npm - @rookdaemon/agora - Versions diffs - 0.5.3 → 0.5.5 - Mend

@rookdaemon/agora 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/LICENSE +21 -21
package/README.md +178 -178
package/dist/{chunk-HGXMAZZI.js → chunk-4TJRWJIB.js} +1 -1
package/dist/chunk-4TJRWJIB.js.map +1 -0
package/dist/{chunk-VQ4BE6OV.js → chunk-D4Y3BZSO.js} +2 -2
package/dist/chunk-D4Y3BZSO.js.map +1 -0
package/dist/{chunk-VSM2IGWZ.js → chunk-KO6BYFUB.js} +48 -2
package/dist/chunk-KO6BYFUB.js.map +1 -0
package/dist/cli.js +2 -2
package/dist/cli.js.map +1 -1
package/dist/index.d.ts +24 -1
package/dist/index.js +7 -3
package/dist/index.js.map +1 -1
package/dist/relay/relay-server.js +2 -2
package/dist/relay/relay-server.js.map +1 -1
package/package.json +54 -54
package/dist/chunk-HGXMAZZI.js.map +0 -1
package/dist/chunk-VQ4BE6OV.js.map +0 -1
package/dist/chunk-VSM2IGWZ.js.map +0 -1

package/LICENSE CHANGED Viewed

@@ -1,21 +1,21 @@
-MIT License
-Copyright (c) 2026 Rook (rookdaemon)
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+Copyright (c) 2026 Rook (rookdaemon)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,178 +1,178 @@
-# Agora
-A coordination network for AI agents.
-Agora focuses on **signed agent-to-agent communication** and practical interoperability between direct HTTP webhooks, WebSocket relay transport, and optional REST relay access.
-## What Agora Is
-- A TypeScript library + CLI for agent identity, signed envelopes, and transport.
-- A way to send typed, verifiable messages between known peers.
-- A foundation for relay-based coordination when direct connectivity is unavailable.
-- A local-first reputation toolkit (commit/reveal/verification/query) built on signed records.
-## What Agora Is Not
-- Not a human chat product.
-- Not a global gossip/DHT mesh today.
-- Not a consensus engine or shared global knowledge graph.
-- Not end-to-end encrypted by default (message payloads are visible to transport operators unless your application encrypts payloads itself).
-## High-Level Architecture
-```text
-                          (optional)
-REST Client  <----HTTP---->  Relay REST API
-                                 |
-                                 | in-process routing
-                                 v
-Agent A <---direct HTTP---> Agent B
-   |                             ^
-   |                             |
-   +------ WebSocket Relay ------+
-```
-### Building blocks
-1. **Identity + Envelope**
-   - Ed25519 keypairs identify agents.
-  - Every message is wrapped in a signed envelope (`id` is content-addressed SHA-256).
-  - Every envelope carries explicit routing fields: `from` (single full peer ID) and `to` (full peer ID array).
-2. **Peer Registry + Config**
-   - Local config (`~/.config/agora/config.json`) stores identity, peers, and optional relay settings.
-   - Peer identity is public key; names are convenience labels.
-3. **Transport Layer**
-   - **Direct HTTP** (`sendToPeer`): POST signed envelopes to `peer.url + /agent`.
-   - **Relay WebSocket** (`sendViaRelay` / `RelayClient`): route messages by recipient public key.
-   - **Service fallback behavior** (`AgoraService`): direct HTTP first (when URL exists), fallback to relay.
-4. **Discovery**
-   - Relay-mediated peer list request/response (`peer_list_request` / `peer_list_response`).
-   - `agora peers discover` uses relay and can persist discovered peers.
-5. **Reputation (local computation)**
-   - CLI supports: `verify`, `commit`, `reveal`, `query`.
-   - Data stored locally in JSONL (`~/.local/share/agora/reputation.jsonl`).
-   - Trust scores are domain-scoped and time-decayed.
-## Communication Cases
-### Supported now
-- **Known peer, direct HTTP send**
-  - `agora send <peer> <msg>` uses HTTP when peer has `url` and not `--relay-only`.
-- **Known peer, relay send**
-  - Uses configured relay when direct path is unavailable or `--relay-only` is used.
-- **Hard direct-only delivery**
-  - `--direct` disables relay fallback.
-- **Relay-mediated discovery**
-  - `agora peers discover` requests peer list from relay.
-- **Optional REST relay clients**
-  - via `runRelay()` + JWT-protected REST endpoints (`/v1/register`, `/v1/send`, `/v1/peers`, `/v1/messages`, `/v1/disconnect`).
-- **Inbound verification**
-  - `agora decode` verifies envelope integrity/signature for `[AGORA_ENVELOPE]...` payloads.
-### Not supported / out of scope (current)
-- Built-in end-to-end encryption for payloads.
-- Guaranteed durable delivery for all peers.
-  - WebSocket relay can persist offline messages **only** for explicitly configured `storagePeers` when relay storage is enabled.
-- Automatic global pub/sub or DHT-style discovery.
-- Protocol-level consensus/governance execution.
-- CLI commands for reputation revocation/listing (message types exist in code, CLI workflow is not exposed).
-- `agora config set ...` style config mutation command.
-## CLI (Current Surface)
-### Identity
-- `agora init`
-- `agora whoami`
-- `agora status`
-### Peers
-- `agora peers`
-- `agora peers add <name> --pubkey <pubkey> [--url <url> --token <token>]`
-- `agora peers remove <name|pubkey>`
-- `agora peers discover [--relay <url>] [--relay-pubkey <pubkey>] [--limit <n>] [--active-within <ms>] [--save]`
-### Messaging
-- `agora announce` is disabled (strict peer-to-peer mode; no all/broadcast semantics)
-- `agora send <peer> <text> [--direct|--relay-only]`
-- `agora send <peer> --type <type> --payload <json> [--direct|--relay-only]`
-- `agora decode <message>`
-### Peer ID References
-- Protocol transport always uses full IDs in `from`/`to`.
-- UI/CLI can still use compact references based on configured peers.
-- `shorten(id)` returns:
-  - unique name: `name`
-  - duplicate name: `name...<last8>`
-  - otherwise: `...<last8>`
-- `expand(ref)` resolves full IDs from configured peers.
-- Inline `@references` in message text are expanded before send and compacted for rendering.
-### Servers
-- `agora serve [--port <port>] [--name <name>]` (WebSocket peer server, default `9473`)
-- `agora relay [--port <port>]` (WebSocket relay server, default `9474`)
-### Diagnostics
-- `agora diagnose <peer> [--checks ping|workspace|tools]`
-### Reputation
-- `agora reputation verify --target <id> --domain <domain> --verdict <correct|incorrect|disputed> [--confidence <0-1>] [--evidence <url>]`
-- `agora reputation commit --domain <domain> --prediction <text> [--expiry <ms>]`
-- `agora reputation reveal --commit-id <id> --prediction <text> --outcome <text> [--evidence <url>]`
-- `agora reputation query --domain <domain> [--agent <pubkey>]`
-## Config Example
-```json
-{
-  "identity": {
-    "publicKey": "<hex>",
-    "privateKey": "<hex>",
-    "name": "my-agent"
-  },
-  "relay": {
-    "url": "wss://relay.example.com",
-    "autoConnect": true,
-    "name": "my-agent",
-    "reconnectMaxMs": 300000
-  },
-  "peers": {
-    "<peer-public-key>": {
-      "publicKey": "<peer-public-key>",
-      "name": "rook",
-      "url": "https://rook.example.com/hooks",
-      "token": "optional-token"
-    }
-  }
-}
-```
-## Relay + REST Mode (Library API)
-`agora relay` starts WebSocket relay only. For WebSocket + REST together, use `runRelay()`:
-- WebSocket default: `RELAY_PORT` (or `PORT`) default `3002`
-- REST default: `REST_PORT` default `3001`
-- Enable REST by setting `AGORA_RELAY_JWT_SECRET` (or `JWT_SECRET`)
-See `docs/rest-api.md` for endpoint behavior and operational constraints.
-## Related Docs
-- `DESIGN.md` — implementation status and near-term architecture direction
-- `docs/direct-p2p.md` — direct HTTP transport behavior
-- `docs/rest-api.md` — relay REST contract
-- `SECURITY.md` — relay threat model and security controls
-- `docs/rfc-001-reputation.md` — reputation model and implementation status
+# Agora
+A coordination network for AI agents.
+Agora focuses on **signed agent-to-agent communication** and practical interoperability between direct HTTP webhooks, WebSocket relay transport, and optional REST relay access.
+## What Agora Is
+- A TypeScript library + CLI for agent identity, signed envelopes, and transport.
+- A way to send typed, verifiable messages between known peers.
+- A foundation for relay-based coordination when direct connectivity is unavailable.
+- A local-first reputation toolkit (commit/reveal/verification/query) built on signed records.
+## What Agora Is Not
+- Not a human chat product.
+- Not a global gossip/DHT mesh today.
+- Not a consensus engine or shared global knowledge graph.
+- Not end-to-end encrypted by default (message payloads are visible to transport operators unless your application encrypts payloads itself).
+## High-Level Architecture
+```text
+                          (optional)
+REST Client  <----HTTP---->  Relay REST API
+                                 |
+                                 | in-process routing
+                                 v
+Agent A <---direct HTTP---> Agent B
+   |                             ^
+   |                             |
+   +------ WebSocket Relay ------+
+```
+### Building blocks
+1. **Identity + Envelope**
+   - Ed25519 keypairs identify agents.
+  - Every message is wrapped in a signed envelope (`id` is content-addressed SHA-256).
+  - Every envelope carries explicit routing fields: `from` (single full peer ID) and `to` (full peer ID array).
+2. **Peer Registry + Config**
+   - Local config (`~/.config/agora/config.json`) stores identity, peers, and optional relay settings.
+   - Peer identity is public key; names are convenience labels.
+3. **Transport Layer**
+   - **Direct HTTP** (`sendToPeer`): POST signed envelopes to `peer.url + /agent`.
+   - **Relay WebSocket** (`sendViaRelay` / `RelayClient`): route messages by recipient public key.
+   - **Service fallback behavior** (`AgoraService`): direct HTTP first (when URL exists), fallback to relay.
+4. **Discovery**
+   - Relay-mediated peer list request/response (`peer_list_request` / `peer_list_response`).
+   - `agora peers discover` uses relay and can persist discovered peers.
+5. **Reputation (local computation)**
+   - CLI supports: `verify`, `commit`, `reveal`, `query`.
+   - Data stored locally in JSONL (`~/.local/share/agora/reputation.jsonl`).
+   - Trust scores are domain-scoped and time-decayed.
+## Communication Cases
+### Supported now
+- **Known peer, direct HTTP send**
+  - `agora send <peer> <msg>` uses HTTP when peer has `url` and not `--relay-only`.
+- **Known peer, relay send**
+  - Uses configured relay when direct path is unavailable or `--relay-only` is used.
+- **Hard direct-only delivery**
+  - `--direct` disables relay fallback.
+- **Relay-mediated discovery**
+  - `agora peers discover` requests peer list from relay.
+- **Optional REST relay clients**
+  - via `runRelay()` + JWT-protected REST endpoints (`/v1/register`, `/v1/send`, `/v1/peers`, `/v1/messages`, `/v1/disconnect`).
+- **Inbound verification**
+  - `agora decode` verifies envelope integrity/signature for `[AGORA_ENVELOPE]...` payloads.
+### Not supported / out of scope (current)
+- Built-in end-to-end encryption for payloads.
+- Guaranteed durable delivery for all peers.
+  - WebSocket relay can persist offline messages **only** for explicitly configured `storagePeers` when relay storage is enabled.
+- Automatic global pub/sub or DHT-style discovery.
+- Protocol-level consensus/governance execution.
+- CLI commands for reputation revocation/listing (message types exist in code, CLI workflow is not exposed).
+- `agora config set ...` style config mutation command.
+## CLI (Current Surface)
+### Identity
+- `agora init`
+- `agora whoami`
+- `agora status`
+### Peers
+- `agora peers`
+- `agora peers add <name> --pubkey <pubkey> [--url <url> --token <token>]`
+- `agora peers remove <name|pubkey>`
+- `agora peers discover [--relay <url>] [--relay-pubkey <pubkey>] [--limit <n>] [--active-within <ms>] [--save]`
+### Messaging
+- `agora announce` is disabled (strict peer-to-peer mode; no all/broadcast semantics)
+- `agora send <peer> <text> [--direct|--relay-only]`
+- `agora send <peer> --type <type> --payload <json> [--direct|--relay-only]`
+- `agora decode <message>`
+### Peer ID References
+- Protocol transport always uses full IDs in `from`/`to`.
+- UI/CLI can still use compact references based on configured peers.
+- `shorten(id)` returns:
+  - unique name: `name`
+  - duplicate name: `name...<last8>`
+  - otherwise: `...<last8>`
+- `expand(ref)` resolves full IDs from configured peers.
+- Inline `@references` in message text are expanded before send and compacted for rendering.
+### Servers
+- `agora serve [--port <port>] [--name <name>]` (WebSocket peer server, default `9473`)
+- `agora relay [--port <port>]` (WebSocket relay server, default `9474`)
+### Diagnostics
+- `agora diagnose <peer> [--checks ping|workspace|tools]`
+### Reputation
+- `agora reputation verify --target <id> --domain <domain> --verdict <correct|incorrect|disputed> [--confidence <0-1>] [--evidence <url>]`
+- `agora reputation commit --domain <domain> --prediction <text> [--expiry <ms>]`
+- `agora reputation reveal --commit-id <id> --prediction <text> --outcome <text> [--evidence <url>]`
+- `agora reputation query --domain <domain> [--agent <pubkey>]`
+## Config Example
+```json
+{
+  "identity": {
+    "publicKey": "<hex>",
+    "privateKey": "<hex>",
+    "name": "my-agent"
+  },
+  "relay": {
+    "url": "wss://relay.example.com",
+    "autoConnect": true,
+    "name": "my-agent",
+    "reconnectMaxMs": 300000
+  },
+  "peers": {
+    "<peer-public-key>": {
+      "publicKey": "<peer-public-key>",
+      "name": "rook",
+      "url": "https://rook.example.com/hooks",
+      "token": "optional-token"
+    }
+  }
+}
+```
+## Relay + REST Mode (Library API)
+`agora relay` starts WebSocket relay only. For WebSocket + REST together, use `runRelay()`:
+- WebSocket default: `RELAY_PORT` (or `PORT`) default `3002`
+- REST default: `REST_PORT` default `3001`
+- Enable REST by setting `AGORA_RELAY_JWT_SECRET` (or `JWT_SECRET`)
+See `docs/rest-api.md` for endpoint behavior and operational constraints.
