAAQ,YAAY,MAAA,EAAW;AACjC,IAAA,MAAA,CAAO,UAAU,OAAA,CAAQ,OAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,MAAA;AACT;AAKA,SAAS,qBAAqB,IAAA,EAA0C;AACtE,EAAA,OAAO;AAAA,IACL,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,QAAQ,IAAA,CAAK;AAAA,GACf;AACF;AAKA,SAAS,iBAAiB,OAAA,EAA0C;AAClE,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,OAAA,CAAQ,KAAA,CAAM,GAAA,CAAI,oBAAoB;AAAA,GAC/C;AACF;AAkCO,SAAS,aAAa,KAAA,EAAqD;AAEhF,EAAA,IAAI,QAAQ,KAAA,IAAS,KAAA,CAAM,EAAA,KAAO,IAAA,IAAQ,aAAa,KAAA,EAAO;AAC5D,IAAA,MAAM,MAAA,GAAS,KAAA;AACf,IAAA,IAAI,MAAA,CAAO,YAAY,UAAA,EAAY;AACjC,MAAA,OAAO,kBAAA,CAAmB,OAAO,MAA2B,CAAA;AAAA,IAC9D;AACA,IAAA,OAAO,qBAAA,CAAsB,OAAO,MAAkC,CAAA;AAAA,EACxE;AAEA,EAAA,OAAO,mBAAmB,KAA0B,CAAA;AACtD;AAEA,SAAS,mBAAmB,MAAA,EAAuC;AACjE,EAAA,MAAM,MAAA,GAAqB;AAAA,IACzB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,GAAI,MAAA,CAAO,GAAA,KAAQ,UAAa,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IAClD,GAAI,MAAA,CAAO,GAAA,KAAQ,UAAa,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IAClD,GAAI,OAAO,OAAA,KAAY,MAAA,IAAa,EAAE,OAAA,EAAS,gBAAA,CAAiB,MAAA,CAAO,OAAO,CAAA;AAAE,GAClF;AAEA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,MAAM,MAAA,CAAO,GAAA;AAAA,EACtB;AAEA,EAAA,IAAI,MAAA,CAAO,YAAY,MAAA,EAAW;AAChC,IAAA,MAAA,CAAO,OAAA,GAAU,EAAE,GAAA,EAAK,MAAA,CAAO,QAAQ,GAAA,EAAI;AAAA,EAC7C;AAEA,EAAA,IAAI,MAAA,CAAO,GAAA,EAAK,OAAA,KAAY,MAAA,EAAW;AACrC,IAAA,MAAA,CAAO,OAAA,GAAU,gBAAA,CAAiB,MAAA,CAAO,GAAA,CAAI,OAAO,CAAA;AAAA,EACtD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,sBAAsB,MAAA,EAA8C;AAC3E,EAAA,MAAM,MAAA,GAAqB;AAAA,IACzB,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,KAAK,MAAA,CAAO;AAAA,GACd;AAEA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,MAAM,MAAA,CAAO,GAAA;AAAA,EACtB;AAIA,EAAA,IAAI,MAAA,CAAO,QAAQ,MAAA,EAAW;AAC5B,IAAA,MAAA,CAAO,OAAA,GAAU,EAAE,GAAA,EAAK,MAAA,CAAO,GAAA,EAAI;AAAA,EACrC;AAEA,EAAA,OAAO,MAAA;AACT;;;AChIO,IAAM,mBAAA,GACX;AAGK,IAAM,wBAAA,GAA2B;AAGjC,IAAM,8BAAA,GAAiC;AAGvC,IAAM,kBAAA,GAAkD;AAAA,EAC7D,OAAA;AAAA,EACA,QAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAGO,IAAM,eAAA,GAA4C;AAAA,EACvD,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAGO,IAAM,2BAAA,GAA+C;AAkBrD,SAAS,oBAAoB,KAAA,EAAsC;AACxE,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,EAAU,OAAO,KAAA;AACtC,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,KAAA,CAAM,MAAA,GAAS,0BAA0B,OAAO,KAAA;AAC1E,EAAA,OAAO,mBAAA,CAAoB,KAAK,KAAK,CAAA;AACvC;AAQO,SAAS,mBAAmB,KAAA,EAA0C;AAC3E,EAAA,OAAQ,kBAAA,CAAyC,SAAS,KAAK,CAAA;AACjE;AAQO,SAAS,gBAAgB,KAAA,EAAuC;AACrE,EAAA,OAAO,KAAA,KAAU,OAAA,IAAW,KAAA,KAAU,UAAA,IAAc,KAAA,KAAU,UAAA;AAChE;AAQO,SAAS,qBAAqB,MAAA,EAAyC;AAC5E,EAAA,OAAQ,eAAA,CAAsC,SAAS,MAAM,CAAA;AAC/D;AAUO,SAAS,oBAAoB,KAAA,EAAwB;AAC1D,EAAA,OAAO,KAAA,KAAU,2BAAA;AACnB;AAgBO,SAAS,sBAAsB,KAAA,EAAuB;AAC3D,EAAA,OAAO,KAAA,CAAM,IAAA,EAAK,CAAE,WAAA,EAAY;AAClC;AAgBO,SAAS,mBAAmB,WAAA,EAAqC;AACtE,EAAA,IAAI,CAAC,WAAA,IAAe,OAAO,WAAA,KAAgB,QAAA,EAAU;AACnD,IAAA,OAAO,EAAC;AAAA,EACV;AAEA,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,MAAM,SAAyB,EAAC;AAEhC,EAAA,KAAA,MAAW,IAAA,IAAQ,WAAA,CAAY,KAAA,CAAM,GAAG,CAAA,EAAG;AACzC,IAAA,MAAM,UAAA,GAAa,sBAAsB,IAAI,CAAA;AAC7C,IAAA,IAAI,WAAW,MAAA,GAAS,CAAA,IAAK,CAAC,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA,EAAG;AAClD,MAAA,IAAA,CAAK,IAAI,UAAU,CAAA;AACnB,MAAA,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,IACxB;AAAA,EACF;AAEA,EAAA,OAAO,MAAA;AACT;AAqBO,SAAS,sBAAsB,MAAA,EAAiD;AACrF,EAAA,MAAM,gBAA0B,EAAC;AACjC,EAAA,IAAI,iBAAA,GAAoB,KAAA;AAExB,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC9B,MAAA,iBAAA,GAAoB,IAAA;AAAA,IACtB;AACA,IAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,MAAA,aAAA,CAAc,KAAK,KAAK,CAAA;AAAA,IAC1B;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,aAAA,CAAc,MAAA,KAAW,CAAA,IAAK,CAAC,iBAAA;AAAA,IACtC,MAAA;AAAA,IACA,aAAA;AAAA,IACA;AAAA,GACF;AACF;AAWO,SAAS,oBAAoB,QAAA,EAA8C;AAChF,EAAA,OAAO,QAAA,CAAS,OAAO,kBAAkB,CAAA;AAC3C;AASA,IAAM,mBAAA,GAA+D;AAAA,EACnE,KAAA,EAAO,OAAA;AAAA;AAAA,EACP,QAAA,EAAU,WAAA;AAAA;AAAA,EACV,QAAA,EAAU;AAAA;AACZ,CAAA;AAeO,SAAS,qBAAqB,MAAA,EAA4C;AAC/E,EAAA,MAAM,SAAA,GAAY,oBAAoB,MAAM,CAAA;AAC5C,EAAA,OAAO;AAAA,IACL,SAAA;AAAA,IACA,YAAA,EAAc,CAAA,eAAA,EAAkB,MAAM,CAAA,gBAAA,EAAmB,SAAS,CAAA,CAAA;AAAA,GACpE;AACF;AAUO,SAAS,+BACd,KAAA,EAI0D;AAC1D,EAAA,IAAI,kBAAA,CAAmB,KAAK,CAAA,EAAG;AAC7B,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAM;AAAA,EACzC;AACA,EAAA,IAAI,eAAA,CAAgB,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,EAAE,SAAS,mBAAA,CAAoB,KAAK,GAAG,MAAA,EAAQ,IAAA,EAAM,MAAM,KAAA,EAAM;AAAA,EAC1E;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,SAAS,IAAA,EAAK;AACxD;AA8DO,SAAS,uBAAuB,OAAA,EAA8C;AAEnF,EAAA,IAAI,CAAC,QAAQ,QAAA,EAAU;AACrB,IAAA,OAAO,oBAAA;AAAA,EACT;AAGA,EAAA,IAAI,QAAQ,gBAAA,EAAkB;AAC5B,IAAA,OAAO,mBAAA;AAAA,EACT;AAGA,EAAA,MAAM,QAAA,GAAW,QAAQ,QAAA,IAAY,SAAA;AACrC,EAAA,QAAQ,QAAA;AAAU,IAChB,KAAK,SAAA;AACH,MAAA,OAAO,SAAA;AAAA,IACT,KAAK,aAAA;AACH,MAAA,OAAO,aAAA;AAAA,IACT,KAAK,QAAA;AACH,MAAA,OAAO,QAAA;AAAA,IACT,KAAK,YAAA;AACH,MAAA,OAAO,YAAA;AAAA,IACT;AACE,MAAA,OAAO,SAAA;AAAA;AAEb;AAQO,SAAS,wBAAwB,MAAA,EAAiC;AACvE,EAAA,OAAO,OAAO,IAAA,CAAK,CAAC,UAAU,CAAC,kBAAA,CAAmB,KAAK,CAAC,CAAA;AAC1D;;;ACxZO,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,gBAAA,EAAkB,EAAA;AAAA;AAAA,EAElB,gBAAA,EAAkB,GAAA;AAAA;AAAA,EAElB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,KAAA;AAAA;AAAA,EAEnB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,kBAAA,EAAoB;AACtB;AA0CO,SAAS,0BAA0B,MAAA,EAA6C;AACrF,EAAA,MAAM,aAAoC,EAAC;AAE3C,EAAA,IAAI,WAAW,IAAA,IAAQ,MAAA,KAAW,MAAA,IAAa,OAAO,WAAW,QAAA,EAAU;AACzE,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,UAAA,EAAW;AAAA,EACnC;AAMA,EAAA,IAAI,UAAA,GAAa,CAAA;AACjB,EAAA,MAAM,KAAA,GAAgE;AAAA,IACpE,EAAE,KAAA,EAAO,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG,MAAM,EAAA;AAAG,GACtC;AAEA,EAAA,OAAO,KAAA,CAAM,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,EAAI;AACvB,IAAA,UAAA,EAAA;AAGA,IAAA,IAAI,UAAA,GAAa,mBAAmB,eAAA,EAAiB;AACnD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,iBAAA;AAAA,QACZ,MAAA,EAAQ,UAAA;AAAA,QACR,OAAO,kBAAA,CAAmB,eAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AACD,MAAA;AAAA,IACF;AAKA,IAAA,IAAI,IAAA,CAAK,KAAA,GAAQ,kBAAA,CAAmB,gBAAA,EAAkB;AACpD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,kBAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,KAAA;AAAA,QACb,OAAO,kBAAA,CAAmB,gBAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAK,KAAA,KAAU,IAAA,IAAQ,OAAO,IAAA,CAAK,UAAU,QAAA,EAAU;AACzD,MAAA,IAAI,OAAO,IAAA,CAAK,KAAA,KAAU,QAAA,EAAU;AAElC,QAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,kBAAA,CAAmB,iBAAA,EAAmB;AAC5D,UAAA,UAAA,CAAW,IAAA,CAAK;AAAA,YACd,UAAA,EAAY,mBAAA;AAAA,YACZ,MAAA,EAAQ,KAAK,KAAA,CAAM,MAAA;AAAA,YACnB,OAAO,kBAAA,CAAmB,iBAAA;AAAA,YAC1B,MAAM,IAAA,CAAK;AAAA,WACZ,CAAA;AAAA,QACH;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AAC7B,MAAA,IAAI,IAAA,CAAK,KAAA,CAAM,MAAA,GAAS,kBAAA,CAAmB,gBAAA,EAAkB;AAC3D,QAAA,UAAA,CAAW,IAAA,CAAK;AAAA,UACd,UAAA,EAAY,kBAAA;AAAA,UACZ,MAAA,EAAQ,KAAK,KAAA,CAAM,MAAA;AAAA,UACnB,OAAO,kBAAA,CAAmB,gBAAA;AAAA,UAC1B,MAAM,IAAA,CAAK;AAAA,SACZ,CAAA;AAAA,MACH;AAEA,MAAA,KAAA,IAAS,IAAI,IAAA,CAAK,KAAA,CAAM,SAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AAC/C,QAAA,KAAA,CAAM,IAAA,CAAK;AAAA,UACT,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,CAAC,CAAA;AAAA,UACnB,KAAA,EAAO,KAAK,KAAA,GAAQ,CAAA;AAAA,UACpB,IAAA,EAAM,CAAA,EAAG,IAAA,CAAK,IAAI,IAAI,CAAC,CAAA,CAAA;AAAA,SACxB,CAAA;AAAA,MACH;AACA,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,KAAgC,CAAA;AAC9D,IAAA,IAAI,IAAA,CAAK,MAAA,GAAS,kBAAA,CAAmB,eAAA,EAAiB;AACpD,MAAA,UAAA,CAAW,IAAA,CAAK;AAAA,QACd,UAAA,EAAY,iBAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,OAAO,kBAAA,CAAmB,eAAA;AAAA,QAC1B,MAAM,IAAA,CAAK;AAAA,OACZ,CAAA;AAAA,IACH;AAEA,IAAA,KAAA,IAAS,IAAI,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACzC,MAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAClB,MAAA,MAAM,SAAA,GAAY,KAAK,IAAA,GAAO,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,GAAK,GAAA;AACtD,MAAA,KAAA,CAAM,IAAA,CAAK;AAAA,QACT,KAAA,EAAQ,IAAA,CAAK,KAAA,CAAkC,GAAG,CAAA;AAAA,QAClD,KAAA,EAAO,KAAK,KAAA,GAAQ,CAAA;AAAA,QACpB,IAAA,EAAM;AAAA,OACP,CAAA;AAAA,IACH;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,UAAA,CAAW,MAAA,KAAW,GAAG,UAAA,EAAW;AACtD;;;ACtKA,SAAS,cAAc,KAAA,EAAkD;AACvE,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,OAAO,KAAA,KAAU,QAAA,EAAU;AAC/C,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,KAAK,CAAA;AACzC,EAAA,OAAO,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,IAAA;AACjD;AAQA,IAAM,gBAAA,GAAmB,CAAA,CAAE,MAAA,EAAO,CAAE,MAAA,EAAO;AAKpC,IAAM,mBAAA,GAAsB,CAAA,CAAE,KAAA,CAAM,CAAC,EAAE,MAAA,EAAO,EAAG,gBAAA,EAAkB,CAAA,CAAE,OAAA,EAAQ,EAAG,CAAA,CAAE,IAAA,EAAM,CAAC;AAKhG,IAAM,iBAAA,GAAoB,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAO,aAAA,EAAe;AAAA,EAC1D,OAAA,EAAS;AACX,CAAC,CAAA;AAmBM,IAAM,kBAAwC,CAAA,CAAE,IAAA;AAAA,EAAK,MAC1D,EAAE,KAAA,CAAM;AAAA,IACN,mBAAA;AAAA,IACA,CAAA,CAAE,MAAM,eAAe,CAAA;AAAA;AAAA,IAEvB,iBAAA,CAAkB,SAAA,CAAU,CAAC,GAAA,KAAQ,GAA8B,CAAA,CAAE,IAAA;AAAA,MACnE,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,IAAU,eAAe;AAAA;AACtC,GACD;AACH;AAOO,IAAM,mBAA0C,iBAAA,CAAkB,SAAA;AAAA,EACvE,CAAC,GAAA,KAAQ;AACX,CAAA,CAAE,KAAK,CAAA,CAAE,MAAA,CAAO,EAAE,MAAA,EAAO,EAAG,eAAe,CAAC;AAKrC,IAAM,eAAA,GAAwC,CAAA,CAAE,KAAA,CAAM,eAAe;AASrE,IAAM,oBAAA,GAAuB;AAAA;AAAA,EAElC,UAAU,kBAAA,CAAmB,gBAAA;AAAA;AAAA,EAE7B,gBAAgB,kBAAA,CAAmB,gBAAA;AAAA;AAAA,EAEnC,eAAe,kBAAA,CAAmB,eAAA;AAAA;AAAA,EAElC,iBAAiB,kBAAA,CAAmB,iBAAA;AAAA;AAAA,EAEpC,eAAe,kBAAA,CAAmB;AACpC;AA6DO,SAAS,uBAAA,CACd,KAAA,EACA,MAAA,GAA6B,EAAC,EACZ;AAClB,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,QAAA,IAAY,oBAAA,CAAqB,QAAA;AACzD,EAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,cAAA,IAAkB,oBAAA,CAAqB,cAAA;AACrE,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,oBAAA,CAAqB,aAAA;AACnE,EAAA,MAAM,eAAA,GAAkB,MAAA,CAAO,eAAA,IAAmB,oBAAA,CAAqB,eAAA;AACvE,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,oBAAA,CAAqB,aAAA;AAKnE,EAAA,MAAM,OAAA,uBAAc,OAAA,EAAgB;AAGpC,EAAA,IAAI,SAAA,GAAY,CAAA;AAGhB,EAAA,MAAM,KAAA,GAAsB,CAAC,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAO,IAAA,EAAM,EAAC,EAAG,KAAA,EAAO,CAAA,EAAG,CAAA;AAEzE,EAAA,OAAO,KAAA,CAAM,SAAS,CAAA,EAAG;AACvB,IAAA,MAAM,KAAA,GAAQ,MAAM,GAAA,EAAI;AAGxB,IAAA,IAAI,KAAA,CAAM,SAAS,MAAA,EAAQ;AACzB,MAAA,OAAA,CAAQ,MAAA,CAAO,MAAM,GAAG,CAAA;AACxB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,EAAE,KAAA,EAAO,OAAA,EAAS,IAAA,EAAM,OAAM,GAAI,KAAA;AAGxC,IAAA,SAAA,EAAA;AACA,IAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,wCAAwC,aAAa,CAAA,CAAA,CAAA;AAAA,QAC5D;AAAA,OACF;AAAA,IACF;AAGA,IAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO,kCAAkC,QAAQ,CAAA,CAAA,CAAA;AAAA,QACjD;AAAA,OACF;AAAA,IACF;AAGA,IAAA,IAAI,YAAY,IAAA,EAAM;AACpB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,OAAO,OAAO,OAAA;AAEpB,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAK,OAAA,CAAmB,SAAS,eAAA,EAAiB;AAChD,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,yCAAyC,eAAe,CAAA,CAAA,CAAA;AAAA,UAC/D;AAAA,SACF;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,OAAiB,CAAA,EAAG;AACvC,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,sBAAsB,OAAO,CAAA,CAAA;AAAA,UACpC;AAAA,SACF;AAAA,MACF;AACA,MAAA;AAAA,IACF;AAEA,IAAA,IAAI,SAAS,SAAA,EAAW;AACtB,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,SAAS,WAAA,EAAa;AACxB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,+BAA+B,IAAA,EAAK;AAAA,IACjE;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,4BAA4B,IAAA,EAAK;AAAA,IAC9D;AAEA,IAAA,IAAI,SAAS,UAAA,EAAY;AACvB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,8BAA8B,IAAA,EAAK;AAAA,IAChE;AAEA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,4BAA4B,IAAA,EAAK;AAAA,IAC9D;AAGA,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,MAAM,GAAA,GAAM,OAAA;AAIZ,MAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,EAAG;AACpB,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,kCAAkC,IAAA,EAAK;AAAA,MACpE;AAGA,MAAA,OAAA,CAAQ,IAAI,GAAG,CAAA;AACf,MAAA,KAAA,CAAM,IAAA,CAAK,EAAE,IAAA,EAAM,MAAA,EAAQ,KAAK,CAAA;AAGhC,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,QAAA,IAAI,GAAA,CAAI,SAAS,cAAA,EAAgB;AAC/B,UAAA,OAAO;AAAA,YACL,EAAA,EAAI,KAAA;AAAA,YACJ,KAAA,EAAO,wCAAwC,cAAc,CAAA,CAAA,CAAA;AAAA,YAC7D;AAAA,WACF;AAAA,QACF;AAEA,QAAA,KAAA,IAAS,IAAI,GAAA,CAAI,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACxC,UAAA,KAAA,CAAM,KAAK,EAAE,IAAA,EAAM,OAAA,EAAS,KAAA,EAAO,IAAI,CAAC,CAAA,EAAG,IAAA,EAAM,CAAC,GAAG,IAAA,EAAM,CAAC,GAAG,KAAA,EAAO,KAAA,GAAQ,GAAG,CAAA;AAAA,QACnF;AACA,QAAA;AAAA,MACF;AAGA,MAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AACvC,MAAA,IAAI,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,IAAA,EAAM;AAChD,QAAA,MAAM,eAAA,GAAkB,GAAA,CAAI,WAAA,EAAa,IAAA,IAAQ,SAAA;AACjD,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,qBAAqB,eAAe,CAAA,mBAAA,CAAA;AAAA,UAC3C;AAAA,SACF;AAAA,MACF;AAGA,MAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC5B,MAAA,IAAI,IAAA,CAAK,SAAS,aAAA,EAAe;AAC/B,QAAA,OAAO;AAAA,UACL,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,4CAA4C,aAAa,CAAA,CAAA,CAAA;AAAA,UAChE;AAAA,SACF;AAAA,MACF;AAEA,MAAA,KAAA,IAAS,IAAI,IAAA,CAAK,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACzC,QAAA,MAAM,GAAA,GAAM,KAAK,CAAC,CAAA;AAClB,QAAA,KAAA,CAAM,IAAA,CAAK;AAAA,UACT,IAAA,EAAM,OAAA;AAAA,UACN,KAAA,EAAQ,IAAgC,GAAG,CAAA;AAAA,UAC3C,IAAA,EAAM,CAAC,GAAG,IAAA,EAAM,GAAG,CAAA;AAAA,UACnB,OAAO,KAAA,GAAQ;AAAA,SAChB,CAAA;AAAA,MACH;AACA,MAAA;AAAA,IACF;AAGA,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,OAAO,CAAA,cAAA,EAAiB,IAAI,IAAI,IAAA,EAAK;AAAA,EAC3D;AAEA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AACpB;;;AC9TO,IAAM,oBAAoBA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,gBAAgB,CAAC;AAM/D,IAAM,aAAA,GAAgB,CAAC,UAAA,EAAY,gBAAgB;AAgBnD,IAAM,iBAAA,GAAoBA,EAAE,IAAA,CAAK;AAAA,EACtC,wBAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,aAAA,GAAgB,CAAC,wBAAA,EAA0B,MAAA,EAAQ,QAAQ,gBAAgB;AAWjF,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAGhC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,gBAAA,EAAkBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,CAAA;AAAA;AAAA,EAGpD,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAUI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,MAAA,EAAQ,iBAAA;AAAA;AAAA,EAGR,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA,CAAE,QAAQ,OAAO,CAAA;AAAA;AAAA,EAGvC,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxC,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG1C,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAG7C,OAAA,EAAS,qBAAqB,QAAA;AAChC,CAAC,EACA,MAAA;AAaI,IAAM,2BAAA,GAA8BA,EACxC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,YAAA,EAAc,iBAAA;AAAA;AAAA,EAGd,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3D,gBAAA,EAAkBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA;AAAA,EAG/D,KAAA,EAAO,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGjC,iBAAA,EAAmBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGvD,UAAUA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvC,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtC,QAAA,EAAUA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAG,eAAe,EAAE,QAAA;AAClD,CAAC,EACA,MAAA;AAUI,IAAM,mBAAA,GAAsB;AA4B5B,IAAM,8BAAA,GAAiCA,EAC3C,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,mBAAmB,CAAA;AAAA;AAAA,EAGnC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAYI,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,oBAAA,EAAsBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAG9C,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGpC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAaI,IAAM,2BAAA,GAA8BA,EACxC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,YAAA,EAAc,iBAAA;AAAA;AAAA,EAGd,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGjC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGjC,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,EAAE;AACxC,CAAC,EACA,MAAA;AAuBI,SAAS,iCACd,IAAA,EAC8E;AAC9E,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,IAAI,CAAA;AAC5D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,2BAA2B,WAAA,EAEC;AAC1C,EAAA,OAAO,YAAY,IAAA,KAAS,mBAAA;AAC9B;AAiDO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,MAAM,QAAA,GAAkC;AAAA,IACtC,UAAU,MAAA,CAAO,QAAA;AAAA,IACjB,cAAc,MAAA,CAAO;AAAA,GACvB;AAEA,EAAA,IAAI,OAAO,YAAA,EAAc;AACvB,IAAA,QAAA,CAAS,eAAe,MAAA,CAAO,YAAA;AAAA,EACjC;AACA,EAAA,IAAI,OAAO,gBAAA,EAAkB;AAC3B,IAAA,QAAA,CAAS,mBAAmB,MAAA,CAAO,gBAAA;AAAA,EACrC;AACA,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,QAAA,CAAS,QAAQ,MAAA,CAAO,KAAA;AAAA,EAC1B;AACA,EAAA,IAAI,OAAO,iBAAA,EAAmB;AAC5B,IAAA,QAAA,CAAS,oBAAoB,MAAA,CAAO,iBAAA;AAAA,EACtC;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AACA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,QAAA,CAAS,UAAU,MAAA,CAAO,OAAA;AAAA,EAC5B;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AAEnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,WAAA,GAAwC;AAAA,IAC5C,IAAA,EAAM,mBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AACA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,WAAA,CAAY,MAAM,MAAA,CAAO,GAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,WAAA;AACT;AAQO,SAAS,wBACd,IAAA,EACqE;AACrE,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,IAAI,CAAA;AACnD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,wBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;AC3bO,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,UAAA,EAAY,GAAA;AAAA;AAAA,EAEZ,QAAA,EAAU,CAAA;AAAA;AAAA,EAEV,kBAAA,EAAoB,KAAA;AAAA;AAAA,EAEpB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,mBAAA,EAAqB,IAAA;AAAA;AAAA,EAErB,gBAAA,EAAkB;AACpB;AAUO,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,OAAA,CAAQ,SAAS;AAM/C,IAAM,kBAAA,GAAqBA,CAAAA,CAAE,OAAA,CAAQ,WAAW;AAkBhD,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAK,mBAAA;AAAA;AAAA,EAGL,KAAA,EAAOA,CAAAA,CACJ,MAAA,EAAO,CACP,GAAA,CAAI,EAAE,CAAA,CACN,GAAA,CAAI,EAAE,CAAA,CACN,KAAA,CAAM,kBAAA,EAAoB,8BAA8B,CAAA;AAAA;AAAA,EAG3D,GAAA,EAAK;AACP,CAAC,EACA,MAAA;AAgBI,IAAM,sBAAA,GAAyBA,EAAE,IAAA,CAAK;AAAA,EAC3C,gBAAA;AAAA,EACA,aAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,kBAAA,GAAqB;AAAA,EAChC,gBAAA;AAAA,EACA,aAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF;AAeO,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK;AAAA,EACzC,UAAA;AAAA,EACA,WAAA;AAAA,EACA,KAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,mBAAmB,CAAC,UAAA,EAAY,WAAA,EAAa,KAAA,EAAO,aAAa,WAAW;AAczF,IAAM,gBAAA,GAAmBA,CAAAA,CACtB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,mBAAmB,CAAA,CAC1C,MAAA;AAAA,EACC,CAAC,GAAA,KAAQ;AAEP,IAAA,IAAI,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG,OAAO,IAAA;AAEnC,IAAA,IAAI,GAAA,CAAI,WAAW,UAAU,CAAA,IAAK,IAAI,UAAA,CAAW,SAAS,GAAG,OAAO,IAAA;AAEpE,IAAA,IAAI,GAAA,CAAI,UAAA,CAAW,mBAAmB,CAAA,EAAG,OAAO,IAAA;AAChD,IAAA,OAAO,KAAA;AAAA,EACT,CAAA;AAAA,EACA,EAAE,SAAS,mFAAA;AACb,CAAA;AAmBK,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,WAAA,EAAa,gBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASb,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGpD,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGzC,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGzC,KAAA,EAAO,sBAAA;AAAA;AAAA,EAGP,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA;AACnC,CAAC,EACA,MAAA;AAYI,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAM,uBAAuB,CAAA,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,UAAU,CAAA;AAAA;AAAA,EAGlF,eAAA,EAAiB,oBAAA;AAAA;AAAA,EAGjB,WAAA,EAAa,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAGxC,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAGvE,kBAAA,EAAoBA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGxD,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAUA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAG,eAAe,EAAE,QAAA;AAClD,CAAC,EACA,MAAA;AAUI,IAAM,gBAAA,GAAmB;AAyBzB,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,gBAAgB,CAAA;AAAA;AAAA,EAGhC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAiCI,SAAS,oBACd,IAAA,EACiE;AACjE,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,SAAA,CAAU,IAAI,CAAA;AAC/C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,0BACd,IAAA,EACuE;AACvE,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,SAAA,CAAU,IAAI,CAAA;AACrD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAkBO,SAAS,+BACd,IAAA,EAC4E;AAC5E,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,SAAA,CAAU,IAAI,CAAA;AAC1D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,yBAAyB,WAAA,EAEC;AACxC,EAAA,OAAO,YAAY,IAAA,KAAS,gBAAA;AAC9B;AA8CO,SAAS,6BACd,MAAA,EACwB;AACxB,EAAA,MAAM,QAAA,GAAgC;AAAA,IACpC,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,iBAAiB,MAAA,CAAO;AAAA,GAC1B;AAEA,EAAA,IAAI,OAAO,WAAA,EAAa;AACtB,IAAA,QAAA,CAAS,cAAc,MAAA,CAAO,WAAA;AAAA,EAChC;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AACA,EAAA,IAAI,OAAO,kBAAA,EAAoB;AAC7B,IAAA,QAAA,CAAS,qBAAqB,MAAA,CAAO,kBAAA;AAAA,EACvC;AACA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,QAAA,CAAS,aAAa,MAAA,CAAO,UAAA;AAAA,EAC/B;AACA,EAAA,IAAI,OAAO,QAAA,EAAU;AACnB,IAAA,QAAA,CAAS,WAAW,MAAA,CAAO,QAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,WAAA,GAAsC;AAAA,IAC1C,IAAA,EAAM,gBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,IAClC;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AACA,EAAA,IAAI,OAAO,GAAA,EAAK;AACd,IAAA,WAAA,CAAY,MAAM,MAAA,CAAO,GAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,WAAA;AACT;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,wBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;AAQO,SAAS,mBAAmB,OAAA,EAAkD;AACnF,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,MAAA,KAAW,MAAS,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,MAAgB,CAAA;AAC3F,EAAA,IAAI,OAAA,CAAQ,WAAW,CAAA,EAAG;AACxB,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAQ,MAAA,CAAO,CAAC,KAAK,CAAA,KAAM,GAAA,GAAM,GAAG,CAAC,CAAA;AAC9C;AASO,SAAS,oBAAA,CACd,OAAA,EACA,OAAA,mBAAuB,IAAI,KAAI,EACX;AACpB,EAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,IAAA,IAAI,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,WAAW,CAAA,EAAG;AACnC,MAAA,OAAO,MAAA,CAAO,WAAA;AAAA,IAChB;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AC/hBO,IAAM,aAAA,GAAgB;AAKtB,IAAM,WAAW,UAAA,CAAW;AAK5B,IAAM,sBAAsB,OAAA,CAAQ;AAKpC,IAAM,sBAAsB,OAAA,CAAQ;AACpC,IAAM,8BAA8B,OAAA,CAAQ;AAC5C,IAAM,6BAA6B,OAAA,CAAQ;AAM3C,IAAM,mBAAmB,MAAA,CAAO;AAKhC,IAAM,4BAA4B,MAAA,CAAO;AAKzC,IAAM,wBAAwB,MAAA,CAAO;AAMrC,IAAM,0BAA0B,aAAA,CAAc;AAK9C,IAAM,6BAA6B,aAAA,CAAc;AAKjD,IAAM,+BAA+B,aAAA,CAAc;AAKnD,IAAM,sBAAsB,SAAA,CAAU;AAKtC,IAAM,wBAAA,GAA2B;AAUjC,IAAM,uBAAA,GACX;ACrEF,IAAM,QAAA,GAAWA,CAAAA,CACd,MAAA,EAAO,CACP,GAAA,EAAI,CACJ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,UAAA,CAAW,UAAU,GAAG,kBAAkB,CAAA;AAC7D,IAAM,OAAA,GAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,MAAM,YAAY,CAAA;AAC7C,IAAM,MAAA,GAASA,CAAAA,CACZ,MAAA,EAAO,CACP,MAAM,wEAAwE,CAAA;AAE1E,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA,EACN,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EACrC,QAAA,EAAU,OAAA;AAAA,EACV,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACzB,QAAA,EAAU,gBAAgB,QAAA,EAAS;AAAA,EACnC,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,EACA,MAAA;AAEI,IAAM,OAAA,GAAUA,EAAE,MAAA,CAAO,EAAE,KAAK,QAAA,EAAU,EAAE,MAAA;AAE5C,IAAM,cAAA,GAAiBA,EAC3B,MAAA,CAAO;AAAA,EACN,GAAA,EAAK,QAAA;AAAA,EACL,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC;AACxB,CAAC,EACA,MAAA;AAII,IAAM,UAAA,GAAaA,EACvB,MAAA,CAAO;AAAA,EACN,eAAA,EAAiB,eAAe,QAAA;AAAS;AAE3C,CAAC,CAAA,CACA,QAAA,CAASA,CAAAA,CAAE,OAAA,EAAS;AAShB,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA,EACN,GAAA,EAAKA,CAAAA,CAAE,OAAA,CAAQ,aAAa,CAAA;AAAA,EAC5B,GAAA,EAAKA,CAAAA,CAAE,OAAA,CAAQ,QAAQ,CAAA;AAAA,EACvB,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC;AACvB,CAAC,EACA,MAAA;AAMI,IAAM,SAAA,GAAY;AAIzB,IAAM,yBAAyB,CAAC,OAAA,EAAS,QAAA,EAAU,aAAA,EAAe,aAAa,OAAO,CAAA;AACtF,IAAM,mBAAA,GAAsB;AAAA,EAC1B,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF,CAAA;AAEO,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA,EACN,GAAA,EAAK,QAAA;AAAA,EACL,GAAA,EAAK,QAAA;AAAA,EACL,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EAClC,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EAC/B,GAAA,EAAK,MAAA;AAAA,EACL,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EAClC,GAAA,EAAK,OAAA;AAAA,EACL,OAAA,EAAS,iBAAA;AAAA,EACT,OAAA,EAAS,QAAQ,QAAA,EAAS;AAAA,EAC1B,GAAA,EAAK,WAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAGzB,kBAAkBA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA;AAAA,EAE/C,gBAAA,EAAkBA,CAAAA,CAAE,IAAA,CAAK,sBAAsB,EAAE,QAAA,EAAS;AAAA;AAAA,EAE1D,cAAA,EAAgBA,CAAAA,CAAE,IAAA,CAAK,mBAAmB,EAAE,QAAA;AAC9C,CAAC,EACA,MAAA;AAaI,IAAM,aAAA,GAAgB;AAEtB,IAAM,aAAA,GAAgBA,EAC1B,MAAA,CAAO;AAAA,EACN,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE;AAChC,CAAC,EACA,MAAA;AAeI,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK;AAAA,EACzC,OAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,WAAA;AAAA,EACA,aAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAC;AAKM,IAAM,0BAAA,GAA6BA,EAAE,IAAA,CAAK;AAAA,EAC/C,cAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF,CAAC;AAKM,IAAM,wBAAwBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAC;AAKhE,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,MAAA,EAAQ,qBAAA;AAAA,EACR,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC5B,OAAA,EAAS,qBAAqB,QAAA,EAAS;AAAA,EACvC,cAAA,EAAgB,2BAA2B,QAAA,EAAS;AAAA,EACpD,KAAA,EAAOA,CAAAA,CAAE,KAAA,CAAM,CAACA,EAAE,MAAA,EAAO,EAAGA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,EAC3D,eAAA,EAAiBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACtC,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAKM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA,EACN,OAAOA,CAAAA,CAAE,KAAA,CAAM,iBAAiB,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA,EACvC,QAAA,EAAU,qBAAA;AAAA,EACV,UAAA,EAAYA,CAAAA,CAAE,OAAA,CAAQ,cAAc,EAAE,QAAA;AACxC,CAAC,CAAA,CACA,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,MAAM,UAAA,GAAa,KAAK,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,MAAM,CAAA;AACnE,IAAA,MAAM,QAAA,GAAW,KAAK,KAAA,CAAM,KAAA,CAAM,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,OAAO,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,KAAK,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,IAAA,CAAK,WAAW,QAAQ,CAAA;AAEpE,IAAA,IAAI,UAAA,IAAc,IAAA,CAAK,QAAA,KAAa,MAAA,EAAQ;AAC1C,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,IAAI,QAAA,IAAY,IAAA,CAAK,QAAA,KAAa,OAAA,EAAS;AACzC,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,SAAA,IAAa,CAAC,UAAA,IAAc,IAAA,CAAK,aAAa,MAAA,EAAQ;AACxD,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAgBK,IAAM,qBAAqBA,CAAAA,CAC/B,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,wBAAwB,CAAA,CAC5B,OAAO,CAAC,KAAA,KAAU,mBAAA,CAAoB,IAAA,CAAK,KAAK,CAAA,EAAG;AAAA,EAClD,OAAA,EACE;AACJ,CAAC;AAQI,IAAM,sBAAA,GAAyBA,EAAE,IAAA,CAAK;AAAA,EAC3C,OAAA;AAAA,EACA,QAAA;AAAA,EACA,aAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAOM,IAAM,mBAAA,GAAsBA,EAAE,IAAA,CAAK;AAAA,EACxC,SAAA;AAAA,EACA,aAAA;AAAA,EACA,QAAA;AAAA,EACA,YAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF,CAAC;AAeM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA,EACN,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA,EAChD,QAAA,EAAU,QAAQ,QAAA,EAAS;AAAA,EAC3B,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EACzC,MAAMA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACjC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACxC,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,CAAA,CACA,MAAA,EAAO,CACP,MAAA,CAAO,CAAC,IAAA,KAAS,IAAA,CAAK,MAAA,KAAW,MAAA,IAAa,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW;AAAA,EACvE,OAAA,EAAS;AACX,CAAC;AAkBI,IAAM,uBAAuBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,UAAA,EAAY,MAAM,CAAC;AAOlE,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA,EACN,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,QAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA,EACrC,QAAA,EAAU,OAAA;AAAA,EACV,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,KAAKA,CAAAA,CAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,MAAM,CAAC,CAAA;AAAA,EAC5B,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACpC,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EAC5C,QAAA,EAAU,eAAA;AAAA,EACV,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACvC,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAM,kBAAkB,EAAE,QAAA,EAAS;AAAA,EAC7C,OAAA,EAAS,qBAAqB,QAAA;AAChC,CAAC,EACA,MAAA;AASI,IAAM,oBAAoBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,KAAA,EAAO,OAAO,CAAC;AAU1D,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA,EACN,EAAA,EAAIA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACpB,IAAA,EAAM,iBAAA;AAAA,EACN,MAAA,EAAQA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5C,QAAA,EAAU,iBAAiB,QAAA;AAC7B,CAAC,EACA,MAAA;AAUI,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA,EACN,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC7B,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA,EAAS;AAAA,EACnC,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,EAAE,QAAA;AAC7B,CAAC,EACA,MAAA;AAYI,IAAM,mBAAmBA,CAAAA,CAAE,MAAA;AAAA,EAChCA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,8BAA8B,CAAA;AAAA,EAC/C;AACF;AAUO,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA,EACN,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACxB,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACtB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EAC3C,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EAC/B,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAOH,IAAM,gBAAA,uBAAuB,GAAA,EAAY;AAKzC,SAAS,aAAa,EAAA,EAAqB;AAEzC,EAAA,IAAI,4BAAA,CAA6B,IAAA,CAAK,EAAE,CAAA,EAAG;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,iBAAiB,IAAA,CAAK,EAAA,CAAG,QAAQ,WAAA,EAAa,EAAE,CAAC,CAAA,EAAG;AACtD,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,KAAA;AACT;AASO,SAAS,wBACd,QAAA,EACqD;AACrD,EAAA,IAAI,QAAA,KAAa,MAAA,IAAa,QAAA,KAAa,IAAA,EAAM;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,SAAA,GAAY,4BAAA,CAA6B,KAAA,CAAM,QAAQ,CAAA;AAG7D,EAAA,MAAM,SAAA,GAAY,UAAU,OAAA,CAAQ,EAAA;AACpC,EAAA,IAAI,aAAa,SAAS,CAAA,IAAK,CAAC,gBAAA,CAAiB,GAAA,CAAI,SAAS,CAAA,EAAG;AAC/D,IAAA,gBAAA,CAAiB,IAAI,SAAS,CAAA;AAC9B,IAAA,OAAA,CAAQ,IAAA;AAAA,MACN,wCAAwC,SAAS,CAAA,kEAAA;AAAA,KAEnD;AAAA,EACF;AAEA,EAAA,OAAO,SAAA;AACT;AAgCO,SAAS,gBAAA,CACd,UACA,MAAA,EAC0B;AAC1B,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,QAAA,EAAU,MAAM,CAAA;AAEvD,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,0BAAA,CAA2B,MAAA,CAAO,KAAA,EAAO,OAAO,IAAI;AAAA,KAC7D;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,QAAA,EAAS;AACrC;AC5dO,IAAM,WAAA,GAAc;AAAA,EACzB,oBAAA;AAAA,EACA,cAAA;AAAA,EACA,sBAAA;AAAA,EACA,eAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;AAEO,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,WAAW;AAe1C,SAAS,aAAa,KAAA,EAAwB;AACnD,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AAEzB,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,aAAa,OAAA,EAAS;AACzD,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,aAAa,GAAA,EAAK;AACxB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,IAAI,IAAI,IAAA,KAAS,EAAA,IAAM,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1C,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,aAAa,EAAA,EAAI;AAC9C,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,cAAA,EAAgB,EAAE,CAAA,CAAE,KAAA,CAAM,MAAM,CAAA,CAAE,CAAC,CAAA;AAClE,IAAA,IAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC1B,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,GAAA,CAAI,QAAA,CAAS,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9B,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AASO,IAAM,2BAAA,GAA8B;AAcpC,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,EAAA,EAAIA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAG7B,UAAA,EAAY,eAAA;AAAA;AAAA,EAGZ,WAAWA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,IAAI,CAAA,CAAE,OAAO,YAAA,EAAc;AAAA,IAChD,OAAA,EACE;AAAA,GACH,CAAA;AAAA;AAAA,EAGD,WAAA,EAAaA,CAAAA,CACV,MAAA,EAAO,CACP,MAAM,uBAAA,EAAyB;AAAA,IAC9B,OAAA,EAAS;AAAA,GACV,EACA,QAAA;AACL,CAAC,EACA,MAAA;AAqBI,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC,EACA,MAAA;AAII,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,OAAOA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA;AAC7B,CAAC,EACA,MAAA;AAII,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAGlC,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGlC,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGtC,WAAA,EAAa,oBAAA;AAAA;AAAA,EAGb,iBAAA,EAAmB;AACrB,CAAC,EACA,MAAA;AAcI,SAAS,qBACd,IAAA,EACkE;AAClE,EAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,IAAI,CAAA;AAChD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAYO,SAAS,aACd,IAAA,EACgE;AAChE,EAAA,MAAM,MAAA,GAAS,gBAAA,CAAiB,SAAA,CAAU,IAAI,CAAA;AAC9C,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAAA,EAClD;AAGA,EAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,MAAA,CAAO,KAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AACvE,EAAA,MAAM,QAAA,GAAW,IAAI,IAAA,CAAK,MAAA,CAAO,KAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACrE,EAAA,IAAI,aAAa,QAAA,EAAU;AACzB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,qCAAA,EAAsC;AAAA,EACnE;AAGA,EAAA,MAAM,eAAA,GAAkB,GAAA,GAAM,MAAA,GAAS,EAAA,GAAK,KAAK,EAAA,GAAK,GAAA;AACtD,EAAA,IAAI,QAAA,GAAW,YAAY,eAAA,EAAiB;AAC1C,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,gDAAA,EAAiD;AAAA,EAC9E;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AACxC;AC1PO,IAAM,8BAAA,GAAiC;AAKvC,IAAM,oBAAoB,CAAC,QAAA,EAAU,QAAA,EAAU,SAAA,EAAW,WAAW,SAAS;AAE9E,IAAM,yBAAA,GAA4BA,CAAAA,CAAE,IAAA,CAAK,iBAAiB;AAQjE,IAAM,uBAAA,GAA0B,qCAAA;AAEzB,IAAM,mBAAA,GAAsBA,EAAE,MAAA,EAAO,CAAE,IAAI,GAAG,CAAA,CAAE,MAAM,uBAAA,EAAyB;AAAA,EACpF,OAAA,EACE;AACJ,CAAC;AAKM,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,KAAA,EAAO,yBAAA;AAAA;AAAA,EAGP,cAAA,EAAgB,mBAAA;AAAA;AAAA,EAGhB,SAAA,EAAWA,CAAAA,CACR,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,IAAI,CAAA,CACR,OAAO,CAAC,CAAA,KAAM,CAAA,CAAE,UAAA,CAAW,UAAU,CAAA,EAAG;AAAA,IACvC,OAAA,EAAS;AAAA,GACV,CAAA;AAAA;AAAA,EAGH,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,YAAA,EAAc,oBAAoB,QAAA;AACpC,CAAC,EACA,MAAA;AAOI,SAAS,wBACd,IAAA,EACqE;AACrE,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,IAAI,CAAA;AACnD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AChEO,IAAM,2BAAA,GAA8B;AAM3C,SAAS,qBAAqB,KAAA,EAAwB;AACpD,EAAA,IAAI,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,EAAG;AAC5B,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AACzB,IAAA,OAAO,IAAI,QAAA,KAAa,QAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAKO,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGlC,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,IAAI,CAAA,CAAE,OAAO,oBAAA,EAAsB;AAAA,IAC9D,OAAA,EAAS;AAAA,GACV,CAAA;AAAA;AAAA,EAGD,SAASA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,EAAE,EAAE,QAAA,EAAS;AAAA;AAAA,EAGrC,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,EAAE,CAAC,CAAA,CAAE,GAAA,CAAI,EAAE,EAAE,QAAA;AACpD,CAAC,EACA,MAAA;AAOI,SAAS,qBACd,IAAA,EACkE;AAClE,EAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,IAAI,CAAA;AAChD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;ACtDO,IAAM,4BAAA,GAA+B;AAKrC,IAAM,kBAAkB,CAAC,OAAA,EAAS,MAAA,EAAQ,UAAA,EAAY,YAAY,OAAO;AAEzE,IAAM,uBAAA,GAA0BA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAMtD,IAAM,gBAAA,GAAmB;AAAA,EAC9B,mBAAA;AAAA,EACA,eAAA;AAAA,EACA,mBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAEO,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAMpD,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,uBAAA;AAAA;AAAA,EAGR,OAAA,EAAS,oBAAA;AAAA;AAAA,EAGT,UAAUA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxC,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtC,YAAYA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG1C,WAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AACnC,CAAC,EACA,MAAA;AAOI,SAAS,sBACd,IAAA,EACmE;AACnE,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,IAAI,CAAA;AACjD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;ACxDO,IAAM,oBAAA,GAAuB;AAM7B,IAAM,kBAAA,GAAqB,CAAC,eAAA,EAAiB,aAAA,EAAe,aAAa,OAAO;AAEhF,IAAM,qBAAA,GAAwBA,CAAAA,CAAE,IAAA,CAAK,kBAAkB;AAMvD,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,gBAAA,EAAkB,qBAAA;AAAA;AAAA,EAGlB,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/C,UAAA,EAAYA,CAAAA,CACT,MAAA,EAAO,CACP,MAAM,uBAAA,EAAyB;AAAA,IAC9B,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA,EAGZ,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3C,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG7C,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AACpC,CAAC,EACA,MAAA;AAOI,SAAS,eACd,IAAA,EAC4D;AAC5D,EAAA,MAAM,MAAA,GAAS,YAAA,CAAa,SAAA,CAAU,IAAI,CAAA;AAC1C,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAAA,EAClD;AAGA,EAAA,IAAI,MAAA,CAAO,IAAA,CAAK,YAAA,IAAgB,MAAA,CAAO,KAAK,UAAA,EAAY;AACtD,IAAA,MAAM,cAAc,IAAI,IAAA,CAAK,OAAO,IAAA,CAAK,YAAY,EAAE,OAAA,EAAQ;AAC/D,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,OAAO,IAAA,CAAK,UAAU,EAAE,OAAA,EAAQ;AAC3D,IAAA,IAAI,cAAc,SAAA,EAAW;AAC3B,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,2CAAA,EAA4C;AAAA,IACzE;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AACxC;;;ACjDA,SAAS,eAAe,GAAA,EAAqB;AAC3C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,GAAA,CAAI,SAAS,CAAC,CAAA;AAC3C,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,MAAA,EAAQ,KAAK,CAAA,EAAG;AACtC,IAAA,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,UAAU,CAAA,EAAG,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,EACrD;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,MAAA,GAAS,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,EAC/C,CAAA,MAAO;AAEL,IAAA,MAAA,GAAS,IAAA,CAAK,MAAA,CAAO,YAAA,CAAa,GAAG,KAAK,CAAC,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACzE;AAMA,SAAS,eAAe,MAAA,EAAwB;AAE9C,EAAA,IAAI,MAAA,GAAS,OAAO,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAExD,EAAA,OAAO,MAAA,CAAO,MAAA,GAAS,CAAA,KAAM,CAAA,EAAG;AAC9B,IAAA,MAAA,IAAU,GAAA;AAAA,EACZ;AACA,EAAA,IAAI,KAAA;AACJ,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,IAAA,KAAA,GAAQ,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AAAA,EACtC,CAAA,MAAO;AACL,IAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,IAAA,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AACpC,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,MAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,IAChC;AAAA,EACF;AACA,EAAA,OAAO,MAAM,IAAA,CAAK,KAAK,CAAA,CACpB,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACZ;AAKA,IAAM,UAAA,GAAa,CAAC,QAAA,EAAU,aAAa,CAAA;AAC3C,IAAM,mBAAA,GAAsB,uCAAA;AAMrB,IAAM,0BAAA,GAA6B,EAAA;AAM1C,IAAM,iBAAA,GAAoB,kBAAA;AAWnB,SAAS,uBAAuB,CAAA,EAAwC;AAC7E,EAAA,IAAI,CAAA,CAAE,SAAS,0BAAA,EAA4B;AACzC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,KAAA,GAAQ,mBAAA,CAAoB,IAAA,CAAK,CAAC,CAAA;AACxC,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,GAAA,GAAM,MAAM,CAAC,CAAA;AACnB,EAAA,MAAM,GAAA,GAAM,MAAM,CAAC,CAAA;AACnB,EAAA,OAAO;AAAA,IACL,GAAA;AAAA,IACA,KAAA,EAAO,eAAe,GAAG;AAAA,GAC3B;AACF;AAWO,SAAS,uBAAuB,GAAA,EAA0C;AAC/E,EAAA,IAAI,CAAC,UAAA,CAAW,QAAA,CAAS,GAAA,CAAI,GAAkC,CAAA,EAAG;AAChE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,iBAAA,CAAkB,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,EAAG;AACtC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAI,KAAK,CAAA;AACpC,IAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAO,CAAA,EAAG,GAAA,CAAI,GAAG,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA;AAAA,EAC1B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;AC1HO,IAAM,cAAA,GAAiB;AAAA;AAAA,EAE5B,UAAA,EAAY,EAAA;AAAA;AAAA,EAEZ,qBAAA,EAAuB,EAAA;AAAA;AAAA,EAEvB,yBAAA,EAA2B,EAAA;AAAA;AAAA,EAE3B,sBAAA,EAAwB,EAAA;AAAA;AAAA,EAExB,oBAAA,EAAsB,GAAA;AAAA;AAAA,EAEtB,sBAAA,EAAwB,GAAA;AAAA;AAAA,EAExB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAEpB,2BAAA,EAA6B,GAAA;AAAA;AAAA,EAE7B,yBAAA,EAA2B;AAC7B;AAyBA,IAAM,UAAA,GAAa,0BAAA;AAOZ,IAAM,kBAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,YAAY,qBAAqB;AAmB1E,IAAM,iBAAA,GAAoBA,EAAE,IAAA,CAAK;AAAA,EACtC,qBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,aAAA,GAAgB;AAAA,EAC3B,qBAAA;AAAA,EACA,qBAAA;AAAA,EACA,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA,kBAAA;AAAA,EACA;AACF;AAcO,IAAM,uBAAA,GAA0BA,EAAE,IAAA,CAAK,CAAC,WAAW,aAAA,EAAe,UAAA,EAAY,QAAQ,CAAC;AAMvF,IAAM,oBAAA,GAAuB,CAAC,SAAA,EAAW,aAAA,EAAe,YAAY,QAAQ;AA+B5E,IAAM,wBAAA,GAA2BA,EAAE,IAAA,CAAK;AAAA;AAAA,EAE7C,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,gBAAA;AAAA,EACA,wBAAA;AAAA;AAAA,EAEA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EAEA,qBAAA;AAAA,EACA,gBAAA;AAAA,EACA,oBAAA;AAAA;AAAA,EAEA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,qBAAA,GAAwB;AAAA,EACnC,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,gBAAA;AAAA,EACA,wBAAA;AAAA,EACA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,qBAAA;AAAA,EACA,gBAAA;AAAA,EACA,oBAAA;AAAA,EACA,kBAAA;AAAA,EACA,gBAAA;AAAA,EACA;AACF;AAKO,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,wBAAA;AAAA;AAAA,EAEN,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,cAAA,CAAe,sBAAsB,EAAE,QAAA;AACjE,CAAC,EACA,MAAA;AAsBI,IAAM,kBAAA,GAAqBA,EAAE,IAAA,CAAK;AAAA,EACvC,OAAA;AAAA,EACA,cAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,cAAA,GAAiB;AAAA,EAC5B,OAAA;AAAA,EACA,cAAA;AAAA,EACA,cAAA;AAAA,EACA,WAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA,UAAA;AAAA,EACA;AACF;AAKO,IAAM,eAAA,GAA2C,CAAC,UAAA,EAAY,UAAA,EAAY,OAAO;AAQjF,IAAM,mBAAA,GAAqE;AAAA,EAChF,KAAA,EAAO,CAAC,cAAA,EAAgB,UAAU,CAAA;AAAA,EAClC,YAAA,EAAc,CAAC,cAAA,EAAgB,UAAU,CAAA;AAAA,EACzC,YAAA,EAAc,CAAC,UAAA,EAAY,WAAW,CAAA;AAAA,EACtC,SAAA,EAAW,CAAC,UAAU,CAAA;AAAA,EACtB,QAAA,EAAU,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,EAC9B,QAAA,EAAU,CAAC,UAAA,EAAY,OAAO,CAAA;AAAA,EAC9B,QAAA,EAAU,CAAC,cAAA,EAAgB,OAAO,CAAA;AAAA,EAClC,OAAO;AAAC;AACV;AASO,SAAS,eAAA,CAAgB,SAAuB,IAAA,EAA6B;AAClF,EAAA,OAAO,mBAAA,CAAoB,OAAO,CAAA,CAAE,QAAA,CAAS,IAAI,CAAA;AACnD;AAQO,SAAS,gBAAgB,KAAA,EAA8B;AAC5D,EAAA,OAAO,eAAA,CAAgB,SAAS,KAAK,CAAA;AACvC;AAQO,SAAS,oBAAoB,OAAA,EAAgD;AAClF,EAAA,OAAO,oBAAoB,OAAO,CAAA;AACpC;AAcO,IAAM,oBAAA,GAAuBA,EAAE,IAAA,CAAK,CAAC,UAAU,WAAA,EAAa,kBAAA,EAAoB,SAAS,CAAC;AAM1F,IAAM,gBAAA,GAAmB,CAAC,QAAA,EAAU,WAAA,EAAa,oBAAoB,SAAS;AAa9E,IAAM,qBAAA,GAAwBA,EAAE,IAAA,CAAK;AAAA,EAC1C,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,cAAA;AAAA,EACA,gBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF,CAAC;AAMM,IAAM,iBAAA,GAAoB;AAAA,EAC/B,uBAAA;AAAA,EACA,iBAAA;AAAA,EACA,iBAAA;AAAA,EACA,cAAA;AAAA,EACA,gBAAA;AAAA,EACA,WAAA;AAAA,EACA;AACF;AAKO,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,qBAAA;AAAA;AAAA,EAEN,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,2BAA2B,CAAA;AAAA;AAAA,EAEzE,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA;AAClC,CAAC,EACA,MAAA;AAQI,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,OAAA,EAAS,oBAAA;AAAA;AAAA,EAET,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAEtC,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,kBAAkB,CAAA;AAAA;AAAA,EAElE,WAAA,EAAa,kBAAkB,QAAA;AACjC,CAAC,EACA,MAAA;AAcI,IAAM,sBAAsBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,KAAA,EAAO,KAAK,CAAC;AAQ1D,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,mBAAA;AAAA;AAAA,EAER,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI;AACnC,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,SAAS,GAAA,KAAQ;AAC7B,EAAA,IAAI,OAAA,CAAQ,WAAW,OAAA,EAAS;AAE9B,IAAA,MAAM,UAAA,GAAa,4BAAA;AACnB,IAAA,IAAI,CAAC,UAAA,CAAW,IAAA,CAAK,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,sBAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF,CAAA,MAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,KAAA,EAAO;AAEnC,IAAA,IAAI,CAAC,OAAA,CAAQ,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA,EAAG;AACrC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,4BAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF,CAAA,MAAA,IAAW,OAAA,CAAQ,MAAA,KAAW,KAAA,EAAO;AAEnC,IAAA,IAAI;AACF,MAAA,IAAI,GAAA,CAAI,QAAQ,KAAK,CAAA;AAAA,IACvB,CAAA,CAAA,MAAQ;AACN,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,oBAAA;AAAA,QACT,IAAA,EAAM,CAAC,OAAO;AAAA,OACf,CAAA;AAAA,IACH;AAAA,EACF;AACF,CAAC;AAUI,IAAM,iBAAA,GAAoBA,EAC9B,MAAA,CAAO;AAAA;AAAA,EAEN,KAAKA,CAAAA,CAAE,MAAA,GAAS,GAAA,EAAI,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAE9B,YAAA,EAAc,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAEzC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA;AACnC,CAAC,EACA,MAAA;AAUH,IAAM,yBAAA,GAA4BA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAc,iBAAA;AAAA;AAAA,EAEd,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAEtC,WAAA,EAAa,uBAAA;AAAA;AAAA,EAEb,OAAA,EAASA,CAAAA,CAAE,KAAA,CAAM,oBAAoB,CAAA,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,UAAU,CAAA;AAAA;AAAA,EAE3E,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,cAAA,CAAe,oBAAoB,CAAA;AAAA;AAAA,EAEtE,mBAAA,EAAqBA,CAAAA,CAClB,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,IAAI,CAAC,CAAA,CAC1B,GAAA,CAAI,cAAA,CAAe,qBAAqB,EACxC,QAAA,EAAS;AAAA;AAAA,EAEZ,uBAAA,EAAyBA,CAAAA,CACtB,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,IAAI,CAAC,CAAA,CAC1B,GAAA,CAAI,cAAA,CAAe,yBAAyB,EAC5C,QAAA,EAAS;AAAA;AAAA,EAEZ,oBAAA,EAAsBA,EACnB,KAAA,CAAM,iBAAiB,EACvB,GAAA,CAAI,cAAA,CAAe,sBAAsB,CAAA,CACzC,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAAS,qBAAqB,QAAA,EAAS;AAAA;AAAA,EAEvC,KAAA,EAAO,kBAAA;AAAA;AAAA,EAEP,kBAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAEjD,cAAcA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAE5C,UAAA,EAAY,wBAAwB,QAAA,EAAS;AAAA;AAAA,EAE7C,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,QAAA;AACzD,CAAC,EACA,MAAA,EAAO;AAUH,IAAM,qBAAA,GAAwB,yBAAA,CAA0B,WAAA,CAAY,CAAC,UAAU,GAAA,KAAQ;AAC5F,EAAA,MAAM,cAAA,GAAiC,CAAC,UAAA,EAAY,UAAA,EAAY,OAAO,CAAA;AAGvE,EAAA,IAAI,eAAe,QAAA,CAAS,QAAA,CAAS,KAAK,CAAA,IAAK,CAAC,SAAS,UAAA,EAAY;AACnE,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,sCAAA,EAAyC,QAAA,CAAS,KAAK,CAAA,CAAA,CAAA;AAAA,MAChE,IAAA,EAAM,CAAC,YAAY;AAAA,KACpB,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,SAAS,UAAA,IAAc,CAAC,eAAe,QAAA,CAAS,QAAA,CAAS,KAAK,CAAA,EAAG;AACnE,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,+EAAA,EAAkF,QAAA,CAAS,KAAK,CAAA,CAAA,CAAA;AAAA,MACzG,IAAA,EAAM,CAAC,OAAO;AAAA,KACf,CAAA;AAAA,EACH;AAGA,EAAA,IACE,SAAS,YAAA,KAAiB,OAAA,IAC1B,SAAS,WAAA,CAAY,MAAA,GAAS,eAAe,yBAAA,EAC7C;AACA,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,sDAAA,EAAyD,cAAA,CAAe,yBAAyB,CAAA,WAAA,CAAA;AAAA,MAC1G,IAAA,EAAM,CAAC,aAAa;AAAA,KACrB,CAAA;AAAA,EACH;AACF,CAAC;AAUM,IAAM,YAAA,GAAe;AA0BrB,IAAM,wBAAA,GAA2BA,EACrC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,YAAY,CAAA;AAAA;AAAA,EAE5B,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,IAAI,CAAA;AAAA;AAAA,EAElC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAE3C,GAAA,EAAK,eAAA;AAAA;AAAA,EAEL,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AAuBI,SAAS,2BACd,IAAA,EACwE;AACxE,EAAA,MAAM,MAAA,GAAS,wBAAA,CAAyB,SAAA,CAAU,IAAI,CAAA;AACtD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,0BAA0B,IAAA,EAA2C;AACnF,EAAA,OAAO,wBAAA,CAAyB,SAAA,CAAU,IAAI,CAAA,CAAE,OAAA;AAClD;AAQO,SAAS,qBAAqB,WAAA,EAEC;AACpC,EAAA,OAAO,YAAY,IAAA,KAAS,YAAA;AAC9B;AAQO,SAAS,0BACd,IAAA,EACuE;AACvE,EAAA,MAAM,MAAA,GAAS,uBAAA,CAAwB,SAAA,CAAU,IAAI,CAAA;AACrD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,uBACd,IAAA,EACoE;AACpE,EAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,SAAA,CAAU,IAAI,CAAA;AAClD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAyDO,SAAS,yBACd,MAAA,EACoB;AACpB,EAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAEnC,EAAA,MAAM,QAAA,GAA4B;AAAA,IAChC,cAAc,MAAA,CAAO,YAAA;AAAA,IACrB,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,KAAA,EAAO;AAAA,GACT;AAEA,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,QAAA,CAAS,UAAU,MAAA,CAAO,OAAA;AAAA,EAC5B;AACA,EAAA,IAAI,OAAO,mBAAA,EAAqB;AAC9B,IAAA,QAAA,CAAS,sBAAsB,MAAA,CAAO,mBAAA;AAAA,EACxC;AACA,EAAA,IAAI,OAAO,uBAAA,EAAyB;AAClC,IAAA,QAAA,CAAS,0BAA0B,MAAA,CAAO,uBAAA;AAAA,EAC5C;AACA,EAAA,IAAI,OAAO,oBAAA,EAAsB;AAC/B,IAAA,QAAA,CAAS,uBAAuB,MAAA,CAAO,oBAAA;AAAA,EACzC;AACA,EAAA,IAAI,MAAA,CAAO,qBAAqB,MAAA,EAAW;AACzC,IAAA,QAAA,CAAS,mBAAmB,MAAA,CAAO,gBAAA;AAAA,EACrC;AAEA,EAAA,MAAM,WAAA,GAAkC;AAAA,IACtC,IAAA,EAAM,YAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,SAAA,EAAW,GAAA;AAAA,IACX,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ;AAAA,GACF;AAEA,EAAA,IAAI,OAAO,UAAA,EAAY;AACrB,IAAA,WAAA,CAAY,aAAa,MAAA,CAAO,UAAA;AAAA,EAClC;AAEA,EAAA,OAAO,WAAA;AACT;AAkCO,SAAS,sBAAA,CACd,OAAA,EACA,QAAA,EACA,MAAA,EACA,UAAA,EAOI;AACJ,EAAA,MAAM,YAAA,GAAe,QAAQ,QAAA,CAAS,KAAA;AAGtC,EAAA,IAAI,CAAC,eAAA,CAAgB,YAAA,EAAc,QAAQ,CAAA,EAAG;AAC5C,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,CAAA,yBAAA,EAA4B,YAAY,CAAA,MAAA,EAAS,QAAQ,CAAA,sBAAA,EAAyB,mBAAA,CAAoB,YAAY,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA,IAAK,MAAM,CAAA,CAAA;AAAA,MAC/I,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAGA,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,QAAQ,CAAA;AAEjD,EAAA,IAAI,gBAAA,IAAoB,CAAC,UAAA,EAAY;AACnC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,gEAAgE,QAAQ,CAAA,CAAA,CAAA;AAAA,MAC/E,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,oBAAoB,UAAA,EAAY;AACnC,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO,qDAAqD,QAAQ,CAAA,CAAA,CAAA;AAAA,MACpE,IAAA,EAAM;AAAA,KACR;AAAA,EACF;AAGA,EAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAGnC,EAAA,MAAM,EAAE,UAAA,EAAY,mBAAA,EAAqB,GAAG,yBAAA,KAA8B,OAAA,CAAQ,QAAA;AAGlF,EAAA,MAAM,eAAA,GAAmC;AAAA,IACvC,GAAG,yBAAA;AAAA,IACH,KAAA,EAAO,QAAA;AAAA,IACP,gBAAA,EAAkB;AAAA,GACpB;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,eAAA,CAAgB,YAAA,GAAe,MAAA;AAAA,EACjC;AAGA,EAAA,IAAI,oBAAoB,UAAA,EAAY;AAClC,IAAA,eAAA,CAAgB,UAAA,GAAa,UAAA;AAAA,EAC/B;AAEA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,KAAA,EAAO;AAAA,MACL,GAAG,OAAA;AAAA,MACH,QAAA,EAAU;AAAA;AACZ,GACF;AACF;AAaO,SAAS,gBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,IAAI,CAAC,YAAY,UAAA,EAAY;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,MAAM,YAAY,IAAI,IAAA,CAAK,WAAA,CAAY,UAAU,EAAE,OAAA,EAAQ;AAC3D,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,YAAY,GAAA,GAAM,SAAA;AAC3B;AASO,SAAS,oBAAA,CACd,WAAA,EACA,SAAA,GAAoB,GAAA,EACX;AACT,EAAA,MAAM,WAAW,IAAI,IAAA,CAAK,WAAA,CAAY,SAAS,EAAE,OAAA,EAAQ;AACzD,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,OAAO,WAAW,GAAA,GAAM,SAAA;AAC1B;ACv6BO,IAAM,sBAAA,GAAyB;AAK/B,IAAM,qBAAA,GAAwB;AAK9B,IAAM,iBAAA,GAAoB,CAAC,aAAA,EAAe,WAAA,EAAa,UAAU,WAAW;AAW5E,IAAM,qBAAA,GAAwB;AAAA,EACnC,KAAA;AAAA,EACA,KAAA;AAAA,EACA,QAAA;AAAA,EACA,WAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA;AAKO,IAAM,wBAAA,GAA2B;AASjC,IAAM,oBAAA,GAAuB,oBAAA;AAK7B,IAAM,eAAA,GAAkB;AAAA;AAAA,EAE7B,cAAA,EAAgB,EAAA;AAAA;AAAA,EAEhB,mBAAA,EAAqB,GAAA;AAAA;AAAA,EAErB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,kBAAA,EAAoB,EAAA;AAAA;AAAA,EAEpB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,cAAA,EAAgB,GAAA;AAAA;AAAA,EAEhB,qBAAA,EAAuB;AACzB;AAYO,IAAM,mBAAA,GAAsB;AAQ5B,IAAM,eAAA,GAAkB;AASxB,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA,CAAM,qBAAqB,sDAAsD,CAAA,CACjF,GAAA,CAAI,eAAA,CAAgB,mBAAmB;AAKnC,IAAM,YAAA,GAAeA,CAAAA,CACzB,MAAA,EAAO,CACP,KAAA,CAAM,iBAAiB,oDAAoD,CAAA,CAC3E,GAAA,CAAI,eAAA,CAAgB,eAAe;AAK/B,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,iBAAiB;AAWrD,IAAM,4BAAA,GAA+BA,CAAAA,CACzC,MAAA,EAAO,CACP,KAAA;AAAA,EACC,oBAAA;AAAA,EACA;AACF,CAAA,CACC,GAAA,CAAI,gBAAgB,kBAAkB;AAQlC,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA;AAAA,EAGN,WAAA,EAAa,gBAAA;AAAA;AAAA,EAGb,OAAA,EAAS,YAAA;AAAA;AAAA,EAGT,eAAA,EAAiBA,CAAAA,CAAE,KAAA,CAAM,YAAY,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,cAAc,CAAA,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA;AAAA;AAAA,EAIrF,iBAAiBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAG9C,0BAA0BA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA;AAAA,EAIvD,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA,EAGpD,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAIjD,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,eAAA,CAAgB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAGtE,SAAA,EAAW,6BAA6B,QAAA,EAAS;AAAA;AAAA;AAAA,EAIjD,mBAAmBA,CAAAA,CAChB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA;AACL,CAAC,EACA,MAAA;AAKI,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgB,YAAA;AAAA;AAAA,EAGhB,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,EAAE,CAAA;AAAA;AAAA,EAG7B,eAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,gBAAgB,qBAAqB;AACrE,CAAC,EACA,MAAA;AAQI,IAAM,6BAAA,GAAgCA,EAC1C,MAAA,CAAO;AAAA;AAAA,EAEN,WAAA,EAAa,gBAAA;AAAA;AAAA,EAGb,MAAA,EAAQ,oBAAA;AAAA;AAAA,EAGR,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGhC,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA;AAAA,EAI7C,YAAA,EAAcA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,QAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,cAAc,EAAE,QAAA,EAAS;AAAA;AAAA,EAGxF,qBAAqBA,CAAAA,CAClB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA,EAAS;AAAA;AAAA,EAGZ,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA;AAAA,EAIvD,eAAA,EAAiBA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAGnC,eAAA,EAAiBA,CAAAA,CAAE,KAAA,CAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,CAAC,CAAA,CAAE,GAAA,CAAI,eAAA,CAAgB,iBAAiB,CAAA;AAAA;AAAA;AAAA,EAInF,mBAAmBA,CAAAA,CAChB,MAAA,GACA,KAAA,CAAM,uBAAuB,EAC7B,QAAA,EAAS;AAAA;AAAA,EAGZ,aAAA,EAAe,2BAA2B,QAAA;AAC5C,CAAC,CAAA,CACA,QAAO,CACP,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,OAAO,IAAA,CAAK,YAAA,KAAiB,MAAA,IAAa,IAAA,CAAK,mBAAA,KAAwB,MAAA;AAAA,EACzE,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb,CAAA,CACC,MAAA;AAAA,EACC,CAAC,IAAA,KAAS;AAER,IAAA,IAAI,IAAA,CAAK,mBAAA,KAAwB,MAAA,IAAa,IAAA,CAAK,kBAAkB,MAAA,EAAW;AAC9E,MAAA,OAAO,KAAA;AAAA,IACT;AACA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAOK,IAAM,gCAAA,GAAmCA,EAC7C,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,CAAAA,CAAE,OAAA,CAAQ,qBAAqB,CAAA;AAAA;AAAA,EAGrC,QAAQA,CAAAA,CAAE,MAAA,GAAS,GAAA,EAAI,CAAE,WAAW,UAAU,CAAA;AAAA;AAAA,EAG9C,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAG/B,YAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG3C,QAAA,EAAU;AACZ,CAAC,EACA,MAAA;AA6CI,SAAS,+BAA+B,KAAA,EAA0C;AACvF,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,IACE,OAAO,GAAA,CAAI,WAAA,KAAgB,QAAA,IAC3B,CAAC,mBAAA,CAAoB,IAAA,CAAK,GAAA,CAAI,WAAW,CAAA,IACzC,GAAA,CAAI,WAAA,CAAY,MAAA,GAAS,gBAAgB,mBAAA,EACzC;AACA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,uBAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IACE,OAAO,GAAA,CAAI,OAAA,KAAY,QAAA,IACvB,CAAC,eAAA,CAAgB,IAAA,CAAK,GAAA,CAAI,OAAO,CAAA,IACjC,GAAA,CAAI,OAAA,CAAQ,MAAA,GAAS,gBAAgB,eAAA,EACrC;AACA,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,MAAM,gBAAgB,GAAA,CAAI,eAAA;AAC1B,EAAA,IAAI,MAAM,OAAA,CAAQ,aAAa,KAAK,aAAA,CAAc,MAAA,GAAS,gBAAgB,cAAA,EAAgB;AACzF,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,2BAAA;AAAA,MACZ,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,cAAc,MAAA,EAAW;AAC/B,IAAA,IACE,OAAO,GAAA,CAAI,SAAA,KAAc,QAAA,IACzB,CAAC,oBAAA,CAAqB,IAAA,CAAK,GAAA,CAAI,SAAS,CAAA,IACxC,GAAA,CAAI,SAAA,CAAU,MAAA,GAAS,gBAAgB,kBAAA,EACvC;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,4BAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,GAAA,CAAI,sBAAsB,MAAA,EAAW;AACvC,IAAA,IACE,OAAO,IAAI,iBAAA,KAAsB,QAAA,IACjC,CAAC,uBAAA,CAAwB,IAAA,CAAK,GAAA,CAAI,iBAAiB,CAAA,EACnD;AACA,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,4BAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,aAAa,CAAA,EAAG;AAChC,IAAA,IAAI,aAAA,CAAc,QAAA,CAAS,GAAA,CAAI,OAAO,CAAA,EAAG;AACvC,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,wBAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AACA,IAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,aAAa,CAAA;AAC3C,IAAA,IAAI,aAAA,CAAc,IAAA,KAAS,aAAA,CAAc,MAAA,EAAQ;AAC/C,MAAA,OAAO;AAAA,QACL,KAAA,EAAO,KAAA;AAAA,QACP,UAAA,EAAY,wBAAA;AAAA,QACZ,KAAA,EAAO;AAAA,OACT;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,qBAAA,CAAsB,SAAA,CAAU,KAAK,CAAA;AACpD,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,UAAA,EAAY,4BAAA;AAAA,MACZ,OAAO,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,GAAG,OAAA,IAAW;AAAA,KAC5C;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAC3C;AAYO,SAAS,iBAAiB,EAAA,EAAwB;AACvD,EAAA,MAAM,UAAA,GAAa,MAAM,EAAE,CAAA,CAAA;AAC3B,EAAA,OAAO,gBAAA,CAAiB,MAAM,UAAU,CAAA;AAC1C;AAQO,SAAS,aAAa,EAAA,EAAoB;AAC/C,EAAA,MAAM,MAAA,GAAS,QAAQ,EAAE,CAAA,CAAA;AACzB,EAAA,OAAO,YAAA,CAAa,MAAM,MAAM,CAAA;AAClC;AASO,SAAS,wBAAwB,OAAA,EAAmC;AACzE,EAAA,OAAO,qBAAA,CAAsB,MAAM,OAAO,CAAA;AAC5C;AAQO,SAAS,uBAAuB,OAAA,EAA8C;AACnF,EAAA,OAAO,qBAAA,CAAsB,SAAA,CAAU,OAAO,CAAA,CAAE,OAAA;AAClD;AASO,SAAS,mCACd,WAAA,EAC4B;AAC5B,EAAA,OAAO,gCAAA,CAAiC,MAAM,WAAW,CAAA;AAC3D;AAQO,SAAS,6BACd,WAAA,EAC2C;AAC3C,EAAA,OAAO,gCAAA,CAAiC,SAAA,CAAU,WAAW,CAAA,CAAE,OAAA;AACjE;AAQO,SAAS,yBAAyB,MAAA,EAAiC;AACxE,EAAA,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,WAAA;AACrE;AAQO,SAAS,qBAAqB,OAAA,EAAmC;AAEtE,EAAA,IAAI,OAAA,CAAQ,eAAA,CAAgB,QAAA,CAAS,OAAA,CAAQ,OAAO,CAAA,EAAG;AACrD,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,OAAA,CAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,aAAA,CAAc,IAAA,KAAS,OAAA,CAAQ,eAAA,CAAgB,MAAA,EAAQ;AACzD,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA;AACT;AAQO,SAAS,sBAAsB,MAAA,EAWlB;AAClB,EAAA,MAAM,OAAA,GAA2B;AAAA,IAC/B,aAAa,MAAA,CAAO,WAAA;AAAA,IACpB,SAAS,MAAA,CAAO,OAAA;AAAA,IAChB,eAAA,EAAkB,MAAA,CAAO,eAAA,IAAmB,EAAC;AAAA,IAC7C,GAAI,MAAA,CAAO,eAAA,IAAmB,EAAE,eAAA,EAAiB,OAAO,eAAA,EAAgB;AAAA,IACxE,GAAI,OAAO,wBAAA,IAA4B;AAAA,MACrC,0BAA0B,MAAA,CAAO;AAAA,KACnC;AAAA,IACA,GAAI,MAAA,CAAO,UAAA,KAAe,UAAa,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACvE,GAAI,MAAA,CAAO,UAAA,KAAe,UAAa,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACvE,GAAI,MAAA,CAAO,SAAA,IAAa,EAAE,SAAA,EAAW,OAAO,SAAA,EAAU;AAAA,IACtD,GAAI,MAAA,CAAO,SAAA,IAAa,EAAE,SAAA,EAAW,OAAO,SAAA,EAAU;AAAA,IACtD,GAAI,MAAA,CAAO,iBAAA,IAAqB,EAAE,iBAAA,EAAmB,OAAO,iBAAA;AAAkB,GAChF;AAGA,EAAA,MAAM,SAAA,GAAY,wBAAwB,OAAO,CAAA;AAGjD,EAAA,IAAI,CAAC,oBAAA,CAAqB,SAAS,CAAA,EAAG;AACpC,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,SAAA;AACT;AA4BO,SAAS,iCACd,MAAA,EAC4B;AAC5B,EAAA,MAAM,WAAA,GAA0C;AAAA,IAC9C,IAAA,EAAM,qBAAA;AAAA,IACN,QAAQ,MAAA,CAAO,MAAA;AAAA,IACf,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,GAAI,MAAA,CAAO,UAAA,IAAc,EAAE,UAAA,EAAY,OAAO,UAAA,EAAW;AAAA,IACzD,QAAA,EAAU;AAAA,MACR,aAAa,MAAA,CAAO,WAAA;AAAA,MACpB,QAAQ,MAAA,CAAO,MAAA;AAAA,MACf,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,MAC/D,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,MAC/D,GAAI,MAAA,CAAO,mBAAA,IAAuB,EAAE,mBAAA,EAAqB,OAAO,mBAAA,EAAoB;AAAA,MACpF,GAAI,MAAA,CAAO,aAAA,KAAkB,UAAa,EAAE,aAAA,EAAe,OAAO,aAAA,EAAc;AAAA,MAChF,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,GAAI,MAAA,CAAO,iBAAA,IAAqB,EAAE,iBAAA,EAAmB,OAAO,iBAAA,EAAkB;AAAA,MAC9E,GAAI,MAAA,CAAO,aAAA,IAAiB,EAAE,aAAA,EAAe,OAAO,aAAA;AAAc;AACpE,GACF;AAEA,EAAA,OAAO,mCAAmC,WAAW,CAAA;AACvD;ACznBO,IAAM,yBAAA,GAA4B;AAQlC,IAAM,qBAAA,GAAwB;AAAA,EACnC,SAAA;AAAA;AAAA,EACA,mBAAA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,IAAM,qBAAA,GAAwB;AAAA,EACnC,CAAA,EAAG,IAAA;AAAA;AAAA,EACH,GAAG,IAAA,GAAO,IAAA;AAAA;AAAA,EACV,WAAA,EAAa,KAAA;AAAA;AAAA,EACb,UAAA,EAAY;AAAA;AACd;AAKO,IAAM,eAAA,GAAkB,CAAC,IAAA,EAAM,OAAA,EAAS,WAAW,UAAU;AAK7D,IAAM,eAAA,GAAkB,CAAC,WAAA,EAAa,UAAA,EAAY,uBAAuB;AAKzE,IAAM,gBAAA,GAAmB,CAAC,OAAA,EAAS,MAAA,EAAQ,aAAa;AAWxD,IAAM,gBAAA,GAAmB;AAAA,EAC9B,WAAA;AAAA,EACA,cAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAQO,IAAM,sBAAA,GAAyB,CAAC,OAAA,EAAS,mBAAmB;AAK5D,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,sBAAA,EAAwB,GAAA;AAAA;AAAA,EAExB,aAAA,EAAe,GAAA;AAAA;AAAA,EAEf,iBAAA,EAAmB,EAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,EAAA;AAAA;AAAA,EAElB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAEnB,YAAA,EAAc,IAAA;AAAA;AAAA,EAEd,eAAA,EAAiB,EAAA;AAAA;AAAA,EAEjB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAEpB,yBAAA,EAA2B,GAAA;AAAA;AAAA,EAE3B,mBAAA,EAAqB;AACvB;AASA,SAAS,aAAa,IAAA,EAAuB;AAC3C,EAAA,OAAO,IAAA,CAAK,WAAW,OAAO,CAAA;AAChC;AAKA,SAAS,iBAAiB,IAAA,EAAuB;AAC/C,EAAA,OAAO,KAAK,UAAA,CAAW,OAAO,CAAA,IAAK,IAAA,CAAK,WAAW,KAAK,CAAA;AAC1D;AAKA,SAAS,mBAAmB,IAAA,EAAuB;AACjD,EAAA,OAAO,uBAAuB,IAAA,CAAK,CAAC,WAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAA;AACxE;AAMA,SAAS,sBAAsB,QAAA,EAAwD;AACrF,EAAA,IAAI,CAAC,UAAU,OAAO,KAAA;AACtB,EAAA,IAAI,OAAO,SAAS,GAAA,KAAQ,QAAA,IAAY,SAAS,GAAA,CAAI,MAAA,GAAS,GAAG,OAAO,IAAA;AACxE,EAAA,OAAO,KAAA;AACT;AAeO,IAAM,mBAAA,GAAsB;AAa5B,IAAM,qBAAA,GACX;AAKK,IAAM,oBAAA,GAAuB;AAS7B,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,qBAAqB;AAKpD,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAK,eAAA;AAAA;AAAA,EAEL,OAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAA,CAAM,sBAAsB,gCAAgC,CAAA;AAAA;AAAA,EAE9E,OAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA;AAC1B,CAAC,EACA,MAAA;AAKI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,YAAA;AAAA;AAAA,EAER,SAAA,EAAWA,CAAAA,CAAE,IAAA,CAAK,eAAe;AACnC,CAAC,EACA,MAAA;AAKI,IAAM,cAAA,GAAiBA,EAC3B,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,iBAAiB,CAAA;AAAA;AAAA,EAEpE,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEtE,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzE,aAAA,EAAe,aAAa,QAAA;AAC9B,CAAC,EACA,MAAA;AAKI,IAAM,gBAAA,GAAmBA,EAC7B,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,iBAAiB,CAAA;AAAA;AAAA,EAEhE,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAExE,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA;AAC/D,CAAC,EACA,MAAA;AAKI,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,YAAY,EAAE,QAAA,EAAS;AAAA;AAAA,EAE9D,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,eAAe,EAAE,QAAA;AAC7D,CAAC,EACA,MAAA;AAKI,IAAM,YAAA,GAAeA,EACzB,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,eAAe,CAAA;AAAA;AAAA,EAE9B,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,kBAAkB,EAAE,QAAA,EAAS;AAAA;AAAA,EAE3E,SAAA,EAAWA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACzB,CAAC,EACA,MAAA;AAKI,IAAM,mBAAA,GAAsBA,EAChC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,CAAAA,CAAE,IAAA,CAAK,gBAAgB,CAAA;AAAA;AAAA,EAEjC,eAAA,EAAiBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAEtC,QAAA,EAAUA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,uBAAA,EAAyB,aAAa,QAAA;AACxC,CAAC,EACA,MAAA;AAKI,IAAM,UAAA,GAAaA,EACvB,MAAA,CAAO;AAAA;AAAA,EAEN,iBAAA,EAAmBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,yBAAyB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzF,mBAAA,EAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,mBAAmB,EAAE,QAAA;AAC9E,CAAC,EACA,MAAA;AAKI,IAAM,UAAA,GAAaA,CAAAA,CACvB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA,CACpC,KAAA,CAAM,qBAAqB,qBAAqB;AAKnD,IAAM,gCAAA,GAAmCA,EACtC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,sBAAsB,CAAA;AAAA;AAAA,EAG/E,IAAA,EAAM,UAAA;AAAA;AAAA,EAGN,QAAA,EAAU,cAAA;AAAA;AAAA,EAGV,IAAA,EAAM,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGhC,QAAA,EAAU,qBAAqB,QAAA,EAAS;AAAA;AAAA,EAGxC,KAAA,EAAO,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGjC,MAAA,EAAQ,iBAAiB,QAAA,EAAS;AAAA;AAAA,EAGlC,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAGhC,cAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA;AAAA,EAG7C,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,WAAA,GAAc,QAAA,EAAS;AAAA;AAAA,EAGrD,MAAA,EAAQ,aAAa,QAAA,EAAS;AAAA;AAAA,EAG9B,MAAA,EAAQ,oBAAoB,QAAA,EAAS;AAAA;AAAA,EAGrC,IAAA,EAAM,WAAW,QAAA,EAAS;AAAA;AAAA,EAG1B,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAChD,CAAC,EACA,MAAA,EAAO;AASH,IAAM,+BAA+B,gCAAA,CAAiC,WAAA;AAAA,EAC3E,CAAC,IAAI,GAAA,KAAQ;AAEX,IAAA,IAAI,EAAA,CAAG,YAAA,IAAgB,EAAA,CAAG,UAAA,EAAY;AACpC,MAAA,MAAM,YAAY,IAAI,IAAA,CAAK,EAAA,CAAG,UAAU,EAAE,OAAA,EAAQ;AAClD,MAAA,MAAM,cAAc,IAAI,IAAA,CAAK,EAAA,CAAG,YAAY,EAAE,OAAA,EAAQ;AACtD,MAAA,IAAI,cAAc,SAAA,EAAW;AAC3B,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,oCAAA;AAAA,UACT,IAAA,EAAM,CAAC,cAAc;AAAA,SACtB,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,EAAA,CAAG,MAAA,IAAU,CAAC,EAAA,CAAG,QAAQ,MAAA,EAAQ;AACnC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,kDAAA;AAAA,QACT,IAAA,EAAM,CAAC,QAAQ;AAAA,OAChB,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,EAAA,CAAG,MAAA,EAAQ,MAAA,KAAW,OAAA,EAAS;AACjC,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,EAAA,CAAG,MAAA,CAAO,UAAU,CAAA;AACjD,MAAA,MAAM,qBAAA,GACJ,GAAG,UAAA,KAAe,MAAA,IAAa,OAAO,IAAA,CAAK,EAAA,CAAG,UAAU,CAAA,CAAE,MAAA,GAAS,CAAA;AACrE,MAAA,IAAI,CAAC,YAAA,IAAgB,CAAC,qBAAA,EAAuB;AAC3C,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,kEAAA;AAAA,UACT,IAAA,EAAM,CAAC,QAAA,EAAU,YAAY;AAAA,SAC9B,CAAA;AAAA,MACH;AAAA,IACF;AAGA,IAAA,IAAI,GAAG,UAAA,EAAY;AACjB,MAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,EAAA,CAAG,UAAU,CAAA,EAAG;AAC5C,QAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,GAAG,CAAA,EAAG;AACpC,UAAA,GAAA,CAAI,QAAA,CAAS;AAAA,YACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,YACrB,OAAA,EAAS,iCAAiC,GAAG,CAAA,qCAAA,CAAA;AAAA,YAC7C,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,WACzB,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAIA,IAAA,IACE,kBAAA,CAAmB,GAAG,IAAI,CAAA,IAC1B,CAAC,gBAAA,CAAiB,QAAA,CAAS,EAAA,CAAG,IAAyC,CAAA,EACvE;AACA,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,sBAAA,CAAA;AAAA,QACzB,IAAA,EAAM,CAAC,MAAM;AAAA,OACd,CAAA;AAAA,IACH;AAIA,IAAA,IAAI,aAAa,EAAA,CAAG,IAAI,CAAA,IAAK,CAAC,GAAG,IAAA,EAAM;AACrC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,QACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,qBAAA,CAAA;AAAA,QACzB,IAAA,EAAM,CAAC,MAAM;AAAA,OACd,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,gBAAA,CAAiB,EAAA,CAAG,IAAI,CAAA,EAAG;AAC7B,MAAA,IAAI,CAAC,GAAG,QAAA,EAAU;AAChB,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,yBAAA,CAAA;AAAA,UACzB,IAAA,EAAM,CAAC,UAAU;AAAA,SAClB,CAAA;AAAA,MACH,CAAA,MAAA,IAAW,CAAC,qBAAA,CAAsB,EAAA,CAAG,QAAmC,CAAA,EAAG;AACzE,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,UACrB,OAAA,EAAS,CAAA,MAAA,EAAS,EAAA,CAAG,IAAI,CAAA,uCAAA,CAAA;AAAA,UACzB,IAAA,EAAM,CAAC,UAAA,EAAY,KAAK;AAAA,SACzB,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAkFO,SAAS,2BAA2B,KAAA,EAA6C;AACtF,EAAA,MAAM,SAA4B,EAAC;AACnC,EAAA,MAAM,WAAgC,EAAC;AAGvC,EAAA,IAAI,OAAO,UAAU,QAAA,IAAY,KAAA,KAAU,QAAQ,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AACvE,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ;AAAA,QACN;AAAA,UACE,IAAA,EAAM,8BAAA;AAAA,UACN,OAAA,EAAS;AAAA;AACX,OACF;AAAA,MACA,UAAU;AAAC,KACb;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,IAAI,OAAO,GAAA,CAAI,cAAA,KAAmB,YAAY,GAAA,CAAI,cAAA,CAAe,WAAW,CAAA,EAAG;AAC7E,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,0BAAA;AAAA,MACN,OAAA,EAAS,4BAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAA,IAAW,GAAA,CAAI,cAAA,CAAe,MAAA,GAAS,mBAAmB,sBAAA,EAAwB;AAChF,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,CAAA,mCAAA,EAAsC,kBAAA,CAAmB,sBAAsB,CAAA,CAAA,CAAA;AAAA,MACxF,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAIA,EAAA,IAAI,OAAO,GAAA,CAAI,IAAA,KAAS,YAAY,GAAA,CAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACzD,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,4BAAA;AAAA,MACN,OAAA,EAAS,kBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAA,IAAW,IAAI,IAAA,CAAK,MAAA,GAAS,KAAK,GAAA,CAAI,IAAA,CAAK,MAAA,GAAS,kBAAA,CAAmB,aAAA,EAAe;AACpF,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,mCAAA;AAAA,MACN,OAAA,EAAS,CAAA,eAAA,EAAkB,kBAAA,CAAmB,aAAa,CAAA,WAAA,CAAA;AAAA,MAC3D,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,WAAW,CAAC,mBAAA,CAAoB,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,mCAAA;AAAA,MACN,OAAA,EAAS,8EAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AAEL,IAAA,KAAA,MAAW,UAAU,sBAAA,EAAwB;AAC3C,MAAA,IAAI,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA,IAAK,CAAC,gBAAA,CAAiB,QAAA,CAAS,GAAA,CAAI,IAAa,CAAA,EAAG;AAChF,QAAA,MAAA,CAAO,IAAA,CAAK;AAAA,UACV,IAAA,EAAM,6BAAA;AAAA,UACN,OAAA,EAAS,CAAA,MAAA,EAAS,GAAA,CAAI,IAAI,2BAA2B,MAAM,CAAA,CAAA,CAAA;AAAA,UAC3D,KAAA,EAAO;AAAA,SACR,CAAA;AACD,QAAA;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IACE,MAAA,CAAO,WAAW,CAAA,IAClB,CAAC,iBAAiB,QAAA,CAAS,GAAA,CAAI,IAAyC,CAAA,EACxE;AACA,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,IAAA,EAAM,iCAAA;AAAA,QACN,OAAA,EAAS,CAAA,MAAA,EAAS,GAAA,CAAI,IAAI,CAAA,mCAAA,CAAA;AAAA,QAC1B,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAKA,EAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,EAAU;AACtC,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,kCAAA;AAAA,MACN,OAAA,EAAS,wBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AACL,IAAA,MAAM,aAAA,GAAgB,IAAI,IAAA,CAAK,GAAA,CAAI,UAAU,CAAA;AAC7C,IAAA,IAAI,KAAA,CAAM,aAAA,CAAc,OAAA,EAAS,CAAA,EAAG;AAClC,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,kCAAA;AAAA,QACN,OAAA,EAAS,8CAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,CAAI,QAAA,KAAa,QAAA,IAAY,GAAA,CAAI,aAAa,IAAA,EAAM;AAC7D,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,gCAAA;AAAA,MACN,OAAA,EAAS,sBAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH,CAAA,MAAO;AACL,IAAA,MAAM,WAAW,GAAA,CAAI,QAAA;AACrB,IAAA,IAAI,OAAO,QAAA,CAAS,QAAA,KAAa,YAAY,QAAA,CAAS,QAAA,CAAS,WAAW,CAAA,EAAG;AAC3E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,gCAAA;AAAA,QACN,OAAA,EAAS,+BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAA,IAAW,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,mBAAmB,iBAAA,EAAmB;AAC1E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,CAAA,sCAAA,EAAyC,kBAAA,CAAmB,iBAAiB,CAAA,CAAA,CAAA;AAAA,QACtF,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAS;AAAA,EAC1C;AAGA,EAAA,MAAM,cAAA,GAAiB,CACrB,MAAA,EACA,SAAA,KACkD;AAClD,IAAA,MAAM,eAAkC,EAAC;AACzC,IAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,KAAW,IAAA,EAAM;AACjD,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,0BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AACD,MAAA,OAAO,EAAE,MAAA,EAAQ,YAAA,EAAc,KAAA,EAAO,KAAA,EAAM;AAAA,IAC9C;AACA,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,IAAI,CAAC,qBAAA,CAAsB,QAAA,CAAS,CAAA,CAAE,GAAgB,CAAA,EAAG;AACvD,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,kCAAA;AAAA,QACN,OAAA,EAAS,CAAA,2BAAA,EAA8B,qBAAA,CAAsB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,QACvE,KAAA,EAAO,GAAG,SAAS,CAAA,IAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,IAAI,OAAO,EAAE,KAAA,KAAU,QAAA,IAAY,CAAC,oBAAA,CAAqB,IAAA,CAAK,CAAA,CAAE,KAAK,CAAA,EAAG;AACtE,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,6CAAA;AAAA,QACT,KAAA,EAAO,GAAG,SAAS,CAAA,MAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,IAAI,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,IAAY,CAAC,MAAA,CAAO,SAAA,CAAU,CAAA,CAAE,KAAK,CAAA,IAAK,CAAA,CAAE,KAAA,GAAQ,CAAA,EAAG;AAC5E,MAAA,YAAA,CAAa,IAAA,CAAK;AAAA,QAChB,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,6CAAA;AAAA,QACT,KAAA,EAAO,GAAG,SAAS,CAAA,MAAA;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,YAAA,EAAc,KAAA,EAAO,YAAA,CAAa,WAAW,CAAA,EAAE;AAAA,EAClE,CAAA;AAGA,EAAA,IAAI,GAAA,CAAI,UAAU,MAAA,EAAW;AAC3B,IAAA,MAAM,WAAW,GAAA,CAAI,KAAA;AACrB,IAAA,IAAI,QAAA,CAAS,WAAW,MAAA,EAAW;AACjC,MAAA,MAAM,MAAA,GAAS,cAAA,CAAe,QAAA,CAAS,MAAA,EAAQ,cAAc,CAAA;AAC7D,MAAA,MAAA,CAAO,IAAA,CAAK,GAAG,MAAA,CAAO,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,YAAY,GAAA,CAAI,MAAA;AACtB,IAAA,IAAI,SAAA,CAAU,WAAW,MAAA,EAAW;AAClC,MAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,MAAA,EAAQ,eAAe,CAAA;AAC/D,MAAA,MAAA,CAAO,IAAA,CAAK,GAAG,MAAA,CAAO,MAAM,CAAA;AAAA,IAC9B;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,GAAA,CAAI,YAAA,KAAiB,YAAY,OAAO,GAAA,CAAI,eAAe,QAAA,EAAU;AAC9E,IAAA,MAAM,YAAY,IAAI,IAAA,CAAK,GAAA,CAAI,UAAU,EAAE,OAAA,EAAQ;AACnD,IAAA,MAAM,cAAc,IAAI,IAAA,CAAK,GAAA,CAAI,YAAY,EAAE,OAAA,EAAQ;AACvD,IAAA,IAAI,CAAC,MAAM,SAAS,CAAA,IAAK,CAAC,KAAA,CAAM,WAAW,CAAA,IAAK,WAAA,GAAc,SAAA,EAAW;AACvE,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,oCAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,IAAA,IAAI,CAAC,QAAQ,MAAA,EAAQ;AACnB,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,kDAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAIA,EAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW;AAC5B,IAAA,MAAM,SAAS,GAAA,CAAI,MAAA;AACnB,IAAA,IAAI,MAAA,CAAO,WAAW,OAAA,EAAS;AAC7B,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,MAAA,CAAO,UAAU,CAAA;AAC9C,MAAA,MAAM,wBACJ,GAAA,CAAI,UAAA,KAAe,MAAA,IACnB,OAAO,IAAI,UAAA,KAAe,QAAA,IAC1B,GAAA,CAAI,UAAA,KAAe,QACnB,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,UAAoB,EAAE,MAAA,GAAS,CAAA;AACjD,MAAA,IAAI,CAAC,YAAA,IAAgB,CAAC,qBAAA,EAAuB;AAC3C,QAAA,MAAA,CAAO,IAAA,CAAK;AAAA,UACV,IAAA,EAAM,oCAAA;AAAA,UACN,OAAA,EAAS,yEAAA;AAAA,UACT,KAAA,EAAO;AAAA,SACR,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,EAAA,IAAI,GAAA,CAAI,eAAe,MAAA,EAAW;AAChC,IAAA,IAAI,OAAO,GAAA,CAAI,UAAA,KAAe,QAAA,IAAY,GAAA,CAAI,eAAe,IAAA,EAAM;AACjE,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,8BAAA;AAAA,QACT,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAO;AACL,MAAA,KAAA,MAAW,GAAA,IAAO,MAAA,CAAO,IAAA,CAAK,GAAA,CAAI,UAAoB,CAAA,EAAG;AACvD,QAAA,IAAI,CAAC,qBAAA,CAAsB,IAAA,CAAK,GAAG,CAAA,EAAG;AACpC,UAAA,MAAA,CAAO,IAAA,CAAK;AAAA,YACV,IAAA,EAAM,qCAAA;AAAA,YACN,OAAA,EAAS,kCAAkC,GAAG,CAAA,sCAAA,CAAA;AAAA,YAC9C,KAAA,EAAO,cAAc,GAAG,CAAA;AAAA,WACzB,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,EAAA,MAAM,OAAA,GAAU,IAAI,IAAA,KAAS,MAAA;AAC7B,EAAA,MAAM,WAAA,GAAc,IAAI,QAAA,KAAa,MAAA;AAGrC,EAAA,IAAI,YAAA,CAAa,IAAI,CAAA,IAAK,CAAC,OAAA,EAAS;AAClC,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,SAAS,IAAI,CAAA,qBAAA,CAAA;AAAA,MACtB,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,gBAAA,CAAiB,IAAI,CAAA,EAAG;AAC1B,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,SAAS,IAAI,CAAA,yBAAA,CAAA;AAAA,QACtB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH,CAAA,MAAA,IAAW,CAAC,qBAAA,CAAsB,GAAA,CAAI,QAAmC,CAAA,EAAG;AAC1E,MAAA,MAAA,CAAO,IAAA,CAAK;AAAA,QACV,IAAA,EAAM,8BAAA;AAAA,QACN,OAAA,EAAS,SAAS,IAAI,CAAA,uCAAA,CAAA;AAAA,QACtB,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,IACH;AAAA,EACF;AAGA,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,MAAA,CAAO,WAAW,CAAA,EAAG;AACnD,IAAA,QAAA,CAAS,IAAA,CAAK;AAAA,MACZ,IAAA,EAAM,8BAAA;AAAA,MACN,OAAA,EAAS,4CAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACR,CAAA;AAAA,EACH;AAGA,EAAA,IAAI,MAAA,CAAO,SAAS,CAAA,EAAG;AACrB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,QAAA,EAAS;AAAA,EAC1C;AAGA,EAAA,MAAM,SAAA,GAAY,4BAAA,CAA6B,SAAA,CAAU,KAAK,CAAA;AAC9D,EAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,IAAA,OAAO;AAAA,MACL,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ;AAAA,QACN;AAAA,UACE,IAAA,EAAM,8BAAA;AAAA,UACN,SAAS,SAAA,CAAU,KAAA,CAAM,MAAA,CAAO,CAAC,GAAG,OAAA,IAAW,0BAAA;AAAA,UAC/C,KAAA,EAAO,UAAU,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,EAAG,IAAA,CAAK,KAAK,GAAG;AAAA;AACjD,OACF;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,KAAA,EAAO,SAAA,CAAU,MAAM,QAAA,EAAS;AACxD;AA6CO,SAAS,oBAAoB,KAAA,EAAwC;AAC1E,EAAA,MAAM,MAAA,GAAS,2BAA2B,KAAK,CAAA;AAC/C,EAAA,IAAI,OAAO,KAAA,EAAO;AAChB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA;AAClC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,YAAY,UAAA,EAAY,IAAA;AAAA,IACxB,aAAa,UAAA,EAAY;AAAA,GAC3B;AACF;AASO,SAAS,4BAA4B,QAAA,EAA2C;AACrF,EAAA,OAAO,4BAAA,CAA6B,MAAM,QAAQ,CAAA;AACpD;AAQO,SAAS,2BAA2B,QAAA,EAAuD;AAChG,EAAA,OAAO,4BAAA,CAA6B,SAAA,CAAU,QAAQ,CAAA,CAAE,OAAA;AAC1D;AAQO,SAAS,gBAAgB,IAAA,EAAyD;AACvF,EAAA,OAAO,gBAAA,CAAiB,SAAS,IAAyC,CAAA;AAC5E;AAQO,SAAS,qBAAqB,IAAA,EAAuB;AAC1D,EAAA,OAAO,uBAAuB,IAAA,CAAK,CAAC,WAAW,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAA;AACxE;AAQO,SAAS,kBAAkB,MAAA,EAAyB;AACzD,EAAA,OAAO,MAAA,CAAO,GAAA,CAAI,UAAA,CAAW,gBAAgB,CAAA;AAC/C;AAYO,SAAS,eAAe,OAAA,EAA2D;AACxF,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,UAAA,GAAa,yBAAyB,CAAA;AAGjE;AAQO,SAAS,cAAA,CAAe,SAAuB,WAAA,EAA2C;AAC/F,EAAA,IAAI,CAAC,QAAQ,QAAA,EAAU;AACrB,IAAA,OAAA,CAAQ,WAAW,EAAC;AAAA,EACtB;AACA,EAAA,IAAI,CAAC,OAAA,CAAQ,QAAA,CAAS,UAAA,EAAY;AAChC,IAAA,OAAA,CAAQ,QAAA,CAAS,aAAa,EAAC;AAAA,EACjC;AACA,EAAA,OAAA,CAAQ,QAAA,CAAS,UAAA,CAAW,yBAAyB,CAAA,GAAI,WAAA;AAC3D;AAQO,SAAS,eAAe,OAAA,EAAgC;AAC7D,EAAA,OAAO,OAAA,CAAQ,QAAA,EAAU,UAAA,GAAa,yBAAyB,CAAA,KAAM,MAAA;AACvE;AAwCO,SAAS,kBAAkB,QAAA,EAAqC;AACrE,EAAA,MAAM,WAAA,GAAc,eAAe,QAAQ,CAAA;AAC3C,EAAA,MAAM,QAAA,GAAW,QAAA,CAAS,IAAA,EAAM,UAAA,GAAa,2BAA2B,CAAA;AAIxE,EAAA,OAAO;AAAA,IACL,QAAA;AAAA,IACA,WAAA;AAAA,IACA,YAAA,EAAc,WAAA,GAAc,CAAC,WAAW,IAAI,EAAC;AAAA,IAC7C;AAAA,GACF;AACF;AA+DO,SAAS,0BAA0B,MAAA,EAAyD;AACjG,EAAA,MAAM,QAAA,GAAmC;AAAA,IACvC,gBAAgB,MAAA,CAAO,cAAA;AAAA,IACvB,MAAM,MAAA,CAAO,IAAA;AAAA,IACb,QAAA,EAAU;AAAA,MACR,QAAA,EAAU,OAAO,QAAA,CAAS,QAAA;AAAA,MAC1B,GAAI,OAAO,QAAA,CAAS,OAAA,IAAW,EAAE,OAAA,EAAS,MAAA,CAAO,SAAS,OAAA,EAAQ;AAAA,MAClE,GAAI,OAAO,QAAA,CAAS,SAAA,IAAa,EAAE,SAAA,EAAW,MAAA,CAAO,SAAS,SAAA,EAAU;AAAA,MACxE,GAAI,OAAO,QAAA,CAAS,aAAA,IAAiB,EAAE,aAAA,EAAe,MAAA,CAAO,SAAS,aAAA;AAAc,KACtF;AAAA,IACA,GAAI,MAAA,CAAO,IAAA,IAAQ,EAAE,IAAA,EAAM,OAAO,IAAA,EAAK;AAAA,IACvC,GAAI,MAAA,CAAO,QAAA,IAAY,EAAE,QAAA,EAAU,OAAO,QAAA,EAAS;AAAA,IACnD,GAAI,MAAA,CAAO,KAAA,IAAS,EAAE,KAAA,EAAO,OAAO,KAAA,EAAM;AAAA,IAC1C,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,YAAY,MAAA,CAAO,UAAA;AAAA,IACnB,GAAI,MAAA,CAAO,YAAA,IAAgB,EAAE,YAAA,EAAc,OAAO,YAAA,EAAa;AAAA,IAC/D,GAAI,MAAA,CAAO,WAAA,KAAgB,UAAa,EAAE,WAAA,EAAa,OAAO,WAAA,EAAY;AAAA,IAC1E,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,GAAI,MAAA,CAAO,MAAA,IAAU,EAAE,MAAA,EAAQ,OAAO,MAAA,EAAO;AAAA,IAC7C,GAAI,MAAA,CAAO,IAAA,IAAQ,EAAE,IAAA,EAAM,OAAO,IAAA,EAAK;AAAA,IACvC,GAAI,MAAA,CAAO,UAAA,IAAc,EAAE,UAAA,EAAY,OAAO,UAAA;AAAW,GAC3D;AAEA,EAAA,OAAO,4BAA4B,QAAQ,CAAA;AAC7C;ACxmCO,IAAM,qBAAqBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,YAAA,EAAc,YAAY,CAAC;AAMxE,IAAM,cAAA,GAAiB,CAAC,QAAA,EAAU,YAAA,EAAc,YAAY;AAa5D,IAAM,yBAAyBA,CAAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,WAAA,EAAa,MAAM,CAAC;AAMrE,IAAM,kBAAA,GAAqB,CAAC,QAAA,EAAU,WAAA,EAAa,MAAM;AAqBzD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,OAAA,EAAQ;AAAA;AAAA,EAGpB,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,IAAI,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGlD,MAAA,EAAQ,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAGpC,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA;AACpC,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,MAAM,GAAA,KAAQ;AAE1B,EAAA,IAAI,IAAA,CAAK,QAAA,IAAY,CAAC,IAAA,CAAK,YAAA,IAAgB,CAAC,IAAA,CAAK,WAAA,IAAe,CAAC,IAAA,CAAK,MAAA,EAAQ;AAC5E,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EACE,iGAAA;AAAA,MACF,IAAA,EAAM,CAAC,UAAU;AAAA,KAClB,CAAA;AAAA,EACH;AACF,CAAC;AAuBI,IAAM,4BAAA,GAA+BA,EACzC,MAAA,CAAO;AAAA;AAAA,EAEN,IAAA,EAAM,sBAAA;AAAA;AAAA,EAGN,aAAaA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAG3C,UAAA,EAAYA,EAAE,MAAA,EAAO,CAAE,KAAI,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG7C,QAAA,EAAUA,CAAAA,CACP,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,CAAC,CAAA,CACL,KAAA,CAAM,iBAAiB,EACvB,QAAA;AACL,CAAC,EACA,MAAA,EAAO,CACP,WAAA,CAAY,CAAC,MAAM,GAAA,KAAQ;AAE1B,EAAA,IAAA,CAAK,IAAA,CAAK,SAAS,QAAA,IAAY,IAAA,CAAK,SAAS,WAAA,KAAgB,CAAC,KAAK,WAAA,EAAa;AAC9E,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,CAAA,mDAAA,EAAsD,IAAA,CAAK,IAAI,CAAA,CAAA,CAAA;AAAA,MACxE,IAAA,EAAM,CAAC,aAAa;AAAA,KACrB,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,IAAA,CAAK,UAAA,KAAe,MAAA,IAAa,CAAC,KAAK,QAAA,EAAU;AACnD,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAMA,EAAE,YAAA,CAAa,MAAA;AAAA,MACrB,OAAA,EAAS,mDAAA;AAAA,MACT,IAAA,EAAM,CAAC,UAAU;AAAA,KAClB,CAAA;AAAA,EACH;AACF,CAAC;AAUI,IAAM,yBAAA,GAA4B;AA2BlC,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQ,uBAAuB,QAAA,EAAS;AAAA;AAAA,EAGxC,YAAA,EAAc,6BAA6B,QAAA;AAC7C,CAAC,EACA,MAAA;AAaI,SAAS,yBACd,IAAA,EACsE;AACtE,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,IAAI,CAAA;AACpD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,+BACd,IAAA,EAC4E;AAC5E,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,SAAA,CAAU,IAAI,CAAA;AAC1D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAkBO,SAAS,6BACd,IAAA,EAC0E;AAC1E,EAAA,MAAM,MAAA,GAAS,0BAAA,CAA2B,SAAA,CAAU,IAAI,CAAA;AACxD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,MAAA,CAAO,MAAM,OAAA,EAAQ;AAClD;AAQO,SAAS,4BACd,UAAA,EACkC;AAClC,EAAA,IAAI,CAAC,UAAA,IAAc,EAAE,yBAAA,IAA6B,UAAA,CAAA,EAAa;AAC7D,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAS,4BAAA,CAA6B,UAAA,CAAW,yBAAyB,CAAC,CAAA;AACjF,EAAA,IAAI,OAAO,EAAA,EAAI;AACb,IAAA,OAAO,MAAA,CAAO,KAAA;AAAA,EAChB;AACA,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,iBAAiB,WAAA,EAAwD;AACvF,EAAA,OAAO,WAAA,EAAa,QAAQ,QAAA,KAAa,IAAA;AAC3C;AAQO,SAAS,uBAAuB,WAAA,EAAwD;AAC7F,EAAA,MAAM,IAAA,GAAO,aAAa,YAAA,EAAc,IAAA;AACxC,EAAA,OAAO,IAAA,KAAS,YAAY,IAAA,KAAS,WAAA;AACvC;AAQO,SAAS,uBAAuB,MAAA,EAKd;AACvB,EAAA,MAAM,MAAA,GAA2B,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA,EAAS;AAC7D,EAAA,IAAI,MAAA,CAAO,YAAA,EAAc,MAAA,CAAO,YAAA,GAAe,MAAA,CAAO,YAAA;AACtD,EAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAA,GAAS,MAAA,CAAO,MAAA;AAC1C,EAAA,IAAI,MAAA,CAAO,WAAA,EAAa,MAAA,CAAO,WAAA,GAAc,MAAA,CAAO,WAAA;AACpD,EAAA,OAAO,EAAE,MAAA,EAAO;AAClB;AAQO,SAAS,6BAA6B,MAAA,EAKpB;AACvB,EAAA,MAAM,YAAA,GAAuC,EAAE,IAAA,EAAM,MAAA,CAAO,IAAA,EAAK;AACjE,EAAA,IAAI,MAAA,CAAO,WAAA,EAAa,YAAA,CAAa,WAAA,GAAc,MAAA,CAAO,WAAA;AAC1D,EAAA,IAAI,MAAA,CAAO,UAAA,KAAe,MAAA,EAAW,YAAA,CAAa,aAAa,MAAA,CAAO,UAAA;AACtE,EAAA,IAAI,MAAA,CAAO,QAAA,EAAU,YAAA,CAAa,QAAA,GAAW,MAAA,CAAO,QAAA;AACpD,EAAA,OAAO,EAAE,YAAA,EAAa;AACxB;AASO,SAAS,0BAAA,CACd,QAMA,YAAA,EAMsB;AACtB,EAAA,MAAM,SAA+B,EAAC;AAEtC,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,MAAA,CAAO,MAAA,GAAS,EAAE,QAAA,EAAU,MAAA,CAAO,QAAA,EAAS;AAC5C,IAAA,IAAI,MAAA,CAAO,YAAA,EAAc,MAAA,CAAO,MAAA,CAAO,eAAe,MAAA,CAAO,YAAA;AAC7D,IAAA,IAAI,MAAA,CAAO,MAAA,EAAQ,MAAA,CAAO,MAAA,CAAO,SAAS,MAAA,CAAO,MAAA;AACjD,IAAA,IAAI,MAAA,CAAO,WAAA,EAAa,MAAA,CAAO,MAAA,CAAO,cAAc,MAAA,CAAO,WAAA;AAAA,EAC7D;AAEA,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAA,CAAO,YAAA,GAAe,EAAE,IAAA,EAAM,YAAA,CAAa,IAAA,EAAK;AAChD,IAAA,IAAI,YAAA,CAAa,WAAA,EAAa,MAAA,CAAO,YAAA,CAAa,cAAc,YAAA,CAAa,WAAA;AAC7E,IAAA,IAAI,aAAa,UAAA,KAAe,MAAA;AAC9B,MAAA,MAAA,CAAO,YAAA,CAAa,aAAa,YAAA,CAAa,UAAA;AAChD,IAAA,IAAI,YAAA,CAAa,QAAA,EAAU,MAAA,CAAO,YAAA,CAAa,WAAW,YAAA,CAAa,QAAA;AAAA,EACzE;AAEA,EAAA,OAAO,MAAA;AACT;AClWO,IAAM,wBAAA,GAA2B;AAQjC,IAAM,0BAAA,GAA6B;AAKnC,IAAM,kBAAA,GAAqB;AAAA;AAAA,EAEhC,eAAA,EAAiB,IAAA;AAAA;AAAA,EAEjB,iBAAA,EAAmB,IAAA;AAAA;AAAA,EAEnB,gBAAA,EAAkB,GAAA;AAAA;AAAA,EAElB,aAAA,EAAe,IAAA;AAAA;AAAA,EAEf,eAAA,EAAiB,EAAA;AAAA;AAAA,EAEjB,aAAA,EAAe,GAAA;AAAA;AAAA,EAEf,aAAA,EAAe;AACjB;AASA,IAAMC,YAAWD,CAAAA,CACd,MAAA,EAAO,CACP,GAAA,GACA,GAAA,CAAI,kBAAA,CAAmB,eAAe,CAAA,CACtC,OAAO,CAAC,GAAA,KAAQ,IAAI,UAAA,CAAW,UAAU,GAAG,mBAAmB,CAAA;AAKlE,IAAME,OAAAA,GAASF,CAAAA,CACZ,MAAA,EAAO,CACP,KAAA;AAAA,EACC,wEAAA;AAAA,EACA;AACF,CAAA;AAWK,IAAM,+BAAA,GAAkCA,EAC5C,MAAA,CAAO;AAAA;AAAA,EAEN,QAAQA,CAAAA,CACL,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,kBAAA,CAAmB,eAAe,EACtC,SAAA,CAAU,CAAC,CAAA,KAAM,CAAA,CAAE,aAAa,CAAA;AAAA;AAAA,EAEnC,IAAA,EAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA;AAAA;AAAA,EAE5D,MAAA,EAAQA,CAAAA,CACL,MAAA,EAAO,CACP,GAAA,EAAI,CACJ,GAAA,CAAI,kBAAA,CAAmB,aAAa,CAAA,CACpC,GAAA,CAAI,kBAAA,CAAmB,aAAa;AACzC,CAAC,EACA,MAAA;AAOI,IAAM,2BAAA,GAA8BA,EAAE,MAAA,CAAOA,CAAAA,CAAE,QAAO,EAAGA,CAAAA,CAAE,SAAS;AASpE,IAAM,8BAAA,GAAiCA,EAC3C,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKC,SAAAA;AAAA;AAAA,EAEL,GAAA,EAAKA,SAAAA;AAAA;AAAA,EAEL,KAAKD,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA;AAAA,EAElC,KAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,WAAA,EAAY;AAAA;AAAA,EAElC,GAAA,EAAKE,OAAAA;AAAA;AAAA,EAEL,GAAA,EAAKF,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,gBAAgB,EAAE,QAAA,EAAS;AAAA;AAAA,EAElE,GAAA,EAAK,4BAA4B,QAAA;AACnC,CAAC,EACA,MAAA;AA6BI,SAAS,iCAAiC,KAAA,EAA6C;AAC5F,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,KAAK,CAAA;AAC7D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,UAAA,EAAY,8BAAA;AAAA,IACZ,aAAA,EAAe,YAAY,OAAA,IAAW;AAAA,GACxC;AACF;AAQO,SAAS,2BAA2B,MAAA,EAAqD;AAC9F,EAAA,OAAO,8BAAA,CAA+B,SAAA,CAAU,MAAM,CAAA,CAAE,OAAA;AAC1D;AAQO,SAAS,kCAAkC,KAAA,EAA6C;AAC7F,EAAA,MAAM,MAAA,GAAS,+BAAA,CAAgC,SAAA,CAAU,KAAK,CAAA;AAC9D,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AAAA,EACvB;AACA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,KAAA;AAAA,IACP,UAAA,EAAY,mCAAA;AAAA,IACZ,aAAA,EAAe,YAAY,OAAA,IAAW;AAAA,GACxC;AACF;AAQO,SAAS,4BACd,OAAA,EACsC;AACtC,EAAA,OAAO,+BAAA,CAAgC,SAAA,CAAU,OAAO,CAAA,CAAE,OAAA;AAC5D;AAiCO,SAAS,+BACd,MAAA,EAC0B;AAC1B,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,OAAO,SAAA,IAAa,GAAA;AAItC,EAAA,IAAI,mBAAmB,MAAA,CAAO,MAAA;AAC9B,EAAA,OAAO,gBAAA,CAAiB,QAAA,CAAS,GAAG,CAAA,EAAG;AACrC,IAAA,gBAAA,GAAmB,gBAAA,CAAiB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,GAAA,GAA+B,EAAE,GAAG,MAAA,CAAO,UAAA,EAAW;AAC5D,EAAA,IAAI,OAAO,WAAA,EAAa;AACtB,IAAA,GAAA,CAAI,0BAA0B,IAAI,MAAA,CAAO,WAAA;AAAA,EAC3C;AAEA,EAAA,MAAM,MAAA,GAAmC;AAAA,IACvC,GAAA,EAAK,gBAAA;AAAA,IACL,KAAK,MAAA,CAAO,QAAA;AAAA,IACZ,GAAA,EAAK,GAAA;AAAA,IACL,KAAK,GAAA,GAAM,SAAA;AAAA,IACX,KAAK,MAAA,CAAO,GAAA;AAAA,IACZ,GAAI,MAAA,CAAO,GAAA,IAAO,EAAE,GAAA,EAAK,OAAO,GAAA,EAAI;AAAA,IACpC,GAAI,OAAO,IAAA,CAAK,GAAG,EAAE,MAAA,GAAS,CAAA,IAAK,EAAE,GAAA;AAAI,GAC3C;AAEA,EAAA,OAAO,8BAAA,CAA+B,MAAM,MAAM,CAAA;AACpD;AAeO,SAAS,kBAAkB,MAAA,EAA0C;AAC1E,EAAA,OAAO,EAAE,KAAA,IAAS,MAAA,CAAA,IAAW,EAAE,KAAA,IAAS,MAAA,CAAA,IAAW,EAAE,SAAA,IAAa,MAAA,CAAA;AACpE;AAQO,SAAS,iBAAiB,MAAA,EAA0C;AACzE,EAAA,OAAO,KAAA,IAAS,MAAA,IAAU,KAAA,IAAS,MAAA,IAAU,SAAA,IAAa,MAAA;AAC5D;AChSO,IAAM,wBAAA,GAA2B;AAAA;AAAA,EAEtC,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,SAAA,EAAW,KAAA;AAAA,EACX,WAAA,EAAa,IAAA;AAAA;AAAA,EAEb,GAAA,EAAK,KAAA;AAAA;AAAA,EAEL,UAAA,EAAY,KAAA;AAAA,EACZ,YAAA,EAAc,IAAA;AAAA;AAAA,EAEd,IAAA,EAAM;AACR;AAOO,IAAMG,oBAAmBH,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA,CAAM,yBAAyB,2CAA2C;AAGtE,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAA;AAAA,EACC,kDAAA;AAAA,EACA;AACF;AAGK,IAAM,sBAAsBA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,WAAW,CAAC;AAMzD,IAAM,gBAAA,GAAmBA,CAAAA,CAC7B,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,IAAI,CAAA,CACR,OAAO,CAAC,GAAA,KAAQ,GAAA,CAAI,UAAA,CAAW,UAAU,CAAA,EAAG;AAAA,EAC3C,OAAA,EAAS;AACX,CAAC,CAAA,CACA,MAAA;AAAA,EACC,CAAC,GAAA,KAAQ;AACP,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,CAAA;AAC1B,MAAA,OAAO,CAAC,MAAA,CAAO,QAAA,IAAY,CAAC,MAAA,CAAO,QAAA;AAAA,IACrC,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAGK,IAAM,yBAAA,GAA4BA,EAAE,MAAA,CAAO;AAAA,EAChD,WAAA,EAAaG,iBAAAA;AAAA,EACb,WAAA,EAAa,iBAAiB,QAAA,EAAS;AAAA,EACvC,WAAA,EAAa,iBAAiB,QAAA,EAAS;AAAA,EACvC,cAAA,EAAgBH,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC9E,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC7E,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC7E,uBAAA,EAAyBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EACvF,cAAA,EAAgBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC9E,kBAAA,EAAoBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAClF,eAAA,EAAiBA,EAAE,MAAA,EAAO,CAAE,IAAI,kBAAA,CAAmB,iBAAiB,EAAE,QAAA;AACxE,CAAC;AAGM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA,EACxC,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC3B,MAAA,EAAQ,mBAAA;AAAA,EACR,UAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,QAAA,EAAS;AAAA,EACpC,WAAWA,CAAAA,CAAE,KAAA,CAAMA,EAAE,MAAA,EAAQ,EAAE,QAAA;AACjC,CAAC;AAaD,eAAsB,kBAAkB,GAAA,EAAkC;AACxE,EAAA,IAAI,CAAC,UAAA,CAAW,MAAA,EAAQ,MAAA,EAAQ;AAC9B,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,GAAG,CAAA;AACzC,EAAA,MAAM,OAAO,MAAM,UAAA,CAAW,OAAO,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAClE,EAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAI,WAAW,IAAI,CAAC,EACxC,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAC,CAAA,CAC1C,IAAA,CAAK,EAAE,CAAA;AACV,EAAA,OAAO,UAAU,GAAG,CAAA,CAAA;AACtB;AAgBO,SAAS,0BAAA,CACd,SACA,IAAA,EACyB;AACzB,EAAA,MAAM,aAAuB,EAAC;AAG9B,EAAA,MAAM,SAAA,GAAYG,iBAAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,EAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,IAAA,UAAA,CAAW,IAAA,CAAK,CAAA,4BAAA,EAA+B,OAAA,CAAQ,WAAW,CAAA,CAAE,CAAA;AAAA,EACtE;AAGA,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,IAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,MAAA,UAAA,CAAW,KAAK,qDAAqD,CAAA;AAAA,IACvE;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA;AACzC,EAAA,MAAM,YAAY,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,UAAU,CAAA,CAAE,UAAA;AACvD,EAAA,IAAI,SAAA,GAAY,KAAK,QAAA,EAAU;AAC7B,IAAA,UAAA,CAAW,IAAA;AAAA,MACT,gBAAgB,SAAS,CAAA,+BAAA,EAAkC,KAAK,QAAQ,CAAA,WAAA,EAAc,KAAK,SAAS,CAAA;AAAA,KACtG;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,SAAA,CAAU,OAAA,CAAQ,WAAW,CAAA;AAChE,IAAA,IAAI,CAAC,UAAU,OAAA,EAAS;AACtB,MAAA,KAAA,MAAW,KAAA,IAAS,SAAA,CAAU,KAAA,CAAM,MAAA,EAAQ;AAC1C,QAAA,UAAA,CAAW,IAAA,CAAK,CAAA,qBAAA,EAAwB,KAAA,CAAM,OAAO,CAAA,CAAE,CAAA;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,YAAA,GAAoD;AAAA,IACxD,CAAC,gBAAA,EAAkB,OAAA,CAAQ,cAAc,CAAA;AAAA,IACzC,CAAC,eAAA,EAAiB,OAAA,CAAQ,aAAa,CAAA;AAAA,IACvC,CAAC,eAAA,EAAiB,OAAA,CAAQ,aAAa,CAAA;AAAA,IACvC,CAAC,yBAAA,EAA2B,OAAA,CAAQ,uBAAuB,CAAA;AAAA,IAC3D,CAAC,gBAAA,EAAkB,OAAA,CAAQ,cAAc,CAAA;AAAA,IACzC,CAAC,oBAAA,EAAsB,OAAA,CAAQ,kBAAkB,CAAA;AAAA,IACjD,CAAC,iBAAA,EAAmB,OAAA,CAAQ,eAAe;AAAA,GAC7C;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,KAAK,CAAA,IAAK,YAAA,EAAc;AACxC,IAAA,IAAI,KAAA,KAAU,MAAA,IAAa,KAAA,CAAM,MAAA,GAAS,mBAAmB,iBAAA,EAAmB;AAC9E,MAAA,UAAA,CAAW,IAAA;AAAA,QACT,GAAG,IAAI,CAAA,QAAA,EAAW,MAAM,MAAM,CAAA,2BAAA,EAA8B,mBAAmB,iBAAiB,CAAA;AAAA,OAClG;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,EAAE,KAAA,EAAO,UAAA,CAAW,MAAA,KAAW,GAAG,UAAA,EAAW;AACtD;AAYA,eAAsB,4BACpB,OAAA,EACwB;AACxB,EAAA,IAAI,OAAA,CAAQ,gBAAgB,MAAA,EAAW;AACrC,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,QAAA,GAAW,MAAM,iBAAA,CAAkB,OAAA,CAAQ,WAAW,CAAA;AAC5D,EAAA,IAAI,QAAA,KAAa,QAAQ,WAAA,EAAa;AACpC,IAAA,OAAO,CAAA,+BAAA,EAAkC,QAAQ,CAAA,MAAA,EAAS,OAAA,CAAQ,WAAW,CAAA,CAAA;AAAA,EAC/E;AACA,EAAA,OAAO,IAAA;AACT;ACxMA,SAAS,mBAAmB,CAAA,EAAoB;AAC9C,EAAA,MAAM,GAAA,GAAM,uBAAuB,CAAC,CAAA;AACpC,EAAA,IAAI,GAAA,KAAQ,MAAM,OAAO,KAAA;AAEzB,EAAA,OAAO,IAAI,GAAA,KAAQ,QAAA;AACrB;AAWA,IAAM,YAAA,GACJ,wHAAA;AAEF,SAAS,gBAAgB,CAAA,EAAoB;AAC3C,EAAA,OAAO,YAAA,CAAa,KAAK,CAAC,CAAA;AAC5B;AAWO,IAAM,qBAAA,GAAwB;AAAA;AAAA,EAEnC,oBAAA,EAAsB,0BAAA;AAAA;AAAA,EAEtB,oBAAA,EAAsB;AACxB;AAiBO,IAAM,gCAAA,GAAmCH,EAC7C,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,YAAA,EAAcA,EACX,MAAA,EAAO,CACP,IAAI,qBAAA,CAAsB,oBAAoB,CAAA,CAC9C,MAAA,CAAO,kBAAA,EAAoB;AAAA,IAC1B,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAKZ,YAAA,EAAcA,EACX,MAAA,EAAO,CACP,IAAI,qBAAA,CAAsB,oBAAoB,CAAA,CAC9C,MAAA,CAAO,eAAA,EAAiB;AAAA,IACvB,OAAA,EAAS;AAAA,GACV,EACA,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAKZ,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,KAAI,CAAE,MAAA,EAAO,CAAE,WAAA,EAAY,CAAE,GAAA,CAAI,MAAA,CAAO,gBAAgB,EAAE,QAAA;AACvF,CAAC,EACA,MAAA;AClGI,IAAM,gBAAA,GAAmB;AAAA;AAAA,EAE9B,qBAAA,EAAuB,GAAA;AAAA,EACvB,iBAAA,EAAmB,EAAA;AAAA,EACnB,kBAAA,EAAoB,GAAA;AAAA;AAAA,EAGpB,oBAAA,EAAsB,GAAA;AAAA,EACtB,iBAAA,EAAmB,EAAA;AAAA,EACnB,oBAAA,EAAsB,EAAA;AAAA,EACtB,kBAAA,EAAoB,GAAA;AAAA,EACpB,cAAA,EAAgB,GAAA;AAAA,EAChB,sBAAA,EAAwB,EAAA;AAAA;AAAA,EAGxB,iBAAA,EAAmB,IAAA;AAAA,EACnB,eAAA,EAAiB,GAAA;AAAA;AAAA,EAGjB,oBAAA,EAAsB,IAAA;AAAA,EACtB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,IAAA;AAAA,EACxB,wBAAA,EAA0B,IAAA;AAAA;AAAA,EAG1B,iBAAA,EAAmB,GAAA;AAAA;AAAA,EAGnB,gBAAA,EAAkB,EAAA;AAAA,EAClB,eAAA,EAAiB,EAAA;AAAA,EACjB,mBAAA,EAAqB,GAAA;AAAA,EACrB,kBAAA,EAAoB,GAAA;AAAA,EACpB,kBAAA,EAAoB,EAAA;AAAA;AAAA,EAGpB,qBAAA,EAAuB,GAAA;AAAA,EACvB,sBAAA,EAAwB,GAAA;AAAA,EACxB,sBAAA,EAAwB,EAAA;AAAA,EACxB,qBAAA,EAAuB,GAAA;AAAA,EACvB,qBAAA,EAAuB,GAAA;AAAA,EACvB,qBAAA,EAAuB,EAAA;AAAA;AAAA,EAGvB,kBAAA,EAAoB,GAAA;AAAA,EACpB,iBAAA,EAAmB,GAAA;AAAA,EACnB,gBAAA,EAAkB,GAAA;AAAA,EAClB,wBAAA,EAA0B,GAAA;AAAA;AAAA,EAG1B,2BAAA,EAA6B,GAAA;AAAA,EAC7B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,4BAAA,EAA8B,GAAA;AAAA,EAC9B,0BAAA,EAA4B,GAAA;AAAA;AAAA,EAG5B,yBAAA,EAA2B,GAAA;AAAA,EAC3B,sBAAA,EAAwB,EAAA;AAAA,EACxB,sBAAA,EAAwB,GAAA;AAAA,EACxB,oBAAA,EAAsB,GAAA;AAAA,EACtB,iBAAA,EAAmB,GAAA;AAAA,EACnB,uBAAA,EAAyB,GAAA;AAAA;AAAA,EAGzB,mBAAA,EAAqB,GAAA;AAAA,EACrB,kBAAA,EAAoB,GAAA;AAAA,EACpB,2BAAA,EAA6B,GAAA;AAAA,EAC7B,oBAAA,EAAsB,EAAA;AAAA,EACtB,kBAAA,EAAoB,GAAA;AAAA,EACpB,sBAAA,EAAwB,GAAA;AAAA,EACxB,kBAAA,EAAoB,EAAA;AAAA,EACpB,oBAAA,EAAsB,EAAA;AAAA;AAAA,EAGtB,mBAAA,EAAqB,GAAA;AAAA,EACrB,uBAAA,EAAyB,GAAA;AAAA,EACzB,wBAAA,EAA0B,IAAA;AAAA,EAC1B,4BAAA,EAA8B,GAAA;AAAA;AAAA,EAG9B,wBAAA,EAA0B,EAAA;AAAA,EAC1B,wBAAA,EAA0B,GAAA;AAAA,EAC1B,qBAAA,EAAuB,GAAA;AAAA,EACvB,0BAAA,EAA4B,EAAA;AAAA;AAAA,EAG5B,iBAAA,EAAmB,IAAA;AAAA,EACnB,qBAAA,EAAuB,EAAA;AAAA;AAAA,EACvB,wBAAA,EAA0B,EAAA;AAAA,EAC1B,oBAAA,EAAsB,EAAA;AAAA,EACtB,uBAAA,EAAyB;AAC3B;;;AC7FA,IAAM,SAAA,GAAY,mCAAA;AAMlB,IAAM,eAAA,GAAkB,uBAAA;AAkBjB,SAAS,oBAAoB,GAAA,EAAsB;AACxD,EAAA,IAAI,IAAI,MAAA,KAAW,CAAA,IAAK,IAAI,MAAA,GAAS,gBAAA,CAAiB,uBAAuB,OAAO,KAAA;AAEpF,EAAA,MAAM,QAAA,GAAW,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAChC,EAAA,IAAI,QAAA,IAAY,GAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,MAAA,GAAS,GAAA,CAAI,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AACpC,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAEtC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,GAAG,OAAO,KAAA;AAClC,EAAA,IAAI,MAAA,CAAO,MAAA,GAAS,gBAAA,CAAiB,kBAAA,EAAoB,OAAO,KAAA;AAEhE,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACjC,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,CAAK,OAAO,GAAG,OAAO,KAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,KAAA,CAAM,GAAG,CAAA;AAC/B,EAAA,KAAA,MAAW,SAAS,MAAA,EAAQ;AAC1B,IAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,MAAA,GAAS,gBAAA,CAAiB,mBAAmB,OAAO,KAAA;AACpF,IAAA,IAAI,CAAC,SAAA,CAAU,IAAA,CAAK,KAAK,GAAG,OAAO,KAAA;AAAA,EACrC;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,CAAA,EAAmB;AACtD,EAAA,OAAO,EAAE,OAAA,CAAQ,IAAA,EAAM,IAAI,CAAA,CAAE,OAAA,CAAQ,OAAO,IAAI,CAAA;AAClD;AAUO,SAAS,gBAAA,CAAiB,UAAkB,OAAA,EAAyC;AAC1F,EAAA,MAAM,OAAA,GAAU,qBAAqB,QAAQ,CAAA;AAC7C,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,CAAC,MAAM,oBAAA,CAAqB,MAAA,CAAO,CAAC,CAAC,CAAC,CAAA;AACnE,EAAA,OAAO,CAAA,YAAA,EAAe,OAAO,CAAA,CAAA,IAAM,QAAA,CAAS,MAAA,GAAS,IAAI,GAAA,GAAM,QAAA,CAAS,IAAA,CAAK,GAAG,CAAA,GAAI,EAAA,CAAA;AACtF;ACzEO,IAAM,sBAAA,GAAyB;AAGtC,IAAM,oBAAA,GAAuB,YAAA;AAMtB,IAAM,uBAAA,GAA0BA,CAAAA,CACpC,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CACzC,KAAA;AAAA,EACC,oBAAA;AAAA,EACA;AACF;AAYK,SAAS,mBAAmB,KAAA,EAAiC;AAClE,EAAA,OAAO,uBAAA,CAAwB,SAAA,CAAU,KAAK,CAAA,CAAE,OAAA;AAClD;AAEO,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAcA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMzE,YAAA,EAAc,uBAAA;AAAA;AAAA,EAEd,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA;AAAA;AAAA,EAElE,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,kBAAkB,EAAE,QAAA,EAAS;AAAA;AAAA,EAExE,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,cAAc,EAAE,QAAA,EAAS;AAAA;AAAA,EAEhE,GAAA,EAAKA,EAAE,IAAA,CAAK,CAAC,QAAQ,MAAM,CAAC,EAAE,QAAA,EAAS;AAAA;AAAA,EAEvC,KAAA,EAAOA,CAAAA,CACJ,IAAA,CAAK,CAAC,eAAA,EAAiB,SAAA,EAAW,YAAA,EAAc,QAAA,EAAU,MAAA,EAAQ,YAAY,CAAC,CAAA,CAC/E,QAAA;AACL,CAAC,EACA,MAAA;ACvDI,IAAM,oBAAA,GAAuB;AAE7B,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA;AAAA;AAAA,EAElE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,eAAe,CAAA;AAAA;AAAA,EAE9D,UAAUA,CAAAA,CAAE,IAAA,CAAK,CAAC,OAAA,EAAS,MAAA,EAAQ,QAAQ,CAAC;AAC9C,CAAC,EACA,MAAA;ACXI,IAAM,uBAAA,GAA0B;AAMhC,IAAM,eAAA,GAAkB;AAAA,EAC7B,kBAAA;AAAA,EACA,mBAAA;AAAA,EACA,kBAAA;AAAA,EACA,sBAAA;AAAA,EACA,cAAA;AAAA,EACA,oBAAA;AAAA,EACA;AACF;AAEO,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAUlD,IAAM,oBAAA,GAAuBA,EACjC,MAAA,CAAO;AAAA;AAAA,EAEN,MAAA,EAAQA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,GAAA,CAAI,GAAG,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA;AAAA;AAAA,EAEzC,IAAA,EAAMA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CAAE,GAAA,EAAI;AAAA;AAAA,EAEvE,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,qBAAqB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEvE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,sBAAsB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEzE,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,wBAAwB,EAAE,QAAA;AACtE,CAAC,EACA,WAAA;AAEI,IAAM,wBAAA,GAA2BA,EACrC,MAAA,CAAO;AAAA;AAAA,EAEN,cAAA,EAAgB,mBAAA;AAAA;AAAA,EAEhB,OAAA,EAAS,oBAAA;AAAA;AAAA,EAET,QAAA,EAAUA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,iBAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAEtE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,eAAe,EAAE,QAAA,EAAS;AAAA;AAAA,EAElE,YAAA,EAAcA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAClD,CAAC,EACA,MAAA;ACtDI,IAAM,sBAAA,GAAyB;AAE/B,IAAM,uBAAA,GAA0BA,EACpC,MAAA,CAAO;AAAA;AAAA,EAEN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,gBAAA,CAAiB,iBAAiB,EAAE,QAAA;AAChE,CAAC,EACA,MAAA;ACNI,IAAM,yBAAA,GAA4B;AAGzC,IAAM,gBAAA,GAAmB,gBAAA;AAGzB,IAAM,eAAA,GAAkB,gBAAA;AAEjB,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,CAAAA,CACP,MAAA,EAAO,CACP,MAAA,CAAO,gBAAA,CAAiB,gBAAgB,CAAA,CACxC,KAAA,CAAM,gBAAA,EAAkB,8CAA8C,CAAA,CACtE,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAASA,CAAAA,CACN,MAAA,EAAO,CACP,MAAA,CAAO,gBAAA,CAAiB,eAAe,CAAA,CACvC,KAAA,CAAM,eAAA,EAAiB,6CAA6C,CAAA,CACpE,QAAA,EAAS;AAAA;AAAA,EAEZ,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAElF,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhF,YAAYA,CAAAA,CACT,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAC,CAAA,CAChE,IAAI,gBAAA,CAAiB,kBAAkB,EACvC,QAAA;AACL,CAAC,EACA,MAAA;ACLI,IAAM,kBAAA,GAAqBA,CAAAA,CAC/B,MAAA,EAAO,CACP,GAAA,CAAI,EAAE,CAAA,CACN,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,4DAA4D;AAUnF,IAAM,oBAAA,GAAuB,iBAAA;AAwBtB,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,EAAO,CACP,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,IAAI,CAAA,CACR,MAAA;AAAA,EACC,CAAC,KAAA,KAAU;AAET,IAAA,IAAI,oBAAA,CAAqB,IAAA,CAAK,KAAK,CAAA,EAAG,OAAO,KAAA;AAG7C,IAAA,IAAI,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG,OAAO,KAAA;AAEhC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,KAAK,CAAA;AAGzB,MAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,EAAU,OAAO,KAAA;AAGtC,MAAA,IAAI,IAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAGvD,MAAA,IAAI,CAAC,GAAA,CAAI,QAAA,EAAU,OAAO,KAAA;AAE1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF,CAAA;AAAA,EACA;AAAA,IACE,OAAA,EAAS;AAAA;AAEb;AAuBF,IAAM,qBAAA,GAAwB,CAAC,GAAA,EAAK,GAAA,EAAK,KAAK,GAAG,CAAA;AAMjD,IAAM,qBAAA,GAAwB,CAAC,GAAA,EAAK,GAAA,EAAK,GAAG,CAAA;AAoBrC,SAAS,qBAAqB,KAAA,EAA0C;AAC7E,EAAA,IAAI,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,WAAW,CAAA,IAAK,KAAA,CAAM,SAAS,EAAA,EAAI;AACxE,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA,KAAM,KAAK,OAAO,IAAA;AAEpC,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,MAAM,MAAM,KAAA,CAAM,MAAA;AAGlB,EAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AAEvB,EAAA,MAAM,MAAA,GAA6B;AAAA,IACjC,KAAA,EAAO,CAAA;AAAA,IACP,MAAA,EAAQ,CAAA;AAAA,IACR,KAAA,EAAO,CAAA;AAAA,IACP,IAAA,EAAM,CAAA;AAAA,IACN,KAAA,EAAO,CAAA;AAAA,IACP,OAAA,EAAS,CAAA;AAAA,IACT,OAAA,EAAS;AAAA,GACX;AAEA,EAAA,IAAI,UAAA,GAAa,KAAA;AACjB,EAAA,IAAI,eAAA,GAAkB,KAAA;AAGtB,EAAA,MAAM,eAAA,uBAAsB,GAAA,EAAY;AAGxC,EAAA,IAAI,YAAA,GAAe,CAAA;AACnB,EAAA,IAAI,YAAA,GAAe,CAAA;AAEnB,EAAA,OAAO,MAAM,GAAA,EAAK;AAChB,IAAA,IAAI,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,KAAM,GAAA,EAAK;AAC7B,MAAA,IAAI,YAAY,OAAO,IAAA;AACvB,MAAA,UAAA,GAAa,IAAA;AACb,MAAA,GAAA,EAAA;AACA,MAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AACvB,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,QAAA,GAAW,GAAA;AACjB,IAAA,OAAO,GAAA,GAAM,GAAA,IAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,IAAK,GAAA,IAAO,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA,IAAK,GAAA,EAAK;AACxE,MAAA,GAAA,EAAA;AAAA,IACF;AACA,IAAA,IAAI,GAAA,KAAQ,UAAU,OAAO,IAAA;AAE7B,IAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,QAAA,EAAU,GAAG,CAAA;AAKxC,IAAA,IAAI,MAAA,CAAO,MAAA,GAAS,EAAA,EAAI,OAAO,IAAA;AAC/B,IAAA,MAAM,GAAA,GAAM,QAAA,CAAS,MAAA,EAAQ,EAAE,CAAA;AAC/B,IAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,IAAK,GAAA,GAAM,GAAG,OAAO,IAAA;AAE7C,IAAA,IAAI,GAAA,IAAO,KAAK,OAAO,IAAA;AAEvB,IAAA,MAAM,UAAA,GAAa,KAAA,CAAM,MAAA,CAAO,GAAG,CAAA;AACnC,IAAA,GAAA,EAAA;AAGA,IAAA,MAAM,aAAA,GAAA,CAAiB,UAAA,GAAa,GAAA,GAAM,EAAA,IAAM,UAAA;AAChD,IAAA,IAAI,eAAA,CAAgB,GAAA,CAAI,aAAa,CAAA,EAAG,OAAO,IAAA;AAC/C,IAAA,eAAA,CAAgB,IAAI,aAAa,CAAA;AAEjC,IAAA,IAAI,UAAA,EAAY;AAEd,MAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,OAAA,CAAQ,UAA6B,CAAA;AAC3E,MAAA,IAAI,OAAA,KAAY,IAAI,OAAO,IAAA;AAC3B,MAAA,IAAI,OAAA,GAAU,cAAc,OAAO,IAAA;AACnC,MAAA,YAAA,GAAe,OAAA,GAAU,CAAA;AAEzB,MAAA,QAAQ,UAAA;AAAY,QAClB,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,OAAA,GAAU,GAAA;AACjB,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,OAAA,GAAU,GAAA;AACjB,UAAA;AAAA;AACJ,IACF,CAAA,MAAO;AAEL,MAAA,MAAM,OAAA,GAAU,qBAAA,CAAsB,OAAA,CAAQ,UAAmC,CAAA;AACjF,MAAA,IAAI,OAAA,KAAY,IAAI,OAAO,IAAA;AAC3B,MAAA,IAAI,OAAA,GAAU,cAAc,OAAO,IAAA;AACnC,MAAA,YAAA,GAAe,OAAA,GAAU,CAAA;AAEzB,MAAA,QAAQ,UAAA;AAAY,QAClB,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,MAAA,GAAS,GAAA;AAChB,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,KAAA,GAAQ,GAAA;AACf,UAAA;AAAA,QACF,KAAK,GAAA;AACH,UAAA,MAAA,CAAO,IAAA,GAAO,GAAA;AACd,UAAA;AAAA;AACJ,IACF;AAEA,IAAA,eAAA,GAAkB,IAAA;AAAA,EACpB;AAEA,EAAA,IAAI,CAAC,iBAAiB,OAAO,IAAA;AAG7B,EAAA,IAAI,MAAA,CAAO,KAAA,GAAQ,CAAA,KAAM,MAAA,CAAO,KAAA,GAAQ,CAAA,IAAK,MAAA,CAAO,MAAA,GAAS,CAAA,IAAK,MAAA,CAAO,IAAA,GAAO,CAAA,CAAA,EAAI;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAiBO,IAAM,wBAAwBA,CAAAA,CAClC,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,EAAE,CAAA,CACN,OAAO,CAAC,KAAA,KAAU,oBAAA,CAAqB,KAAK,MAAM,IAAA,EAAM;AAAA,EACvD,OAAA,EAAS;AACX,CAAC;AAiBI,IAAM,uBAAA,GAA0BA,EACpC,MAAA,EAAO,CACP,OAAO,EAAE,CAAA,CACT,MAAM,mDAAA,EAAqD;AAAA,EAC1D,OAAA,EAAS;AACX,CAAC;AAKI,IAAM,iBAAA,GAAoB;AAmB1B,IAAM,8BAA8BA,CAAAA,CAAE,GAAA,CAAI,SAAS,EAAE,MAAA,EAAQ,MAAM;AAW1E,IAAM,uBAAA,GAA0B,oBAAA;AAkBzB,IAAM,qBAAA,GAAwBA,CAAAA,CAAE,GAAA,CACpC,QAAA,CAAS,EAAE,MAAA,EAAQ,IAAA,EAAM,CAAA,CACzB,OAAO,CAAC,KAAA,KAAkB,uBAAA,CAAwB,IAAA,CAAK,KAAK,CAAA,EAAG;AAAA,EAC9D,OAAA,EAAS;AACX,CAAC;AAQI,IAAM,sBAAA,GAAyB;AA0BtC,SAAS,4BAA4B,IAAA,EAAuB;AAC1D,EAAA,IAAI,OAAO,SAAS,QAAA,IAAY,IAAA,CAAK,WAAW,CAAA,IAAK,IAAA,CAAK,SAAS,GAAA,EAAK;AACtE,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,IAAI,OAAA,GAAU,EAAA;AAEd,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,IAAA,CAAK,QAAQ,CAAA,EAAA,EAAK;AACpC,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,MAAA,CAAO,CAAC,CAAA;AACxB,IAAA,IAAI,EAAA,KAAO,GAAA,IAAO,EAAA,KAAO,GAAA,EAAK;AAC5B,MAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,QAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AACnB,QAAA,OAAA,GAAU,EAAA;AAAA,MACZ;AACA,MAAA,MAAA,CAAO,KAAK,EAAE,CAAA;AAAA,IAChB,CAAA,MAAA,IAAW,EAAA,KAAO,GAAA,IAAO,EAAA,KAAO,GAAA,EAAM;AACpC,MAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,QAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AACnB,QAAA,OAAA,GAAU,EAAA;AAAA,MACZ;AAAA,IACF,CAAA,MAAO;AACL,MAAA,OAAA,IAAW,EAAA;AAAA,IACb;AAAA,EACF;AACA,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACtB,IAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AAAA,EACrB;AAEA,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAGhC,EAAA,IAAI,GAAA,GAAM,CAAA;AAEV,EAAA,SAAS,IAAA,GAA2B;AAClC,IAAA,OAAO,OAAO,GAAG,CAAA;AAAA,EACnB;AAEA,EAAA,SAAS,OAAA,GAAkB;AACzB,IAAA,OAAO,OAAO,GAAA,EAAK,CAAA;AAAA,EACrB;AAIA,EAAA,SAAS,YAAY,KAAA,EAAwB;AAC3C,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,GAAG,IAAI,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,KAAA;AACxD,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAE9B,IAAA,IAAI,IAAA,CAAK,UAAA,CAAW,aAAa,CAAA,EAAG;AAClC,MAAA,MAAM,GAAA,GAAM,IAAA,CAAK,KAAA,CAAM,EAAE,CAAA;AACzB,MAAA,OAAO,GAAA,CAAI,MAAA,GAAS,CAAA,IAAK,8BAAA,CAA+B,KAAK,GAAG,CAAA;AAAA,IAClE;AAEA,IAAA,OAAO,8BAAA,CAA+B,KAAK,IAAI,CAAA;AAAA,EACjD;AAEA,EAAA,SAAS,cAAc,KAAA,EAAwB;AAC7C,IAAA,OAAO,8BAAA,CAA+B,KAAK,KAAK,CAAA;AAAA,EAClD;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,IAAA,OAAO,GAAA,GAAM,OAAO,MAAA,EAAQ;AAC1B,MAAA,MAAM,KAAK,IAAA,EAAK;AAChB,MAAA,IAAI,EAAA,KAAO,KAAA,IAAS,EAAA,KAAO,IAAA,EAAM;AAC/B,QAAA,OAAA,EAAQ;AACR,QAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AAAA,MAC3B,CAAA,MAAO;AACL,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,IAAA,IAAI,IAAA,OAAW,MAAA,EAAQ;AACrB,MAAA,OAAA,EAAQ;AACR,MAAA,MAAM,YAAY,IAAA,EAAK;AACvB,MAAA,IAAI,cAAc,MAAA,IAAa,CAAC,aAAA,CAAc,SAAS,GAAG,OAAO,KAAA;AACjE,MAAA,OAAA,EAAQ;AAAA,IACV;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,SAAS,SAAA,GAAqB;AAC5B,IAAA,MAAM,QAAQ,IAAA,EAAK;AACnB,IAAA,IAAI,KAAA,KAAU,QAAW,OAAO,KAAA;AAEhC,IAAA,IAAI,UAAU,GAAA,EAAK;AACjB,MAAA,OAAA,EAAQ;AACR,MAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,KAAA;AACzB,MAAA,IAAI,IAAA,EAAK,KAAM,GAAA,EAAK,OAAO,KAAA;AAC3B,MAAA,OAAA,EAAQ;AACR,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,IAAI,UAAU,GAAA,IAAO,KAAA,KAAU,SAAS,KAAA,KAAU,IAAA,IAAQ,UAAU,MAAA,EAAQ;AAC1E,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAC,WAAA,CAAY,KAAK,CAAA,EAAG,OAAO,KAAA;AAChC,IAAA,OAAA,EAAQ;AACR,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAS,SAAA,EAAU;AACzB,EAAA,OAAO,MAAA,IAAU,QAAQ,MAAA,CAAO,MAAA;AAClC;AAWO,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAAE,MAAA,CAAO,2BAAA,EAA6B;AAAA,EACjG,OAAA,EACE;AACJ,CAAC;;;ACtgBM,IAAM,qBAAA,GAAwB;AAQ9B,IAAM,gBAAA,GAAmB,CAAC,SAAA,EAAW,WAAA,EAAa,UAAU,SAAS;AACrE,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAGnD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,aAAA,EAAeA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA;AAAA;AAAA,EAG3E,cAAA,EAAgB,mBAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhB,iBAAiBA,CAAAA,CACd,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAC,CAAA,CACnE,IAAI,gBAAA,CAAiB,sBAAsB,EAC3C,QAAA,EAAS;AAAA;AAAA,EAGZ,gBAAA,EAAkB,sBAAsB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjD,cAAA,EAAgBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOxF,cAAA,EAAgB,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAG5C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9E,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA;AAC9E,CAAC,EACA,MAAA;AC1DI,IAAM,qBAAA,GAAwB;AAQ9B,IAAM,eAAA,GAAkB,CAAC,YAAA,EAAc,YAAA,EAAc,cAAc;AACnE,IAAM,mBAAA,GAAsBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AAQlD,IAAM,gBAAA,GAAmB,CAAC,UAAA,EAAY,WAAA,EAAa,eAAe,QAAQ;AAC1E,IAAM,oBAAA,GAAuBA,CAAAA,CAAE,IAAA,CAAK,gBAAgB;AAGpD,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,mBAAA,EAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,2BAA2B,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvF,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5F,gBAAA,EAAkB,sBAAsB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjD,cAAA,EAAgB,oBAAoB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7C,eAAA,EAAiB,qBAAqB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO/C,oBAAA,EAAsBA,CAAAA,CACnB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,4BAA4B,CAAA,CACjD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,qBAAA,EAAuBA,CAAAA,CACpB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,4BAA4B,CAAA,CACjD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,kBAAA,EAAoBA,CAAAA,CACjB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,0BAA0B,CAAA,CAC/C,QAAA;AACL,CAAC,EACA,MAAA;ACvFI,IAAM,oBAAA,GAAuB;AAQ7B,IAAM,eAAA,GAAkB,CAAC,UAAA,EAAY,SAAA,EAAW,WAAW,gBAAgB;AAC3E,IAAM,kBAAA,GAAqBA,CAAAA,CAAE,IAAA,CAAK,eAAe;AASjD,IAAM,WAAA,GAAc,CAAC,cAAA,EAAgB,MAAA,EAAQ,WAAW,SAAS;AACjE,IAAM,eAAA,GAAkBA,CAAAA,CAAE,IAAA,CAAK,WAAW;AAG1C,IAAM,qBAAA,GAAwBA,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,aAAA,EAAe,kBAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOf,UAAA,EAAY,gBAAgB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOrC,iBAAA,EAAmBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,yBAAyB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9F,iBAAiBA,CAAAA,CACd,KAAA,CAAMA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAC,CAAA,CACpE,IAAI,gBAAA,CAAiB,sBAAsB,EAC3C,QAAA,EAAS;AAAA;AAAA,EAGZ,YAAA,EAAcA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGpF,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO9E,QAAA,EAAUA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,uBAAuB,CAAA,CAAE,QAAA;AAC5E,CAAC,EACA,MAAA;AC1DI,IAAM,wBAAA,GAA2B;AAQjC,IAAM,mBAAA,GAAsB;AAAA,EACjC,WAAA;AAAA,EACA,eAAA;AAAA,EACA,SAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF;AACO,IAAM,sBAAA,GAAyBA,CAAAA,CAAE,IAAA,CAAK,mBAAmB;AAGzD,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGpE,iBAAA,EAAmB,sBAAA;AAAA;AAAA,EAGnB,SAAA,EAAWA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,iBAAiB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG9E,OAAA,EAASA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,gBAAgB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG3E,UAAA,EAAY,wBAAwB,QAAA,EAAS;AAAA;AAAA,EAG7C,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGjF,eAAA,EAAiB,sBAAsB,QAAA,EAAS;AAAA;AAAA,EAGhD,YAAA,EAAc,mBAAmB,QAAA;AACnC,CAAC,EACA,MAAA;ACrDI,IAAM,wBAAA,GAA2B;AAYjC,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,SAAA,EAAWA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGpE,MAAA,EAAQA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,sBAAsB,CAAA;AAAA;AAAA,EAGrE,SAAA,EAAW;AACb,CAAC,EACA,MAAA;AAUI,IAAM,eAAA,GAAkBA,EAC5B,MAAA,CAAO;AAAA;AAAA,EAEN,KAAA,EAAOA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA;AAAA;AAAA,EAGhE,KAAA,EAAOA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA;AAAA;AAAA,EAGpC,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,oBAAoB;AACtE,CAAC,EACA,MAAA;AAQI,IAAM,yBAAA,GAA4BA,EACtC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA;AAAA;AAAA,EAGvE,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,kBAAkB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhF,UAAA,EAAY,mBAAmB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,oBAAA,EAAsB,mBAAmB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOlD,mBAAA,EAAqBA,CAAAA,CAClB,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,2BAA2B,CAAA,CAChD,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,aAAA,EAAeA,EACZ,KAAA,CAAM,kBAAkB,EACxB,GAAA,CAAI,gBAAA,CAAiB,oBAAoB,CAAA,CACzC,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAMZ,IAAA,EAAM,gBAAgB,QAAA;AACxB,CAAC,EACA,MAAA;ACvGI,IAAM,yBAAA,GAA4B;AAQlC,IAAM,sBAAA,GAAyB;AAAA,EACpC,aAAA;AAAA,EACA,uBAAA;AAAA,EACA,sBAAA;AAAA,EACA,YAAA;AAAA,EACA;AACF;AACO,IAAM,yBAAA,GAA4BA,CAAAA,CAAE,IAAA,CAAK,sBAAsB;AAG/D,IAAM,0BAAA,GAA6BA,EACvC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA,EAKN,WAAA,EAAaA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,mBAAmB,CAAA;AAAA;AAAA,EAGvE,YAAA,EAAc,qBAAqB,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA,EAM5C,eAAA,EAAiBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,uBAAuB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG1F,gBAAA,EAAkBA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAG5F,qBAAA,EAAuB,0BAA0B,QAAA,EAAS;AAAA;AAAA,EAG1D,cAAA,EAAgB,mBAAmB,QAAA;AACrC,CAAC,EACA,MAAA;ACzCI,IAAM,qBAAA,GAAwB;AASrC,IAAM,6BAAA,GAAgCA,CAAAA,CACnC,MAAA,EAAO,CACP,GAAA,CAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAC7C,KAAA,CAAM,qBAAqB,wCAAwC,CAAA;AAKtE,SAAS,eAAe,KAAA,EAA0B;AAChD,EAAA,OAAO,IAAI,GAAA,CAAI,KAAK,CAAA,CAAE,SAAS,KAAA,CAAM,MAAA;AACvC;AAEO,IAAM,sBAAA,GAAyBA,EACnC,MAAA,CAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQN,mBAAmBA,CAAAA,CAChB,KAAA,CAAM,6BAA6B,CAAA,CACnC,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,gBAAA,CAAiB,wBAAwB,CAAA,CAC7C,MAAA,CAAO,gBAAgB,EAAE,OAAA,EAAS,+CAA+C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMpF,aAAA,EAAeA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,gBAAA,CAAiB,qBAAqB,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGtF,kBAAA,EAAoBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAGzC,iBAAA,EAAmBA,CAAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOxC,qBAAqBA,CAAAA,CAClB,KAAA,CAAM,6BAA6B,CAAA,CACnC,IAAI,gBAAA,CAAiB,0BAA0B,CAAA,CAC/C,MAAA,CAAO,gBAAgB,EAAE,OAAA,EAAS,+CAAA,EAAiD,EACnF,QAAA,EAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOZ,oBAAA,EAAsBA,CAAAA,CACnB,MAAA,EAAO,CACP,IAAI,CAAC,CAAA,CACL,GAAA,CAAI,wBAAwB,CAAA,CAC5B,KAAA,CAAM,mBAAA,EAAqB,oCAAoC,EAC/D,QAAA;AACL,CAAC,EACA,MAAA;;;AC3CH,SAAS,YAAA,CACP,UAAA,EACA,GAAA,EACA,MAAA,EACe;AACf,EAAA,IAAI,UAAA,KAAe,QAAW,OAAO,MAAA;AACrC,EAAA,IAAI,CAAC,OAAO,SAAA,CAAU,cAAA,CAAe,KAAK,UAAA,EAAY,GAAG,GAAG,OAAO,MAAA;AAEnE,EAAA,MAAM,KAAA,GAAQ,WAAW,GAAG,CAAA;AAC5B,EAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,KAAK,CAAA;AAErC,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,MAAA,CAAO,IAAA;AAAA,EAChB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,EAAA,MAAM,UAAU,gBAAA,CAAiB,GAAA,EAAK,UAAA,EAAY,IAAA,IAAQ,EAAE,CAAA;AAE5D,EAAA,MAAM,eAAA,CAAgB,WAAA,CAAY,kBAAA,EAAoB,YAAA,EAAc,SAAS,KAAA,EAAO;AAAA,IAClF,WAAA,EAAa,GAAA;AAAA,IACb,OAAA;AAAA,IACA,WAAA,EAAa,WAAW,GAAG,CAAA,sBAAA,CAAA;AAAA,IAC3B,OAAA,EAAS;AAAA,MACP,OAAA,EAAS,YAAY,OAAA,IAAW,yBAAA;AAAA,MAChC,MAAA,EAAQ,OAAO,KAAA,CAAM;AAAA;AACvB,GACD,CAAA;AACH;AAOO,SAAS,qBACd,UAAA,EAC+B;AAC/B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,sBAAA,EAAwB,uBAAuB,CAAA;AACjF;AAGO,SAAS,mBACd,UAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,oBAAA,EAAsB,qBAAqB,CAAA;AAC7E;AAGO,SAAS,sBACd,UAAA,EACgC;AAChC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,uBAAA,EAAyB,wBAAwB,CAAA;AACnF;AAGO,SAAS,qBACd,UAAA,EAC+B;AAC/B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,sBAAA,EAAwB,uBAAuB,CAAA;AACjF;AAGO,SAAS,wBACd,UAAA,EACkC;AAClC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,yBAAA,EAA2B,0BAA0B,CAAA;AACvF;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;AAGO,SAAS,mBACd,UAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,oBAAA,EAAsB,qBAAqB,CAAA;AAC7E;AAGO,SAAS,uBACd,UAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,wBAAA,EAA0B,yBAAyB,CAAA;AACrF;AAGO,SAAS,uBACd,UAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,wBAAA,EAA0B,yBAAyB,CAAA;AACrF;AAGO,SAAS,wBACd,UAAA,EACkC;AAClC,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,yBAAA,EAA2B,0BAA0B,CAAA;AACvF;AAGO,SAAS,oBACd,UAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,UAAA,EAAY,qBAAA,EAAuB,sBAAsB,CAAA;AAC/E;;;ACzIO,IAAM,oBAAA,uBAA2B,GAAA,EAA0B;AAClE,oBAAA,CAAqB,GAAA,CAAI,wBAAwB,uBAAuB,CAAA;AACxE,oBAAA,CAAqB,GAAA,CAAI,sBAAsB,qBAAqB,CAAA;AACpE,oBAAA,CAAqB,GAAA,CAAI,yBAAyB,wBAAwB,CAAA;AAC1E,oBAAA,CAAqB,GAAA,CAAI,wBAAwB,uBAAuB,CAAA;AACxE,oBAAA,CAAqB,GAAA,CAAI,2BAA2B,0BAA0B,CAAA;AAC9E,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