@rookdaemon/agora 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/{chunk-3PEGG7D3.js → chunk-JYEWPJLZ.js} +17 -2
  2. package/dist/chunk-JYEWPJLZ.js.map +1 -0
  3. package/dist/{chunk-HGXMAZZI.js → chunk-MJGCRX6B.js} +1 -8
  4. package/dist/chunk-MJGCRX6B.js.map +1 -0
  5. package/dist/{chunk-VQ4BE6OV.js → chunk-OVDMZHTX.js} +2 -7
  6. package/dist/chunk-OVDMZHTX.js.map +1 -0
  7. package/dist/cli.js +2 -2
  8. package/dist/index.d.ts +13 -3
  9. package/dist/index.js +12 -3
  10. package/dist/index.js.map +1 -1
  11. package/dist/relay/relay-server.js +2 -2
  12. package/package.json +1 -1
  13. package/dist/chunk-3PEGG7D3.js.map +0 -1
  14. package/dist/chunk-HGXMAZZI.js.map +0 -1
  15. package/dist/chunk-VQ4BE6OV.js.map +0 -1
package/dist/chunk-3PEGG7D3.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/transport/peer-config.ts","../src/transport/http.ts","../src/transport/relay.ts","../src/config.ts","../src/relay/client.ts","../src/discovery/peer-discovery.ts","../src/discovery/bootstrap.ts","../src/utils.ts","../src/reputation/types.ts","../src/reputation/store.ts","../src/reputation/verification.ts","../src/reputation/commit-reveal.ts","../src/reputation/scoring.ts"],"sourcesContent":["import { readFileSync, writeFileSync, existsSync } from 'node:fs';\nimport { generateKeyPair } from '../identity/keypair';\n\nexport interface PeerConfigFile {\n identity: {\n publicKey: string;\n privateKey: string;\n name?: string;\n };\n relay?: string | {\n url: string;\n name?: string;\n };\n peers: Record<string, {\n url?: string;\n token?: string;\n publicKey: string;\n name?: string;\n }>;\n}\n\n/**\n * Load peer configuration from a JSON file.\n * @param path - Path to the config file\n * @returns The parsed configuration\n * @throws Error if file doesn't exist or contains invalid JSON\n */\nexport function loadPeerConfig(path: string): PeerConfigFile {\n const content = readFileSync(path, 'utf-8');\n return JSON.parse(content) as PeerConfigFile;\n}\n\n/**\n * Save peer configuration to a JSON file.\n * @param path - Path to the config file\n * @param config - The configuration to save\n */\nexport function savePeerConfig(path: string, config: PeerConfigFile): void {\n const content = JSON.stringify(config, null, 2);\n writeFileSync(path, content, 'utf-8');\n}\n\n/**\n * Initialize peer configuration, generating a new keypair if the file doesn't exist.\n * If the file exists, loads and returns it.\n * @param path - Path to the config file\n * @returns The configuration (loaded or newly created)\n */\nexport function initPeerConfig(path: string): PeerConfigFile {\n if (existsSync(path)) {\n return loadPeerConfig(path);\n }\n\n // Generate new keypair and create initial config\n const identity = generateKeyPair();\n const config: PeerConfigFile = {\n identity,\n peers: {},\n };\n\n savePeerConfig(path, config);\n return config;\n}\n","import { createEnvelope, verifyEnvelope, type Envelope, type MessageType } from '../message/envelope';\r\n\r\nexport interface PeerConfig {\r\n /** Peer's webhook URL, e.g. http://localhost:18790/hooks (undefined for relay-only peers) */\r\n url?: string;\r\n /** Peer's webhook auth token (undefined for relay-only peers) */\r\n token?: string;\r\n /** Peer's public key (hex) for verifying responses */\r\n publicKey: string;\r\n /** Optional convenience alias only (not identity) */\r\n name?: string;\r\n}\r\n\r\nexport interface TransportConfig {\r\n /** This agent's keypair */\r\n identity: { publicKey: string; privateKey: string };\r\n /** Known peers */\r\n peers: Map<string, PeerConfig>;\r\n}\r\n\r\n/**\r\n * Send a signed envelope to a peer via HTTP webhook.\r\n * Creates the envelope, signs it, and POSTs to the peer's /hooks/agent endpoint.\r\n * Returns the HTTP status code.\r\n */\r\nexport async function sendToPeer(\r\n config: TransportConfig,\r\n peerPublicKey: string,\r\n type: MessageType,\r\n payload: unknown,\r\n inReplyTo?: string,\r\n allRecipients?: string[],\r\n): Promise<{ ok: boolean; status: number; error?: string }> {\r\n // Look up peer config\r\n const peer = config.peers.get(peerPublicKey);\r\n if (!peer) {\r\n return { ok: false, status: 0, error: 'Unknown peer' };\r\n }\r\n\r\n // Relay-only peer — no webhook URL configured\r\n if (!peer.url) {\r\n return { ok: false, status: 0, error: 'No webhook URL configured' };\r\n }\r\n\r\n // Create and sign the envelope\r\n const envelope = createEnvelope(\r\n type,\r\n config.identity.publicKey,\r\n config.identity.privateKey,\r\n payload,\r\n Date.now(),\r\n inReplyTo,\r\n allRecipients ?? [peerPublicKey]\r\n );\r\n\r\n // Encode envelope as base64url\r\n const envelopeJson = JSON.stringify(envelope);\r\n const envelopeBase64 = Buffer.from(envelopeJson).toString('base64url');\r\n\r\n // Construct webhook payload\r\n const webhookPayload = {\r\n message: `[AGORA_ENVELOPE]${envelopeBase64}`,\r\n name: 'Agora',\r\n sessionKey: `agora:${envelope.from.substring(0, 16)}`,\r\n deliver: false,\r\n };\r\n\r\n // Build headers — only include Authorization when a token is configured\r\n const headers: Record<string, string> = {\r\n 'Content-Type': 'application/json',\r\n };\r\n if (peer.token) {\r\n headers['Authorization'] = `Bearer ${peer.token}`;\r\n }\r\n\r\n const requestBody = JSON.stringify(webhookPayload);\r\n\r\n // Send HTTP POST (retry once on network error, not on 4xx/5xx)\r\n for (let attempt = 0; attempt < 2; attempt++) {\r\n try {\r\n const response = await fetch(`${peer.url}/agent`, {\r\n method: 'POST',\r\n headers,\r\n body: requestBody,\r\n });\r\n\r\n return {\r\n ok: response.ok,\r\n status: response.status,\r\n error: response.ok ? undefined : await response.text(),\r\n };\r\n } catch (err) {\r\n if (attempt === 1) {\r\n return {\r\n ok: false,\r\n status: 0,\r\n error: err instanceof Error ? err.message : String(err),\r\n };\r\n }\r\n // First attempt failed with network error — retry once\r\n }\r\n }\r\n\r\n // Unreachable, but satisfies TypeScript\r\n return { ok: false, status: 0, error: 'Unexpected send failure' };\r\n}\r\n\r\n/**\r\n * Decode and verify an inbound Agora envelope from a webhook message.\r\n * Expects the message to start with [AGORA_ENVELOPE] followed by base64.\r\n * Returns the verified envelope or an error.\r\n */\r\nexport function decodeInboundEnvelope(\r\n message: string,\r\n knownPeers: Map<string, PeerConfig>\r\n): { ok: true; envelope: Envelope } | { ok: false; reason: string } {\r\n // Check for AGORA_ENVELOPE prefix\r\n const prefix = '[AGORA_ENVELOPE]';\r\n if (!message.startsWith(prefix)) {\r\n return { ok: false, reason: 'not_agora_message' };\r\n }\r\n\r\n // Extract base64 payload\r\n const base64Payload = message.substring(prefix.length);\r\n \r\n // Check for empty payload\r\n if (!base64Payload) {\r\n return { ok: false, reason: 'invalid_base64' };\r\n }\r\n \r\n // Decode base64\r\n let envelopeJson: string;\r\n try {\r\n const decoded = Buffer.from(base64Payload, 'base64url');\r\n // Check if decoded buffer is empty or contains invalid data\r\n if (decoded.length === 0) {\r\n return { ok: false, reason: 'invalid_base64' };\r\n }\r\n envelopeJson = decoded.toString('utf-8');\r\n } catch {\r\n return { ok: false, reason: 'invalid_base64' };\r\n }\r\n\r\n // Parse JSON\r\n let envelope: Envelope;\r\n try {\r\n envelope = JSON.parse(envelopeJson);\r\n } catch {\r\n return { ok: false, reason: 'invalid_json' };\r\n }\r\n\r\n // Verify envelope integrity\r\n const verification = verifyEnvelope(envelope);\r\n if (!verification.valid) {\r\n return { ok: false, reason: verification.reason || 'verification_failed' };\r\n }\r\n\r\n // Check if sender is a known peer\r\n const senderKnown = knownPeers.has(envelope.from);\r\n if (!senderKnown) {\r\n return { ok: false, reason: 'unknown_sender' };\r\n }\r\n\r\n return { ok: true, envelope };\r\n}\r\n","import WebSocket from 'ws';\nimport { createEnvelope, type Envelope, type MessageType } from '../message/envelope';\n\n/** Minimal interface for a connected relay client (avoids importing full RelayClient) */\nexport interface RelayClientSender {\n connected(): boolean;\n send(to: string, envelope: Envelope): Promise<{ ok: boolean; error?: string }>;\n}\n\nexport interface RelayTransportConfig {\n /** This agent's keypair */\n identity: { publicKey: string; privateKey: string };\n /** Relay server WebSocket URL (e.g., wss://agora-relay.lbsa71.net) */\n relayUrl: string;\n /** Optional persistent relay client (if provided, will use it instead of connect-per-message) */\n relayClient?: RelayClientSender;\n}\n\n/**\n * Send a signed envelope to a peer via relay server.\n * If a persistent relayClient is provided in the config, uses that.\n * Otherwise, connects to relay, registers, sends message, and disconnects.