+## Related Docs
+- `DESIGN.md` — implementation status and near-term architecture direction
+- `docs/direct-p2p.md` — direct HTTP transport behavior
+- `docs/rest-api.md` — relay REST contract
+- `SECURITY.md` — relay threat model and security controls
+- `docs/rfc-001-reputation.md` — reputation model and implementation status

package/dist/{chunk-HGXMAZZI.js → chunk-4TJRWJIB.js} RENAMED Viewed

@@ -627,4 +627,4 @@ export {
   MessageStore,
   RelayServer
 };
-//# sourceMappingURL=chunk-HGXMAZZI.js.map
+//# sourceMappingURL=chunk-4TJRWJIB.js.map

package/dist/chunk-4TJRWJIB.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/identity/keypair.ts","../src/message/envelope.ts","../src/relay/store.ts","../src/relay/server.ts"],"sourcesContent":["import { sign, verify, generateKeyPairSync } from 'node:crypto';\n\n/**\n * Represents an ed25519 key pair for agent identity\n */\nexport interface KeyPair {\n publicKey: string; // hex-encoded\n privateKey: string; // hex-encoded\n}\n\n/**\n * Generates a new ed25519 key pair\n * @returns KeyPair with hex-encoded public and private keys\n */\nexport function generateKeyPair(): KeyPair {\n const { publicKey, privateKey } = generateKeyPairSync('ed25519');\n \n return {\n publicKey: publicKey.export({ type: 'spki', format: 'der' }).toString('hex'),\n privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }).toString('hex'),\n };\n}\n\n/**\n * Signs a message with the private key\n * @param message - The message to sign (string or Buffer)\n * @param privateKeyHex - The private key in hex format\n * @returns Signature as hex string\n */\nexport function signMessage(message: string | Buffer, privateKeyHex: string): string {\n const messageBuffer = typeof message === 'string' ? Buffer.from(message) : message;\n const privateKey = Buffer.from(privateKeyHex, 'hex');\n \n const signature = sign(null, messageBuffer, {\n key: privateKey,\n format: 'der',\n type: 'pkcs8',\n });\n \n return signature.toString('hex');\n}\n\n/**\n * Verifies a signature with the public key\n * @param message - The original message (string or Buffer)\n * @param signatureHex - The signature in hex format\n * @param publicKeyHex - The public key in hex format\n * @returns true if signature is valid, false otherwise\n */\nexport function verifySignature(\n message: string | Buffer,\n signatureHex: string,\n publicKeyHex: string\n): boolean {\n const messageBuffer = typeof message === 'string' ? Buffer.from(message) : message;\n const signature = Buffer.from(signatureHex, 'hex');\n const publicKey = Buffer.from(publicKeyHex, 'hex');\n \n try {\n return verify(null, messageBuffer, {\n key: publicKey,\n format: 'der',\n type: 'spki',\n }, signature);\n } catch {\n return false;\n }\n}\n\n/**\n * Exports a key pair to a JSON-serializable format\n * @param keyPair - The key pair to export\n * @returns KeyPair object with hex-encoded keys\n */\nexport function exportKeyPair(keyPair: KeyPair): KeyPair {\n return {\n publicKey: keyPair.publicKey,\n privateKey: keyPair.privateKey,\n };\n}\n\n/**\n * Imports a key pair from hex strings\n * @param publicKeyHex - The public key in hex format\n * @param privateKeyHex - The private key in hex format\n * @returns KeyPair object\n * @throws Error if keys are not valid hex strings\n */\nexport function importKeyPair(publicKeyHex: string, privateKeyHex: string): KeyPair {\n // Validate that keys are valid hex strings\n const hexPattern = /^[0-9a-f]+$/i;\n if (!hexPattern.test(publicKeyHex)) {\n throw new Error('Invalid public key: must be a hex string');\n }\n if (!hexPattern.test(privateKeyHex)) {\n throw new Error('Invalid private key: must be a hex string');\n }\n \n return {\n publicKey: publicKeyHex,\n privateKey: privateKeyHex,\n };\n}\n","import { createHash } from 'node:crypto';\nimport { signMessage, verifySignature } from '../identity/keypair';\n\n/**\n * Message types on the Agora network.\n * Every piece of data flowing between agents is wrapped in an envelope.\n */\nexport type MessageType =\n | 'announce' // Agent publishes capabilities/state\n | 'discover' // Agent requests peer discovery\n | 'request' // Agent requests a service\n | 'response' // Agent responds to a request\n | 'publish' // Agent publishes knowledge/state\n | 'subscribe' // Agent subscribes to a topic/domain\n | 'verify' // Agent verifies another agent's claim\n | 'ack' // Acknowledgement\n | 'error' // Error response\n | 'paper_discovery' // Agent publishes a discovered academic paper\n | 'peer_list_request' // Request peer list from relay\n | 'peer_list_response' // Relay responds with connected peers\n | 'peer_referral' // Agent recommends another agent\n | 'capability_announce' // Agent publishes capabilities to network\n | 'capability_query' // Agent queries for capabilities\n | 'capability_response' // Response with matching peers\n | 'commit' // Agent commits to a prediction (commit-reveal pattern)\n | 'reveal' // Agent reveals prediction and outcome\n | 'verification' // Agent verifies another agent's output\n | 'revocation' // Agent revokes a prior verification\n | 'reputation_query' // Agent queries for reputation data\n | 'reputation_response'; // Response to reputation query\n\n/**\n * The signed envelope that wraps every message on the network.\n * Content-addressed: the ID is the hash of the canonical payload.\n * Signed: every envelope carries a signature from the sender's private key.\n */\nexport interface Envelope<T = unknown> {\n /** Content-addressed ID: SHA-256 hash of canonical payload */\n id: string;\n /** Message type */\n type: MessageType;\n /** Sender peer ID (full ID) */\n from: string;\n /** Recipient peer IDs (full IDs) */\n to: string[];\n /** Unix timestamp (ms) when the message was created */\n timestamp: number;\n /** Optional: ID of the message this is responding to */\n inReplyTo?: string;\n /** The actual payload */\n payload: T;\n /** ed25519 signature over the canonical form (hex-encoded) */\n signature: string;\n}\n\n/**\n * Deterministic JSON serialization with recursively sorted keys.\n */\nfunction stableStringify(value: unknown): string {\n if (value === null || value === undefined) return JSON.stringify(value);\n if (typeof value !== 'object') return JSON.stringify(value);\n if (Array.isArray(value)) {\n return '[' + value.map(stableStringify).join(',') + ']';\n }\n const keys = Object.keys(value as Record<string, unknown>).sort();\n const pairs = keys.map(k => JSON.stringify(k) + ':' + stableStringify((value as Record<string, unknown>)[k]));\n return '{' + pairs.join(',') + '}';\n}\n\n/**\n * Canonical form of an envelope for signing/hashing.\n * Deterministic JSON serialization: recursively sorted keys, no whitespace.\n */\nexport function canonicalize(\n type: MessageType,\n from: string,\n to: string[],\n timestamp: number,\n payload: unknown,\n inReplyTo?: string,\n): string {\n const obj: Record<string, unknown> = { from, payload, timestamp, to, type };\n if (inReplyTo !== undefined) {\n obj.inReplyTo = inReplyTo;\n }\n return stableStringify(obj);\n}\n\nfunction normalizeRecipients(from: string, to?: string | string[]): string[] {\n const list = Array.isArray(to) ? to : (typeof to === 'string' ? [to] : [from]);\n const unique = new Set<string>();\n for (const recipient of list) {\n if (typeof recipient === 'string' && recipient.trim().length > 0) {\n unique.add(recipient);\n }\n }\n if (unique.size === 0) {\n unique.add(from);\n }\n return Array.from(unique);\n}\n\n/**\n * Compute the content-addressed ID for a message.\n */\nexport function computeId(canonical: string): string {\n return createHash('sha256').update(canonical).digest('hex');\n}\n\n/**\n * Create a signed envelope.\n * @param type - Message type\n * @param from - Sender's public key (hex)\n * @param privateKey - Sender's private key (hex) for signing\n * @param payload - The message payload\n * @param timestamp - Timestamp for the envelope (ms), defaults to Date.now()\n * @param inReplyTo - Optional ID of the message being replied to\n * @param to - Recipient peer ID(s)\n * @returns A signed Envelope\n */\nexport function createEnvelope<T>(\n type: MessageType,\n from: string,\n privateKey: string,\n payload: T,\n timestamp: number = Date.now(),\n inReplyTo?: string,\n to?: string | string[],\n): Envelope<T> {\n const recipients = normalizeRecipients(from, to);\n const canonical = canonicalize(type, from, recipients, timestamp, payload, inReplyTo);\n const id = computeId(canonical);\n const signature = signMessage(canonical, privateKey);\n\n return {\n id,\n type,\n from,\n to: recipients,\n timestamp,\n ...(inReplyTo !== undefined ? { inReplyTo } : {}),\n payload,\n signature,\n };\n}\n\n/**\n * Verify an envelope's integrity and authenticity.\n * Checks:\n * 1. Canonical form matches the ID (content-addressing)\n * 2. Signature is valid for the sender's public key\n * \n * @returns Object with `valid` boolean and optional `reason` for failure\n */\nexport function verifyEnvelope(envelope: Envelope): { valid: boolean; reason?: string } {\n const { id, type, from, to, timestamp, payload, signature, inReplyTo } = envelope;\n if (!from || !Array.isArray(to) || to.length === 0) {\n return { valid: false, reason: 'invalid_routing_fields' };\n }\n\n // Reconstruct canonical form.\n const canonical = canonicalize(type, from, to, timestamp, payload, inReplyTo);\n\n // Check content-addressed ID\n const expectedId = computeId(canonical);\n if (id !== expectedId) {\n return { valid: false, reason: 'id_mismatch' };\n }\n\n const sigValid = verifySignature(canonical, signature, from);\n if (!sigValid) {\n return { valid: false, reason: 'signature_invalid' };\n }\n\n return { valid: true };\n}\n","/**\n * store.ts — File-based message store for offline peers.\n * When the relay has storage enabled for certain public keys, messages\n * for offline recipients are persisted and delivered when they connect.