;AACtE,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;AACtE,oBAAA,CAAqB,GAAA,CAAI,sBAAsB,qBAAqB,CAAA;AACpE,oBAAA,CAAqB,GAAA,CAAI,0BAA0B,yBAAyB,CAAA;AAC5E,oBAAA,CAAqB,GAAA,CAAI,0BAA0B,yBAAyB,CAAA;AAC5E,oBAAA,CAAqB,GAAA,CAAI,2BAA2B,0BAA0B,CAAA;AAC9E,oBAAA,CAAqB,GAAA,CAAI,uBAAuB,sBAAsB,CAAA;;;ACKtE,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY;AASpC,SAAS,mBAAmB,KAAA,EAAwB;AAClD,EAAA,IAAI;AACF,IAAA,OAAO,YAAY,MAAA,CAAO,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA,CAAE,UAAA;AAAA,EACnD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,QAAA;AAAA,EACT;AACF;AAWA,IAAM,oBAAA,GAAuB,EAAA;AA2B7B,SAAS,yBAAA,CAA0B,KAAA,EAAgB,KAAA,EAAe,IAAA,EAAgC;AAEhG,EAAA,IAAI,KAAA,GAAQ,sBAAsB,OAAO,KAAA;AAGzC,EAAA,IAAI,KAAA,KAAU,MAAM,OAAO,IAAA;AAC3B,EAAA,MAAM,IAAI,OAAO,KAAA;AACjB,EAAA,IAAI,CAAA,KAAM,QAAA,IAAY,CAAA,KAAM,SAAA,EAAW,OAAO,IAAA;AAC9C,EAAA,IAAI,CAAA,KAAM,QAAA,EAAU,OAAO,MAAA,CAAO,SAAS,KAAe,CAAA;AAC1D,EAAA,IAAI,CAAA,KAAM,cAAc,CAAA,KAAM,QAAA,IAAY,MAAM,QAAA,IAAY,CAAA,KAAM,aAAa,OAAO,KAAA;AAGtF,EAAA,IAAI,CAAA,KAAM,UAAU,OAAO,KAAA;AAC3B,EAAA,MAAM,GAAA,GAAM,KAAA;AASZ,EAAA,IAAI,IAAA,CAAK,GAAA,CAAI,GAAG,CAAA,EAAG,OAAO,KAAA;AAC1B,EAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AAGZ,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,MAAA,IAAI,CAAC,0BAA0B,GAAA,CAAI,CAAC,GAAG,KAAA,GAAQ,CAAA,EAAG,IAAI,CAAA,EAAG,OAAO,KAAA;AAAA,IAClE;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAGA,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,cAAA,CAAe,GAAG,CAAA;AACvC,EAAA,IAAI,KAAA,KAAU,MAAA,CAAO,SAAA,IAAa,KAAA,KAAU,MAAM,OAAO,KAAA;AACzD,EAAA,IAAI,OAAQ,GAAA,CAAgC,MAAA,KAAW,UAAA,EAAY,OAAO,KAAA;AAG1E,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAA;AAC5B,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,CAAC,0BAA2B,GAAA,CAAgC,GAAG,GAAG,KAAA,GAAQ,CAAA,EAAG,IAAI,CAAA,EAAG;AACtF,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAWA,SAAS,iBAAiB,KAAA,EAAyB;AACjD,EAAA,OAAO,yBAAA,CAA0B,KAAA,EAAO,CAAA,kBAAG,IAAI,SAAS,CAAA;AAC1D;AAkBO,SAAS,uBAAA,CACd,YACA,GAAA,EACM;AACN,EAAA,IAAI,eAAe,MAAA,EAAW;AAE9B,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AAEnC,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AAEtB,IAAA,IAAI,CAAC,mBAAA,CAAoB,GAAG,CAAA,EAAG;AAC7B,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAAS,WAAA,CAAY,uBAAA;AAAA,QACrB,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,CAAC,gBAAA,CAAiB,UAAA,CAAW,GAAG,CAAC,CAAA,EAAG;AACtC,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAASI,aAAA,CAAmB,0BAAA;AAAA,QAC5B,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AACD,MAAA;AAAA,IACF;AAGA,IAAA,MAAM,MAAA,GAAS,oBAAA,CAAqB,GAAA,CAAI,GAAG,CAAA;AAC3C,IAAA,IAAI,WAAW,MAAA,EAAW;AACxB,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,CAAU,UAAA,CAAW,GAAG,CAAC,CAAA;AAC/C,MAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,QAAA,MAAM,UAAA,GAAa,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,CAAC,CAAA;AACxC,QAAA,MAAM,SAAA,GAA2B,UAAA,EAAY,IAAA,IAAQ,EAAC;AACtD,QAAA,GAAA,CAAI,QAAA,CAAS;AAAA,UACX,IAAA,EAAM,QAAA;AAAA,UACN,OAAA,EAAS,YAAY,OAAA,IAAW,yBAAA;AAAA,UAChC,IAAA,EAAM,CAAC,YAAA,EAAc,GAAA,EAAK,GAAG,SAAS;AAAA,SACvC,CAAA;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,mBAAmB,UAAU,CAAA;AAChD,EAAA,IAAI,UAAA,GAAaC,iBAAiB,aAAA,EAAe;AAC/C,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,SAASD,aAAA,CAAmB,yBAAA;AAAA,MAC5B,IAAA,EAAM,CAAC,YAAY;AAAA,KACpB,CAAA;AACD,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,MAAM,UAAA,GAAa,kBAAA,CAAmB,UAAA,CAAW,GAAG,CAAC,CAAA;AACrD,IAAA,IAAI,UAAA,GAAaC,iBAAiB,aAAA,EAAe;AAC/C,MAAA,GAAA,CAAI,QAAA,CAAS;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,SAASD,aAAA,CAAmB,yBAAA;AAAA,QAC5B,IAAA,EAAM,CAAC,YAAA,EAAc,GAAG;AAAA,OACzB,CAAA;AAAA,IACH;AAAA,EACF;AACF;;;AC3MA,SAAS,kBAAkB,GAAA,EAAiC;AAC1D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACnC,IAAA,IAAI,IAAI,CAAC,CAAA,IAAK,IAAI,CAAA,GAAI,CAAC,GAAG,OAAO,KAAA;AAAA,EACnC;AACA,EAAA,OAAO,IAAA;AACT;AAqBO,SAAS,eAAe,GAAA,EAAsB;AACnD,EAAA,IAAI,OAAO,QAAQ,QAAA,IAAY,GAAA,CAAI,WAAW,CAAA,IAAK,GAAA,CAAI,MAAA,GAAS,aAAA,CAAc,SAAA,EAAW;AACvF,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAI1B,IAAA,OAAO,yBAAA,CAA0B,KAAK,GAAG,CAAA;AAAA,EAC3C;AAGA,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,GAAG,CAAA;AAGvB,IAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,EAAU,OAAO,KAAA;AAGtC,IAAA,IAAI,CAAC,GAAA,CAAI,QAAA,EAAU,OAAO,KAAA;AAG1B,IAAA,IAAI,IAAI,QAAA,KAAa,EAAA,IAAM,GAAA,CAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAMvD,IAAA,MAAM,SAAS,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK,IAAI,IAAI,CAAA,CAAA;AAC3C,IAAA,OAAO,GAAA,KAAQ,MAAA;AAAA,EACjB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAOA,IAAM,eAAA,GAAkB,yBAAA;AAajB,SAAS,mBAAmB,KAAA,EAAwB;AACzD,EAAA,IAAI,MAAM,MAAA,KAAW,CAAA,IAAK,MAAM,MAAA,GAAS,YAAA,CAAa,WAAW,OAAO,KAAA;AAGxE,EAAA,IAAI,eAAA,CAAgB,IAAA,CAAK,KAAK,CAAA,EAAG,OAAO,IAAA;AAGxC,EAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,QAAA,IAAY,GAAG,OAAO,KAAA;AAE1B,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,KAAA,CAAM,QAAA,GAAW,CAAC,CAAA;AAGxC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,GAAG,GAAG,OAAO,KAAA;AAGlC,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAGjC,EAAA,IAAI,CAAC,6BAAA,CAA8B,IAAA,CAAK,MAAM,GAAG,OAAO,KAAA;AAKxD,EAAA,IAAI,CAAC,8BAAA,CAA+B,IAAA,CAAK,OAAO,GAAG,OAAO,KAAA;AAE1D,EAAA,OAAO,IAAA;AACT;AAOA,IAAM,gBAAA,GAA8C;AAAA,EAClD,QAAA;AAAA,EACA,aAAA;AAAA,EACA,UAAA;AAAA,EACA,YAAA;AAAA,EACA,SAAA;AAAA,EACA,UAAA;AAAA,EACA,SAAA;AAAA,EACA,YAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF,CAAA;AAEO,IAAM,uBAAuBJ,CAAAA,CAAE,IAAA;AAAA,EACpC;AACF;AAMO,IAAM,aAAA,GAAgBA,CAAAA,CAC1B,KAAA,CAAM,oBAAoB,CAAA,CAC1B,GAAA,CAAI,CAAC,CAAA,CACL,WAAA,CAAY,CAAC,GAAA,EAAK,GAAA,KAAQ;AACzB,EAAA,IAAI,CAAC,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAC3B,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AACF,CAAC;AAMI,IAAM,mBAAmBA,CAAAA,CAAE,IAAA,CAAK,CAAC,UAAA,EAAY,WAAW,CAAC;AAMzD,IAAM,iBAAA,GAAoBA,EAAE,MAAA,EAAO,CAAE,IAAI,YAAA,CAAa,SAAS,CAAA,CAAE,MAAA,CAAO,kBAAA,EAAoB;AAAA,EACjG,OAAA,EAAS;AACX,CAAC;AAMM,IAAM,kBAAA,GAAqBA,EAAE,MAAA,EAAO,CAAE,IAAI,aAAA,CAAc,SAAS,CAAA,CAAE,MAAA,CAAO,cAAA,EAAgB;AAAA,EAC/F,OAAA,EAAS;AACX,CAAC;AAMM,IAAM,iBAAA,GAAoBA,EAAE,MAAA,CAAO;AAAA;AAAA,EAExC,QAAQA,CAAAA,CAAE,MAAA,GAAS,KAAA,CAAMM,IAAAA,CAAK,SAAS,0CAA0C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMjF,KAAKN,CAAAA,CACF,MAAA,GACA,GAAA,CAAI,YAAA,CAAa,YAAY,CAAA,CAC7B,GAAA,GACA,MAAA,CAAO,CAAC,MAAM,CAAA,CAAE,UAAA,CAAW,UAAU,CAAA,EAAG,oCAAoC,EAC5E,QAAA,EAAS;AAAA;AAAA,EAEZ,OAAA,EAASA,EAAE,MAAA,EAAO,CAAE,IAAI,YAAA,CAAa,gBAAgB,EAAE,QAAA;AACzD,CAAC;AAQM,IAAM,kBAAA,GAAqBA,EAC/B,MAAA,CAAO;AAAA;AAAA,EAEN,YAAA,EAAcA,CAAAA,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA;AAAA,EAE7B,IAAA,EAAM,gBAAA;AAAA;AAAA,EAEN,IAAA,EAAM,iBAAA;AAAA;AAAA,EAEN,GAAA,EAAK,kBAAA;AAAA;AAAA,EAEL,GAAA,EAAKA,CAAAA,CAAE,MAAA,EAAO,CAAE,GAAA,EAAI;AAAA;AAAA,EAEpB,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,KAAKA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,IAAI,EAAE,QAAA,EAAS;AAAA;AAAA,EAEnC,OAAA,EAAS,cAAc,QAAA,EAAS;AAAA;AAAA,EAEhC,KAAA,EAAO,mBAAmB,QAAA,EAAS;AAAA;AAAA,EAEnC,MAAA,EAAQ,kBAAkB,QAAA,EAAS;AAAA;AAAA,EAEnC,cAAA,EAAgB,iCAAiC,QAAA,EAAS;AAAA;AAAA,EAE1D,WAAA,EAAaA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,CAAS,EAAE,MAAA,EAAQ,IAAA,EAAM,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAE5D,kBAAkBA,CAAAA,CAAE,MAAA,GAAS,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS;AAAA;AAAA,EAE/C,UAAA,EAAYA,CAAAA,CAAE,MAAA,CAAOA,CAAAA,CAAE,MAAA,IAAUA,CAAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAChD,CAAC,CAAA,CACA,WAAA,CAAY,CAAC,IAAA,EAAM,GAAA,KAAQ;AAE1B,EAAA,IAAI,IAAA,CAAK,IAAA,KAAS,WAAA,IAAe,IAAA,CAAK,gBAAgB,MAAA,EAAW;AAC/D,IAAA,GAAA,CAAI,QAAA,CAAS;AAAA,MACX,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AAEA,EAAA,uBAAA,CAAwB,IAAA,CAAK,YAAY,GAAG,CAAA;AAC9C,CAAC,EACA,MAAA;AAwBI,SAAS,mBAAA,CACd,UAAA,EACA,GAAA,EACA,GAAA,EACA,YAAoB,6BAAA,EACyB;AAC7C,EAAA,IAAI,UAAA,KAAe,QAAW,OAAO,IAAA;AAErC,EAAA,MAAM,EAAA,GAAK,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA,GAAI,GAAA;AACpC,EAAA,IAAI,KAAA,CAAM,EAAE,CAAA,EAAG,OAAO,IAAA;AAEtB,EAAA,IAAI,EAAA,GAAK,GAAA,GAAM,SAAA,EAAW,OAAO,cAAA;AAEjC,EAAA,IAAI,KAAK,GAAA,EAAK;AACZ,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,kBAAA;AAAA,MACN,OAAA,EAAS,0BAAA;AAAA,MACT,OAAA,EAAS;AAAA,KACX;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;;;AC7OO,SAAS,kBAAkB,GAAA,EAAoC;AACpE,EAAA,IAAI,GAAA,KAAQ,IAAA,IAAQ,GAAA,KAAQ,MAAA,IAAa,OAAO,QAAQ,QAAA,IAAY,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtF,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,MAAM,MAAA,GAAS,GAAA;AACf,EAAA,IAAI,MAAA,CAAO,YAAA,KAAiB,KAAA,EAAO,OAAO,KAAA;AAC1C,EAAA,IAAI,cAAA,IAAkB,QAAQ,OAAO,IAAA;AACrC,EAAA,OAAO,KAAA;AACT;AAYA,SAAS,sBAAsB,GAAA,EAA0D;AACvF,EAAA,IAAI,KAAA,IAAS,GAAA,IAAO,KAAA,IAAS,GAAA,IAAO,aAAa,GAAA,EAAK;AACpD,IAAA,OAAO,UAAA;AAAA,EACT;AACA,EAAA,OAAO,aAAA;AACT;AAqBO,SAAS,kBAAA,CAAmB,OAAgB,IAAA,EAAgD;AAEjG,EAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,IAAa,OAAO,UAAU,QAAA,IAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC9F,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,uBAAA;AAAA,QACN,OAAA,EAAS;AAAA;AACX,KACF;AAAA,EACF;AAEA,EAAA,MAAM,GAAA,GAAM,KAAA;AAGZ,EAAA,MAAM,WAAA,GACJ,IAAA,EAAM,WAAA,KAAgB,KAAA,IAAS,IAAA,EAAM,gBAAgB,KAAA,GACjD,IAAA,CAAK,WAAA,GACL,iBAAA,CAAkB,GAAG,CAAA;AAE3B,EAAA,IAAI,gBAAgB,IAAA,EAAM;AACxB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,4BAAA;AAAA,QACN,SAAS,CAAA,0CAAA,EAA6C,IAAA,CAAK,UAAU,GAAA,CAAI,cAAc,CAAC,CAAC,CAAA;AAAA;AAC3F,KACF;AAAA,EACF;AAKA,EAAA,IAAI,gBAAgB,KAAA,EAAO;AACzB,IAAA,MAAMO,OAAAA,GAAS,kBAAA,CAAmB,SAAA,CAAU,GAAG,CAAA;AAC/C,IAAA,IAAI,CAACA,QAAO,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO;AAAA,UACL,IAAA,EAAM,kBAAA;AAAA,UACN,OAAA,EAAS,CAAA,oCAAA,EAAuCA,OAAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,UACpG,MAAA,EAAQA,QAAO,KAAA,CAAM;AAAA;AACvB,OACF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,OAAA,EAAS,SAAA;AAAA,MACT,WAAA,EAAa,KAAA;AAAA,MACb,UAAU,EAAC;AAAA,MACX,QAAQA,OAAAA,CAAO;AAAA,KACjB;AAAA,EACF;AAKA,EAAA,MAAM,OAAA,GAAU,sBAAsB,GAAG,CAAA;AAEzC,EAAA,IAAI,YAAY,UAAA,EAAY;AAC1B,IAAA,MAAMA,OAAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,GAAG,CAAA;AAChD,IAAA,IAAI,CAACA,QAAO,OAAA,EAAS;AACnB,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA,EAAO;AAAA,UACL,IAAA,EAAM,0BAAA;AAAA,UACN,OAAA,EAAS,CAAA,oCAAA,EAAuCA,OAAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,UACpG,MAAA,EAAQA,QAAO,KAAA,CAAM;AAAA;AACvB,OACF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,IAAA;AAAA,MACJ,OAAA,EAAS,UAAA;AAAA,MACT,WAAA,EAAa,KAAA;AAAA,MACb,UAAU,EAAC;AAAA,MACX,QAAQA,OAAAA,CAAO;AAAA,KACjB;AAAA,EACF;AAGA,EAAA,MAAM,MAAA,GAAS,8BAAA,CAA+B,SAAA,CAAU,GAAG,CAAA;AAC3D,EAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO;AAAA,MACL,EAAA,EAAI,KAAA;AAAA,MACJ,KAAA,EAAO;AAAA,QACL,IAAA,EAAM,6BAAA;AAAA,QACN,OAAA,EAAS,CAAA,uCAAA,EAA0C,MAAA,CAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,QACvG,MAAA,EAAQ,OAAO,KAAA,CAAM;AAAA;AACvB,KACF;AAAA,EACF;AACA,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,IAAA;AAAA,IACJ,OAAA,EAAS,aAAA;AAAA,IACT,WAAA,EAAa,KAAA;AAAA,IACb,UAAU,EAAC;AAAA,IACX,QAAQ,MAAA,CAAO;AAAA,GACjB;AACF;;;ACrNO,IAAM,yBAAA,GAA4B;AAGlC,IAAM,yBAAA,GAA4B;AAGlC,IAAM,wBAAA,GAA2B;AAGjC,IAAM,mBAAA,GAAsB;AAG5B,IAAM,+BAAA,GAAkC;AAGxC,IAAM,gCAAA,GAAmC;AAazC,SAAS,aAAa,QAAA,EAAwD;AACnF,EAAA,OAAO,CAAC,GAAG,QAAQ,EAAE,IAAA,CAAK,CAAC,GAAG,CAAA,KAAM;AAClC,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,KAAY,MAAA;AAC9B,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,KAAY,MAAA;AAG9B,IAAA,IAAI,CAAC,OAAA,IAAW,OAAA,EAAS,OAAO,EAAA;AAChC,IAAA,IAAI,OAAA,IAAW,CAAC,OAAA,EAAS,OAAO,CAAA;AAGhC,IAAA,IAAI,WAAW,OAAA,EAAS;AACtB,MAAA,MAAM,GAAA,GAAO,CAAA,CAAE,OAAA,CAAmB,aAAA,CAAc,EAAE,OAAiB,CAAA;AACnE,MAAA,IAAI,GAAA,KAAQ,GAAG,OAAO,GAAA;AAAA,IACxB;AAGA,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,aAAA,CAAc,CAAA,CAAE,IAAI,CAAA;AAAA,EACpC,CAAC,CAAA;AACH;AC7CO,IAAM,2BAAgD,IAAI,GAAA;AAAA,EAC/D,aAAA,CAAc,GAAA,CAAI,CAAC,KAAA,KAAU,MAAM,EAAE;AACvC;AAcO,IAAM,kCAAuD,IAAI,GAAA;AAAA,EACtE,gBAAA,CAAiB,GAAA,CAAI,CAAC,KAAA,KAAU,MAAM,EAAE;AAC1C;;;ACfO,SAAS,mBAAA,CACd,eACA,WAAA,EACuB;AACvB,EAAA,OAAO,aAAA,KAAkB,cAAc,UAAA,GAAa,QAAA;AACtD;ACbO,IAAM,kBAAA,GAAqB;AAAA,EAChC,gBAAA;AAAA,EACA,YAAA;AAAA,EACA,wBAAA;AAAA,EACA;AACF;AAOO,IAAM,qBAAA,GAAwBP,EAClC,MAAA,CAAO;AAAA;AAAA,EAEN,GAAA,EAAKA,EAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,GAAG,CAAA;AAAA;AAAA,EAE9B,UAAA,EAAYA,CAAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAEhC,MAAA,EAAQA,CAAAA,CAAE,IAAA,CAAK,kBAAkB,EAAE,QAAA;AACrC,CAAC,EACA,MAAA;AASI,IAAM,yBAAyBA,CAAAA,CAAE,KAAA,CAAM,qBAAqB,CAAA,CAAE,IAAI,GAAG;AAMrE,SAAS,oBACd,IAAA,EAC6E;AAC7E,EAAA,MAAM,MAAA,GAAS,sBAAA,CAAuB,SAAA,CAAU,IAAI,CAAA;AACpD,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,KAAA,EAAO,OAAO,IAAA,EAAK;AAAA,EACxC;AACA,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,OAAO,KAAA,CAAM,MAAA,CAAO,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA,EAAE;AAClF;AAMO,SAAS,cAAA,CACd,aACA,GAAA,EAC8B;AAC9B,EAAA,OAAO,YAAY,IAAA,CAAK,CAAC,UAAU,KAAA,CAAM,GAAA,KAAQ,GAAG,CAAA,IAAK,IAAA;AAC3D","file":"index.mjs","sourcesContent":["/**\n * PEAC Structured Error Model\n *\n * Standardized error responses for protocol failures.\n * See docs/specs/ERRORS.md for complete error registry.\n */\n\n// Import the generated categories from kernel (single source of truth: specs/kernel/errors.json)\n// Namespace import avoids tsup tree-shaking false positive in multi-entry builds\n// where ERROR_CATEGORIES appears unused in entry points that don't reference it.\nimport * as kernel from '@peac/kernel';\nimport type { ErrorCategory } from '@peac/kernel';\nexport type { ErrorCategory };\n\n/**\n * @deprecated Use ERROR_CATEGORIES from @peac/kernel instead.\n * Re-exported for backwards compatibility.\n */\nexport const ERROR_CATEGORIES_CANONICAL = kernel.ERROR_CATEGORIES;\n\n/**\n * Error severity\n */\nexport type ErrorSeverity = 'error' | 'warning';\n\n/**\n * Structured PEAC error\n *\n * Provides machine-readable error information with:\n * - Stable error codes\n * - Category classification\n * - Retryability hints\n * - Remediation guidance\n */\nexport interface PEACError {\n /**\n * Error code\n *\n * Stable identifier for this error type.\n * See docs/specs/ERRORS.md for registry.\n *\n * Examples:\n * - \"E_CONTROL_REQUIRED\"\n * - \"E_INVALID_SIGNATURE\"\n * - \"E_SSRF_BLOCKED\"\n * - \"E_DPOP_REPLAY\"\n */\n code: string;\n\n /**\n * Error category\n *\n * Broad classification for programmatic handling.\n */\n category: ErrorCategory;\n\n /**\n * Error severity\n *\n * - \"error\": Operation failed, cannot proceed\n * - \"warning\": Operation succeeded but with caveats\n */\n severity: ErrorSeverity;\n\n /**\n * Whether the operation is retryable\n *\n * - true: Client should retry (network, rate limit, transient)\n * - false: Client should not retry (validation, security, permanent)\n */\n retryable: boolean;\n\n /**\n * Suggested HTTP status code\n *\n * Maps error to appropriate HTTP response code.\n * Examples:\n * - 400: Validation errors\n * - 401: Verification failures (signature, attestation temporal)\n * - 403: Control denials (authorization)\n * - 502: Infrastructure failures (JWKS fetch, etc.)\n */\n http_status?: number;\n\n /**\n * JSON Pointer (RFC 6901) to problematic field\n *\n * Identifies the specific field that caused the error.\n * Examples:\n * - \"/auth/control\" - Missing control block\n * - \"/evidence/payment/amount\" - Invalid amount\n * - \"/auth/control/chain/0/result\" - Invalid result value\n */\n pointer?: string;\n\n /**\n * Human-readable remediation guidance\n *\n * Short hint for fixing the error.\n * Examples:\n * - \"Add control{} block when payment{} is present\"\n * - \"Ensure JWS signature is valid\"\n * - \"Retry after 60 seconds\"\n */\n remediation?: string;\n\n /**\n * Implementation-specific error details\n *\n * Additional context for debugging.\n * Structure varies by error code.\n */\n details?: unknown;\n}\n\n/**\n * Error code registry\n *\n * Well-known error codes. See docs/specs/ERRORS.md for complete list.\n */\nexport const ERROR_CODES = {\n // Validation errors (400)\n E_CONTROL_REQUIRED: 'E_CONTROL_REQUIRED',\n E_INVALID_ENVELOPE: 'E_INVALID_ENVELOPE',\n E_INVALID_CONTROL_CHAIN: 'E_INVALID_CONTROL_CHAIN',\n E_INVALID_PAYMENT: 'E_INVALID_PAYMENT',\n E_INVALID_POLICY_HASH: 'E_INVALID_POLICY_HASH',\n E_EXPIRED_RECEIPT: 'E_EXPIRED_RECEIPT',\n E_EVIDENCE_NOT_JSON: 'E_EVIDENCE_NOT_JSON',\n\n // Verification errors (401)\n E_INVALID_SIGNATURE: 'E_INVALID_SIGNATURE',\n E_SSRF_BLOCKED: 'E_SSRF_BLOCKED',\n E_DPOP_REPLAY: 'E_DPOP_REPLAY',\n E_DPOP_INVALID: 'E_DPOP_INVALID',\n\n // Control errors (403)\n E_CONTROL_DENIED: 'E_CONTROL_DENIED',\n\n // Infrastructure errors (502/503)\n E_JWKS_FETCH_FAILED: 'E_JWKS_FETCH_FAILED',\n E_POLICY_FETCH_FAILED: 'E_POLICY_FETCH_FAILED',\n E_NETWORK_ERROR: 'E_NETWORK_ERROR',\n\n // Workflow errors (400)\n E_WORKFLOW_CONTEXT_INVALID: 'E_WORKFLOW_CONTEXT_INVALID',\n E_WORKFLOW_DAG_INVALID: 'E_WORKFLOW_DAG_INVALID',\n E_WORKFLOW_LIMIT_EXCEEDED: 'E_WORKFLOW_LIMIT_EXCEEDED',\n E_WORKFLOW_ID_INVALID: 'E_WORKFLOW_ID_INVALID',\n E_WORKFLOW_STEP_ID_INVALID: 'E_WORKFLOW_STEP_ID_INVALID',\n E_WORKFLOW_PARENT_NOT_FOUND: 'E_WORKFLOW_PARENT_NOT_FOUND',\n E_WORKFLOW_SUMMARY_INVALID: 'E_WORKFLOW_SUMMARY_INVALID',\n E_WORKFLOW_CYCLE_DETECTED: 'E_WORKFLOW_CYCLE_DETECTED',\n\n // Constraint errors (400)\n E_CONSTRAINT_VIOLATION: 'E_CONSTRAINT_VIOLATION',\n\n // Wire 0.2 extension errors (400/)\n E_INVALID_EXTENSION_KEY: 'E_INVALID_EXTENSION_KEY',\n} as const;\n\n/**\n * Error code type\n */\nexport type ErrorCode = (typeof ERROR_CODES)[keyof typeof ERROR_CODES];\n\n/**\n * Helper to create a structured error\n */\nexport function createPEACError(\n code: ErrorCode,\n category: ErrorCategory,\n severity: ErrorSeverity,\n retryable: boolean,\n options?: {\n http_status?: number;\n pointer?: string;\n remediation?: string;\n details?: unknown;\n }\n): PEACError {\n return {\n code,\n category,\n severity,\n retryable,\n ...options,\n };\n}\n\n/**\n * Create an evidence validation error\n *\n * Used when evidence contains non-JSON-safe values like NaN, Infinity,\n * undefined, Date, Map, Set, BigInt, functions, or class instances.\n */\nexport function createEvidenceNotJsonError(message: string, path?: (string | number)[]): PEACError {\n return createPEACError(ERROR_CODES.E_EVIDENCE_NOT_JSON, 'validation', 'error', false, {\n http_status: 400,\n pointer: path ? '/' + path.join('/') : undefined,\n remediation:\n 'Ensure evidence contains only JSON-safe values (strings, finite numbers, booleans, null, arrays, plain objects)',\n details: { message },\n });\n}\n\n// ============================================================================\n// Workflow Error Helpers (v0.10.2+)\n// ============================================================================\n\n/**\n * Create a workflow context validation error\n *\n * Used when workflow_context does not conform to WorkflowContextSchema.\n */\nexport function createWorkflowContextInvalidError(details?: string): PEACError {\n return createPEACError(ERROR_CODES.E_WORKFLOW_CONTEXT_INVALID, 'validation', 'error', false, {\n http_status: 400,\n pointer: '/ext/org.peacprotocol~1workflow',\n remediation: 'Ensure workflow_context conforms to WorkflowContextSchema',\n details: { message: details ?? 'Invalid workflow context' },\n });\n}\n\n/**\n * Create a workflow DAG validation error\n *\n * Used when workflow DAG semantics are violated (self-parent, duplicate parents, cycle).\n */\nexport function createWorkflowDagInvalidError(\n reason: 'self_parent' | 'duplicate_parent' | 'cycle'\n): PEACError {\n const messages = {\n self_parent: 'Step cannot be its own parent',\n duplicate_parent: 'Parent step IDs must be unique',\n cycle: 'Workflow DAG contains a cycle',\n };\n return createPEACError(ERROR_CODES.E_WORKFLOW_DAG_INVALID, 'validation', 'error', false, {\n http_status: 400,\n pointer: '/ext/org.peacprotocol~1workflow/parent_step_ids',\n remediation: 'Ensure workflow forms a valid directed acyclic graph (DAG)',\n details: { reason, message: messages[reason] },\n });\n}\n\n// ============================================================================\n// Constraint Error Helpers (v0.11.0+)\n// ============================================================================\n\n/**\n * Create a kernel constraint violation error\n *\n * Used when receipt claims violate structural kernel constraints\n * (depth, array length, object keys, string length, total nodes).\n */\nexport function createConstraintViolationError(\n violations: Array<{\n constraint: string;\n actual: number;\n limit: number;\n path?: string;\n }>\n): PEACError {\n const first = violations[0];\n const summary = violations\n .map((v) => `${v.constraint} (actual: ${v.actual}, limit: ${v.limit})`)\n .join('; ');\n return createPEACError(ERROR_CODES.E_CONSTRAINT_VIOLATION, 'validation', 'error', false, {\n http_status: 400,\n pointer: first?.path,\n remediation: 'Reduce receipt claims size to stay within kernel constraints',\n details: { message: `Kernel constraint violated: ${summary}`, violations },\n });\n}\n","/**\n * Schema Normalization\n *\n * Functions to normalize receipt claims to a canonical form for comparison.\n * Produces byte-identical JCS output regardless of how the receipt was created.\n */\n\nimport type { PEACReceiptClaims, Subject } from './types.js';\nimport type { PaymentEvidence } from './evidence.js';\nimport type { ControlBlock, ControlStep } from './control.js';\nimport type { AttestationReceiptClaims } from './attestation-receipt.js';\nimport type { ParseSuccess } from './receipt-parser.js';\n\n/**\n * Normalized core claims for comparison.\n *\n * This is the minimal set of fields that represent the semantic meaning\n * of a receipt. All optional fields that are undefined are omitted.\n */\nexport interface CoreClaims {\n /** Issuer URL */\n iss: string;\n /** Audience / resource URL */\n aud: string;\n /** Receipt ID */\n rid: string;\n /** Issued at timestamp */\n iat: number;\n /** Expiry timestamp (omitted if not present) */\n exp?: number;\n /** Amount in smallest currency unit (commerce receipts) */\n amt?: number;\n /** Currency code (ISO 4217, commerce receipts) */\n cur?: string;\n /** Normalized payment evidence (commerce receipts) */\n payment?: NormalizedPayment;\n /** Subject (omitted if not present) */\n subject?: Subject;\n /** Control block (omitted if not present) */\n control?: NormalizedControl;\n}\n\n/**\n * Normalized payment evidence for comparison.\n *\n * Only includes the semantic fields, not rail-specific evidence.\n */\nexport interface NormalizedPayment {\n rail: string;\n reference: string;\n amount: number;\n currency: string;\n asset: string;\n env: 'live' | 'test';\n network?: string;\n aggregator?: string;\n routing?: 'direct' | 'callback' | 'role';\n}\n\n/**\n * Normalized control block for comparison.\n */\nexport interface NormalizedControl {\n chain: NormalizedControlStep[];\n}\n\n/**\n * Normalized control step for comparison.\n */\nexport interface NormalizedControlStep {\n engine: string;\n result: string;\n}\n\n/**\n * Normalize a payment evidence object.\n *\n * Extracts only the semantic fields, omitting rail-specific evidence\n * and optional fields that are undefined.\n */\nfunction normalizePayment(payment: PaymentEvidence): NormalizedPayment {\n const result: NormalizedPayment = {\n rail: payment.rail,\n reference: payment.reference,\n amount: payment.amount,\n currency: payment.currency,\n asset: payment.asset,\n env: payment.env,\n };\n\n // Only include optional fields if defined\n if (payment.network !== undefined) {\n result.network = payment.network;\n }\n if (payment.aggregator !== undefined) {\n result.aggregator = payment.aggregator;\n }\n if (payment.routing !== undefined) {\n result.routing = payment.routing;\n }\n\n return result;\n}\n\n/**\n * Normalize a control step.\n */\nfunction normalizeControlStep(step: ControlStep): NormalizedControlStep {\n return {\n engine: step.engine,\n result: step.result,\n };\n}\n\n/**\n * Normalize a control block.\n */\nfunction normalizeControl(control: ControlBlock): NormalizedControl {\n return {\n chain: control.chain.map(normalizeControlStep),\n };\n}\n\n/**\n * Extract core claims from a receipt for comparison.\n *\n * Supports both commerce and attestation receipts. Accepts either a\n * ParseSuccess result from parseReceiptClaims() (preferred) or bare\n * PEACReceiptClaims (backward compat).\n *\n * For attestation receipts, maps sub -> subject.uri (normative mapping\n * per PEAC attestation profile -- sub is a URI identifying the\n * interaction target).\n *\n * The output:\n * - Contains only semantically meaningful fields\n * - Omits undefined optional fields (not null, not empty string)\n * - Uses consistent field ordering (JCS handles this)\n * - Strips rail-specific evidence details\n *\n * @param input - Parsed receipt result or bare commerce claims\n * @returns Normalized core claims\n *\n * @example\n * ```ts\n * import { parseReceiptClaims, toCoreClaims } from '@peac/schema';\n *\n * const parsed = parseReceiptClaims(decodedPayload);\n * if (parsed.ok) {\n * const core = toCoreClaims(parsed);\n * }\n * ```\n */\nexport function toCoreClaims(parsed: ParseSuccess): CoreClaims;\nexport function toCoreClaims(claims: PEACReceiptClaims): CoreClaims;\nexport function toCoreClaims(input: ParseSuccess | PEACReceiptClaims): CoreClaims {\n // Detect ParseSuccess shape\n if ('ok' in input && input.ok === true && 'variant' in input) {\n const parsed = input as ParseSuccess;\n if (parsed.variant === 'commerce') {\n return commerceCoreClaims(parsed.claims as PEACReceiptClaims);\n }\n return attestationCoreClaims(parsed.claims as AttestationReceiptClaims);\n }\n // Legacy: bare PEACReceiptClaims (backward compat)\n return commerceCoreClaims(input as PEACReceiptClaims);\n}\n\nfunction commerceCoreClaims(claims: PEACReceiptClaims): CoreClaims {\n const result: CoreClaims = {\n iss: claims.iss,\n aud: claims.aud,\n rid: claims.rid,\n iat: claims.iat,\n ...(claims.amt !== undefined && { amt: claims.amt }),\n ...(claims.cur !== undefined && { cur: claims.cur }),\n ...(claims.payment !== undefined && { payment: normalizePayment(claims.payment) }),\n };\n\n if (claims.exp !== undefined) {\n result.exp = claims.exp;\n }\n\n if (claims.subject !== undefined) {\n result.subject = { uri: claims.subject.uri };\n }\n\n if (claims.ext?.control !== undefined) {\n result.control = normalizeControl(claims.ext.control);\n }\n\n return result;\n}\n\nfunction attestationCoreClaims(claims: AttestationReceiptClaims): CoreClaims {\n const result: CoreClaims = {\n iss: claims.iss,\n aud: claims.aud,\n rid: claims.rid,\n iat: claims.iat,\n };\n\n if (claims.exp !== undefined) {\n result.exp = claims.exp;\n }\n\n // sub -> subject.uri mapping: attestation profile uses sub (string)\n // as the interaction target URI, equivalent to commerce subject.uri\n if (claims.sub !== undefined) {\n result.subject = { uri: claims.sub };\n }\n\n return result;\n}\n","/**\n * PEAC Purpose Types (v0.9.24+)\n *\n * Purpose type hierarchy for forward-compatible purpose handling:\n * - PurposeToken: Wire format (string) - preserves unknown tokens\n * - CanonicalPurpose: PEAC's normative vocabulary - enforcement semantics\n * - PurposeReason: Audit spine for enforcement decisions\n *\n * @see specs/kernel/constants.json for canonical values\n */\n\n/**\n * PurposeToken - Wire format string with validation grammar\n *\n * Allows unknown tokens for forward compatibility. Any valid token\n * that matches the grammar is accepted and preserved.\n *\n * Grammar: lowercase, max 64 chars, [a-z0-9_-] + optional vendor prefix (vendor:token)\n * Hyphens allowed for interop with external systems (Cloudflare, IETF AIPREF, etc.)\n *\n * Examples: \"train\", \"search\", \"user_action\", \"user-action\", \"cf:ai_crawler\", \"cf:ai-crawler\"\n */\nexport type PurposeToken = string;\n\n/**\n * CanonicalPurpose - PEAC's normative vocabulary\n *\n * These are the only tokens PEAC enforces semantics for.\n * Matches specs/kernel/constants.json purpose.canonical_tokens.\n *\n * - train: Model training data collection\n * - search: Traditional search indexing\n * - user_action: Agent acting on user behalf (v0.9.24+)\n * - inference: Runtime inference / RAG\n * - index: Content indexing (store)\n */\nexport type CanonicalPurpose = 'train' | 'search' | 'user_action' | 'inference' | 'index';\n\n/**\n * Internal-only purpose value (never valid on wire)\n *\n * Applied when PEAC-Purpose header is missing or empty.\n * Explicit \"undeclared\" in request -> 400 Bad Request.\n */\nexport type InternalPurpose = 'undeclared';\n\n/**\n * PurposeReason - Audit spine for enforcement decisions\n *\n * Captures WHY a purpose was enforced differently than declared.\n * Matches specs/kernel/constants.json purpose.reason_values.\n */\nexport type PurposeReason =\n | 'allowed' // Purpose permitted as declared (happy path)\n | 'constrained' // Allowed with rate limits applied\n | 'denied' // Purpose rejected by policy\n | 'downgraded' // More restrictive purpose applied\n | 'undeclared_default' // No purpose declared, default applied\n | 'unknown_preserved'; // Unknown purpose token, preserved but flagged\n\n/**\n * Legacy purpose tokens from pre-v0.9.24\n *\n * These are mapped to CanonicalPurpose via mapLegacyToCanonical().\n * Retained for backward compatibility with existing ControlPurpose usage.\n */\nexport type LegacyPurpose = 'crawl' | 'ai_input' | 'ai_index';\n\n// ============================================================================\n// Validation Constants\n// ============================================================================\n\n/**\n * Grammar validation for PurposeToken\n *\n * Pattern: lowercase letter, optionally followed by alphanumeric/underscore/hyphen\n * characters that MUST end with a letter or digit (no trailing separators).\n * Optional vendor prefix separated by colon follows the same rules.\n *\n * Hyphens are allowed for interoperability with external systems (Cloudflare,\n * IETF AIPREF, etc.) that use hyphenated tokens like \"user-action\" or \"train-ai\".\n *\n * Valid: \"train\", \"user_action\", \"user-action\", \"cf:ai_crawler\", \"cf:ai-crawler\", \"a\", \"a1\"\n * Invalid: \"Train\", \"123abc\", \"\", \"-train\", \"train-\", \"train_\", \"cf:ai-\", \"cf:-ai\"\n */\nexport const PURPOSE_TOKEN_REGEX =\n /^[a-z](?:[a-z0-9_-]*[a-z0-9])?(?::[a-z](?:[a-z0-9_-]*[a-z0-9])?)?$/;\n\n/** Maximum length for a purpose token */\nexport const MAX_PURPOSE_TOKEN_LENGTH = 64;\n\n/** Maximum number of purpose tokens per request (RECOMMENDED, not MUST) */\nexport const MAX_PURPOSE_TOKENS_PER_REQUEST = 10;\n\n/** Canonical purpose tokens (from constants.json) */\nexport const CANONICAL_PURPOSES: readonly CanonicalPurpose[] = [\n 'train',\n 'search',\n 'user_action',\n 'inference',\n 'index',\n] as const;\n\n/** Purpose reason values (from constants.json) */\nexport const PURPOSE_REASONS: readonly PurposeReason[] = [\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n] as const;\n\n/** Internal-only purpose value */\nexport const INTERNAL_PURPOSE_UNDECLARED: InternalPurpose = 'undeclared';\n\n// ============================================================================\n// Validation Functions\n// ============================================================================\n\n/**\n * Check if a string is a valid PurposeToken\n *\n * Validates against the purpose token grammar:\n * - Lowercase letters, digits, underscores, hyphens\n * - Optional vendor prefix with colon\n * - Max 64 characters\n * - Must start with lowercase letter\n *\n * @param token - String to validate\n * @returns true if valid PurposeToken\n */\nexport function isValidPurposeToken(token: string): token is PurposeToken {\n if (typeof token !== 'string') return false;\n if (token.length === 0 || token.length > MAX_PURPOSE_TOKEN_LENGTH) return false;\n return PURPOSE_TOKEN_REGEX.test(token);\n}\n\n/**\n * Check if a PurposeToken is a CanonicalPurpose\n *\n * @param token - Token to check\n * @returns true if token is in canonical vocabulary\n */\nexport function isCanonicalPurpose(token: string): token is CanonicalPurpose {\n return (CANONICAL_PURPOSES as readonly string[]).includes(token);\n}\n\n/**\n * Check if a PurposeToken is a LegacyPurpose\n *\n * @param token - Token to check\n * @returns true if token is a legacy purpose\n */\nexport function isLegacyPurpose(token: string): token is LegacyPurpose {\n return token === 'crawl' || token === 'ai_input' || token === 'ai_index';\n}\n\n/**\n * Check if a string is a valid PurposeReason\n *\n * @param reason - String to check\n * @returns true if valid PurposeReason\n */\nexport function isValidPurposeReason(reason: string): reason is PurposeReason {\n return (PURPOSE_REASONS as readonly string[]).includes(reason);\n}\n\n/**\n * Check if a purpose token is the internal-only \"undeclared\" value\n *\n * Used to reject explicit \"undeclared\" on wire (400 Bad Request).\n *\n * @param token - Token to check\n * @returns true if token is \"undeclared\"\n */\nexport function isUndeclaredPurpose(token: string): boolean {\n return token === INTERNAL_PURPOSE_UNDECLARED;\n}\n\n// ============================================================================\n// Normalization Functions\n// ============================================================================\n\n/**\n * Normalize a purpose token\n *\n * Applies normalization rules:\n * - Trim whitespace\n * - Lowercase\n *\n * @param token - Raw token from header\n * @returns Normalized token\n */\nexport function normalizePurposeToken(token: string): string {\n return token.trim().toLowerCase();\n}\n\n/**\n * Parse PEAC-Purpose header value into array of tokens\n *\n * Applies parsing rules:\n * - Split on commas\n * - Trim optional whitespace (OWS) around tokens\n * - Lowercase all tokens\n * - Drop empty tokens\n * - Deduplicate\n * - Preserve input order\n *\n * @param headerValue - Raw PEAC-Purpose header value\n * @returns Array of normalized PurposeToken values\n */\nexport function parsePurposeHeader(headerValue: string): PurposeToken[] {\n if (!headerValue || typeof headerValue !== 'string') {\n return [];\n }\n\n const seen = new Set<string>();\n const tokens: PurposeToken[] = [];\n\n for (const part of headerValue.split(',')) {\n const normalized = normalizePurposeToken(part);\n if (normalized.length > 0 && !seen.has(normalized)) {\n seen.add(normalized);\n tokens.push(normalized);\n }\n }\n\n return tokens;\n}\n\n/**\n * Validate parsed purpose tokens\n *\n * Returns validation result with:\n * - valid: All tokens pass grammar validation\n * - tokens: All normalized tokens (including invalid ones)\n * - invalidTokens: Tokens that failed grammar validation\n * - undeclaredPresent: true if explicit \"undeclared\" was found (should reject)\n *\n * @param tokens - Array of parsed tokens\n * @returns Validation result\n */\nexport interface PurposeValidationResult {\n valid: boolean;\n tokens: PurposeToken[];\n invalidTokens: string[];\n undeclaredPresent: boolean;\n}\n\nexport function validatePurposeTokens(tokens: PurposeToken[]): PurposeValidationResult {\n const invalidTokens: string[] = [];\n let undeclaredPresent = false;\n\n for (const token of tokens) {\n if (isUndeclaredPurpose(token)) {\n undeclaredPresent = true;\n }\n if (!isValidPurposeToken(token)) {\n invalidTokens.push(token);\n }\n }\n\n return {\n valid: invalidTokens.length === 0 && !undeclaredPresent,\n tokens,\n invalidTokens,\n undeclaredPresent,\n };\n}\n\n/**\n * Derive known canonical purposes from declared tokens\n *\n * Filters purpose_declared to get only canonical purposes.\n * This is a helper derivation, NOT stored on wire.\n *\n * @param declared - Array of declared PurposeTokens\n * @returns Array of CanonicalPurpose tokens\n */\nexport function deriveKnownPurposes(declared: PurposeToken[]): CanonicalPurpose[] {\n return declared.filter(isCanonicalPurpose);\n}\n\n// ============================================================================\n// Legacy Mapping\n// ============================================================================\n\n/**\n * Legacy purpose to canonical mapping\n */\nconst LEGACY_TO_CANONICAL: Record<LegacyPurpose, CanonicalPurpose> = {\n crawl: 'index', // Crawl implies indexing\n ai_input: 'inference', // RAG/grounding -> inference context\n ai_index: 'index', // AI-powered indexing -> index\n};\n\n/**\n * Map legacy purpose to canonical purpose\n *\n * Used for backward compatibility with pre-v0.9.24 ControlPurpose values.\n *\n * @param legacy - Legacy purpose token\n * @returns Mapping result with canonical purpose and audit note\n */\nexport interface LegacyMappingResult {\n canonical: CanonicalPurpose;\n mapping_note: string;\n}\n\nexport function mapLegacyToCanonical(legacy: LegacyPurpose): LegacyMappingResult {\n const canonical = LEGACY_TO_CANONICAL[legacy];\n return {\n canonical,\n mapping_note: `Mapped legacy '${legacy}' to canonical '${canonical}'`,\n };\n}\n\n/**\n * Normalize any purpose token (canonical, legacy, or unknown)\n *\n * Returns the canonical form if known, otherwise preserves the token.\n *\n * @param token - Any valid PurposeToken\n * @returns Canonical purpose if mapped, otherwise original token\n */\nexport function normalizeToCanonicalOrPreserve(\n token: PurposeToken\n):\n | { purpose: CanonicalPurpose; mapped: false }\n | { purpose: PurposeToken; mapped: true; from: LegacyPurpose }\n | { purpose: PurposeToken; mapped: false; unknown: true } {\n if (isCanonicalPurpose(token)) {\n return { purpose: token, mapped: false };\n }\n if (isLegacyPurpose(token)) {\n return { purpose: LEGACY_TO_CANONICAL[token], mapped: true, from: token };\n }\n return { purpose: token, mapped: false, unknown: true };\n}\n\n// ============================================================================\n// Purpose Reason Determination (v0.9.24+)\n// ============================================================================\n\n/**\n * Decision type for purpose reason determination\n *\n * Maps to policy decisions that affect purpose enforcement.\n */\nexport type PurposeDecision = 'allowed' | 'constrained' | 'denied' | 'downgraded';\n\n/**\n * Context for determining purpose reason\n */\nexport interface PurposeReasonContext {\n /**\n * Whether purposes were declared (PEAC-Purpose header present and non-empty).\n * If false, reason will be 'undeclared_default'.\n */\n declared: boolean;\n\n /**\n * Whether any unknown (non-canonical) tokens are present in declared purposes.\n * If true and declared is true, reason will be 'unknown_preserved'.\n */\n hasUnknownTokens: boolean;\n\n /**\n * The policy decision (only used if declared and no unknown tokens).\n * Defaults to 'allowed' if not provided.\n */\n decision?: PurposeDecision;\n}\n\n/**\n * Determine the appropriate PurposeReason based on context\n *\n * This helper implements the decision logic for the audit spine:\n * 1. If no purposes declared -> 'undeclared_default'\n * 2. If unknown tokens present -> 'unknown_preserved'\n * 3. Otherwise -> maps to policy decision\n *\n * @param context - Context for determination\n * @returns The appropriate PurposeReason for the audit spine\n *\n * @example\n * ```typescript\n * // Missing PEAC-Purpose header\n * determinePurposeReason({ declared: false, hasUnknownTokens: false });\n * // => 'undeclared_default'\n *\n * // Has vendor-prefixed tokens\n * determinePurposeReason({ declared: true, hasUnknownTokens: true, decision: 'allowed' });\n * // => 'unknown_preserved'\n *\n * // All canonical tokens, allowed by policy\n * determinePurposeReason({ declared: true, hasUnknownTokens: false, decision: 'allowed' });\n * // => 'allowed'\n * ```\n */\nexport function determinePurposeReason(context: PurposeReasonContext): PurposeReason {\n // Priority 1: No purposes declared\n if (!context.declared) {\n return 'undeclared_default';\n }\n\n // Priority 2: Unknown tokens present (preserved for forward-compat)\n if (context.hasUnknownTokens) {\n return 'unknown_preserved';\n }\n\n // Priority 3: Map policy decision to reason\n const decision = context.decision ?? 'allowed';\n switch (decision) {\n case 'allowed':\n return 'allowed';\n case 'constrained':\n return 'constrained';\n case 'denied':\n return 'denied';\n case 'downgraded':\n return 'downgraded';\n default:\n return 'allowed';\n }\n}\n\n/**\n * Check if any tokens in an array are unknown (non-canonical)\n *\n * @param tokens - Array of purpose tokens\n * @returns true if any token is not a canonical purpose\n */\nexport function hasUnknownPurposeTokens(tokens: PurposeToken[]): boolean {\n return tokens.some((token) => !isCanonicalPurpose(token));\n}\n","/**\n * Normative kernel constraints for PEAC receipts.\n *\n * These limits are formalized from existing ad-hoc limits already\n * enforced in the codebase:\n * - JSON_EVIDENCE_LIMITS (json.ts): depth, array, keys, string, nodes\n * - CLOCK_SKEW_SECONDS: temporal validity tolerance\n *\n * String length is measured in code units (.length), matching the semantics\n * of assertJsonSafeIterative(). UTF-8 byte-length caps may be introduced\n * as an explicit tightening in a future version.\n *\n * Payment/rail-specific limits (x402 DoS guards) are intentionally\n * NOT included here -- they belong in the rail/adapter layer.\n */\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/**\n * Kernel constraints governing PEAC receipt structure and validation.\n * All packages MUST respect these limits.\n *\n * Provenance:\n * - MAX_NESTED_DEPTH..MAX_TOTAL_NODES: from JSON_EVIDENCE_LIMITS (json.ts)\n * - CLOCK_SKEW_SECONDS: from temporal validity\n */\nexport const KERNEL_CONSTRAINTS = {\n /** Maximum nesting depth for JSON evidence */\n MAX_NESTED_DEPTH: 32,\n /** Maximum array length in evidence */\n MAX_ARRAY_LENGTH: 10_000,\n /** Maximum object keys in a single object */\n MAX_OBJECT_KEYS: 1_000,\n /** Maximum string length in code units (JS .length). Matches assertJsonSafeIterative. */\n MAX_STRING_LENGTH: 65_536,\n /** Maximum total nodes to visit during traversal */\n MAX_TOTAL_NODES: 100_000,\n /** Temporal validity clock skew tolerance in seconds */\n CLOCK_SKEW_SECONDS: 60,\n} as const;\n\nexport type KernelConstraintKey = keyof typeof KERNEL_CONSTRAINTS;\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport interface ConstraintViolation {\n constraint: KernelConstraintKey;\n actual: number;\n limit: number;\n path?: string;\n}\n\nexport interface ConstraintValidationResult {\n valid: boolean;\n violations: ConstraintViolation[];\n}\n\n// ---------------------------------------------------------------------------\n// Validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate claims against structural kernel constraints using iterative\n * (stack-safe) traversal. Checks depth, array length, object keys, string\n * length, and total node count. Semantic constraints like CLOCK_SKEW_SECONDS\n * are enforced by receipt verification, not this structural validator.\n *\n * Traversal semantics are aligned with assertJsonSafeIterative(): every value\n * (including primitives) is pushed to the stack and counted when popped.\n * String length uses .length (code units), matching assertJsonSafeIterative.\n *\n * **Cycle safety:** This function assumes acyclic input (e.g., the output of\n * JSON.parse(), which is acyclic by construction). If passed a cyclic object\n * graph, traversal will terminate when MAX_TOTAL_NODES is reached -- it will\n * not hang -- but the violation report may be misleading. Callers with\n * potentially cyclic inputs should pre-check with a WeakSet guard.\n *\n * Never throws -- always returns a result object.\n */\nexport function validateKernelConstraints(claims: unknown): ConstraintValidationResult {\n const violations: ConstraintViolation[] = [];\n\n if (claims === null || claims === undefined || typeof claims !== 'object') {\n return { valid: true, violations };\n }\n\n // Iterative traversal aligned with assertJsonSafeIterative():\n // ALL values (primitives, arrays, objects) go on the stack and are\n // counted when popped. This ensures node counts match the existing\n // JSON safety validator.\n let totalNodes = 0;\n const stack: Array<{ value: unknown; depth: number; path: string }> = [\n { value: claims, depth: 0, path: '' },\n ];\n\n while (stack.length > 0) {\n const item = stack.pop()!;\n totalNodes++;\n\n // Total nodes check\n if (totalNodes > KERNEL_CONSTRAINTS.MAX_TOTAL_NODES) {\n violations.push({\n constraint: 'MAX_TOTAL_NODES',\n actual: totalNodes,\n limit: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES,\n path: item.path,\n });\n break; // Stop traversal to avoid runaway\n }\n\n // Depth check -- applies to ALL nodes (primitives and containers),\n // matching assertJsonSafeIterative() semantics. A primitive leaf at\n // depth 33 is a violation even though it has no children to descend into.\n if (item.depth > KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH) {\n violations.push({\n constraint: 'MAX_NESTED_DEPTH',\n actual: item.depth,\n limit: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,\n path: item.path,\n });\n continue; // Don't descend further (no-op for primitives, prevents deeper nesting for containers)\n }\n\n // Primitives\n if (item.value === null || typeof item.value !== 'object') {\n if (typeof item.value === 'string') {\n // Use .length (code units) to match assertJsonSafeIterative semantics\n if (item.value.length > KERNEL_CONSTRAINTS.MAX_STRING_LENGTH) {\n violations.push({\n constraint: 'MAX_STRING_LENGTH',\n actual: item.value.length,\n limit: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,\n path: item.path,\n });\n }\n }\n continue;\n }\n\n // Arrays\n if (Array.isArray(item.value)) {\n if (item.value.length > KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH) {\n violations.push({\n constraint: 'MAX_ARRAY_LENGTH',\n actual: item.value.length,\n limit: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,\n path: item.path,\n });\n }\n // Push all elements to stack (aligned with assertJsonSafeIterative)\n for (let i = item.value.length - 1; i >= 0; i--) {\n stack.push({\n value: item.value[i],\n depth: item.depth + 1,\n path: `${item.path}[${i}]`,\n });\n }\n continue;\n }\n\n // Objects\n const keys = Object.keys(item.value as Record<string, unknown>);\n if (keys.length > KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS) {\n violations.push({\n constraint: 'MAX_OBJECT_KEYS',\n actual: keys.length,\n limit: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,\n path: item.path,\n });\n }\n // Push all values to stack (aligned with assertJsonSafeIterative)\n for (let i = keys.length - 1; i >= 0; i--) {\n const key = keys[i];\n const childPath = item.path ? `${item.path}.${key}` : key;\n stack.push({\n value: (item.value as Record<string, unknown>)[key],\n depth: item.depth + 1,\n path: childPath,\n });\n }\n }\n\n return { valid: violations.length === 0, violations };\n}\n","/**\n * JSON-safe validation schemas\n *\n * Provides Zod schemas that guarantee JSON roundtrip safety:\n * - Rejects NaN, Infinity, -Infinity (not valid JSON numbers)\n * - Rejects undefined (dropped by JSON.stringify)\n * - Rejects non-plain objects (Date, Map, Set, class instances)\n * - Rejects functions, symbols, bigints\n */\n\nimport { z } from 'zod';\nimport type { JsonValue, JsonObject, JsonArray } from '@peac/kernel';\nimport { KERNEL_CONSTRAINTS } from './constraints';\n\n/**\n * Check if value is a plain object (not Date, Map, Set, class instance, etc.)\n *\n * A plain object has prototype of Object.prototype or null.\n * This rejects Date, Map, Set, Array, and class instances even when\n * they have zero enumerable properties (which would pass z.record()).\n */\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== 'object') {\n return false;\n }\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n/**\n * JSON number schema - rejects NaN and Infinity\n *\n * JSON.stringify(NaN) === \"null\" and JSON.stringify(Infinity) === \"null\"\n * which silently corrupts data. We reject these at validation time.\n */\nconst JsonNumberSchema = z.number().finite();\n\n/**\n * JSON primitive schema - string, finite number, boolean, null\n */\nexport const JsonPrimitiveSchema = z.union([z.string(), JsonNumberSchema, z.boolean(), z.null()]);\n\n/**\n * Plain object schema (internal) - validates object is plain before recursive validation\n */\nconst PlainObjectSchema = z.unknown().refine(isPlainObject, {\n message: 'Expected plain object, received non-plain object (Date, Map, Set, or class instance)',\n});\n\n/**\n * JSON value schema - recursive type for any valid JSON value\n *\n * Validates:\n * - Primitives: string, finite number, boolean, null\n * - Arrays: containing valid JSON values\n * - Objects: plain objects with string keys and valid JSON values\n *\n * Rejects:\n * - undefined (dropped by JSON.stringify)\n * - NaN, Infinity, -Infinity (become null in JSON)\n * - BigInt (throws in JSON.stringify)\n * - Date (becomes ISO string - implicit conversion)\n * - Map, Set (become {} in JSON)\n * - Functions, Symbols (dropped by JSON.stringify)\n * - Class instances (prototype chain lost)\n */\nexport const JsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n z.union([\n JsonPrimitiveSchema,\n z.array(JsonValueSchema),\n // Plain object check then record validation\n PlainObjectSchema.transform((obj) => obj as Record<string, unknown>).pipe(\n z.record(z.string(), JsonValueSchema)\n ),\n ])\n) as z.ZodType<JsonValue>;\n\n/**\n * JSON object schema - plain object with string keys and JSON values\n *\n * Rejects non-plain objects (Date, Map, Set, class instances).\n */\nexport const JsonObjectSchema: z.ZodType<JsonObject> = PlainObjectSchema.transform(\n (obj) => obj as Record<string, unknown>\n).pipe(z.record(z.string(), JsonValueSchema)) as z.ZodType<JsonObject>;\n\n/**\n * JSON array schema - array of JSON values\n */\nexport const JsonArraySchema: z.ZodType<JsonArray> = z.array(JsonValueSchema);\n\n/**\n * Default limits for JSON evidence validation.\n *\n * Derived from KERNEL_CONSTRAINTS (single source of truth).\n * These are conservative defaults to prevent DoS attacks via deeply nested\n * or excessively large JSON structures.\n */\nexport const JSON_EVIDENCE_LIMITS = {\n /** Maximum nesting depth (default: 32) */\n maxDepth: KERNEL_CONSTRAINTS.MAX_NESTED_DEPTH,\n /** Maximum array length (default: 10,000) */\n maxArrayLength: KERNEL_CONSTRAINTS.MAX_ARRAY_LENGTH,\n /** Maximum object keys (default: 1,000) */\n maxObjectKeys: KERNEL_CONSTRAINTS.MAX_OBJECT_KEYS,\n /** Maximum string length in code units (default: 65,536) */\n maxStringLength: KERNEL_CONSTRAINTS.MAX_STRING_LENGTH,\n /** Maximum total nodes to visit (default: 100,000) */\n maxTotalNodes: KERNEL_CONSTRAINTS.MAX_TOTAL_NODES,\n} as const;\n\n/**\n * Limits for JSON evidence validation\n *\n * @internal - Not part of public API. Use validateEvidence() with defaults.\n *\n * For testing only: import via UNSAFE_JsonEvidenceLimits\n */\nexport interface JsonEvidenceLimits {\n maxDepth?: number;\n maxArrayLength?: number;\n maxObjectKeys?: number;\n maxStringLength?: number;\n maxTotalNodes?: number;\n}\n\n/**\n * Result of JSON safety validation\n */\nexport type JsonSafetyResult =\n | { ok: true }\n | { ok: false; error: string; path: (string | number)[] };\n\n/**\n * Stack entry type for iterative traversal\n *\n * - \"enter\": entering an object/array, need to validate and push children\n * - \"exit\": exiting an object/array, remove from current path (for cycle detection)\n */\ntype StackEntry =\n | { type: 'enter'; value: unknown; path: (string | number)[]; depth: number }\n | { type: 'exit'; obj: object };\n\n/**\n * Iterative JSON safety validator\n *\n * Validates that a value is JSON-safe without using recursion, preventing\n * stack overflow on deeply nested structures. Uses an explicit stack for\n * traversal with entry/exit markers for correct cycle detection.\n *\n * Cycle Detection:\n * Uses a path-based approach where only objects on the current traversal\n * path are tracked. This correctly allows diamond structures (same object\n * referenced from multiple paths) while rejecting actual cycles (object\n * references itself through its descendants).\n *\n * Rejects:\n * - Cycles (object references itself directly or indirectly)\n * - Non-plain objects (Date, Map, Set, class instances)\n * - Non-finite numbers (NaN, Infinity, -Infinity)\n * - undefined, BigInt, functions, symbols\n * - Structures exceeding depth/size limits\n *\n * Allows:\n * - Diamond structures (same object referenced from multiple paths)\n *\n * @param value - Value to validate\n * @param limits - Optional limits (defaults to JSON_EVIDENCE_LIMITS)\n * @returns Result indicating success or failure with error details\n */\nexport function assertJsonSafeIterative(\n value: unknown,\n limits: JsonEvidenceLimits = {}\n): JsonSafetyResult {\n const maxDepth = limits.maxDepth ?? JSON_EVIDENCE_LIMITS.maxDepth;\n const maxArrayLength = limits.maxArrayLength ?? JSON_EVIDENCE_LIMITS.maxArrayLength;\n const maxObjectKeys = limits.maxObjectKeys ?? JSON_EVIDENCE_LIMITS.maxObjectKeys;\n const maxStringLength = limits.maxStringLength ?? JSON_EVIDENCE_LIMITS.maxStringLength;\n const maxTotalNodes = limits.maxTotalNodes ?? JSON_EVIDENCE_LIMITS.maxTotalNodes;\n\n // Track objects on the current traversal path for cycle detection.\n // An object appearing twice on the same path is a cycle.\n // An object appearing on different paths (diamond) is NOT a cycle.\n const pathSet = new WeakSet<object>();\n\n // Track total nodes visited for DoS protection\n let nodeCount = 0;\n\n // Stack with entry/exit markers for path tracking\n const stack: StackEntry[] = [{ type: 'enter', value, path: [], depth: 0 }];\n\n while (stack.length > 0) {\n const entry = stack.pop()!;\n\n // Handle exit marker - remove object from current path\n if (entry.type === 'exit') {\n pathSet.delete(entry.obj);\n continue;\n }\n\n const { value: current, path, depth } = entry;\n\n // Check total node limit\n nodeCount++;\n if (nodeCount > maxTotalNodes) {\n return {\n ok: false,\n error: `Maximum total nodes exceeded (limit: ${maxTotalNodes})`,\n path,\n };\n }\n\n // Check depth limit\n if (depth > maxDepth) {\n return {\n ok: false,\n error: `Maximum depth exceeded (limit: ${maxDepth})`,\n path,\n };\n }\n\n // Handle null (valid JSON)\n if (current === null) {\n continue;\n }\n\n // Handle primitives\n const type = typeof current;\n\n if (type === 'string') {\n if ((current as string).length > maxStringLength) {\n return {\n ok: false,\n error: `String exceeds maximum length (limit: ${maxStringLength})`,\n path,\n };\n }\n continue;\n }\n\n if (type === 'number') {\n if (!Number.isFinite(current as number)) {\n return {\n ok: false,\n error: `Non-finite number: ${current}`,\n path,\n };\n }\n continue;\n }\n\n if (type === 'boolean') {\n continue;\n }\n\n // Reject non-JSON types\n if (type === 'undefined') {\n return { ok: false, error: 'undefined is not valid JSON', path };\n }\n\n if (type === 'bigint') {\n return { ok: false, error: 'BigInt is not valid JSON', path };\n }\n\n if (type === 'function') {\n return { ok: false, error: 'Function is not valid JSON', path };\n }\n\n if (type === 'symbol') {\n return { ok: false, error: 'Symbol is not valid JSON', path };\n }\n\n // Handle objects (arrays and plain objects)\n if (type === 'object') {\n const obj = current as object;\n\n // Cycle detection - check if object is already on the current path\n // (not just visited anywhere, but specifically an ancestor)\n if (pathSet.has(obj)) {\n return { ok: false, error: 'Cycle detected in object graph', path };\n }\n\n // Add to current path and push exit marker to remove when done\n pathSet.add(obj);\n stack.push({ type: 'exit', obj });\n\n // Handle arrays\n if (Array.isArray(obj)) {\n if (obj.length > maxArrayLength) {\n return {\n ok: false,\n error: `Array exceeds maximum length (limit: ${maxArrayLength})`,\n path,\n };\n }\n // Push array elements to stack in reverse order for correct traversal\n for (let i = obj.length - 1; i >= 0; i--) {\n stack.push({ type: 'enter', value: obj[i], path: [...path, i], depth: depth + 1 });\n }\n continue;\n }\n\n // Check for non-plain objects (Date, Map, Set, class instances, etc.)\n const proto = Object.getPrototypeOf(obj);\n if (proto !== Object.prototype && proto !== null) {\n const constructorName = obj.constructor?.name ?? 