\n */\nexport async function sendViaRelay(\n config: RelayTransportConfig,\n peerPublicKey: string,\n type: MessageType,\n payload: unknown,\n inReplyTo?: string,\n allRecipients?: string[],\n): Promise<{ ok: boolean; error?: string }> {\n // If a persistent relay client is available, use it\n if (config.relayClient && config.relayClient.connected()) {\n const envelope = createEnvelope(\n type,\n config.identity.publicKey,\n config.identity.privateKey,\n payload,\n Date.now(),\n inReplyTo,\n allRecipients ?? [peerPublicKey]\n );\n return config.relayClient.send(peerPublicKey, envelope);\n }\n\n // Otherwise, fall back to connect-per-message\n return new Promise((resolve) => {\n const ws = new WebSocket(config.relayUrl);\n let registered = false;\n let messageSent = false;\n let resolved = false;\n\n // Helper to resolve once\n const resolveOnce = (result: { ok: boolean; error?: string }): void => {\n if (!resolved) {\n resolved = true;\n clearTimeout(timeout);\n resolve(result);\n }\n };\n\n // Set timeout for the entire operation\n const timeout = setTimeout(() => {\n if (!messageSent) {\n ws.close();\n resolveOnce({ ok: false, error: 'Relay connection timeout' });\n }\n }, 10000); // 10 second timeout\n\n ws.on('open', () => {\n // Send register message\n const registerMsg = {\n type: 'register',\n publicKey: config.identity.publicKey,\n };\n ws.send(JSON.stringify(registerMsg));\n });\n\n ws.on('message', (data: WebSocket.Data) => {\n try {\n const msg = JSON.parse(data.toString());\n\n if (msg.type === 'registered' && !registered) {\n registered = true;\n\n // Create and sign the envelope\n const envelope: Envelope = createEnvelope(\n type,\n config.identity.publicKey,\n config.identity.privateKey,\n payload,\n Date.now(),\n inReplyTo,\n allRecipients ?? [peerPublicKey]\n );\n\n // Send message via relay\n const relayMsg = {\n type: 'message',\n to: peerPublicKey,\n envelope,\n };\n ws.send(JSON.stringify(relayMsg));\n messageSent = true;\n\n // Close connection after sending\n setTimeout(() => {\n ws.close();\n resolveOnce({ ok: true });\n }, 100); // Small delay to ensure message is sent\n } else if (msg.type === 'error') {\n ws.close();\n resolveOnce({ ok: false, error: msg.message || 'Relay server error' });\n }\n } catch (err) {\n ws.close();\n resolveOnce({ ok: false, error: err instanceof Error ? err.message : String(err) });\n }\n });\n\n ws.on('error', (err) => {\n ws.close();\n resolveOnce({ ok: false, error: err.message });\n });\n\n ws.on('close', () => {\n if (!messageSent) {\n resolveOnce({ ok: false, error: 'Connection closed before message sent' });\n }\n });\n });\n}\n","import { readFileSync, existsSync, readdirSync, mkdirSync, writeFileSync } from 'node:fs';\r\nimport { readFile } from 'node:fs/promises';\r\nimport { resolve, join, dirname } from 'node:path';\r\nimport { homedir } from 'node:os';\r\n\r\n/**\r\n * Normalized relay configuration (supports both string and object in config file).\r\n */\r\nexport interface RelayConfig {\r\n url: string;\r\n autoConnect: boolean;\r\n name?: string;\r\n reconnectMaxMs?: number;\r\n}\r\n\r\n/**\r\n * Peer entry in config (webhook URL, token, public key).\r\n */\r\nexport interface AgoraPeerConfig {\r\n publicKey: string;\r\n /** Webhook URL (undefined for relay-only peers) */\r\n url?: string;\r\n /** Webhook auth token (undefined for relay-only peers) */\r\n token?: string;\r\n name?: string;\r\n}\r\n\r\n/**\r\n * Identity with optional display name (e.g. for relay registration).\r\n */\r\nexport interface AgoraIdentity {\r\n publicKey: string;\r\n privateKey: string;\r\n name?: string;\r\n}\r\n\r\n/**\r\n * Canonical Agora configuration shape.\r\n * Use loadAgoraConfig() to load from file with normalized relay.\r\n */\r\nexport interface AgoraConfig {\r\n identity: AgoraIdentity;\r\n peers: Record<string, AgoraPeerConfig>;\r\n relay?: RelayConfig;\r\n}\r\n\r\n/**\r\n * Default config file path: AGORA_CONFIG env or ~/.config/agora/config.json\r\n */\r\nexport function getDefaultConfigPath(): string {\r\n if (process.env.AGORA_CONFIG) {\r\n return resolve(process.env.AGORA_CONFIG);\r\n }\r\n return resolve(homedir(), '.config', 'agora', 'config.json');\r\n}\r\n\r\n/**\r\n * Parse and normalize config from a JSON object (shared by sync and async loaders).\r\n */\r\nfunction parseConfig(config: Record<string, unknown>): AgoraConfig {\r\n const rawIdentity = config.identity as Record<string, unknown> | undefined;\r\n if (!rawIdentity?.publicKey || !rawIdentity?.privateKey) {\r\n throw new Error('Invalid config: missing identity.publicKey or identity.privateKey');\r\n }\r\n const identity: AgoraIdentity = {\r\n publicKey: rawIdentity.publicKey as string,\r\n privateKey: rawIdentity.privateKey as string,\r\n name: typeof rawIdentity.name === 'string' ? rawIdentity.name : undefined,\r\n };\r\n\r\n const peers: Record<string, AgoraPeerConfig> = {};\r\n if (config.peers && typeof config.peers === 'object') {\r\n for (const [key, entry] of Object.entries(config.peers)) {\r\n const peer = entry as Record<string, unknown>;\r\n if (peer && typeof peer.publicKey === 'string') {\r\n peers[peer.publicKey as string] = {\r\n publicKey: peer.publicKey as string,\r\n url: typeof peer.url === 'string' ? peer.url : undefined,\r\n token: typeof peer.token === 'string' ? peer.token : undefined,\r\n name: typeof peer.name === 'string' ? peer.name : (key !== peer.publicKey ? key : undefined),\r\n };\r\n }\r\n }\r\n }\r\n\r\n let relay: RelayConfig | undefined;\r\n const rawRelay = config.relay;\r\n if (typeof rawRelay === 'string') {\r\n relay = { url: rawRelay, autoConnect: true };\r\n } else if (rawRelay && typeof rawRelay === 'object') {\r\n const r = rawRelay as Record<string, unknown>;\r\n if (typeof r.url === 'string') {\r\n relay = {\r\n url: r.url,\r\n autoConnect: typeof r.autoConnect === 'boolean' ? r.autoConnect : true,\r\n name: typeof r.name === 'string' ? r.name : undefined,\r\n reconnectMaxMs: typeof r.reconnectMaxMs === 'number' ? r.reconnectMaxMs : undefined,\r\n };\r\n }\r\n }\r\n\r\n return {\r\n identity,\r\n peers,\r\n ...(relay ? { relay } : {}),\r\n };\r\n}\r\n\r\n/**\r\n * Load and normalize Agora configuration from a JSON file (sync).\r\n * Supports relay as string (backward compat) or object { url?, autoConnect?, name?, reconnectMaxMs? }.\r\n *\r\n * @param path - Config file path; defaults to getDefaultConfigPath()\r\n * @returns Normalized AgoraConfig\r\n * @throws Error if file doesn't exist or config is invalid\r\n */\r\nexport function loadAgoraConfig(path?: string): AgoraConfig {\r\n const configPath = path ?? getDefaultConfigPath();\r\n\r\n if (!existsSync(configPath)) {\r\n throw new Error(`Config file not found at ${configPath}. Run 'npx @rookdaemon/agora init' first.`);\r\n }\r\n\r\n const content = readFileSync(configPath, 'utf-8');\r\n let config: Record<string, unknown>;\r\n try {\r\n config = JSON.parse(content) as Record<string, unknown>;\r\n } catch {\r\n throw new Error(`Invalid JSON in config file: ${configPath}`);\r\n }\r\n\r\n return parseConfig(config);\r\n}\r\n\r\n/**\r\n * Load and normalize Agora configuration from a JSON file (async).\r\n *\r\n * @param path - Config file path; defaults to getDefaultConfigPath()\r\n * @returns Normalized AgoraConfig\r\n * @throws Error if file doesn't exist or config is invalid\r\n */\r\nexport async function loadAgoraConfigAsync(path?: string): Promise<AgoraConfig> {\r\n const configPath = path ?? getDefaultConfigPath();\r\n\r\n let content: string;\r\n try {\r\n content = await readFile(configPath, 'utf-8');\r\n } catch (err) {\r\n const code = err && typeof err === 'object' && 'code' in err ? (err as NodeJS.ErrnoException).code : undefined;\r\n if (code === 'ENOENT') {\r\n throw new Error(`Config file not found at ${configPath}. Run 'npx @rookdaemon/agora init' first.`);\r\n }\r\n throw err;\r\n }\r\n\r\n let config: Record<string, unknown>;\r\n try {\r\n config = JSON.parse(content) as Record<string, unknown>;\r\n } catch {\r\n throw new Error(`Invalid JSON in config file: ${configPath}`);\r\n }\r\n\r\n return parseConfig(config);\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Profile support\r\n// ---------------------------------------------------------------------------\r\n\r\n/**\r\n * Base directory for agora config: AGORA_CONFIG_DIR env or ~/.config/agora\r\n */\r\nexport function getConfigDir(): string {\r\n if (process.env.AGORA_CONFIG_DIR) {\r\n return resolve(process.env.AGORA_CONFIG_DIR);\r\n }\r\n return resolve(homedir(), '.config', 'agora');\r\n}\r\n\r\n/**\r\n * Resolve the config path for a given profile name.\r\n * - undefined / \"default\" → ~/.config/agora/config.json (existing behaviour)\r\n * - \"stefan\" → ~/.config/agora/profiles/stefan/config.json\r\n */\r\nexport function getProfileConfigPath(profile?: string): string {\r\n if (process.env.AGORA_CONFIG) {\r\n return resolve(process.env.AGORA_CONFIG);\r\n }\r\n const base = getConfigDir();\r\n if (!profile || profile === 'default') {\r\n return join(base, 'config.json');\r\n }\r\n return join(base, 'profiles', profile, 'config.json');\r\n}\r\n\r\n/**\r\n * List available profiles.\r\n * Returns an array of profile names. \"default\" is included if config.json exists.\r\n */\r\nexport function listProfiles(): string[] {\r\n const base = getConfigDir();\r\n const profiles: string[] = [];\r\n\r\n // Default profile\r\n if (existsSync(join(base, 'config.json'))) {\r\n profiles.push('default');\r\n }\r\n\r\n // Named profiles\r\n const profilesDir = join(base, 'profiles');\r\n if (existsSync(profilesDir)) {\r\n for (const entry of readdirSync(profilesDir, { withFileTypes: true })) {\r\n if (entry.isDirectory() && existsSync(join(profilesDir, entry.name, 'config.json'))) {\r\n profiles.push(entry.name);\r\n }\r\n }\r\n }\r\n\r\n return profiles;\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Export / Import\r\n// ---------------------------------------------------------------------------\r\n\r\nexport interface ExportedConfig {\r\n /** Schema version for forward-compat */\r\n version: 1;\r\n identity?: AgoraIdentity;\r\n peers: Record<string, AgoraPeerConfig>;\r\n relay?: RelayConfig;\r\n}\r\n\r\nexport interface ImportResult {\r\n peersAdded: string[];\r\n peersSkipped: string[];\r\n identityImported: boolean;\r\n relayImported: boolean;\r\n}\r\n\r\n/**\r\n * Export the config (or just peers) as a portable JSON object.