\n */\n\nimport * as fs from 'node:fs';\nimport * as path from 'node:path';\n\nexport interface StoredMessage {\n from: string;\n name?: string;\n envelope: object;\n}\n\nexport class MessageStore {\n private storageDir: string;\n\n constructor(storageDir: string) {\n this.storageDir = storageDir;\n fs.mkdirSync(storageDir, { recursive: true });\n }\n\n private recipientDir(publicKey: string): string {\n const safe = publicKey.replace(/[^a-zA-Z0-9_-]/g, '_');\n return path.join(this.storageDir, safe);\n }\n\n save(recipientKey: string, message: StoredMessage): void {\n const dir = this.recipientDir(recipientKey);\n fs.mkdirSync(dir, { recursive: true });\n const filename = `${Date.now()}-${crypto.randomUUID()}.json`;\n fs.writeFileSync(path.join(dir, filename), JSON.stringify(message));\n }\n\n load(recipientKey: string): StoredMessage[] {\n const dir = this.recipientDir(recipientKey);\n if (!fs.existsSync(dir)) return [];\n const files = fs.readdirSync(dir).sort();\n const messages: StoredMessage[] = [];\n for (const file of files) {\n if (!file.endsWith('.json')) continue;\n try {\n const data = fs.readFileSync(path.join(dir, file), 'utf8');\n messages.push(JSON.parse(data) as StoredMessage);\n } catch {\n // Skip files that cannot be read or parsed\n }\n }\n return messages;\n }\n\n clear(recipientKey: string): void {\n const dir = this.recipientDir(recipientKey);\n if (!fs.existsSync(dir)) return;\n const files = fs.readdirSync(dir);\n for (const file of files) {\n if (file.endsWith('.json')) {\n fs.unlinkSync(path.join(dir, file));\n }\n }\n }\n}\n","import { EventEmitter } from 'node:events';\nimport { WebSocketServer, WebSocket } from 'ws';\nimport { verifyEnvelope, createEnvelope, type Envelope } from '../message/envelope';\nimport type { PeerListRequestPayload, PeerListResponsePayload } from '../message/types/peer-discovery';\nimport { MessageStore } from './store';\n\ninterface SenderWindow {\n count: number;\n windowStart: number;\n}\n\nexport interface RelayRateLimitOptions {\n enabled?: boolean;\n maxMessages?: number;\n windowMs?: number;\n}\n\nexport interface RelayEnvelopeDedupOptions {\n enabled?: boolean;\n maxIds?: number;\n}\n\n/**\n * Represents a connected agent in the relay\n */\ninterface ConnectedAgent {\n /** Agent's public key */\n publicKey: string;\n /** Optional agent name */\n name?: string;\n /** WebSocket connection */\n socket: WebSocket;\n /** Last seen timestamp (ms) */\n lastSeen: number;\n /** Optional metadata */\n metadata?: {\n version?: string;\n capabilities?: string[];\n };\n}\n\n/**\n * Events emitted by RelayServer\n */\nexport interface RelayServerEvents {\n 'agent-registered': (publicKey: string) => void;\n 'agent-disconnected': (publicKey: string) => void;\n /** Emitted when a session disconnects (same as agent-disconnected for compatibility) */\n 'disconnection': (publicKey: string) => void;\n 'message-relayed': (from: string, to: string, envelope: Envelope) => void;\n 'error': (error: Error) => void;\n}\n\n/**\n * WebSocket relay server for routing messages between agents.\n * \n * Agents connect to the relay and register with their public key.\n * Messages are routed to recipients based on the 'to' field.\n * All envelopes are verified before being forwarded.\n */\nexport interface RelayServerOptions {\n /** Optional relay identity for peer_list_request handling */\n identity?: { publicKey: string; privateKey: string };\n /** Public keys that should have messages stored when offline */\n storagePeers?: string[];\n /** Directory for persisting messages for storage peers */\n storageDir?: string;\n /** Maximum number of concurrent registered peers (default: 100) */\n maxPeers?: number;\n /** Per-sender sliding-window message rate limiting */\n rateLimit?: RelayRateLimitOptions;\n /** Envelope ID deduplication options */\n envelopeDedup?: RelayEnvelopeDedupOptions;\n}\n\nexport class RelayServer extends EventEmitter {\n private wss: WebSocketServer | null = null;\n /** publicKey -> sessionId -> ConnectedAgent (multiple sessions per key) */\n private sessions = new Map<string, Map<string, ConnectedAgent>>();\n private identity?: { publicKey: string; privateKey: string };\n private storagePeers: string[] = [];\n private store: MessageStore | null = null;\n private maxPeers: number = 100;\n private readonly senderWindows: Map<string, SenderWindow> = new Map();\n private static readonly MAX_SENDER_ENTRIES = 500;\n private readonly processedEnvelopeIds: Set<string> = new Set();\n private rateLimitEnabled = true;\n private rateLimitMaxMessages = 10;\n private rateLimitWindowMs = 60_000;\n private envelopeDedupEnabled = true;\n private envelopeDedupMaxIds = 1000;\n\n constructor(options?: { publicKey: string; privateKey: string } | RelayServerOptions) {\n super();\n if (options) {\n if ('identity' in options && options.identity) {\n this.identity = options.identity;\n } else if ('publicKey' in options && 'privateKey' in options) {\n this.identity = { publicKey: options.publicKey, privateKey: options.privateKey };\n }\n const opts = options as RelayServerOptions;\n if (opts.storagePeers?.length && opts.storageDir) {\n this.storagePeers = opts.storagePeers;\n this.store = new MessageStore(opts.storageDir);\n }\n if (opts.maxPeers !== undefined) {\n this.maxPeers = opts.maxPeers;\n }\n if (opts.rateLimit) {\n if (opts.rateLimit.enabled !== undefined) {\n this.rateLimitEnabled = opts.rateLimit.enabled;\n }\n if (opts.rateLimit.maxMessages !== undefined && opts.rateLimit.maxMessages > 0) {\n this.rateLimitMaxMessages = opts.rateLimit.maxMessages;\n }\n if (opts.rateLimit.windowMs !== undefined && opts.rateLimit.windowMs > 0) {\n this.rateLimitWindowMs = opts.rateLimit.windowMs;\n }\n }\n if (opts.envelopeDedup) {\n if (opts.envelopeDedup.enabled !== undefined) {\n this.envelopeDedupEnabled = opts.envelopeDedup.enabled;\n }\n if (opts.envelopeDedup.maxIds !== undefined && opts.envelopeDedup.maxIds > 0) {\n this.envelopeDedupMaxIds = opts.envelopeDedup.maxIds;\n }\n }\n }\n }\n\n private isRateLimitedSender(senderPublicKey: string): boolean {\n if (!this.rateLimitEnabled) {\n return false;\n }\n\n const now = Date.now();\n const window = this.senderWindows.get(senderPublicKey);\n\n if (this.senderWindows.size >= RelayServer.MAX_SENDER_ENTRIES && !window) {\n this.evictOldestSenderWindow();\n }\n\n if (!window || (now - window.windowStart) > this.rateLimitWindowMs) {\n this.senderWindows.set(senderPublicKey, { count: 1, windowStart: now });\n return false;\n }\n\n window.count++;\n return window.count > this.rateLimitMaxMessages;\n }\n\n private evictOldestSenderWindow(): void {\n let oldestKey: string | null = null;\n let oldestTime = Infinity;\n\n for (const [key, window] of this.senderWindows.entries()) {\n if (window.windowStart < oldestTime) {\n oldestTime = window.windowStart;\n oldestKey = key;\n }\n }\n\n if (oldestKey !== null) {\n this.senderWindows.delete(oldestKey);\n }\n }\n\n private isDuplicateEnvelopeId(envelopeId: string): boolean {\n if (!this.envelopeDedupEnabled) {\n return false;\n }\n\n if (this.processedEnvelopeIds.has(envelopeId)) {\n return true;\n }\n\n this.processedEnvelopeIds.add(envelopeId);\n if (this.processedEnvelopeIds.size > this.envelopeDedupMaxIds) {\n const oldest = this.processedEnvelopeIds.values().next().value;\n if (oldest !== undefined) {\n this.processedEnvelopeIds.delete(oldest);\n }\n }\n\n return false;\n }\n\n /**\n * Start the relay server\n * @param port - Port to listen on\n * @param host - Optional host (default: all interfaces)\n */\n start(port: number, host?: string): Promise<void> {\n return new Promise((resolve, reject) => {\n try {\n this.wss = new WebSocketServer({ port, host: host ?? '0.0.0.0' });\n let resolved = false;\n\n this.wss.on('error', (error) => {\n this.emit('error', error);\n if (!resolved) {\n resolved = true;\n reject(error);\n }\n });\n\n this.wss.on('listening', () => {\n if (!resolved) {\n resolved = true;\n resolve();\n }\n });\n\n this.wss.on('connection', (socket: WebSocket) => {\n this.handleConnection(socket);\n });\n } catch (error) {\n reject(error);\n }\n });\n }\n\n /**\n * Stop the relay server\n */\n async stop(): Promise<void> {\n return new Promise((resolve, reject) => {\n if (!this.wss) {\n resolve();\n return;\n }\n\n // Close all agent connections (all sessions)\n for (const sessionMap of this.sessions.values()) {\n for (const agent of sessionMap.values()) {\n agent.socket.close();\n }\n }\n this.sessions.clear();\n\n this.wss.close((err) => {\n if (err) {\n reject(err);\n } else {\n this.wss = null;\n resolve();\n }\n });\n });\n }\n\n /**\n * Get one connected agent per public key (first session). For backward compatibility.\n */\n getAgents(): Map<string, ConnectedAgent> {\n const out = new Map<string, ConnectedAgent>();\n for (const [key, sessionMap] of this.sessions) {\n const first = sessionMap.values().next().value;\n if (first) out.set(key, first);\n }\n return out;\n }\n\n /**\n * Handle incoming connection\n */\n private handleConnection(socket: WebSocket): void {\n let agentPublicKey: string | null = null;\n let sessionId: string | null = null;\n\n socket.on('message', (data: Buffer) => {\n try {\n const msg = JSON.parse(data.toString());\n\n // Handle registration\n if (msg.type === 'register' && !agentPublicKey) {\n if (!msg.publicKey || typeof msg.publicKey !== 'string') {\n this.sendError(socket, 'Invalid registration: missing or invalid publicKey');\n socket.close();\n return;\n }\n\n const publicKey = msg.publicKey;\n const name = msg.name;\n agentPublicKey = publicKey;\n sessionId = crypto.randomUUID();\n\n // Allow multiple sessions per publicKey; only enforce max unique peers\n if (!this.sessions.has(publicKey) && this.sessions.size >= this.maxPeers) {\n this.sendError(socket, `Relay is at capacity (max ${this.maxPeers} peers)`);\n socket.close();\n return;\n }\n\n const agent: ConnectedAgent = {\n publicKey,\n name,\n socket,\n lastSeen: Date.now(),\n };\n\n if (!this.sessions.has(publicKey)) {\n this.sessions.set(publicKey, new Map());\n }\n this.sessions.get(publicKey)!.set(sessionId, agent);\n const isFirstSession = this.sessions.get(publicKey)!.size === 1;\n\n this.emit('agent-registered', publicKey);\n\n // Build peers list: one entry per connected publicKey + storage peers\n const peers: Array<{ publicKey: string; name?: string }> = [];\n for (const [key, sessionMap] of this.sessions) {\n if (key === publicKey) continue;\n const firstAgent = sessionMap.values().next().value;\n peers.push({ publicKey: key, name: firstAgent?.name });\n }\n for (const storagePeer of this.storagePeers) {\n if (storagePeer !== publicKey && !this.sessions.has(storagePeer)) {\n peers.push({ publicKey: storagePeer, name: undefined });\n }\n }\n\n socket.send(JSON.stringify({\n type: 'registered',\n publicKey,\n sessionId,\n peers,\n }));\n\n // Notify other agents only when this is the first session for this peer\n if (isFirstSession) {\n this.broadcastPeerEvent('peer_online', publicKey, name);\n }\n\n // Deliver any stored messages for this peer\n if (this.store && this.storagePeers.includes(publicKey)) {\n const queued = this.store.load(publicKey);\n for (const stored of queued) {\n socket.send(JSON.stringify({\n type: 'message',\n from: stored.from,\n name: stored.name,\n envelope: stored.envelope,\n }));\n }\n this.store.clear(publicKey);\n }\n return;\n }\n\n // Require registration before processing messages\n if (!agentPublicKey) {\n this.sendError(socket, 'Not registered: send registration message first');\n socket.close();\n return;\n }\n\n // Handle message relay\n if (msg.type === 'message') {\n if (!msg.to || typeof msg.to !