@primust/verifier 1.0.0

package/dist/bounded-trace.js

@@ -0,0 +1,558 @@
+/**
+ * Reference TypeScript interpreter for bounded_trace_v1 verification.
+ *
+ * This is the canonical second-opinion verifier described in PRIMUST_V27 §20.2,
+ * ported from verifier-py/src/primust_verify/bounded_trace.py. It is
+ * intentionally small and obviously-correct: consumes a BoundedTraceV1 payload
+ * plus a ProfileRecord and produces one of the §16.3 canonical downgrade
+ * reason codes (or "ok" on success).
+ *
+ * Crypto used: SHA-256 with RFC 6962-style domain-separated leaves (0x00)
+ * and nodes (0x01). Canonical JSON follows RFC 8785 + ECMAScript 7.1.12.1
+ * number serialization for cross-language parity.
+ *
+ * SI-3 (VPEC verifiability): this module's output MUST match the Python
+ * reference byte-for-byte across the shared conformance fixture corpus at
+ * packages/verifier-py/tests/fixtures/bounded_trace_v1/. The conformance
+ * runner in scripts/lane_a_conformance.* enforces this.
+ *
+ * Zero runtime dependencies besides node:crypto.
+ */
+import { createHash } from "node:crypto";
+// ── Canonical number + JSON (duplicated for zero-dep reference parity) ──
+export function canonicalNumber(x) {
+    if (typeof x !== "number" || Number.isNaN(x) || !Number.isFinite(x)) {
+        throw new Error("canonical JSON cannot represent NaN, infinity, or non-numbers");
+    }
+    if (x === 0)
+        return "0";
+    // Node/V8 Number.prototype.toString already emits ECMAScript 7.1.12.1
+    // form for most values. Python repr() does the same for finite doubles.
+    // We normalize a handful of edge cases to match Python exactly:
+    //   - trim trailing zeros after the decimal
+    //   - "-0" → "0"
+    //   - re-express scientific form with explicit "+"/"-" exponent sign
+    let s = x.toString();
+    const eIdx = s.indexOf("e");
+    if (eIdx >= 0) {
+        const mantissa = s.slice(0, eIdx);
+        const expPart = s.slice(eIdx + 1);
+        const sign = expPart.startsWith("-") ? "-" : "+";
+        const expDigits = expPart.replace(/^[+-]/, "").replace(/^0+(?=\d)/, "");
+        return `${mantissa}e${sign}${expDigits || "0"}`;
+    }
+    if (s.includes(".")) {
+        // Strip trailing zeros, then trailing dot
+        s = s.replace(/\.?0+$/, (m) => (m.startsWith(".") ? "" : m));
+    }
+    if (s === "-0")
+        s = "0";
+    return s;
+}
+/**
+ * Canonical JSON serialization:
+ *   - object keys sorted lexicographically
+ *   - UTF-8
+ *   - separators ",":":",  no whitespace
+ *   - numbers via canonicalNumber
+ *   - strings via JSON.stringify (same escape rules as Python json with ensure_ascii=False)
+ */
+export function canonicalJson(obj) {
+    const s = canonicalJsonString(obj);
+    return new TextEncoder().encode(s);
+}
+export function canonicalJsonString(obj) {
+    if (obj === null)
+        return "null";
+    if (typeof obj === "boolean")
+        return obj ? "true" : "false";
+    if (typeof obj === "number")
+        return canonicalNumber(obj);
+    if (typeof obj === "string")
+        return JSON.stringify(obj);
+    if (Array.isArray(obj)) {
+        return "[" + obj.map((v) => canonicalJsonString(v)).join(",") + "]";
+    }
+    if (typeof obj === "object") {
+        const keys = Object.keys(obj).sort();
+        const parts = keys.map((k) => {
+            const v = obj[k];
+            return JSON.stringify(k) + ":" + canonicalJsonString(v);
+        });
+        return "{" + parts.join(",") + "}";
+    }
+    throw new Error(`canonical_json cannot encode value of type ${typeof obj}`);
+}
+// ── Merkle helpers (RFC 6962 domain separation) ──
+function sha256(bytes) {
+    const h = createHash("sha256");
+    h.update(bytes);
+    return new Uint8Array(h.digest());
+}
+function leafHash(payload) {
+    const prefixed = new Uint8Array(payload.length + 1);
+    prefixed[0] = 0x00;
+    prefixed.set(payload, 1);
+    return sha256(prefixed);
+}
+function nodeHash(left, right) {
+    const prefixed = new Uint8Array(1 + left.length + right.length);
+    prefixed[0] = 0x01;