\r\n */\r\nexport function exportConfig(\r\n config: AgoraConfig,\r\n opts: { includeIdentity?: boolean } = {},\r\n): ExportedConfig {\r\n const exported: ExportedConfig = {\r\n version: 1,\r\n peers: Object.fromEntries(\r\n Object.entries(config.peers).map(([k, v]) => [k, { ...v }]),\r\n ),\r\n };\r\n if (opts.includeIdentity) {\r\n exported.identity = { ...config.identity };\r\n }\r\n if (config.relay) {\r\n exported.relay = { ...config.relay };\r\n }\r\n return exported;\r\n}\r\n\r\n/**\r\n * Import peers (and optionally identity/relay) into an existing config.\r\n * Merges peers by public key — existing peers are NOT overwritten.\r\n */\r\nexport function importConfig(\r\n target: AgoraConfig,\r\n incoming: ExportedConfig,\r\n opts: { overwriteIdentity?: boolean; overwriteRelay?: boolean } = {},\r\n): ImportResult {\r\n const result: ImportResult = {\r\n peersAdded: [],\r\n peersSkipped: [],\r\n identityImported: false,\r\n relayImported: false,\r\n };\r\n\r\n // Merge peers\r\n for (const [key, peer] of Object.entries(incoming.peers)) {\r\n if (target.peers[key]) {\r\n result.peersSkipped.push(key);\r\n } else {\r\n target.peers[key] = { ...peer };\r\n result.peersAdded.push(key);\r\n }\r\n }\r\n\r\n // Identity\r\n if (opts.overwriteIdentity && incoming.identity) {\r\n target.identity = { ...incoming.identity };\r\n result.identityImported = true;\r\n }\r\n\r\n // Relay\r\n if (opts.overwriteRelay && incoming.relay) {\r\n target.relay = { ...incoming.relay };\r\n result.relayImported = true;\r\n }\r\n\r\n return result;\r\n}\r\n\r\n/**\r\n * Save an AgoraConfig to disk (creates parent dirs as needed).\r\n */\r\nexport function saveAgoraConfig(path: string, config: AgoraConfig): void {\r\n const dir = dirname(path);\r\n if (!existsSync(dir)) {\r\n mkdirSync(dir, { recursive: true });\r\n }\r\n const raw: Record<string, unknown> = {\r\n identity: config.identity,\r\n peers: config.peers,\r\n };\r\n if (config.relay) {\r\n raw.relay = config.relay;\r\n }\r\n writeFileSync(path, JSON.stringify(raw, null, 2) + '\\n', 'utf-8');\r\n}\r\n","import { EventEmitter } from 'node:events';\nimport WebSocket from 'ws';\nimport { createEnvelope, verifyEnvelope, type Envelope, type MessageType } from '../message/envelope';\nimport type { RelayClientMessage, RelayServerMessage, RelayPeer } from './types';\n\n/**\n * Configuration for RelayClient\n */\nexport interface RelayClientConfig {\n /** WebSocket URL of the relay server */\n relayUrl: string;\n /** Agent's public key */\n publicKey: string;\n /** Agent's private key (for signing) */\n privateKey: string;\n /** Optional name for this agent */\n name?: string;\n /** Keepalive ping interval in milliseconds (default: 30000) */\n pingInterval?: number;\n /** Maximum reconnection delay in milliseconds (default: 60000) */\n maxReconnectDelay?: number;\n}\n\n/**\n * Events emitted by RelayClient\n */\nexport interface RelayClientEvents {\n /** Emitted when successfully connected and registered */\n 'connected': () => void;\n /** Emitted when disconnected from relay */\n 'disconnected': () => void;\n /** Emitted when a verified message is received */\n 'message': (envelope: Envelope, from: string) => void;\n /** Emitted when a peer comes online */\n 'peer_online': (peer: RelayPeer) => void;\n /** Emitted when a peer goes offline */\n 'peer_offline': (peer: RelayPeer) => void;\n /** Emitted on errors */\n 'error': (error: Error) => void;\n}\n\n/**\n * Persistent WebSocket client for the Agora relay server.\n * Maintains a long-lived connection, handles reconnection, and routes messages.\n */\nexport class RelayClient extends EventEmitter {\n private ws: WebSocket | null = null;\n private config: RelayClientConfig;\n private reconnectAttempts = 0;\n private reconnectTimeout: NodeJS.Timeout | null = null;\n private pingInterval: NodeJS.Timeout | null = null;\n private isConnected = false;\n private isRegistered = false;\n private shouldReconnect = true;\n private onlinePeers = new Map<string, RelayPeer>();\n\n constructor(config: RelayClientConfig) {\n super();\n this.config = {\n pingInterval: 30000,\n maxReconnectDelay: 60000,\n ...config,\n };\n }\n\n /**\n * Connect to the relay server\n */\n async connect(): Promise<void> {\n if (this.ws && (this.ws.readyState === WebSocket.CONNECTING || this.ws.readyState === WebSocket.OPEN)) {\n return;\n }\n\n this.shouldReconnect = true;\n return this.doConnect();\n }\n\n /**\n * Disconnect from the relay server\n */\n disconnect(): void {\n this.shouldReconnect = false;\n this.cleanup();\n if (this.ws) {\n this.ws.close();\n this.ws = null;\n }\n }\n\n /**\n * Check if currently connected and registered\n */\n connected(): boolean {\n return this.isConnected && this.isRegistered;\n }\n\n /**\n * Send a message to a specific peer\n */\n async send(to: string, envelope: Envelope): Promise<{ ok: boolean; error?: string }> {\n if (!this.connected()) {\n return { ok: false, error: 'Not connected to relay' };\n }\n\n const message: RelayClientMessage = {\n type: 'message',\n to,\n envelope,\n };\n\n try {\n this.ws!.send(JSON.stringify(message));\n return { ok: true };\n } catch (err) {\n return { ok: false, error: err instanceof Error ? err.message : String(err) };\n }\n }\n\n /**\n * Create a signed envelope and send it to each recipient.\n * Each envelope lists ALL recipients in the `to` field so receivers\n * know the full participant list (needed for multi-party replies).\n * Returns the list of failures (empty means all succeeded).\n */\n async sendToRecipients(\n recipients: string[],\n type: MessageType,\n payload: unknown,\n inReplyTo?: string,\n ): Promise<{ ok: boolean; errors: Array<{ recipient: string; error: string }> }> {\n if (!this.connected()) {\n return { ok: false, errors: [{ recipient: '*', error: 'Not connected to relay' }] };\n }\n\n const unique = Array.from(new Set(recipients.filter(Boolean)));\n const errors: Array<{ recipient: string; error: string }> = [];\n\n for (const recipient of unique) {\n const envelope = createEnvelope(\n type,\n this.config.publicKey,\n this.config.privateKey,\n payload,\n Date.now(),\n inReplyTo,\n unique,\n );\n const result = await this.send(recipient, envelope);\n if (!result.ok) {\n errors.push({ recipient, error: result.error ?? 'unknown error' });\n }\n }\n\n return { ok: errors.length === 0, errors };\n }\n\n /**\n * Get list of currently online peers\n */\n getOnlinePeers(): RelayPeer[] {\n return Array.from(this.onlinePeers.values());\n }\n\n /**\n * Check if a specific peer is online\n */\n isPeerOnline(publicKey: string): boolean {\n return this.onlinePeers.has(publicKey);\n }\n\n /**\n * Internal: Perform connection\n */\n private async doConnect(): Promise<void> {\n return new Promise((resolve, reject) => {\n try {\n this.ws = new WebSocket(this.config.relayUrl);\n let resolved = false;\n\n const resolveOnce = (callback: () => void): void => {\n if (!resolved) {\n resolved = true;\n callback();\n }\n };\n\n this.ws.on('open', () => {\n this.isConnected = true;\n this.reconnectAttempts = 0;\n this.startPingInterval();\n\n // Send registration message\n const registerMsg: RelayClientMessage = {\n type: 'register',\n publicKey: this.config.publicKey,\n name: this.config.name,\n };\n this.ws!.send(JSON.stringify(registerMsg));\n });\n\n this.ws.on('message', (data: WebSocket.Data) => {\n try {\n const msg = JSON.parse(data.toString()) as RelayServerMessage;\n this.handleMessage(msg);\n\n // Resolve promise on successful registration\n if (msg.type === 'registered' && !resolved) {\n resolveOnce(() => resolve());\n }\n } catch (err) {\n this.emit('error', new Error(`Failed to parse message: ${err instanceof Error ? err.message : String(err)}`));\n }\n });\n\n this.ws.on('close', () => {\n this.isConnected = false;\n this.isRegistered = false;\n this.cleanup();\n this.emit('disconnected');\n\n if (this.shouldReconnect) {\n this.scheduleReconnect();\n }\n\n if (!resolved) {\n resolveOnce(() => reject(new Error('Connection closed before registration')));\n }\n });\n\n this.ws.on('error', (err) => {\n this.emit('error', err);\n if (!resolved) {\n resolveOnce(() => reject(err));\n }\n });\n } catch (err) {\n reject(err);\n }\n });\n }\n\n /**\n * Handle incoming message from relay\n */\n private handleMessage(msg: RelayServerMessage): void {\n switch (msg.type) {\n case 'registered':\n this.isRegistered = true;\n if (msg.peers) {\n // Populate initial peer list\n for (const peer of msg.peers) {\n this.onlinePeers.set(peer.publicKey, peer);\n }\n }\n this.emit('connected');\n break;\n\n case 'message':\n if (msg.envelope && msg.from) {\n // Verify envelope signature\n const verification = verifyEnvelope(msg.envelope);\n if (!verification.valid) {\n this.emit('error', new Error(`Invalid envelope signature: ${verification.reason}`));\n return;\n }\n\n // Verify sender matches 'from' field\n const envelopeFrom = msg.envelope.from;\n if (envelopeFrom !