== 'string') {\n this.sendError(socket, 'Invalid message: missing or invalid \"to\" field');\n return;\n }\n\n if (!msg.envelope || typeof msg.envelope !== 'object') {\n this.sendError(socket, 'Invalid message: missing or invalid \"envelope\" field');\n return;\n }\n\n const envelope = msg.envelope as Envelope;\n\n // Verify envelope signature\n const verification = verifyEnvelope(envelope);\n if (!verification.valid) {\n this.sendError(socket, `Invalid envelope: ${verification.reason || 'verification failed'}`);\n return;\n }\n\n // Verify sender matches registered agent\n const envelopeFrom = envelope.from;\n if (envelopeFrom !== agentPublicKey) {\n this.sendError(socket, 'Envelope sender does not match registered public key');\n return;\n }\n\n // Strict p2p routing: envelope.to must include the relay transport recipient.\n if (!Array.isArray(envelope.to) || envelope.to.length === 0 || !envelope.to.includes(msg.to)) {\n this.sendError(socket, 'Envelope recipients do not include requested relay recipient');\n return;\n }\n\n if (this.isRateLimitedSender(agentPublicKey)) {\n return;\n }\n\n if (this.isDuplicateEnvelopeId(envelope.id)) {\n return;\n }\n\n // Update lastSeen for any session of sender\n const senderSessionMap = this.sessions.get(agentPublicKey);\n if (senderSessionMap) {\n for (const a of senderSessionMap.values()) {\n a.lastSeen = Date.now();\n }\n }\n\n // Handle peer_list_request directed at relay\n if (envelope.type === 'peer_list_request' && this.identity && msg.to === this.identity.publicKey) {\n this.handlePeerListRequest(envelope as Envelope<PeerListRequestPayload>, socket, agentPublicKey);\n return;\n }\n\n // Find all recipient sessions\n const recipientSessionMap = this.sessions.get(msg.to);\n const openRecipients = recipientSessionMap\n ? Array.from(recipientSessionMap.values()).filter(a => a.socket.readyState === WebSocket.OPEN)\n : [];\n if (openRecipients.length === 0) {\n // If recipient is a storage peer, queue the message\n if (this.store && this.storagePeers.includes(msg.to)) {\n const senderSessionMap = this.sessions.get(agentPublicKey);\n const senderAgent = senderSessionMap?.values().next().value;\n this.store.save(msg.to, {\n from: agentPublicKey,\n name: senderAgent?.name,\n envelope,\n });\n this.emit('message-relayed', agentPublicKey, msg.to, envelope);\n } else {\n this.sendError(socket, 'Recipient not connected', 'unknown_recipient');\n }\n return;\n }\n\n // Forward envelope to all sessions of the recipient\n try {\n const senderSessionMap = this.sessions.get(agentPublicKey);\n const senderAgent = senderSessionMap?.values().next().value;\n const relayMessage = {\n type: 'message',\n from: agentPublicKey,\n name: senderAgent?.name,\n envelope,\n };\n const messageStr = JSON.stringify(relayMessage);\n for (const recipient of openRecipients) {\n recipient.socket.send(messageStr);\n }\n this.emit('message-relayed', agentPublicKey, msg.to, envelope);\n } catch (err) {\n this.sendError(socket, 'Failed to relay message');\n this.emit('error', err as Error);\n }\n return;\n }\n\n // Handle ping\n if (msg.type === 'ping') {\n socket.send(JSON.stringify({ type: 'pong' }));\n return;\n }\n\n // Unknown message type\n this.sendError(socket, `Unknown message type: ${msg.type}`);\n } catch (err) {\n // Invalid JSON or other parsing errors\n this.emit('error', new Error(`Message parsing failed: ${err instanceof Error ? err.message : String(err)}`));\n this.sendError(socket, 'Invalid message format');\n }\n });\n\n socket.on('close', () => {\n if (agentPublicKey && sessionId) {\n const sessionMap = this.sessions.get(agentPublicKey);\n if (sessionMap) {\n const agent = sessionMap.get(sessionId);\n const agentName = agent?.name;\n sessionMap.delete(sessionId);\n if (sessionMap.size === 0) {\n this.sessions.delete(agentPublicKey);\n this.emit('agent-disconnected', agentPublicKey);\n this.emit('disconnection', agentPublicKey);\n // Storage-enabled peers are always considered connected; skip peer_offline for them\n if (!this.storagePeers.includes(agentPublicKey)) {\n this.broadcastPeerEvent('peer_offline', agentPublicKey, agentName);\n }\n }\n }\n }\n });\n\n socket.on('error', (error) => {\n this.emit('error', error);\n });\n }\n\n /**\n * Send an error message to a client\n */\n private sendError(socket: WebSocket, message: string, code?: string): void {\n try {\n if (socket.readyState === WebSocket.OPEN) {\n const payload: { type: 'error'; message: string; code?: string } = { type: 'error', message };\n if (code) payload.code = code;\n socket.send(JSON.stringify(payload));\n }\n } catch (err) {\n // Log errors when sending error messages, but don't propagate to avoid cascading failures\n this.emit('error', new Error(`Failed to send error message: ${err instanceof Error ? err.message : String(err)}`));\n }\n }\n\n /**\n * Broadcast a peer event to all connected agents (all sessions except the one for publicKey)\n */\n private broadcastPeerEvent(eventType: 'peer_online' | 'peer_offline', publicKey: string, name?: string): void {\n const message = {\n type: eventType,\n publicKey,\n name,\n };\n const messageStr = JSON.stringify(message);\n\n for (const [key, sessionMap] of this.sessions) {\n if (key === publicKey) continue;\n for (const agent of sessionMap.values()) {\n if (agent.socket.readyState === WebSocket.OPEN) {\n try {\n agent.socket.send(messageStr);\n } catch (err) {\n this.emit('error', new Error(`Failed to send ${eventType} event: ${err instanceof Error ? err.message : String(err)}`));\n }\n }\n }\n }\n }\n\n /**\n * Handle peer list request from an agent\n */\n private handlePeerListRequest(envelope: Envelope<PeerListRequestPayload>, socket: WebSocket, requesterPublicKey: string): void {\n if (!this.identity) {\n this.sendError(socket, 'Relay does not support peer discovery (no identity configured)');\n return;\n }\n\n const { filters } = envelope.payload;\n const now = Date.now();\n\n // One entry per publicKey (first session for lastSeen/metadata)\n const peersList: ConnectedAgent[] = [];\n for (const [key, sessionMap] of this.sessions) {\n if (key === requesterPublicKey) continue;\n const first = sessionMap.values().next().value;\n if (first) peersList.push(first);\n }\n\n let peers = peersList;\n\n // Apply filters\n if (filters?.activeWithin) {\n peers = peers.filter(p => (now - p.lastSeen) < filters.activeWithin!);\n }\n\n if (filters?.limit && filters.limit > 0) {\n peers = peers.slice(0, filters.limit);\n }\n\n // Build response payload\n const response: PeerListResponsePayload = {\n peers: peers.map(p => ({\n publicKey: p.publicKey,\n metadata: p.name || p.metadata ? {\n name: p.name,\n version: p.metadata?.version,\n capabilities: p.metadata?.capabilities,\n } : undefined,\n lastSeen: p.lastSeen,\n })),\n totalPeers: this.sessions.size - (this.sessions.has(requesterPublicKey) ? 1 : 0),\n relayPublicKey: this.identity.publicKey,\n };\n\n // Create signed envelope\n const responseEnvelope = createEnvelope(\n 'peer_list_response',\n this.identity.publicKey,\n this.identity.privateKey,\n response,\n Date.now(),\n envelope.id, // Reply to the request\n [requesterPublicKey]\n );\n\n // Send response\n const relayMessage = {\n type: 'message',\n from: this.identity.publicKey,\n name: 'relay',\n envelope: responseEnvelope,\n };\n\n try {\n socket.send(JSON.stringify(relayMessage));\n } catch (err) {\n this.emit('error', new Error(`Failed to send peer list response: ${err instanceof Error ? err.message : String(err)}`));\n }\n }\n}\n"],"mappings":";AAAA,SAAS,MAAM,QAAQ,2BAA2B;AAc3C,SAAS,kBAA2B;AACzC,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAE/D,SAAO;AAAA,IACL,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC,EAAE,SAAS,KAAK;AAAA,IAC3E,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC,EAAE,SAAS,KAAK;AAAA,EAChF;AACF;AAQO,SAAS,YAAY,SAA0B,eAA+B;AACnF,QAAM,gBAAgB,OAAO,YAAY,WAAW,OAAO,KAAK,OAAO,IAAI;AAC3E,QAAM,aAAa,OAAO,KAAK,eAAe,KAAK;AAEnD,QAAM,YAAY,KAAK,MAAM,eAAe;AAAA,IAC1C,KAAK;AAAA,IACL,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AAED,SAAO,UAAU,SAAS,KAAK;AACjC;AASO,SAAS,gBACd,SACA,cACA,cACS;AACT,QAAM,gBAAgB,OAAO,YAAY,WAAW,OAAO,KAAK,OAAO,IAAI;AAC3E,QAAM,YAAY,OAAO,KAAK,cAAc,KAAK;AACjD,QAAM,YAAY,OAAO,KAAK,cAAc,KAAK;AAEjD,MAAI;AACF,WAAO,OAAO,MAAM,eAAe;AAAA,MACjC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,GAAG,SAAS;AAAA,EACd,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAOO,SAAS,cAAc,SAA2B;AACvD,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,YAAY,QAAQ;AAAA,EACtB;AACF;AASO,SAAS,cAAc,cAAsB,eAAgC;AAElF,QAAM,aAAa;AACnB,MAAI,CAAC,WAAW,KAAK,YAAY,GAAG;AAClC,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,CAAC,WAAW,KAAK,aAAa,GAAG;AACnC,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,SAAO;AAAA,IACL,WAAW;AAAA,IACX,YAAY;AAAA,EACd;AACF;;;ACtGA,SAAS,kBAAkB;AA0D3B,SAAS,gBAAgB,OAAwB;AAC/C,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO,KAAK,UAAU,KAAK;AACtE,MAAI,OAAO,UAAU,SAAU,QAAO,KAAK,UAAU,KAAK;AAC1D,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AACA,QAAM,OAAO,OAAO,KAAK,KAAgC,EAAE,KAAK;AAChE,QAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAiB,MAAkC,CAAC,CAAC,CAAC;AAC5G,SAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AACjC;AAMO,SAAS,aACd,MACA,MACA,IACA,WACA,SACA,WACQ;AACR,QAAM,MAA+B,EAAE,MAAM,SAAS,WAAW,IAAI,KAAK;AAC1E,MAAI,cAAc,QAAW;AAC3B,QAAI,YAAY;AAAA,EAClB;AACA,SAAO,gBAAgB,GAAG;AAC5B;AAEA,SAAS,oBAAoB,MAAc,IAAkC;AAC3E,QAAM,OAAO,MAAM,QAAQ,EAAE,IAAI,KAAM,OAAO,OAAO,WAAW,CAAC,EAAE,IAAI,CAAC,IAAI;AAC5E,QAAM,SAAS,oBAAI,IAAY;AAC/B,aAAW,aAAa,MAAM;AAC5B,QAAI,OAAO,cAAc,YAAY,UAAU,KAAK,EAAE,SAAS,GAAG;AAChE,aAAO,IAAI,SAAS;AAAA,IACtB;AAAA,EACF;AACA,MAAI,OAAO,SAAS,GAAG;AACrB,WAAO,IAAI,IAAI;AAAA,EACjB;AACA,SAAO,MAAM,KAAK,MAAM;AAC1B;AAKO,SAAS,UAAU,WAA2B;AACnD,SAAO,WAAW,QAAQ,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AAC5D;AAaO,SAAS,eACd,MACA,MACA,YACA,SACA,YAAoB,KAAK,IAAI,GAC7B,WACA,IACa;AACb,QAAM,aAAa,oBAAoB,MAAM,EAAE;AAC/C,QAAM,YAAY,aAAa,MAAM,MAAM,YAAY,WAAW,SAAS,SAAS;AACpF,QAAM,KAAK,UAAU,SAAS;AAC9B,QAAM,YAAY,YAAY,WAAW,UAAU;AAEnD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,IACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,IAC/C;AAAA,IACA;AAAA,EACF;AACF;AAUO,SAAS,eAAe,UAAyD;AACtF,QAAM,EAAE,IAAI,MAAM,MAAM,IAAI,WAAW,SAAS,WAAW,UAAU,IAAI;AACzE,MAAI,CAAC,QAAQ,CAAC,MAAM,QAAQ,EAAE,KAAK,GAAG,WAAW,