+    prefixed.set(left, 1);
+    prefixed.set(right, 1 + left.length);
+    return sha256(prefixed);
+}
+function toHex(bytes) {
+    let out = "";
+    for (const b of bytes) {
+        out += b.toString(16).padStart(2, "0");
+    }
+    return out;
+}
+export function buildMerkleRoot(leaves) {
+    if (leaves.length === 0) {
+        throw new Error("cannot build Merkle root over empty leaf list");
+    }
+    let level = leaves.map((l) => leafHash(l));
+    while (level.length > 1) {
+        if (level.length % 2 === 1) {
+            level.push(level[level.length - 1]);
+        }
+        const next = [];
+        for (let i = 0; i < level.length; i += 2) {
+            next.push(nodeHash(level[i], level[i + 1]));
+        }
+        level = next;
+    }
+    return "sha256:" + toHex(level[0]);
+}
+// ── Canonical reason codes (§16.3) ──
+export const REASONS = [
+    "profile_not_found",
+    "profile_signature_invalid",
+    "profile_not_empirical",
+    "profile_expired",
+    "profile_revoked",
+    "profile_no_freshness_window",
+    "profile_trace_mismatch",
+    "runtime_not_supported",
+    "trace_schema_unknown",
+    "missing_merkle_root",
+    "merkle_inclusion_failed",
+    "threshold_violation",
+    "runtime_section_missing",
+    "retrieval_section_missing",
+    // v28.5 §4 — closed-API lifecycle downgrade codes. Mirrors the
+    // primust_verify (Python) 1.0.3 vocabulary so cross-verifier
+    // conformance holds. The TS verifier consults
+    // `model_profiles.lifecycle_state` (mig 123) BEFORE the legacy
+    // profile_class check; rows with non-empirical lifecycle states
+    // downgrade to `execution` with the listed reason regardless of class.
+    "closed_api_pre_cohort",
+    "closed_api_pre_promote",
+    "closed_api_v2_promoted",
+    "profile_deprecated",
+    "unknown_lifecycle_state",
+];
+// v28.5 §1 lifecycle state vocabulary recognized by the verifier.
+// Mirrors primust_verify.bounded_trace._KNOWN_LIFECYCLE_STATES
+// byte-for-byte. Unknown values fail closed.
+const KNOWN_LIFECYCLE_STATES = new Set([
+    "v1_placeholder",
+    "v2_run_complete",
+    "v2_staged",
+    "cohort_validated",
+    "v2_empirical_closed_api",
+    "deprecated",
+]);
+// v28.5 §4 state-behavior table — non-empirical lifecycle → execution
+// with the listed reason. v2_empirical_closed_api is intentionally
+// absent: it's the only state that lets the verifier proceed.
+const LIFECYCLE_DOWNGRADE_REASON = {
+    v1_placeholder: "closed_api_pre_cohort",
+    v2_run_complete: "closed_api_pre_cohort",
+    v2_staged: "closed_api_pre_cohort",
+    cohort_validated: "closed_api_pre_promote",
+    deprecated: "profile_deprecated",
+};
+// ── Verification steps ──
+function asDate(x) {
+    if (!x)
+        return null;
+    if (x instanceof Date)
+        return x;
+    if (typeof x === "string") {
+        const d = new Date(x);
+        if (!isNaN(d.getTime()))
+            return d;
+    }
+    return null;
+}
+function checkProfile(profile, now) {
+    if (!profile || Object.keys(profile).length === 0) {
+        return { ok: false, reason: "profile_not_found" };
+    }
+    const sig = String(profile.profile_signature ?? profile.signature ?? "");
+    if (sig.includes("PLACEHOLDER") || sig.includes("UNSIGNED_PENDING")) {
+        return { ok: false, reason: "profile_signature_invalid" };
+    }
+    const status = String(profile.status ?? "active").toLowerCase();
+    if (status === "revoked" || status === "suspended") {
+        return { ok: false, reason: "profile_revoked" };
+    }
+    // v28.5 §4 — closed-API lifecycle gate. Mirrors primust_verify
+    // (Python) _check_profile. Runs BEFORE profile_class so a closed-API
+    // row that is profile_class='empirical' but still in cohort_validated
+    // lifecycle correctly downgrades to execution with closed_api_pre_promote
+    // rather than verifying as operator_bound. Open-weight rows have
+    // lifecycle_state=NULL/undefined per mig 123 and skip this gate,
+    // falling through to the legacy profile_class path.