'unknown';\n return {\n ok: false,\n error: `Non-plain object (${constructorName}) is not valid JSON`,\n path,\n };\n }\n\n // Handle plain objects\n const keys = Object.keys(obj);\n if (keys.length > maxObjectKeys) {\n return {\n ok: false,\n error: `Object exceeds maximum key count (limit: ${maxObjectKeys})`,\n path,\n };\n }\n // Push object values to stack\n for (let i = keys.length - 1; i >= 0; i--) {\n const key = keys[i];\n stack.push({\n type: 'enter',\n value: (obj as Record<string, unknown>)[key],\n path: [...path, key],\n depth: depth + 1,\n });\n }\n continue;\n }\n\n // Shouldn't reach here, but reject unknown types\n return { ok: false, error: `Unknown type: ${type}`, path };\n }\n\n return { ok: true };\n}\n","/**\n * Agent Identity Attestation Types and Validators (v0.9.25+)\n *\n * Provides cryptographic proof-of-control binding for agents,\n * distinguishing operator-verified bots from user-delegated agents.\n *\n * @see docs/specs/AGENT-IDENTITY.md for normative specification\n */\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport { JsonValueSchema } from './json';\n\n// =============================================================================\n// CONTROL TYPE (v0.9.25+)\n// =============================================================================\n\n/**\n * Control type distinguishes operator-verified bots from user-delegated agents.\n *\n * - 'operator': Bot/crawler operated by a known organization (e.g., Googlebot, GPTBot)\n * - 'user-delegated': Agent acting on behalf of a human user (e.g., browser extension, AI assistant)\n */\nexport const ControlTypeSchema = z.enum(['operator', 'user-delegated']);\nexport type ControlType = z.infer<typeof ControlTypeSchema>;\n\n/**\n * Array of valid control types for runtime checks\n */\nexport const CONTROL_TYPES = ['operator', 'user-delegated'] as const;\n\n// =============================================================================\n// PROOF METHOD (v0.9.25+)\n// =============================================================================\n\n/**\n * @deprecated ProofMethodSchema is deprecated as of v0.12.2.\n * Transport-level binding methods (HTTP signatures, DPoP, mTLS, JWK thumbprint)\n * are semantically distinct from trust-root models (ProofTypeSchema).\n * This alias remains functional through v0.12.x. No consumer action required now.\n * In v0.13.0, AgentProofSchema.method will migrate to either an inline enum\n * or a dedicated TransportBindingMethodSchema. Remove-not-before: v0.13.0.\n *\n * @see ProofTypeSchema for the canonical trust-root model schema\n */\nexport const ProofMethodSchema = z.enum([\n 'http-message-signature',\n 'dpop',\n 'mtls',\n 'jwk-thumbprint',\n]);\nexport type ProofMethod = z.infer<typeof ProofMethodSchema>;\n\n/**\n * @deprecated See ProofMethodSchema deprecation note.\n */\nexport const PROOF_METHODS = ['http-message-signature', 'dpop', 'mtls', 'jwk-thumbprint'] as const;\n\n// =============================================================================\n// BINDING DETAILS (v0.9.25+)\n// =============================================================================\n\n/**\n * Details of what was included in the binding message for http-message-signature.\n *\n * This allows verifiers to reconstruct the binding message for verification.\n */\nexport const BindingDetailsSchema = z\n .object({\n /** HTTP method (uppercase: GET, POST, etc.) */\n method: z.string().min(1).max(16),\n\n /** Target URI of the request */\n target: z.string().min(1).max(2048),\n\n /** Headers included in the signature (lowercase) */\n headers_included: z.array(z.string().max(64)).max(32),\n\n /** SHA-256 hash of request body (base64url), empty string if no body */\n body_hash: z.string().max(64).optional(),\n\n /** When the binding was signed (RFC 3339) */\n signed_at: z.string().datetime(),\n })\n .strict();\nexport type BindingDetails = z.infer<typeof BindingDetailsSchema>;\n\n// =============================================================================\n// AGENT PROOF (v0.9.25+)\n// =============================================================================\n\n/**\n * Proof of control binding - cryptographic evidence that the agent controls the key.\n */\nexport const AgentProofSchema = z\n .object({\n /**\n * Proof method used.\n * @see ProofMethodSchema - deprecated in v0.12.2; will migrate in v0.13.0\n */\n method: ProofMethodSchema,\n\n /** Key ID (matches kid in JWS header or JWKS) */\n key_id: z.string().min(1).max(256),\n\n /** Algorithm used (default: EdDSA for Ed25519) */\n alg: z.string().max(32).default('EdDSA'),\n\n /** Signature over binding message (base64url, for http-message-signature) */\n signature: z.string().max(512).optional(),\n\n /** DPoP proof JWT (for dpop method) */\n dpop_proof: z.string().max(4096).optional(),\n\n /** Certificate fingerprint (for mtls method, SHA-256 base64url) */\n cert_thumbprint: z.string().max(64).optional(),\n\n /** Binding details for http-message-signature */\n binding: BindingDetailsSchema.optional(),\n })\n .strict();\nexport type AgentProof = z.infer<typeof AgentProofSchema>;\n\n// =============================================================================\n// AGENT IDENTITY EVIDENCE (v0.9.25+)\n// =============================================================================\n\n/**\n * Agent identity evidence - the payload of an AgentIdentityAttestation.\n *\n * Contains the agent identifier, control type, capabilities, and optional\n * cryptographic proof of key control.\n */\nexport const AgentIdentityEvidenceSchema = z\n .object({\n /** Stable agent identifier (opaque string, REQUIRED) */\n agent_id: z.string().min(1).max(256),\n\n /** Control type: operator-verified or user-delegated (REQUIRED) */\n control_type: ControlTypeSchema,\n\n /** Agent capabilities/scopes (optional, for fine-grained access) */\n capabilities: z.array(z.string().max(64)).max(32).optional(),\n\n /** Delegation chain for user-delegated agents (optional) */\n delegation_chain: z.array(z.string().max(256)).max(8).optional(),\n\n /** Cryptographic proof of key control (optional) */\n proof: AgentProofSchema.optional(),\n\n /** Key directory URL for public key discovery (optional) */\n key_directory_url: z.string().url().max(2048).optional(),\n\n /** Agent operator/organization (optional, for operator type) */\n operator: z.string().max(256).optional(),\n\n /** User identifier (optional, for user-delegated type, should be opaque) */\n user_id: z.string().max(256).optional(),\n\n /** Additional type-specific metadata (optional) */\n metadata: z.record(z.string(), JsonValueSchema).optional(),\n })\n .strict();\nexport type AgentIdentityEvidence = z.infer<typeof AgentIdentityEvidenceSchema>;\n\n// =============================================================================\n// AGENT IDENTITY ATTESTATION (v0.9.25+)\n// =============================================================================\n\n/**\n * Attestation type literal for agent identity\n */\nexport const AGENT_IDENTITY_TYPE = 'peac/agent-identity' as const;\n\n/**\n * AgentIdentityAttestation - extends generic Attestation with agent-specific evidence.\n *\n * This attestation proves cryptographic control over an agent identity,\n * distinguishing operator-verified bots from user-delegated agents.\n *\n * @example\n * ```typescript\n * const attestation: AgentIdentityAttestation = {\n * type: 'peac/agent-identity',\n * issuer: 'https://crawler.example.com',\n * issued_at: '2026-01-03T12:00:00Z',\n * evidence: {\n * agent_id: 'bot:crawler-prod-001',\n * control_type: 'operator',\n * operator: 'Example Crawler Inc.',\n * capabilities: ['crawl', 'index'],\n * proof: {\n * method: 'http-message-signature',\n * key_id: 'key-2026-01',\n * alg: 'EdDSA',\n * },\n * },\n * };\n * ```\n */\nexport const AgentIdentityAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/agent-identity') */\n type: z.literal(AGENT_IDENTITY_TYPE),\n\n /** Issuer of the attestation (agent operator, IdP, or platform) */\n issuer: z.string().min(1).max(2048),\n\n /** When the attestation was issued (RFC 3339) */\n issued_at: z.string().datetime(),\n\n /** When the attestation expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** Reference to external verification endpoint (optional) */\n ref: z.string().url().max(2048).optional(),\n\n /** Agent identity evidence */\n evidence: AgentIdentityEvidenceSchema,\n })\n .strict();\nexport type AgentIdentityAttestation = z.infer<typeof AgentIdentityAttestationSchema>;\n\n// =============================================================================\n// IDENTITY BINDING (v0.9.25+)\n// =============================================================================\n\n/**\n * Identity binding result from constructBindingMessage().\n *\n * Used to tie an agent identity attestation to a specific HTTP request.\n */\nexport const IdentityBindingSchema = z\n .object({\n /** SHA-256 hash of the canonical binding message (base64url) */\n binding_message_hash: z.string().min(1).max(64),\n\n /** Ed25519 signature over binding message (base64url) */\n signature: z.string().min(1).max(512),\n\n /** Key ID used for signing */\n key_id: z.string().min(1).max(256),\n\n /** When the binding was created (RFC 3339) */\n signed_at: z.string().datetime(),\n })\n .strict();\nexport type IdentityBinding = z.infer<typeof IdentityBindingSchema>;\n\n// =============================================================================\n// AGENT IDENTITY VERIFIED BLOCK (v0.9.25+)\n// =============================================================================\n\n/**\n * Agent identity verification result to include in receipt evidence.\n *\n * This block is added by the publisher after verifying an agent identity\n * attestation, binding the verified identity to the issued receipt.\n */\nexport const AgentIdentityVerifiedSchema = z\n .object({\n /** Agent ID from the verified attestation */\n agent_id: z.string().min(1).max(256),\n\n /** Control type from the verified attestation */\n control_type: ControlTypeSchema,\n\n /** When the publisher verified the identity (RFC 3339) */\n verified_at: z.string().datetime(),\n\n /** Key ID that was used for verification */\n key_id: z.string().min(1).max(256),\n\n /** SHA-256 hash of the binding message (base64url) */\n binding_hash: z.string().min(1).max(64),\n })\n .strict();\nexport type AgentIdentityVerified = z.infer<typeof AgentIdentityVerifiedSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.25+)\n// =============================================================================\n\n/**\n * Validate an AgentIdentityAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateAgentIdentityAttestation(data);\n * if (result.ok) {\n * console.log('Agent ID:', result.value.evidence.agent_id);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateAgentIdentityAttestation(\n data: unknown\n): { ok: true; value: AgentIdentityAttestation } | { ok: false; error: string } {\n const result = AgentIdentityAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is an AgentIdentityAttestation.\n *\n * @param attestation - Object with a type field\n * @returns True if the type is 'peac/agent-identity'\n */\nexport function isAgentIdentityAttestation(attestation: {\n type: string;\n}): attestation is AgentIdentityAttestation {\n return attestation.type === AGENT_IDENTITY_TYPE;\n}\n\n/**\n * Parameters for creating an AgentIdentityAttestation.\n */\nexport interface CreateAgentIdentityAttestationParams {\n /** Issuer of the attestation */\n issuer: string;\n /** Stable agent identifier */\n agent_id: string;\n /** Control type: operator or user-delegated */\n control_type: ControlType;\n /** Cryptographic proof (optional) */\n proof?: AgentProof;\n /** Agent capabilities (optional) */\n capabilities?: string[];\n /** Delegation chain for user-delegated (optional) */\n delegation_chain?: string[];\n /** Key directory URL (optional) */\n key_directory_url?: string;\n /** Agent operator name (optional, for operator type) */\n operator?: string;\n /** User ID (optional, for user-delegated type) */\n user_id?: string;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** External verification endpoint (optional) */\n ref?: string;\n /** Additional metadata (optional, must be JSON-safe) */\n metadata?: Record<string, JsonValue>;\n}\n\n/**\n * Create an AgentIdentityAttestation with current timestamp.\n *\n * @param params - Attestation parameters\n * @returns A valid AgentIdentityAttestation\n *\n * @example\n * ```typescript\n * const attestation = createAgentIdentityAttestation({\n * issuer: 'https://crawler.example.com',\n * agent_id: 'bot:crawler-prod-001',\n * control_type: 'operator',\n * operator: 'Example Crawler Inc.',\n * capabilities: ['crawl', 'index'],\n * });\n * ```\n */\nexport function createAgentIdentityAttestation(\n params: CreateAgentIdentityAttestationParams\n): AgentIdentityAttestation {\n const evidence: AgentIdentityEvidence = {\n agent_id: params.agent_id,\n control_type: params.control_type,\n };\n\n if (params.capabilities) {\n evidence.capabilities = params.capabilities;\n }\n if (params.delegation_chain) {\n evidence.delegation_chain = params.delegation_chain;\n }\n if (params.proof) {\n evidence.proof = params.proof;\n }\n if (params.key_directory_url) {\n evidence.key_directory_url = params.key_directory_url;\n }\n if (params.operator) {\n evidence.operator = params.operator;\n }\n if (params.user_id) {\n evidence.user_id = params.user_id;\n }\n if (params.metadata) {\n // Validate metadata is JSON-safe at runtime\n evidence.metadata = params.metadata;\n }\n\n const attestation: AgentIdentityAttestation = {\n type: AGENT_IDENTITY_TYPE,\n issuer: params.issuer,\n issued_at: new Date().toISOString(),\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n if (params.ref) {\n attestation.ref = params.ref;\n }\n\n return attestation;\n}\n\n/**\n * Validate an IdentityBinding.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated binding or error message\n */\nexport function validateIdentityBinding(\n data: unknown\n): { ok: true; value: IdentityBinding } | { ok: false; error: string } {\n const result = IdentityBindingSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an agent identity attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation has expired\n */\nexport function isAttestationExpired(\n attestation: AgentIdentityAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if an agent identity attestation is not yet valid.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation is not yet valid (issued_at in the future)\n */\nexport function isAttestationNotYetValid(\n attestation: AgentIdentityAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n","/**\n * Attribution Attestation Types and Validators (v0.9.26+)\n *\n * Provides content derivation and usage proof for PEAC receipts,\n * enabling chain tracking and compliance artifacts.\n *\n * @see docs/specs/ATTRIBUTION.md for normative specification\n */\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport { JsonValueSchema } from './json';\n\n// =============================================================================\n// ATTRIBUTION LIMITS (v0.9.26+)\n// =============================================================================\n\n/**\n * Attribution limits for DoS protection and verification feasibility.\n *\n * These are implementation safety limits, not protocol constraints.\n */\nexport const ATTRIBUTION_LIMITS = {\n /** Maximum sources per attestation */\n maxSources: 100,\n /** Maximum chain resolution depth */\n maxDepth: 8,\n /** Maximum attestation size in bytes (64KB) */\n maxAttestationSize: 65536,\n /** Per-hop resolution timeout in milliseconds */\n resolutionTimeout: 5000,\n /** Maximum receipt reference length */\n maxReceiptRefLength: 2048,\n /** Maximum model ID length */\n maxModelIdLength: 256,\n} as const;\n\n// =============================================================================\n// CONTENT HASH (v0.9.26+)\n// =============================================================================\n\n/**\n * Supported hash algorithms for content hashing.\n * Only sha-256 is supported in v0.9.26.\n */\nexport const HashAlgorithmSchema = z.literal('sha-256');\nexport type HashAlgorithm = z.infer<typeof HashAlgorithmSchema>;\n\n/**\n * Supported encoding formats for hash values.\n */\nexport const HashEncodingSchema = z.literal('base64url');\nexport type HashEncoding = z.infer<typeof HashEncodingSchema>;\n\n/**\n * ContentHash - deterministic content identification.\n *\n * Provides cryptographic verification of content identity using SHA-256.\n * The hash value is base64url-encoded without padding (RFC 4648 Section 5).\n *\n * @example\n * ```typescript\n * const hash: ContentHash = {\n * alg: 'sha-256',\n * value: 'n4bQgYhMfWWaL28IoEbM8Qa8jG7x0QXJZJqL-w_zZdA',\n * enc: 'base64url',\n * };\n * ```\n */\nexport const ContentHashSchema = z\n .object({\n /** Hash algorithm (REQUIRED, must be 'sha-256') */\n alg: HashAlgorithmSchema,\n\n /** Base64url-encoded hash value without padding (REQUIRED, 43 chars for SHA-256) */\n value: z\n .string()\n .min(43)\n .max(43)\n .regex(/^[A-Za-z0-9_-]+$/, 'Invalid base64url characters'),\n\n /** Encoding format (REQUIRED, must be 'base64url') */\n enc: HashEncodingSchema,\n })\n .strict();\nexport type ContentHash = z.infer<typeof ContentHashSchema>;\n\n// =============================================================================\n// ATTRIBUTION USAGE (v0.9.26+)\n// =============================================================================\n\n/**\n * How source content was used in derivation.\n *\n * - 'training_input': Used to train a model\n * - 'rag_context': Retrieved for RAG context\n * - 'direct_reference': Directly quoted or referenced\n * - 'synthesis_source': Combined with other sources to create new content\n * - 'embedding_source': Used to create embeddings/vectors\n */\nexport const AttributionUsageSchema = z.enum([\n 'training_input',\n 'rag_context',\n 'direct_reference',\n 'synthesis_source',\n 'embedding_source',\n]);\nexport type AttributionUsage = z.infer<typeof AttributionUsageSchema>;\n\n/**\n * Array of valid attribution usage types for runtime checks.\n */\nexport const ATTRIBUTION_USAGES = [\n 'training_input',\n 'rag_context',\n 'direct_reference',\n 'synthesis_source',\n 'embedding_source',\n] as const;\n\n// =============================================================================\n// DERIVATION TYPE (v0.9.26+)\n// =============================================================================\n\n/**\n * Type of content derivation.\n *\n * - 'training': Model training or fine-tuning\n * - 'inference': Runtime inference with RAG/grounding\n * - 'rag': Retrieval-augmented generation\n * - 'synthesis': Multi-source content synthesis\n * - 'embedding': Vector embedding generation\n */\nexport const DerivationTypeSchema = z.enum([\n 'training',\n 'inference',\n 'rag',\n 'synthesis',\n 'embedding',\n]);\nexport type DerivationType = z.infer<typeof DerivationTypeSchema>;\n\n/**\n * Array of valid derivation types for runtime checks.\n */\nexport const DERIVATION_TYPES = ['training', 'inference', 'rag', 'synthesis', 'embedding'] as const;\n\n// =============================================================================\n// ATTRIBUTION SOURCE (v0.9.26+)\n// =============================================================================\n\n/**\n * Receipt reference format validation.\n *\n * Valid formats:\n * - jti:{receipt_id} - Direct receipt identifier\n * - https://... - Resolvable receipt URL\n * - urn:peac:receipt:{id} - URN-formatted identifier\n */\nconst ReceiptRefSchema = z\n .string()\n .min(1)\n .max(ATTRIBUTION_LIMITS.maxReceiptRefLength)\n .refine(\n (ref) => {\n // jti: prefix\n if (ref.startsWith('jti:')) return true;\n // URL\n if (ref.startsWith('https://') || ref.startsWith('http://')) return true;\n // URN\n if (ref.startsWith('urn:peac:receipt:')) return true;\n return false;\n },\n { message: 'Invalid receipt reference format. Must be jti:{id}, URL, or urn:peac:receipt:{id}' }\n );\n\n/**\n * AttributionSource - links to a source receipt and describes how content was used.\n *\n * For cross-issuer resolution, include `receipt_issuer` when using `jti:*` references.\n * URL-based references (`https://...`) are self-resolvable.\n *\n * @example\n * ```typescript\n * const source: AttributionSource = {\n * receipt_ref: 'jti:rec_abc123def456',\n * receipt_issuer: 'https://publisher.example.com',\n * content_hash: { alg: 'sha-256', value: '...', enc: 'base64url' },\n * usage: 'rag_context',\n * weight: 0.3,\n * };\n * ```\n */\nexport const AttributionSourceSchema = z\n .object({\n /** Reference to source PEAC receipt (REQUIRED) */\n receipt_ref: ReceiptRefSchema,\n\n /**\n * Issuer of the referenced receipt (OPTIONAL but RECOMMENDED for jti: refs).\n *\n * Required for cross-issuer resolution when receipt_ref is jti:{id} format.\n * Not needed for URL-based references which are self-resolvable.\n * Used to construct resolution URL: {receipt_issuer}/.well-known/peac/receipts/{id}\n */\n receipt_issuer: z.string().url().max(2048).optional(),\n\n /** Hash of source content (OPTIONAL) */\n content_hash: ContentHashSchema.optional(),\n\n /** Hash of used excerpt (OPTIONAL, content-minimizing, not privacy-preserving for short text) */\n excerpt_hash: ContentHashSchema.optional(),\n\n /** How the source was used (REQUIRED) */\n usage: AttributionUsageSchema,\n\n /** Relative contribution weight 0.0-1.0 (OPTIONAL) */\n weight: z.number().min(0).max(1).optional(),\n })\n .strict();\nexport type AttributionSource = z.infer<typeof AttributionSourceSchema>;\n\n// =============================================================================\n// ATTRIBUTION EVIDENCE (v0.9.26+)\n// =============================================================================\n\n/**\n * AttributionEvidence - the payload of an AttributionAttestation.\n *\n * Contains the sources, derivation type, and optional output metadata.\n */\nexport const AttributionEvidenceSchema = z\n .object({\n /** Array of attribution sources (REQUIRED, 1-100 sources) */\n sources: z.array(AttributionSourceSchema).min(1).max(ATTRIBUTION_LIMITS.maxSources),\n\n /** Type of derivation (REQUIRED) */\n derivation_type: DerivationTypeSchema,\n\n /** Hash of derived output (OPTIONAL) */\n output_hash: ContentHashSchema.optional(),\n\n /** Model identifier (OPTIONAL) */\n model_id: z.string().max(ATTRIBUTION_LIMITS.maxModelIdLength).optional(),\n\n /** Inference provider URL (OPTIONAL) */\n inference_provider: z.string().url().max(2048).optional(),\n\n /** Session correlation ID (OPTIONAL) */\n session_id: z.string().max(256).optional(),\n\n /** Additional type-specific metadata (OPTIONAL) */\n metadata: z.record(z.string(), JsonValueSchema).optional(),\n })\n .strict();\nexport type AttributionEvidence = z.infer<typeof AttributionEvidenceSchema>;\n\n// =============================================================================\n// ATTRIBUTION ATTESTATION (v0.9.26+)\n// =============================================================================\n\n/**\n * Attestation type literal for attribution\n */\nexport const ATTRIBUTION_TYPE = 'peac/attribution' as const;\n\n/**\n * AttributionAttestation - proves content derivation and usage.\n *\n * This attestation provides cryptographic evidence that content was derived\n * from specific sources, enabling chain tracking and compliance.\n *\n * @example\n * ```typescript\n * const attestation: AttributionAttestation = {\n * type: 'peac/attribution',\n * issuer: 'https://ai.example.com',\n * issued_at: '2026-01-04T12:00:00Z',\n * evidence: {\n * sources: [\n * { receipt_ref: 'jti:rec_abc123', usage: 'rag_context', weight: 0.5 },\n * { receipt_ref: 'jti:rec_def456', usage: 'rag_context', weight: 0.5 },\n * ],\n * derivation_type: 'rag',\n * model_id: 'gpt-4',\n * },\n * };\n * ```\n */\nexport const AttributionAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/attribution') */\n type: z.literal(ATTRIBUTION_TYPE),\n\n /** Issuer of the attestation (inference provider, platform) */\n issuer: z.string().min(1).max(2048),\n\n /** When the attestation was issued (RFC 3339) */\n issued_at: z.string().datetime(),\n\n /** When the attestation expires (RFC 3339, OPTIONAL) */\n expires_at: z.string().datetime().optional(),\n\n /** Reference to external verification endpoint (OPTIONAL) */\n ref: z.string().url().max(2048).optional(),\n\n /** Attribution evidence */\n evidence: AttributionEvidenceSchema,\n })\n .strict();\nexport type AttributionAttestation = z.infer<typeof AttributionAttestationSchema>;\n\n// =============================================================================\n// CHAIN VERIFICATION RESULT (v0.9.26+)\n// =============================================================================\n\n/**\n * Result of chain verification including depth and resolved sources.\n */\nexport interface ChainVerificationResult {\n /** Whether the chain is valid */\n valid: boolean;\n /** Maximum depth encountered in the chain */\n maxDepth: number;\n /** Total number of sources across the chain */\n totalSources: number;\n /** Any cycle detected in the chain */\n cycleDetected?: string;\n /** Error message if validation failed */\n error?: string;\n}\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.26+)\n// =============================================================================\n\n/**\n * Validate a ContentHash.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated hash or error message\n */\nexport function validateContentHash(\n data: unknown\n): { ok: true; value: ContentHash } | { ok: false; error: string } {\n const result = ContentHashSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an AttributionSource.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated source or error message\n */\nexport function validateAttributionSource(\n data: unknown\n): { ok: true; value: AttributionSource } | { ok: false; error: string } {\n const result = AttributionSourceSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an AttributionAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateAttributionAttestation(data);\n * if (result.ok) {\n * console.log('Sources:', result.value.evidence.sources.length);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateAttributionAttestation(\n data: unknown\n): { ok: true; value: AttributionAttestation } | { ok: false; error: string } {\n const result = AttributionAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is an AttributionAttestation.\n *\n * @param attestation - Object with a type field\n * @returns True if the type is 'peac/attribution'\n */\nexport function isAttributionAttestation(attestation: {\n type: string;\n}): attestation is AttributionAttestation {\n return attestation.type === ATTRIBUTION_TYPE;\n}\n\n/**\n * Parameters for creating an AttributionAttestation.\n */\nexport interface CreateAttributionAttestationParams {\n /** Issuer of the attestation */\n issuer: string;\n /** Attribution sources */\n sources: AttributionSource[];\n /** Type of derivation */\n derivation_type: DerivationType;\n /** Hash of derived output (optional) */\n output_hash?: ContentHash;\n /** Model identifier (optional) */\n model_id?: string;\n /** Inference provider URL (optional) */\n inference_provider?: string;\n /** Session correlation ID (optional) */\n session_id?: string;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** External verification endpoint (optional) */\n ref?: string;\n /** Additional metadata (optional, must be JSON-safe) */\n metadata?: Record<string, JsonValue>;\n}\n\n/**\n * Create an AttributionAttestation with current timestamp.\n *\n * @param params - Attestation parameters\n * @returns A valid AttributionAttestation\n *\n * @example\n * ```typescript\n * const attestation = createAttributionAttestation({\n * issuer: 'https://ai.example.com',\n * sources: [\n * { receipt_ref: 'jti:rec_abc123', usage: 'rag_context' },\n * ],\n * derivation_type: 'rag',\n * model_id: 'gpt-4',\n * });\n * ```\n */\nexport function createAttributionAttestation(\n params: CreateAttributionAttestationParams\n): AttributionAttestation {\n const evidence: AttributionEvidence = {\n sources: params.sources,\n derivation_type: params.derivation_type,\n };\n\n if (params.output_hash) {\n evidence.output_hash = params.output_hash;\n }\n if (params.model_id) {\n evidence.model_id = params.model_id;\n }\n if (params.inference_provider) {\n evidence.inference_provider = params.inference_provider;\n }\n if (params.session_id) {\n evidence.session_id = params.session_id;\n }\n if (params.metadata) {\n evidence.metadata = params.metadata;\n }\n\n const attestation: AttributionAttestation = {\n type: ATTRIBUTION_TYPE,\n issuer: params.issuer,\n issued_at: new Date().toISOString(),\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n if (params.ref) {\n attestation.ref = params.ref;\n }\n\n return attestation;\n}\n\n/**\n * Check if an attribution attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation has expired\n */\nexport function isAttributionExpired(\n attestation: AttributionAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if an attribution attestation is not yet valid.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Optional clock skew tolerance in milliseconds (default: 30000)\n * @returns True if the attestation is not yet valid (issued_at in the future)\n */\nexport function isAttributionNotYetValid(\n attestation: AttributionAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n\n/**\n * Compute total weight of sources (for validation).\n *\n * @param sources - Array of attribution sources\n * @returns Total weight, or undefined if no weights specified\n */\nexport function computeTotalWeight(sources: AttributionSource[]): number | undefined {\n const weights = sources.filter((s) => s.weight !== undefined).map((s) => s.weight as number);\n if (weights.length === 0) {\n return undefined;\n }\n return weights.reduce((sum, w) => sum + w, 0);\n}\n\n/**\n * Detect cycles in attribution sources (for chain validation).\n *\n * @param sources - Array of attribution sources\n * @param visited - Set of visited receipt refs (for recursion)\n * @returns Receipt ref that caused cycle, or undefined if no cycle\n */\nexport function detectCycleInSources(\n sources: AttributionSource[],\n visited: Set<string> = new Set()\n): string | undefined {\n for (const source of sources) {\n if (visited.has(source.receipt_ref)) {\n return source.receipt_ref;\n }\n }\n return undefined;\n}\n","/**\n * Wire format constants - FROZEN\n *\n * These constants are now sourced from @peac/kernel\n * (normative source: specs/kernel/constants.json)\n */\n\nimport { WIRE_TYPE, ALGORITHMS, HEADERS, POLICY, ISSUER_CONFIG, DISCOVERY } from '@peac/kernel';\n\n/**\n * Wire format version - peac-receipt/0.1\n * Normalized in v0.10.0 to peac-<artifact>/<major>.<minor> pattern\n */\nexport const PEAC_WIRE_TYP = WIRE_TYPE;\n\n/**\n * Signature algorithm - FROZEN forever\n */\nexport const PEAC_ALG = ALGORITHMS.default;\n\n/**\n * Canonical header name\n */\nexport const PEAC_RECEIPT_HEADER = HEADERS.receipt;\n\n/**\n * Purpose header names (v0.9.24+)\n */\nexport const PEAC_PURPOSE_HEADER = HEADERS.purpose;\nexport const PEAC_PURPOSE_APPLIED_HEADER = HEADERS.purposeApplied;\nexport const PEAC_PURPOSE_REASON_HEADER = HEADERS.purposeReason;\n\n/**\n * Policy manifest path (/.well-known/peac.txt)\n * @see docs/specs/PEAC-TXT.md\n */\nexport const PEAC_POLICY_PATH = POLICY.manifestPath;\n\n/**\n * Policy manifest fallback path (/peac.txt)\n */\nexport const PEAC_POLICY_FALLBACK_PATH = POLICY.fallbackPath;\n\n/**\n * Maximum policy manifest size\n */\nexport const PEAC_POLICY_MAX_BYTES = POLICY.maxBytes;\n\n/**\n * Issuer configuration path (/.well-known/peac-issuer.json)\n * @see docs/specs/PEAC-ISSUER.md\n */\nexport const PEAC_ISSUER_CONFIG_PATH = ISSUER_CONFIG.configPath;\n\n/**\n * Issuer configuration version\n */\nexport const PEAC_ISSUER_CONFIG_VERSION = ISSUER_CONFIG.configVersion;\n\n/**\n * Maximum issuer configuration size\n */\nexport const PEAC_ISSUER_CONFIG_MAX_BYTES = ISSUER_CONFIG.maxBytes;\n\n/**\n * @deprecated Use PEAC_POLICY_PATH instead. Will be removed in v1.0.\n */\nexport const PEAC_DISCOVERY_PATH = DISCOVERY.manifestPath;\n\n/**\n * @deprecated Use PEAC_POLICY_MAX_BYTES instead. Will be removed in v1.0.\n */\nexport const PEAC_DISCOVERY_MAX_BYTES = 2000 as const;\n\n/**\n * JSON Schema URL for PEAC receipt wire format v0.1\n *\n * This is the canonical $id for the root schema.\n * Use for schema references and cross-implementation validation.\n *\n * @since v0.10.0\n */\nexport const PEAC_RECEIPT_SCHEMA_URL =\n 'https://www.peacprotocol.org/schemas/wire/0.1/peac-receipt.0.1.schema.json' as const;\n","/**\n * Zod validators for PEAC protocol types\n */\nimport { z } from 'zod';\nimport { PEAC_WIRE_TYP, PEAC_ALG } from './constants';\nimport {\n JsonValueSchema,\n JsonObjectSchema,\n assertJsonSafeIterative,\n type JsonEvidenceLimits,\n} from './json';\nimport { createEvidenceNotJsonError, type PEACError } from './errors';\nimport { PURPOSE_TOKEN_REGEX, MAX_PURPOSE_TOKEN_LENGTH } from './purpose';\n\nconst httpsUrl = z\n .string()\n .url()\n .refine((u) => u.startsWith('https://'), 'must be https://');\nconst iso4217 = z.string().regex(/^[A-Z]{3}$/);\nconst uuidv7 = z\n .string()\n .regex(/^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i);\n\nexport const NormalizedPayment = z\n .object({\n rail: z.string().min(1),\n reference: z.string().min(1),\n amount: z.number().int().nonnegative(),\n currency: iso4217,\n asset: z.string().optional(),\n env: z.string().optional(),\n evidence: JsonValueSchema.optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict();\n\nexport const Subject = z.object({ uri: httpsUrl }).strict();\n\nexport const AIPREFSnapshot = z\n .object({\n url: httpsUrl,\n hash: z.string().min(8),\n })\n .strict();\n\n// Note: Extensions uses a forward reference pattern since ControlBlockSchema\n// is defined after this. We use catchall for now and validate control separately.\nexport const Extensions = z\n .object({\n aipref_snapshot: AIPREFSnapshot.optional(),\n // control block validated via ControlBlockSchema when present\n })\n .catchall(z.unknown());\n\n/**\n * Wire 0.1 JWS header Zod schema (canonical name, v0.12.0-preview.1+).\n *\n * Note: `@peac/crypto` exports a TypeScript discriminated-union type also\n * named `JWSHeader` that covers Wire 0.1, Wire 0.2, and UnTyped variants.\n * This schema validates the runtime shape of Wire 0.1 headers only.\n */\nexport const Wire01JWSHeaderSchema = z\n .object({\n typ: z.literal(PEAC_WIRE_TYP),\n alg: z.literal(PEAC_ALG),\n kid: z.string().min(8),\n })\n .strict();\n\n/**\n * @deprecated Use `Wire01JWSHeaderSchema`. Kept for backward compatibility;\n * will be removed at v1.0.\n */\nexport const JWSHeader = Wire01JWSHeaderSchema;\n\n// Forward-declare purpose validators used in ReceiptClaims\n// Full definitions are below\nconst CanonicalPurposeValues = ['train', 'search', 'user_action', 'inference', 'index'] as const;\nconst PurposeReasonValues = [\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n] as const;\n\nexport const ReceiptClaimsSchema = z\n .object({\n iss: httpsUrl,\n aud: httpsUrl,\n iat: z.number().int().nonnegative(),\n exp: z.number().int().optional(),\n rid: uuidv7,\n amt: z.number().int().nonnegative(),\n cur: iso4217,\n payment: NormalizedPayment,\n subject: Subject.optional(),\n ext: Extensions.optional(),\n // Purpose claims (v0.9.24+)\n // purpose_declared: string[] - preserves unknown tokens for forward-compat\n purpose_declared: z.array(z.string()).optional(),\n // purpose_enforced: CanonicalPurpose - must be one with enforcement semantics\n purpose_enforced: z.enum(CanonicalPurposeValues).optional(),\n // purpose_reason: PurposeReason - audit spine for enforcement decisions\n purpose_reason: z.enum(PurposeReasonValues).optional(),\n })\n .strict();\n\n/**\n * Schema-derived receipt claims type (v0.9.30+)\n *\n * This is the canonical type for receipt claims - derived from the Zod schema.\n * Use this type instead of manually-defined interfaces to ensure type/schema parity.\n */\nexport type ReceiptClaimsType = z.infer<typeof ReceiptClaimsSchema>;\n\n/**\n * @deprecated Use ReceiptClaimsSchema instead. Renamed in v0.9.30.\n */\nexport const ReceiptClaims = ReceiptClaimsSchema;\n\nexport const VerifyRequest = z\n .object({\n receipt_jws: z.string().min(16),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Control Abstraction Layer (CAL) Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Control purpose - what the access is for\n *\n * v0.9.17+: Added ai_input, search for RSL alignment\n * v0.9.18+: Added ai_index (RSL 1.0 canonical token). Removed ai_search.\n * v0.9.24+: Added user_action for agent-on-behalf-of-user scenarios.\n *\n * @see https://rslstandard.org/rsl for RSL 1.0 specification\n */\nexport const ControlPurposeSchema = z.enum([\n 'crawl',\n 'index',\n 'train',\n 'inference',\n 'user_action',\n 'ai_input',\n 'ai_index',\n 'search',\n]);\n\n/**\n * Control licensing mode - how access is licensed\n */\nexport const ControlLicensingModeSchema = z.enum([\n 'subscription',\n 'pay_per_crawl',\n 'pay_per_inference',\n]);\n\n/**\n * Control decision type\n */\nexport const ControlDecisionSchema = z.enum(['allow', 'deny', 'review']);\n\n/**\n * Single control step in governance chain\n */\nexport const ControlStepSchema = z.object({\n engine: z.string().min(1),\n version: z.string().optional(),\n policy_id: z.string().optional(),\n result: ControlDecisionSchema,\n reason: z.string().optional(),\n purpose: ControlPurposeSchema.optional(),\n licensing_mode: ControlLicensingModeSchema.optional(),\n scope: z.union([z.string(), z.array(z.string())]).optional(),\n limits_snapshot: z.unknown().optional(),\n evidence_ref: z.string().optional(),\n});\n\n/**\n * Composable control block - multi-party governance\n */\nexport const ControlBlockSchema = z\n .object({\n chain: z.array(ControlStepSchema).min(1),\n decision: ControlDecisionSchema,\n combinator: z.literal('any_can_veto').optional(),\n })\n .refine(\n (data) => {\n // Validate decision consistency with chain\n const hasAnyDeny = data.chain.some((step) => step.result === 'deny');\n const allAllow = data.chain.every((step) => step.result === 'allow');\n const hasReview = data.chain.some((step) => step.result === 'review');\n\n if (hasAnyDeny && data.decision !== 'deny') {\n return false;\n }\n if (allAllow && data.decision !== 'allow') {\n return false;\n }\n // If has review but no deny, decision can be review or allow\n if (hasReview && !hasAnyDeny && data.decision === 'deny') {\n return false;\n }\n return true;\n },\n {\n message: 'Control block decision must be consistent with chain results',\n }\n );\n\n// -----------------------------------------------------------------------------\n// Purpose Type Validators (v0.9.24+)\n// -----------------------------------------------------------------------------\n\n/**\n * Purpose token validator\n *\n * PurposeToken is a string that matches the purpose grammar:\n * - Lowercase letters, digits, underscores\n * - Optional vendor prefix with colon (e.g., \"cf:ai_crawler\")\n * - Max 64 characters\n *\n * Uses string type (not enum) to preserve unknown tokens for forward-compat.\n */\nexport const PurposeTokenSchema = z\n .string()\n .min(1)\n .max(MAX_PURPOSE_TOKEN_LENGTH)\n .refine((token) => PURPOSE_TOKEN_REGEX.test(token), {\n message:\n 'Invalid purpose token format. Must be lowercase, alphanumeric with underscores, optional vendor prefix.',\n });\n\n/**\n * Canonical purpose validator\n *\n * CanonicalPurpose is one of PEAC's normative purpose tokens.\n * Only these tokens have enforcement semantics.\n */\nexport const CanonicalPurposeSchema = z.enum([\n 'train',\n 'search',\n 'user_action',\n 'inference',\n 'index',\n]);\n\n/**\n * Purpose reason validator\n *\n * PurposeReason is the audit spine explaining enforcement decisions.\n */\nexport const PurposeReasonSchema = z.enum([\n 'allowed',\n 'constrained',\n 'denied',\n 'downgraded',\n 'undeclared_default',\n 'unknown_preserved',\n]);\n\n// -----------------------------------------------------------------------------\n// Payment Evidence Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Payment split schema\n *\n * Invariants:\n * - party is required (non-empty string)\n * - amount if present must be >= 0\n * - share if present must be in [0,1]\n * - At least one of amount or share must be specified\n */\nexport const PaymentSplitSchema = z\n .object({\n party: z.string().min(1),\n amount: z.number().int().nonnegative().optional(),\n currency: iso4217.optional(),\n share: z.number().min(0).max(1).optional(),\n rail: z.string().min(1).optional(),\n account_ref: z.string().min(1).optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict()\n .refine((data) => data.amount !== undefined || data.share !== undefined, {\n message: 'At least one of amount or share must be specified',\n });\n\n/**\n * Payment routing mode schema (rail-agnostic)\n *\n * Describes how the payment is routed between payer, aggregator, and merchant.\n * This is a generic hint - specific rails populate it from their native formats.\n *\n * Values:\n * - \"direct\": Direct payment to merchant (no intermediary)\n * - \"callback\": Routed via callback URL / payment service\n * - \"role\": Role-based routing (e.g., \"publisher\", \"platform\")\n *\n * Examples of producers:\n * - x402 v2 `payTo.mode` -> routing\n * - Stripe Connect `destination` -> routing = 'direct' or 'callback'\n * - UPI `pa` (payee address) -> routing = 'direct'\n */\nexport const PaymentRoutingSchema = z.enum(['direct', 'callback', 'role']);\n\n/**\n * Payment evidence schema\n *\n * Full schema for PaymentEvidence including aggregator/splits support.\n */\nexport const PaymentEvidenceSchema = z\n .object({\n rail: z.string().min(1),\n reference: z.string().min(1),\n amount: z.number().int().nonnegative(),\n currency: iso4217,\n asset: z.string().min(1),\n env: z.enum(['live', 'test']),\n network: z.string().min(1).optional(),\n facilitator_ref: z.string().min(1).optional(),\n evidence: JsonValueSchema,\n aggregator: z.string().min(1).optional(),\n splits: z.array(PaymentSplitSchema).optional(),\n routing: PaymentRoutingSchema.optional(),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Subject Profile Validators (v0.9.16+)\n// -----------------------------------------------------------------------------\n\n/**\n * Subject type schema\n */\nexport const SubjectTypeSchema = z.enum(['human', 'org', 'agent']);\n\n/**\n * Subject profile schema\n *\n * Invariants:\n * - id is required (non-empty string)\n * - type is required (human, org, or agent)\n * - labels if present must be non-empty strings\n */\nexport const SubjectProfileSchema = z\n .object({\n id: z.string().min(1),\n type: SubjectTypeSchema,\n labels: z.array(z.string().min(1)).optional(),\n metadata: JsonObjectSchema.optional(),\n })\n .strict();\n\n/**\n * Subject profile snapshot schema\n *\n * Invariants:\n * - subject is required (valid SubjectProfile)\n * - captured_at is required (non-empty string)\n * MUST be RFC 3339 / ISO 8601 UTC; format not enforced in schema for v0.9.16\n */\nexport const SubjectProfileSnapshotSchema = z\n .object({\n subject: SubjectProfileSchema,\n captured_at: z.string().min(1),\n source: z.string().min(1).optional(),\n version: z.string().min(1).optional(),\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Attestation Validators (v0.9.21+)\n// -----------------------------------------------------------------------------\n\n/**\n * Namespaced extensions schema\n *\n * Keys must be namespaced (e.g., \"com.example/field\", \"io.vendor/data\").\n * This provides a forward-compatible extension mechanism.\n */\nexport const ExtensionsSchema = z.record(\n z.string().regex(/^[a-z0-9_.-]+\\/[a-z0-9_.-]+$/),\n JsonValueSchema\n);\n\n/**\n * Generic attestation schema\n *\n * Invariants:\n * - issuer, type, issued_at, evidence are required\n * - issued_at and expires_at must be RFC 3339 date-time\n * - ref if present must be a valid URI\n */\nexport const AttestationSchema = z\n .object({\n issuer: z.string().min(1),\n type: z.string().min(1),\n issued_at: z.string().datetime(),\n expires_at: z.string().datetime().optional(),\n ref: z.string().url().optional(),\n evidence: JsonValueSchema,\n })\n .strict();\n\n// -----------------------------------------------------------------------------\n// Subject Snapshot Validation Helper (v0.9.17+)\n// -----------------------------------------------------------------------------\n\n// Module-level set for PII warning deduplication\nconst warnedSubjectIds = new Set<string>();\n\n/**\n * Heuristic check if a subject ID looks like PII (email/phone)\n */\nfunction looksLikePII(id: string): boolean {\n // Email pattern\n if (/^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$/.test(id)) {\n return true;\n }\n // Phone pattern (starts with + followed by digits)\n if (/^\\+?\\d{10,15}$/.test(id.replace(/[\\s\\-()]/g, ''))) {\n return true;\n }\n return false;\n}\n\n/**\n * Validate a subject snapshot (if present)\n *\n * - Returns validated snapshot or null if absent\n * - Throws ZodError for malformed data\n * - Logs advisory warning if id looks like PII (deduplicated)\n */\nexport function validateSubjectSnapshot(\n snapshot: unknown\n): z.infer<typeof SubjectProfileSnapshotSchema> | null {\n if (snapshot === undefined || snapshot === null) {\n return null;\n }\n\n // Validate against schema (throws on malformed data)\n const validated = SubjectProfileSnapshotSchema.parse(snapshot);\n\n // Advisory PII warning (deduplicated)\n const subjectId = validated.subject.id;\n if (looksLikePII(subjectId) && !warnedSubjectIds.has(subjectId)) {\n warnedSubjectIds.add(subjectId);\n console.warn(\n `[peac:subject] Advisory: subject.id \"${subjectId}\" looks like PII. ` +\n 'Prefer opaque identifiers (e.g., \"user:abc123\").'\n );\n }\n\n return validated;\n}\n\n// -----------------------------------------------------------------------------\n// Evidence Validation (v0.9.21+)\n// -----------------------------------------------------------------------------\n\n/**\n * Result type for evidence validation\n */\nexport type EvidenceValidationResult =\n | { ok: true; value: unknown }\n | { ok: false; error: PEACError };\n\n/**\n * Validate payment evidence for JSON safety\n *\n * Uses iterative validation (no recursion) to prevent stack overflow on\n * deeply nested structures. Enforces limits on depth, array length,\n * object keys, and string length.\n *\n * @param evidence - Evidence value to validate\n * @param limits - Optional limits (internal, not part of public API)\n * @returns Result indicating success with validated value, or failure with PEACError\n *\n * @example\n * ```ts\n * const result = validateEvidence({ txId: '123', amount: 100 });\n * if (!result.ok) {\n * console.error(result.error.code, result.error.remediation);\n * }\n * ```\n */\nexport function validateEvidence(\n evidence: unknown,\n limits?: JsonEvidenceLimits\n): EvidenceValidationResult {\n const result = assertJsonSafeIterative(evidence, limits);\n\n if (!result.ok) {\n return {\n ok: false,\n error: createEvidenceNotJsonError(result.error, result.path),\n };\n }\n\n return { ok: true, value: evidence };\n}\n","/**\n * ActorBinding and MVIS (Minimum Viable Identity Set) Schemas (v0.11.3+)\n *\n * Implements (ActorBinding) (Multi-Root Proof Types),\n * and (MVIS) for the Agent Identity Profile.\n *\n * ActorBinding lives in ext[\"org.peacprotocol/actor_binding\"] in Wire 0.1.\n * ProofTypeSchema is SEPARATE from ProofMethodSchema (agent-identity.ts)\n * to avoid breaking the v0.9.25+ API. Unification deferred to v0.12.0.\n *\n * @see docs/specs/AGENT-IDENTITY-PROFILE.md for normative specification\n */\nimport { z } from 'zod';\n\n// =============================================================================\n// PROOF TYPES (Multi-Root Proof Types)\n// =============================================================================\n\n/**\n * Proof types for ActorBinding.\n *\n * 8 methods covering attestation chains, RATS, keyless signing,\n * decentralized identity, workload identity, PKI, and vendor-defined.\n *\n * SEPARATE from ProofMethodSchema (4 transport-level methods in agent-identity.ts).\n * ProofMethodSchema covers how proof is transported (HTTP sig, DPoP, mTLS, JWK thumbprint).\n * ProofTypeSchema covers the trust root model used to establish identity.\n *\n * The 'custom' type: implementers MUST document their proof semantics externally.\n * proof_ref SHOULD use a reverse-DNS namespace (e.g., 'com.example.vendor/proof-type-v1').\n */\nexport const PROOF_TYPES = [\n 'ed25519-cert-chain',\n 'eat-passport',\n 'eat-background-check',\n 'sigstore-oidc',\n 'did',\n 'spiffe',\n 'x509-pki',\n 'custom',\n] as const;\n\nexport const ProofTypeSchema = z.enum(PROOF_TYPES);\nexport type ProofType = z.infer<typeof ProofTypeSchema>;\n\n// =============================================================================\n// ORIGIN VALIDATION\n// =============================================================================\n\n/**\n * Validate that a string is an origin-only URL (scheme + host + optional port).\n * Rejects URLs with path (other than '/'), query, or fragment components.\n * This prevents correlation leakage and ambiguity in ActorBinding.\n *\n * Valid: \"https://example.com\", \"https://example.com:8443\"\n * Invalid: \"https://example.com/api/v1\", \"https://example.com?q=1\", \"https://example.com#frag\"\n */\nexport function isOriginOnly(value: string): boolean {\n try {\n const url = new URL(value);\n // Must be http or https\n if (url.protocol !== 'https:' && url.protocol !== 'http:') {\n return false;\n }\n // pathname must be exactly '/' (the implicit root)\n if (url.pathname !== '/') {\n return false;\n }\n // No search params\n if (url.search !== '') {\n return false;\n }\n // No fragment: url.hash is '' for both no-fragment and bare '#',\n // so also check the raw string for a trailing '#'\n if (url.hash !== '' || value.includes('#')) {\n return false;\n }\n // Reject userinfo (credentials in origins are a security risk)\n if (url.username !== '' || url.password !== '') {\n return false;\n }\n // Reject trailing dot in hostname (FQDN notation leaks DNS internals)\n if (url.hostname.endsWith('.')) {\n return false;\n }\n // URL API may normalize trailing dots; also check raw input\n const hostPart = value.replace(/^https?:\\/\\//, '').split(/[/:]/)[0];\n if (hostPart.endsWith('.')) {\n return false;\n }\n // Reject IPv6 zone identifiers (link-local, not valid origins)\n if (url.hostname.includes('%')) {\n return false;\n }\n return true;\n } catch {\n return false;\n }\n}\n\n// =============================================================================\n// ACTOR BINDING\n// =============================================================================\n\n/**\n * Extension key for ActorBinding in Wire 0.1 ext[].\n */\nexport const ACTOR_BINDING_EXTENSION_KEY = 'org.peacprotocol/actor_binding' as const;\n\n/**\n * ActorBinding schema.\n *\n * Binds an actor identity to a receipt via ext[\"org.peacprotocol/actor_binding\"].\n * Wire 0.2 moves this to a kernel field.\n *\n * - id: Stable actor identifier (opaque, no PII)\n * - proof_type: Trust root model from vocabulary\n * - proof_ref: Optional URI or hash of external proof artifact\n * - origin: Origin-only URL (scheme + host + optional port; no path/query/fragment)\n * - intent_hash: Optional SHA-256 hash of the intent (hash-first per )\n */\nexport const ActorBindingSchema = z\n .object({\n /** Stable actor identifier (opaque, no PII) */\n id: z.string().min(1).max(256),\n\n /** Proof type from multi-root vocabulary */\n proof_type: ProofTypeSchema,\n\n /** URI or hash of external proof artifact */\n proof_ref: z.string().max(2048).optional(),\n\n /** Origin-only URL: scheme + host + optional port; NO path, query, or fragment */\n origin: z.string().max(2048).refine(isOriginOnly, {\n message:\n 'origin must be an origin-only URL (scheme + host + optional port; no path, query, or fragment)',\n }),\n\n /** SHA-256 hash of the intent (hash-first per ) */\n intent_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, {\n message: 'intent_hash must match sha256:<64 hex chars>',\n })\n .optional(),\n })\n .strict();\n\nexport type ActorBinding = z.infer<typeof ActorBindingSchema>;\n\n// =============================================================================\n// MVIS: Minimum Viable Identity Set\n// =============================================================================\n\n/**\n * MVIS (Minimum Viable Identity Set) fields.\n *\n * 5 required fields for any identity receipt to be considered complete.\n * validateMVIS() is a pure validation function with zero I/O.\n *\n * Fields:\n * - issuer: Who issued the identity assertion\n * - subject: Who the identity is about (opaque identifier)\n * - key_binding: Cryptographic binding to a key (kid or thumbprint)\n * - time_bounds: Validity period with not_before and not_after\n * - replay_protection: Unique token ID (jti) and optional nonce\n */\nexport const MVISTimeBoundsSchema = z\n .object({\n /** Earliest valid time (RFC 3339) */\n not_before: z.string().datetime(),\n /** Latest valid time (RFC 3339) */\n not_after: z.string().datetime(),\n })\n .strict();\n\nexport type MVISTimeBounds = z.infer<typeof MVISTimeBoundsSchema>;\n\nexport const MVISReplayProtectionSchema = z\n .object({\n /** Unique token identifier (jti from JWT or equivalent) */\n jti: z.string().min(1).max(256),\n /** Optional nonce for additional replay protection */\n nonce: z.string().max(256).optional(),\n })\n .strict();\n\nexport type MVISReplayProtection = z.infer<typeof MVISReplayProtectionSchema>;\n\nexport const MVISFieldsSchema = z\n .object({\n /** Who issued the identity assertion */\n issuer: z.string().min(1).max(2048),\n\n /** Who the identity is about (opaque identifier, no PII) */\n subject: z.string().min(1).max(256),\n\n /** Cryptographic binding: kid or JWK thumbprint */\n key_binding: z.string().min(1).max(256),\n\n /** Validity period */\n time_bounds: MVISTimeBoundsSchema,\n\n /** Replay protection */\n replay_protection: MVISReplayProtectionSchema,\n })\n .strict();\n\nexport type MVISFields = z.infer<typeof MVISFieldsSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS\n// =============================================================================\n\n/**\n * Validate an ActorBinding object.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated ActorBinding or error message\n */\nexport function validateActorBinding(\n data: unknown\n): { ok: true; value: ActorBinding } | { ok: false; error: string } {\n const result = ActorBindingSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate MVIS fields.\n *\n * Pure validation function with zero I/O.\n * Checks that all 5 required fields are present and valid.\n * Also validates that time_bounds.not_before < time_bounds.not_after.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated MVIS fields or error message\n */\nexport function validateMVIS(\n data: unknown\n): { ok: true; value: MVISFields } | { ok: false; error: string } {\n const result = MVISFieldsSchema.safeParse(data);\n if (!result.success) {\n return { ok: false, error: result.error.message };\n }\n\n // Semantic check: not_before must be before not_after\n const notBefore = new Date(result.data.time_bounds.not_before).getTime();\n const notAfter = new Date(result.data.time_bounds.not_after).getTime();\n if (notBefore >= notAfter) {\n return { ok: false, error: 'not_before must be before not_after' };\n }\n\n // Reject absurd durations (>100 years)\n const MAX_DURATION_MS = 100 * 365.25 * 24 * 60 * 60 * 1000;\n if (notAfter - notBefore > MAX_DURATION_MS) {\n return { ok: false, error: 'time_bounds duration must not exceed 100 years' };\n }\n\n return { ok: true, value: result.data };\n}\n","/**\n * Credential Event Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records credential lifecycle events in ext[\"org.peacprotocol/credential_event\"].\n * Events: issued, leased, rotated, revoked, expired.\n *\n * credential_ref is an opaque fingerprint reference: schema validates\n * format only (prefix + hex). Issuers compute values externally; verifiers\n * MUST NOT assume they can recompute the reference.