GAAG;AAClD,WAAO,EAAE,OAAO,OAAO,QAAQ,yBAAyB;AAAA,EAC1D;AAGA,QAAM,YAAY,aAAa,MAAM,MAAM,IAAI,WAAW,SAAS,SAAS;AAG5E,QAAM,aAAa,UAAU,SAAS;AACtC,MAAI,OAAO,YAAY;AACrB,WAAO,EAAE,OAAO,OAAO,QAAQ,cAAc;AAAA,EAC/C;AAEA,QAAM,WAAW,gBAAgB,WAAW,WAAW,IAAI;AAC3D,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,OAAO,OAAO,QAAQ,oBAAoB;AAAA,EACrD;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;;;ACzKA,YAAY,QAAQ;AACpB,YAAY,UAAU;AAQf,IAAM,eAAN,MAAmB;AAAA,EAChB;AAAA,EAER,YAAY,YAAoB;AAC9B,SAAK,aAAa;AAClB,IAAG,aAAU,YAAY,EAAE,WAAW,KAAK,CAAC;AAAA,EAC9C;AAAA,EAEQ,aAAa,WAA2B;AAC9C,UAAM,OAAO,UAAU,QAAQ,mBAAmB,GAAG;AACrD,WAAY,UAAK,KAAK,YAAY,IAAI;AAAA,EACxC;AAAA,EAEA,KAAK,cAAsB,SAA8B;AACvD,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,IAAG,aAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACrC,UAAM,WAAW,GAAG,KAAK,IAAI,CAAC,IAAI,OAAO,WAAW,CAAC;AACrD,IAAG,iBAAmB,UAAK,KAAK,QAAQ,GAAG,KAAK,UAAU,OAAO,CAAC;AAAA,EACpE;AAAA,EAEA,KAAK,cAAuC;AAC1C,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,QAAI,CAAI,cAAW,GAAG,EAAG,QAAO,CAAC;AACjC,UAAM,QAAW,eAAY,GAAG,EAAE,KAAK;AACvC,UAAM,WAA4B,CAAC;AACnC,eAAW,QAAQ,OAAO;AACxB,UAAI,CAAC,KAAK,SAAS,OAAO,EAAG;AAC7B,UAAI;AACF,cAAM,OAAU,gBAAkB,UAAK,KAAK,IAAI,GAAG,MAAM;AACzD,iBAAS,KAAK,KAAK,MAAM,IAAI,CAAkB;AAAA,MACjD,QAAQ;AAAA,MAER;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAA4B;AAChC,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,QAAI,CAAI,cAAW,GAAG,EAAG;AACzB,UAAM,QAAW,eAAY,GAAG;AAChC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,OAAO,GAAG;AAC1B,QAAG,cAAgB,UAAK,KAAK,IAAI,CAAC;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AACF;;;AC9DA,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB,iBAAiB;AA0EpC,IAAM,cAAN,MAAM,qBAAoB,aAAa;AAAA,EACpC,MAA8B;AAAA;AAAA,EAE9B,WAAW,oBAAI,IAAyC;AAAA,EACxD;AAAA,EACA,eAAyB,CAAC;AAAA,EAC1B,QAA6B;AAAA,EAC7B,WAAmB;AAAA,EACV,gBAA2C,oBAAI,IAAI;AAAA,EACpE,OAAwB,qBAAqB;AAAA,EAC5B,uBAAoC,oBAAI,IAAI;AAAA,EACrD,mBAAmB;AAAA,EACnB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,EACvB,sBAAsB;AAAA,EAE9B,YAAY,SAA0E;AACpF,UAAM;AACN,QAAI,SAAS;AACX,UAAI,cAAc,WAAW,QAAQ,UAAU;AAC7C,aAAK,WAAW,QAAQ;AAAA,MAC1B,WAAW,eAAe,WAAW,gBAAgB,SAAS;AAC5D,aAAK,WAAW,EAAE,WAAW,QAAQ,WAAW,YAAY,QAAQ,WAAW;AAAA,MACjF;AACA,YAAM,OAAO;AACb,UAAI,KAAK,cAAc,UAAU,KAAK,YAAY;AAChD,aAAK,eAAe,KAAK;AACzB,aAAK,QAAQ,IAAI,aAAa,KAAK,UAAU;AAAA,MAC/C;AACA,UAAI,KAAK,aAAa,QAAW;AAC/B,aAAK,WAAW,KAAK;AAAA,MACvB;AACA,UAAI,KAAK,WAAW;AAClB,YAAI,KAAK,UAAU,YAAY,QAAW;AACxC,eAAK,mBAAmB,KAAK,UAAU;AAAA,QACzC;AACA,YAAI,KAAK,UAAU,gBAAgB,UAAa,KAAK,UAAU,cAAc,GAAG;AAC9E,eAAK,uBAAuB,KAAK,UAAU;AAAA,QAC7C;AACA,YAAI,KAAK,UAAU,aAAa,UAAa,KAAK,UAAU,WAAW,GAAG;AACxE,eAAK,oBAAoB,KAAK,UAAU;AAAA,QAC1C;AAAA,MACF;AACA,UAAI,KAAK,eAAe;AACtB,YAAI,KAAK,cAAc,YAAY,QAAW;AAC5C,eAAK,uBAAuB,KAAK,cAAc;AAAA,QACjD;AACA,YAAI,KAAK,cAAc,WAAW,UAAa,KAAK,cAAc,SAAS,GAAG;AAC5E,eAAK,sBAAsB,KAAK,cAAc;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAAoB,iBAAkC;AAC5D,QAAI,CAAC,KAAK,kBAAkB;AAC1B,aAAO;AAAA,IACT;AAEA,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,SAAS,KAAK,cAAc,IAAI,eAAe;AAErD,QAAI,KAAK,cAAc,QAAQ,aAAY,sBAAsB,CAAC,QAAQ;AACxE,WAAK,wBAAwB;AAAA,IAC/B;AAEA,QAAI,CAAC,UAAW,MAAM,OAAO,cAAe,KAAK,mBAAmB;AAClE,WAAK,cAAc,IAAI,iBAAiB,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AACtE,aAAO;AAAA,IACT;AAEA,WAAO;AACP,WAAO,OAAO,QAAQ,KAAK;AAAA,EAC7B;AAAA,EAEQ,0BAAgC;AACtC,QAAI,YAA2B;AAC/B,QAAI,aAAa;AAEjB,eAAW,CAAC,KAAK,MAAM,KAAK,KAAK,cAAc,QAAQ,GAAG;AACxD,UAAI,OAAO,cAAc,YAAY;AACnC,qBAAa,OAAO;AACpB,oBAAY;AAAA,MACd;AAAA,IACF;AAEA,QAAI,cAAc,MAAM;AACtB,WAAK,cAAc,OAAO,SAAS;AAAA,IACrC;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA6B;AACzD,QAAI,CAAC,KAAK,sBAAsB;AAC9B,aAAO;AAAA,IACT;AAEA,QAAI,KAAK,qBAAqB,IAAI,UAAU,GAAG;AAC7C,aAAO;AAAA,IACT;AAEA,SAAK,qBAAqB,IAAI,UAAU;AACxC,QAAI,KAAK,qBAAqB,OAAO,KAAK,qBAAqB;AAC7D,YAAM,SAAS,KAAK,qBAAqB,OAAO,EAAE,KAAK,EAAE;AACzD,UAAI,WAAW,QAAW;AACxB,aAAK,qBAAqB,OAAO,MAAM;AAAA,MACzC;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAc,MAA8B;AAChD,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI;AACF,aAAK,MAAM,IAAI,gBAAgB,EAAE,MAAM,MAAM,QAAQ,UAAU,CAAC;AAChE,YAAI,WAAW;AAEf,aAAK,IAAI,GAAG,SAAS,CAAC,UAAU;AAC9B,eAAK,KAAK,SAAS,KAAK;AACxB,cAAI,CAAC,UAAU;AACb,uBAAW;AACX,mBAAO,KAAK;AAAA,UACd;AAAA,QACF,CAAC;AAED,aAAK,IAAI,GAAG,aAAa,MAAM;AAC7B,cAAI,CAAC,UAAU;AACb,uBAAW;AACX,oBAAQ;AAAA,UACV;AAAA,QACF,CAAC;AAED,aAAK,IAAI,GAAG,cAAc,CAAC,WAAsB;AAC/C,eAAK,iBAAiB,MAAM;AAAA,QAC9B,CAAC;AAAA,MACH,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAsB;AAC1B,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,KAAK;AACb,gBAAQ;AACR;AAAA,MACF;AAGA,iBAAW,cAAc,KAAK,SAAS,OAAO,GAAG;AAC/C,mBAAW,SAAS,WAAW,OAAO,GAAG;AACvC,gBAAM,OAAO,MAAM;AAAA,QACrB;AAAA,MACF;AACA,WAAK,SAAS,MAAM;AAEpB,WAAK,IAAI,MAAM,CAAC,QAAQ;AACtB,YAAI,KAAK;AACP,iBAAO,GAAG;AAAA,QACZ,OAAO;AACL,eAAK,MAAM;AACX,kBAAQ;AAAA,QACV;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,YAAyC;AACvC,UAAM,MAAM,oBAAI,IAA4B;AAC5C,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,YAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,EAAE;AACzC,UAAI,MAAO,KAAI,IAAI,KAAK,KAAK;AAAA,IAC/B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAiB,QAAyB;AAChD,QAAI,iBAAgC;AACpC,QAAI,YAA2B;AAE/B,WAAO,GAAG,WAAW,CAAC,SAAiB;AACrC,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,KAAK,SAAS,CAAC;AAGtC,YAAI,IAAI,SAAS,cAAc,CAAC,gBAAgB;AAC9C,cAAI,CAAC,IAAI,aAAa,OAAO,IAAI,cAAc,UAAU;AACvD,iBAAK,UAAU,QAAQ,oDAAoD;AAC3E,mBAAO,MAAM;AACb;AAAA,UACF;AAEA,gBAAM,YAAY,IAAI;AACtB,gBAAM,OAAO,IAAI;AACjB,2BAAiB;AACjB,sBAAY,OAAO,WAAW;AAG9B,cAAI,CAAC,KAAK,SAAS,IAAI,SAAS,KAAK,KAAK,SAAS,QAAQ,KAAK,UAAU;AACxE,iBAAK,UAAU,QAAQ,6BAA6B,KAAK,QAAQ,SAAS;AAC1E,mBAAO,MAAM;AACb;AAAA,UACF;AAEA,gBAAM,QAAwB;AAAA,YAC5B;AAAA,YACA;AAAA,YACA;AAAA,YACA,UAAU,KAAK,IAAI;AAAA,UACrB;AAEA,cAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,iBAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,UACxC;AACA,eAAK,SAAS,IAAI,SAAS,EAAG,IAAI,WAAW,KAAK;AAClD,gBAAM,iBAAiB,KAAK,SAAS,IAAI,SAAS,EAAG,SAAS;AAE9D,eAAK,KAAK,oBAAoB,SAAS;AAGvC,gBAAM,QAAqD,CAAC;AAC5D,qBAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,gBAAI,QAAQ,UAAW;AACvB,kBAAM,aAAa,WAAW,OAAO,EAAE,KAAK,EAAE;AAC9C,kBAAM,KAAK,EAAE,WAAW,KAAK,MAAM,YAAY,KAAK,CAAC;AAAA,UACvD;AACA,qBAAW,eAAe,KAAK,cAAc;AAC3C,gBAAI,gBAAgB,aAAa,CAAC,KAAK,SAAS,IAAI,WAAW,GAAG;AAChE,oBAAM,KAAK,EAAE,WAAW,aAAa,MAAM,OAAU,CAAC;AAAA,YACxD;AAAA,UACF;AAEA,iBAAO,KAAK,KAAK,UAAU;AAAA,YACzB,MAAM;AAAA,YACN;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC,CAAC;AAGF,cAAI,gBAAgB;AAClB,iBAAK,mBAAmB,eAAe,WAAW,IAAI;AAAA,UACxD;AAGA,cAAI,KAAK,SAAS,KAAK,aAAa,SAAS,SAAS,GAAG;AACvD,kBAAM,SAAS,KAAK,MAAM,KAAK,SAAS;AACxC,uBAAW,UAAU,QAAQ;AAC3B,qBAAO,KAAK,KAAK,UAAU;AAAA,gBACzB,MAAM;AAAA,gBACN,MAAM,OAAO;AAAA,gBACb,MAAM,OAAO;AAAA,gBACb,UAAU,OAAO;AAAA,cACnB,CAAC,CAAC;AAAA,YACJ;AACA,iBAAK,MAAM,MAAM,SAAS;AAAA,UAC5B;AACA;AAAA,QACF;AAGA,YAAI,CAAC,gBAAgB;AACnB,eAAK,UAAU,QAAQ,iDAAiD;AACxE,iBAAO,MAAM;AACb;AAAA,QACF;AAGA,YAAI,IAAI,SAAS,WAAW;AAC1B,cAAI,CAAC,IAAI,MAAM,OAAO,IAAI,OAAO,UAAU;AACzC,iBAAK,UAAU,QAAQ,gDAAgD;AACvE;AAAA,UACF;AAEA,cAAI,CAAC,IAAI,YAAY,OAAO,IAAI,aAAa,UAAU;AACrD,iBAAK,UAAU,QAAQ,sDAAsD;AAC7E;AAAA,UACF;AAEA,gBAAM,WAAW,IAAI;AAGrB,gBAAM,eAAe,eAAe,QAAQ;AAC5C,cAAI,CAAC,aAAa,OAAO;AACvB,iBAAK,UAAU,QAAQ,qBAAqB,aAAa,UAAU,qBAAqB,EAAE;AAC1F;AAAA,UACF;AAGA,gBAAM,eAAe,SAAS;AAC9B,cAAI,iBAAiB,gBAAgB;AACnC,iBAAK,UAAU,QAAQ,sDAAsD;AAC7E;AAAA,UACF;AAGA,cAAI,CAAC,MAAM,QAAQ,SAAS,EAAE,KAAK,SAAS,GAAG,WAAW,KAAK,CAAC,SAAS,GAAG,SAAS,IAAI,EAAE,GAAG;AAC5F,iBAAK,UAAU,QAAQ,8DAA8D;AACrF;AAAA,UACF;AAEA,cAAI,KAAK,oBAAoB,cAAc,GAAG;AAC5C;AAAA,UACF;AAEA,cAAI,KAAK,sBAAsB,SAAS,EAAE,GAAG;AAC3C;AAAA,UACF;AAGA,gBAAM,mBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,cAAI,kBAAkB;AACpB,uBAAW,KAAK,iBAAiB,OAAO,GAAG;AACzC,gBAAE,WAAW,KAAK,IAAI;AAAA,YACxB;AAAA,UACF;AAGA,cAAI,SAAS,SAAS,uBAAuB,KAAK,YAAY,IAAI,OAAO,KAAK,SAAS,WAAW;AAChG,iBAAK,sBAAsB,UAA8C,QAAQ,cAAc;AAC/F;AAAA,UACF;AAGA,gBAAM,sBAAsB,KAAK,SAAS,IAAI,IAAI,EAAE;AACpD,gBAAM,iBAAiB,sBACnB,MAAM,KAAK,oBAAoB,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,OAAO,eAAe,UAAU,IAAI,IAC3F,CAAC;AACL,cAAI,eAAe,WAAW,GAAG;AAE/B,gBAAI,KAAK,SAAS,KAAK,aAAa,SAAS,IAAI,EAAE,GAAG;AACpD,oBAAMA,oBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,oBAAM,cAAcA,mBAAkB,OAAO,EAAE,KAAK,EAAE;AACtD,mBAAK,MAAM,KAAK,IAAI,IAAI;AAAA,gBACtB,MAAM;AAAA,gBACN,MAAM,aAAa;AAAA,gBACnB;AAAA,cACF,CAAC;AACD,mBAAK,KAAK,mBAAmB,gBAAgB,IAAI,IAAI,QAAQ;AAAA,YAC/D,OAAO;AACL,mBAAK,UAAU,QAAQ,2BAA2B,mBAAmB;AAAA,YACvE;AACA;AAAA,UACF;AAGA,cAAI;AACF,kBAAMA,oBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,kBAAM,cAAcA,mBAAkB,OAAO,EAAE,KAAK,EAAE;AACtD,kBAAM,eAAe;AAAA,cACnB,MAAM;AAAA,cACN,MAAM;AAAA,cACN,MAAM,aAAa;AAAA,cACnB;AAAA,YACF;AACA,kBAAM,aAAa,KAAK,UAAU,YAAY;AAC9C,uBAAW,aAAa,gBAAgB;AACtC,wBAAU,OAAO,KAAK,UAAU;AAAA,YAClC;AACA,iBAAK,KAAK,mBAAmB,gBAAgB,IAAI,IAAI,QAAQ;AAAA,UAC/D,SAAS,KAAK;AACZ,iBAAK,UAAU,QAAQ,yBAAyB;AAChD,iBAAK,KAAK,SAAS,GAAY;AAAA,UACjC;AACA;AAAA,QACF;AAGA,YAAI,IAAI,SAAS,QAAQ;AACvB,iBAAO,KAAK,KAAK,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC;AAC5C;AAAA,QACF;AAGA,aAAK,UAAU,QAAQ,yBAAyB,IAAI,IAAI,EAAE;AAAA,MAC5D,SAAS,KAAK;AAEZ,aAAK,KAAK,SAAS,IAAI,MAAM,2BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAC3G,aAAK,UAAU,QAAQ,wBAAwB;AAAA,MACjD;AAAA,IACF,CAAC;AAED,WAAO,GAAG,SAAS,MAAM;AACvB,UAAI,kBAAkB,WAAW;AAC/B,cAAM,aAAa,KAAK,SAAS,IAAI,cAAc;AACnD,YAAI,YAAY;AACd,gBAAM,QAAQ,WAAW,IAAI,SAAS;AACtC,gBAAM,YAAY,OAAO;AACzB,qBAAW,OAAO,SAAS;AAC3B,cAAI,WAAW,SAAS,GAAG;AACzB,iBAAK,SAAS,OAAO,cAAc;AACnC,iBAAK,KAAK,sBAAsB,cAAc;AAC9C,iBAAK,KAAK,iBAAiB,cAAc;AAEzC,gBAAI,CAAC,KAAK,aAAa,SAAS,cAAc,GAAG;AAC/C,mBAAK,mBAAmB,gBAAgB,gBAAgB,SAAS;AAAA,YACnE;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,GAAG,SAAS,CAAC,UAAU;AAC5B,WAAK,KAAK,SAAS,KAAK;AAAA,IAC1B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAU,QAAmB,SAAiB,MAAqB;AACzE,QAAI;AACF,UAAI,OAAO,eAAe,UAAU,MAAM;AACxC,cAAM,UAA6D,EAAE,MAAM,SAAS,QAAQ;AAC5F,YAAI,KAAM,SAAQ,OAAO;AACzB,eAAO,KAAK,KAAK,UAAU,OAAO,CAAC;AAAA,MACrC;AAAA,IACF,SAAS,KAAK;AAEZ,WAAK,KAAK,SAAS,IAAI,MAAM,iCAAiC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,IACnH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,mBAAmB,WAA2C,WAAmB,MAAqB;AAC5G,UAAM,UAAU;AAAA,MACd,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACF;AACA,UAAM,aAAa,KAAK,UAAU,OAAO;AAEzC,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,UAAI,QAAQ,UAAW;AACvB,iBAAW,SAAS,WAAW,OAAO,GAAG;AACvC,YAAI,MAAM,OAAO,eAAe,UAAU,MAAM;AAC9C,cAAI;AACF,kBAAM,OAAO,KAAK,UAAU;AAAA,UAC9B,SAAS,KAAK;AACZ,iBAAK,KAAK,SAAS,IAAI,MAAM,kBAAkB,SAAS,WAAW,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,UACxH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,sBAAsB,UAA4C,QAAmB,oBAAkC;AAC7H,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,UAAU,QAAQ,gEAAgE;AACvF;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,SAAS;AAC7B,UAAM,MAAM,KAAK,IAAI;AAGrB,UAAM,YAA8B,CAAC;AACrC,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,UAAI,QAAQ,mBAAoB;AAChC,YAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,EAAE;AACzC,UAAI,MAAO,WAAU,KAAK,KAAK;AAAA,IACjC;AAEA,QAAI,QAAQ;AAGZ,QAAI,SAAS,cAAc;AACzB,cAAQ,MAAM,OAAO,OAAM,MAAM,EAAE,WAAY,QAAQ,YAAa;AAAA,IACtE;AAEA,QAAI,SAAS,SAAS,QAAQ,QAAQ,GAAG;AACvC,cAAQ,MAAM,MAAM,GAAG,QAAQ,KAAK;AAAA,IACtC;AAGA,UAAM,WAAoC;AAAA,MACxC,OAAO,MAAM,IAAI,QAAM;AAAA,QACrB,WAAW,EAAE;AAAA,QACb,UAAU,EAAE,QAAQ,EAAE,WAAW;AAAA,UAC/B,MAAM,EAAE;AAAA,UACR,SAAS,EAAE,UAAU;AAAA,UACrB,cAAc,EAAE,UAAU;AAAA,QAC1B,IAAI;AAAA,QACJ,UAAU,EAAE;AAAA,MACd,EAAE;AAAA,MACJ,YAAY,KAAK,SAAS,QAAQ,KAAK,SAAS,IAAI,kBAAkB,IAAI,IAAI;AAAA,MAC9E,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAGA,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,KAAK,SAAS;AAAA,MACd,KAAK,SAAS;AAAA,MACd;AAAA,MACA,KAAK,IAAI;AAAA,MACT,SAAS;AAAA;AAAA,MACT,CAAC,kBAAkB;AAAA,IACrB;AAGA,UAAM,eAAe;AAAA,MACnB,MAAM;AAAA,MACN,MAAM,KAAK,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAEA,QAAI;AACF,aAAO,KAAK,KAAK,UAAU,YAAY,CAAC;AAAA,IAC1C,SAAS,KAAK;AACZ,WAAK,KAAK,SAAS,IAAI,MAAM,sCAAsC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,IACxH;AAAA,EACF;AACF;","names":["senderSessionMap"]}