+    const lifecycle = profile.lifecycle_state;
+    if (lifecycle !== null && lifecycle !== undefined) {
+        const ls = String(lifecycle).toLowerCase();
+        if (!KNOWN_LIFECYCLE_STATES.has(ls)) {
+            return { ok: false, reason: "unknown_lifecycle_state" };
+        }
+        const downgrade = LIFECYCLE_DOWNGRADE_REASON[ls];
+        if (downgrade !== undefined) {
+            return { ok: false, reason: downgrade };
+        }
+        // ls === 'v2_empirical_closed_api' — eligible if remaining gates pass.
+    }
+    const cls = String(profile.profile_class ?? "placeholder").toLowerCase();
+    if (cls === "revoked")
+        return { ok: false, reason: "profile_revoked" };
+    if (cls === "synthetic" || cls === "placeholder") {
+        return { ok: false, reason: "profile_not_empirical" };
+    }
+    if (cls === "expired")
+        return { ok: false, reason: "profile_expired" };
+    if (cls !== "empirical")
+        return { ok: false, reason: "profile_not_empirical" };
+    const validFrom = asDate(profile.freshness_valid_from);
+    const validUntil = asDate(profile.freshness_valid_until);
+    if (!validFrom || !validUntil) {
+        return { ok: false, reason: "profile_no_freshness_window" };
+    }
+    const graceDays = Number(profile.freshness_grace_days) || 0;
+    const graceMs = graceDays * 24 * 60 * 60 * 1000;
+    if (now.getTime() > validUntil.getTime() + graceMs) {
+        return { ok: false, reason: "profile_expired" };
+    }
+    if (now.getTime() < validFrom.getTime()) {
+        return { ok: false, reason: "profile_expired" };
+    }
+    return { ok: true, reason: "ok" };
+}
+function asDict(v) {
+    if (v && typeof v === "object" && !Array.isArray(v)) {
+        return v;
+    }
+    if (typeof v === "string") {
+        try {
+            const parsed = JSON.parse(v);
+            if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+                return parsed;
+            }
+        }
+        catch {
+            /* ignore */
+        }
+    }
+    return {};
+}
+function checkRuntime(trace, profile) {
+    const runtime = asDict(trace.runtime);
+    const kernel = runtime.kernel_profile_id;
+    const gpu = runtime.gpu_class;
+    const supportedRaw = profile.supported_runtime_classes;
+    const supported = new Set(Array.isArray(supportedRaw) ? supportedRaw : []);
+    if (supported.size > 0) {
+        if (kernel && supported.has(kernel))
+            return { ok: true, reason: "ok" };
+        if (gpu && supported.has(gpu))
+            return { ok: true, reason: "ok" };
+        return { ok: false, reason: "runtime_not_supported" };
+    }
+    // Legacy profile_data.calibrated_gpu_classes (pre-Sprint-2 shape)
+    const profileData = asDict(profile.profile_data);
+    const calibrated = profileData.calibrated_gpu_classes;
+    if (calibrated && typeof calibrated === "object") {
+        const keys = Array.isArray(calibrated)
+            ? calibrated
+            : Object.keys(calibrated);
+        if (gpu && keys.includes(gpu))
+            return { ok: true, reason: "ok" };
+        if (kernel && keys.includes(kernel))
+            return { ok: true, reason: "ok" };
+    }
+    return { ok: false, reason: "runtime_not_supported" };
+}
+function recomputeMerkleRoot(operators) {
+    const leaves = operators.map((op) => canonicalJson({ v: "bounded_trace_v1", op }));
+    return buildMerkleRoot(leaves);
+}
+function compareThresholds(trace, profile) {
+    const runtime = asDict(trace.runtime);
+    const gpu = runtime.gpu_class;
+    const profileData = asDict(profile.profile_data);
+    let opThresholds = {};
+    const calibrated = profileData.calibrated_gpu_classes;
+    if (calibrated &&
+        typeof calibrated === "object" &&
+        !Array.isArray(calibrated) &&
+        gpu &&
+        gpu in calibrated) {
+        const gpuBlock = calibrated[gpu];
+        if (gpuBlock && typeof gpuBlock === "object") {
+            const ops = gpuBlock.operators;
+            if (ops && typeof ops === "object" && !Array.isArray(ops)) {
+                opThresholds = ops;
+            }
+        }
+    }
+    if (Object.keys(opThresholds).length === 0) {
+        const legacyOps = profileData.operators;
+        if (legacyOps && typeof legacyOps === "object" && !Array.isArray(legacyOps)) {
+            opThresholds = legacyOps;
+        }
+    }
+    if (Object.keys(opThresholds).length === 0) {
+        return {
+            ok: false,
+            violations: [{ reason: "no_operator_thresholds_in_profile" }],