\n */\nimport { z } from 'zod';\n\nexport const CREDENTIAL_EVENT_EXTENSION_KEY = 'org.peacprotocol/credential_event' as const;\n\n/**\n * Credential lifecycle events\n */\nexport const CREDENTIAL_EVENTS = ['issued', 'leased', 'rotated', 'revoked', 'expired'] as const;\n\nexport const CredentialEventTypeSchema = z.enum(CREDENTIAL_EVENTS);\nexport type CredentialEventType = z.infer<typeof CredentialEventTypeSchema>;\n\n/**\n * Opaque fingerprint reference format.\n * Validates prefix (sha256: or hmac-sha256:) + 64 hex chars.\n * Schema does NOT compute or derive this value.\n */\nconst FINGERPRINT_REF_PATTERN = /^(sha256|hmac-sha256):[a-f0-9]{64}$/;\n\nexport const CredentialRefSchema = z.string().max(256).regex(FINGERPRINT_REF_PATTERN, {\n message:\n 'credential_ref must be an opaque fingerprint reference: (sha256|hmac-sha256):<64 hex chars>',\n});\n\n/**\n * Credential Event extension schema\n */\nexport const CredentialEventSchema = z\n .object({\n /** Lifecycle event type */\n event: CredentialEventTypeSchema,\n\n /** Opaque fingerprint reference of the credential (format validation only) */\n credential_ref: CredentialRefSchema,\n\n /** Authority that performed the action (HTTPS URL) */\n authority: z\n .string()\n .url()\n .max(2048)\n .refine((v) => v.startsWith('https://'), {\n message: 'authority must be an HTTPS URL',\n }),\n\n /** When the credential expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** Previous credential reference for rotation chains (optional) */\n previous_ref: CredentialRefSchema.optional(),\n })\n .strict();\n\nexport type CredentialEvent = z.infer<typeof CredentialEventSchema>;\n\n/**\n * Validate a CredentialEvent object.\n */\nexport function validateCredentialEvent(\n data: unknown\n): { ok: true; value: CredentialEvent } | { ok: false; error: string } {\n const result = CredentialEventSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Tool Registry Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records tool registration and capability declarations in\n * ext[\"org.peacprotocol/tool_registry\"].\n *\n * Security: registry_uri validated against URL scheme allowlist\n * (HTTPS + URN only; no file:// or data:// for SSRF prevention).\n */\nimport { z } from 'zod';\n\nexport const TOOL_REGISTRY_EXTENSION_KEY = 'org.peacprotocol/tool_registry' as const;\n\n/**\n * URL scheme allowlist for registry_uri: HTTPS and URN only.\n * Prevents SSRF via file://, data://, or other local schemes.\n */\nfunction isAllowedRegistryUri(value: string): boolean {\n if (value.startsWith('urn:')) {\n return true;\n }\n try {\n const url = new URL(value);\n return url.protocol === 'https:';\n } catch {\n return false;\n }\n}\n\n/**\n * Tool Registry extension schema\n */\nexport const ToolRegistrySchema = z\n .object({\n /** Tool identifier */\n tool_id: z.string().min(1).max(256),\n\n /** Registry URI (HTTPS or URN only; no file:// or data:// for SSRF prevention) */\n registry_uri: z.string().max(2048).refine(isAllowedRegistryUri, {\n message: 'registry_uri must be an HTTPS URL or URN (file:// and data:// are prohibited)',\n }),\n\n /** Tool version (optional, semver-like) */\n version: z.string().max(64).optional(),\n\n /** Tool capabilities (optional) */\n capabilities: z.array(z.string().max(64)).max(32).optional(),\n })\n .strict();\n\nexport type ToolRegistry = z.infer<typeof ToolRegistrySchema>;\n\n/**\n * Validate a ToolRegistry object.\n */\nexport function validateToolRegistry(\n data: unknown\n): { ok: true; value: ToolRegistry } | { ok: false; error: string } {\n const result = ToolRegistrySchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Control Action Extension Schema (v0.11.3+ ZT Pack)\n *\n * Records access control decisions in ext[\"org.peacprotocol/control_action\"].\n * Actions: grant, deny, escalate, delegate, audit.\n * Triggers: policy_evaluation, manual_review, anomaly_detection, scheduled, event_driven.\n */\nimport { z } from 'zod';\n\nexport const CONTROL_ACTION_EXTENSION_KEY = 'org.peacprotocol/control_action' as const;\n\n/**\n * Control action types\n */\nexport const CONTROL_ACTIONS = ['grant', 'deny', 'escalate', 'delegate', 'audit'] as const;\n\nexport const ControlActionTypeSchema = z.enum(CONTROL_ACTIONS);\nexport type ControlActionType = z.infer<typeof ControlActionTypeSchema>;\n\n/**\n * Control action triggers\n */\nexport const CONTROL_TRIGGERS = [\n 'policy_evaluation',\n 'manual_review',\n 'anomaly_detection',\n 'scheduled',\n 'event_driven',\n] as const;\n\nexport const ControlTriggerSchema = z.enum(CONTROL_TRIGGERS);\nexport type ControlTrigger = z.infer<typeof ControlTriggerSchema>;\n\n/**\n * Control Action extension schema\n */\nexport const ControlActionSchema = z\n .object({\n /** Action taken */\n action: ControlActionTypeSchema,\n\n /** What triggered the action */\n trigger: ControlTriggerSchema,\n\n /** Resource or scope the action applies to (optional) */\n resource: z.string().max(2048).optional(),\n\n /** Reason for the action (optional, human-readable) */\n reason: z.string().max(1024).optional(),\n\n /** Policy identifier that was evaluated (optional) */\n policy_ref: z.string().max(2048).optional(),\n\n /** When the action was taken (RFC 3339, optional; defaults to receipt iat) */\n action_at: z.string().datetime().optional(),\n })\n .strict();\n\nexport type ControlAction = z.infer<typeof ControlActionSchema>;\n\n/**\n * Validate a ControlAction object.\n */\nexport function validateControlAction(\n data: unknown\n): { ok: true; value: ControlAction } | { ok: false; error: string } {\n const result = ControlActionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n","/**\n * Treaty Extension Schema (v0.11.3+)\n *\n * Records agreement commitment levels in ext[\"org.peacprotocol/treaty\"].\n * 4-level commitment_class vocabulary: informational, operational, financial, legal.\n *\n * Governance: commitment_class is a CLOSED vocabulary. Adding new levels requires\n * a registry update in registries.json and a minor version bump.\n *\n * Terms pairing: when terms_hash is provided alongside terms_ref, the hash\n * SHOULD correspond to the content at terms_ref. Future enforcement may\n * verify this binding at verification time.\n */\nimport { z } from 'zod';\n\nexport const TREATY_EXTENSION_KEY = 'org.peacprotocol/treaty' as const;\n\n/**\n * Commitment class vocabulary.\n * Ascending levels of binding commitment.\n */\nexport const COMMITMENT_CLASSES = ['informational', 'operational', 'financial', 'legal'] as const;\n\nexport const CommitmentClassSchema = z.enum(COMMITMENT_CLASSES);\nexport type CommitmentClass = z.infer<typeof CommitmentClassSchema>;\n\n/**\n * Treaty extension schema\n */\nexport const TreatySchema = z\n .object({\n /** Commitment level */\n commitment_class: CommitmentClassSchema,\n\n /** URL to full terms document (optional) */\n terms_ref: z.string().url().max(2048).optional(),\n\n /** SHA-256 hash of terms document for integrity verification (optional) */\n terms_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, {\n message: 'terms_hash must match sha256:<64 hex chars>',\n })\n .optional(),\n\n /** Counterparty identifier (optional) */\n counterparty: z.string().max(256).optional(),\n\n /** When the treaty becomes effective (RFC 3339, optional) */\n effective_at: z.string().datetime().optional(),\n\n /** When the treaty expires (RFC 3339, optional) */\n expires_at: z.string().datetime().optional(),\n })\n .strict();\n\nexport type Treaty = z.infer<typeof TreatySchema>;\n\n/**\n * Validate a Treaty object.\n */\nexport function validateTreaty(\n data: unknown\n): { ok: true; value: Treaty } | { ok: false; error: string } {\n const result = TreatySchema.safeParse(data);\n if (!result.success) {\n return { ok: false, error: result.error.message };\n }\n\n // Semantic check: effective_at must be before or equal to expires_at\n if (result.data.effective_at && result.data.expires_at) {\n const effectiveMs = new Date(result.data.effective_at).getTime();\n const expiresMs = new Date(result.data.expires_at).getTime();\n if (effectiveMs > expiresMs) {\n return { ok: false, error: 'effective_at must not be after expires_at' };\n }\n }\n\n return { ok: true, value: result.data };\n}\n","/**\n * Fingerprint Reference Conversion Functions (v0.11.3+)\n *\n * Pure string manipulation functions for converting between Wire 0.1\n * string form (\"alg:hex64\") and Wire 0.2 object form ({ alg, value, key_id? }).\n *\n * These are opaque references. The schema validates format only.\n * Issuers compute values externally; verifiers MUST NOT assume\n * they can recompute the reference.\n *\n * Lives in Layer 1 (@peac/schema) because it is pure string manipulation,\n * not cryptographic computation. Zero dependencies, zero I/O.\n */\n\n/**\n * Wire 0.2 object form of a fingerprint reference\n */\nexport interface FingerprintRefObject {\n /** Hash algorithm: 'sha256' or 'hmac-sha256' */\n alg: string;\n /** Base64url-encoded value */\n value: string;\n /** Optional key identifier (for hmac-sha256 references) */\n key_id?: string;\n}\n\n/**\n * Convert hex string to base64url encoding.\n * Pure function, no dependencies.\n */\nfunction hexToBase64url(hex: string): string {\n const bytes = new Uint8Array(hex.length / 2);\n for (let i = 0; i < hex.length; i += 2) {\n bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);\n }\n // Use Buffer in Node, or manual encoding\n let base64: string;\n if (typeof Buffer !== 'undefined') {\n base64 = Buffer.from(bytes).toString('base64');\n } else {\n // Fallback for non-Node environments\n base64 = btoa(String.fromCharCode(...bytes));\n }\n // base64 -> base64url\n return base64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n/**\n * Convert base64url string to hex encoding.\n * Pure function, no dependencies.\n */\nfunction base64urlToHex(b64url: string): string {\n // base64url -> base64\n let base64 = b64url.replace(/-/g, '+').replace(/_/g, '/');\n // Add padding\n while (base64.length % 4 !== 0) {\n base64 += '=';\n }\n let bytes: Uint8Array;\n if (typeof Buffer !== 'undefined') {\n bytes = Buffer.from(base64, 'base64');\n } else {\n const binary = atob(base64);\n bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n }\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n}\n\n/**\n * Supported algorithm prefixes\n */\nconst VALID_ALGS = ['sha256', 'hmac-sha256'] as const;\nconst STRING_FORM_PATTERN = /^(sha256|hmac-sha256):([a-f0-9]{64})$/;\n\n/**\n * Maximum length for fingerprint reference string form.\n * \"hmac-sha256:\" (12) + 64 hex chars = 76 chars max.\n */\nexport const MAX_FINGERPRINT_REF_LENGTH = 76;\n\n/**\n * Strict base64url character set (RFC 4648 section 5).\n * Only A-Z, a-z, 0-9, '-', '_'. No padding ('='), no whitespace.\n */\nconst BASE64URL_PATTERN = /^[A-Za-z0-9_-]+$/;\n\n/**\n * Parse a Wire 0.1 string form fingerprint reference (\"alg:hex64\")\n * into a Wire 0.2 object form ({ alg, value }).\n *\n * The hex value is converted to base64url for the object form.\n *\n * @param s - String form: \"sha256:<64 hex chars>\" or \"hmac-sha256:<64 hex chars>\"\n * @returns Object form with base64url value, or null if invalid\n */\nexport function stringToFingerprintRef(s: string): FingerprintRefObject | null {\n if (s.length > MAX_FINGERPRINT_REF_LENGTH) {\n return null;\n }\n const match = STRING_FORM_PATTERN.exec(s);\n if (!match) {\n return null;\n }\n const alg = match[1];\n const hex = match[2];\n return {\n alg,\n value: hexToBase64url(hex),\n };\n}\n\n/**\n * Convert a Wire 0.2 object form fingerprint reference back to\n * the Wire 0.1 string form (\"alg:hex64\").\n *\n * The base64url value is converted back to hex for the string form.\n *\n * @param obj - Object form with alg and base64url value\n * @returns String form \"alg:<64 hex chars>\", or null if invalid\n */\nexport function fingerprintRefToString(obj: FingerprintRefObject): string | null {\n if (!VALID_ALGS.includes(obj.alg as (typeof VALID_ALGS)[number])) {\n return null;\n }\n // Strict base64url validation (RFC 4648 section 5): no padding, no whitespace\n if (!BASE64URL_PATTERN.test(obj.value)) {\n return null;\n }\n try {\n const hex = base64urlToHex(obj.value);\n if (hex.length !== 64) {\n return null;\n }\n return `${obj.alg}:${hex}`;\n } catch {\n return null;\n }\n}\n","/**\n * Dispute Attestation Types and Validators (v0.9.27+)\n *\n * Provides formal mechanism for contesting PEAC receipts, attributions,\n * and identity claims with lifecycle state management.\n *\n * @see docs/specs/DISPUTE.md for normative specification\n */\nimport { z } from 'zod';\nimport { ContentHashSchema, type ContentHash } from './attribution';\n\n// =============================================================================\n// DISPUTE LIMITS (v0.9.27+)\n// =============================================================================\n\n/**\n * Dispute limits for DoS protection and validation.\n *\n * These are implementation safety limits, not protocol constraints.\n */\nexport const DISPUTE_LIMITS = {\n /** Maximum grounds per dispute */\n maxGrounds: 10,\n /** Maximum supporting receipts */\n maxSupportingReceipts: 50,\n /** Maximum supporting attributions */\n maxSupportingAttributions: 50,\n /** Maximum supporting documents */\n maxSupportingDocuments: 20,\n /** Maximum description length in chars */\n maxDescriptionLength: 4000,\n /** Maximum details length per ground in chars */\n maxGroundDetailsLength: 1000,\n /** Maximum rationale length in chars */\n maxRationaleLength: 4000,\n /** Maximum remediation details length in chars */\n maxRemediationDetailsLength: 4000,\n /** Minimum description for 'other' dispute type */\n minOtherDescriptionLength: 50,\n} as const;\n\n// =============================================================================\n// ULID VALIDATION (v0.9.27+)\n// =============================================================================\n\n/**\n * ULID format regex: 26 characters, Crockford Base32, UPPERCASE ONLY.\n *\n * ULIDs are time-ordered, globally unique identifiers that are URL-safe.\n * Format: 10 characters timestamp + 16 characters randomness\n *\n * CASE SENSITIVITY DECISION (v0.9.27):\n * While the ULID spec allows case-insensitive decoding (lowercase is valid),\n * PEAC enforces UPPERCASE as the canonical form for dispute IDs. This ensures:\n * 1. Consistent string comparison without normalization\n * 2. Predictable indexing and lookup in storage systems\n * 3. Deterministic hash computation for audit trails\n *\n * Implementations generating ULIDs MUST use uppercase encoding.\n * Implementations receiving ULIDs MAY normalize to uppercase before validation\n * if interoperating with systems that produce lowercase, but SHOULD warn.\n *\n * @see https://github.com/ulid/spec\n */\nconst ULID_REGEX = /^[0-9A-HJKMNP-TV-Z]{26}$/;\n\n/**\n * Dispute ID schema using ULID format.\n *\n * @example \"01ARZ3NDEKTSV4RRFFQ69G5FAV\"\n */\nexport const DisputeIdSchema = z.string().regex(ULID_REGEX, 'Invalid ULID format');\nexport type DisputeId = z.infer<typeof DisputeIdSchema>;\n\n// =============================================================================\n// DISPUTE TYPES (v0.9.27+)\n// =============================================================================\n\n/**\n * Type of dispute being filed.\n *\n * - 'unauthorized_access': Content accessed without valid receipt\n * - 'attribution_missing': Used content without attribution\n * - 'attribution_incorrect': Attribution exists but is wrong\n * - 'receipt_invalid': Receipt was fraudulently issued\n * - 'identity_spoofed': Agent identity was impersonated\n * - 'purpose_mismatch': Declared purpose doesn't match actual use\n * - 'policy_violation': Terms/policy violated despite receipt\n * - 'other': Catch-all (requires description >= 50 chars)\n */\nexport const DisputeTypeSchema = z.enum([\n 'unauthorized_access',\n 'attribution_missing',\n 'attribution_incorrect',\n 'receipt_invalid',\n 'identity_spoofed',\n 'purpose_mismatch',\n 'policy_violation',\n 'other',\n]);\nexport type DisputeType = z.infer<typeof DisputeTypeSchema>;\n\n/**\n * Array of valid dispute types for runtime checks.\n */\nexport const DISPUTE_TYPES = [\n 'unauthorized_access',\n 'attribution_missing',\n 'attribution_incorrect',\n 'receipt_invalid',\n 'identity_spoofed',\n 'purpose_mismatch',\n 'policy_violation',\n 'other',\n] as const;\n\n// =============================================================================\n// DISPUTE TARGET TYPES (v0.9.27+)\n// =============================================================================\n\n/**\n * Type of entity being disputed.\n *\n * - 'receipt': A PEAC receipt\n * - 'attribution': An attribution attestation\n * - 'identity': An agent identity attestation\n * - 'policy': A policy decision or enforcement\n */\nexport const DisputeTargetTypeSchema = z.enum(['receipt', 'attribution', 'identity', 'policy']);\nexport type DisputeTargetType = z.infer<typeof DisputeTargetTypeSchema>;\n\n/**\n * Array of valid target types for runtime checks.\n */\nexport const DISPUTE_TARGET_TYPES = ['receipt', 'attribution', 'identity', 'policy'] as const;\n\n// =============================================================================\n// DISPUTE GROUNDS (v0.9.27+)\n// =============================================================================\n\n/**\n * Specific grounds for the dispute.\n *\n * Evidence-based:\n * - 'missing_receipt': No receipt exists for access\n * - 'expired_receipt': Receipt was expired at time of use\n * - 'forged_receipt': Receipt signature invalid or tampered\n * - 'receipt_not_applicable': Receipt doesn't cover the resource\n *\n * Attribution-based:\n * - 'content_not_used': Content was not actually used\n * - 'source_misidentified': Wrong source attributed\n * - 'usage_type_wrong': RAG claimed but was training, etc.\n * - 'weight_inaccurate': Attribution weight is incorrect\n *\n * Identity-based:\n * - 'agent_impersonation': Agent ID was spoofed\n * - 'key_compromise': Signing key was compromised\n * - 'delegation_invalid': Delegation chain is broken\n *\n * Policy-based:\n * - 'purpose_exceeded': Used beyond declared purpose\n * - 'terms_violated': Specific terms were violated\n * - 'rate_limit_exceeded': Exceeded rate limits\n */\nexport const DisputeGroundsCodeSchema = z.enum([\n // Evidence-based\n 'missing_receipt',\n 'expired_receipt',\n 'forged_receipt',\n 'receipt_not_applicable',\n // Attribution-based\n 'content_not_used',\n 'source_misidentified',\n 'usage_type_wrong',\n 'weight_inaccurate',\n // Identity-based\n 'agent_impersonation',\n 'key_compromise',\n 'delegation_invalid',\n // Policy-based\n 'purpose_exceeded',\n 'terms_violated',\n 'rate_limit_exceeded',\n]);\nexport type DisputeGroundsCode = z.infer<typeof DisputeGroundsCodeSchema>;\n\n/**\n * Array of valid grounds codes for runtime checks.\n */\nexport const DISPUTE_GROUNDS_CODES = [\n 'missing_receipt',\n 'expired_receipt',\n 'forged_receipt',\n 'receipt_not_applicable',\n 'content_not_used',\n 'source_misidentified',\n 'usage_type_wrong',\n 'weight_inaccurate',\n 'agent_impersonation',\n 'key_compromise',\n 'delegation_invalid',\n 'purpose_exceeded',\n 'terms_violated',\n 'rate_limit_exceeded',\n] as const;\n\n/**\n * Individual dispute ground with supporting evidence reference.\n */\nexport const DisputeGroundsSchema = z\n .object({\n /** Specific code for this ground (REQUIRED) */\n code: DisputeGroundsCodeSchema,\n /** Reference to supporting evidence (OPTIONAL) */\n evidence_ref: z.string().max(2048).optional(),\n /** Additional context for this ground (OPTIONAL) */\n details: z.string().max(DISPUTE_LIMITS.maxGroundDetailsLength).optional(),\n })\n .strict();\nexport type DisputeGrounds = z.infer<typeof DisputeGroundsSchema>;\n\n// =============================================================================\n// DISPUTE LIFECYCLE STATES (v0.9.27+)\n// =============================================================================\n\n/**\n * Dispute lifecycle states.\n *\n * State flow:\n * ```\n * FILED -> ACKNOWLEDGED -> UNDER_REVIEW -> RESOLVED\n * | | |\n * +-> REJECTED +-> ESCALATED +-> APPEALED\n * |\n * +-> FINAL\n * ```\n *\n * Terminal states (REQUIRE resolution): resolved, rejected, final\n * Non-terminal states: filed, acknowledged, under_review, escalated, appealed\n */\nexport const DisputeStateSchema = z.enum([\n 'filed',\n 'acknowledged',\n 'under_review',\n 'escalated',\n 'resolved',\n 'rejected',\n 'appealed',\n 'final',\n]);\nexport type DisputeState = z.infer<typeof DisputeStateSchema>;\n\n/**\n * Array of valid dispute states for runtime checks.\n */\nexport const DISPUTE_STATES = [\n 'filed',\n 'acknowledged',\n 'under_review',\n 'escalated',\n 'resolved',\n 'rejected',\n 'appealed',\n 'final',\n] as const;\n\n/**\n * Terminal states that REQUIRE a resolution field.\n */\nexport const TERMINAL_STATES: readonly DisputeState[] = ['resolved', 'rejected', 'final'] as const;\n\n/**\n * Canonical state transition table for dispute lifecycle.\n *\n * This is the SINGLE SOURCE OF TRUTH for valid transitions.\n * Do not duplicate elsewhere - reference this constant.\n */\nexport const DISPUTE_TRANSITIONS: Record<DisputeState, readonly DisputeState[]> = {\n filed: ['acknowledged', 'rejected'],\n acknowledged: ['under_review', 'rejected'],\n under_review: ['resolved', 'escalated'],\n escalated: ['resolved'],\n resolved: ['appealed', 'final'],\n rejected: ['appealed', 'final'],\n appealed: ['under_review', 'final'],\n final: [], // Terminal - no transitions out\n} as const;\n\n/**\n * Check if a state transition is valid.\n *\n * @param current - Current dispute state\n * @param next - Proposed next state\n * @returns True if the transition is valid\n */\nexport function canTransitionTo(current: DisputeState, next: DisputeState): boolean {\n return DISPUTE_TRANSITIONS[current].includes(next);\n}\n\n/**\n * Check if a state is terminal (requires resolution).\n *\n * @param state - Dispute state to check\n * @returns True if the state is terminal\n */\nexport function isTerminalState(state: DisputeState): boolean {\n return TERMINAL_STATES.includes(state);\n}\n\n/**\n * Get valid next states from current state.\n *\n * @param current - Current dispute state\n * @returns Array of valid next states\n */\nexport function getValidTransitions(current: DisputeState): readonly DisputeState[] {\n return DISPUTE_TRANSITIONS[current];\n}\n\n// =============================================================================\n// DISPUTE OUTCOME AND RESOLUTION (v0.9.27+)\n// =============================================================================\n\n/**\n * Outcome of a resolved dispute.\n *\n * - 'upheld': Dispute was valid, in favor of filer\n * - 'dismissed': Dispute invalid or without merit\n * - 'partially_upheld': Some grounds upheld, others dismissed\n * - 'settled': Parties reached agreement\n */\nexport const DisputeOutcomeSchema = z.enum(['upheld', 'dismissed', 'partially_upheld', 'settled']);\nexport type DisputeOutcome = z.infer<typeof DisputeOutcomeSchema>;\n\n/**\n * Array of valid outcomes for runtime checks.\n */\nexport const DISPUTE_OUTCOMES = ['upheld', 'dismissed', 'partially_upheld', 'settled'] as const;\n\n/**\n * Type of remediation action taken.\n *\n * - 'attribution_corrected': Attribution was fixed\n * - 'receipt_revoked': Receipt was revoked\n * - 'access_restored': Access was restored\n * - 'compensation': Financial compensation provided\n * - 'policy_updated': Policy was updated\n * - 'no_action': No action required\n * - 'other': Other remediation\n */\nexport const RemediationTypeSchema = z.enum([\n 'attribution_corrected',\n 'receipt_revoked',\n 'access_restored',\n 'compensation',\n 'policy_updated',\n 'no_action',\n 'other',\n]);\nexport type RemediationType = z.infer<typeof RemediationTypeSchema>;\n\n/**\n * Array of valid remediation types for runtime checks.\n */\nexport const REMEDIATION_TYPES = [\n 'attribution_corrected',\n 'receipt_revoked',\n 'access_restored',\n 'compensation',\n 'policy_updated',\n 'no_action',\n 'other',\n] as const;\n\n/**\n * Remediation action taken to address the dispute.\n */\nexport const RemediationSchema = z\n .object({\n /** Type of remediation (REQUIRED) */\n type: RemediationTypeSchema,\n /** Details of the remediation action (REQUIRED) */\n details: z.string().min(1).max(DISPUTE_LIMITS.maxRemediationDetailsLength),\n /** Deadline for completing remediation (OPTIONAL) */\n deadline: z.string().datetime().optional(),\n })\n .strict();\nexport type Remediation = z.infer<typeof RemediationSchema>;\n\n/**\n * Resolution of a dispute.\n *\n * Required for terminal states (resolved, rejected, final).\n */\nexport const DisputeResolutionSchema = z\n .object({\n /** Outcome of the dispute (REQUIRED) */\n outcome: DisputeOutcomeSchema,\n /** When the decision was made (REQUIRED) */\n decided_at: z.string().datetime(),\n /** Who made the decision (REQUIRED) */\n decided_by: z.string().min(1).max(2048),\n /** Explanation of the decision (REQUIRED) */\n rationale: z.string().min(1).max(DISPUTE_LIMITS.maxRationaleLength),\n /** Remediation action if applicable (OPTIONAL) */\n remediation: RemediationSchema.optional(),\n })\n .strict();\nexport type DisputeResolution = z.infer<typeof DisputeResolutionSchema>;\n\n// =============================================================================\n// DISPUTE CONTACT (v0.9.27+)\n// =============================================================================\n\n/**\n * Contact method for dispute resolution.\n *\n * - 'email': Email address\n * - 'url': URL (webhook, contact form)\n * - 'did': Decentralized identifier\n */\nexport const ContactMethodSchema = z.enum(['email', 'url', 'did']);\nexport type ContactMethod = z.infer<typeof ContactMethodSchema>;\n\n/**\n * Contact information for dispute communication.\n *\n * Validated based on method type.\n */\nexport const DisputeContactSchema = z\n .object({\n /** Contact method (REQUIRED) */\n method: ContactMethodSchema,\n /** Contact value (REQUIRED) */\n value: z.string().min(1).max(2048),\n })\n .strict()\n .superRefine((contact, ctx) => {\n if (contact.method === 'email') {\n // Basic email validation (RFC 5322 simplified)\n const emailRegex = /^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$/;\n if (!emailRegex.test(contact.value)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Invalid email format',\n path: ['value'],\n });\n }\n } else if (contact.method === 'did') {\n // DID must start with did:\n if (!contact.value.startsWith('did:')) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'DID must start with \"did:\"',\n path: ['value'],\n });\n }\n } else if (contact.method === 'url') {\n // URL validation\n try {\n new URL(contact.value);\n } catch {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Invalid URL format',\n path: ['value'],\n });\n }\n }\n });\nexport type DisputeContact = z.infer<typeof DisputeContactSchema>;\n\n// =============================================================================\n// DOCUMENT REFERENCE (v0.9.27+)\n// =============================================================================\n\n/**\n * Reference to an external document supporting the dispute.\n */\nexport const DocumentRefSchema = z\n .object({\n /** URI of the document (REQUIRED) */\n uri: z.string().url().max(2048),\n /** Content hash for integrity verification (OPTIONAL) */\n content_hash: ContentHashSchema.optional(),\n /** Brief description of the document (OPTIONAL) */\n description: z.string().max(500).optional(),\n })\n .strict();\nexport type DocumentRef = z.infer<typeof DocumentRefSchema>;\n\n// =============================================================================\n// DISPUTE EVIDENCE (v0.9.27+)\n// =============================================================================\n\n/**\n * Base evidence schema without invariants.\n */\nconst DisputeEvidenceBaseSchema = z\n .object({\n /** Type of dispute (REQUIRED) */\n dispute_type: DisputeTypeSchema,\n /** Reference to disputed target: jti:{id}, URL, or URN (REQUIRED) */\n target_ref: z.string().min(1).max(2048),\n /** Type of target being disputed (REQUIRED) */\n target_type: DisputeTargetTypeSchema,\n /** Grounds for the dispute (REQUIRED, at least 1) */\n grounds: z.array(DisputeGroundsSchema).min(1).max(DISPUTE_LIMITS.maxGrounds),\n /** Human-readable description (REQUIRED) */\n description: z.string().min(1).max(DISPUTE_LIMITS.maxDescriptionLength),\n /** Receipt references supporting the claim (OPTIONAL) */\n supporting_receipts: z\n .array(z.string().max(2048))\n .max(DISPUTE_LIMITS.maxSupportingReceipts)\n .optional(),\n /** Attribution references supporting the claim (OPTIONAL) */\n supporting_attributions: z\n .array(z.string().max(2048))\n .max(DISPUTE_LIMITS.maxSupportingAttributions)\n .optional(),\n /** External document references (OPTIONAL) */\n supporting_documents: z\n .array(DocumentRefSchema)\n .max(DISPUTE_LIMITS.maxSupportingDocuments)\n .optional(),\n /** Contact for dispute resolution (OPTIONAL) */\n contact: DisputeContactSchema.optional(),\n /** Current lifecycle state (REQUIRED) */\n state: DisputeStateSchema,\n /** When state was last changed (OPTIONAL) */\n state_changed_at: z.string().datetime().optional(),\n /** Reason for state change (OPTIONAL) */\n state_reason: z.string().max(1000).optional(),\n /** Resolution details (REQUIRED for terminal states) */\n resolution: DisputeResolutionSchema.optional(),\n /** Advisory: filing window used by issuer in days (OPTIONAL, informative only) */\n window_hint_days: z.number().int().positive().max(365).optional(),\n })\n .strict();\n\n/**\n * Dispute evidence with cross-field invariants enforced via superRefine.\n *\n * Invariants:\n * 1. Terminal states (resolved, rejected, final) REQUIRE resolution\n * 2. Resolution is ONLY valid for terminal states\n * 3. Dispute type 'other' requires description >= 50 characters\n */\nexport const DisputeEvidenceSchema = DisputeEvidenceBaseSchema.superRefine((evidence, ctx) => {\n const terminalStates: DisputeState[] = ['resolved', 'rejected', 'final'];\n\n // Invariant 1: Terminal states REQUIRE resolution\n if (terminalStates.includes(evidence.state) && !evidence.resolution) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Resolution is required when state is \"${evidence.state}\"`,\n path: ['resolution'],\n });\n }\n\n // Invariant 2: Resolution REQUIRES terminal state\n if (evidence.resolution && !terminalStates.includes(evidence.state)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Resolution is only valid for terminal states (resolved, rejected, final), not \"${evidence.state}\"`,\n path: ['state'],\n });\n }\n\n // Invariant 3: 'other' dispute type requires meaningful description\n if (\n evidence.dispute_type === 'other' &&\n evidence.description.length < DISPUTE_LIMITS.minOtherDescriptionLength\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Dispute type \"other\" requires description of at least ${DISPUTE_LIMITS.minOtherDescriptionLength} characters`,\n path: ['description'],\n });\n }\n});\nexport type DisputeEvidence = z.infer<typeof DisputeEvidenceSchema>;\n\n// =============================================================================\n// DISPUTE ATTESTATION (v0.9.27+)\n// =============================================================================\n\n/**\n * Attestation type literal for disputes.\n */\nexport const DISPUTE_TYPE = 'peac/dispute' as const;\n\n/**\n * DisputeAttestation - formal mechanism for contesting PEAC claims.\n *\n * This attestation provides a standardized way to dispute receipts,\n * attributions, identity claims, or policy decisions.\n *\n * @example\n * ```typescript\n * const dispute: DisputeAttestation = {\n * type: 'peac/dispute',\n * issuer: 'https://publisher.example.com',\n * issued_at: '2026-01-06T12:00:00Z',\n * ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * evidence: {\n * dispute_type: 'unauthorized_access',\n * target_ref: 'jti:01H5KPT9QZA123456789VWXYZG',\n * target_type: 'receipt',\n * grounds: [{ code: 'missing_receipt' }],\n * description: 'Content was accessed without a valid receipt.',\n * state: 'filed',\n * },\n * };\n * ```\n */\nexport const DisputeAttestationSchema = z\n .object({\n /** Attestation type (MUST be 'peac/dispute') */\n type: z.literal(DISPUTE_TYPE),\n /** Party filing the dispute (REQUIRED) */\n issuer: z.string().min(1).max(2048),\n /** When the dispute was filed (REQUIRED) */\n issued_at: z.string().datetime(),\n /** When the dispute expires (OPTIONAL) */\n expires_at: z.string().datetime().optional(),\n /** Unique dispute reference in ULID format (REQUIRED) */\n ref: DisputeIdSchema,\n /** Dispute evidence and state */\n evidence: DisputeEvidenceSchema,\n })\n .strict();\nexport type DisputeAttestation = z.infer<typeof DisputeAttestationSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Validate a DisputeAttestation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated attestation or error message\n *\n * @example\n * ```typescript\n * const result = validateDisputeAttestation(data);\n * if (result.ok) {\n * console.log('Dispute ref:', result.value.ref);\n * } else {\n * console.error('Validation error:', result.error);\n * }\n * ```\n */\nexport function validateDisputeAttestation(\n data: unknown\n): { ok: true; value: DisputeAttestation } | { ok: false; error: string } {\n const result = DisputeAttestationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Check if an object is a valid DisputeAttestation.\n *\n * @param data - Unknown data to check\n * @returns True if valid\n */\nexport function isValidDisputeAttestation(data: unknown): data is DisputeAttestation {\n return DisputeAttestationSchema.safeParse(data).success;\n}\n\n/**\n * Check if an object has the dispute attestation type.\n *\n * @param attestation - Object with a type field\n * @returns True if type is 'peac/dispute'\n */\nexport function isDisputeAttestation(attestation: {\n type: string;\n}): attestation is DisputeAttestation {\n return attestation.type === DISPUTE_TYPE;\n}\n\n/**\n * Validate a DisputeResolution.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated resolution or error message\n */\nexport function validateDisputeResolution(\n data: unknown\n): { ok: true; value: DisputeResolution } | { ok: false; error: string } {\n const result = DisputeResolutionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate a DisputeContact.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated contact or error message\n */\nexport function validateDisputeContact(\n data: unknown\n): { ok: true; value: DisputeContact } | { ok: false; error: string } {\n const result = DisputeContactSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n// =============================================================================\n// FACTORY HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Parameters for creating a DisputeAttestation.\n */\nexport interface CreateDisputeAttestationParams {\n /** Party filing the dispute */\n issuer: string;\n /** Unique dispute reference (ULID format) */\n ref: string;\n /** Type of dispute */\n dispute_type: DisputeType;\n /** Reference to disputed target */\n target_ref: string;\n /** Type of target */\n target_type: DisputeTargetType;\n /** Grounds for dispute */\n grounds: DisputeGrounds[];\n /** Human-readable description */\n description: string;\n /** Contact information (optional) */\n contact?: DisputeContact;\n /** When the attestation expires (optional) */\n expires_at?: string;\n /** Supporting receipt references (optional) */\n supporting_receipts?: string[];\n /** Supporting attribution references (optional) */\n supporting_attributions?: string[];\n /** Supporting document references (optional) */\n supporting_documents?: DocumentRef[];\n /** Advisory filing window in days (optional) */\n window_hint_days?: number;\n}\n\n/**\n * Create a DisputeAttestation with current timestamp and 'filed' state.\n *\n * @param params - Attestation parameters\n * @returns A valid DisputeAttestation in 'filed' state\n *\n * @example\n * ```typescript\n * const dispute = createDisputeAttestation({\n * issuer: 'https://publisher.example.com',\n * ref: '01ARZ3NDEKTSV4RRFFQ69G5FAV',\n * dispute_type: 'unauthorized_access',\n * target_ref: 'jti:01H5KPT9QZA123456789VWXYZG',\n * target_type: 'receipt',\n * grounds: [{ code: 'missing_receipt' }],\n * description: 'Content was accessed without a valid receipt.',\n * });\n * ```\n */\nexport function createDisputeAttestation(\n params: CreateDisputeAttestationParams\n): DisputeAttestation {\n const now = new Date().toISOString();\n\n const evidence: DisputeEvidence = {\n dispute_type: params.dispute_type,\n target_ref: params.target_ref,\n target_type: params.target_type,\n grounds: params.grounds,\n description: params.description,\n state: 'filed',\n };\n\n if (params.contact) {\n evidence.contact = params.contact;\n }\n if (params.supporting_receipts) {\n evidence.supporting_receipts = params.supporting_receipts;\n }\n if (params.supporting_attributions) {\n evidence.supporting_attributions = params.supporting_attributions;\n }\n if (params.supporting_documents) {\n evidence.supporting_documents = params.supporting_documents;\n }\n if (params.window_hint_days !== undefined) {\n evidence.window_hint_days = params.window_hint_days;\n }\n\n const attestation: DisputeAttestation = {\n type: DISPUTE_TYPE,\n issuer: params.issuer,\n issued_at: now,\n ref: params.ref,\n evidence,\n };\n\n if (params.expires_at) {\n attestation.expires_at = params.expires_at;\n }\n\n return attestation;\n}\n\n/**\n * Transition a dispute to a new state.\n *\n * @param dispute - Current dispute attestation\n * @param newState - Target state\n * @param reason - Reason for transition (optional)\n * @param resolution - Resolution details (required for terminal states)\n * @returns Updated dispute attestation or error\n *\n * @example\n * ```typescript\n * // Acknowledge a filed dispute\n * const acknowledged = transitionDisputeState(\n * dispute,\n * 'acknowledged',\n * 'Dispute received and under review'\n * );\n *\n * // Resolve a dispute (terminal state requires resolution)\n * const resolved = transitionDisputeState(\n * dispute,\n * 'resolved',\n * 'Investigation complete',\n * {\n * outcome: 'upheld',\n * decided_at: new Date().toISOString(),\n * decided_by: 'https://platform.example.com',\n * rationale: 'Evidence supports the claim.',\n * }\n * );\n * ```\n */\nexport function transitionDisputeState(\n dispute: DisputeAttestation,\n newState: DisputeState,\n reason?: string,\n resolution?: DisputeResolution\n):\n | { ok: true; value: DisputeAttestation }\n | {\n ok: false;\n error: string;\n code: 'INVALID_TRANSITION' | 'RESOLUTION_REQUIRED' | 'RESOLUTION_NOT_ALLOWED';\n } {\n const currentState = dispute.evidence.state;\n\n // Check if transition is valid\n if (!canTransitionTo(currentState, newState)) {\n return {\n ok: false,\n error: `Invalid transition from \"${currentState}\" to \"${newState}\". Valid transitions: ${DISPUTE_TRANSITIONS[currentState].join(', ') || 'none'}`,\n code: 'INVALID_TRANSITION',\n };\n }\n\n // Check resolution requirements\n const isTargetTerminal = isTerminalState(newState);\n\n if (isTargetTerminal && !resolution) {\n return {\n ok: false,\n error: `Resolution is required when transitioning to terminal state \"${newState}\"`,\n code: 'RESOLUTION_REQUIRED',\n };\n }\n\n if (!isTargetTerminal && resolution) {\n return {\n ok: false,\n error: `Resolution is not allowed for non-terminal state \"${newState}\"`,\n code: 'RESOLUTION_NOT_ALLOWED',\n };\n }\n\n // Create updated dispute\n const now = new Date().toISOString();\n\n // Destructure to separate resolution from other evidence fields\n const { resolution: _existingResolution, ...evidenceWithoutResolution } = dispute.evidence;\n\n // Build updated evidence: start without resolution, add back only if terminal\n const updatedEvidence: DisputeEvidence = {\n ...evidenceWithoutResolution,\n state: newState,\n state_changed_at: now,\n };\n\n if (reason) {\n updatedEvidence.state_reason = reason;\n }\n\n // Only add resolution for terminal states\n if (isTargetTerminal && resolution) {\n updatedEvidence.resolution = resolution;\n }\n\n return {\n ok: true,\n value: {\n ...dispute,\n evidence: updatedEvidence,\n },\n };\n}\n\n// =============================================================================\n// TIME VALIDATION HELPERS (v0.9.27+)\n// =============================================================================\n\n/**\n * Check if a dispute attestation is expired.\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Clock skew tolerance in milliseconds (default: 30000)\n * @returns True if expired\n */\nexport function isDisputeExpired(\n attestation: DisputeAttestation,\n clockSkew: number = 30000\n): boolean {\n if (!attestation.expires_at) {\n return false; // No expiry = never expires\n }\n const expiresAt = new Date(attestation.expires_at).getTime();\n const now = Date.now();\n return expiresAt < now - clockSkew;\n}\n\n/**\n * Check if a dispute attestation is not yet valid (issued_at in future).\n *\n * @param attestation - The attestation to check\n * @param clockSkew - Clock skew tolerance in milliseconds (default: 30000)\n * @returns True if not yet valid\n */\nexport function isDisputeNotYetValid(\n attestation: DisputeAttestation,\n clockSkew: number = 30000\n): boolean {\n const issuedAt = new Date(attestation.issued_at).getTime();\n const now = Date.now();\n return issuedAt > now + clockSkew;\n}\n","/**\n * PEAC Workflow Correlation Types (v0.10.2+)\n *\n * Workflow correlation primitives for multi-agent orchestration.\n * These types enable tracking and verification of multi-step agentic workflows\n * across different frameworks (MCP, A2A, CrewAI, LangGraph, etc.).\n *\n * Design principles:\n * - Non-breaking: Uses extensions mechanism (auth.extensions['org.peacprotocol/workflow'])\n * - DAG semantics: Parent linking for execution graph reconstruction\n * - Framework-agnostic: Works with any orchestration layer\n * - Deterministic: Supports offline verification and audit\n *\n * @see docs/specs/WORKFLOW-CORRELATION.md\n */\n\nimport { z } from 'zod';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Extension key for workflow context\n * Used in auth.extensions['org.peacprotocol/workflow']\n */\nexport const WORKFLOW_EXTENSION_KEY = 'org.peacprotocol/workflow';\n\n/**\n * Attestation type for workflow summaries\n */\nexport const WORKFLOW_SUMMARY_TYPE = 'peac/workflow-summary' as const;\n\n/**\n * Workflow status values\n */\nexport const WORKFLOW_STATUSES = ['in_progress', 'completed', 'failed', 'cancelled'] as const;\n\n/**\n * Well-known orchestration frameworks (informational, not normative)\n *\n * The framework field accepts any string matching the framework grammar.\n * These well-known values are listed in the PEAC registries for interop.\n * New frameworks do NOT require protocol updates - just use the name.\n *\n * @see docs/specs/registries.json - orchestration_frameworks section\n */\nexport const WELL_KNOWN_FRAMEWORKS = [\n 'mcp',\n 'a2a',\n 'crewai',\n 'langgraph',\n 'autogen',\n 'custom',\n] as const;\n\n/**\n * @deprecated Use WELL_KNOWN_FRAMEWORKS instead. Kept for backwards compatibility.\n */\nexport const ORCHESTRATION_FRAMEWORKS = WELL_KNOWN_FRAMEWORKS;\n\n/**\n * Framework identifier grammar pattern\n *\n * Lowercase letters, digits, hyphens, underscores.\n * Must start with a letter. Max 64 characters.\n * Examples: \"mcp\", \"a2a\", \"crewai\", \"langgraph\", \"dspy\", \"smolagents\"\n */\nexport const FRAMEWORK_ID_PATTERN = /^[a-z][a-z0-9_-]*$/;\n\n/**\n * Workflow correlation limits (DoS protection)\n */\nexport const WORKFLOW_LIMITS = {\n /** Maximum parent steps per step (DAG fan-in) */\n maxParentSteps: 16,\n /** Maximum workflow ID length */\n maxWorkflowIdLength: 128,\n /** Maximum step ID length */\n maxStepIdLength: 128,\n /** Maximum tool name length */\n maxToolNameLength: 256,\n /** Maximum framework identifier length */\n maxFrameworkLength: 64,\n /** Maximum agents in a workflow summary */\n maxAgentsInvolved: 100,\n /** Maximum receipt refs in a workflow summary */\n maxReceiptRefs: 10000,\n /** Maximum error message length */\n maxErrorMessageLength: 1024,\n} as const;\n\n// ============================================================================\n// ID Format Patterns\n// ============================================================================\n\n/**\n * Workflow ID format: wf_{ulid} or wf_{uuid}\n * Examples:\n * - wf_01HXYZ... (ULID)\n * - wf_550e8400-e29b-41d4-a716-446655440000 (UUID)\n */\nexport const WORKFLOW_ID_PATTERN = /^wf_[a-zA-Z0-9_-]{20,48}$/;\n\n/**\n * Step ID format: step_{ulid} or step_{uuid}\n * Examples:\n * - step_01HXYZ... (ULID)\n * - step_550e8400-e29b-41d4-a716-446655440000 (UUID)\n */\nexport const STEP_ID_PATTERN = /^step_[a-zA-Z0-9_-]{20,48}$/;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * Workflow ID schema\n */\nexport const WorkflowIdSchema = z\n .string()\n .regex(WORKFLOW_ID_PATTERN, 'Invalid workflow ID format (expected wf_{ulid|uuid})')\n .max(WORKFLOW_LIMITS.maxWorkflowIdLength);\n\n/**\n * Step ID schema\n */\nexport const StepIdSchema = z\n .string()\n .regex(STEP_ID_PATTERN, 'Invalid step ID format (expected step_{ulid|uuid})')\n .max(WORKFLOW_LIMITS.maxStepIdLength);\n\n/**\n * Workflow status schema\n */\nexport const WorkflowStatusSchema = z.enum(WORKFLOW_STATUSES);\n\n/**\n * Orchestration framework schema\n *\n * Open string field with constrained grammar. Any lowercase identifier\n * matching the framework grammar is valid. Well-known values are listed\n * in WELL_KNOWN_FRAMEWORKS and the PEAC registries.\n *\n * Grammar: /^[a-z][a-z0-9_-]*$/ (max 64 chars)\n */\nexport const OrchestrationFrameworkSchema = z\n .string()\n .regex(\n FRAMEWORK_ID_PATTERN,\n 'Invalid framework identifier (must be lowercase alphanumeric with hyphens/underscores, starting with a letter)'\n )\n .max(WORKFLOW_LIMITS.maxFrameworkLength);\n\n/**\n * Workflow context schema - attached to individual receipts\n *\n * This is the core primitive that links receipts into a workflow DAG.\n * Place in auth.extensions['org.peacprotocol/workflow']\n */\nexport const WorkflowContextSchema = z\n .object({\n // Correlation\n /** Globally unique workflow/run ID */\n workflow_id: WorkflowIdSchema,\n\n /** This step's unique ID */\n step_id: StepIdSchema,\n\n /** DAG parent step IDs (empty array for root step) */\n parent_step_ids: z.array(StepIdSchema).max(WORKFLOW_LIMITS.maxParentSteps).default([]),\n\n // Orchestration identity\n /** Agent identity ref of the orchestrator (optional) */\n orchestrator_id: z.string().max(256).optional(),\n\n /** Receipt ID that initiated this workflow (optional) */\n orchestrator_receipt_ref: z.string().max(256).optional(),\n\n // Sequencing (for linear workflows)\n /** 0-based position in sequential runs (optional) */\n step_index: z.number().int().nonnegative().optional(),\n\n /** Total steps if known upfront (optional) */\n step_total: z.number().int().positive().optional(),\n\n // Metadata\n /** Tool or skill name (MCP tool, A2A skill, etc.) */\n tool_name: z.string().max(WORKFLOW_LIMITS.maxToolNameLength).optional(),\n\n /** Orchestration framework */\n framework: OrchestrationFrameworkSchema.optional(),\n\n // Hash chain (for streaming/progressive receipts)\n /** SHA-256 hash of previous receipt in chain (for ordering) */\n prev_receipt_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n })\n .strict();\n\n/**\n * Error context for failed workflows\n */\nexport const WorkflowErrorContextSchema = z\n .object({\n /** Step ID where failure occurred */\n failed_step_id: StepIdSchema,\n\n /** Error code (E_* format preferred) */\n error_code: z.string().max(64),\n\n /** Human-readable error message */\n error_message: z.string().max(WORKFLOW_LIMITS.maxErrorMessageLength),\n })\n .strict();\n\n/**\n * Workflow summary evidence - the \"proof of run\" artifact\n *\n * Used in peac/workflow-summary attestations.\n * This is the single handle auditors use to verify an entire workflow.\n */\nexport const WorkflowSummaryEvidenceSchema = z\n .object({\n /** Workflow ID this summary describes */\n workflow_id: WorkflowIdSchema,\n\n /** Workflow status */\n status: WorkflowStatusSchema,\n\n /** When the workflow started (ISO 8601) */\n started_at: z.string().datetime(),\n\n /** When the workflow completed (ISO 8601, undefined if in_progress) */\n completed_at: z.string().datetime().optional(),\n\n // Receipt commitment\n /** Ordered list of receipt IDs (for small workflows) */\n receipt_refs: z.array(z.string().max(256)).max(WORKFLOW_LIMITS.maxReceiptRefs).optional(),\n\n /** Merkle root of receipt digests (for large workflows, RFC 6962 style) */\n receipt_merkle_root: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n\n /** Total receipt count (required if using Merkle root) */\n receipt_count: z.number().int().nonnegative().optional(),\n\n // Orchestration\n /** Agent identity ref of the orchestrator */\n orchestrator_id: z.string().max(256),\n\n /** List of agent IDs involved in the workflow */\n agents_involved: z.array(z.string().max(256)).max(WORKFLOW_LIMITS.maxAgentsInvolved),\n\n // Outcome\n /** SHA-256 hash of final output artifact (optional) */\n final_result_hash: z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/)\n .optional(),\n\n /** Error context if workflow failed */\n error_context: WorkflowErrorContextSchema.optional(),\n })\n .strict()\n .refine(\n (data) => {\n // Must have either receipt_refs or receipt_merkle_root (or both)\n return data.receipt_refs !== undefined || data.receipt_merkle_root !== undefined;\n },\n {\n message: 'Workflow summary must include receipt_refs or receipt_merkle_root',\n }\n )\n .refine(\n (data) => {\n // If using Merkle root, must include receipt_count\n if (data.receipt_merkle_root !== undefined && data.receipt_count === undefined) {\n return false;\n }\n return true;\n },\n {\n message: 'receipt_count is required when using receipt_merkle_root',\n }\n );\n\n/**\n * Workflow summary attestation schema\n *\n * A signed attestation containing the workflow summary evidence.\n */\nexport const WorkflowSummaryAttestationSchema = z\n .object({\n /** Attestation type (must be 'peac/workflow-summary') */\n type: z.literal(WORKFLOW_SUMMARY_TYPE),\n\n /** Who issued this attestation (HTTPS URL) */\n issuer: z.string().url().startsWith('https://'),\n\n /** When this attestation was issued (ISO 8601) */\n issued_at: z.string().datetime(),\n\n /** When this attestation expires (ISO 8601, optional) */\n expires_at: z.string().datetime().optional(),\n\n /** The workflow summary evidence */\n evidence: WorkflowSummaryEvidenceSchema,\n })\n .strict();\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type WorkflowId = z.infer<typeof WorkflowIdSchema>;\nexport type StepId = z.infer<typeof StepIdSchema>;\nexport type WorkflowStatus = z.infer<typeof WorkflowStatusSchema>;\nexport type OrchestrationFramework = z.infer<typeof OrchestrationFrameworkSchema>;\nexport type WorkflowContext = z.infer<typeof WorkflowContextSchema>;\nexport type WorkflowErrorContext = z.infer<typeof WorkflowErrorContextSchema>;\nexport type WorkflowSummaryEvidence = z.infer<typeof WorkflowSummaryEvidenceSchema>;\nexport type WorkflowSummaryAttestation = z.infer<typeof WorkflowSummaryAttestationSchema>;\n\n// ============================================================================\n// Ordered Validation (Conformance)\n// ============================================================================\n\n/**\n * Result of ordered workflow context validation.\n *\n * Returns a canonical error code per Section 6.5.1 validation ordering\n * instead of Zod error messages, enabling language-neutral conformance testing.\n */\nexport type WorkflowValidationResult =\n | { valid: true; value: WorkflowContext }\n | { valid: false; error_code: string; error: string };\n\n/**\n * Validate a WorkflowContext with explicit evaluation ordering.\n *\n * Implements Section 6.5.1 of WORKFLOW-CORRELATION.md:\n * 1. Required field format (rules 4, 5)\n * 2. Structural constraints (rule 3)\n * 3. Optional field format (rules 6, 7)\n * 4. Semantic DAG checks (rules 1, 2)\n *\n * This function does NOT depend on Zod's internal validation ordering.\n * Cross-language implementations MUST produce identical error_code values\n * for the same invalid input.\n *\n * @param input - Raw input to validate\n * @returns Validation result with canonical error code on failure\n */\nexport function validateWorkflowContextOrdered(input: unknown): WorkflowValidationResult {\n if (typeof input !== 'object' || input === null) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Input must be an object',\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Step 1: Required field format (rules 4, 5)\n if (\n typeof obj.workflow_id !== 'string' ||\n !WORKFLOW_ID_PATTERN.test(obj.workflow_id) ||\n obj.workflow_id.length > WORKFLOW_LIMITS.maxWorkflowIdLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_ID_INVALID',\n error: 'Invalid workflow ID format',\n };\n }\n\n if (\n typeof obj.step_id !== 'string' ||\n !STEP_ID_PATTERN.test(obj.step_id) ||\n obj.step_id.length > WORKFLOW_LIMITS.maxStepIdLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_STEP_ID_INVALID',\n error: 'Invalid step ID format',\n };\n }\n\n // Step 2: Structural constraints (rule 3)\n const parentStepIds = obj.parent_step_ids;\n if (Array.isArray(parentStepIds) && parentStepIds.length > WORKFLOW_LIMITS.maxParentSteps) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_LIMIT_EXCEEDED',\n error: 'Exceeds maximum parent steps',\n };\n }\n\n // Step 3: Optional field format (rules 6, 7)\n if (obj.framework !== undefined) {\n if (\n typeof obj.framework !== 'string' ||\n !FRAMEWORK_ID_PATTERN.test(obj.framework) ||\n obj.framework.length > WORKFLOW_LIMITS.maxFrameworkLength\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Invalid framework identifier grammar',\n };\n }\n }\n\n if (obj.prev_receipt_hash !== undefined) {\n if (\n typeof obj.prev_receipt_hash !== 'string' ||\n !/^sha256:[a-f0-9]{64}$/.test(obj.prev_receipt_hash)\n ) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: 'Invalid hash format',\n };\n }\n }\n\n // Step 4: Semantic DAG checks (rules 1, 2)\n if (Array.isArray(parentStepIds)) {\n if (parentStepIds.includes(obj.step_id)) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_DAG_INVALID',\n error: 'Self-parent cycle detected',\n };\n }\n const uniqueParents = new Set(parentStepIds);\n if (uniqueParents.size !== parentStepIds.length) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_DAG_INVALID',\n error: 'Duplicate parent step IDs',\n };\n }\n }\n\n // Full schema validation for remaining structural rules (types, strict mode, etc.)\n const result = WorkflowContextSchema.safeParse(input);\n if (!result.success) {\n return {\n valid: false,\n error_code: 'E_WORKFLOW_CONTEXT_INVALID',\n error: result.error.issues[0]?.message || 'Schema validation failed',\n };\n }\n\n return { valid: true, value: result.data };\n}\n\n// ============================================================================\n// Helper Functions\n// ============================================================================\n\n/**\n * Generate a workflow ID with the wf_ prefix\n *\n * @param id - ULID or UUID payload (without prefix)\n * @returns Prefixed workflow ID\n */\nexport function createWorkflowId(id: string): WorkflowId {\n const workflowId = `wf_${id}`;\n return WorkflowIdSchema.parse(workflowId);\n}\n\n/**\n * Generate a step ID with the step_ prefix\n *\n * @param id - ULID or UUID payload (without prefix)\n * @returns Prefixed step ID\n */\nexport function createStepId(id: string): StepId {\n const stepId = `step_${id}`;\n return StepIdSchema.parse(stepId);\n}\n\n/**\n * Validate a workflow context object\n *\n * @param context - Object to validate\n * @returns Validated WorkflowContext\n * @throws ZodError if validation fails\n */\nexport function validateWorkflowContext(context: unknown): WorkflowContext {\n return WorkflowContextSchema.parse(context);\n}\n\n/**\n * Check if an object is a valid workflow context (non-throwing)\n *\n * @param context - Object to check\n * @returns True if valid WorkflowContext\n */\nexport function isValidWorkflowContext(context: unknown): context is WorkflowContext {\n return WorkflowContextSchema.safeParse(context).success;\n}\n\n/**\n * Validate a workflow summary attestation\n *\n * @param attestation - Object to validate\n * @returns Validated WorkflowSummaryAttestation\n * @throws ZodError if validation fails\n */\nexport function validateWorkflowSummaryAttestation(\n attestation: unknown\n): WorkflowSummaryAttestation {\n return WorkflowSummaryAttestationSchema.parse(attestation);\n}\n\n/**\n * Check if an object is a workflow summary attestation (non-throwing)\n *\n * @param attestation - Object to check\n * @returns True if valid WorkflowSummaryAttestation\n */\nexport function isWorkflowSummaryAttestation(\n attestation: unknown\n): attestation is WorkflowSummaryAttestation {\n return WorkflowSummaryAttestationSchema.safeParse(attestation).success;\n}\n\n/**\n * Check if a workflow summary is in a terminal state\n *\n * @param status - Workflow status\n * @returns True if completed, failed, or cancelled\n */\nexport function isTerminalWorkflowStatus(status: WorkflowStatus): boolean {\n return status === 'completed' || status === 'failed' || status === 'cancelled';\n}\n\n/**\n * Check if workflow context has valid DAG semantics (no self-parent)\n *\n * @param context - Workflow context to check\n * @returns True if DAG semantics are valid\n */\nexport function hasValidDagSemantics(context: WorkflowContext): boolean {\n // Step cannot be its own parent\n if (context.parent_step_ids.includes(context.step_id)) {\n return false;\n }\n // No duplicate parents\n const uniqueParents = new Set(context.parent_step_ids);\n if (uniqueParents.size !