package/dist/{chunk-VQ4BE6OV.js → chunk-D4Y3BZSO.js} RENAMED Viewed

@@ -2,7 +2,7 @@ import {
   RelayServer,
   createEnvelope,
   verifyEnvelope
-} from "./chunk-HGXMAZZI.js";
+} from "./chunk-4TJRWJIB.js";
 // src/relay/message-buffer.ts
 var MAX_MESSAGES_PER_AGENT = 100;
@@ -453,4 +453,4 @@ export {
   createRestRouter,
   runRelay
 };
-//# sourceMappingURL=chunk-VQ4BE6OV.js.map
+//# sourceMappingURL=chunk-D4Y3BZSO.js.map

package/dist/chunk-D4Y3BZSO.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/relay/message-buffer.ts","../src/relay/jwt-auth.ts","../src/relay/rest-api.ts","../src/relay/run-relay.ts"],"sourcesContent":["/**\n * message-buffer.ts — In-memory bounded message queue per agent.\n *\n * When messages are delivered to an agent via the relay, they are also\n * stored here so that HTTP polling clients can retrieve them via GET /v1/messages.\n */\n\nexport interface BufferedMessage {\n id: string;\n from: string;\n fromName?: string;\n type: string;\n payload: unknown;\n timestamp: number;\n inReplyTo?: string;\n}\n\ninterface StoredMessage {\n message: BufferedMessage;\n receivedAt: number;\n}\n\nconst MAX_MESSAGES_PER_AGENT = 100;\n\n/**\n * MessageBuffer stores inbound messages per agent public key.\n * FIFO eviction when the buffer is full (max 100 messages).\n * Messages older than ttlMs (measured from when they were received) are pruned on access.\n */\nexport class MessageBuffer {\n private buffers: Map<string, StoredMessage[]> = new Map();\n private ttlMs: number;\n\n constructor(options?: { ttlMs?: number }) {\n this.ttlMs = options?.ttlMs ?? 86400000; // default 24h\n }\n\n /**\n * Add a message to an agent's buffer.\n * Evicts the oldest message if the buffer is full.\n */\n add(publicKey: string, message: BufferedMessage): void {\n let queue = this.buffers.get(publicKey);\n if (!queue) {\n queue = [];\n this.buffers.set(publicKey, queue);\n }\n queue.push({ message, receivedAt: Date.now() });\n if (queue.length > MAX_MESSAGES_PER_AGENT) {\n queue.shift(); // FIFO eviction\n }\n }\n\n /**\n * Retrieve messages for an agent, optionally filtering by `since` timestamp.\n * Returns messages with timestamp > since (exclusive). Prunes expired messages.\n */\n get(publicKey: string, since?: number): BufferedMessage[] {\n const now = Date.now();\n let queue = this.buffers.get(publicKey) ?? [];\n // Prune messages older than ttlMs (based on wall-clock receive time)\n queue = queue.filter((s) => now - s.receivedAt < this.ttlMs);\n this.buffers.set(publicKey, queue);\n const messages = queue.map((s) => s.message);\n if (since === undefined) {\n return [...messages];\n }\n return messages.filter((m) => m.timestamp > since);\n }\n\n /**\n * Clear all messages for an agent (after polling without `since`).\n */\n clear(publicKey: string): void {\n this.buffers.set(publicKey, []);\n }\n\n /**\n * Remove all state for a disconnected agent.\n */\n delete(publicKey: string): void {\n this.buffers.delete(publicKey);\n }\n}\n","/**\n * jwt-auth.ts — JWT token creation and validation middleware.\n *\n * Tokens are signed with AGORA_RELAY_JWT_SECRET (required env var).\n * Expiry defaults to 3600 seconds (1 hour), configurable via AGORA_JWT_EXPIRY_SECONDS.\n *\n * Token payload: { publicKey, name }\n */\n\nimport jwt from 'jsonwebtoken';\nimport { randomBytes } from 'node:crypto';\nimport type { Request, Response, NextFunction } from 'express';\n\nexport interface JwtPayload {\n publicKey: string;\n name?: string;\n}\n\n/**\n * Augment Express Request to carry decoded JWT payload.\n */\nexport interface AuthenticatedRequest extends Request {\n agent?: JwtPayload;\n}\n\n/**\n * Revocation set for invalidated tokens (populated by DELETE /v1/disconnect).\n * Stored as a Map of JWT `jti` → expiry timestamp (ms).\n * Entries are automatically removed once their JWT would have expired anyway,\n * preventing unbounded memory growth.\n */\nconst revokedJtis: Map<string, number> = new Map();\n\n/**\n * Remove revoked JTI entries whose token expiry has already passed.\n * These tokens can no longer be used regardless, so no need to keep them.\n */\nfunction pruneExpiredRevocations(): void {\n const now = Date.now();\n for (const [jti, expiry] of revokedJtis) {\n if (expiry <= now) {\n revokedJtis.delete(jti);\n }\n }\n}\n\nfunction getJwtSecret(): string {\n const secret = process.env.AGORA_RELAY_JWT_SECRET;\n if (!secret) {\n throw new Error(\n 'AGORA_RELAY_JWT_SECRET environment variable is required but not set'\n );\n }\n return secret;\n}\n\nfunction getExpirySeconds(): number {\n const raw = process.env.AGORA_JWT_EXPIRY_SECONDS;\n if (raw) {\n const parsed = parseInt(raw, 10);\n if (!isNaN(parsed) && parsed > 0) {\n return parsed;\n }\n }\n return 3600; // 1 hour default\n}\n\n/**\n * Create a signed JWT for a registered agent.\n * Returns the token string and its expiry timestamp (ms since epoch).\n */\nexport function createToken(payload: JwtPayload): {\n token: string;\n expiresAt: number;\n} {\n const secret = getJwtSecret();\n const expirySeconds = getExpirySeconds();\n const jti = `${Date.now()}-${randomBytes(16).toString('hex')}`;\n\n const token = jwt.sign(\n { publicKey: payload.publicKey, name: payload.name, jti },\n secret,\n { expiresIn: expirySeconds }\n );\n\n const expiresAt = Date.now() + expirySeconds * 1000;\n return { token, expiresAt };\n}\n\n/**\n * Revoke a token by its jti claim so it cannot be used again.\n * The revocation entry is stored with the token's expiry so it can be\n * pruned automatically once the token would no longer be valid anyway.\n */\nexport function revokeToken(token: string): void {\n try {\n const secret = getJwtSecret();\n const decoded = jwt.verify(token, secret) as jwt.JwtPayload & {\n jti?: string;\n exp?: number;\n };\n if (decoded.jti) {\n const expiry = decoded.exp ? decoded.exp * 1000 : Date.now();\n revokedJtis.set(decoded.jti, expiry);\n pruneExpiredRevocations();\n }\n } catch {\n // Token already invalid — nothing to revoke\n }\n}\n\n/**\n * Express middleware that validates the Authorization: Bearer <token> header.\n * Attaches decoded payload to `req.agent` on success.\n * Responds with 401 if missing/invalid/expired/revoked.\n */\nexport function requireAuth(\n req: AuthenticatedRequest,\n res: Response,\n next: NextFunction\n): void {\n const authHeader = req.headers.authorization;\n if (!authHeader || !authHeader.startsWith('Bearer ')) {\n res.status(401).json({ error: 'Missing or malformed Authorization header' });\n return;\n }\n\n const token = authHeader.slice(7);\n try {\n const secret = getJwtSecret();\n const decoded = jwt.verify(token, secret) as jwt.JwtPayload & {\n publicKey: string;\n name?: string;\n jti?: string;\n };\n\n if (decoded.jti && revokedJtis.has(decoded.jti)) {\n res.status(401).json({ error: 'Token has been revoked' });\n return;\n }\n\n req.agent = { publicKey: decoded.publicKey, name: decoded.name };\n next();\n } catch (err) {\n if (err instanceof jwt.TokenExpiredError) {\n res.status(401).json({ error: 'Token expired' });\n } else {\n res.status(401).json({ error: 'Invalid token' });\n }\n }\n}\n","/**\n * rest-api.ts — Express router implementing the Agora relay REST API.\n *\n * Endpoints:\n * POST /v1/register — Register agent, obtain JWT session token\n * POST /v1/send — Send message to a peer (requires auth)\n * GET /v1/peers — List online peers (requires auth)\n * GET /v1/messages — Poll for new inbound messages (requires auth)\n * DELETE /v1/disconnect — Invalidate token and disconnect (requires auth)\n */\n\nimport { Router } from 'express';\nimport type { Request, Response } from 'express';\nimport { rateLimit } from 'express-rate-limit';\nimport {\n createToken,\n revokeToken,\n requireAuth,\n type AuthenticatedRequest,\n} from './jwt-auth';\nimport { MessageBuffer, type BufferedMessage } from './message-buffer';\n\nconst apiRateLimit = (rpm: number): ReturnType<typeof rateLimit> => rateLimit({\n windowMs: 60_000,\n limit: rpm,\n standardHeaders: 'draft-7',\n legacyHeaders: false,\n message: { error: 'Too many requests — try again later' },\n});\n\n/**\n * A session for a REST-connected agent.\n * privateKey is held only in memory and never logged or persisted.\n */\nexport interface RestSession {\n publicKey: string;\n privateKey: string;\n name?: string;\n metadata?: { version?: string; capabilities?: string[] };\n registeredAt: number;\n expiresAt: number;\n token: string;\n}\n\nfunction pruneExpiredSessions(\n sessions: Map<string, RestSession>,\n buffer: MessageBuffer\n): void {\n const now = Date.now();\n for (const [publicKey, session] of sessions) {\n if (session.expiresAt <= now) {\n sessions.delete(publicKey);\n buffer.delete(publicKey);\n }\n }\n}\n\n/**\n * Minimal interface for the relay server that the REST API depends on.\n */\nexport interface RelayInterface {\n getAgents(): Map<\n string,\n {\n publicKey: string;\n name?: string;\n lastSeen: number;\n metadata?: { version?: string; capabilities?: string[] };\n socket: unknown;\n }\n >;\n on(\n event: 'message-relayed',\n handler: (from: string, to: string, envelope: unknown) => void\n ): void;\n}\n\n/**\n * Envelope creation function interface (matches createEnvelope from message/envelope).