+        };
+    }
+    let marginFactor = 1.0;
+    const safetyMargin = profile.safety_margin;
+    if (typeof safetyMargin === "number" && !Number.isNaN(safetyMargin)) {
+        marginFactor = 1.0 + safetyMargin;
+    }
+    const absOrViolation = (raw) => {
+        // Returns the absolute value for finite numeric stats; null when the
+        // field is missing OR when the supplied value is not a real finite
+        // number. Mirrors _abs_or_violation() in bounded_trace.py — crafted
+        // traces can't smuggle NaN/infinity past a naive `>`-comparison
+        // (NaN > x is False in ECMAScript) and negative values named *_abs
+        // are coerced to their magnitude before comparison.
+        if (raw === null || raw === undefined)
+            return null;
+        if (typeof raw !== "number")
+            return null;
+        if (Number.isNaN(raw) || !Number.isFinite(raw))
+            return null;
+        return Math.abs(raw);
+    };
+    const violations = [];
+    const tops = Array.isArray(trace.operators) ? trace.operators : [];
+    for (const rawOp of tops) {
+        const op = asDict(rawOp);
+        const opType = op.operator_type;
+        const thresholds = opType && typeof opType === "string" ? opThresholds[opType] : undefined;
+        if (!thresholds) {
+            violations.push({
+                operator_index: op.operator_index,
+                operator_type: opType,
+                stat: "operator_type",
+                observed: opType,
+                allowed: Object.keys(opThresholds),
+            });
+            continue;
+        }
+        const stats = asDict(op.stats);
+        const p99 = thresholds.p99;
+        const p99_99 = thresholds.p99_99;
+        const rawP99 = stats.p99_abs;
+        const rawMax = stats.max_abs;
+        const observedP99 = absOrViolation(rawP99);
+        const observedMax = absOrViolation(rawMax);
+        if (rawP99 !== null && rawP99 !== undefined && observedP99 === null) {
+            violations.push({
+                operator_index: op.operator_index,
+                operator_type: opType,
+                stat: "p99_abs",
+                observed: rawP99,
+                allowed: "finite non-negative number",
+            });
+        }
+        else if (observedP99 !== null &&
+            typeof p99 === "number" &&
+            observedP99 > p99 * marginFactor) {
+            violations.push({
+                operator_index: op.operator_index,
+                operator_type: opType,
+                stat: "p99_abs",
+                observed: observedP99,
+                allowed: p99 * marginFactor,
+            });
+        }
+        if (rawMax !== null && rawMax !== undefined && observedMax === null) {
+            violations.push({
+                operator_index: op.operator_index,
+                operator_type: opType,
+                stat: "max_abs",
+                observed: rawMax,
+                allowed: "finite non-negative number",
+            });
+        }
+        else if (observedMax !== null &&
+            typeof p99_99 === "number" &&
+            observedMax > p99_99 * marginFactor) {
+            violations.push({
+                operator_index: op.operator_index,
+                operator_type: opType,
+                stat: "max_abs",
+                observed: observedMax,
+                allowed: p99_99 * marginFactor,
+            });
+        }
+    }
+    return { ok: violations.length === 0, violations };
+}
+// ── Public entry point ──
+export function verifyBoundedTrace(trace, profile, options = {}) {
+    const now = options.now ?? new Date();
+    // 1. Trace schema version
+    const schema = trace.trace_schema_version;
+    if (schema !== "bounded_trace_v1") {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "trace_schema_unknown",
+            disclosed_operator_count: 0,
+            verified_merkle_paths: 0,
+            details: { trace_schema_version: schema },
+        };
+    }
+    // 1a. Profile / trace identity binding. The trace must declare it was
+    // produced against the same profile we're verifying it against; otherwise
+    // an attacker could pair a low-stat trace with a sibling empirical
+    // profile that happens to have lenient thresholds. Only fires when the
+    // caller has actually supplied a profile (i.e. profile.profile_id is
+    // populated); an empty profile dict falls through to checkProfile so
+    // the caller sees profile_not_found instead. Mirrors bounded_trace.py.