== msg.from) {\n this.emit('error', new Error('Envelope sender does not match relay from field'));\n return;\n }\n\n // Emit verified message — relay name hint is intentionally discarded;\n // identity display must be derived from verified keys only.\n this.emit('message', msg.envelope, msg.from);\n }\n break;\n\n case 'peer_online':\n if (msg.publicKey) {\n const peer: RelayPeer = {\n publicKey: msg.publicKey,\n name: msg.name,\n };\n this.onlinePeers.set(msg.publicKey, peer);\n this.emit('peer_online', peer);\n }\n break;\n\n case 'peer_offline':\n if (msg.publicKey) {\n const peer = this.onlinePeers.get(msg.publicKey);\n if (peer) {\n this.onlinePeers.delete(msg.publicKey);\n this.emit('peer_offline', peer);\n }\n }\n break;\n\n case 'error':\n this.emit('error', new Error(`Relay error: ${msg.message || 'Unknown error'}`));\n break;\n\n case 'pong':\n // Keepalive response, no action needed\n break;\n\n default:\n // Unknown message type, ignore\n break;\n }\n }\n\n /**\n * Schedule reconnection with exponential backoff\n */\n private scheduleReconnect(): void {\n if (this.reconnectTimeout) {\n return;\n }\n\n // Exponential backoff: 1s, 2s, 4s, 8s, 16s, 32s, 60s (max)\n const delay = Math.min(\n 1000 * Math.pow(2, this.reconnectAttempts),\n this.config.maxReconnectDelay!\n );\n\n this.reconnectAttempts++;\n\n this.reconnectTimeout = setTimeout(() => {\n this.reconnectTimeout = null;\n if (this.shouldReconnect) {\n this.doConnect().catch((err) => {\n this.emit('error', err);\n });\n }\n }, delay);\n }\n\n /**\n * Start periodic ping messages\n */\n private startPingInterval(): void {\n this.stopPingInterval();\n this.pingInterval = setInterval(() => {\n if (this.ws && this.ws.readyState === WebSocket.OPEN) {\n const ping: RelayClientMessage = { type: 'ping' };\n this.ws.send(JSON.stringify(ping));\n }\n }, this.config.pingInterval!);\n }\n\n /**\n * Stop ping interval\n */\n private stopPingInterval(): void {\n if (this.pingInterval) {\n clearInterval(this.pingInterval);\n this.pingInterval = null;\n }\n }\n\n /**\n * Cleanup resources\n */\n private cleanup(): void {\n this.stopPingInterval();\n if (this.reconnectTimeout) {\n clearTimeout(this.reconnectTimeout);\n this.reconnectTimeout = null;\n }\n this.onlinePeers.clear();\n }\n}\n","import { EventEmitter } from 'node:events';\nimport { createEnvelope, verifyEnvelope, type Envelope } from '../message/envelope';\nimport type { RelayClient } from '../relay/client';\nimport type { PeerListRequestPayload, PeerListResponsePayload, PeerReferralPayload } from '../message/types/peer-discovery';\n\n/**\n * Configuration for PeerDiscoveryService\n */\nexport interface PeerDiscoveryConfig {\n /** Agent's public key */\n publicKey: string;\n /** Agent's private key for signing */\n privateKey: string;\n /** RelayClient instance for communication */\n relayClient: RelayClient;\n /** Public key of the relay server (for sending peer list requests) */\n relayPublicKey?: string;\n}\n\n/**\n * Events emitted by PeerDiscoveryService\n */\nexport interface PeerDiscoveryEvents {\n /** Emitted when peers are discovered */\n 'peers-discovered': (peers: PeerListResponsePayload['peers']) => void;\n /** Emitted when a peer referral is received */\n 'peer-referral': (referral: PeerReferralPayload, from: string) => void;\n /** Emitted on errors */\n 'error': (error: Error) => void;\n}\n\n/**\n * Service for discovering peers on the Agora network\n */\nexport class PeerDiscoveryService extends EventEmitter {\n private config: PeerDiscoveryConfig;\n\n constructor(config: PeerDiscoveryConfig) {\n super();\n this.config = config;\n\n // Listen for peer list responses and referrals\n this.config.relayClient.on('message', (envelope: Envelope, from: string) => {\n if (envelope.type === 'peer_list_response') {\n this.handlePeerList(envelope as Envelope<PeerListResponsePayload>);\n } else if (envelope.type === 'peer_referral') {\n this.handleReferral(envelope as Envelope<PeerReferralPayload>, from);\n }\n });\n }\n\n /**\n * Request peer list from relay\n */\n async discoverViaRelay(filters?: PeerListRequestPayload['filters']): Promise<PeerListResponsePayload | null> {\n if (!this.config.relayPublicKey) {\n throw new Error('Relay public key not configured');\n }\n\n if (!this.config.relayClient.connected()) {\n throw new Error('Not connected to relay');\n }\n\n const payload: PeerListRequestPayload = filters ? { filters } : {};\n\n const envelope = createEnvelope(\n 'peer_list_request',\n this.config.publicKey,\n this.config.privateKey,\n payload,\n Date.now(),\n undefined,\n [this.config.relayPublicKey]\n );\n\n // Send request to relay\n const result = await this.config.relayClient.send(this.config.relayPublicKey, envelope);\n if (!result.ok) {\n throw new Error(`Failed to send peer list request: ${result.error}`);\n }\n\n // Wait for response (with timeout)\n return new Promise((resolve, reject) => {\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error('Peer list request timed out'));\n }, 10000); // 10 second timeout\n\n const messageHandler = (responseEnvelope: Envelope, from: string): void => {\n if (responseEnvelope.type === 'peer_list_response' && \n responseEnvelope.inReplyTo === envelope.id &&\n from === this.config.relayPublicKey) {\n cleanup();\n resolve(responseEnvelope.payload as PeerListResponsePayload);\n }\n };\n\n const cleanup = (): void => {\n clearTimeout(timeout);\n this.config.relayClient.off('message', messageHandler);\n };\n\n this.config.relayClient.on('message', messageHandler);\n });\n }\n\n /**\n * Send peer referral to another agent\n */\n async referPeer(\n recipientPublicKey: string,\n referredPublicKey: string,\n metadata?: { name?: string; endpoint?: string; comment?: string; trustScore?: number }\n ): Promise<{ ok: boolean; error?: string }> {\n if (!this.config.relayClient.connected()) {\n return { ok: false, error: 'Not connected to relay' };\n }\n\n const payload: PeerReferralPayload = {\n publicKey: referredPublicKey,\n endpoint: metadata?.endpoint,\n metadata: metadata?.name ? { name: metadata.name } : undefined,\n comment: metadata?.comment,\n trustScore: metadata?.trustScore,\n };\n\n const envelope = createEnvelope(\n 'peer_referral',\n this.config.publicKey,\n this.config.privateKey,\n payload,\n Date.now(),\n undefined,\n [recipientPublicKey]\n );\n\n return this.config.relayClient.send(recipientPublicKey, envelope);\n }\n\n /**\n * Handle incoming peer referral\n */\n private handleReferral(envelope: Envelope<PeerReferralPayload>, from: string): void {\n // Verify envelope\n const verification = verifyEnvelope(envelope);\n if (!verification.valid) {\n this.emit('error', new Error(`Invalid peer referral: ${verification.reason}`));\n return;\n }\n\n // Emit event for application to handle\n this.emit('peer-referral', envelope.payload, from);\n }\n\n /**\n * Handle incoming peer list from relay\n */\n private handlePeerList(envelope: Envelope<PeerListResponsePayload>): void {\n // Verify envelope\n const verification = verifyEnvelope(envelope);\n if (!verification.valid) {\n this.emit('error', new Error(`Invalid peer list response: ${verification.reason}`));\n return;\n }\n\n // Verify sender is the relay\n if (envelope.from !== this.config.relayPublicKey) {\n this.emit('error', new Error('Peer list response not from configured relay'));\n return;\n }\n\n // Emit event\n this.emit('peers-discovered', envelope.payload.peers);\n }\n}\n","/**\r\n * Bootstrap configuration for peer discovery on the Agora network.\r\n * Provides default bootstrap relays for initial network entry.\r\n */\r\n\r\n/**\r\n * Default bootstrap relay servers\r\n * These are well-known relays that serve as initial entry points to the network\r\n */\r\nexport const DEFAULT_BOOTSTRAP_RELAYS = [\r\n {\r\n url: 'wss://agora-relay.lbsa71.net',\r\n name: 'Primary Bootstrap Relay',\r\n // Note: Public key would need to be set when the relay is actually deployed\r\n // For now, this is a placeholder that would be configured when the relay is running\r\n },\r\n];\r\n\r\n/**\r\n * Configuration for bootstrap connection\r\n */\r\nexport interface BootstrapConfig {\r\n /** Bootstrap relay URL */\r\n relayUrl: string;\r\n /** Optional relay public key (for verification) */\r\n relayPublicKey?: string;\r\n /** Connection timeout in ms (default: 10000) */\r\n timeout?: number;\r\n}\r\n\r\n/**\r\n * Get default bootstrap relay configuration\r\n */\r\nexport function getDefaultBootstrapRelay(): BootstrapConfig {\r\n return {\r\n relayUrl: DEFAULT_BOOTSTRAP_RELAYS[0].url,\r\n timeout: 10000,\r\n };\r\n}\r\n\r\n/**\r\n * Parse bootstrap relay URL and optional public key\r\n */\r\nexport function parseBootstrapRelay(url: string, publicKey?: string): BootstrapConfig {\r\n return {\r\n relayUrl: url,\r\n relayPublicKey: publicKey,\r\n timeout: 10000,\r\n };\r\n}\r\n","/**\r\n * Get a short display version of a public key using the last 8 characters.\r\n * Ed25519 public keys all share the same OID prefix, so the last 8 characters\r\n * are more distinguishable than the first 8.\r\n *\r\n * @param publicKey - The full public key hex string\r\n * @returns \"...