\n */\nexport type CreateEnvelopeFn = (\n type: string,\n from: string,\n to: string[],\n privateKey: string,\n payload: unknown,\n timestamp?: number,\n inReplyTo?: string\n) => {\n id: string;\n type: string;\n from: string;\n to: string[];\n timestamp: number;\n payload: unknown;\n signature: string;\n inReplyTo?: string;\n};\n\n/**\n * Envelope verification function interface.\n */\nexport type VerifyEnvelopeFn = (envelope: unknown) => {\n valid: boolean;\n reason?: string;\n};\n\n/**\n * Create the REST API router.\n */\nexport function createRestRouter(\n relay: RelayInterface,\n buffer: MessageBuffer,\n sessions: Map<string, RestSession>,\n createEnv: CreateEnvelopeFn,\n verifyEnv: VerifyEnvelopeFn,\n rateLimitRpm = 60\n): Router {\n const router = Router();\n router.use(apiRateLimit(rateLimitRpm));\n\n relay.on('message-relayed', (from, to, envelope) => {\n if (!sessions.has(to)) return;\n const agentMap = relay.getAgents();\n const senderAgent = agentMap.get(from);\n const env = envelope as {\n id: string;\n type: string;\n payload: unknown;\n timestamp: number;\n inReplyTo?: string;\n };\n const msg: BufferedMessage = {\n id: env.id,\n from,\n fromName: senderAgent?.name,\n type: env.type,\n payload: env.payload,\n timestamp: env.timestamp,\n inReplyTo: env.inReplyTo,\n };\n buffer.add(to, msg);\n });\n\n router.post('/v1/register', async (req: Request, res: Response) => {\n const { publicKey, privateKey, name, metadata } = req.body as {\n publicKey?: string;\n privateKey?: string;\n name?: string;\n metadata?: { version?: string; capabilities?: string[] };\n };\n\n if (!publicKey || typeof publicKey !== 'string') {\n res.status(400).json({ error: 'publicKey is required' });\n return;\n }\n if (!privateKey || typeof privateKey !== 'string') {\n res.status(400).json({ error: 'privateKey is required' });\n return;\n }\n\n const testEnvelope = createEnv(\n 'announce',\n publicKey,\n [publicKey],\n privateKey,\n { challenge: 'register' },\n Date.now()\n );\n const verification = verifyEnv(testEnvelope);\n if (!verification.valid) {\n res\n .status(400)\n .json({ error: 'Key pair verification failed: ' + verification.reason });\n return;\n }\n\n const { token, expiresAt } = createToken({ publicKey, name });\n pruneExpiredSessions(sessions, buffer);\n\n const session: RestSession = {\n publicKey,\n privateKey,\n name,\n metadata,\n registeredAt: Date.now(),\n expiresAt,\n token,\n };\n sessions.set(publicKey, session);\n\n const wsAgents = relay.getAgents();\n const peers: Array<{ publicKey: string; name?: string; lastSeen: number }> = [];\n for (const agent of wsAgents.values()) {\n if (agent.publicKey !== publicKey) {\n peers.push({\n publicKey: agent.publicKey,\n name: agent.name,\n lastSeen: agent.lastSeen,\n });\n }\n }\n for (const s of sessions.values()) {\n if (s.publicKey !== publicKey && !wsAgents.has(s.publicKey)) {\n peers.push({\n publicKey: s.publicKey,\n name: s.name,\n lastSeen: s.registeredAt,\n });\n }\n }\n\n res.json({ token, expiresAt, peers });\n });\n\n router.post(\n '/v1/send',\n requireAuth,\n async (req: AuthenticatedRequest, res: Response) => {\n const { to, type, payload, inReplyTo } = req.body as {\n to?: string;\n type?: string;\n payload?: unknown;\n inReplyTo?: string;\n };\n\n if (!to || typeof to !== 'string') {\n res.status(400).json({ error: 'to is required' });\n return;\n }\n if (!type || typeof type !== 'string') {\n res.status(400).json({ error: 'type is required' });\n return;\n }\n if (payload === undefined) {\n res.status(400).json({ error: 'payload is required' });\n return;\n }\n\n const senderPublicKey = req.agent!.publicKey;\n const session = sessions.get(senderPublicKey);\n if (!session) {\n res.status(401).json({ error: 'Session not found — please re-register' });\n return;\n }\n\n const envelope = createEnv(\n type,\n senderPublicKey,\n [to],\n session.privateKey,\n payload,\n Date.now(),\n inReplyTo\n );\n\n const wsAgents = relay.getAgents();\n const wsRecipient = wsAgents.get(to);\n if (wsRecipient && wsRecipient.socket) {\n const ws = wsRecipient.socket as { readyState: number; send(data: string): void };\n const OPEN = 1;\n if (ws.readyState !== OPEN) {\n res.status(503).json({ error: 'Recipient connection is not open' });\n return;\n }\n try {\n const relayMsg = JSON.stringify({\n type: 'message',\n from: senderPublicKey,\n name: session.name,\n envelope,\n });\n ws.send(relayMsg);\n res.json({ ok: true, envelopeId: envelope.id });\n return;\n } catch (err) {\n res.status(500).json({\n error:\n 'Failed to deliver message: ' +\n (err instanceof Error ? err.message : String(err)),\n });\n return;\n }\n }\n\n const restRecipient = sessions.get(to);\n if (restRecipient) {\n const senderAgent = wsAgents.get(senderPublicKey);\n const msg: BufferedMessage = {\n id: envelope.id,\n from: senderPublicKey,\n fromName: session.name ?? senderAgent?.name,\n type: envelope.type,\n payload: envelope.payload,\n timestamp: envelope.timestamp,\n inReplyTo: envelope.inReplyTo,\n };\n buffer.add(to, msg);\n res.json({ ok: true, envelopeId: envelope.id });\n return;\n }\n\n res.status(404).json({ error: 'Recipient not connected' });\n }\n );\n\n router.get(\n '/v1/peers',\n requireAuth,\n (req: AuthenticatedRequest, res: Response) => {\n const callerPublicKey = req.agent!.publicKey;\n const wsAgents = relay.getAgents();\n const peerList: Array<{\n publicKey: string;\n name?: string;\n lastSeen: number;\n metadata?: { version?: string; capabilities?: string[] };\n }> = [];\n\n for (const agent of wsAgents.values()) {\n if (agent.publicKey !== callerPublicKey) {\n peerList.push({\n publicKey: agent.publicKey,\n name: agent.name,\n lastSeen: agent.lastSeen,\n metadata: agent.metadata,\n });\n }\n }\n\n for (const s of sessions.values()) {\n if (s.publicKey !== callerPublicKey && !wsAgents.has(s.publicKey)) {\n peerList.push({\n publicKey: s.publicKey,\n name: s.name,\n lastSeen: s.registeredAt,\n metadata: s.metadata,\n });\n }\n }\n\n res.json({ peers: peerList });\n }\n );\n\n router.get(\n '/v1/messages',\n requireAuth,\n (req: AuthenticatedRequest, res: Response) => {\n const publicKey = req.agent!.publicKey;\n const sinceRaw = req.query.since as string | undefined;\n const limitRaw = req.query.limit as string | undefined;\n\n const since = sinceRaw ? parseInt(sinceRaw, 10) : undefined;\n const limit = Math.min(limitRaw ? parseInt(limitRaw, 10) : 50, 100);\n\n let messages = buffer.get(publicKey, since);\n const hasMore = messages.length > limit;\n if (hasMore) {\n messages = messages.slice(0, limit);\n }\n\n if (since === undefined) {\n buffer.clear(publicKey);\n }\n\n res.json({ messages, hasMore });\n }\n );\n\n router.delete(\n '/v1/disconnect',\n requireAuth,\n (req: AuthenticatedRequest, res: Response) => {\n const publicKey = req.agent!.publicKey;\n const authHeader = req.headers.authorization!;\n const token = authHeader.slice(7);\n\n revokeToken(token);\n sessions.delete(publicKey);\n buffer.delete(publicKey);\n\n res.json({ ok: true });\n }\n );\n\n return router;\n}\n","/**\n * run-relay.ts — Start Agora relay: WebSocket server and optional REST API.\n *\n * When REST is enabled, starts:\n * 1. WebSocket relay (RelayServer) on wsPort\n * 2. REST API server (Express) on restPort\n *\n * Environment variables:\n * RELAY_PORT — WebSocket relay port (default: 3002); alias: PORT\n * REST_PORT — REST API port (default: 3001)\n * JWT_SECRET — Secret for JWT session tokens (alias: AGORA_RELAY_JWT_SECRET)\n * AGORA_JWT_EXPIRY_SECONDS — JWT expiry in seconds (default: 3600)\n * MAX_PEERS — Maximum concurrent registered peers (default: 100)\n * MESSAGE_TTL_MS — Message buffer TTL in ms (default: 86400000 = 24h)\n * RATE_LIMIT_RPM — REST API requests per minute per IP (default: 60)\n * ALLOWED_ORIGINS — CORS origins, comma-separated or * (default: *)\n */\n\nimport http from 'node:http';\nimport express from 'express';\nimport cors from 'cors';\nimport { RelayServer, type RelayServerOptions } from './server';\nimport {\n createEnvelope,\n verifyEnvelope,\n type Envelope,\n type MessageType,\n} from '../message/envelope';\nimport { createRestRouter, type CreateEnvelopeFn } from './rest-api';\nimport { MessageBuffer } from './message-buffer';\nimport type { RestSession } from './rest-api';\n\n/** Wrapper so REST API can pass string type; createEnvelope expects MessageType */\nconst createEnvelopeForRest: CreateEnvelopeFn = (\n type,\n from,\n to,\n privateKey,\n payload,\n timestamp,\n inReplyTo\n) =>\n createEnvelope(\n type as MessageType,\n from,\n privateKey,\n payload,\n timestamp ?? Date.now(),\n inReplyTo,\n to\n );\n\nexport interface RunRelayOptions {\n /** WebSocket port (default from RELAY_PORT or PORT env, or 3002) */\n wsPort?: number;\n /** REST API port (default from REST_PORT env, or 3001). Ignored if enableRest is false. */\n restPort?: number;\n /** Enable REST API (requires JWT_SECRET or AGORA_RELAY_JWT_SECRET). Default: true if secret is set. */\n enableRest?: boolean;\n /** Relay server options (identity, storagePeers, storageDir) */\n relayOptions?: RelayServerOptions;\n}\n\n/**\n * Start WebSocket relay and optionally REST API.\n * Returns { relay, httpServer } where httpServer is set only when REST is enabled.\n */\nexport async function runRelay(options: RunRelayOptions = {}): Promise<{\n relay: RelayServer;\n httpServer?: http.Server;\n}> {\n const wsPort = options.wsPort ?? parseInt(\n process.env.RELAY_PORT ?? process.env.PORT ?? '3002', 10\n );\n const jwtSecret = process.env.JWT_SECRET ?? process.env.AGORA_RELAY_JWT_SECRET;\n const enableRest =\n options.enableRest ??