== context.parent_step_ids.length) {\n return false;\n }\n return true;\n}\n\n/**\n * Create a workflow context for attaching to a receipt\n *\n * @param params - Workflow context parameters\n * @returns Validated WorkflowContext\n */\nexport function createWorkflowContext(params: {\n workflow_id: string;\n step_id: string;\n parent_step_ids?: string[];\n orchestrator_id?: string;\n orchestrator_receipt_ref?: string;\n step_index?: number;\n step_total?: number;\n tool_name?: string;\n framework?: string;\n prev_receipt_hash?: string;\n}): WorkflowContext {\n const context: WorkflowContext = {\n workflow_id: params.workflow_id as WorkflowId,\n step_id: params.step_id as StepId,\n parent_step_ids: (params.parent_step_ids ?? []) as StepId[],\n ...(params.orchestrator_id && { orchestrator_id: params.orchestrator_id }),\n ...(params.orchestrator_receipt_ref && {\n orchestrator_receipt_ref: params.orchestrator_receipt_ref,\n }),\n ...(params.step_index !== undefined && { step_index: params.step_index }),\n ...(params.step_total !== undefined && { step_total: params.step_total }),\n ...(params.tool_name && { tool_name: params.tool_name }),\n ...(params.framework && { framework: params.framework }),\n ...(params.prev_receipt_hash && { prev_receipt_hash: params.prev_receipt_hash }),\n };\n\n // Validate\n const validated = validateWorkflowContext(context);\n\n // Check DAG semantics\n if (!hasValidDagSemantics(validated)) {\n throw new Error(\n 'Invalid DAG semantics: step cannot be its own parent or have duplicate parents'\n );\n }\n\n return validated;\n}\n\n/**\n * Create parameters for a workflow summary attestation\n */\nexport interface CreateWorkflowSummaryParams {\n workflow_id: string;\n status: WorkflowStatus;\n started_at: string;\n completed_at?: string;\n orchestrator_id: string;\n agents_involved: string[];\n receipt_refs?: string[];\n receipt_merkle_root?: string;\n receipt_count?: number;\n final_result_hash?: string;\n error_context?: WorkflowErrorContext;\n issuer: string;\n issued_at: string;\n expires_at?: string;\n}\n\n/**\n * Create a workflow summary attestation\n *\n * @param params - Attestation parameters\n * @returns Validated WorkflowSummaryAttestation\n */\nexport function createWorkflowSummaryAttestation(\n params: CreateWorkflowSummaryParams\n): WorkflowSummaryAttestation {\n const attestation: WorkflowSummaryAttestation = {\n type: WORKFLOW_SUMMARY_TYPE,\n issuer: params.issuer,\n issued_at: params.issued_at,\n ...(params.expires_at && { expires_at: params.expires_at }),\n evidence: {\n workflow_id: params.workflow_id as WorkflowId,\n status: params.status,\n started_at: params.started_at,\n ...(params.completed_at && { completed_at: params.completed_at }),\n ...(params.receipt_refs && { receipt_refs: params.receipt_refs }),\n ...(params.receipt_merkle_root && { receipt_merkle_root: params.receipt_merkle_root }),\n ...(params.receipt_count !== undefined && { receipt_count: params.receipt_count }),\n orchestrator_id: params.orchestrator_id,\n agents_involved: params.agents_involved,\n ...(params.final_result_hash && { final_result_hash: params.final_result_hash }),\n ...(params.error_context && { error_context: params.error_context }),\n },\n };\n\n return validateWorkflowSummaryAttestation(attestation);\n}\n","/**\n * PEAC Interaction Evidence Types (v0.10.7+)\n *\n * Interaction evidence captures what happened during agent execution.\n * This is an extension type - stored at evidence.extensions[\"org.peacprotocol/interaction@0.1\"]\n *\n * Design principles:\n * - Wire-stable: Uses extensions mechanism (NOT a top-level evidence field)\n * - Hash-only by default: Privacy-preserving content digests\n * - Open kind registry: Not a closed enum, converges through convention\n * - 1 receipt = 1 interaction: No batching (use bundles for that)\n *\n * @see docs/specs/INTERACTION-EVIDENCE.md\n */\n\nimport { z } from 'zod';\nimport type { JsonValue } from '@peac/kernel';\nimport type { PEACEnvelope } from './envelope.js';\nimport type { WorkflowContext } from './workflow.js';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Extension key for interaction evidence\n * Used in evidence.extensions['org.peacprotocol/interaction@0.1']\n */\nexport const INTERACTION_EXTENSION_KEY = 'org.peacprotocol/interaction@0.1';\n\n/**\n * Canonical digest algorithms (NORMATIVE)\n *\n * k = 1024 bytes (binary), m = 1024*1024 bytes (binary)\n * NO case-insensitivity, NO regex matching - strict canonical set only.\n */\nexport const CANONICAL_DIGEST_ALGS = [\n 'sha-256', // Full SHA-256\n 'sha-256:trunc-64k', // First 64KB (65536 bytes)\n 'sha-256:trunc-1m', // First 1MB (1048576 bytes)\n] as const;\n\n/**\n * Size constants for digest truncation (NORMATIVE)\n */\nexport const DIGEST_SIZE_CONSTANTS = {\n k: 1024, // 1 KB = 1024 bytes (binary)\n m: 1024 * 1024, // 1 MB = 1048576 bytes (binary)\n 'trunc-64k': 65536, // 64 * 1024\n 'trunc-1m': 1048576, // 1024 * 1024\n} as const;\n\n/**\n * Result status values for interaction outcomes\n */\nexport const RESULT_STATUSES = ['ok', 'error', 'timeout', 'canceled'] as const;\n\n/**\n * Redaction modes for payload references\n */\nexport const REDACTION_MODES = ['hash_only', 'redacted', 'plaintext_allowlisted'] as const;\n\n/**\n * Policy decision values\n */\nexport const POLICY_DECISIONS = ['allow', 'deny', 'constrained'] as const;\n\n/**\n * Well-known interaction kinds (informational, not normative)\n *\n * The kind field accepts any string matching the kind grammar.\n * These well-known values are listed in the PEAC registries for interop.\n * New kinds do NOT require protocol updates - just use the name.\n *\n * Custom kinds: use \"custom:<reverse-dns>\" or \"<reverse-dns>:<token>\"\n */\nexport const WELL_KNOWN_KINDS = [\n 'tool.call',\n 'http.request',\n 'fs.read',\n 'fs.write',\n 'message',\n 'inference.chat_completion',\n] as const;\n\n/**\n * Reserved kind prefixes (NORMATIVE)\n *\n * Kinds starting with these prefixes that are NOT in WELL_KNOWN_KINDS\n * MUST be rejected to prevent namespace pollution.\n */\nexport const RESERVED_KIND_PREFIXES = ['peac.', 'org.peacprotocol.'] as const;\n\n/**\n * Interaction evidence limits (DoS protection)\n */\nexport const INTERACTION_LIMITS = {\n /** Maximum interaction ID length */\n maxInteractionIdLength: 256,\n /** Maximum kind length */\n maxKindLength: 128,\n /** Maximum platform name length */\n maxPlatformLength: 64,\n /** Maximum version string length */\n maxVersionLength: 64,\n /** Maximum plugin ID length */\n maxPluginIdLength: 128,\n /** Maximum tool name length */\n maxToolNameLength: 256,\n /** Maximum provider length */\n maxProviderLength: 128,\n /** Maximum URI length */\n maxUriLength: 2048,\n /** Maximum method length */\n maxMethodLength: 16,\n /** Maximum error code length */\n maxErrorCodeLength: 128,\n /** Maximum payment reference length */\n maxPaymentReferenceLength: 256,\n /** Maximum receipt RID length */\n maxReceiptRidLength: 128,\n} as const;\n\n// ============================================================================\n// Shared Invariant Helpers (used by both schema and ordered validator)\n// ============================================================================\n\n/**\n * Check if a kind requires a tool target (internal helper)\n */\nfunction requiresTool(kind: string): boolean {\n return kind.startsWith('tool.');\n}\n\n/**\n * Check if a kind requires a resource target (internal helper)\n */\nfunction requiresResource(kind: string): boolean {\n return kind.startsWith('http.') || kind.startsWith('fs.');\n}\n\n/**\n * Check if a kind uses a reserved prefix (internal helper)\n */\nfunction usesReservedPrefix(kind: string): boolean {\n return RESERVED_KIND_PREFIXES.some((prefix) => kind.startsWith(prefix));\n}\n\n/**\n * Check if a resource object is meaningful - has at least uri (internal helper)\n * Empty resource objects {} are not valid targets.\n */\nfunction hasMeaningfulResource(resource: Record<string, unknown> | undefined): boolean {\n if (!resource) return false;\n if (typeof resource.uri === 'string' && resource.uri.length > 0) return true;\n return false;\n}\n\n// ============================================================================\n// Format Patterns\n// ============================================================================\n\n/**\n * Kind format pattern\n *\n * Lowercase letters, digits, dots, underscores, colons, hyphens.\n * Must start with a letter, end with letter or digit.\n * Min 2 chars, max 128 chars.\n *\n * Examples: \"tool.call\", \"http.request\", \"custom:com.example.foo\"\n */\nexport const KIND_FORMAT_PATTERN = /^[a-z][a-z0-9._:-]{0,126}[a-z0-9]$/;\n\n/**\n * Extension key format pattern (NORMATIVE)\n *\n * Reverse-DNS domain + '/' + key name + optional version\n * Pattern: ^([a-z0-9-]+\\.)+[a-z0-9-]+\\/[a-z][a-z0-9._:-]{0,126}[a-z0-9](?:@[0-9]+(?:\\.[0-9]+)*)?$\n *\n * Examples:\n * - \"com.example/foo\"\n * - \"org.peacprotocol/interaction@0.1\"\n * - \"io.vendor/custom-data\"\n */\nexport const EXTENSION_KEY_PATTERN =\n /^([a-z0-9-]+\\.)+[a-z0-9-]+\\/[a-z][a-z0-9._:-]{0,126}[a-z0-9](?:@[0-9]+(?:\\.[0-9]+)*)?$/;\n\n/**\n * Digest value format (64 lowercase hex chars)\n */\nexport const DIGEST_VALUE_PATTERN = /^[a-f0-9]{64}$/;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * Digest algorithm schema - strict canonical set\n */\nexport const DigestAlgSchema = z.enum(CANONICAL_DIGEST_ALGS);\n\n/**\n * Digest schema for privacy-preserving content hashing\n */\nexport const DigestSchema = z\n .object({\n /** Algorithm: 'sha-256' (full) or 'sha-256:trunc-{size}' (truncated) */\n alg: DigestAlgSchema,\n /** 64 lowercase hex chars (SHA-256 output) */\n value: z.string().regex(DIGEST_VALUE_PATTERN, 'Must be 64 lowercase hex chars'),\n /** Original byte length before any truncation (REQUIRED) */\n bytes: z.number().int().nonnegative(),\n })\n .strict();\n\n/**\n * Payload reference schema (on-wire, portable)\n */\nexport const PayloadRefSchema = z\n .object({\n /** Content digest */\n digest: DigestSchema,\n /** Redaction mode */\n redaction: z.enum(REDACTION_MODES),\n })\n .strict();\n\n/**\n * Executor identity schema (who ran this)\n */\nexport const ExecutorSchema = z\n .object({\n /** Platform identifier: 'openclaw', 'mcp', 'a2a', 'claude-code' */\n platform: z.string().min(1).max(INTERACTION_LIMITS.maxPlatformLength),\n /** Platform version */\n version: z.string().max(INTERACTION_LIMITS.maxVersionLength).optional(),\n /** Plugin that captured this */\n plugin_id: z.string().max(INTERACTION_LIMITS.maxPluginIdLength).optional(),\n /** Hash of plugin package (provenance) */\n plugin_digest: DigestSchema.optional(),\n })\n .strict();\n\n/**\n * Tool target schema (for tool.call kind)\n */\nexport const ToolTargetSchema = z\n .object({\n /** Tool name */\n name: z.string().min(1).max(INTERACTION_LIMITS.maxToolNameLength),\n /** Tool provider */\n provider: z.string().max(INTERACTION_LIMITS.maxProviderLength).optional(),\n /** Tool version */\n version: z.string().max(INTERACTION_LIMITS.maxVersionLength).optional(),\n })\n .strict();\n\n/**\n * Resource target schema (for http/fs kinds)\n */\nexport const ResourceTargetSchema = z\n .object({\n /** Resource URI */\n uri: z.string().max(INTERACTION_LIMITS.maxUriLength).optional(),\n /** HTTP method or operation */\n method: z.string().max(INTERACTION_LIMITS.maxMethodLength).optional(),\n })\n .strict();\n\n/**\n * Execution result schema\n */\nexport const ResultSchema = z\n .object({\n /** Result status */\n status: z.enum(RESULT_STATUSES),\n /** Error code (PEAC error code or namespaced) */\n error_code: z.string().max(INTERACTION_LIMITS.maxErrorCodeLength).optional(),\n /** Whether the operation can be retried */\n retryable: z.boolean().optional(),\n })\n .strict();\n\n/**\n * Policy context schema (policy state at execution time)\n */\nexport const PolicyContextSchema = z\n .object({\n /** Policy decision */\n decision: z.enum(POLICY_DECISIONS),\n /** Whether sandbox mode was enabled */\n sandbox_enabled: z.boolean().optional(),\n /** Whether elevated permissions were granted */\n elevated: z.boolean().optional(),\n /** Hash of effective policy document */\n effective_policy_digest: DigestSchema.optional(),\n })\n .strict();\n\n/**\n * References schema (links to related evidence)\n */\nexport const RefsSchema = z\n .object({\n /** Links to evidence.payment.reference */\n payment_reference: z.string().max(INTERACTION_LIMITS.maxPaymentReferenceLength).optional(),\n /** Correlation across receipts */\n related_receipt_rid: z.string().max(INTERACTION_LIMITS.maxReceiptRidLength).optional(),\n })\n .strict();\n\n/**\n * Kind schema with format validation\n */\nexport const KindSchema = z\n .string()\n .min(2)\n .max(INTERACTION_LIMITS.maxKindLength)\n .regex(KIND_FORMAT_PATTERN, 'Invalid kind format');\n\n/**\n * Interaction evidence schema (base, without cross-field refinements)\n */\nconst InteractionEvidenceV01BaseSchema = z\n .object({\n /** Stable ID for idempotency/dedupe (REQUIRED) */\n interaction_id: z.string().min(1).max(INTERACTION_LIMITS.maxInteractionIdLength),\n\n /** Event kind - open string, not closed enum (REQUIRED) */\n kind: KindSchema,\n\n /** Executor identity (REQUIRED) */\n executor: ExecutorSchema,\n\n /** Tool target (when kind is tool-related) */\n tool: ToolTargetSchema.optional(),\n\n /** Resource target (when kind is http/fs-related) */\n resource: ResourceTargetSchema.optional(),\n\n /** Input payload reference */\n input: PayloadRefSchema.optional(),\n\n /** Output payload reference */\n output: PayloadRefSchema.optional(),\n\n /** Start time (RFC 3339) (REQUIRED) */\n started_at: z.string().datetime(),\n\n /** Completion time (RFC 3339) */\n completed_at: z.string().datetime().optional(),\n\n /** Duration in milliseconds (OPTIONAL, non-normative) */\n duration_ms: z.number().int().nonnegative().optional(),\n\n /** Execution outcome */\n result: ResultSchema.optional(),\n\n /** Policy context at execution */\n policy: PolicyContextSchema.optional(),\n\n /** References to related evidence */\n refs: RefsSchema.optional(),\n\n /** Platform-specific extensions (MUST be namespaced) */\n extensions: z.record(z.string(), z.unknown()).optional(),\n })\n .strict();\n\n/**\n * Interaction evidence schema with invariant refinements\n *\n * ALL REJECT invariants are enforced here. This ensures that\n * both direct schema validation and ordered validation produce\n * consistent results.\n */\nexport const InteractionEvidenceV01Schema = InteractionEvidenceV01BaseSchema.superRefine(\n (ev, ctx) => {\n // Invariant 1: completed_at >= started_at\n if (ev.completed_at && ev.started_at) {\n const startedAt = new Date(ev.started_at).getTime();\n const completedAt = new Date(ev.completed_at).getTime();\n if (completedAt < startedAt) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'completed_at must be >= started_at',\n path: ['completed_at'],\n });\n }\n }\n\n // Invariant 2: output requires result.status\n if (ev.output && !ev.result?.status) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'result.status is required when output is present',\n path: ['result'],\n });\n }\n\n // Invariant 3: error status requires error_code or NON-EMPTY extensions\n // Empty extensions object {} is not valid detail\n if (ev.result?.status === 'error') {\n const hasErrorCode = Boolean(ev.result.error_code);\n const hasNonEmptyExtensions =\n ev.extensions !== undefined && Object.keys(ev.extensions).length > 0;\n if (!hasErrorCode && !hasNonEmptyExtensions) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'error_code or non-empty extensions required when status is error',\n path: ['result', 'error_code'],\n });\n }\n }\n\n // Invariant 4: extension keys must be properly namespaced\n if (ev.extensions) {\n for (const key of Object.keys(ev.extensions)) {\n if (!EXTENSION_KEY_PATTERN.test(key)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Invalid extension key format: ${key} (must be reverse-DNS/name[@version])`,\n path: ['extensions', key],\n });\n }\n }\n }\n\n // Invariant 5: reserved kind prefixes (REJECT rule)\n // Kinds starting with peac.* or org.peacprotocol.* that are NOT in WELL_KNOWN_KINDS are rejected\n if (\n usesReservedPrefix(ev.kind) &&\n !WELL_KNOWN_KINDS.includes(ev.kind as (typeof WELL_KNOWN_KINDS)[number])\n ) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" uses reserved prefix`,\n path: ['kind'],\n });\n }\n\n // Invariant 6: target consistency (REJECT rule)\n // tool.* kinds MUST have tool field with name\n if (requiresTool(ev.kind) && !ev.tool) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires tool field`,\n path: ['tool'],\n });\n }\n // http.* and fs.* kinds MUST have resource field with meaningful content (at least uri)\n if (requiresResource(ev.kind)) {\n if (!ev.resource) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires resource field`,\n path: ['resource'],\n });\n } else if (!hasMeaningfulResource(ev.resource as Record<string, unknown>)) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `kind \"${ev.kind}\" requires resource.uri to be non-empty`,\n path: ['resource', 'uri'],\n });\n }\n }\n }\n);\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type DigestAlg = z.infer<typeof DigestAlgSchema>;\nexport type Digest = z.infer<typeof DigestSchema>;\nexport type PayloadRef = z.infer<typeof PayloadRefSchema>;\nexport type Executor = z.infer<typeof ExecutorSchema>;\nexport type ToolTarget = z.infer<typeof ToolTargetSchema>;\nexport type ResourceTarget = z.infer<typeof ResourceTargetSchema>;\nexport type ResultStatus = z.infer<typeof ResultSchema>['status'];\nexport type Result = z.infer<typeof ResultSchema>;\nexport type PolicyDecision = z.infer<typeof PolicyContextSchema>['decision'];\nexport type PolicyContext = z.infer<typeof PolicyContextSchema>;\nexport type Refs = z.infer<typeof RefsSchema>;\nexport type InteractionEvidenceV01 = z.infer<typeof InteractionEvidenceV01Schema>;\n\n// ============================================================================\n// Validation Result Types\n// ============================================================================\n\n/**\n * Validation error with code and optional field path\n */\nexport interface ValidationError {\n /** Machine-readable error code (E_INTERACTION_*) */\n code: string;\n /** Human-readable message */\n message: string;\n /** JSON path to the problematic field */\n field?: string;\n}\n\n/**\n * Validation warning with code and optional field path\n */\nexport interface ValidationWarning {\n /** Machine-readable warning code (W_INTERACTION_*) */\n code: string;\n /** Human-readable message */\n message: string;\n /** JSON path to the problematic field */\n field?: string;\n}\n\n/**\n * Result of interaction evidence validation.\n *\n * Warning-capable API: returns both errors (fatal) and warnings (non-fatal).\n * This enables conformance testing with warning fixtures.\n */\nexport type InteractionValidationResult =\n | { valid: true; value: InteractionEvidenceV01; warnings: ValidationWarning[] }\n | { valid: false; errors: ValidationError[]; warnings: ValidationWarning[] };\n\n// ============================================================================\n// Ordered Validation (Conformance)\n// ============================================================================\n\n/**\n * Validate interaction evidence with explicit evaluation ordering.\n *\n * Returns canonical error codes per validation ordering.\n * This function does NOT depend on Zod's internal validation ordering.\n * Cross-language implementations MUST produce identical error_code values\n * for the same invalid input.\n *\n * Validation order:\n * 1. Required field presence\n * 2. Required field format (interaction_id, kind, started_at)\n * 3. Kind format and reserved prefix check\n * 4. Executor field validation\n * 5. Optional field format (completed_at, digests, etc.)\n * 6. Cross-field invariants (timing, output-result, error-detail)\n * 7. Extension key namespacing\n * 8. Target consistency (kind prefix -> target field)\n *\n * @param input - Raw input to validate\n * @returns Validation result with canonical error codes on failure\n */\nexport function validateInteractionOrdered(input: unknown): InteractionValidationResult {\n const errors: ValidationError[] = [];\n const warnings: ValidationWarning[] = [];\n\n // Step 1: Type check (arrays are typeof 'object' but not valid input)\n if (typeof input !== 'object' || input === null || Array.isArray(input)) {\n return {\n valid: false,\n errors: [\n {\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: 'Input must be an object',\n },\n ],\n warnings: [],\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Step 2: Required field presence\n if (typeof obj.interaction_id !== 'string' || obj.interaction_id.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_ID',\n message: 'interaction_id is required',\n field: 'interaction_id',\n });\n } else if (obj.interaction_id.length > INTERACTION_LIMITS.maxInteractionIdLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: `interaction_id exceeds max length (${INTERACTION_LIMITS.maxInteractionIdLength})`,\n field: 'interaction_id',\n });\n }\n\n // Step 3: Kind format validation\n // Empty string is semantically \"missing\", not \"invalid format\"\n if (typeof obj.kind !== 'string' || obj.kind.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_KIND',\n message: 'kind is required',\n field: 'kind',\n });\n } else if (obj.kind.length < 2 || obj.kind.length > INTERACTION_LIMITS.maxKindLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_KIND_FORMAT',\n message: `kind must be 2-${INTERACTION_LIMITS.maxKindLength} characters`,\n field: 'kind',\n });\n } else if (!KIND_FORMAT_PATTERN.test(obj.kind)) {\n errors.push({\n code: 'E_INTERACTION_INVALID_KIND_FORMAT',\n message: 'kind must match pattern: lowercase, start with letter, end with alphanumeric',\n field: 'kind',\n });\n } else {\n // Check reserved prefixes\n for (const prefix of RESERVED_KIND_PREFIXES) {\n if (obj.kind.startsWith(prefix) && !WELL_KNOWN_KINDS.includes(obj.kind as never)) {\n errors.push({\n code: 'E_INTERACTION_KIND_RESERVED',\n message: `kind \"${obj.kind}\" uses reserved prefix \"${prefix}\"`,\n field: 'kind',\n });\n break;\n }\n }\n // Warn if not in well-known registry (but valid format)\n if (\n errors.length === 0 &&\n !WELL_KNOWN_KINDS.includes(obj.kind as (typeof WELL_KNOWN_KINDS)[number])\n ) {\n warnings.push({\n code: 'W_INTERACTION_KIND_UNREGISTERED',\n message: `kind \"${obj.kind}\" is not in the well-known registry`,\n field: 'kind',\n });\n }\n }\n\n // Step 4: started_at validation\n // Invalid format is treated as \"missing\" because the value is unusable\n // E_INTERACTION_INVALID_TIMING is reserved for relational errors (completed_at < started_at)\n if (typeof obj.started_at !== 'string') {\n errors.push({\n code: 'E_INTERACTION_MISSING_STARTED_AT',\n message: 'started_at is required',\n field: 'started_at',\n });\n } else {\n const startedAtDate = new Date(obj.started_at);\n if (isNaN(startedAtDate.getTime())) {\n errors.push({\n code: 'E_INTERACTION_MISSING_STARTED_AT',\n message: 'started_at must be a valid ISO 8601 datetime',\n field: 'started_at',\n });\n }\n }\n\n // Step 5: Executor validation\n if (typeof obj.executor !== 'object' || obj.executor === null) {\n errors.push({\n code: 'E_INTERACTION_MISSING_EXECUTOR',\n message: 'executor is required',\n field: 'executor',\n });\n } else {\n const executor = obj.executor as Record<string, unknown>;\n if (typeof executor.platform !== 'string' || executor.platform.length === 0) {\n errors.push({\n code: 'E_INTERACTION_MISSING_EXECUTOR',\n message: 'executor.platform is required',\n field: 'executor.platform',\n });\n } else if (executor.platform.length > INTERACTION_LIMITS.maxPlatformLength) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: `executor.platform exceeds max length (${INTERACTION_LIMITS.maxPlatformLength})`,\n field: 'executor.platform',\n });\n }\n }\n\n // Return early if we have fatal errors from required fields\n if (errors.length > 0) {\n return { valid: false, errors, warnings };\n }\n\n // Step 6: Digest validation (optional fields)\n const validateDigest = (\n digest: unknown,\n fieldPath: string\n ): { errors: ValidationError[]; valid: boolean } => {\n const digestErrors: ValidationError[] = [];\n if (typeof digest !== 'object' || digest === null) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest must be an object',\n field: fieldPath,\n });\n return { errors: digestErrors, valid: false };\n }\n const d = digest as Record<string, unknown>;\n if (!CANONICAL_DIGEST_ALGS.includes(d.alg as DigestAlg)) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST_ALG',\n message: `digest.alg must be one of: ${CANONICAL_DIGEST_ALGS.join(', ')}`,\n field: `${fieldPath}.alg`,\n });\n }\n if (typeof d.value !== 'string' || !DIGEST_VALUE_PATTERN.test(d.value)) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest.value must be 64 lowercase hex chars',\n field: `${fieldPath}.value`,\n });\n }\n if (typeof d.bytes !== 'number' || !Number.isInteger(d.bytes) || d.bytes < 0) {\n digestErrors.push({\n code: 'E_INTERACTION_INVALID_DIGEST',\n message: 'digest.bytes must be a non-negative integer',\n field: `${fieldPath}.bytes`,\n });\n }\n return { errors: digestErrors, valid: digestErrors.length === 0 };\n };\n\n // Validate input digest if present\n if (obj.input !== undefined) {\n const inputObj = obj.input as Record<string, unknown>;\n if (inputObj.digest !== undefined) {\n const result = validateDigest(inputObj.digest, 'input.digest');\n errors.push(...result.errors);\n }\n }\n\n // Validate output digest if present\n if (obj.output !== undefined) {\n const outputObj = obj.output as Record<string, unknown>;\n if (outputObj.digest !== undefined) {\n const result = validateDigest(outputObj.digest, 'output.digest');\n errors.push(...result.errors);\n }\n }\n\n // Step 7: Timing invariant (completed_at >= started_at)\n if (typeof obj.completed_at === 'string' && typeof obj.started_at === 'string') {\n const startedAt = new Date(obj.started_at).getTime();\n const completedAt = new Date(obj.completed_at).getTime();\n if (!isNaN(startedAt) && !isNaN(completedAt) && completedAt < startedAt) {\n errors.push({\n code: 'E_INTERACTION_INVALID_TIMING',\n message: 'completed_at must be >= started_at',\n field: 'completed_at',\n });\n }\n }\n\n // Step 8: Output requires result invariant\n if (obj.output !== undefined) {\n const result = obj.result as Record<string, unknown> | undefined;\n if (!result?.status) {\n errors.push({\n code: 'E_INTERACTION_MISSING_RESULT',\n message: 'result.status is required when output is present',\n field: 'result',\n });\n }\n }\n\n // Step 9: Error status requires detail (error_code OR non-empty extensions)\n // Empty extensions object {} is not valid detail\n if (obj.result !== undefined) {\n const result = obj.result as Record<string, unknown>;\n if (result.status === 'error') {\n const hasErrorCode = Boolean(result.error_code);\n const hasNonEmptyExtensions =\n obj.extensions !== undefined &&\n typeof obj.extensions === 'object' &&\n obj.extensions !== null &&\n Object.keys(obj.extensions as object).length > 0;\n if (!hasErrorCode && !hasNonEmptyExtensions) {\n errors.push({\n code: 'E_INTERACTION_MISSING_ERROR_DETAIL',\n message: 'error_code or non-empty extensions required when result.status is error',\n field: 'result.error_code',\n });\n }\n }\n }\n\n // Step 10: Extension key namespacing\n if (obj.extensions !== undefined) {\n if (typeof obj.extensions !== 'object' || obj.extensions === null) {\n errors.push({\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: 'extensions must be an object',\n field: 'extensions',\n });\n } else {\n for (const key of Object.keys(obj.extensions as object)) {\n if (!EXTENSION_KEY_PATTERN.test(key)) {\n errors.push({\n code: 'E_INTERACTION_INVALID_EXTENSION_KEY',\n message: `Invalid extension key format: \"${key}\" (must be reverse-DNS/name[@version])`,\n field: `extensions.${key}`,\n });\n }\n }\n }\n }\n\n // Step 11: Target consistency (prefix-aware, using shared helpers)\n const kind = obj.kind as string;\n const hasTool = obj.tool !== undefined;\n const hasResource = obj.resource !== undefined;\n\n // tool.* kinds MUST have tool field\n if (requiresTool(kind) && !hasTool) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires tool field`,\n field: 'tool',\n });\n }\n\n // http.* and fs.* kinds MUST have resource field with meaningful content\n if (requiresResource(kind)) {\n if (!hasResource) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires resource field`,\n field: 'resource',\n });\n } else if (!hasMeaningfulResource(obj.resource as Record<string, unknown>)) {\n errors.push({\n code: 'E_INTERACTION_MISSING_TARGET',\n message: `kind \"${kind}\" requires resource.uri to be non-empty`,\n field: 'resource.uri',\n });\n }\n }\n\n // Warn if neither target present (non-strict kinds like 'message')\n if (!hasTool && !hasResource && errors.length === 0) {\n warnings.push({\n code: 'W_INTERACTION_MISSING_TARGET',\n message: 'Neither tool nor resource field is present',\n field: 'tool',\n });\n }\n\n // Return early if we have errors\n if (errors.length > 0) {\n return { valid: false, errors, warnings };\n }\n\n // Final Zod validation for strict schema compliance\n const zodResult = InteractionEvidenceV01Schema.safeParse(input);\n if (!zodResult.success) {\n return {\n valid: false,\n errors: [\n {\n code: 'E_INTERACTION_INVALID_FORMAT',\n message: zodResult.error.issues[0]?.message || 'Schema validation failed',\n field: zodResult.error.issues[0]?.path.join('.'),\n },\n ],\n warnings,\n };\n }\n\n return { valid: true, value: zodResult.data, warnings };\n}\n\n// ============================================================================\n// Compatibility Result Type\n// ============================================================================\n\n/**\n * Simple validation result for conformance harness compatibility.\n *\n * This matches the pattern used by other PEAC validators (workflow, etc.)\n * and allows conformance fixtures to test without needing to handle the\n * full warning-capable API shape.\n */\nexport interface SimpleValidationResult {\n /** Whether the input is valid */\n valid: boolean;\n /** Error code on failure */\n error_code?: string;\n /** Field path on failure */\n error_field?: string;\n}\n\n// ============================================================================\n// Helper Functions\n// ============================================================================\n\n/**\n * Validate interaction evidence (simple API for conformance harness)\n *\n * This is the recommended entry point for conformance testing.\n * Returns a simple result matching the existing harness contract.\n *\n * ## Warnings Contract\n *\n * This compat API intentionally **omits warnings** from the result.\n * Warnings are available via validateInteractionOrdered() for consumers\n * who explicitly opt in. Stable consumers should:\n * - Use this function for pass/fail validation\n * - Use validateInteractionOrdered() only when warnings are needed\n *\n * This prevents breaking changes if warning codes are added/modified.\n *\n * @param input - Raw input to validate\n * @returns Simple validation result with error_code on failure (no warnings)\n */\nexport function validateInteraction(input: unknown): SimpleValidationResult {\n const result = validateInteractionOrdered(input);\n if (result.valid) {\n return { valid: true };\n }\n const firstError = result.errors[0];\n return {\n valid: false,\n error_code: firstError?.code,\n error_field: firstError?.field,\n };\n}\n\n/**\n * Validate interaction evidence (throwing)\n *\n * @param evidence - Object to validate\n * @returns Validated InteractionEvidenceV01\n * @throws ZodError if validation fails\n */\nexport function validateInteractionEvidence(evidence: unknown): InteractionEvidenceV01 {\n return InteractionEvidenceV01Schema.parse(evidence);\n}\n\n/**\n * Check if an object is valid interaction evidence (non-throwing)\n *\n * @param evidence - Object to check\n * @returns True if valid InteractionEvidenceV01\n */\nexport function isValidInteractionEvidence(evidence: unknown): evidence is InteractionEvidenceV01 {\n return InteractionEvidenceV01Schema.safeParse(evidence).success;\n}\n\n/**\n * Check if a kind is in the well-known registry\n *\n * @param kind - Kind string to check\n * @returns True if well-known\n */\nexport function isWellKnownKind(kind: string): kind is (typeof WELL_KNOWN_KINDS)[number] {\n return WELL_KNOWN_KINDS.includes(kind as (typeof WELL_KNOWN_KINDS)[number]);\n}\n\n/**\n * Check if a kind uses a reserved prefix\n *\n * @param kind - Kind string to check\n * @returns True if uses reserved prefix\n */\nexport function isReservedKindPrefix(kind: string): boolean {\n return RESERVED_KIND_PREFIXES.some((prefix) => kind.startsWith(prefix));\n}\n\n/**\n * Check if a digest uses truncation\n *\n * @param digest - Digest to check\n * @returns True if truncated\n */\nexport function isDigestTruncated(digest: Digest): boolean {\n return digest.alg.startsWith('sha-256:trunc-');\n}\n\n// ============================================================================\n// SDK Accessors\n// ============================================================================\n\n/**\n * Get interaction evidence from a PEAC envelope\n *\n * @param receipt - PEAC envelope to read from\n * @returns Interaction evidence if present, undefined otherwise\n */\nexport function getInteraction(receipt: PEACEnvelope): InteractionEvidenceV01 | undefined {\n return receipt.evidence?.extensions?.[INTERACTION_EXTENSION_KEY] as\n | InteractionEvidenceV01\n | undefined;\n}\n\n/**\n * Set interaction evidence on a PEAC envelope (mutates)\n *\n * @param receipt - PEAC envelope to modify\n * @param interaction - Interaction evidence to set\n */\nexport function setInteraction(receipt: PEACEnvelope, interaction: InteractionEvidenceV01): void {\n if (!receipt.evidence) {\n receipt.evidence = {};\n }\n if (!receipt.evidence.extensions) {\n receipt.evidence.extensions = {};\n }\n receipt.evidence.extensions[INTERACTION_EXTENSION_KEY] = interaction as unknown as JsonValue;\n}\n\n/**\n * Check if a PEAC envelope has interaction evidence\n *\n * @param receipt - PEAC envelope to check\n * @returns True if interaction evidence is present\n */\nexport function hasInteraction(receipt: PEACEnvelope): boolean {\n return receipt.evidence?.extensions?.[INTERACTION_EXTENSION_KEY] !== undefined;\n}\n\n// ============================================================================\n// Projection API\n// ============================================================================\n\n/**\n * ReceiptView - pure view layer that makes extensions feel like top-level fields\n *\n * Does NOT modify the underlying envelope; just provides convenient access.\n * This projection allows code to work with interaction evidence as if it were\n * a first-class field while maintaining wire format stability.\n */\nexport interface ReceiptView {\n /** The underlying envelope (unchanged) */\n readonly envelope: PEACEnvelope;\n\n /** Interaction evidence (from extension) - feels like top-level */\n readonly interaction?: InteractionEvidenceV01;\n\n /** Array form for uniform pipeline processing */\n readonly interactions: readonly InteractionEvidenceV01[];\n\n /** Workflow context (from auth.extensions) */\n readonly workflow?: WorkflowContext;\n}\n\n/**\n * Create a view over a PEAC envelope that provides first-class access\n * to extension data without modifying the wire format.\n *\n * @param envelope - PEAC envelope to create view for\n * @returns ReceiptView with convenient accessors\n *\n * @example\n * const view = createReceiptView(envelope);\n * if (view.interaction) {\n * console.log(view.interaction.kind);\n * }\n */\nexport function createReceiptView(envelope: PEACEnvelope): ReceiptView {\n const interaction = getInteraction(envelope);\n const workflow = envelope.auth?.extensions?.['org.peacprotocol/workflow'] as\n | WorkflowContext\n | undefined;\n\n return {\n envelope,\n interaction,\n interactions: interaction ? [interaction] : [],\n workflow,\n };\n}\n\n// ============================================================================\n// Factory Functions\n// ============================================================================\n\n/**\n * Parameters for creating interaction evidence\n */\nexport interface CreateInteractionParams {\n interaction_id: string;\n kind: string;\n executor: {\n platform: string;\n version?: string;\n plugin_id?: string;\n plugin_digest?: Digest;\n };\n tool?: {\n name: string;\n provider?: string;\n version?: string;\n };\n resource?: {\n uri?: string;\n method?: string;\n };\n input?: {\n digest: Digest;\n redaction: (typeof REDACTION_MODES)[number];\n };\n output?: {\n digest: Digest;\n redaction: (typeof REDACTION_MODES)[number];\n };\n started_at: string;\n completed_at?: string;\n duration_ms?: number;\n result?: {\n status: (typeof RESULT_STATUSES)[number];\n error_code?: string;\n retryable?: boolean;\n };\n policy?: {\n decision: (typeof POLICY_DECISIONS)[number];\n sandbox_enabled?: boolean;\n elevated?: boolean;\n effective_policy_digest?: Digest;\n };\n refs?: {\n payment_reference?: string;\n related_receipt_rid?: string;\n };\n extensions?: Record<string, JsonValue>;\n}\n\n/**\n * Create validated interaction evidence\n *\n * @param params - Interaction parameters\n * @returns Validated InteractionEvidenceV01\n * @throws ZodError if validation fails\n */\nexport function createInteractionEvidence(params: CreateInteractionParams): InteractionEvidenceV01 {\n const evidence: InteractionEvidenceV01 = {\n interaction_id: params.interaction_id,\n kind: params.kind,\n executor: {\n platform: params.executor.platform,\n ...(params.executor.version && { version: params.executor.version }),\n ...(params.executor.plugin_id && { plugin_id: params.executor.plugin_id }),\n ...(params.executor.plugin_digest && { plugin_digest: params.executor.plugin_digest }),\n },\n ...(params.tool && { tool: params.tool }),\n ...(params.resource && { resource: params.resource }),\n ...(params.input && { input: params.input }),\n ...(params.output && { output: params.output }),\n started_at: params.started_at,\n ...(params.completed_at && { completed_at: params.completed_at }),\n ...(params.duration_ms !== undefined && { duration_ms: params.duration_ms }),\n ...(params.result && { result: params.result }),\n ...(params.policy && { policy: params.policy }),\n ...(params.refs && { refs: params.refs }),\n ...(params.extensions && { extensions: params.extensions }),\n };\n\n return validateInteractionEvidence(evidence);\n}\n","/**\n * PEAC Obligations Extension Types (v0.9.26+)\n *\n * Defines credit and contribution obligations for receipts,\n * aligned with Creative Commons Signals framework.\n *\n * The `peac/obligations` extension allows content owners to specify\n * requirements for credit/attribution and contribution models.\n *\n * @see https://creativecommons.org/signals/ for CC Signals background\n */\nimport { z } from 'zod';\n\n// =============================================================================\n// CREDIT METHOD (v0.9.26+)\n// =============================================================================\n\n/**\n * How credit/attribution should be provided.\n *\n * - 'inline': Credit appears inline with the generated content\n * - 'references': Credit appears in a references/sources section\n * - 'model-card': Credit appears in model documentation/card\n */\nexport const CreditMethodSchema = z.enum(['inline', 'references', 'model-card']);\nexport type CreditMethod = z.infer<typeof CreditMethodSchema>;\n\n/**\n * Array of valid credit methods for runtime checks.\n */\nexport const CREDIT_METHODS = ['inline', 'references', 'model-card'] as const;\n\n// =============================================================================\n// CONTRIBUTION TYPE (v0.9.26+)\n// =============================================================================\n\n/**\n * Type of contribution model.\n *\n * - 'direct': Direct payment to content owner\n * - 'ecosystem': Contribution to ecosystem fund/coalition\n * - 'open': Freely usable (no payment required)\n */\nexport const ContributionTypeSchema = z.enum(['direct', 'ecosystem', 'open']);\nexport type ContributionType = z.infer<typeof ContributionTypeSchema>;\n\n/**\n * Array of valid contribution types for runtime checks.\n */\nexport const CONTRIBUTION_TYPES = ['direct', 'ecosystem', 'open'] as const;\n\n// =============================================================================\n// CREDIT OBLIGATION (v0.9.26+)\n// =============================================================================\n\n/**\n * CreditObligation - specifies attribution/credit requirements.\n *\n * Content owners can require credit when their content is used,\n * specifying where and how the credit should appear.\n *\n * @example\n * ```typescript\n * const credit: CreditObligation = {\n * required: true,\n * citation_url: 'https://publisher.example/collection',\n * method: 'references',\n * };\n * ```\n */\nexport const CreditObligationSchema = z\n .object({\n /** Whether credit is required (REQUIRED) */\n required: z.boolean(),\n\n /** URL for citation/attribution (OPTIONAL) */\n citation_url: z.string().url().max(2048).optional(),\n\n /** How credit should be provided (OPTIONAL, defaults to implementation choice) */\n method: CreditMethodSchema.optional(),\n\n /** Human-readable credit text template (OPTIONAL) */\n credit_text: z.string().max(1024).optional(),\n })\n .strict()\n .superRefine((data, ctx) => {\n // If credit is required, at least one of citation_url, credit_text, or method must be specified\n if (data.required && !data.citation_url && !data.credit_text && !data.method) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message:\n 'When credit is required, at least one of citation_url, credit_text, or method must be specified',\n path: ['required'],\n });\n }\n });\nexport type CreditObligation = z.infer<typeof CreditObligationSchema>;\n\n// =============================================================================\n// CONTRIBUTION OBLIGATION (v0.9.26+)\n// =============================================================================\n\n/**\n * ContributionObligation - specifies contribution/payment model.\n *\n * Aligned with CC Signals reciprocity framework:\n * - direct: Payment goes directly to content owner\n * - ecosystem: Payment goes to shared ecosystem fund\n * - open: Content is freely usable\n *\n * @example\n * ```typescript\n * const contribution: ContributionObligation = {\n * type: 'ecosystem',\n * destination: 'https://fund.creativecommons.org',\n * };\n * ```\n */\nexport const ContributionObligationSchema = z\n .object({\n /** Type of contribution (REQUIRED) */\n type: ContributionTypeSchema,\n\n /** Destination for contributions (OPTIONAL, e.g., fund URL, wallet address) */\n destination: z.string().max(2048).optional(),\n\n /** Minimum contribution amount in minor units (OPTIONAL) */\n min_amount: z.number().int().min(0).optional(),\n\n /** Currency for min_amount (OPTIONAL, ISO 4217 or crypto symbol like USDC) */\n currency: z\n .string()\n .min(3)\n .max(8)\n .regex(/^[A-Z0-9]{3,8}$/)\n .optional(),\n })\n .strict()\n .superRefine((data, ctx) => {\n // If type is 'direct' or 'ecosystem', destination is required\n if ((data.type === 'direct' || data.type === 'ecosystem') && !data.destination) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: `Destination is required when contribution type is '${data.type}'`,\n path: ['destination'],\n });\n }\n // min_amount requires currency\n if (data.min_amount !== undefined && !data.currency) {\n ctx.addIssue({\n code: z.ZodIssueCode.custom,\n message: 'Currency is required when min_amount is specified',\n path: ['currency'],\n });\n }\n });\nexport type ContributionObligation = z.infer<typeof ContributionObligationSchema>;\n\n// =============================================================================\n// OBLIGATIONS EXTENSION (v0.9.26+)\n// =============================================================================\n\n/**\n * Extension key for obligations\n */\nexport const OBLIGATIONS_EXTENSION_KEY = 'peac/obligations' as const;\n\n/**\n * ObligationsExtension - the full obligations extension block.\n *\n * This extension is added to receipt extensions under the key `peac/obligations`.\n *\n * @example\n * ```typescript\n * const receipt = {\n * // ... receipt fields ...\n * extensions: {\n * 'peac/obligations': {\n * credit: {\n * required: true,\n * citation_url: 'https://publisher.example/collection',\n * method: 'references',\n * },\n * contribution: {\n * type: 'ecosystem',\n * destination: 'https://fund.example.org',\n * },\n * },\n * },\n * };\n * ```\n */\nexport const ObligationsExtensionSchema = z\n .object({\n /** Credit/attribution obligations (OPTIONAL) */\n credit: CreditObligationSchema.optional(),\n\n /** Contribution/payment model (OPTIONAL) */\n contribution: ContributionObligationSchema.optional(),\n })\n .strict();\nexport type ObligationsExtension = z.infer<typeof ObligationsExtensionSchema>;\n\n// =============================================================================\n// VALIDATION HELPERS (v0.9.26+)\n// =============================================================================\n\n/**\n * Validate a CreditObligation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated obligation or error message\n */\nexport function validateCreditObligation(\n data: unknown\n): { ok: true; value: CreditObligation } | { ok: false; error: string } {\n const result = CreditObligationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate a ContributionObligation.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated obligation or error message\n */\nexport function validateContributionObligation(\n data: unknown\n): { ok: true; value: ContributionObligation } | { ok: false; error: string } {\n const result = ContributionObligationSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Validate an ObligationsExtension.\n *\n * @param data - Unknown data to validate\n * @returns Result with validated extension or error message\n *\n * @example\n * ```typescript\n * const result = validateObligationsExtension(data);\n * if (result.ok) {\n * if (result.value.credit?.required) {\n * console.log('Credit required:', result.value.credit.citation_url);\n * }\n * }\n * ```\n */\nexport function validateObligationsExtension(\n data: unknown\n): { ok: true; value: ObligationsExtension } | { ok: false; error: string } {\n const result = ObligationsExtensionSchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.message };\n}\n\n/**\n * Extract obligations extension from a receipt's extensions object.\n *\n * @param extensions - Extensions object from receipt\n * @returns Validated obligations or undefined if not present\n */\nexport function extractObligationsExtension(\n extensions: Record<string, unknown> | undefined\n): ObligationsExtension | undefined {\n if (!extensions || !(OBLIGATIONS_EXTENSION_KEY in extensions)) {\n return undefined;\n }\n\n const result = validateObligationsExtension(extensions[OBLIGATIONS_EXTENSION_KEY]);\n if (result.ok) {\n return result.value;\n }\n return undefined;\n}\n\n/**\n * Check if credit is required based on obligations.\n *\n * @param obligations - Obligations extension\n * @returns True if credit is explicitly required\n */\nexport function isCreditRequired(obligations: ObligationsExtension | undefined): boolean {\n return obligations?.credit?.required === true;\n}\n\n/**\n * Check if contribution is required (non-open type).\n *\n * @param obligations - Obligations extension\n * @returns True if contribution type is 'direct' or 'ecosystem'\n */\nexport function isContributionRequired(obligations: ObligationsExtension | undefined): boolean {\n const type = obligations?.contribution?.type;\n return type === 'direct' || type === 'ecosystem';\n}\n\n/**\n * Create a credit-only obligations extension.\n *\n * @param params - Credit parameters\n * @returns ObligationsExtension with credit only\n */\nexport function createCreditObligation(params: {\n required: boolean;\n citation_url?: string;\n method?: CreditMethod;\n credit_text?: string;\n}): ObligationsExtension {\n const credit: CreditObligation = { required: params.required };\n if (params.citation_url) credit.citation_url = params.citation_url;\n if (params.method) credit.method = params.method;\n if (params.credit_text) credit.credit_text = params.credit_text;\n return { credit };\n}\n\n/**\n * Create a contribution-only obligations extension.\n *\n * @param params - Contribution parameters\n * @returns ObligationsExtension with contribution only\n */\nexport function createContributionObligation(params: {\n type: ContributionType;\n destination?: string;\n min_amount?: number;\n currency?: string;\n}): ObligationsExtension {\n const contribution: ContributionObligation = { type: params.type };\n if (params.destination) contribution.destination = params.destination;\n if (params.min_amount !== undefined) contribution.min_amount = params.min_amount;\n if (params.currency) contribution.currency = params.currency;\n return { contribution };\n}\n\n/**\n * Create a full obligations extension with both credit and contribution.\n *\n * @param credit - Credit obligation parameters\n * @param contribution - Contribution obligation parameters\n * @returns Full ObligationsExtension\n */\nexport function createObligationsExtension(\n credit?: {\n required: boolean;\n citation_url?: string;\n method?: CreditMethod;\n credit_text?: string;\n },\n contribution?: {\n type: ContributionType;\n destination?: string;\n min_amount?: number;\n currency?: string;\n }\n): ObligationsExtension {\n const result: ObligationsExtension = {};\n\n if (credit) {\n result.credit = { required: credit.required };\n if (credit.citation_url) result.credit.citation_url = credit.citation_url;\n if (credit.method) result.credit.method = credit.method;\n if (credit.credit_text) result.credit.credit_text = credit.credit_text;\n }\n\n if (contribution) {\n result.contribution = { type: contribution.type };\n if (contribution.destination) result.contribution.destination = contribution.destination;\n if (contribution.min_amount !== undefined)\n result.contribution.min_amount = contribution.min_amount;\n if (contribution.currency) result.contribution.currency = contribution.currency;\n }\n\n return result;\n}\n","/**\n * PEAC Attestation Receipt Types (v0.10.8+)\n *\n * Attestation receipts are lightweight signed tokens that attest to API\n * interactions WITHOUT payment fields. This is a distinct profile from\n * full payment receipts (PEACReceiptClaims).\n *\n * Use cases:\n * - API interaction logging with evidentiary value\n * - Middleware-issued receipts for non-payment flows\n * - Audit trails for agent/tool interactions\n *\n * Claims structure:\n * - Core JWT claims: iss, aud, iat, exp\n * - PEAC claims: rid (UUIDv7 receipt ID)\n * - Optional: sub, ext (extensions including interaction binding)\n *\n * @see docs/specs/ATTESTATION-RECEIPTS.md\n */\n\nimport { z } from 'zod';\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/**\n * Attestation receipt type constant\n */\nexport const ATTESTATION_RECEIPT_TYPE = 'peac/attestation-receipt' as const;\n\n/**\n * Extension key for minimal interaction binding (middleware profile)\n *\n * This is a simplified binding used by middleware packages. For full\n * interaction evidence, use INTERACTION_EXTENSION_KEY from ./interaction.ts\n */\nexport const MIDDLEWARE_INTERACTION_KEY = 'org.peacprotocol/middleware-interaction@0.1';\n\n/**\n * Limits for attestation receipt fields (DoS protection)\n */\nexport const ATTESTATION_LIMITS = {\n /** Maximum issuer URL length */\n maxIssuerLength: 2048,\n /** Maximum audience URL length */\n maxAudienceLength: 2048,\n /** Maximum subject length */\n maxSubjectLength: 256,\n /** Maximum path length in interaction binding */\n maxPathLength: 2048,\n /** Maximum method length */\n maxMethodLength: 16,\n /** Maximum HTTP status code */\n maxStatusCode: 599,\n /** Minimum HTTP status code */\n minStatusCode: 100,\n} as const;\n\n// ============================================================================\n// Zod Schemas\n// ============================================================================\n\n/**\n * HTTPS URL validation (reused from validators.ts pattern)\n */\nconst httpsUrl = z\n .string()\n .url()\n .max(ATTESTATION_LIMITS.maxIssuerLength)\n .refine((url) => url.startsWith('https://'), 'Must be HTTPS URL');\n\n/**\n * UUIDv7 format validation\n */\nconst uuidv7 = z\n .string()\n .regex(\n /^[0-9a-f]{8}-[0-9a-f]{4}-7[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i,\n 'Must be UUIDv7 format'\n );\n\n/**\n * Minimal interaction binding schema (for middleware use)\n *\n * This is a simplified version of full interaction evidence.\n * Contains only: method, path, status.\n *\n * Privacy note: Query strings are excluded by default to avoid\n * leaking sensitive data (API keys, tokens, PII in parameters).\n */\nexport const MinimalInteractionBindingSchema = z\n .object({\n /** HTTP method (uppercase, e.g., GET, POST) */\n method: z\n .string()\n .min(1)\n .max(ATTESTATION_LIMITS.maxMethodLength)\n .transform((m) => m.toUpperCase()),\n /** Request path (no query string by default) */\n path: z.string().min(1).max(ATTESTATION_LIMITS.maxPathLength),\n /** HTTP response status code */\n status: z\n .number()\n .int()\n .min(ATTESTATION_LIMITS.minStatusCode)\n .max(ATTESTATION_LIMITS.maxStatusCode),\n })\n .strict();\n\n/**\n * Attestation receipt extensions schema\n *\n * Allows interaction binding and other namespaced extensions.