\" followed by the last 8 characters of the key\r\n */\r\nexport function shortKey(publicKey: string): string {\r\n return \"@\" + publicKey.slice(-8);\r\n}\r\n\r\nexport interface PeerReferenceEntry {\r\n publicKey: string;\r\n name?: string;\r\n}\r\n\r\nexport type PeerReferenceDirectory =\r\n | Record<string, PeerReferenceEntry>\r\n | Map<string, PeerReferenceEntry>\r\n | PeerReferenceEntry[];\r\n\r\nfunction toDirectoryEntries(directory?: PeerReferenceDirectory): PeerReferenceEntry[] {\r\n if (!directory) {\r\n return [];\r\n }\r\n if (Array.isArray(directory)) {\r\n return directory.filter((p) => typeof p.publicKey === 'string' && p.publicKey.length > 0);\r\n }\r\n if (directory instanceof Map) {\r\n return Array.from(directory.values()).filter((p) => typeof p.publicKey === 'string' && p.publicKey.length > 0);\r\n }\r\n return Object.values(directory).filter((p) => typeof p.publicKey === 'string' && p.publicKey.length > 0);\r\n}\r\n\r\nfunction findById(id: string, directory?: PeerReferenceDirectory): PeerReferenceEntry | undefined {\r\n return toDirectoryEntries(directory).find((entry) => entry.publicKey === id);\r\n}\r\n\r\n/**\r\n * Shorten a full peer ID for display/reference.\r\n * Canonical form:\r\n * - Configured name => \"name@<last8>\"\r\n * - Unknown/no-name => \"@<last8>\"\r\n */\r\nexport function shorten(id: string, directory?: PeerReferenceDirectory): string {\r\n const suffix = id.slice(-8);\r\n const entry = findById(id, directory);\r\n if (!entry?.name) {\r\n return `@${suffix}`;\r\n }\r\n return `${entry.name}@${suffix}`;\r\n}\r\n\r\n/**\r\n * Expand a short peer reference to a full ID.\r\n * Supports: full ID, unique name, name@last8, @last8.\r\n * Also supports legacy name...last8 and ...last8 forms.\r\n */\r\nexport function expand(shortId: string, directory: PeerReferenceDirectory): string | undefined {\r\n const entries = toDirectoryEntries(directory);\r\n if (entries.length === 0) {\r\n return undefined;\r\n }\r\n\r\n const token = shortId.trim();\r\n const direct = entries.find((entry) => entry.publicKey === token);\r\n if (direct) {\r\n return direct.publicKey;\r\n }\r\n\r\n // name@suffix8 (current canonical form)\r\n const namedAtSuffix = token.match(/^(.+)@([0-9a-fA-F]{8})$/);\r\n if (namedAtSuffix) {\r\n const [, name, suffix] = namedAtSuffix;\r\n const matches = entries.filter((entry) => entry.name === name && entry.publicKey.toLowerCase().endsWith(suffix.toLowerCase()));\r\n if (matches.length === 1) {\r\n return matches[0].publicKey;\r\n }\r\n return undefined;\r\n }\r\n\r\n // @suffix8 (current canonical form for unknown peers)\r\n const atSuffixOnly = token.match(/^@([0-9a-fA-F]{8})$/);\r\n if (atSuffixOnly) {\r\n const [, suffix] = atSuffixOnly;\r\n const matches = entries.filter((entry) => entry.publicKey.toLowerCase().endsWith(suffix.toLowerCase()));\r\n if (matches.length === 1) {\r\n return matches[0].publicKey;\r\n }\r\n return undefined;\r\n }\r\n\r\n // Legacy: name...suffix8\r\n const namedWithSuffix = token.match(/^(.+)\\.\\.\\.([0-9a-fA-F]{8})$/);\r\n if (namedWithSuffix) {\r\n const [, name, suffix] = namedWithSuffix;\r\n const matches = entries.filter((entry) => entry.name === name && entry.publicKey.toLowerCase().endsWith(suffix.toLowerCase()));\r\n if (matches.length === 1) {\r\n return matches[0].publicKey;\r\n }\r\n return undefined;\r\n }\r\n\r\n // Legacy: ...suffix8\r\n const suffixOnly = token.match(/^\\.\\.\\.([0-9a-fA-F]{8})$/);\r\n if (suffixOnly) {\r\n const [, suffix] = suffixOnly;\r\n const matches = entries.filter((entry) => entry.publicKey.toLowerCase().endsWith(suffix.toLowerCase()));\r\n if (matches.length === 1) {\r\n return matches[0].publicKey;\r\n }\r\n return undefined;\r\n }\r\n\r\n const byName = entries.filter((entry) => entry.name === token);\r\n if (byName.length === 1) {\r\n return byName[0].publicKey;\r\n }\r\n\r\n return undefined;\r\n}\r\n\r\n/**\r\n * Expand inline @references in text to full IDs using configured peers.\r\n */\r\nexport function expandInlineReferences(text: string, directory: PeerReferenceDirectory): string {\r\n return text.replace(/@([^\\s]+)/g, (_full, token: string) => {\r\n const resolved = expand(token, directory);\r\n return resolved ? `@${resolved}` : `@${token}`;\r\n });\r\n}\r\n\r\n/**\r\n * Compact inline @<full-id> references for rendering.\r\n */\r\nexport function compactInlineReferences(text: string, directory: PeerReferenceDirectory): string {\r\n return text.replace(/@([0-9a-fA-F]{16,})/g, (_full, id: string) => `@${shorten(id, directory)}`);\r\n}\r\n\r\n/**\r\n * Compact inline @<full-id> references only when the full ID exists in the\r\n * provided directory. Unknown IDs remain unchanged.\r\n */\r\nexport function compactKnownInlineReferences(text: string, directory: PeerReferenceDirectory): string {\r\n return text.replace(/@([0-9a-fA-F]{16,})/g, (_full, id: string) => {\r\n const known = findById(id, directory);\r\n if (!known) {\r\n return `@${id}`;\r\n }\r\n return `@${shorten(id, directory)}`;\r\n });\r\n}\r\n\r\n/**\r\n * Extract text content from an envelope payload.\r\n * Handles { text: string } objects, plain strings, and fallback to JSON.\r\n * All output is sanitized.\r\n */\r\nexport function extractTextFromPayload(payload: unknown): string {\r\n if (payload && typeof payload === 'object' && 'text' in payload && typeof (payload as { text: unknown }).text === 'string') {\r\n return sanitizeText((payload as { text: string }).text);\r\n }\r\n if (typeof payload === 'string') return sanitizeText(payload);\r\n return sanitizeText(JSON.stringify(payload ?? ''));\r\n}\r\n\r\n/**\r\n * Strip characters that can crash downstream width/segmenter logic in UIs.\r\n * Removes control chars (except newline/tab) and replaces lone surrogates.\r\n */\r\nexport function sanitizeText(text: string): string {\r\n return text\r\n .replace(/[\\u0000-\\u0008\\u000B\\u000C\\u000E-\\u001F\\u007F-\\u009F]/g, '')\r\n .replace(/[\\uD800-\\uDBFF](?![\\uDC00-\\uDFFF])/g, '\\uFFFD')\r\n .replace(/(?<![\\uD800-\\uDBFF])[\\uDC00-\\uDFFF]/g, '\\uFFFD');\r\n}\r\n\r\n/**\r\n * Resolve a display name for a peer.\r\n * Only returns locally configured names from the peer directory.\r\n * Identity must be derived from verified keys — sender-claimed names are never accepted.\r\n */\r\nexport function resolveDisplayName(\r\n publicKey: string,\r\n directory?: PeerReferenceDirectory,\r\n): string | undefined {\r\n const entry = findById(publicKey, directory);\r\n if (entry?.name) {\r\n return entry.name;\r\n }\r\n\r\n return undefined;\r\n}\r\n\r\n/**\r\n * Resolves the name to broadcast when connecting to a relay.\r\n * Priority order:\r\n * 1. CLI --name flag\r\n * 2. config.relay.name (if relay is an object with name property)\r\n * 3. config.identity.name\r\n * 4. undefined (no name broadcast)\r\n *\r\n * @param config - The Agora configuration (or compatible config with identity and optional relay)\r\n * @param cliName - Optional name from CLI --name flag\r\n * @returns The resolved name to broadcast, or undefined if none available\r\n */\r\nexport function resolveBroadcastName(\r\n config: { identity: { name?: string }; relay?: { name?: string } | string },\r\n cliName?: string\r\n): string | undefined {\r\n // Priority 1: CLI --name flag\r\n if (cliName) {\r\n return cliName;\r\n }\r\n\r\n // Priority 2: config.relay.name (if relay is an object with name property)\r\n if (config.relay) {\r\n if (typeof config.relay === 'object' && config.relay.name) {\r\n return config.relay.name;\r\n }\r\n }\r\n\r\n // Priority 3: config.identity.name\r\n if (config.identity.name) {\r\n return config.identity.name;\r\n }\r\n\r\n // Priority 4: No name available\r\n return undefined;\r\n}\r\n\r\n/**\r\n * Formats a display name using the canonical moniker form.\r\n * If name exists: \"name@3f8c2247\" (same form as shorten())\r\n * If no name: \"@3f8c2247\" (short ID only)\r\n *\r\n * @param name - Optional name to display (should not be a short ID)\r\n * @param publicKey - The public key to use for short ID\r\n * @returns Formatted display string\r\n */\r\nexport function formatDisplayName(name: string | undefined, publicKey: string): string {\r\n const suffix = publicKey.slice(-8);\r\n // If name is undefined, empty, or is already a short ID, return only short ID\r\n if (!name || name.trim() === '' || name.startsWith('...') || name.startsWith('@')) {\r\n return `@${suffix}`;\r\n }\r\n return `${name}@${suffix}`;\r\n}\r\n\r\n/**\r\n * A conversation entry with FROM/TO metadata, used for CONVERSATION.md formatting.\r\n */\r\nexport interface ConversationEntry {\r\n timestamp: number;\r\n from: string;\r\n to: string[];\r\n text: string;\r\n}\r\n\r\n/**\r\n * Format a conversation entry as a single line for CONVERSATION.md.\r\n * Format: [ISO_TIMESTAMP] **FROM:** sender **TO:** recipient1, recipient2 text\r\n */\r\nexport function formatConversationLine(entry: ConversationEntry): string {\r\n const ts = new Date(entry.timestamp).toISOString();\r\n const toList = entry.to.length > 0 ? entry.to.join(', ') : '(none)';\r\n const safeText = entry.text.replace(/\\r?\\n/g, ' ');\r\n return `[${ts}] **FROM:** ${entry.from} **TO:** ${toList} ${safeText}`;\r\n}\r\n\r\n/**\r\n * Parse a single CONVERSATION.md line back into a ConversationEntry.\r\n * Returns null if the line doesn't match the expected format.