\n (typeof jwtSecret === 'string' && jwtSecret.length > 0);\n\n const maxPeers = parseInt(process.env.MAX_PEERS ?? '100', 10);\n const relayOptions: RelayServerOptions = { ...options.relayOptions, maxPeers };\n\n const relay = new RelayServer(relayOptions);\n await relay.start(wsPort);\n\n if (!enableRest) {\n return { relay };\n }\n\n if (!jwtSecret) {\n await relay.stop();\n throw new Error(\n 'JWT_SECRET (or AGORA_RELAY_JWT_SECRET) environment variable is required when REST API is enabled'\n );\n }\n\n // Expose jwtSecret via env so jwt-auth.ts can read it (it reads AGORA_RELAY_JWT_SECRET)\n if (!process.env.AGORA_RELAY_JWT_SECRET) {\n process.env.AGORA_RELAY_JWT_SECRET = jwtSecret;\n }\n\n const restPort = options.restPort ?? parseInt(process.env.REST_PORT ?? '3001', 10);\n const messageTtlMs = parseInt(process.env.MESSAGE_TTL_MS ?? '86400000', 10);\n const messageBuffer = new MessageBuffer({ ttlMs: messageTtlMs });\n const restSessions = new Map<string, RestSession>();\n\n const allowedOrigins = process.env.ALLOWED_ORIGINS ?? '*';\n const corsOrigins = allowedOrigins === '*'\n ? '*'\n : allowedOrigins.split(',').map((o) => o.trim()).filter((o) => o.length > 0);\n\n const app = express();\n app.use(cors({\n origin: corsOrigins,\n methods: ['GET', 'POST', 'DELETE'],\n allowedHeaders: ['Content-Type', 'Authorization'],\n }));\n app.use(express.json());\n\n const verifyForRest = (envelope: unknown): { valid: boolean; reason?: string } =>\n verifyEnvelope(envelope as Envelope);\n\n const rateLimitRpm = parseInt(process.env.RATE_LIMIT_RPM ?? '60', 10);\n const router = createRestRouter(\n relay as Parameters<typeof createRestRouter>[0],\n messageBuffer,\n restSessions,\n createEnvelopeForRest,\n verifyForRest,\n rateLimitRpm\n );\n app.use(router);\n\n app.use((_req, res) => {\n res.status(404).json({ error: 'Not found' });\n });\n\n const httpServer = http.createServer(app);\n await new Promise<void>((resolve, reject) => {\n httpServer.listen(restPort, () => resolve());\n httpServer.on('error', reject);\n });\n\n return { relay, httpServer };\n}\n"],"mappings":";;;;;;;AAsBA,IAAM,yBAAyB;AAOxB,IAAM,gBAAN,MAAoB;AAAA,EACjB,UAAwC,oBAAI,IAAI;AAAA,EAChD;AAAA,EAER,YAAY,SAA8B;AACxC,SAAK,QAAQ,SAAS,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,WAAmB,SAAgC;AACrD,QAAI,QAAQ,KAAK,QAAQ,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,cAAQ,CAAC;AACT,WAAK,QAAQ,IAAI,WAAW,KAAK;AAAA,IACnC;AACA,UAAM,KAAK,EAAE,SAAS,YAAY,KAAK,IAAI,EAAE,CAAC;AAC9C,QAAI,MAAM,SAAS,wBAAwB;AACzC,YAAM,MAAM;AAAA,IACd;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,WAAmB,OAAmC;AACxD,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,QAAQ,KAAK,QAAQ,IAAI,SAAS,KAAK,CAAC;AAE5C,YAAQ,MAAM,OAAO,CAAC,MAAM,MAAM,EAAE,aAAa,KAAK,KAAK;AAC3D,SAAK,QAAQ,IAAI,WAAW,KAAK;AACjC,UAAM,WAAW,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO;AAC3C,QAAI,UAAU,QAAW;AACvB,aAAO,CAAC,GAAG,QAAQ;AAAA,IACrB;AACA,WAAO,SAAS,OAAO,CAAC,MAAM,EAAE,YAAY,KAAK;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAyB;AAC7B,SAAK,QAAQ,IAAI,WAAW,CAAC,CAAC;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,WAAyB;AAC9B,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AACF;;;AC1EA,OAAO,SAAS;AAChB,SAAS,mBAAmB;AAqB5B,IAAM,cAAmC,oBAAI,IAAI;AAMjD,SAAS,0BAAgC;AACvC,QAAM,MAAM,KAAK,IAAI;AACrB,aAAW,CAAC,KAAK,MAAM,KAAK,aAAa;AACvC,QAAI,UAAU,KAAK;AACjB,kBAAY,OAAO,GAAG;AAAA,IACxB;AAAA,EACF;AACF;AAEA,SAAS,eAAuB;AAC9B,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,mBAA2B;AAClC,QAAM,MAAM,QAAQ,IAAI;AACxB,MAAI,KAAK;AACP,UAAM,SAAS,SAAS,KAAK,EAAE;AAC/B,QAAI,CAAC,MAAM,MAAM,KAAK,SAAS,GAAG;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,YAAY,SAG1B;AACA,QAAM,SAAS,aAAa;AAC5B,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,MAAM,GAAG,KAAK,IAAI,CAAC,IAAI,YAAY,EAAE,EAAE,SAAS,KAAK,CAAC;AAE5D,QAAM,QAAQ,IAAI;AAAA,IAChB,EAAE,WAAW,QAAQ,WAAW,MAAM,QAAQ,MAAM,IAAI;AAAA,IACxD;AAAA,IACA,EAAE,WAAW,cAAc;AAAA,EAC7B;AAEA,QAAM,YAAY,KAAK,IAAI,IAAI,gBAAgB;AAC/C,SAAO,EAAE,OAAO,UAAU;AAC5B;AAOO,SAAS,YAAY,OAAqB;AAC/C,MAAI;AACF,UAAM,SAAS,aAAa;AAC5B,UAAM,UAAU,IAAI,OAAO,OAAO,MAAM;AAIxC,QAAI,QAAQ,KAAK;AACf,YAAM,SAAS,QAAQ,MAAM,QAAQ,MAAM,MAAO,KAAK,IAAI;AAC3D,kBAAY,IAAI,QAAQ,KAAK,MAAM;AACnC,8BAAwB;AAAA,IAC1B;AAAA,EACF,QAAQ;AAAA,EAER;AACF;AAOO,SAAS,YACd,KACA,KACA,MACM;AACN,QAAM,aAAa,IAAI,QAAQ;AAC/B,MAAI,CAAC,cAAc,CAAC,WAAW,WAAW,SAAS,GAAG;AACpD,QAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,4CAA4C,CAAC;AAC3E;AAAA,EACF;AAEA,QAAM,QAAQ,WAAW,MAAM,CAAC;AAChC,MAAI;AACF,UAAM,SAAS,aAAa;AAC5B,UAAM,UAAU,IAAI,OAAO,OAAO,MAAM;AAMxC,QAAI,QAAQ,OAAO,YAAY,IAAI,QAAQ,GAAG,GAAG;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;AACxD;AAAA,IACF;AAEA,QAAI,QAAQ,EAAE,WAAW,QAAQ,WAAW,MAAM,QAAQ,KAAK;AAC/D,SAAK;AAAA,EACP,SAAS,KAAK;AACZ,QAAI,eAAe,IAAI,mBAAmB;AACxC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB,CAAC;AAAA,IACjD,OAAO;AACL,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB,CAAC;AAAA,IACjD;AAAA,EACF;AACF;;;AC3IA,SAAS,cAAc;AAEvB,SAAS,iBAAiB;AAS1B,IAAM,eAAe,CAAC,QAA8C,UAAU;AAAA,EAC5E,UAAU;AAAA,EACV,OAAO;AAAA,EACP,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,SAAS,EAAE,OAAO,2CAAsC;AAC1D,CAAC;AAgBD,SAAS,qBACP,UACA,QACM;AACN,QAAM,MAAM,KAAK,IAAI;AACrB,aAAW,CAAC,WAAW,OAAO,KAAK,UAAU;AAC3C,QAAI,QAAQ,aAAa,KAAK;AAC5B,eAAS,OAAO,SAAS;AACzB,aAAO,OAAO,SAAS;AAAA,IACzB;AAAA,EACF;AACF;AAuDO,SAAS,iBACd,OACA,QACA,UACA,WACA,WACA,eAAe,IACP;AACR,QAAM,SAAS,OAAO;AACtB,SAAO,IAAI,aAAa,YAAY,CAAC;AAErC,QAAM,GAAG,mBAAmB,CAAC,MAAM,IAAI,aAAa;AAClD,QAAI,CAAC,SAAS,IAAI,EAAE,EAAG;AACvB,UAAM,WAAW,MAAM,UAAU;AACjC,UAAM,cAAc,SAAS,IAAI,IAAI;AACrC,UAAM,MAAM;AAOZ,UAAM,MAAuB;AAAA,MAC3B,IAAI,IAAI;AAAA,MACR;AAAA,MACA,UAAU,aAAa;AAAA,MACvB,MAAM,IAAI;AAAA,MACV,SAAS,IAAI;AAAA,MACb,WAAW,IAAI;AAAA,MACf,WAAW,IAAI;AAAA,IACjB;AACA,WAAO,IAAI,IAAI,GAAG;AAAA,EACpB,CAAC;AAED,SAAO,KAAK,gBAAgB,OAAO,KAAc,QAAkB;AACjE,UAAM,EAAE,WAAW,YAAY,MAAM,SAAS,IAAI,IAAI;AAOtD,QAAI,CAAC,aAAa,OAAO,cAAc,UAAU;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AACvD;AAAA,IACF;AACA,QAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;AACxD;AAAA,IACF;AAEA,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,CAAC,SAAS;AAAA,MACV;AAAA,MACA,EAAE,WAAW,WAAW;AAAA,MACxB,KAAK,IAAI;AAAA,IACX;AACA,UAAM,eAAe,UAAU,YAAY;AAC3C,QAAI,CAAC,aAAa,OAAO;AACvB,UACG,OAAO,GAAG,EACV,KAAK,EAAE,OAAO,mCAAmC,aAAa,OAAO,CAAC;AACzE;AAAA,IACF;AAEA,UAAM,EAAE,OAAO,UAAU,IAAI,YAAY,EAAE,WAAW,KAAK,CAAC;AAC5D,yBAAqB,UAAU,MAAM;AAErC,UAAM,UAAuB;AAAA,MAC3B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,KAAK,IAAI;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AACA,aAAS,IAAI,WAAW,OAAO;AAE/B,UAAM,WAAW,MAAM,UAAU;AACjC,UAAM,QAAuE,CAAC;AAC9E,eAAW,SAAS,SAAS,OAAO,GAAG;AACrC,UAAI,MAAM,cAAc,WAAW;AACjC,cAAM,KAAK;AAAA,UACT,WAAW,MAAM;AAAA,UACjB,MAAM,MAAM;AAAA,UACZ,UAAU,MAAM;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AACA,eAAW,KAAK,SAAS,OAAO,GAAG;AACjC,UAAI,EAAE,cAAc,aAAa,CAAC,SAAS,IAAI,EAAE,SAAS,GAAG;AAC3D,cAAM,KAAK;AAAA,UACT,WAAW,EAAE;AAAA,UACb,MAAM,EAAE;AAAA,UACR,UAAU,EAAE;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF;AAEA,QAAI,KAAK,EAAE,OAAO,WAAW,MAAM,CAAC;AAAA,EACtC,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO,KAA2B,QAAkB;AAClD,YAAM,EAAE,IAAI,MAAM,SAAS,UAAU,IAAI,IAAI;AAO7C,UAAI,CAAC,MAAM,OAAO,OAAO,UAAU;AACjC,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,iBAAiB,CAAC;AAChD;AAAA,MACF;AACA,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mBAAmB,CAAC;AAClD;AAAA,MACF;AACA,UAAI,YAAY,QAAW;AACzB,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,sBAAsB,CAAC;AACrD;AAAA,MACF;AAEA,YAAM,kBAAkB,IAAI,MAAO;AACnC,YAAM,UAAU,SAAS,IAAI,eAAe;AAC5C,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,8CAAyC,CAAC;AACxE;AAAA,MACF;AAEA,YAAM,WAAW;AAAA,QACf;AAAA,QACA;AAAA,QACA,CAAC,EAAE;AAAA,QACH,QAAQ;AAAA,QACR;AAAA,QACA,KAAK,IAAI;AAAA,QACT;AAAA,MACF;AAEA,YAAM,WAAW,MAAM,UAAU;AACjC,YAAM,cAAc,SAAS,IAAI,EAAE;AACnC,UAAI,eAAe,YAAY,QAAQ;AACrC,cAAM,KAAK,YAAY;AACvB,cAAM,OAAO;AACb,YAAI,GAAG,eAAe,MAAM;AAC1B,cAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mCAAmC,CAAC;AAClE;AAAA,QACF;AACA,YAAI;AACF,gBAAM,WAAW,KAAK,UAAU;AAAA,YAC9B,MAAM;AAAA,YACN,MAAM;AAAA,YACN,MAAM,QAAQ;AAAA,YACd;AAAA,UACF,CAAC;AACD,aAAG,KAAK,QAAQ;AAChB,cAAI,KAAK,EAAE,IAAI,MAAM,YAAY,SAAS,GAAG,CAAC;AAC9C;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACnB,OACE,iCACC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,UACpD,CAAC;AACD;AAAA,QACF;AAAA,MACF;AAEA,YAAM,gBAAgB,SAAS,IAAI,EAAE;AACrC,UAAI,eAAe;AACjB,cAAM,cAAc,SAAS,IAAI,eAAe;AAChD,cAAM,MAAuB;AAAA,UAC3B,IAAI,SAAS;AAAA,UACb,MAAM;AAAA,UACN,UAAU,QAAQ,QAAQ,aAAa;AAAA,UACvC,MAAM,SAAS;AAAA,UACf,SAAS,SAAS;AAAA,UAClB,WAAW,SAAS;AAAA,UACpB,WAAW,SAAS;AAAA,QACtB;AACA,eAAO,IAAI,IAAI,GAAG;AAClB,YAAI,KAAK,EAAE,IAAI,MAAM,YAAY,SAAS,GAAG,CAAC;AAC9C;AAAA,MACF;AAEA,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,0BAA0B,CAAC;AAAA,IAC3D;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,kBAAkB,IAAI,MAAO;AACnC,YAAM,WAAW,MAAM,UAAU;AACjC,YAAM,WAKD,CAAC;AAEN,iBAAW,SAAS,SAAS,OAAO,GAAG;AACrC,YAAI,MAAM,cAAc,iBAAiB;AACvC,mBAAS,KAAK;AAAA,YACZ,WAAW,MAAM;AAAA,YACjB,MAAM,MAAM;AAAA,YACZ,UAAU,MAAM;AAAA,YAChB,UAAU,MAAM;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF;AAEA,iBAAW,KAAK,SAAS,OAAO,GAAG;AACjC,YAAI,EAAE,cAAc,mBAAmB,CAAC,SAAS,IAAI,EAAE,SAAS,GAAG;AACjE,mBAAS,KAAK;AAAA,YACZ,WAAW,EAAE;AAAA,YACb,MAAM,EAAE;AAAA,YACR,UAAU,EAAE;AAAA,YACZ,UAAU,EAAE;AAAA,UACd,CAAC;AAAA,QACH;AAAA,MACF;AAEA,UAAI,KAAK,EAAE,OAAO,SAAS,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,YAAY,IAAI,MAAO;AAC7B,YAAM,WAAW,IAAI,MAAM;AAC3B,YAAM,WAAW,IAAI,MAAM;AAE3B,YAAM,QAAQ,WAAW,SAAS,UAAU,EAAE,IAAI;AAClD,YAAM,QAAQ,KAAK,IAAI,WAAW,SAAS,UAAU,EAAE,IAAI,IAAI,GAAG;AAElE,UAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC1C,YAAM,UAAU,SAAS,SAAS;AAClC,UAAI,SAAS;AACX,mBAAW,SAAS,MAAM,GAAG,KAAK;AAAA,MACpC;AAEA,UAAI,UAAU,QAAW;AACvB,eAAO,MAAM,SAAS;AAAA,MACxB;AAEA,UAAI,KAAK,EAAE,UAAU,QAAQ,CAAC;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,YAAY,IAAI,MAAO;AAC7B,YAAM,aAAa,IAAI,QAAQ;AAC/B,YAAM,QAAQ,WAAW,MAAM,CAAC;AAEhC,kBAAY,KAAK;AACjB,eAAS,OAAO,SAAS;AACzB,aAAO,OAAO,SAAS;AAEvB,UAAI,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,IACvB;AAAA,EACF;AAEA,SAAO;AACT;;;ACjXA,OAAO,UAAU;AACjB,OAAO,aAAa;AACpB,OAAO,UAAU;AAajB,IAAM,wBAA0C,CAC9C,MACA,MACA,IACA,YACA,SACA,WACA,cAEA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa,KAAK,IAAI;AAAA,EACtB;AAAA,EACA;AACF;AAiBF,eAAsB,SAAS,UAA2B,CAAC,GAGxD;AACD,QAAM,SAAS,QAAQ,UAAU;AAAA,IAC/B,QAAQ,IAAI,cAAc,QAAQ,IAAI,QAAQ;AAAA,IAAQ;AAAA,EACxD;AACA,QAAM,YAAY,QAAQ,IAAI,cAAc,QAAQ,IAAI;AACxD,QAAM,aACJ,QAAQ,eACP,OAAO,cAAc,YAAY,UAAU,SAAS;AAEvD,QAAM,WAAW,SAAS,QAAQ,IAAI,aAAa,OAAO,EAAE;AAC5D,QAAM,eAAmC,EAAE,GAAG,QAAQ,cAAc,SAAS;AAE7E,QAAM,QAAQ,IAAI,YAAY,YAAY;AAC1C,QAAM,MAAM,MAAM,MAAM;AAExB,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,MAAM;AAAA,EACjB;AAEA,MAAI,CAAC,WAAW;AACd,UAAM,MAAM,KAAK;AACjB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAGA,MAAI,CAAC,QAAQ,IAAI,wBAAwB;AACvC,YAAQ,IAAI,yBAAyB;AAAA,EACvC;AAEA,QAAM,WAAW,QAAQ,YAAY,SAAS,QAAQ,IAAI,aAAa,QAAQ,EAAE;AACjF,QAAM,eAAe,SAAS,QAAQ,IAAI,kBAAkB,YAAY,EAAE;AAC1E,QAAM,gBAAgB,IAAI,cAAc,EAAE,OAAO,aAAa,CAAC;AAC/D,QAAM,eAAe,oBAAI,IAAyB;AAElD,QAAM,iBAAiB,QAAQ,IAAI,mBAAmB;AACtD,QAAM,cAAc,mBAAmB,MACnC,MACA,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;AAE7E,QAAM,MAAM,QAAQ;AACpB,MAAI,IAAI,KAAK;AAAA,IACX,QAAQ;AAAA,IACR,SAAS,CAAC,OAAO,QAAQ,QAAQ;AAAA,IACjC,gBAAgB,CAAC,gBAAgB,eAAe;AAAA,EAClD,CAAC,CAAC;AACF,MAAI,IAAI,QAAQ,KAAK,CAAC;AAEtB,QAAM,gBAAgB,CAAC,aACrB,eAAe,QAAoB;AAErC,QAAM,eAAe,SAAS,QAAQ,IAAI,kBAAkB,MAAM,EAAE;AACpE,QAAM,SAAS;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,IAAI,MAAM;AAEd,MAAI,IAAI,CAAC,MAAM,QAAQ;AACrB,QAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC7C,CAAC;AAED,QAAM,aAAa,KAAK,aAAa,GAAG;AACxC,QAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,eAAW,OAAO,UAAU,MAAM,QAAQ,CAAC;AAC3C,eAAW,GAAG,SAAS,MAAM;AAAA,EAC/B,CAAC;AAED,SAAO,EAAE,OAAO,WAAW;AAC7B;","names":[]}