+    const profileProfileId = profile.profile_id;
+    const traceProfileId = trace.profile_id;
+    if (profileProfileId !== undefined &&
+        profileProfileId !== null &&
+        traceProfileId !== profileProfileId) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "profile_trace_mismatch",
+            disclosed_operator_count: 0,
+            verified_merkle_paths: 0,
+            details: {
+                trace_profile_id: traceProfileId,
+                profile_profile_id: profileProfileId,
+            },
+        };
+    }
+    // 2. Missing Merkle root
+    const claimedRoot = trace.merkle_root;
+    if (typeof claimedRoot !== "string" || !claimedRoot.startsWith("sha256:")) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "missing_merkle_root",
+            disclosed_operator_count: 0,
+            verified_merkle_paths: 0,
+            details: { merkle_root: claimedRoot },
+        };
+    }
+    // 3. Merkle inclusion — reconstruct root from disclosed operators.
+    // Matches the Python reference: if operator_count is declared and
+    // disagrees with operators.length, the trace is claiming partial
+    // disclosure, which Sprint 3+ does not yet support (no inclusion
+    // proofs). Refuse with merkle_inclusion_failed.
+    const operators = Array.isArray(trace.operators) ? trace.operators : [];
+    const declaredCount = trace.operator_count;
+    if (typeof declaredCount === "number" &&
+        Number.isInteger(declaredCount) &&
+        declaredCount !== operators.length) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "merkle_inclusion_failed",
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: 0,
+            details: {
+                declared_operator_count: declaredCount,
+                disclosed_operator_count: operators.length,
+                error: "operator_count_mismatch_without_inclusion_proofs",
+            },
+        };
+    }
+    let recomputed;
+    try {
+        recomputed = recomputeMerkleRoot(operators);
+    }
+    catch (exc) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "merkle_inclusion_failed",
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: 0,
+            details: { error: String(exc) },
+        };
+    }
+    if (recomputed !== claimedRoot) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "merkle_inclusion_failed",
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: 0,
+            details: { claimed: claimedRoot, recomputed },
+        };
+    }
+    // 4. Profile policy
+    const policy = checkProfile(profile, now);
+    if (!policy.ok) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: policy.reason,
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: operators.length,
+            details: { profile_class: profile.profile_class },
+        };
+    }
+    // 5. Runtime compatibility
+    const runtime = checkRuntime(trace, profile);
+    if (!runtime.ok) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: runtime.reason,
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: operators.length,
+            details: { trace_runtime: trace.runtime },
+        };
+    }
+    // 6. Threshold comparison
+    const thresholds = compareThresholds(trace, profile);
+    if (!thresholds.ok) {
+        return {
+            valid: false,
+            proof_level: "execution",
+            reason: "threshold_violation",
+            disclosed_operator_count: operators.length,
+            verified_merkle_paths: operators.length,
+            details: { violations: thresholds.violations },
+        };
+    }
+    return {
+        valid: true,
+        proof_level: "operator_bound",
+        reason: "thresholds_verified",
+        disclosed_operator_count: operators.length,
+        verified_merkle_paths: operators.length,
+        details: {
+            profile_id: profile.profile_id,
+            profile_class: profile.profile_class,
+        },
+    };
+}
+//# sourceMappingURL=bounded-trace.js.map