\r\n */\r\nexport function parseConversationLine(line: string): ConversationEntry | null {\r\n const match = line.match(\r\n /^\\[([^\\]]+)\\] \\*\\*FROM:\\*\\* (\\S+) \\*\\*TO:\\*\\* ([^\\s,]+(?:, [^\\s,]+)*|\\(none\\))(?: (.*))?$/\r\n );\r\n if (!match) return null;\r\n const [, ts, from, toRaw, text] = match;\r\n const timestamp = new Date(ts).getTime();\r\n if (isNaN(timestamp)) return null;\r\n const to = toRaw === '(none)' ? [] : toRaw.split(', ').filter(Boolean);\r\n return { timestamp, from, to, text: text ?? '' };\r\n}\r\n","/**\r\n * Core data structures for the Agora reputation layer.\r\n * Phase 1: Verification records, commit-reveal patterns, and trust scoring.\r\n */\r\n\r\n/**\r\n * A cryptographically signed verification of another agent's output or claim.\r\n * Core primitive for building computational reputation.\r\n */\r\nexport interface VerificationRecord {\r\n /** Content-addressed ID (hash of canonical JSON) */\r\n id: string;\r\n \r\n /** Public key of verifying agent */\r\n verifier: string;\r\n \r\n /** ID of message/output being verified */\r\n target: string;\r\n \r\n /** Capability domain (e.g., 'ocr', 'summarization', 'code_review') */\r\n domain: string;\r\n \r\n /** Verification verdict */\r\n verdict: 'correct' | 'incorrect' | 'disputed';\r\n \r\n /** Verifier's confidence in their check (0-1) */\r\n confidence: number;\r\n \r\n /** Optional link to independent verification data */\r\n evidence?: string;\r\n \r\n /** Unix timestamp (ms) */\r\n timestamp: number;\r\n \r\n /** Ed25519 signature over canonical JSON */\r\n signature: string;\r\n}\r\n\r\n/**\r\n * A commitment to a prediction before outcome is known.\r\n * Prevents post-hoc editing of predictions.\r\n */\r\nexport interface CommitRecord {\r\n /** Content-addressed ID */\r\n id: string;\r\n \r\n /** Public key of committing agent */\r\n agent: string;\r\n \r\n /** Domain of prediction */\r\n domain: string;\r\n \r\n /** SHA-256 hash of prediction string */\r\n commitment: string;\r\n \r\n /** Unix timestamp (ms) */\r\n timestamp: number;\r\n \r\n /** Expiry time (ms) - commitment invalid after this */\r\n expiry: number;\r\n \r\n /** Ed25519 signature */\r\n signature: string;\r\n}\r\n\r\n/**\r\n * Reveals the prediction and outcome after commitment expiry.\r\n * Enables verification of prediction accuracy.\r\n */\r\nexport interface RevealRecord {\r\n /** Content-addressed ID */\r\n id: string;\r\n \r\n /** Public key of revealing agent */\r\n agent: string;\r\n \r\n /** ID of original commit message */\r\n commitmentId: string;\r\n \r\n /** Original prediction (plaintext) */\r\n prediction: string;\r\n \r\n /** Observed outcome */\r\n outcome: string;\r\n \r\n /** Evidence for outcome (optional) */\r\n evidence?: string;\r\n \r\n /** Unix timestamp (ms) */\r\n timestamp: number;\r\n \r\n /** Ed25519 signature */\r\n signature: string;\r\n}\r\n\r\n/**\r\n * Computed reputation score for an agent in a specific domain.\r\n * Derived from verification history, not stored directly.\r\n */\r\nexport interface TrustScore {\r\n /** Public key of agent being scored */\r\n agent: string;\r\n \r\n /** Domain of reputation */\r\n domain: string;\r\n \r\n /** Computed score (0-1, where 1 = highest trust) */\r\n score: number;\r\n \r\n /** Number of verifications considered */\r\n verificationCount: number;\r\n \r\n /** Timestamp of most recent verification (ms) */\r\n lastVerified: number;\r\n \r\n /** Public keys of top verifiers (by weight) */\r\n topVerifiers: string[];\r\n}\r\n\r\n/**\r\n * Request for reputation data about a specific agent.\r\n */\r\nexport interface ReputationQuery {\r\n /** Public key of agent being queried */\r\n agent: string;\r\n \r\n /** Optional: filter by capability domain */\r\n domain?: string;\r\n \r\n /** Optional: only include verifications after this timestamp */\r\n after?: number;\r\n}\r\n\r\n/**\r\n * Response containing reputation data for a queried agent.\r\n */\r\nexport interface ReputationResponse {\r\n /** Public key of agent being reported on */\r\n agent: string;\r\n \r\n /** Domain filter (if requested) */\r\n domain?: string;\r\n \r\n /** Verification records matching the query */\r\n verifications: VerificationRecord[];\r\n \r\n /** Computed trust scores by domain */\r\n scores: Record<string, TrustScore>;\r\n}\r\n\r\n/**\r\n * Revocation of a previously issued verification.\r\n * Used when a verifier discovers their verification was incorrect.\r\n */\r\nexport interface RevocationRecord {\r\n /** Content-addressed ID of this revocation */\r\n id: string;\r\n \r\n /** Public key of agent revoking (must match original verifier) */\r\n verifier: string;\r\n \r\n /** ID of verification being revoked */\r\n verificationId: string;\r\n \r\n /** Reason for revocation */\r\n reason: string;\r\n \r\n /** Unix timestamp (ms) */\r\n timestamp: number;\r\n \r\n /** Ed25519 signature */\r\n signature: string;\r\n}\r\n\r\n/**\r\n * Validation result structure\r\n */\r\nexport interface ValidationResult {\r\n valid: boolean;\r\n errors: string[];\r\n}\r\n\r\n/**\r\n * Validate a verification record structure\r\n */\r\nexport function validateVerificationRecord(record: unknown): ValidationResult {\r\n const errors: string[] = [];\r\n \r\n if (typeof record !== 'object' || record === null) {\r\n return { valid: false, errors: ['Record must be an object'] };\r\n }\r\n \r\n const r = record as Record<string, unknown>;\r\n \r\n if (typeof r.id !== 'string' || r.id.length === 0) {\r\n errors.push('id must be a non-empty string');\r\n }\r\n \r\n if (typeof r.verifier !== 'string' || r.verifier.length === 0) {\r\n errors.push('verifier must be a non-empty string');\r\n }\r\n \r\n if (typeof r.target !== 'string' || r.target.length === 0) {\r\n errors.push('target must be a non-empty string');\r\n }\r\n \r\n if (typeof r.domain !== 'string' || r.domain.length === 0) {\r\n errors.push('domain must be a non-empty string');\r\n }\r\n \r\n if (!['correct', 'incorrect', 'disputed'].includes(r.verdict as string)) {\r\n errors.push('verdict must be one of: correct, incorrect, disputed');\r\n }\r\n \r\n if (typeof r.confidence !== 'number' || r.confidence < 0 || r.confidence > 1) {\r\n errors.push('confidence must be a number between 0 and 1');\r\n }\r\n \r\n if (r.evidence !== undefined && typeof r.evidence !== 'string') {\r\n errors.push('evidence must be a string if provided');\r\n }\r\n \r\n if (typeof r.timestamp !== 'number' || r.timestamp <= 0) {\r\n errors.push('timestamp must be a positive number');\r\n }\r\n \r\n if (typeof r.signature !== 'string' || r.signature.length === 0) {\r\n errors.push('signature must be a non-empty string');\r\n }\r\n \r\n return { valid: errors.length === 0, errors };\r\n}\r\n\r\n/**\r\n * Validate a commit record structure\r\n */\r\nexport function validateCommitRecord(record: unknown): ValidationResult {\r\n const errors: string[] = [];\r\n \r\n if (typeof record !== 'object' || record === null) {\r\n return { valid: false, errors: ['Record must be an object'] };\r\n }\r\n \r\n const r = record as Record<string, unknown>;\r\n \r\n if (typeof r.id !== 'string' || r.id.length === 0) {\r\n errors.push('id must be a non-empty string');\r\n }\r\n \r\n if (typeof r.agent !== 'string' || r.agent.length === 0) {\r\n errors.push('agent must be a non-empty string');\r\n }\r\n \r\n if (typeof r.domain !== 'string' || r.domain.length === 0) {\r\n errors.push('domain must be a non-empty string');\r\n }\r\n \r\n if (typeof r.commitment !== 'string' || r.commitment.length !== 64) {\r\n errors.push('commitment must be a 64-character hex string (SHA-256 hash)');\r\n }\r\n \r\n if (typeof r.timestamp !== 'number' || r.timestamp <= 0) {\r\n errors.push('timestamp must be a positive number');\r\n }\r\n \r\n if (typeof r.expiry !== 'number' || r.expiry <= 0) {\r\n errors.push('expiry must be a positive number');\r\n }\r\n \r\n if (typeof r.expiry === 'number' && typeof r.timestamp === 'number' && r.expiry <= r.timestamp) {\r\n errors.push('expiry must be after timestamp');\r\n }\r\n \r\n if (typeof r.signature !== 'string' || r.signature.length === 0) {\r\n errors.push('signature must be a non-empty string');\r\n }\r\n \r\n return { valid: errors.length === 0, errors };\r\n}\r\n\r\n/**\r\n * Validate a reveal record structure\r\n */\r\nexport function validateRevealRecord(record: unknown): ValidationResult {\r\n const errors: string[] = [];\r\n \r\n if (typeof record !== 'object' || record === null) {\r\n return { valid: false, errors: ['Record must be an object'] };\r\n }\r\n \r\n const r = record as Record<string, unknown>;\r\n \r\n if (typeof r.id !== 'string' || r.id.length === 0) {\r\n errors.push('id must be a non-empty string');\r\n }\r\n \r\n if (typeof r.agent !== 'string' || r.agent.length === 0) {\r\n errors.push('agent must be a non-empty string');\r\n }\r\n \r\n if (typeof r.commitmentId !== 'string' || r.commitmentId.length === 0) {\r\n errors.push('commitmentId must be a non-empty string');\r\n }\r\n \r\n if (typeof r.prediction !== 'string' || r.prediction.length === 0) {\r\n errors.push('prediction must be a non-empty string');\r\n }\r\n \r\n if (typeof r.outcome !== 'string' || r.outcome.length === 0) {\r\n errors.push('outcome must be a non-empty string');\r\n }\r\n \r\n if (r.evidence !== undefined && typeof r.evidence !