\n */\nexport const AttestationExtensionsSchema = z.record(z.string(), z.unknown());\n\n/**\n * PEAC Attestation Receipt Claims schema\n *\n * This is the claims structure for attestation receipts - lightweight\n * receipts without payment fields. For full payment receipts, use\n * ReceiptClaimsSchema from ./validators.ts\n */\nexport const AttestationReceiptClaimsSchema = z\n .object({\n /** Issuer URL (normalized, no trailing slash) */\n iss: httpsUrl,\n /** Audience URL */\n aud: httpsUrl,\n /** Issued at (Unix seconds) */\n iat: z.number().int().nonnegative(),\n /** Expiration (Unix seconds) */\n exp: z.number().int().nonnegative(),\n /** Receipt ID (UUIDv7) */\n rid: uuidv7,\n /** Subject identifier (optional) */\n sub: z.string().max(ATTESTATION_LIMITS.maxSubjectLength).optional(),\n /** Extensions (optional) */\n ext: AttestationExtensionsSchema.optional(),\n })\n .strict();\n\n// ============================================================================\n// TypeScript Types (inferred from Zod schemas)\n// ============================================================================\n\nexport type MinimalInteractionBinding = z.infer<typeof MinimalInteractionBindingSchema>;\nexport type AttestationExtensions = z.infer<typeof AttestationExtensionsSchema>;\nexport type AttestationReceiptClaims = z.infer<typeof AttestationReceiptClaimsSchema>;\n\n// ============================================================================\n// Validation Helpers\n// ============================================================================\n\n/**\n * Validation result type\n */\nexport interface AttestationValidationResult {\n valid: boolean;\n error_code?: string;\n error_message?: string;\n}\n\n/**\n * Validate attestation receipt claims\n *\n * @param input - Raw input to validate\n * @returns Validation result\n */\nexport function validateAttestationReceiptClaims(input: unknown): AttestationValidationResult {\n const result = AttestationReceiptClaimsSchema.safeParse(input);\n if (result.success) {\n return { valid: true };\n }\n const firstIssue = result.error.issues[0];\n return {\n valid: false,\n error_code: 'E_ATTESTATION_INVALID_CLAIMS',\n error_message: firstIssue?.message || 'Invalid attestation receipt claims',\n };\n}\n\n/**\n * Check if an object is valid attestation receipt claims (non-throwing)\n *\n * @param claims - Object to check\n * @returns True if valid AttestationReceiptClaims\n */\nexport function isAttestationReceiptClaims(claims: unknown): claims is AttestationReceiptClaims {\n return AttestationReceiptClaimsSchema.safeParse(claims).success;\n}\n\n/**\n * Validate minimal interaction binding\n *\n * @param input - Raw input to validate\n * @returns Validation result\n */\nexport function validateMinimalInteractionBinding(input: unknown): AttestationValidationResult {\n const result = MinimalInteractionBindingSchema.safeParse(input);\n if (result.success) {\n return { valid: true };\n }\n const firstIssue = result.error.issues[0];\n return {\n valid: false,\n error_code: 'E_ATTESTATION_INVALID_INTERACTION',\n error_message: firstIssue?.message || 'Invalid interaction binding',\n };\n}\n\n/**\n * Check if an object is valid minimal interaction binding (non-throwing)\n *\n * @param binding - Object to check\n * @returns True if valid MinimalInteractionBinding\n */\nexport function isMinimalInteractionBinding(\n binding: unknown\n): binding is MinimalInteractionBinding {\n return MinimalInteractionBindingSchema.safeParse(binding).success;\n}\n\n// ============================================================================\n// Factory Functions\n// ============================================================================\n\n/**\n * Parameters for creating attestation receipt claims\n */\nexport interface CreateAttestationReceiptParams {\n /** Issuer URL (will be normalized) */\n issuer: string;\n /** Audience URL */\n audience: string;\n /** Receipt ID (UUIDv7) */\n rid: string;\n /** Subject identifier (optional) */\n sub?: string;\n /** Interaction binding (optional) */\n interaction?: MinimalInteractionBinding;\n /** Additional extensions (optional) */\n extensions?: Record<string, unknown>;\n /** Expiration in seconds from now (default: 300) */\n expiresIn?: number;\n}\n\n/**\n * Create validated attestation receipt claims\n *\n * @param params - Attestation receipt parameters\n * @returns Validated AttestationReceiptClaims\n * @throws ZodError if validation fails\n */\nexport function createAttestationReceiptClaims(\n params: CreateAttestationReceiptParams\n): AttestationReceiptClaims {\n const now = Math.floor(Date.now() / 1000);\n const expiresIn = params.expiresIn ?? 300;\n\n // Normalize issuer (remove trailing slashes)\n // Using explicit loop instead of regex to avoid ReDoS with quantifiers\n let normalizedIssuer = params.issuer;\n while (normalizedIssuer.endsWith('/')) {\n normalizedIssuer = normalizedIssuer.slice(0, -1);\n }\n\n // Build extensions\n const ext: Record<string, unknown> = { ...params.extensions };\n if (params.interaction) {\n ext[MIDDLEWARE_INTERACTION_KEY] = params.interaction;\n }\n\n const claims: AttestationReceiptClaims = {\n iss: normalizedIssuer,\n aud: params.audience,\n iat: now,\n exp: now + expiresIn,\n rid: params.rid,\n ...(params.sub && { sub: params.sub }),\n ...(Object.keys(ext).length > 0 && { ext }),\n };\n\n return AttestationReceiptClaimsSchema.parse(claims);\n}\n\n// ============================================================================\n// Type Guard for Receipt Profile Discrimination\n// ============================================================================\n\n/**\n * Check if claims are attestation-only (no payment fields)\n *\n * This helps discriminate between attestation receipts and\n * full payment receipts at runtime.\n *\n * @param claims - Receipt claims to check\n * @returns True if claims lack payment fields (amt, cur, payment)\n */\nexport function isAttestationOnly(claims: Record<string, unknown>): boolean {\n return !('amt' in claims) && !('cur' in claims) && !('payment' in claims);\n}\n\n/**\n * Check if claims are payment receipt (has payment fields)\n *\n * @param claims - Receipt claims to check\n * @returns True if claims have payment fields\n */\nexport function isPaymentReceipt(claims: Record<string, unknown>): boolean {\n return 'amt' in claims && 'cur' in claims && 'payment' in claims;\n}\n","/**\n * Evidence Carrier Contract schemas and helpers\n *\n * Zod validation schemas for PeacEvidenceCarrier and CarrierMeta,\n * plus the canonical computeReceiptRef() and validateCarrierConstraints()\n * functions used by all carrier adapters.\n */\nimport { z } from 'zod';\n\nimport type {\n CarrierFormat,\n CarrierMeta,\n CarrierValidationResult,\n PeacEvidenceCarrier,\n ReceiptRef,\n} from '@peac/kernel';\n\nimport { KERNEL_CONSTRAINTS } from './constraints';\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/** Maximum carrier size per transport */\nexport const CARRIER_TRANSPORT_LIMITS = {\n /** MCP _meta: 64 KB */\n mcp: 65_536,\n /** A2A metadata: 64 KB */\n a2a: 65_536,\n /** ACP embed in body: 64 KB; headers only: 8 KB */\n acp_embed: 65_536,\n acp_headers: 8_192,\n /** UCP webhook body: 64 KB */\n ucp: 65_536,\n /** x402 embed in body: 64 KB; headers only: 8 KB */\n x402_embed: 65_536,\n x402_headers: 8_192,\n /** HTTP headers only: 8 KB */\n http: 8_192,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Schemas\n// ---------------------------------------------------------------------------\n\n/** Validates a content-addressed receipt reference: sha256:<64 hex chars> */\nexport const ReceiptRefSchema = z\n .string()\n .regex(/^sha256:[a-f0-9]{64}$/, 'receipt_ref must be sha256:<64 hex chars>');\n\n/** Validates a compact JWS: header.payload.signature (base64url parts) */\nexport const CompactJwsSchema = z\n .string()\n .regex(\n /^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/,\n 'receipt_jws must be a valid compact JWS (header.payload.signature)'\n );\n\n/** Carrier format schema */\nexport const CarrierFormatSchema = z.enum(['embed', 'reference']);\n\n/**\n * Validates receipt_url: HTTPS-only, max 2048 chars, no credentials.\n * Validation only: no I/O, no fetch. Resolution lives in Layer 4.\n */\nexport const ReceiptUrlSchema = z\n .string()\n .url()\n .max(2048)\n .refine((url) => url.startsWith('https://'), {\n message: 'receipt_url must use HTTPS scheme',\n })\n .refine(\n (url) => {\n try {\n const parsed = new URL(url);\n return !parsed.username && !parsed.password;\n } catch {\n return false;\n }\n },\n {\n message: 'receipt_url must not contain credentials',\n }\n );\n\n/** Schema for PeacEvidenceCarrier */\nexport const PeacEvidenceCarrierSchema = z.object({\n receipt_ref: ReceiptRefSchema,\n receipt_jws: CompactJwsSchema.optional(),\n receipt_url: ReceiptUrlSchema.optional(),\n policy_binding: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n actor_binding: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n request_nonce: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n verification_report_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n use_policy_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n representation_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n attestation_ref: z.string().max(KERNEL_CONSTRAINTS.MAX_STRING_LENGTH).optional(),\n});\n\n/** Schema for CarrierMeta */\nexport const CarrierMetaSchema = z.object({\n transport: z.string().min(1),\n format: CarrierFormatSchema,\n max_size: z.number().int().positive(),\n redaction: z.array(z.string()).optional(),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Canonical receipt_ref computation (single source of truth).\n *\n * Computes SHA-256 of the UTF-8 bytes of the compact JWS string as emitted.\n * All carrier adapters MUST use this function rather than computing SHA-256\n * locally, to ensure consistency across protocols (correction item 4).\n */\nexport async function computeReceiptRef(jws: string): Promise<ReceiptRef> {\n if (!globalThis.crypto?.subtle) {\n throw new Error(\n 'computeReceiptRef requires WebCrypto (crypto.subtle). ' +\n 'Supported runtimes: Node >= 20, Cloudflare Workers, Deno, Bun.'\n );\n }\n const data = new TextEncoder().encode(jws);\n const hash = await globalThis.crypto.subtle.digest('SHA-256', data);\n const hex = Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n return `sha256:${hex}` as ReceiptRef;\n}\n\n/**\n * Canonical carrier constraint validator.\n *\n * Validates a carrier against transport-specific constraints using\n * the provided CarrierMeta. This is the single validation function\n * that all CarrierAdapter.validateConstraints() implementations delegate to.\n *\n * Checks performed:\n * 1. receipt_ref format (sha256:<hex64>)\n * 2. receipt_jws format (if present): valid compact JWS\n * 3. Total serialized size within meta.max_size\n * 4. If receipt_jws present: receipt_ref consistency\n * 5. All string fields within MAX_STRING_LENGTH\n */\nexport function validateCarrierConstraints(\n carrier: PeacEvidenceCarrier,\n meta: CarrierMeta\n): CarrierValidationResult {\n const violations: string[] = [];\n\n // 1. receipt_ref format\n const refResult = ReceiptRefSchema.safeParse(carrier.receipt_ref);\n if (!refResult.success) {\n violations.push(`invalid receipt_ref format: ${carrier.receipt_ref}`);\n }\n\n // 2. receipt_jws format (if present)\n if (carrier.receipt_jws !== undefined) {\n const jwsResult = CompactJwsSchema.safeParse(carrier.receipt_jws);\n if (!jwsResult.success) {\n violations.push('invalid receipt_jws format: not a valid compact JWS');\n }\n }\n\n // 3. Total serialized size check\n const serialized = JSON.stringify(carrier);\n const sizeBytes = new TextEncoder().encode(serialized).byteLength;\n if (sizeBytes > meta.max_size) {\n violations.push(\n `carrier size ${sizeBytes} bytes exceeds transport limit ${meta.max_size} bytes for ${meta.transport}`\n );\n }\n\n // 4. receipt_url validation (HTTPS-only, max 2048, no credentials)\n if (carrier.receipt_url !== undefined) {\n const urlResult = ReceiptUrlSchema.safeParse(carrier.receipt_url);\n if (!urlResult.success) {\n for (const issue of urlResult.error.issues) {\n violations.push(`invalid receipt_url: ${issue.message}`);\n }\n }\n }\n\n // 5. String field length checks\n const stringFields: Array<[string, string | undefined]> = [\n ['policy_binding', carrier.policy_binding],\n ['actor_binding', carrier.actor_binding],\n ['request_nonce', carrier.request_nonce],\n ['verification_report_ref', carrier.verification_report_ref],\n ['use_policy_ref', carrier.use_policy_ref],\n ['representation_ref', carrier.representation_ref],\n ['attestation_ref', carrier.attestation_ref],\n ];\n\n for (const [name, value] of stringFields) {\n if (value !== undefined && value.length > KERNEL_CONSTRAINTS.MAX_STRING_LENGTH) {\n violations.push(\n `${name} length ${value.length} exceeds MAX_STRING_LENGTH ${KERNEL_CONSTRAINTS.MAX_STRING_LENGTH}`\n );\n }\n }\n\n return { valid: violations.length === 0, violations };\n}\n\n/**\n * Verify receipt_ref consistency with receipt_jws.\n *\n * If both receipt_ref and receipt_jws are present, verifies that\n * sha256(receipt_jws) equals receipt_ref. This prevents carrier\n * tampering after attachment.\n *\n * Returns null if consistent or receipt_jws is absent;\n * returns an error string if inconsistent.\n */\nexport async function verifyReceiptRefConsistency(\n carrier: PeacEvidenceCarrier\n): Promise<string | null> {\n if (carrier.receipt_jws === undefined) {\n return null;\n }\n const computed = await computeReceiptRef(carrier.receipt_jws);\n if (computed !== carrier.receipt_ref) {\n return `receipt_ref mismatch: expected ${computed}, got ${carrier.receipt_ref}`;\n }\n return null;\n}\n\n// ---------------------------------------------------------------------------\n// Re-export types for convenience\n// ---------------------------------------------------------------------------\n\nexport type {\n CarrierFormat,\n CarrierMeta,\n CarrierValidationResult,\n PeacEvidenceCarrier,\n ReceiptRef,\n CarrierAdapter,\n} from '@peac/kernel';\n","/**\n * Wire 0.2 RepresentationFields schema\n *\n * Records metadata about the content representation that was observed or served,\n * enabling reproducible content drift detection.\n *\n * Layer 1 (@peac/schema): pure Zod validation, zero I/O.\n *\n * content_hash validation uses stringToFingerprintRef() as the parser gate\n * and additionally requires alg === 'sha256'. The hmac-sha256 algorithm is\n * not permitted for representation hashes (sha256-only by design).\n */\n\nimport { z } from 'zod';\nimport {\n stringToFingerprintRef,\n MAX_FINGERPRINT_REF_LENGTH,\n} from './extensions/fingerprint-ref.js';\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that a content_hash string is a valid sha256 FingerprintRef.\n *\n * Uses stringToFingerprintRef() as the parser gate (format correctness),\n * then additionally requires alg === 'sha256'. hmac-sha256 is rejected\n * for representation content hashes.\n */\nfunction isValidContentHash(s: string): boolean {\n const ref = stringToFingerprintRef(s);\n if (ref === null) return false;\n // Only sha256 is permitted for representation.content_hash\n return ref.alg === 'sha256';\n}\n\n/**\n * Conservative MIME type validation.\n *\n * Accepts the token/token form with optional parameters (type/subtype;key=value).\n * Does NOT attempt full RFC 9110/6838 grammar parsing.\n *\n * Valid examples: text/plain, application/json, application/json; charset=utf-8\n * Invalid examples: \"text\", \"text/\", \" text/plain\", \"\"\n */\nconst MIME_PATTERN =\n /^[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*\\/[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*(;\\s*[a-zA-Z0-9][a-zA-Z0-9!#$&\\-^_.+]*=[^\\s;]+)*$/;\n\nfunction isValidMimeType(s: string): boolean {\n return MIME_PATTERN.test(s);\n}\n\n// ---------------------------------------------------------------------------\n// Bounds constants (follows repo _LIMITS convention)\n// ---------------------------------------------------------------------------\n\n/**\n * Normative bounds for Wire 0.2 representation fields.\n *\n * Centralised to prevent magic numbers and allow external reference.\n */\nexport const REPRESENTATION_LIMITS = {\n /** Max content_hash string length (sha256:<64 hex> = 71 chars, capped at FingerprintRef max) */\n maxContentHashLength: MAX_FINGERPRINT_REF_LENGTH,\n /** Max content_type string length */\n maxContentTypeLength: 256,\n} as const;\n\n// ---------------------------------------------------------------------------\n// Wire02RepresentationFieldsSchema\n// ---------------------------------------------------------------------------\n\n/**\n * Zod schema for Wire 0.2 representation fields.\n *\n * All fields are optional; an empty object is valid.\n * Unknown keys are rejected (.strict()).\n *\n * Bounds:\n * - content_hash: max 76 chars (MAX_FINGERPRINT_REF_LENGTH), sha256-only\n * - content_type: max 256 chars, conservative MIME pattern\n * - content_length: non-negative integer, <= Number.MAX_SAFE_INTEGER\n */\nexport const Wire02RepresentationFieldsSchema = z\n .object({\n /**\n * FingerprintRef of the served content body.\n * Format: sha256:<64 lowercase hex>\n * hmac-sha256 is NOT permitted for representation hashes.\n */\n content_hash: z\n .string()\n .max(REPRESENTATION_LIMITS.maxContentHashLength)\n .refine(isValidContentHash, {\n message: 'content_hash must be a valid sha256 FingerprintRef (sha256:<64 lowercase hex>)',\n })\n .optional(),\n /**\n * MIME type of the served content (e.g., 'text/plain', 'application/json').\n * Conservative pattern validation: type/subtype with optional parameters.\n */\n content_type: z\n .string()\n .max(REPRESENTATION_LIMITS.maxContentTypeLength)\n .refine(isValidMimeType, {\n message: 'content_type must be a valid MIME type (type/subtype with optional parameters)',\n })\n .optional(),\n /**\n * Size of the served content in bytes.\n * Non-negative integer, bounded by Number.MAX_SAFE_INTEGER.\n */\n content_length: z.number().int().finite().nonnegative().max(Number.MAX_SAFE_INTEGER).optional(),\n })\n .strict();\n\n/** Inferred type for Wire 0.2 representation fields */\nexport type Wire02RepresentationFields = z.infer<typeof Wire02RepresentationFieldsSchema>;\n\n/**\n * Public export alias.\n * Internal name is Wire02RepresentationFieldsSchema to prevent wire-version\n * collisions; exported as RepresentationFieldsSchema for ergonomic use.\n */\nexport { Wire02RepresentationFieldsSchema as RepresentationFieldsSchema };\n","/**\n * Wire 0.2 Extension Group Limits\n *\n * Centralized per-field bounds for all Wire 0.2 extension group fields.\n * Prevents magic numbers and allows external reference.\n * Follows repo _LIMITS convention.\n *\n * Byte-budget constants are normative and live in @peac/kernel\n * (EXTENSION_BUDGET). Re-exported here for schema-layer convenience.\n */\n\n// Re-export kernel byte-budget constants for schema-layer consumers\nexport { EXTENSION_BUDGET } from '@peac/kernel';\n\n/**\n * Normative per-field bounds for Wire 0.2 extension group fields.\n */\nexport const EXTENSION_LIMITS = {\n // Extension key grammar\n maxExtensionKeyLength: 512,\n maxDnsLabelLength: 63,\n maxDnsDomainLength: 253,\n\n // Commerce\n maxPaymentRailLength: 128,\n maxCurrencyLength: 16,\n maxAmountMinorLength: 64,\n maxReferenceLength: 256,\n maxAssetLength: 256,\n maxCommerceEventLength: 64,\n\n // Access\n maxResourceLength: 2048,\n maxActionLength: 256,\n\n // Challenge\n maxProblemTypeLength: 2048,\n maxProblemTitleLength: 256,\n maxProblemDetailLength: 4096,\n maxProblemInstanceLength: 2048,\n\n // Identity\n maxProofRefLength: 256,\n\n // Correlation\n maxTraceIdLength: 32,\n maxSpanIdLength: 16,\n maxWorkflowIdLength: 256,\n maxParentJtiLength: 256,\n maxDependsOnLength: 64,\n\n // Consent\n maxConsentBasisLength: 128,\n maxConsentMethodLength: 128,\n maxDataCategoriesCount: 64,\n maxDataCategoryLength: 128,\n maxConsentScopeLength: 256,\n maxJurisdictionLength: 16,\n\n // Compliance\n maxFrameworkLength: 256,\n maxAuditRefLength: 256,\n maxAuditorLength: 256,\n maxComplianceScopeLength: 512,\n\n // Privacy\n maxDataClassificationLength: 128,\n maxProcessingBasisLength: 128,\n maxAnonymizationMethodLength: 128,\n maxDataSubjectCategoryLength: 128,\n maxTransferMechanismLength: 128,\n\n // Safety\n maxAssessmentMethodLength: 256,\n maxSafetyMeasuresCount: 32,\n maxSafetyMeasureLength: 256,\n maxIncidentRefLength: 256,\n maxModelRefLength: 256,\n maxSafetyCategoryLength: 128,\n\n // Provenance\n maxSourceTypeLength: 128,\n maxSourceRefLength: 256,\n maxVerificationMethodLength: 128,\n maxCustodyChainCount: 16,\n maxCustodianLength: 256,\n maxCustodyActionLength: 128,\n maxSlsaTrackLength: 64,\n maxSlsaVersionLength: 16,\n\n // Attribution\n maxCreatorRefLength: 256,\n maxObligationTypeLength: 128,\n maxAttributionTextLength: 1024,\n maxContentSignalSourceLength: 128,\n\n // Purpose\n maxExternalPurposesCount: 32,\n maxExternalPurposeLength: 128,\n maxPurposeBasisLength: 128,\n maxCompatiblePurposesCount: 32,\n\n // Shared field bounds\n maxHttpsUriLength: 2048,\n maxSha256DigestLength: 71, // \"sha256:\" (7) + 64 hex = 71 chars\n maxIso8601DurationLength: 64,\n maxIso8601DateLength: 10,\n maxSpdxExpressionLength: 128,\n} as const;\n","/**\n * Wire 0.2 Extension Key Grammar Validator\n *\n * Validates that extension keys conform to the Wire 0.2 reverse-DNS\n * extension key grammar: `<domain>/<segment>`.\n *\n * Extracted from the monolithic wire-02-extensions.ts for maintainability.\n */\n\nimport { EXTENSION_LIMITS } from './limits.js';\n\n/**\n * DNS label pattern: lowercase alphanumeric, may contain hyphens but not at\n * start or end. Single-char labels are valid (e.g., \"a\").\n */\nconst DNS_LABEL = /^[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/;\n\n/**\n * Segment pattern: lowercase alphanumeric start, may contain lowercase\n * alphanumeric, underscores, and hyphens.\n */\nconst SEGMENT_PATTERN = /^[a-z0-9][a-z0-9_-]*$/;\n\n/**\n * Validate that an extension key conforms to the Wire 0.2 extension key\n * grammar: `<domain>/<segment>`.\n *\n * Domain rules:\n * - At least one dot (distinguishes from single-label paths)\n * - Each label matches [a-z0-9]([a-z0-9-]*[a-z0-9])? (lowercase only)\n * - No uppercase letters anywhere in the domain\n *\n * Segment rules:\n * - Matches [a-z0-9][a-z0-9_-]* (lowercase only)\n * - Underscores are permitted (for extension names like credential_event)\n *\n * @param key - Extension key to validate\n * @returns true if valid extension key grammar; false otherwise\n */\nexport function isValidExtensionKey(key: string): boolean {\n if (key.length === 0 || key.length > EXTENSION_LIMITS.maxExtensionKeyLength) return false;\n\n const slashIdx = key.indexOf('/');\n if (slashIdx <= 0) return false;\n\n const domain = key.slice(0, slashIdx);\n const segment = key.slice(slashIdx + 1);\n\n if (!domain.includes('.')) return false;\n if (domain.length > EXTENSION_LIMITS.maxDnsDomainLength) return false;\n\n if (segment.length === 0) return false;\n if (!SEGMENT_PATTERN.test(segment)) return false;\n\n const labels = domain.split('.');\n for (const label of labels) {\n if (label.length === 0 || label.length > EXTENSION_LIMITS.maxDnsLabelLength) return false;\n if (!DNS_LABEL.test(label)) return false;\n }\n\n return true;\n}\n\n/**\n * Escape a single path segment per RFC 6901.\n * '~' -> '~0', '/' -> '~1'\n */\nexport function escapePointerSegment(s: string): string {\n return s.replace(/~/g, '~0').replace(/\\//g, '~1');\n}\n\n/**\n * Build a leaf-precise RFC 6901 JSON Pointer from a group key and Zod\n * issue path.\n *\n * @param groupKey - Extension group key (e.g., 'org.peacprotocol/commerce')\n * @param zodPath - Path array from the first Zod issue\n * @returns RFC 6901 pointer string\n */\nexport function zodPathToPointer(groupKey: string, zodPath: readonly PropertyKey[]): string {\n const escaped = escapePointerSegment(groupKey);\n const segments = zodPath.map((s) => escapePointerSegment(String(s)));\n return `/extensions/${escaped}` + (segments.length > 0 ? '/' + segments.join('/') : '');\n}\n","/**\n * Commerce Extension Group (org.peacprotocol/commerce)\n *\n * Records payment transaction evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const COMMERCE_EXTENSION_KEY = 'org.peacprotocol/commerce' as const;\n\n/** Base-10 integer string: optional leading minus, one or more digits */\nconst AMOUNT_MINOR_PATTERN = /^-?[0-9]+$/;\n\n/**\n * Shared amount_minor string schema. Single source of truth for both\n * CommerceExtensionSchema.shape.amount_minor and isValidAmountMinor().\n */\nexport const AmountMinorStringSchema = z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxAmountMinorLength)\n .regex(\n AMOUNT_MINOR_PATTERN,\n 'amount_minor must be a base-10 integer string (e.g., \"1000\", \"-50\")'\n );\n\n/**\n * Validate an amount_minor string against the commerce extension schema.\n *\n * Uses the same shared schema as CommerceExtensionSchema.shape.amount_minor.\n * Returns true only if the value passes validation. Does not coerce,\n * normalize, or silently accept invalid values.\n *\n * @param value - Candidate amount_minor string\n * @returns true if valid, false otherwise\n */\nexport function isValidAmountMinor(value: unknown): value is string {\n return AmountMinorStringSchema.safeParse(value).success;\n}\n\nexport const CommerceExtensionSchema = z\n .object({\n /** Payment rail identifier (e.g., 'stripe', 'x402', 'lightning') */\n payment_rail: z.string().min(1).max(EXTENSION_LIMITS.maxPaymentRailLength),\n /**\n * Amount in smallest currency unit as a string for arbitrary precision.\n * Base-10 integer: optional leading minus, one or more digits.\n * Decimals and empty strings are rejected.\n */\n amount_minor: AmountMinorStringSchema,\n /** ISO 4217 currency code or asset identifier */\n currency: z.string().min(1).max(EXTENSION_LIMITS.maxCurrencyLength),\n /** Caller-assigned payment reference */\n reference: z.string().max(EXTENSION_LIMITS.maxReferenceLength).optional(),\n /** Asset identifier for non-fiat (e.g., token address) */\n asset: z.string().max(EXTENSION_LIMITS.maxAssetLength).optional(),\n /** Environment discriminant */\n env: z.enum(['live', 'test']).optional(),\n /** Commerce lifecycle phase. Observational metadata only: does not encode settlement finality or protocol state transitions */\n event: z\n .enum(['authorization', 'capture', 'settlement', 'refund', 'void', 'chargeback'])\n .optional(),\n })\n .strict();\n\nexport type CommerceExtension = z.infer<typeof CommerceExtensionSchema>;\n","/**\n * Access Extension Group (org.peacprotocol/access)\n *\n * Records access control decision evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const ACCESS_EXTENSION_KEY = 'org.peacprotocol/access' as const;\n\nexport const AccessExtensionSchema = z\n .object({\n /** Resource being accessed (URI or identifier) */\n resource: z.string().min(1).max(EXTENSION_LIMITS.maxResourceLength),\n /** Action performed on the resource */\n action: z.string().min(1).max(EXTENSION_LIMITS.maxActionLength),\n /** Access decision */\n decision: z.enum(['allow', 'deny', 'review']),\n })\n .strict();\n\nexport type AccessExtension = z.infer<typeof AccessExtensionSchema>;\n","/**\n * Challenge Extension Group (org.peacprotocol/challenge)\n *\n * Records challenge issuance with RFC 9457 Problem Details.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const CHALLENGE_EXTENSION_KEY = 'org.peacprotocol/challenge' as const;\n\n/**\n * Challenge type values (7 total, P0-6).\n * Includes purpose_disallowed (reviewer fix: 7 not 6).\n */\nexport const CHALLENGE_TYPES = [\n 'payment_required',\n 'identity_required',\n 'consent_required',\n 'attestation_required',\n 'rate_limited',\n 'purpose_disallowed',\n 'custom',\n] as const;\n\nexport const ChallengeTypeSchema = z.enum(CHALLENGE_TYPES);\nexport type ChallengeType = z.infer<typeof ChallengeTypeSchema>;\n\n/**\n * RFC 9457 Problem Details schema (P0-5).\n *\n * Uses .passthrough() for extension members per RFC 9457 Section 6.2.\n * Required fields: status (HTTP status code), type (problem type URI).\n * Optional fields: title, detail, instance.\n */\nexport const ProblemDetailsSchema = z\n .object({\n /** HTTP status code (100-599) */\n status: z.number().int().min(100).max(599),\n /** Problem type URI */\n type: z.string().min(1).max(EXTENSION_LIMITS.maxProblemTypeLength).url(),\n /** Short human-readable summary */\n title: z.string().max(EXTENSION_LIMITS.maxProblemTitleLength).optional(),\n /** Human-readable explanation specific to this occurrence */\n detail: z.string().max(EXTENSION_LIMITS.maxProblemDetailLength).optional(),\n /** URI reference identifying the specific occurrence */\n instance: z.string().max(EXTENSION_LIMITS.maxProblemInstanceLength).optional(),\n })\n .passthrough();\n\nexport const ChallengeExtensionSchema = z\n .object({\n /** Challenge type (7 values) */\n challenge_type: ChallengeTypeSchema,\n /** RFC 9457 Problem Details */\n problem: ProblemDetailsSchema,\n /** Resource that triggered the challenge */\n resource: z.string().max(EXTENSION_LIMITS.maxResourceLength).optional(),\n /** Action that triggered the challenge */\n action: z.string().max(EXTENSION_LIMITS.maxActionLength).optional(),\n /** Caller-defined requirements for resolving the challenge */\n requirements: z.record(z.string(), z.unknown()).optional(),\n })\n .strict();\n\nexport type ChallengeExtension = z.infer<typeof ChallengeExtensionSchema>;\n","/**\n * Identity Extension Group (org.peacprotocol/identity)\n *\n * Records identity verification or attestation evidence.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const IDENTITY_EXTENSION_KEY = 'org.peacprotocol/identity' as const;\n\nexport const IdentityExtensionSchema = z\n .object({\n /** Proof reference (opaque string; no actor_binding: top-level actor is sole location) */\n proof_ref: z.string().max(EXTENSION_LIMITS.maxProofRefLength).optional(),\n })\n .strict();\n\nexport type IdentityExtension = z.infer<typeof IdentityExtensionSchema>;\n","/**\n * Correlation Extension Group (org.peacprotocol/correlation)\n *\n * Records workflow correlation and traceability metadata.\n * OpenTelemetry-compatible trace and span IDs.\n * Shipped in v0.12.0-preview.1.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const CORRELATION_EXTENSION_KEY = 'org.peacprotocol/correlation' as const;\n\n/** OpenTelemetry trace ID: exactly 32 lowercase hex chars */\nconst TRACE_ID_PATTERN = /^[0-9a-f]{32}$/;\n\n/** OpenTelemetry span ID: exactly 16 lowercase hex chars */\nconst SPAN_ID_PATTERN = /^[0-9a-f]{16}$/;\n\nexport const CorrelationExtensionSchema = z\n .object({\n /** OpenTelemetry-compatible trace ID (32 lowercase hex chars) */\n trace_id: z\n .string()\n .length(EXTENSION_LIMITS.maxTraceIdLength)\n .regex(TRACE_ID_PATTERN, 'trace_id must be 32 lowercase hex characters')\n .optional(),\n /** OpenTelemetry-compatible span ID (16 lowercase hex chars) */\n span_id: z\n .string()\n .length(EXTENSION_LIMITS.maxSpanIdLength)\n .regex(SPAN_ID_PATTERN, 'span_id must be 16 lowercase hex characters')\n .optional(),\n /** Workflow identifier */\n workflow_id: z.string().min(1).max(EXTENSION_LIMITS.maxWorkflowIdLength).optional(),\n /** Parent receipt JTI for causal chains */\n parent_jti: z.string().min(1).max(EXTENSION_LIMITS.maxParentJtiLength).optional(),\n /** JTIs this receipt depends on */\n depends_on: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxParentJtiLength))\n .max(EXTENSION_LIMITS.maxDependsOnLength)\n .optional(),\n })\n .strict();\n\nexport type CorrelationExtension = z.infer<typeof CorrelationExtensionSchema>;\n","/**\n * Wire 0.2 Shared Validator Schemas\n *\n * Protocol-grade Zod validators for common field patterns reused across\n * multiple extension groups. Consolidated to prevent drift, improve interop,\n * and keep Layer 1 clean.\n *\n * All validators are pure Zod schemas with zero I/O.\n *\n * @see HASH.pattern from @peac/kernel for SHA-256 digest grammar\n * @see PolicyBlockSchema.uri for HTTPS URI hint pattern origin\n */\n\nimport { z } from 'zod';\nimport { HASH } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// SHA-256 Digest (hash-first content references)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates a SHA-256 digest string in the canonical PEAC format.\n *\n * Format: `sha256:<64 lowercase hex chars>`\n * Max length: 71 chars (\"sha256:\" = 7 chars + 64 hex chars = 71 total)\n *\n * Reuses `HASH.pattern` from `@peac/kernel` (same regex used in\n * `PolicyBlockSchema.digest` and `ReceiptRefSchema`).\n *\n * INTEROPERABILITY NOTE: This is a PEAC-internal self-describing digest\n * string grammar. It is NOT the same as:\n * - RFC 9530 `Content-Digest` / `Repr-Digest`, which use structured\n * HTTP fields with base64 encoding (e.g., `sha-256=:base64:`)\n * - RFC 9421 HTTP Message Signatures digest components\n * PEAC digest strings are used within JWS payloads and extension fields,\n * not as HTTP headers. When bridging to HTTP digest headers, adapters\n * (Layer 4+) must convert between formats.\n */\nexport const Sha256DigestSchema = z\n .string()\n .max(71)\n .regex(HASH.pattern, 'must be a valid SHA-256 digest (sha256:<64 lowercase hex>)');\n\n// ---------------------------------------------------------------------------\n// HTTPS URI Hint (locator hints only, SSRF prevention)\n// ---------------------------------------------------------------------------\n\n/**\n * Control character ranges that must not appear in URI hints.\n * Covers C0 controls (U+0000-U+001F) and DEL (U+007F).\n */\nconst CONTROL_CHAR_PATTERN = /[\\x00-\\x1f\\x7f]/;\n\n/**\n * Validates an HTTPS URI hint field.\n *\n * Security hardening beyond basic URL validation:\n * - MUST be https:// scheme (rejects http, ftp, data, javascript, file)\n * - MUST NOT contain embedded credentials (userinfo@)\n * - MUST NOT contain fragment identifiers (#)\n * - MUST NOT contain ASCII control characters (U+0000-U+001F, U+007F)\n * - Max 2048 chars (aligned with POLICY_BLOCK.uriMaxLength)\n *\n * These are locator hints only: callers MUST NOT auto-fetch.\n *\n * NORMATIVE: Localhost and private-network hosts (e.g., 10.x, 192.168.x,\n * localhost) are intentionally accepted at Layer 1 (schema). URI hints\n * are metadata, not fetch targets; restricting to public hosts would\n * break enterprise/internal deployments without improving security at\n * this layer. SSRF prevention is enforced by the non-fetch invariant\n *, not by host filtering in schema validation.\n *\n * Test suite covers: IDN/punycode, IPv6 literals, localhost-style\n * hosts, percent-encoded confusion, and parser ambiguity cases.\n */\nexport const HttpsUriHintSchema = z\n .string()\n .min(1)\n .max(2048)\n .refine(\n (value) => {\n // Reject control characters before URL parsing (prevents parser confusion)\n if (CONTROL_CHAR_PATTERN.test(value)) return false;\n\n // Reject fragments (not meaningful for locator hints)\n if (value.includes('#')) return false;\n\n try {\n const url = new URL(value);\n\n // MUST be https:// only\n if (url.protocol !== 'https:') return false;\n\n // MUST NOT contain embedded credentials\n if (url.username !== '' || url.password !== '') return false;\n\n // MUST have a non-empty hostname\n if (!url.hostname) return false;\n\n return true;\n } catch {\n return false;\n }\n },\n {\n message: 'must be a valid HTTPS URI (no credentials, no fragments, no control characters)',\n }\n );\n\n// ---------------------------------------------------------------------------\n// ISO 8601 Duration (parser-grade, strict)\n// ---------------------------------------------------------------------------\n\n/**\n * ISO 8601 duration component descriptor.\n */\ninterface DurationComponents {\n years: number;\n months: number;\n weeks: number;\n days: number;\n hours: number;\n minutes: number;\n seconds: number;\n}\n\n/**\n * Valid date-part designators in canonical order.\n * ISO 8601 requires Y before M before W before D.\n */\nconst DATE_DESIGNATOR_ORDER = ['Y', 'M', 'W', 'D'] as const;\n\n/**\n * Valid time-part designators in canonical order.\n * ISO 8601 requires H before M before S.\n */\nconst TIME_DESIGNATOR_ORDER = ['H', 'M', 'S'] as const;\n\n/**\n * Parse an ISO 8601 duration string into components.\n *\n * Enforces:\n * - No duplicate designators (P1Y2Y rejected)\n * - Canonical component ordering (P1D1Y rejected; must be P1Y1D)\n * - Weeks cannot be combined with other date components (ISO 8601)\n * - At least one component must be present (bare P rejected)\n * - At least one time component after T (bare PT rejected)\n * - Zero-value durations are accepted (P0D, PT0S are valid ISO 8601)\n *\n * Zero durations: P0D and PT0S are valid per ISO 8601. The spec says\n * \"a zero duration\" is representable. Consumers decide if a zero\n * duration is semantically meaningful for their use case.\n *\n * @param value - String to parse\n * @returns Parsed components, or null if invalid\n */\nexport function parseIso8601Duration(value: string): DurationComponents | null {\n if (typeof value !== 'string' || value.length === 0 || value.length > 64) {\n return null;\n }\n\n if (value.charAt(0) !== 'P') return null;\n\n let pos = 1;\n const len = value.length;\n\n // Bare \"P\" is invalid\n if (pos >= len) return null;\n\n const result: DurationComponents = {\n years: 0,\n months: 0,\n weeks: 0,\n days: 0,\n hours: 0,\n minutes: 0,\n seconds: 0,\n };\n\n let inTimePart = false;\n let hasAnyComponent = false;\n\n // Track seen designators to reject duplicates\n const seenDesignators = new Set<string>();\n\n // Track ordering: index into the relevant order array\n let dateOrderIdx = 0;\n let timeOrderIdx = 0;\n\n while (pos < len) {\n if (value.charAt(pos) === 'T') {\n if (inTimePart) return null; // Double T\n inTimePart = true;\n pos++;\n if (pos >= len) return null; // Bare \"PT\"\n continue;\n }\n\n // Parse digits\n const numStart = pos;\n while (pos < len && value.charAt(pos) >= '0' && value.charAt(pos) <= '9') {\n pos++;\n }\n if (pos === numStart) return null; // No digits before designator\n\n const digits = value.slice(numStart, pos);\n // Reject components that would lose precision as JS numbers.\n // Number.MAX_SAFE_INTEGER = 9007199254740991 (16 digits).\n // Duration components beyond this are structurally malformed for any\n // real-world use and would silently truncate.\n if (digits.length > 15) return null;\n const num = parseInt(digits, 10);\n if (!Number.isFinite(num) || num < 0) return null;\n\n if (pos >= len) return null; // No designator after number\n\n const designator = value.charAt(pos);\n pos++;\n\n // Reject duplicate designators\n const designatorKey = (inTimePart ? 'T' : '') + designator;\n if (seenDesignators.has(designatorKey)) return null;\n seenDesignators.add(designatorKey);\n\n if (inTimePart) {\n // Enforce canonical time ordering: H before M before S\n const timeIdx = TIME_DESIGNATOR_ORDER.indexOf(designator as 'H' | 'M' | 'S');\n if (timeIdx === -1) return null; // Invalid time designator\n if (timeIdx < timeOrderIdx) return null; // Out of order\n timeOrderIdx = timeIdx + 1;\n\n switch (designator) {\n case 'H':\n result.hours = num;\n break;\n case 'M':\n result.minutes = num;\n break;\n case 'S':\n result.seconds = num;\n break;\n }\n } else {\n // Enforce canonical date ordering: Y before M before W before D\n const dateIdx = DATE_DESIGNATOR_ORDER.indexOf(designator as 'Y' | 'M' | 'W' | 'D');\n if (dateIdx === -1) return null; // Invalid date designator\n if (dateIdx < dateOrderIdx) return null; // Out of order\n dateOrderIdx = dateIdx + 1;\n\n switch (designator) {\n case 'Y':\n result.years = num;\n break;\n case 'M':\n result.months = num;\n break;\n case 'W':\n result.weeks = num;\n break;\n case 'D':\n result.days = num;\n break;\n }\n }\n\n hasAnyComponent = true;\n }\n\n if (!hasAnyComponent) return null;\n\n // ISO 8601: weeks cannot be combined with other date components\n if (result.weeks > 0 && (result.years > 0 || result.months > 0 || result.days > 0)) {\n return null;\n }\n\n return result;\n}\n\n/**\n * Validates an ISO 8601 duration string.\n *\n * Parser-grade strict validation:\n * - Rejects bare P, bare PT\n * - Rejects duplicate designators (P1Y2Y)\n * - Enforces canonical component ordering (P1D1Y rejected)\n * - Rejects mixed weeks and other date components\n * - Accepts zero-value durations (P0D, PT0S are valid ISO 8601)\n * - Only non-negative integer components (no decimals, no negatives)\n *\n * Examples:\n * Valid: \"P30D\", \"P1Y\", \"P1Y6M\", \"PT1H30M\", \"P1W\", \"P0D\", \"PT0S\"\n * Invalid: \"P\", \"PT\", \"30D\", \"\", \"P1D1Y\", \"P1Y2Y\", \"P1WD3\", \"P-1D\"\n */\nexport const Iso8601DurationSchema = z\n .string()\n .min(2)\n .max(64)\n .refine((value) => parseIso8601Duration(value) !== null, {\n message: 'must be a valid ISO 8601 duration (e.g., P30D, P1Y6M, PT1H30M)',\n });\n\n// ---------------------------------------------------------------------------\n// ISO 8601 Date String (YYYY-MM-DD, structural only)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates a structurally valid ISO 8601 date string (YYYY-MM-DD).\n *\n * Structural validation only: checks 4-digit year, 2-digit month 01-12,\n * 2-digit day 01-31. Does NOT validate calendar correctness (e.g.,\n * Feb 30 or Jun 31 would pass structural check). Calendar validation\n * is left to the application layer since this is an evidence record,\n * not a scheduling system.\n *\n * Named \"StructuralDate\" to avoid implying full calendar validation.\n */\nexport const Iso8601DateStringSchema = z\n .string()\n .length(10)\n .regex(/^\\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\\d|3[01])$/, {\n message: 'must be a structurally valid date string (YYYY-MM-DD)',\n });\n\n/**\n * @deprecated Use Iso8601DateStringSchema. Alias preserved for backward compat.\n */\nexport const Iso8601DateSchema = Iso8601DateStringSchema;\n\n// ---------------------------------------------------------------------------\n// ISO 8601 DateTime with Offset (Zod 4 top-level API)\n// ---------------------------------------------------------------------------\n\n/**\n * Validates an ISO 8601 datetime string with timezone offset.\n *\n * Uses Zod 4 top-level `z.iso.datetime({ offset: true })` (preferred\n * over the deprecated method-style `z.string().datetime()`).\n *\n * This is NOT strictly RFC 3339: it accepts minute-precision timestamps\n * (e.g., `2026-03-14T12:00+05:30` without seconds), which ISO 8601\n * allows but RFC 3339 does not. Use Rfc3339DateTimeSchema for strict\n * RFC 3339 compliance.\n *\n * Consistent with Wire 0.2 `occurred_at` field validation semantics.\n */\nexport const Iso8601OffsetDateTimeSchema = z.iso.datetime({ offset: true });\n\n// ---------------------------------------------------------------------------\n// RFC 3339 DateTime (strict: offset + seconds required, fractional optional)\n// ---------------------------------------------------------------------------\n\n/**\n * RFC 3339 seconds-presence pattern.\n * Matches the `T<HH>:<MM>:<SS>` portion, ensuring seconds are present.\n * Fractional seconds (.nnn) are optional per RFC 3339 Section 5.6.\n */\nconst RFC3339_SECONDS_PATTERN = /T\\d{2}:\\d{2}:\\d{2}/;\n\n/**\n * Validates a datetime string against a practical strict RFC 3339 profile.\n *\n * Enforces the key RFC 3339 Section 5.6 constraints:\n * - Timezone offset always present (Z or +/-HH:MM)\n * - Seconds always present (minute-only timestamps rejected)\n * - Fractional seconds optional (after the seconds component)\n * - No local timestamps\n *\n * This is a practical strict profile, not a proven ABNF implementation.\n * It uses `z.iso.datetime({ offset: true })` as the base (which handles\n * most RFC 3339 grammar) plus a seconds-presence refine. Edge cases\n * like leap seconds or two-digit year forms are not explicitly tested.\n *\n * @see https://www.rfc-editor.org/rfc/rfc3339#section-5.6\n */\nexport const Rfc3339DateTimeSchema = z.iso\n .datetime({ offset: true })\n .refine((value: string) => RFC3339_SECONDS_PATTERN.test(value), {\n message: 'RFC 3339 requires seconds precision (e.g., 2026-03-14T12:00:00Z)',\n });\n\n/**\n * @deprecated Use Iso8601OffsetDateTimeSchema or Rfc3339DateTimeSchema.\n * This alias points to Iso8601OffsetDateTimeSchema (which accepts\n * minute-precision and is therefore NOT strictly RFC 3339). Preserved\n * for backward compatibility only. Remove-not-before: v0.13.0.\n */\nexport const Rfc3339TimestampSchema = Iso8601OffsetDateTimeSchema;\n\n// ---------------------------------------------------------------------------\n// SPDX License Expression (documented structural subset)\n// ---------------------------------------------------------------------------\n\n/**\n * SPDX License Expression validator: documented structural subset.\n *\n * This is a structural subset validator for v0.12.2, NOT full SPDX 3.0.1\n * support. It validates expression grammar without checking license IDs\n * against the SPDX license list.\n *\n * Supported subset:\n * - Simple license IDs: MIT, Apache-2.0, GPL-3.0-only\n * - LicenseRef custom references: LicenseRef-custom\n * - Or-later suffix: GPL-2.0+\n * - Compound expressions: MIT AND Apache-2.0, MIT OR GPL-2.0-only\n * - Exception clauses: Apache-2.0 WITH Classpath-exception-2.0\n * - Parenthesized sub-expressions: (MIT OR Apache-2.0) AND GPL-3.0-only\n *\n * NOT supported (deferred to attribution extension PR, v0.12.2 PR 4):\n * - DocumentRef-*: prefixes (rare in practice; not seen in npm/PyPI/crates.io)\n *\n * @see https://spdx.github.io/spdx-spec/v3.0.1/annexes/spdx-license-expressions/\n */\nfunction isValidSpdxSubsetExpression(expr: string): boolean {\n if (typeof expr !== 'string' || expr.length === 0 || expr.length > 128) {\n return false;\n }\n\n // Tokenize: split on whitespace, preserving parentheses as separate tokens\n const tokens: string[] = [];\n let current = '';\n\n for (let i = 0; i < expr.length; i++) {\n const ch = expr.charAt(i);\n if (ch === '(' || ch === ')') {\n if (current.length > 0) {\n tokens.push(current);\n current = '';\n }\n tokens.push(ch);\n } else if (ch === ' ' || ch === '\\t') {\n if (current.length > 0) {\n tokens.push(current);\n current = '';\n }\n } else {\n current += ch;\n }\n }\n if (current.length > 0) {\n tokens.push(current);\n }\n\n if (tokens.length === 0) return false;\n\n // Recursive-descent parser\n let pos = 0;\n\n function peek(): string | undefined {\n return tokens[pos];\n }\n\n function advance(): string {\n return tokens[pos++];\n }\n\n // license-id: [A-Za-z0-9][A-Za-z0-9.-]* with optional + suffix\n // LicenseRef-: LicenseRef-[A-Za-z0-9.-]+\n function isLicenseId(token: string): boolean {\n const base = token.endsWith('+') ? token.slice(0, -1) : token;\n if (base.length === 0) return false;\n\n if (base.startsWith('LicenseRef-')) {\n const ref = base.slice(11);\n return ref.length > 0 && /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(ref);\n }\n\n return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(base);\n }\n\n function isExceptionId(token: string): boolean {\n return /^[A-Za-z0-9][A-Za-z0-9._-]*$/.test(token);\n }\n\n // expr = term ((AND | OR) term)*\n function parseExpr(): boolean {\n if (!parseTerm()) return false;\n while (pos < tokens.length) {\n const op = peek();\n if (op === 'AND' || op === 'OR') {\n advance();\n if (!parseTerm()) return false;\n } else {\n break;\n }\n }\n return true;\n }\n\n // term = atom (WITH exception-id)?\n function parseTerm(): boolean {\n if (!parseAtom()) return false;\n if (peek() === 'WITH') {\n advance();\n const exception = peek();\n if (exception === undefined || !isExceptionId(exception)) return false;\n advance();\n }\n return true;\n }\n\n // atom = '(' expr ')' | license-id\n function parseAtom(): boolean {\n const token = peek();\n if (token === undefined) return false;\n\n if (token === '(') {\n advance();\n if (!parseExpr()) return false;\n if (peek() !== ')') return false;\n advance();\n return true;\n }\n\n if (token === ')' || token === 'AND' || token === 'OR' || token === 'WITH') {\n return false;\n }\n\n if (!isLicenseId(token)) return false;\n advance();\n return true;\n }\n\n const result = parseExpr();\n return result && pos === tokens.length;\n}\n\n/**\n * Validates an SPDX license expression (documented structural subset).\n *\n * Uses a recursive-descent parser for the supported grammar subset.\n * Does NOT validate against the SPDX license list (structure only).\n * Does NOT support DocumentRef-* prefixes (deferred).\n *\n * @see isValidSpdxSubsetExpression for the supported grammar\n */\nexport const SpdxExpressionSchema = z.string().min(1).max(128).refine(isValidSpdxSubsetExpression, {\n message:\n 'must be a valid SPDX license expression (e.g., MIT, Apache-2.0, MIT AND Apache-2.0). DocumentRef-* not yet supported.',\n});\n\n// ---------------------------------------------------------------------------\n// Exported internals for testing\n// ---------------------------------------------------------------------------\n\n/** @internal Exported for testing only */\nexport { parseIso8601Duration as _parseIso8601Duration };\n\n/** @internal Exported for testing only */\nexport { isValidSpdxSubsetExpression as _isValidSpdxExpression };\n","/**\n * Consent Extension Group (org.peacprotocol/consent)\n *\n * Records consent collection or withdrawal as an observation.\n * Jurisdiction-neutral. Aligned with ISO/IEC 29184:2020 concepts.\n *\n * Design:\n * - Open taxonomy for consent_basis, consent_method (jurisdiction-specific)\n * - Closed enum for consent_status (universal lifecycle states)\n * - URI fields are locator hints only; callers MUST NOT auto-fetch\n * - ISO 8601 durations for retention periods\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.10\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { HttpsUriHintSchema, Iso8601DurationSchema } from './shared-validators.js';\n\nexport const CONSENT_EXTENSION_KEY = 'org.peacprotocol/consent' as const;\n\n/**\n * Consent status: universal lifecycle states across GDPR Art 7,\n * CCPA Sec 1798.120, LGPD Art 8, ISO/IEC 29184.\n *\n * Closed enum: these 4 states cover all consent lifecycle transitions.\n */\nexport const CONSENT_STATUSES = ['granted', 'withdrawn', 'denied', 'expired'] as const;\nexport const ConsentStatusSchema = z.enum(CONSENT_STATUSES);\nexport type ConsentStatus = z.infer<typeof ConsentStatusSchema>;\n\nexport const ConsentExtensionSchema = z\n .object({\n /**\n * Legal basis identifier for consent.\n * Open string: jurisdictions define different bases\n * (e.g., explicit, implied, opt_out, legitimate_interest, contractual, legal_obligation).\n */\n consent_basis: z.string().min(1).max(EXTENSION_LIMITS.maxConsentBasisLength),\n\n /** Consent lifecycle state (closed vocabulary) */\n consent_status: ConsentStatusSchema,\n\n /**\n * Data categories covered by this consent.\n * Open vocabulary (e.g., personal, sensitive, biometric).\n */\n data_categories: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxDataCategoryLength))\n .max(EXTENSION_LIMITS.maxDataCategoriesCount)\n .optional(),\n\n /** Data retention period as ISO 8601 duration. */\n retention_period: Iso8601DurationSchema.optional(),\n\n /**\n * How consent was collected.\n * Open vocabulary (e.g., click_through, double_opt_in, verbal, written).\n */\n consent_method: z.string().min(1).max(EXTENSION_LIMITS.maxConsentMethodLength).optional(),\n\n /**\n * HTTPS URI hint for consent withdrawal.\n * Locator hint only: callers MUST NOT auto-fetch.\n * Rejects non-HTTPS, embedded credentials, fragments, control chars.\n */\n withdrawal_uri: HttpsUriHintSchema.optional(),\n\n /** Free-text scope description */\n scope: z.string().min(1).max(EXTENSION_LIMITS.maxConsentScopeLength).optional(),\n\n /**\n * Jurisdiction code: ISO 3166-1 alpha-2 or composite.\n * Examples: EU, US-CA, BR, GB, DE, JP, IN.\n */\n jurisdiction: z.string().min(1).max(EXTENSION_LIMITS.maxJurisdictionLength).optional(),\n })\n .strict();\n\nexport type ConsentExtension = z.infer<typeof ConsentExtensionSchema>;\n","/**\n * Privacy Extension Group (org.peacprotocol/privacy)\n *\n * Records data classification and handling observations.\n * Aligned with ISO/IEC 27701 concepts.\n *\n * Design:\n * - Open taxonomy for data_classification, processing_basis, methods\n * - Closed enums for retention_mode, recipient_scope (universal categories)\n * - retention_period (ISO 8601 duration) and retention_mode are separate fields\n * to keep duration grammar and non-duration semantics distinct\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.11\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { Iso8601DurationSchema } from './shared-validators.js';\n\nexport const PRIVACY_EXTENSION_KEY = 'org.peacprotocol/privacy' as const;\n\n/**\n * Retention mode: non-duration retention semantics.\n * Separate from retention_period to keep duration grammar distinct.\n *\n * Closed enum: 3 values cover all non-duration retention patterns.\n */\nexport const RETENTION_MODES = ['time_bound', 'indefinite', 'session_only'] as const;\nexport const RetentionModeSchema = z.enum(RETENTION_MODES);\nexport type RetentionMode = z.infer<typeof RetentionModeSchema>;\n\n/**\n * Recipient scope: aligned with GDPR Art 13-14 disclosure categories.\n *\n * Closed enum: 4 values cover standard data recipient classifications.\n */\nexport const RECIPIENT_SCOPES = ['internal', 'processor', 'third_party', 'public'] as const;\nexport const RecipientScopeSchema = z.enum(RECIPIENT_SCOPES);\nexport type RecipientScope = z.infer<typeof RecipientScopeSchema>;\n\nexport const PrivacyExtensionSchema = z\n .object({\n /**\n * Data classification level.\n * Open taxonomy (e.g., public, internal, confidential, restricted, pii, sensitive_pii).\n */\n data_classification: z.string().min(1).max(EXTENSION_LIMITS.maxDataClassificationLength),\n\n /**\n * Legal basis for data processing.\n * Open vocabulary (e.g., consent, legitimate_interest, contract, legal_obligation).\n */\n processing_basis: z.string().min(1).max(EXTENSION_LIMITS.maxProcessingBasisLength).optional(),\n\n /**\n * Data retention period as ISO 8601 duration.\n * For non-duration retention semantics, use retention_mode instead.\n */\n retention_period: Iso8601DurationSchema.optional(),\n\n /**\n * Retention mode for non-duration semantics.\n * Closed enum: time_bound, indefinite, session_only.\n * When time_bound, retention_period SHOULD also be present.\n */\n retention_mode: RetentionModeSchema.optional(),\n\n /**\n * Data recipient classification.\n * Closed enum aligned with GDPR Art 13-14 disclosure categories.\n */\n recipient_scope: RecipientScopeSchema.optional(),\n\n /**\n * Anonymization or pseudonymization method applied.\n * Open vocabulary (e.g., k_anonymity, differential_privacy, pseudonymization,\n * tokenization, aggregation).\n */\n anonymization_method: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxAnonymizationMethodLength)\n .optional(),\n\n /**\n * Data subject category.\n * Open vocabulary (e.g., customer, employee, minor, patient, student).\n */\n data_subject_category: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxDataSubjectCategoryLength)\n .optional(),\n\n /**\n * Cross-border data transfer mechanism.\n * Open vocabulary (e.g., adequacy_decision, scc, bcr, derogation, consent).\n */\n transfer_mechanism: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxTransferMechanismLength)\n .optional(),\n })\n .strict();\n\nexport type PrivacyExtension = z.infer<typeof PrivacyExtensionSchema>;\n","/**\n * Safety Extension Group (org.peacprotocol/safety)\n *\n * Records safety assessment evidence. Jurisdiction-neutral design.\n * Usage profiles decide when regulatory-specific fields become required.\n *\n * Design:\n * - review_status required (universal assessment lifecycle)\n * - risk_level optional at schema layer; usage profiles may require it\n * - Open taxonomy for assessment_method, safety_measures, category\n * - Observation-only semantics: records events, never enforces policy\n *\n * @see docs/specs/WIRE-0.2.md Section 12.12\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\n\nexport const SAFETY_EXTENSION_KEY = 'org.peacprotocol/safety' as const;\n\n/**\n * Review status: universal safety assessment lifecycle.\n *\n * Closed enum: 4 states cover the assessment lifecycle across\n * EU AI Act, NIST AI RMF, ISO 23894, and general safety review.\n */\nexport const REVIEW_STATUSES = ['reviewed', 'pending', 'flagged', 'not_applicable'] as const;\nexport const ReviewStatusSchema = z.enum(REVIEW_STATUSES);\nexport type ReviewStatus = z.infer<typeof ReviewStatusSchema>;\n\n/**\n * Risk level: converges across EU AI Act Art 6, NIST AI RMF, ISO 23894.\n *\n * Closed enum: 4 risk tiers. Optional at schema level to maintain\n * jurisdiction neutrality; usage profiles may require this field.\n */\nexport const RISK_LEVELS = ['unacceptable', 'high', 'limited', 'minimal'] as const;\nexport const RiskLevelSchema = z.enum(RISK_LEVELS);\nexport type RiskLevel = z.infer<typeof RiskLevelSchema>;\n\nexport const SafetyExtensionSchema = z\n .object({\n /** Safety review status (closed vocabulary, universal lifecycle) */\n review_status: ReviewStatusSchema,\n\n /**\n * Risk classification level.\n * Optional at schema level; usage profiles may require it.\n * Converges across EU AI Act Art 6, NIST AI RMF, ISO 23894.\n */\n risk_level: RiskLevelSchema.optional(),\n\n /**\n * Assessment method used.\n * Open vocabulary (e.g., automated_scan, human_review, red_team,\n * penetration_test, static_analysis, model_evaluation).