package/dist/bounded-trace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bounded-trace.js","sourceRoot":"","sources":["../src/bounded-trace.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,2EAA2E;AAE3E,MAAM,UAAU,eAAe,CAAC,CAAS;IACvC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAExB,sEAAsE;IACtE,wEAAwE;IACxE,gEAAgE;IAChE,4CAA4C;IAC5C,iBAAiB;IACjB,qEAAqE;IACrE,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;IAErB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;QACd,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAClC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;QAClC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACjD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACxE,OAAO,GAAG,QAAQ,IAAI,IAAI,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACpB,0CAA0C;QAC1C,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,KAAK,IAAI;QAAE,CAAC,GAAG,GAAG,CAAC;IACxB,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,MAAM,CAAC,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC;IACnC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,OAAO,GAAG,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAC5D,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;IACzD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACtE,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,CAAC;QAChE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,MAAM,CAAC,GAAI,GAA+B,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,OAAO,GAAG,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,oDAAoD;AAEpD,SAAS,MAAM,CAAC,KAAiB;IAC/B,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,QAAQ,CAAC,OAAmB;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACpD,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACnB,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,QAAQ,CAAC,IAAgB,EAAE,KAAiB;IACnD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAChE,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACnB,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,KAAK,CAAC,KAAiB;IAC9B,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IACD,OAAO,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAaD,uCAAuC;AAEvC,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,mBAAmB;IACnB,2BAA2B;IAC3B,uBAAuB;IACvB,iBAAiB;IACjB,iBAAiB;IACjB,6BAA6B;IAC7B,wBAAwB;IACxB,uBAAuB;IACvB,sBAAsB;IACtB,qBAAqB;IACrB,yBAAyB;IACzB,qBAAqB;IACrB,yBAAyB;IACzB,2BAA2B;IAC3B,+DAA+D;IAC/D,6DAA6D;IAC7D,8CAA8C;IAC9C,+DAA+D;IAC/D,gEAAgE;IAChE,uEAAuE;IACvE,uBAAuB;IACvB,wBAAwB;IACxB,wBAAwB;IACxB,oBAAoB;IACpB,yBAAyB;CACjB,CAAC;AAIX,kEAAkE;AAClE,+DAA+D;AAC/D,6CAA6C;AAC7C,MAAM,sBAAsB,GAAwB,IAAI,GAAG,CAAC;IAC1D,gBAAgB;IAChB,iBAAiB;IACjB,WAAW;IACX,kBAAkB;IAClB,yBAAyB;IACzB,YAAY;CACb,CAAC,CAAC;AAEH,sEAAsE;AACtE,mEAAmE;AACnE,8DAA8D;AAC9D,MAAM,0BAA0B,GAAqC;IACnE,cAAc,EAAE,uBAAuB;IACvC,eAAe,EAAE,uBAAuB;IACxC,SAAS,EAAE,uBAAuB;IAClC,gBAAgB,EAAE,wBAAwB;IAC1C,UAAU,EAAE,oBAAoB;CACjC,CAAC;AAEF,2BAA2B;AAE3B,SAAS,MAAM,CAAC,CAAU;IACxB,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,IAAI,CAAC,YAAY,IAAI;QAAE,OAAO,CAAC,CAAC;IAChC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CACnB,OAAgC,EAChC,GAAS;IAET,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC;IACzE,IAAI,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACpE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAChE,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QACnD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IAED,+DAA+D;IAC/D,qEAAqE;IACrE,sEAAsE;IACtE,0EAA0E;IAC1E,iEAAiE;IACjE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC;IAC1C,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAClD,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;QAC1D,CAAC;QACD,MAAM,SAAS,GAAG,0BAA0B,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QAC1C,CAAC;QACD,uEAAuE;IACzE,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,IAAI,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;IACzE,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACvE,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IACvE,IAAI,GAAG,KAAK,WAAW;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAE/E,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACzD,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAChD,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;QACnD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,MAAM,CAAC,CAAU;IACxB,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,OAAO,CAA4B,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnE,OAAO,MAAiC,CAAC;YAC3C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,YAAY,CACnB,KAA8B,EAC9B,OAAgC;IAEhC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,iBAAuC,CAAC;IAC/D,MAAM,GAAG,GAAG,OAAO,CAAC,SAA+B,CAAC;IACpD,MAAM,YAAY,GAAG,OAAO,CAAC,yBAAyB,CAAC;IACvD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAAyB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAEzF,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,MAAM,IAAI,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACvE,IAAI,GAAG,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACjE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IACxD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,WAAW,CAAC,sBAAsB,CAAC;IACtD,IAAI,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;YACpC,CAAC,CAAE,UAAuB;YAC1B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAqC,CAAC,CAAC;QACvD,IAAI,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACjE,IAAI,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACzE,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,mBAAmB,CAAC,SAAoB;IAC/C,MAAM,MAAM,GAAiB,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAChD,aAAa,CAAC,EAAE,CAAC,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC,CAC7C,CAAC;IACF,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAUD,SAAS,iBAAiB,CACxB,KAA8B,EAC9B,OAAgC;IAEhC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,OAAO,CAAC,SAA+B,CAAC;IACpD,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEjD,IAAI,YAAY,GAA2C,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,WAAW,CAAC,sBAAsB,CAAC;IACtD,IACE,UAAU;QACV,OAAO,UAAU,KAAK,QAAQ;QAC9B,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1B,GAAG;QACH,GAAG,IAAK,UAAsC,EAC9C,CAAC;QACD,MAAM,QAAQ,GAAI,UAAsC,CAAC,GAAG,CAAC,CAAC;QAC9D,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAI,QAAoC,CAAC,SAAS,CAAC;YAC5D,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,YAAY,GAAG,GAA6C,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,WAAW,CAAC,SAAS,CAAC;QACxC,IAAI,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5E,YAAY,GAAG,SAAmD,CAAC;QACrE,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;SAC9D,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,GAAG,GAAG,CAAC;IACvB,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAC3C,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC;QACpE,YAAY,GAAG,GAAG,GAAG,YAAY,CAAC;IACpC,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,GAAY,EAAiB,EAAE;QACrD,qEAAqE;QACrE,mEAAmE;QACnE,oEAAoE;QACpE,gEAAgE;QAChE,mEAAmE;QACnE,oDAAoD;QACpD,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACzC,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5D,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC;IAEF,MAAM,UAAU,GAAyB,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IACnE,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,MAAM,MAAM,GAAG,EAAE,CAAC,aAAa,CAAC;QAChC,MAAM,UAAU,GAAG,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3F,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,CAAC,IAAI,CAAC;gBACd,cAAc,EAAE,EAAE,CAAC,cAAc;gBACjC,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;aACnC,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;QAC3B,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;QACjC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC;QAC7B,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QAE3C,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,UAAU,CAAC,IAAI,CAAC;gBACd,cAAc,EAAE,EAAE,CAAC,cAAc;gBACjC,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;aAAM,IACL,WAAW,KAAK,IAAI;YACpB,OAAO,GAAG,KAAK,QAAQ;YACvB,WAAW,GAAG,GAAG,GAAG,YAAY,EAChC,CAAC;YACD,UAAU,CAAC,IAAI,CAAC;gBACd,cAAc,EAAE,EAAE,CAAC,cAAc;gBACjC,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,WAAW;gBACrB,OAAO,EAAE,GAAG,GAAG,YAAY;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,UAAU,CAAC,IAAI,CAAC;gBACd,cAAc,EAAE,EAAE,CAAC,cAAc;gBACjC,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;aAAM,IACL,WAAW,KAAK,IAAI;YACpB,OAAO,MAAM,KAAK,QAAQ;YAC1B,WAAW,GAAG,MAAM,GAAG,YAAY,EACnC,CAAC;YACD,UAAU,CAAC,IAAI,CAAC;gBACd,cAAc,EAAE,EAAE,CAAC,cAAc;gBACjC,aAAa,EAAE,MAAM;gBACrB,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,WAAW;gBACrB,OAAO,EAAE,MAAM,GAAG,YAAY;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,UAAU,EAAE,CAAC;AACrD,CAAC;AAED,2BAA2B;AAE3B,MAAM,UAAU,kBAAkB,CAChC,KAA8B,EAC9B,OAAgC,EAChC,UAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IAEtC,0BAA0B;IAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,oBAAoB,CAAC;IAC1C,IAAI,MAAM,KAAK,kBAAkB,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,sBAAsB;YAC9B,wBAAwB,EAAE,CAAC;YAC3B,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,EAAE,oBAAoB,EAAE,MAAM,EAAE;SAC1C,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,0EAA0E;IAC1E,mEAAmE;IACnE,uEAAuE;IACvE,qEAAqE;IACrE,qEAAqE;IACrE,uEAAuE;IACvE,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAC5C,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,CAAC;IACxC,IACE,gBAAgB,KAAK,SAAS;QAC9B,gBAAgB,KAAK,IAAI;QACzB,cAAc,KAAK,gBAAgB,EACnC,CAAC;QACD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,wBAAwB;YAChC,wBAAwB,EAAE,CAAC;YAC3B,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE;gBACP,gBAAgB,EAAE,cAAc;gBAChC,kBAAkB,EAAE,gBAAgB;aACrC;SACF,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;IACtC,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1E,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,qBAAqB;YAC7B,wBAAwB,EAAE,CAAC;YAC3B,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;SACtC,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,kEAAkE;IAClE,iEAAiE;IACjE,iEAAiE;IACjE,gDAAgD;IAChD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAE,KAAK,CAAC,SAAuB,CAAC,CAAC,CAAC,EAAE,CAAC;IACvF,MAAM,aAAa,GAAG,KAAK,CAAC,cAAc,CAAC;IAC3C,IACE,OAAO,aAAa,KAAK,QAAQ;QACjC,MAAM,CAAC,SAAS,CAAC,aAAa,CAAC;QAC/B,aAAa,KAAK,SAAS,CAAC,MAAM,EAClC,CAAC;QACD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,yBAAyB;YACjC,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE;gBACP,uBAAuB,EAAE,aAAa;gBACtC,wBAAwB,EAAE,SAAS,CAAC,MAAM;gBAC1C,KAAK,EAAE,kDAAkD;aAC1D;SACF,CAAC;IACJ,CAAC;IACD,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,yBAAyB;YACjC,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE;SAChC,CAAC;IACJ,CAAC;IACD,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,yBAAyB;YACjC,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE;SAC9C,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,SAAS,CAAC,MAAM;YACvC,OAAO,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE;SAClD,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,SAAS,CAAC,MAAM;YACvC,OAAO,EAAE,EAAE,aAAa,EAAE,KAAK,CAAC,OAAO,EAAE;SAC1C,CAAC;IACJ,CAAC;IAED,0BAA0B;IAC1B,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;QACnB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,qBAAqB;YAC7B,wBAAwB,EAAE,SAAS,CAAC,MAAM;YAC1C,qBAAqB,EAAE,SAAS,CAAC,MAAM;YACvC,OAAO,EAAE,EAAE,UAAU,EAAE,UAAU,CAAC,UAAU,EAAE;SAC/C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,WAAW,EAAE,gBAAgB;QAC7B,MAAM,EAAE,qBAAqB;QAC7B,wBAAwB,EAAE,SAAS,CAAC,MAAM;QAC1C,qBAAqB,EAAE,SAAS,CAAC,MAAM;QACvC,OAAO,EAAE;YACP,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC;KACF,CAAC;AACJ,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+/**
+ * primust-verify CLI
+ *
+ * Usage:
+ *   primust-verify vpec_<id>.json
+ *   primust-verify vpec_<id>.json --production
+ *   primust-verify vpec_<id>.json --trust-root ./my-pubkey.pem
+ *   primust-verify vpec_<id>.json --skip-network
+ *   primust-verify vpec_<id>.json --json
+ *
+ * Exit codes:
+ *   0 = valid (production)
+ *   1 = invalid / tampered
+ *   2 = valid but sandbox-only (or system error)
+ */
+export declare function main(args?: string[]): Promise<number>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;GAcG;AAoOH,wBAAsB,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAmK3D"}