== 'string') {\r\n errors.push('evidence must be a string if provided');\r\n }\r\n \r\n if (typeof r.timestamp !== 'number' || r.timestamp <= 0) {\r\n errors.push('timestamp must be a positive number');\r\n }\r\n \r\n if (typeof r.signature !== 'string' || r.signature.length === 0) {\r\n errors.push('signature must be a non-empty string');\r\n }\r\n \r\n return { valid: errors.length === 0, errors };\r\n}\r\n","/**\n * Local reputation store using JSONL append-only log.\n * Stores verification records, commits, and reveals.\n */\n\nimport { promises as fs } from 'node:fs';\nimport { dirname } from 'node:path';\nimport type { VerificationRecord, CommitRecord, RevealRecord } from './types';\nimport { validateVerificationRecord, validateCommitRecord, validateRevealRecord } from './types';\n\n/**\n * Record type discriminator for JSONL storage\n */\ntype StoredRecord = \n | ({ type: 'verification' } & VerificationRecord)\n | ({ type: 'commit' } & CommitRecord)\n | ({ type: 'reveal' } & RevealRecord);\n\n/**\n * Reputation store with JSONL persistence\n */\nexport class ReputationStore {\n private filePath: string;\n private verifications: Map<string, VerificationRecord> = new Map();\n private commits: Map<string, CommitRecord> = new Map();\n private reveals: Map<string, RevealRecord> = new Map();\n private loaded = false;\n\n constructor(filePath: string) {\n this.filePath = filePath;\n }\n\n /**\n * Load records from JSONL file\n */\n async load(): Promise<void> {\n try {\n const content = await fs.readFile(this.filePath, 'utf-8');\n const lines = content.trim().split('\\n').filter(line => line.length > 0);\n \n for (const line of lines) {\n try {\n const record = JSON.parse(line) as StoredRecord;\n \n switch (record.type) {\n case 'verification': {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { type: _type, ...verification } = record;\n const validation = validateVerificationRecord(verification);\n if (validation.valid) {\n this.verifications.set(verification.id, verification as VerificationRecord);\n }\n break;\n }\n case 'commit': {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { type: _type, ...commit } = record;\n const validation = validateCommitRecord(commit);\n if (validation.valid) {\n this.commits.set(commit.id, commit as CommitRecord);\n }\n break;\n }\n case 'reveal': {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { type: _type, ...reveal } = record;\n const validation = validateRevealRecord(reveal);\n if (validation.valid) {\n this.reveals.set(reveal.id, reveal as RevealRecord);\n }\n break;\n }\n }\n } catch {\n // Skip invalid lines\n continue;\n }\n }\n \n this.loaded = true;\n } catch (error) {\n // File doesn't exist yet - that's okay for first run\n if ((error as NodeJS.ErrnoException).code === 'ENOENT') {\n this.loaded = true;\n return;\n }\n throw error;\n }\n }\n\n /**\n * Ensure the store is loaded\n */\n private async ensureLoaded(): Promise<void> {\n if (!this.loaded) {\n await this.load();\n }\n }\n\n /**\n * Append a record to the JSONL file\n */\n private async appendToFile(record: StoredRecord): Promise<void> {\n // Ensure directory exists\n await fs.mkdir(dirname(this.filePath), { recursive: true });\n \n // Append JSONL line\n const line = JSON.stringify(record) + '\\n';\n await fs.appendFile(this.filePath, line, 'utf-8');\n }\n\n /**\n * Add a verification record\n */\n async addVerification(verification: VerificationRecord): Promise<void> {\n await this.ensureLoaded();\n \n const validation = validateVerificationRecord(verification);\n if (!validation.valid) {\n throw new Error(`Invalid verification: ${validation.errors.join(', ')}`);\n }\n \n this.verifications.set(verification.id, verification);\n await this.appendToFile({ type: 'verification', ...verification });\n }\n\n /**\n * Add a commit record\n */\n async addCommit(commit: CommitRecord): Promise<void> {\n await this.ensureLoaded();\n \n const validation = validateCommitRecord(commit);\n if (!validation.valid) {\n throw new Error(`Invalid commit: ${validation.errors.join(', ')}`);\n }\n \n this.commits.set(commit.id, commit);\n await this.appendToFile({ type: 'commit', ...commit });\n }\n\n /**\n * Add a reveal record\n */\n async addReveal(reveal: RevealRecord): Promise<void> {\n await this.ensureLoaded();\n \n const validation = validateRevealRecord(reveal);\n if (!validation.valid) {\n throw new Error(`Invalid reveal: ${validation.errors.join(', ')}`);\n }\n \n this.reveals.set(reveal.id, reveal);\n await this.appendToFile({ type: 'reveal', ...reveal });\n }\n\n /**\n * Get all verifications\n */\n async getVerifications(): Promise<VerificationRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.verifications.values());\n }\n\n /**\n * Get verifications for a specific target\n */\n async getVerificationsByTarget(target: string): Promise<VerificationRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.verifications.values()).filter(v => v.target === target);\n }\n\n /**\n * Get verifications by domain\n */\n async getVerificationsByDomain(domain: string): Promise<VerificationRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.verifications.values()).filter(v => v.domain === domain);\n }\n\n /**\n * Get verifications for an agent (where they are the target of verification)\n * This requires looking up the target message to find the agent\n * For now, we'll return all verifications and let the caller filter\n */\n async getVerificationsByDomainForAgent(domain: string): Promise<VerificationRecord[]> {\n return this.getVerificationsByDomain(domain);\n }\n\n /**\n * Get all commits\n */\n async getCommits(): Promise<CommitRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.commits.values());\n }\n\n /**\n * Get commit by ID\n */\n async getCommit(id: string): Promise<CommitRecord | null> {\n await this.ensureLoaded();\n return this.commits.get(id) || null;\n }\n\n /**\n * Get commits by agent\n */\n async getCommitsByAgent(agent: string): Promise<CommitRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.commits.values()).filter(c => c.agent === agent);\n }\n\n /**\n * Get all reveals\n */\n async getReveals(): Promise<RevealRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.reveals.values());\n }\n\n /**\n * Get reveal by commitment ID\n */\n async getRevealByCommitment(commitmentId: string): Promise<RevealRecord | null> {\n await this.ensureLoaded();\n return Array.from(this.reveals.values()).find(r => r.commitmentId === commitmentId) || null;\n }\n\n /**\n * Get reveals by agent\n */\n async getRevealsByAgent(agent: string): Promise<RevealRecord[]> {\n await this.ensureLoaded();\n return Array.from(this.reveals.values()).filter(r => r.agent === agent);\n }\n}\n","/**\n * Verification record creation and validation.\n * Core primitive for computational reputation.\n */\n\nimport { createEnvelope, verifyEnvelope } from '../message/envelope';\nimport type { VerificationRecord } from './types';\nimport { validateVerificationRecord } from './types';\n\n/**\n * Create a signed verification record\n * @param verifier - Public key of the verifying agent\n * @param privateKey - Private key for signing\n * @param target - ID of the message/output being verified\n * @param domain - Capability domain\n * @param verdict - Verification verdict\n * @param confidence - Verifier's confidence (0-1)\n * @param timestamp - Timestamp for the verification (ms)\n * @param evidence - Optional link to verification evidence\n * @returns Signed VerificationRecord\n */\nexport function createVerification(\n verifier: string,\n privateKey: string,\n target: string,\n domain: string,\n verdict: 'correct' | 'incorrect' | 'disputed',\n confidence: number,\n timestamp: number,\n evidence?: string\n): VerificationRecord {\n // Validate confidence range\n if (confidence < 0 || confidence > 1) {\n throw new Error('confidence must be between 0 and 1');\n }\n \n // Create the payload for signing\n const payload: Record<string, unknown> = {\n verifier,\n target,\n domain,\n verdict,\n confidence,\n timestamp,\n };\n \n if (evidence !== undefined) {\n payload.evidence = evidence;\n }\n \n // Create signed envelope with type 'verification'\n const envelope = createEnvelope('verification', verifier, privateKey, payload, timestamp, undefined, [verifier]);\n \n // Return verification record\n const record: VerificationRecord = {\n id: envelope.id,\n verifier,\n target,\n domain,\n verdict,\n confidence,\n timestamp,\n signature: envelope.signature,\n };\n \n if (evidence !== undefined) {\n record.evidence = evidence;\n }\n \n return record;\n}\n\n/**\n * Verify the cryptographic signature of a verification record\n * @param record - The verification record to verify\n * @returns Object with valid flag and optional reason for failure\n */\nexport function verifyVerificationSignature(\n record: VerificationRecord\n): { valid: boolean; reason?: string } {\n // First validate the structure\n const structureValidation = validateVerificationRecord(record);\n if (!structureValidation.valid) {\n return { \n valid: false, \n reason: `Invalid structure: ${structureValidation.errors.join(', ')}` \n };\n }\n \n // Reconstruct the envelope for signature verification\n const payload: Record<string, unknown> = {\n verifier: record.verifier,\n target: record.target,\n domain: record.domain,\n verdict: record.verdict,\n confidence: record.confidence,\n timestamp: record.timestamp,\n };\n \n if (record.evidence !