\n */\n assessment_method: z.string().min(1).max(EXTENSION_LIMITS.maxAssessmentMethodLength).optional(),\n\n /**\n * Safety measures applied.\n * Open vocabulary. Array bounded by maxSafetyMeasuresCount.\n */\n safety_measures: z\n .array(z.string().min(1).max(EXTENSION_LIMITS.maxSafetyMeasureLength))\n .max(EXTENSION_LIMITS.maxSafetyMeasuresCount)\n .optional(),\n\n /** Incident report reference. Opaque identifier (e.g., ticket ID or digest). */\n incident_ref: z.string().min(1).max(EXTENSION_LIMITS.maxIncidentRefLength).optional(),\n\n /** AI model reference. Opaque identifier (e.g., model version string). */\n model_ref: z.string().min(1).max(EXTENSION_LIMITS.maxModelRefLength).optional(),\n\n /**\n * Safety category.\n * Open vocabulary (e.g., content_safety, bias, hallucination,\n * toxicity, fairness, robustness, privacy_risk).\n */\n category: z.string().min(1).max(EXTENSION_LIMITS.maxSafetyCategoryLength).optional(),\n })\n .strict();\n\nexport type SafetyExtension = z.infer<typeof SafetyExtensionSchema>;\n","/**\n * Compliance Extension Group (org.peacprotocol/compliance)\n *\n * Records regulatory compliance check evidence as an observation.\n * Framework-neutral. Does not assert or certify compliance; records\n * that a check occurred, what framework was evaluated, and what the\n * observed outcome was.\n *\n * Design:\n * - Open taxonomy for framework, auditor, scope (domain-specific)\n * - Closed enum for compliance_status (universal audit conclusion categories)\n * - ISO 8601 durations for validity periods\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport {\n Iso8601DateStringSchema,\n Iso8601DurationSchema,\n Sha256DigestSchema,\n} from './shared-validators.js';\n\nexport const COMPLIANCE_EXTENSION_KEY = 'org.peacprotocol/compliance' as const;\n\n/**\n * Compliance status: maps to ISO 19011 audit conclusion categories.\n *\n * Closed enum: 5 values cover the universal compliance assessment\n * lifecycle across regulatory frameworks.\n */\nexport const COMPLIANCE_STATUSES = [\n 'compliant',\n 'non_compliant',\n 'partial',\n 'under_review',\n 'exempt',\n] as const;\nexport const ComplianceStatusSchema = z.enum(COMPLIANCE_STATUSES);\nexport type ComplianceStatus = z.infer<typeof ComplianceStatusSchema>;\n\nexport const ComplianceExtensionSchema = z\n .object({\n /**\n * Framework identifier evaluated.\n * Open string: preferred grammar is lowercase slugs with hyphens\n * (e.g., eu-ai-act, soc2-type2, iso-27001, nist-ai-rmf, gdpr, hipaa).\n */\n framework: z.string().min(1).max(EXTENSION_LIMITS.maxFrameworkLength),\n\n /** Observed compliance status (closed vocabulary) */\n compliance_status: ComplianceStatusSchema,\n\n /** Opaque reference to audit report or evidence (e.g., report ID, ticket number). */\n audit_ref: z.string().min(1).max(EXTENSION_LIMITS.maxAuditRefLength).optional(),\n\n /** Auditor identifier (organization name or DID). */\n auditor: z.string().min(1).max(EXTENSION_LIMITS.maxAuditorLength).optional(),\n\n /** Date the compliance check was performed (YYYY-MM-DD). */\n audit_date: Iso8601DateStringSchema.optional(),\n\n /** Scope of the compliance check. */\n scope: z.string().min(1).max(EXTENSION_LIMITS.maxComplianceScopeLength).optional(),\n\n /** How long this finding remains valid as an ISO 8601 duration. */\n validity_period: Iso8601DurationSchema.optional(),\n\n /** SHA-256 digest of supporting evidence document. */\n evidence_ref: Sha256DigestSchema.optional(),\n })\n .strict();\n\nexport type ComplianceExtension = z.infer<typeof ComplianceExtensionSchema>;\n","/**\n * Provenance Extension Group (org.peacprotocol/provenance)\n *\n * Records origin tracking and chain of custody as observations.\n *\n * Design:\n * - source_type required, open vocabulary for derivation categories\n * - custody_chain: ordered array of strict nested entries\n * - slsa: structured object recording SLSA-aligned metadata\n * (track-based model; does not certify SLSA compliance)\n * - URI fields are locator hints only; callers MUST NOT auto-fetch\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { HttpsUriHintSchema, Rfc3339DateTimeSchema } from './shared-validators.js';\n\nexport const PROVENANCE_EXTENSION_KEY = 'org.peacprotocol/provenance' as const;\n\n// ---------------------------------------------------------------------------\n// Nested schemas\n// ---------------------------------------------------------------------------\n\n/**\n * A single entry in the custody chain.\n *\n * Records one transfer-of-custody event: who held it, what action\n * occurred, and when. Ordered within the custody_chain array.\n */\nexport const CustodyEntrySchema = z\n .object({\n /** Custodian identifier (organization name, DID, or opaque ID). */\n custodian: z.string().min(1).max(EXTENSION_LIMITS.maxCustodianLength),\n\n /** Action performed (e.g., received, transformed, verified, released). */\n action: z.string().min(1).max(EXTENSION_LIMITS.maxCustodyActionLength),\n\n /** When the custody event occurred (RFC 3339 with seconds). */\n timestamp: Rfc3339DateTimeSchema,\n })\n .strict();\n\nexport type CustodyEntry = z.infer<typeof CustodyEntrySchema>;\n\n/**\n * Structured SLSA-aligned provenance metadata.\n *\n * Uses a track-based model rather than a flat scalar.\n * Records metadata; does not certify compliance.\n */\nexport const SlsaLevelSchema = z\n .object({\n /** SLSA track identifier (e.g., build, source). */\n track: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaTrackLength),\n\n /** SLSA level within the track (0-4). */\n level: z.number().int().min(0).max(4),\n\n /** SLSA spec version this metadata references (e.g., 1.0, 1.2). */\n version: z.string().min(1).max(EXTENSION_LIMITS.maxSlsaVersionLength),\n })\n .strict();\n\nexport type SlsaLevel = z.infer<typeof SlsaLevelSchema>;\n\n// ---------------------------------------------------------------------------\n// Main schema\n// ---------------------------------------------------------------------------\n\nexport const ProvenanceExtensionSchema = z\n .object({\n /**\n * Type of source or derivation.\n * Open vocabulary (e.g., original, derived, curated, synthetic, aggregated, transformed).\n */\n source_type: z.string().min(1).max(EXTENSION_LIMITS.maxSourceTypeLength),\n\n /** Opaque source reference identifier (e.g., commit hash, artifact ID). */\n source_ref: z.string().min(1).max(EXTENSION_LIMITS.maxSourceRefLength).optional(),\n\n /**\n * HTTPS URI hint for the source artifact.\n * Locator hint only: callers MUST NOT auto-fetch.\n */\n source_uri: HttpsUriHintSchema.optional(),\n\n /**\n * HTTPS URI hint for build provenance metadata.\n * Locator hint only: callers MUST NOT auto-fetch.\n */\n build_provenance_uri: HttpsUriHintSchema.optional(),\n\n /**\n * How provenance was verified.\n * Open vocabulary (e.g., signature_check, hash_chain,\n * manual_attestation, transparency_log).\n */\n verification_method: z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxVerificationMethodLength)\n .optional(),\n\n /**\n * Ordered custody chain entries.\n * Each entry records a custodian, action, and timestamp.\n */\n custody_chain: z\n .array(CustodyEntrySchema)\n .max(EXTENSION_LIMITS.maxCustodyChainCount)\n .optional(),\n\n /**\n * Structured SLSA-aligned provenance metadata.\n * Records track, level, and spec version.\n */\n slsa: SlsaLevelSchema.optional(),\n })\n .strict();\n\nexport type ProvenanceExtension = z.infer<typeof ProvenanceExtensionSchema>;\n","/**\n * Attribution Extension Group (org.peacprotocol/attribution)\n *\n * Records credit, obligations, and content signal observations.\n *\n * Design:\n * - Identifier and reference-based fields; not identity attestation\n * - Closed enum for content_signal_source (known observation sources)\n * - SPDX license expressions via parser-grade shared validator\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { Sha256DigestSchema, SpdxExpressionSchema } from './shared-validators.js';\n\nexport const ATTRIBUTION_EXTENSION_KEY = 'org.peacprotocol/attribution' as const;\n\n/**\n * Content signal observation source.\n *\n * Closed enum: maps to the known observation sources in the\n * content signals precedence chain.\n */\nexport const CONTENT_SIGNAL_SOURCES = [\n 'tdmrep_json',\n 'content_signal_header',\n 'content_usage_header',\n 'robots_txt',\n 'custom',\n] as const;\nexport const ContentSignalSourceSchema = z.enum(CONTENT_SIGNAL_SOURCES);\nexport type ContentSignalSource = z.infer<typeof ContentSignalSourceSchema>;\n\nexport const AttributionExtensionSchema = z\n .object({\n /**\n * Creator identifier (DID, URI, or opaque ID).\n * Not an identity attestation; records observed attribution metadata.\n */\n creator_ref: z.string().min(1).max(EXTENSION_LIMITS.maxCreatorRefLength),\n\n /** SPDX license expression (parser-grade structural subset validator). */\n license_spdx: SpdxExpressionSchema.optional(),\n\n /**\n * Obligation type.\n * Open vocabulary (e.g., attribution_required, share_alike, non_commercial).\n */\n obligation_type: z.string().min(1).max(EXTENSION_LIMITS.maxObligationTypeLength).optional(),\n\n /** Required attribution text. */\n attribution_text: z.string().min(1).max(EXTENSION_LIMITS.maxAttributionTextLength).optional(),\n\n /** Content signal observation source (closed vocabulary). */\n content_signal_source: ContentSignalSourceSchema.optional(),\n\n /** SHA-256 digest of the attributed content. */\n content_digest: Sha256DigestSchema.optional(),\n })\n .strict();\n\nexport type AttributionExtension = z.infer<typeof AttributionExtensionSchema>;\n","/**\n * Purpose Extension Group (org.peacprotocol/purpose)\n *\n * Records external/legal/business purpose declarations as observations.\n * Explicitly separated from PEAC operational purpose tokens\n * (CanonicalPurpose in purpose.ts).\n *\n * Design:\n * - external_purposes: token-based array (machine-safe, bounded, unique)\n * - peac_purpose_mapping: optional bridge to PEAC operational tokens\n * via PURPOSE_TOKEN_REGEX\n * - No prose-heavy fields at schema layer\n * - Observation-only semantics: records events, never enforces policy\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_LIMITS } from './limits.js';\nimport { PURPOSE_TOKEN_REGEX, MAX_PURPOSE_TOKEN_LENGTH } from '../purpose.js';\n\nexport const PURPOSE_EXTENSION_KEY = 'org.peacprotocol/purpose' as const;\n\n/**\n * Machine-safe token schema for purpose label arrays.\n *\n * Reuses PURPOSE_TOKEN_REGEX from purpose.ts for the lexical grammar\n * (lowercase alphanumeric, underscores, hyphens, optional vendor prefix).\n * Semantically independent from PEAC operational CanonicalPurpose tokens.\n */\nconst MachineSafePurposeTokenSchema = z\n .string()\n .min(1)\n .max(EXTENSION_LIMITS.maxExternalPurposeLength)\n .regex(PURPOSE_TOKEN_REGEX, 'must be a machine-safe lowercase token');\n\n/**\n * Check that all items in a string array are unique.\n */\nfunction hasUniqueItems(items: string[]): boolean {\n return new Set(items).size === items.length;\n}\n\nexport const PurposeExtensionSchema = z\n .object({\n /**\n * External/legal/business purpose labels.\n * Machine-safe tokens: lowercase alphanumeric with underscores, hyphens,\n * and optional vendor prefix (e.g., ai_training, analytics, marketing).\n * Not PEAC operational tokens; use peac_purpose_mapping for bridging.\n * Items must be unique.\n */\n external_purposes: z\n .array(MachineSafePurposeTokenSchema)\n .min(1)\n .max(EXTENSION_LIMITS.maxExternalPurposesCount)\n .refine(hasUniqueItems, { message: 'external_purposes must contain unique items' }),\n\n /**\n * Legal or policy basis for the declared purposes.\n * Open vocabulary (e.g., consent, legitimate_interest, contract).\n */\n purpose_basis: z.string().min(1).max(EXTENSION_LIMITS.maxPurposeBasisLength).optional(),\n\n /** Whether purpose limitation applies. */\n purpose_limitation: z.boolean().optional(),\n\n /** Whether data minimization was applied. */\n data_minimization: z.boolean().optional(),\n\n /**\n * Compatible purposes for secondary use.\n * Same machine-safe token grammar as external_purposes.\n * Items must be unique.\n */\n compatible_purposes: z\n .array(MachineSafePurposeTokenSchema)\n .max(EXTENSION_LIMITS.maxCompatiblePurposesCount)\n .refine(hasUniqueItems, { message: 'compatible_purposes must contain unique items' })\n .optional(),\n\n /**\n * Explicit mapping to a PEAC operational CanonicalPurpose token.\n * Validated against PURPOSE_TOKEN_REGEX from purpose.ts.\n * Bridges external purpose vocabulary to operational tokens.\n */\n peac_purpose_mapping: z\n .string()\n .min(1)\n .max(MAX_PURPOSE_TOKEN_LENGTH)\n .regex(PURPOSE_TOKEN_REGEX, 'must be a valid PEAC purpose token')\n .optional(),\n })\n .strict();\n\nexport type PurposeExtension = z.infer<typeof PurposeExtensionSchema>;\n","/**\n * Wire 0.2 Typed Extension Accessor Helpers\n *\n * Each accessor returns the parsed typed value if the key is present,\n * undefined if the key is absent, or throws PEACError with a leaf-precise\n * RFC 6901 JSON Pointer if the key is present but the value is invalid.\n */\n\nimport { z } from 'zod';\nimport { createPEACError, ERROR_CODES } from '../errors.js';\nimport { zodPathToPointer } from './grammar.js';\n\nimport { COMMERCE_EXTENSION_KEY, CommerceExtensionSchema } from './commerce.js';\nimport type { CommerceExtension } from './commerce.js';\nimport { ACCESS_EXTENSION_KEY, AccessExtensionSchema } from './access.js';\nimport type { AccessExtension } from './access.js';\nimport { CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema } from './challenge.js';\nimport type { ChallengeExtension } from './challenge.js';\nimport { IDENTITY_EXTENSION_KEY, IdentityExtensionSchema } from './identity.js';\nimport type { IdentityExtension } from './identity.js';\nimport { CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema } from './correlation.js';\nimport type { CorrelationExtension } from './correlation.js';\nimport { CONSENT_EXTENSION_KEY, ConsentExtensionSchema } from './consent.js';\nimport type { ConsentExtension } from './consent.js';\nimport { PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema } from './privacy.js';\nimport type { PrivacyExtension } from './privacy.js';\nimport { SAFETY_EXTENSION_KEY, SafetyExtensionSchema } from './safety.js';\nimport type { SafetyExtension } from './safety.js';\nimport { COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema } from './compliance.js';\nimport type { ComplianceExtension } from './compliance.js';\nimport { PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema } from './provenance.js';\nimport type { ProvenanceExtension } from './provenance.js';\nimport { ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema } from './attribution.js';\nimport type { AttributionExtension } from './attribution.js';\nimport { PURPOSE_EXTENSION_KEY, PurposeExtensionSchema } from './purpose-extension.js';\nimport type { PurposeExtension } from './purpose-extension.js';\n\n// ---------------------------------------------------------------------------\n// Internal helper\n// ---------------------------------------------------------------------------\n\n/**\n * Extract and validate a known extension group.\n *\n * Returns undefined if the key is absent from extensions.\n * Throws PEACError with leaf-precise RFC 6901 pointer if key is present\n * but value fails schema validation.\n */\nfunction getExtension<T>(\n extensions: Record<string, unknown> | undefined,\n key: string,\n schema: z.ZodType<T>\n): T | undefined {\n if (extensions === undefined) return undefined;\n if (!Object.prototype.hasOwnProperty.call(extensions, key)) return undefined;\n\n const value = extensions[key];\n const result = schema.safeParse(value);\n\n if (result.success) {\n return result.data;\n }\n\n const firstIssue = result.error.issues[0];\n const pointer = zodPathToPointer(key, firstIssue?.path ?? []);\n\n throw createPEACError(ERROR_CODES.E_INVALID_ENVELOPE, 'validation', 'error', false, {\n http_status: 400,\n pointer,\n remediation: `Fix the ${key} extension group value`,\n details: {\n message: firstIssue?.message ?? 'Invalid extension value',\n issues: result.error.issues,\n },\n });\n}\n\n// ---------------------------------------------------------------------------\n// Public typed accessors\n// ---------------------------------------------------------------------------\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getCommerceExtension(\n extensions?: Record<string, unknown>\n): CommerceExtension | undefined {\n return getExtension(extensions, COMMERCE_EXTENSION_KEY, CommerceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getAccessExtension(\n extensions?: Record<string, unknown>\n): AccessExtension | undefined {\n return getExtension(extensions, ACCESS_EXTENSION_KEY, AccessExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getChallengeExtension(\n extensions?: Record<string, unknown>\n): ChallengeExtension | undefined {\n return getExtension(extensions, CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getIdentityExtension(\n extensions?: Record<string, unknown>\n): IdentityExtension | undefined {\n return getExtension(extensions, IDENTITY_EXTENSION_KEY, IdentityExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getCorrelationExtension(\n extensions?: Record<string, unknown>\n): CorrelationExtension | undefined {\n return getExtension(extensions, CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getConsentExtension(\n extensions?: Record<string, unknown>\n): ConsentExtension | undefined {\n return getExtension(extensions, CONSENT_EXTENSION_KEY, ConsentExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getPrivacyExtension(\n extensions?: Record<string, unknown>\n): PrivacyExtension | undefined {\n return getExtension(extensions, PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getSafetyExtension(\n extensions?: Record<string, unknown>\n): SafetyExtension | undefined {\n return getExtension(extensions, SAFETY_EXTENSION_KEY, SafetyExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getComplianceExtension(\n extensions?: Record<string, unknown>\n): ComplianceExtension | undefined {\n return getExtension(extensions, COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getProvenanceExtension(\n extensions?: Record<string, unknown>\n): ProvenanceExtension | undefined {\n return getExtension(extensions, PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getAttributionExtension(\n extensions?: Record<string, unknown>\n): AttributionExtension | undefined {\n return getExtension(extensions, ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema);\n}\n\n/** @throws PEACError with RFC 6901 pointer if present but invalid */\nexport function getPurposeExtension(\n extensions?: Record<string, unknown>\n): PurposeExtension | undefined {\n return getExtension(extensions, PURPOSE_EXTENSION_KEY, PurposeExtensionSchema);\n}\n","/**\n * Wire 0.2 Extension Schema Map\n *\n * Maps known extension group keys to their Zod schemas.\n * Used by validateKnownExtensions() for group-level validation\n * and by type-to-extension enforcement.\n *\n * This file is the single mutation point for group registration.\n */\n\nimport type { z } from 'zod';\n\nimport { COMMERCE_EXTENSION_KEY, CommerceExtensionSchema } from './commerce.js';\nimport { ACCESS_EXTENSION_KEY, AccessExtensionSchema } from './access.js';\nimport { CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema } from './challenge.js';\nimport { IDENTITY_EXTENSION_KEY, IdentityExtensionSchema } from './identity.js';\nimport { CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema } from './correlation.js';\nimport { CONSENT_EXTENSION_KEY, ConsentExtensionSchema } from './consent.js';\nimport { PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema } from './privacy.js';\nimport { SAFETY_EXTENSION_KEY, SafetyExtensionSchema } from './safety.js';\nimport { COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema } from './compliance.js';\nimport { PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema } from './provenance.js';\nimport { ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema } from './attribution.js';\nimport { PURPOSE_EXTENSION_KEY, PurposeExtensionSchema } from './purpose-extension.js';\n\n/** Map from known extension key to its Zod schema */\nexport const EXTENSION_SCHEMA_MAP = new Map<string, z.ZodTypeAny>();\nEXTENSION_SCHEMA_MAP.set(COMMERCE_EXTENSION_KEY, CommerceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(ACCESS_EXTENSION_KEY, AccessExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CHALLENGE_EXTENSION_KEY, ChallengeExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(IDENTITY_EXTENSION_KEY, IdentityExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CORRELATION_EXTENSION_KEY, CorrelationExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(CONSENT_EXTENSION_KEY, ConsentExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PRIVACY_EXTENSION_KEY, PrivacyExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(SAFETY_EXTENSION_KEY, SafetyExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(COMPLIANCE_EXTENSION_KEY, ComplianceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PROVENANCE_EXTENSION_KEY, ProvenanceExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(ATTRIBUTION_EXTENSION_KEY, AttributionExtensionSchema);\nEXTENSION_SCHEMA_MAP.set(PURPOSE_EXTENSION_KEY, PurposeExtensionSchema);\n","/**\n * Wire 0.2 Extension Validation (envelope-level superRefine helper)\n *\n * Validates the extensions record inside Wire02ClaimsSchema.superRefine():\n * 1. Extension key grammar validation\n * 2. Recursive plain-JSON-value guard (rejects non-JSON-safe values)\n * 3. Known extension group schema validation\n * 4. Byte-budget enforcement\n *\n * NORMATIVE: Extension group values MUST be plain JSON values all the\n * way down (objects, arrays, strings, finite numbers, booleans, null).\n * Arbitrary JavaScript objects (functions, Symbols, Dates, BigInt,\n * objects with toJSON(), circular references, non-finite numbers, etc.)\n * are not a supported input class and are rejected at the validation\n * boundary via E_EXTENSION_NON_JSON_VALUE. This ensures cross-language\n * portability and reproducible byte-budget measurement.\n *\n * MEASUREMENT BASIS: Byte budgets are measured as the UTF-8 byte length\n * of ECMAScript JSON.stringify() output on plain JSON data. This is\n * explicitly ECMAScript-defined, not language-neutral canonical JSON.\n * Equivalent objects with different member order can yield different\n * byte counts; if cross-language reproducibility is needed in the\n * future, a canonical JSON profile (e.g., JCS / RFC 8785) can be\n * adopted via a future DD without changing the budget constants.\n * See EXTENSION_BUDGET in @peac/kernel for the full specification.\n *\n * Schema does NOT emit warnings (unknown_extension_preserved belongs\n * in @peac/protocol.verifyLocal(), Layer 3).\n *\n * Layer 1 (@peac/schema): pure Zod validation, zero I/O.\n */\n\nimport { z } from 'zod';\nimport { EXTENSION_BUDGET, ERROR_CODES as KERNEL_ERROR_CODES } from '@peac/kernel';\nimport { ERROR_CODES } from '../errors.js';\nimport { isValidExtensionKey } from './grammar.js';\nimport { EXTENSION_SCHEMA_MAP } from './schema-map.js';\n\n// ---------------------------------------------------------------------------\n// UTF-8 byte measurement (browser-safe, no Buffer dependency)\n// ---------------------------------------------------------------------------\n\n/** Shared TextEncoder instance (Layer 1 safe: no I/O, no fetch) */\nconst textEncoder = new TextEncoder();\n\n/**\n * Measure UTF-8 byte length of a JSON-serialized value.\n *\n * Returns Infinity if serialization fails (circular references, BigInt,\n * etc.). Callers treat Infinity as over-budget, which produces a clear\n * E_EXTENSION_SIZE_EXCEEDED error.\n */\nfunction jsonUtf8ByteLength(value: unknown): number {\n try {\n return textEncoder.encode(JSON.stringify(value)).byteLength;\n } catch {\n return Infinity;\n }\n}\n\n// ---------------------------------------------------------------------------\n// Recursive plain-JSON-value guard\n// ---------------------------------------------------------------------------\n\n/**\n * Maximum recursion depth for the plain-JSON guard. Prevents stack\n * overflow on pathologically deep but structurally valid JSON trees.\n * 64 levels deep is far beyond any reasonable extension group shape.\n */\nconst MAX_JSON_GUARD_DEPTH = 64;\n\n/**\n * Recursively check whether a value is a plain JSON value.\n *\n * A plain JSON value is one of:\n * - null\n * - boolean\n * - finite number (NaN, Infinity, -Infinity rejected)\n * - string\n * - plain array where every element is a plain JSON value\n * - plain object (prototype === Object.prototype or null, no toJSON)\n * where every own enumerable value is a plain JSON value\n *\n * Rejects:\n * - Functions, Symbols, BigInt, undefined\n * - Non-finite numbers (NaN, Infinity, -Infinity)\n * - Date, RegExp, Map, Set, TypedArray, Error, Promise\n * - Objects with toJSON() methods (non-reproducible serialization)\n * - Any object with a non-plain prototype\n * - Circular references (detected via depth limit + seen set)\n *\n * @param value - Value to check\n * @param depth - Current recursion depth (bounded by MAX_JSON_GUARD_DEPTH)\n * @param seen - WeakSet for circular reference detection\n * @returns true if the value is a plain JSON value all the way down\n */\nfunction isPlainJsonValueRecursive(value: unknown, depth: number, seen: WeakSet<object>): boolean {\n // Depth guard: reject pathologically deep structures\n if (depth > MAX_JSON_GUARD_DEPTH) return false;\n\n // Primitives\n if (value === null) return true;\n const t = typeof value;\n if (t === 'string' || t === 'boolean') return true;\n if (t === 'number') return Number.isFinite(value as number);\n if (t === 'function' || t === 'symbol' || t === 'bigint' || t === 'undefined') return false;\n\n // Must be an object type from here\n if (t !== 'object') return false;\n const obj = value as object;\n\n // Reference cycle / shared-reference detection.\n // Intentionally rejects shared-but-acyclic subobjects (same JS reference\n // appearing in two places). JSON has no concept of object identity;\n // extensions must be JSON trees, not arbitrary JS object graphs. If the\n // same object appears twice, JSON.stringify would serialize it twice\n // (inflating byte count), and the data model is ambiguous. Rejecting\n // shared references ensures the extension tree matches a true JSON tree.\n if (seen.has(obj)) return false;\n seen.add(obj);\n\n // Array: recursively check every element\n if (Array.isArray(obj)) {\n for (let i = 0; i < obj.length; i++) {\n if (!isPlainJsonValueRecursive(obj[i], depth + 1, seen)) return false;\n }\n return true;\n }\n\n // Must be a plain object (no exotic prototype, no toJSON)\n const proto = Object.getPrototypeOf(obj);\n if (proto !== Object.prototype && proto !== null) return false;\n if (typeof (obj as Record<string, unknown>).toJSON === 'function') return false;\n\n // Recursively check every own enumerable value\n const keys = Object.keys(obj);\n for (const key of keys) {\n if (!isPlainJsonValueRecursive((obj as Record<string, unknown>)[key], depth + 1, seen)) {\n return false;\n }\n }\n\n return true;\n}\n\n/**\n * Check whether a value is a plain JSON value all the way down.\n *\n * This is the public entry point for the recursive guard. It initializes\n * the depth counter and circular-reference detection set.\n *\n * @param value - Value to check\n * @returns true if the entire value tree is plain JSON\n */\nfunction isPlainJsonValue(value: unknown): boolean {\n return isPlainJsonValueRecursive(value, 0, new WeakSet());\n}\n\n// ---------------------------------------------------------------------------\n// Envelope-level extension validation\n// ---------------------------------------------------------------------------\n\n/**\n * Validate extensions record in Wire02ClaimsSchema.superRefine().\n *\n * Steps:\n * 1. Validate extension key grammar\n * 2. Recursive guard: reject non-plain-JSON values (E_EXTENSION_NON_JSON_VALUE)\n * 3. Validate known extension groups against their Zod schemas\n * 4. Unconditional byte-budget enforcement\n *\n * @param extensions - The extensions record from Wire 0.2 claims\n * @param ctx - Zod refinement context\n */\nexport function validateKnownExtensions(\n extensions: Record<string, unknown> | undefined,\n ctx: z.RefinementCtx\n): void {\n if (extensions === undefined) return;\n\n const keys = Object.keys(extensions);\n\n for (const key of keys) {\n // Step 1: Validate extension key grammar\n if (!isValidExtensionKey(key)) {\n ctx.addIssue({\n code: 'custom',\n message: ERROR_CODES.E_INVALID_EXTENSION_KEY,\n path: ['extensions', key],\n });\n continue;\n }\n\n // Step 2: Recursive plain-JSON guard\n if (!isPlainJsonValue(extensions[key])) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_NON_JSON_VALUE,\n path: ['extensions', key],\n });\n continue;\n }\n\n // Step 3: Validate known extension groups against their schemas\n const schema = EXTENSION_SCHEMA_MAP.get(key);\n if (schema !== undefined) {\n const result = schema.safeParse(extensions[key]);\n if (!result.success) {\n const firstIssue = result.error.issues[0];\n const issuePath: PropertyKey[] = firstIssue?.path ?? [];\n ctx.addIssue({\n code: 'custom',\n message: firstIssue?.message ?? 'Invalid extension value',\n path: ['extensions', key, ...issuePath],\n });\n }\n }\n }\n\n // Step 4: Byte-budget enforcement (unconditional)\n const totalBytes = jsonUtf8ByteLength(extensions);\n if (totalBytes > EXTENSION_BUDGET.maxTotalBytes) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_SIZE_EXCEEDED,\n path: ['extensions'],\n });\n return;\n }\n\n for (const key of keys) {\n const groupBytes = jsonUtf8ByteLength(extensions[key]);\n if (groupBytes > EXTENSION_BUDGET.maxGroupBytes) {\n ctx.addIssue({\n code: 'custom',\n message: KERNEL_ERROR_CODES.E_EXTENSION_SIZE_EXCEEDED,\n path: ['extensions', key],\n });\n }\n }\n}\n\n// Exported for testing only\nexport { isPlainJsonValue as _isPlainJsonValue };\n","/**\n * Wire 0.2 Zod schemas and types (v0.12.0-preview.1)\n *\n * This file contains:\n * - Wire02ClaimsSchema: the canonical Zod schema for Wire 0.2 envelopes\n * - Wire02Claims: inferred TypeScript type (z.infer<typeof Wire02ClaimsSchema>)\n * - Supporting schemas: EvidencePillarSchema, PillarsSchema, Wire02KindSchema,\n * ReceiptTypeSchema, CanonicalIssSchema, PolicyBlockSchema\n * - isCanonicalIss(): exported canonical-iss validator\n * - isValidReceiptType(): exported type-grammar validator\n * - checkOccurredAtSkew(): cross-field skew check helper\n *\n * Wire02Claims does NOT live in @peac/kernel (layer violation);\n * it lives here because it references schema-layer types (Correction 4).\n */\n\nimport { z } from 'zod';\nimport {\n ISS_CANONICAL,\n TYPE_GRAMMAR,\n POLICY_BLOCK,\n OCCURRED_AT_TOLERANCE_SECONDS,\n HASH,\n} from '@peac/kernel';\nimport type { EvidencePillar, VerificationWarning } from '@peac/kernel';\nimport { ActorBindingSchema } from './actor-binding.js';\nimport { Wire02RepresentationFieldsSchema } from './wire-02-representation.js';\nimport { validateKnownExtensions } from './wire-02-extensions.js';\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Check that an array is sorted in ascending order with no duplicates.\n * Used to validate the pillars array.\n */\nfunction isSortedAndUnique(arr: readonly string[]): boolean {\n for (let i = 1; i < arr.length; i++) {\n if (arr[i] <= arr[i - 1]) return false;\n }\n return true;\n}\n\n// ---------------------------------------------------------------------------\n// isCanonicalIss (exported helper)\n// ---------------------------------------------------------------------------\n\n/**\n * Validate that an issuer (iss) claim is in canonical form.\n *\n * Accepted schemes:\n * - `https://`: ASCII origin (lowercase scheme+host, no explicit default port\n * (:443 rejected), origin-only, no path/query/fragment/userinfo).\n * Raw Unicode hosts are rejected; punycode (xn--...) is accepted.\n * - `did:`: DID Core identifier (`did:<method>:<id>`) where method is\n * `[a-z0-9]+` and the method-specific-id contains no `#`, `?`, or `/`.\n *\n * All other schemes produce E_ISS_NOT_CANONICAL.\n *\n * @param iss - Issuer claim value to validate\n * @returns true if canonical form; false otherwise\n */\nexport function isCanonicalIss(iss: string): boolean {\n if (typeof iss !== 'string' || iss.length === 0 || iss.length > ISS_CANONICAL.maxLength) {\n return false;\n }\n\n // did: branch: check before URL parsing (did: is a valid URL scheme in some parsers)\n if (iss.startsWith('did:')) {\n // did:<method>:<method-specific-id>\n // Method: lowercase letters and digits only ([a-z0-9]+)\n // Method-specific-id: non-empty, no literal '/', '?', or '#'\n return /^did:[a-z0-9]+:[^#?/]+$/.test(iss);\n }\n\n // https:// branch: try URL constructor for comprehensive validation\n try {\n const url = new URL(iss);\n\n // Must be https: scheme only\n if (url.protocol !== 'https:') return false;\n\n // Non-empty host required\n if (!url.hostname) return false;\n\n // No userinfo (credentials in origins are a security risk)\n if (url.username !== '' || url.password !== '') return false;\n\n // Reconstruct canonical origin (URL spec normalizes hostname to lowercase\n // and removes the default port 443 from url.host).\n // Exact match rejects: uppercase host, trailing slash, default port (:443),\n // path, query, fragment, userinfo, raw Unicode hostname.\n const origin = `${url.protocol}//${url.host}`;\n return iss === origin;\n } catch {\n return false;\n }\n}\n\n// ---------------------------------------------------------------------------\n// isValidReceiptType (exported helper)\n// ---------------------------------------------------------------------------\n\n/** Absolute URI pattern: scheme followed by '://' (RFC 3986 generic-URI) */\nconst ABS_URI_PATTERN = /^[a-z][a-z0-9+.-]*:\\/\\//;\n\n/**\n * Validate that a type claim conforms to the Wire 0.2 type grammar.\n *\n * Accepted forms:\n * - Reverse-DNS notation: `<domain>/<segment>` where `<domain>` has at\n * least one dot (e.g., `org.peacprotocol/commerce`, `com.example/flow`)\n * - Absolute URI: starts with `scheme://` (e.g., `https://example.com/type`)\n *\n * @param value - Type claim value to validate\n * @returns true if valid type grammar; false otherwise\n */\nexport function isValidReceiptType(value: string): boolean {\n if (value.length === 0 || value.length > TYPE_GRAMMAR.maxLength) return false;\n\n // Absolute URI form\n if (ABS_URI_PATTERN.test(value)) return true;\n\n // Reverse-DNS form: <domain>/<segment>\n const slashIdx = value.indexOf('/');\n if (slashIdx <= 0) return false; // no slash, or slash at position 0\n\n const domain = value.slice(0, slashIdx);\n const segment = value.slice(slashIdx + 1);\n\n // Domain must have at least one dot (distinguishes from single-label paths)\n if (!domain.includes('.')) return false;\n\n // Segment must be non-empty\n if (segment.length === 0) return false;\n\n // Domain: letters, digits, dots, hyphens; must start with alphanumeric\n if (!/^[a-zA-Z0-9][a-zA-Z0-9.-]*$/.test(domain)) return false;\n\n // Segment: letters, digits, hyphens, underscores, dots.\n // Additional slashes are NOT permitted in the reverse-DNS form; use an\n // absolute URI (handled by ABS_URI_PATTERN above) for multi-segment paths.\n if (!/^[a-zA-Z0-9][a-zA-Z0-9._-]*$/.test(segment)) return false;\n\n return true;\n}\n\n// ---------------------------------------------------------------------------\n// EvidencePillar schema (closed 10-value taxonomy)\n// ---------------------------------------------------------------------------\n\n/** All 10 registered pillar values in ascending lexicographic order */\nconst EVIDENCE_PILLARS: readonly EvidencePillar[] = [\n 'access',\n 'attribution',\n 'commerce',\n 'compliance',\n 'consent',\n 'identity',\n 'privacy',\n 'provenance',\n 'purpose',\n 'safety',\n];\n\nexport const EvidencePillarSchema = z.enum(\n EVIDENCE_PILLARS as [EvidencePillar, ...EvidencePillar[]]\n);\n\n// ---------------------------------------------------------------------------\n// PillarsSchema (non-empty array, sorted + unique)\n// ---------------------------------------------------------------------------\n\nexport const PillarsSchema = z\n .array(EvidencePillarSchema)\n .min(1)\n .superRefine((arr, ctx) => {\n if (!isSortedAndUnique(arr)) {\n ctx.addIssue({\n code: 'custom',\n message: 'E_PILLARS_NOT_SORTED',\n });\n }\n });\n\n// ---------------------------------------------------------------------------\n// Wire02KindSchema\n// ---------------------------------------------------------------------------\n\nexport const Wire02KindSchema = z.enum(['evidence', 'challenge']);\n\n// ---------------------------------------------------------------------------\n// ReceiptTypeSchema\n// ---------------------------------------------------------------------------\n\nexport const ReceiptTypeSchema = z.string().max(TYPE_GRAMMAR.maxLength).refine(isValidReceiptType, {\n message: 'type must be reverse-DNS notation (e.g., org.example/flow) or an absolute URI',\n});\n\n// ---------------------------------------------------------------------------\n// CanonicalIssSchema\n// ---------------------------------------------------------------------------\n\nexport const CanonicalIssSchema = z.string().max(ISS_CANONICAL.maxLength).refine(isCanonicalIss, {\n message: 'E_ISS_NOT_CANONICAL',\n});\n\n// ---------------------------------------------------------------------------\n// PolicyBlockSchema\n// ---------------------------------------------------------------------------\n\nexport const PolicyBlockSchema = z.object({\n /** JCS+SHA-256 digest: 'sha256:<64 lowercase hex>' */\n digest: z.string().regex(HASH.pattern, 'digest must be sha256:<64 lowercase hex>'),\n /**\n * HTTPS locator hint for the policy document.\n * MUST be an https:// URL (max 2048 chars).\n * MUST NOT trigger auto-fetch; callers use this as a hint only.\n */\n uri: z\n .string()\n .max(POLICY_BLOCK.uriMaxLength)\n .url()\n .refine((u) => u.startsWith('https://'), 'policy.uri must be an https:// URL')\n .optional(),\n /** Caller-assigned version label (max 256 chars) */\n version: z.string().max(POLICY_BLOCK.versionMaxLength).optional(),\n});\n\n// RepresentationFieldsSchema: see wire-02-representation.ts (PR 15)\n\n// ---------------------------------------------------------------------------\n// Wire02ClaimsSchema\n// ---------------------------------------------------------------------------\n\nexport const Wire02ClaimsSchema = z\n .object({\n /** Wire format version discriminant; always '0.2' for Wire 0.2 */\n peac_version: z.literal('0.2'),\n /** Structural kind: 'evidence' or 'challenge' */\n kind: Wire02KindSchema,\n /** Open semantic type (reverse-DNS or absolute URI) */\n type: ReceiptTypeSchema,\n /** Canonical issuer (https:// ASCII origin or did: identifier) */\n iss: CanonicalIssSchema,\n /** Issued-at time (Unix seconds). REQUIRED. */\n iat: z.number().int(),\n /** Unique receipt identifier; 1 to 256 chars */\n jti: z.string().min(1).max(256),\n /** Subject identifier; max 2048 chars */\n sub: z.string().max(2048).optional(),\n /** Evidence pillars (closed 10-value taxonomy); sorted ascending, unique */\n pillars: PillarsSchema.optional(),\n /** Top-level actor binding (sole location for ActorBinding in Wire 0.2) */\n actor: ActorBindingSchema.optional(),\n /** Policy binding block */\n policy: PolicyBlockSchema.optional(),\n /** Representation fields: FingerprintRef validation, sha256-only, strict */\n representation: Wire02RepresentationFieldsSchema.optional(),\n /** ISO 8601 / RFC 3339 timestamp when the interaction occurred; evidence kind only */\n occurred_at: z.string().datetime({ offset: true }).optional(),\n /** Declared purpose string; max 256 chars */\n purpose_declared: z.string().max(256).optional(),\n /** Extension groups (open; known group keys validated by group schema) */\n extensions: z.record(z.string(), z.unknown()).optional(),\n })\n .superRefine((data, ctx) => {\n // occurred_at is prohibited on challenge-kind receipts\n if (data.kind === 'challenge' && data.occurred_at !== undefined) {\n ctx.addIssue({\n code: 'custom',\n message: 'E_OCCURRED_AT_ON_CHALLENGE',\n });\n }\n // Validate known extension groups + reject malformed key grammar\n validateKnownExtensions(data.extensions, ctx);\n })\n .strict();\n\n/** Inferred type for Wire 0.2 receipt claims */\nexport type Wire02Claims = z.infer<typeof Wire02ClaimsSchema>;\n\n// ---------------------------------------------------------------------------\n// checkOccurredAtSkew (Correction 5)\n// ---------------------------------------------------------------------------\n\n/**\n * Check the occurred_at field for temporal consistency.\n *\n * Rules (evidence kind only; caller must not call for challenge kind):\n * - If occurred_at > now + tolerance: hard error (E_OCCURRED_AT_FUTURE)\n * - If occurred_at > iat (within tolerance): warning (occurred_at_skew)\n * - If occurred_at <= iat: valid, no warning\n * - If occurred_at is undefined: no check performed\n *\n * @param occurredAt - Value of the occurred_at claim, or undefined\n * @param iat - iat claim value (Unix seconds)\n * @param now - Current time (Unix seconds)\n * @param tolerance - Allowed future skew in seconds (default: OCCURRED_AT_TOLERANCE_SECONDS)\n * @returns 'future_error' for hard error, VerificationWarning for skew warning, null for valid\n */\nexport function checkOccurredAtSkew(\n occurredAt: string | undefined,\n iat: number,\n now: number,\n tolerance: number = OCCURRED_AT_TOLERANCE_SECONDS\n): VerificationWarning | 'future_error' | null {\n if (occurredAt === undefined) return null;\n\n const ts = Date.parse(occurredAt) / 1000;\n if (isNaN(ts)) return null; // unparseable; parse error surfaces from schema validation\n\n if (ts > now + tolerance) return 'future_error';\n\n if (ts > iat) {\n return {\n code: 'occurred_at_skew',\n message: 'occurred_at is after iat',\n pointer: '/occurred_at',\n };\n }\n\n return null;\n}\n","/**\n * Unified Receipt Parser\n *\n * Single entry point for classifying and validating receipt claims.\n * Supports Wire 0.1 (commerce and attestation) and Wire 0.2 receipts.\n *\n * Wire 0.1 classification uses key presence ('amt' in obj), NOT truthy values.\n * If any of amt|cur|payment are present, the receipt is classified as commerce.\n * If commerce validation fails, it returns a commerce error -- never falls\n * through to attestation.\n *\n * Wire 0.2 detection uses the peac_version field (value '0.2').\n */\n\nimport { ZodError } from 'zod';\nimport type { VerificationWarning } from '@peac/kernel';\nimport { ReceiptClaimsSchema, type ReceiptClaimsType } from './validators.js';\nimport {\n AttestationReceiptClaimsSchema,\n type AttestationReceiptClaims,\n} from './attestation-receipt.js';\nimport { Wire02ClaimsSchema, type Wire02Claims } from './wire-02-envelope.js';\n\n/**\n * Receipt variant discriminator for Wire 0.1\n */\nexport type ReceiptVariant = 'commerce' | 'attestation' | 'wire-02';\n\n/**\n * Parse error with canonical error code\n */\nexport interface PEACParseError {\n /** Canonical error code from specs/kernel/errors.json */\n code: string;\n /** Human-readable message */\n message: string;\n /** Zod issues (if schema validation failed) */\n issues?: ZodError['issues'];\n}\n\n/**\n * Successful parse result (v0.12.0-preview.1: adds wireVersion and warnings)\n */\nexport interface ParseSuccess {\n ok: true;\n variant: ReceiptVariant;\n /** Wire version of the parsed receipt */\n wireVersion: '0.1' | '0.2';\n /** Verification warnings collected during parsing (Wire 0.1: always []) */\n warnings: VerificationWarning[];\n claims: ReceiptClaimsType | AttestationReceiptClaims | Wire02Claims;\n}\n\n/**\n * Failed parse result\n */\nexport interface ParseFailure {\n ok: false;\n error: PEACParseError;\n}\n\n/**\n * Parse result type\n */\nexport type ParseReceiptResult = ParseSuccess | ParseFailure;\n\n/**\n * Options for parseReceiptClaims\n */\nexport interface ParseReceiptOptions {\n /** Wire version hint; if provided, skips auto-detection */\n wireVersion?: string;\n}\n\n// ---------------------------------------------------------------------------\n// Wire version detection\n// ---------------------------------------------------------------------------\n\n/**\n * Detect the wire version of a receipt payload.\n *\n * Wire 0.2 receipts contain a `peac_version: '0.2'` field.\n * Wire 0.1 receipts have no `peac_version` field.\n *\n * @param obj - Raw claims object\n * @returns '0.2' if Wire 0.2, '0.1' if Wire 0.1, null if indeterminate\n */\nexport function detectWireVersion(obj: unknown): '0.1' | '0.2' | null {\n if (obj === null || obj === undefined || typeof obj !== 'object' || Array.isArray(obj)) {\n return null;\n }\n const record = obj as Record<string, unknown>;\n if (record.peac_version === '0.2') return '0.2';\n if ('peac_version' in record) return null; // peac_version present but not '0.2'\n return '0.1';\n}\n\n// ---------------------------------------------------------------------------\n// Wire 0.1 helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Classify a Wire 0.1 claims object as commerce or attestation.\n *\n * Uses key presence (not truthiness). If ANY of amt, cur, payment\n * are present as keys, the receipt is classified as commerce.\n */\nfunction classifyWire01Receipt(obj: Record<string, unknown>): 'commerce' | 'attestation' {\n if ('amt' in obj || 'cur' in obj || 'payment' in obj) {\n return 'commerce';\n }\n return 'attestation';\n}\n\n// ---------------------------------------------------------------------------\n// Main parser\n// ---------------------------------------------------------------------------\n\n/**\n * Parse and validate receipt claims.\n *\n * Unified entry point for Wire 0.1 (commerce + attestation) and Wire 0.2\n * receipt validation. Wire version is auto-detected from the `peac_version`\n * field unless `opts.wireVersion` overrides it.\n *\n * Wire 0.1 classification is strict: if any commerce key (amt, cur, payment)\n * is present, the receipt MUST validate as commerce. There is no fallback to\n * attestation for Wire 0.1.\n *\n * @param input - Raw claims object (typically decoded from JWS payload)\n * @param opts - Optional parse options\n * @returns Parse result with variant discrimination, wireVersion, warnings, and validated claims\n */\nexport function parseReceiptClaims(input: unknown, opts?: ParseReceiptOptions): ParseReceiptResult {\n // Guard: input must be a non-null object\n if (input === null || input === undefined || typeof input !== 'object' || Array.isArray(input)) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_INVALID_INPUT',\n message: 'Input must be a non-null object',\n },\n };\n }\n\n const obj = input as Record<string, unknown>;\n\n // Determine wire version\n const wireVersion =\n opts?.wireVersion === '0.2' || opts?.wireVersion === '0.1'\n ? opts.wireVersion\n : detectWireVersion(obj);\n\n if (wireVersion === null) {\n return {\n ok: false,\n error: {\n code: 'E_UNSUPPORTED_WIRE_VERSION',\n message: `Unsupported or unrecognized peac_version: ${JSON.stringify(obj['peac_version'])}`,\n },\n };\n }\n\n // ---------------------------------------------------------------------------\n // Wire 0.2 path\n // ---------------------------------------------------------------------------\n if (wireVersion === '0.2') {\n const result = Wire02ClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_INVALID_FORMAT',\n message: `Wire 0.2 receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'wire-02',\n wireVersion: '0.2',\n warnings: [],\n claims: result.data,\n };\n }\n\n // ---------------------------------------------------------------------------\n // Wire 0.1 path (existing logic unchanged)\n // ---------------------------------------------------------------------------\n const variant = classifyWire01Receipt(obj);\n\n if (variant === 'commerce') {\n const result = ReceiptClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_COMMERCE_INVALID',\n message: `Commerce receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'commerce',\n wireVersion: '0.1',\n warnings: [],\n claims: result.data,\n };\n }\n\n // Attestation path\n const result = AttestationReceiptClaimsSchema.safeParse(obj);\n if (!result.success) {\n return {\n ok: false,\n error: {\n code: 'E_PARSE_ATTESTATION_INVALID',\n message: `Attestation receipt validation failed: ${result.error.issues.map((i) => i.message).join('; ')}`,\n issues: result.error.issues,\n },\n };\n }\n return {\n ok: true,\n variant: 'attestation',\n wireVersion: '0.1',\n warnings: [],\n claims: result.data,\n };\n}\n","/**\n * Wire 0.2 verification warning codes and collector (v0.12.0-preview.1)\n *\n * Warning codes are append-only stable string literals. Warnings do NOT affect\n * the allow/deny decision unless caller policy requires it.\n *\n * Warnings MUST be sorted by (pointer ascending, code ascending);\n * undefined pointer sorts before any string value.\n *\n * RFC 6901 JSON Pointer escaping: '/' in keys is escaped as '~1', '~' as '~0'.\n */\n\nimport type { VerificationWarning } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// Warning code constants (append-only)\n// ---------------------------------------------------------------------------\n\n/** type claim does not match any registered type in the receipt_types registry */\nexport const WARNING_TYPE_UNREGISTERED = 'type_unregistered' as const;\n\n/** Unknown extension key was encountered and preserved (no schema validation) */\nexport const WARNING_UNKNOWN_EXTENSION = 'unknown_extension_preserved' as const;\n\n/** occurred_at is after iat by more than zero but within the tolerance window */\nexport const WARNING_OCCURRED_AT_SKEW = 'occurred_at_skew' as const;\n\n/** JWS typ header was absent; interop mode accepted the token without typ */\nexport const WARNING_TYP_MISSING = 'typ_missing' as const;\n\n/** Registered type has a mapped extension group, but that group is absent from extensions */\nexport const WARNING_EXTENSION_GROUP_MISSING = 'extension_group_missing' as const;\n\n/** Registered type has a mapped extension group, but a different registered group is present instead */\nexport const WARNING_EXTENSION_GROUP_MISMATCH = 'extension_group_mismatch' as const;\n\n// ---------------------------------------------------------------------------\n// Warning sorting\n// ---------------------------------------------------------------------------\n\n/**\n * Sort warnings by (pointer ascending, code ascending).\n * Warnings with undefined pointer sort before those with a defined pointer.\n *\n * @param warnings - Array of VerificationWarning objects to sort\n * @returns New array sorted in canonical order\n */\nexport function sortWarnings(warnings: VerificationWarning[]): VerificationWarning[] {\n return [...warnings].sort((a, b) => {\n const aHasPtr = a.pointer !== undefined;\n const bHasPtr = b.pointer !== undefined;\n\n // undefined pointer sorts before any defined pointer\n if (!aHasPtr && bHasPtr) return -1;\n if (aHasPtr && !bHasPtr) return 1;\n\n // Both have the same pointer presence; compare values if both defined\n if (aHasPtr && bHasPtr) {\n const cmp = (a.pointer as string).localeCompare(b.pointer as string);\n if (cmp !== 0) return cmp;\n }\n\n // Same pointer (or both undefined): sort by code\n return a.code.localeCompare(b.code);\n });\n}\n","/**\n * Wire 0.2 recommended receipt type and extension group registries.\n *\n * Single source of truth: specs/kernel/registries.json\n * Generated constants: @peac/kernel registries.generated.ts\n *\n * Used by @peac/protocol.verifyLocal() to emit type_unregistered and\n * unknown_extension_preserved warnings for valid-but-unrecognized values.\n */\n\nimport { RECEIPT_TYPES, EXTENSION_GROUPS } from '@peac/kernel';\n\n// ---------------------------------------------------------------------------\n// Recommended receipt types (derived from generated registry)\n// ---------------------------------------------------------------------------\n\n/**\n * Recommended receipt type values from the receipt_types registry.\n * A type NOT in this set triggers a type_unregistered warning (not an error).\n */\nexport const REGISTERED_RECEIPT_TYPES: ReadonlySet<string> = new Set(\n RECEIPT_TYPES.map((entry) => entry.id)\n);\n\n// ---------------------------------------------------------------------------\n// Core extension group keys (derived from generated registry)\n// ---------------------------------------------------------------------------\n\n/**\n * Core extension group keys that have typed schemas in @peac/schema.\n * An extension key NOT in this set (but passing grammar validation)\n * triggers an unknown_extension_preserved warning (not an error).\n *\n * Derived from EXTENSION_GROUPS in @peac/kernel (generated from\n * specs/kernel/registries.json). No manual maintenance required.\n */\nexport const REGISTERED_EXTENSION_GROUP_KEYS: ReadonlySet<string> = new Set(\n EXTENSION_GROUPS.map((entry) => entry.id)\n);\n","/**\n * Policy binding comparison (Layer 1)\n *\n * Pure string comparison with no I/O and no crypto imports.\n * The digest format is 'sha256:<64 lowercase hex>'.\n *\n * This function handles only the binary match/mismatch decision. The full\n * 3-state result ('verified' | 'failed' | 'unavailable') is computed by\n * checkPolicyBinding() in @peac/protocol (Layer 3), which handles the\n * absent-digest case and invokes computePolicyDigestJcs() for hashing.\n */\n\n/**\n * Compare a receipt policy digest against a locally-computed digest.\n *\n * Returns 'verified' if the two digests match exactly, 'failed' otherwise.\n * Both arguments must be present; callers must handle the absent-digest case\n * (producing 'unavailable') before calling this function.\n *\n * @param receiptDigest - policy.digest from the receipt claims\n * @param localDigest - digest computed from the caller's local policy bytes\n * @returns 'verified' on exact match, 'failed' on mismatch\n */\nexport function verifyPolicyBinding(\n receiptDigest: string,\n localDigest: string\n): 'verified' | 'failed' {\n return receiptDigest === localDigest ? 'verified' : 'failed';\n}\n","/**\n * Issuer Configuration Schema Extensions (v0.11.3+)\n *\n * Zod schemas for revoked_keys field in peac-issuer.json.\n * Reason values aligned with RFC 5280 CRLReason subset\n * (only values meaningful for receipt signing keys).\n *\n * @packageDocumentation\n */\n\nimport { z } from 'zod';\n\n/**\n * Revocation reasons: RFC 5280 CRLReason subset relevant to receipt signing keys.\n */\nexport const REVOCATION_REASONS = [\n 'key_compromise',\n 'superseded',\n 'cessation_of_operation',\n 'privilege_withdrawn',\n] as const;\n\nexport type RevocationReason = (typeof REVOCATION_REASONS)[number];\n\n/**\n * Schema for a single revoked key entry.\n */\nexport const RevokedKeyEntrySchema = z\n .object({\n /** Key ID that was revoked */\n kid: z.string().min(1).max(256),\n /** ISO 8601 timestamp of revocation */\n revoked_at: z.string().datetime(),\n /** Revocation reason (optional, RFC 5280 CRLReason subset) */\n reason: z.enum(REVOCATION_REASONS).optional(),\n })\n .strict();\n\nexport type RevokedKeyEntryInput = z.input<typeof RevokedKeyEntrySchema>;\nexport type RevokedKeyEntryOutput = z.output<typeof RevokedKeyEntrySchema>;\n\n/**\n * Schema for the revoked_keys array in issuer configuration.\n * Maximum 100 entries to prevent unbounded growth.\n */\nexport const RevokedKeysArraySchema = z.array(RevokedKeyEntrySchema).max(100);\n\n/**\n * Validate a revoked_keys array.\n * Returns a discriminated result (no exceptions).\n */\nexport function validateRevokedKeys(\n data: unknown\n): { ok: true; value: RevokedKeyEntryOutput[] } | { ok: false; error: string } {\n const result = RevokedKeysArraySchema.safeParse(data);\n if (result.success) {\n return { ok: true, value: result.data };\n }\n return { ok: false, error: result.error.issues.map((i) => i.message).join('; ') };\n}\n\n/**\n * Check if a kid is present in a revoked_keys array.\n * Returns the revocation entry if found, null otherwise.\n */\nexport function findRevokedKey(\n revokedKeys: RevokedKeyEntryOutput[],\n kid: string\n): RevokedKeyEntryOutput | null {\n return revokedKeys.find((entry) => entry.kid === kid) ?? null;\n}\n"]}