== undefined) {\n payload.evidence = record.evidence;\n }\n \n const envelope = {\n id: record.id,\n type: 'verification' as const,\n from: record.verifier,\n to: [record.verifier],\n timestamp: record.timestamp,\n payload,\n signature: record.signature,\n };\n \n // Verify the envelope signature\n return verifyEnvelope(envelope);\n}\n","/**\n * Commit-reveal pattern implementation for tamper-proof predictions.\n * Agents commit to predictions before outcomes are known, then reveal after.\n */\n\nimport { createHash } from 'node:crypto';\nimport { createEnvelope } from '../message/envelope';\nimport type { CommitRecord, RevealRecord } from './types';\nimport { validateCommitRecord, validateRevealRecord } from './types';\n\n/**\n * Create a commitment hash for a prediction\n * @param prediction - The prediction string\n * @returns SHA-256 hash of the prediction (hex string)\n */\nexport function hashPrediction(prediction: string): string {\n return createHash('sha256').update(prediction).digest('hex');\n}\n\n/**\n * Create a signed commit record\n * @param agent - Public key of the committing agent\n * @param privateKey - Private key for signing\n * @param domain - Domain of the prediction\n * @param prediction - The prediction to commit to\n * @param timestamp - Timestamp for the commit (ms)\n * @param expiryMs - Expiry time in milliseconds from timestamp\n * @returns Signed CommitRecord\n */\nexport function createCommit(\n agent: string,\n privateKey: string,\n domain: string,\n prediction: string,\n timestamp: number,\n expiryMs: number\n): CommitRecord {\n const commitment = hashPrediction(prediction);\n const expiry = timestamp + expiryMs;\n \n // Create the payload for signing\n const payload = {\n agent,\n domain,\n commitment,\n timestamp,\n expiry,\n };\n \n // Create signed envelope with type 'commit'\n const envelope = createEnvelope('commit', agent, privateKey, payload, timestamp, undefined, [agent]);\n \n // Return commit record\n return {\n id: envelope.id,\n agent,\n domain,\n commitment,\n timestamp,\n expiry,\n signature: envelope.signature,\n };\n}\n\n/**\n * Create a signed reveal record\n * @param agent - Public key of the revealing agent\n * @param privateKey - Private key for signing\n * @param commitmentId - ID of the original commit record\n * @param prediction - The original prediction (plaintext)\n * @param outcome - The observed outcome\n * @param timestamp - Timestamp for the reveal (ms)\n * @param evidence - Optional evidence for the outcome\n * @returns Signed RevealRecord\n */\nexport function createReveal(\n agent: string,\n privateKey: string,\n commitmentId: string,\n prediction: string,\n outcome: string,\n timestamp: number,\n evidence?: string\n): RevealRecord {\n \n // Create the payload for signing\n const payload: Record<string, unknown> = {\n agent,\n commitmentId,\n prediction,\n outcome,\n timestamp,\n };\n \n if (evidence !== undefined) {\n payload.evidence = evidence;\n }\n \n // Create signed envelope with type 'reveal'\n const envelope = createEnvelope('reveal', agent, privateKey, payload, timestamp, undefined, [agent]);\n \n // Return reveal record\n const record: RevealRecord = {\n id: envelope.id,\n agent,\n commitmentId,\n prediction,\n outcome,\n timestamp,\n signature: envelope.signature,\n };\n \n if (evidence !== undefined) {\n record.evidence = evidence;\n }\n \n return record;\n}\n\n/**\n * Verify a reveal against its commitment\n * @param commit - The original commit record\n * @param reveal - The reveal record\n * @returns Object with valid flag and optional reason for failure\n */\nexport function verifyReveal(\n commit: CommitRecord,\n reveal: RevealRecord\n): { valid: boolean; reason?: string } {\n // Validate structures\n const commitValidation = validateCommitRecord(commit);\n if (!commitValidation.valid) {\n return { valid: false, reason: `Invalid commit: ${commitValidation.errors.join(', ')}` };\n }\n \n const revealValidation = validateRevealRecord(reveal);\n if (!revealValidation.valid) {\n return { valid: false, reason: `Invalid reveal: ${revealValidation.errors.join(', ')}` };\n }\n \n // Check that reveal references the correct commit\n if (reveal.commitmentId !== commit.id) {\n return { valid: false, reason: 'Reveal does not reference this commit' };\n }\n \n // Check that agents match\n if (reveal.agent !== commit.agent) {\n return { valid: false, reason: 'Reveal agent does not match commit agent' };\n }\n \n // Check that reveal is after commit expiry\n if (reveal.timestamp < commit.expiry) {\n return { valid: false, reason: 'Reveal timestamp is before commit expiry' };\n }\n \n // Verify that the prediction hash matches the commitment\n const predictedHash = hashPrediction(reveal.prediction);\n if (predictedHash !== commit.commitment) {\n return { valid: false, reason: 'Prediction hash does not match commitment' };\n }\n \n return { valid: true };\n}\n","/**\r\n * Trust score computation with exponential time decay.\r\n * Domain-specific reputation scoring from verification history.\r\n */\r\n\r\nimport type { VerificationRecord, TrustScore } from './types';\r\n\r\n/**\r\n * Exponential decay function for time-based reputation degradation.\r\n * @param deltaTimeMs - Time since verification (milliseconds)\r\n * @param lambda - Decay rate (default: ln(2)/70 ≈ 0.0099, giving 70-day half-life)\r\n * @returns Weight multiplier (0-1)\r\n */\r\nexport function decay(deltaTimeMs: number, lambda = Math.log(2) / 70): number {\r\n const deltaDays = deltaTimeMs / (1000 * 60 * 60 * 24);\r\n return Math.exp(-lambda * deltaDays);\r\n}\r\n\r\n/**\r\n * Compute verdict weight\r\n * @param verdict - Verification verdict\r\n * @returns Weight value (+1 for correct, -1 for incorrect, 0 for disputed)\r\n */\r\nfunction verdictWeight(verdict: 'correct' | 'incorrect' | 'disputed'): number {\r\n switch (verdict) {\r\n case 'correct':\r\n return 1;\r\n case 'incorrect':\r\n return -1;\r\n case 'disputed':\r\n return 0;\r\n }\r\n}\r\n\r\n/**\r\n * Options for recursive trust score computation.\r\n */\r\nexport interface TrustScoreOptions {\r\n /**\r\n * Optional function to get verifier's trust score for recursive weighting.\r\n * When provided, each verification is weighted by the verifier's own trust score.\r\n * Defaults to returning 1.0 (flat weighting, backward compatible).\r\n * New agents with no score should return 0.5 (neutral bootstrapping weight).\r\n */\r\n getVerifierScore?: (verifier: string, domain: string) => number;\r\n /**\r\n * Maximum recursion depth for recursive scoring. Default: 3.\r\n * At depth 0, flat weighting (1.0) is used instead of calling getVerifierScore.\r\n */\r\n maxDepth?: number;\r\n /**\r\n * Internal: set of agents currently being scored, used for cycle detection.\r\n * Pass a shared mutable Set when making recursive calls to enable cycle detection.\r\n * When a verifier is found in this set, neutral weight (0.5) is used instead of recursing.\r\n */\r\n visitedAgents?: Set<string>;\r\n}\r\n\r\n/**\r\n * Compute trust score for an agent in a specific domain\r\n * @param agent - Public key of the agent being scored\r\n * @param domain - Capability domain\r\n * @param verifications - All verification records (will be filtered by target and domain)\r\n * @param currentTime - Current timestamp (ms)\r\n * @param options - Optional settings for recursive scoring and cycle detection\r\n * @returns TrustScore object with computed reputation\r\n */\r\nexport function computeTrustScore(\r\n agent: string,\r\n domain: string,\r\n verifications: VerificationRecord[],\r\n currentTime: number,\r\n options?: TrustScoreOptions\r\n): TrustScore {\r\n // Filter verifications for this agent and domain\r\n const relevantVerifications = verifications.filter(\r\n v => v.target === agent && v.domain === domain\r\n );\r\n \r\n if (relevantVerifications.length === 0) {\r\n return {\r\n agent,\r\n domain,\r\n score: 0,\r\n verificationCount: 0,\r\n lastVerified: 0,\r\n topVerifiers: [],\r\n };\r\n }\r\n \r\n const maxDepth = options?.maxDepth ?? 3;\r\n const visitedAgents = options?.visitedAgents;\r\n const getVerifierScore = options?.getVerifierScore;\r\n\r\n // Mark current agent as being scored (cycle detection)\r\n if (visitedAgents) {\r\n visitedAgents.add(agent);\r\n }\r\n\r\n // Compute weighted score with time decay\r\n let totalWeight = 0;\r\n const verifierWeights = new Map<string, number>();\r\n \r\n for (const verification of relevantVerifications) {\r\n const deltaTime = currentTime - verification.timestamp;\r\n const decayFactor = decay(deltaTime);\r\n const verdict = verdictWeight(verification.verdict);\r\n\r\n // Determine verifier trust weight for recursive scoring\r\n let verifierTrustWeight: number;\r\n if (!getVerifierScore || maxDepth <= 0) {\r\n // No recursive scoring or depth limit reached — use flat weight\r\n verifierTrustWeight = 1.0;\r\n } else if (visitedAgents?.has(verification.verifier)) {\r\n // Cycle detected — use neutral weight (0.5) instead of recursing\r\n verifierTrustWeight = 0.5;\r\n } else {\r\n verifierTrustWeight = getVerifierScore(verification.verifier, domain);\r\n }\r\n\r\n const weight = verdict * verification.confidence * decayFactor * verifierTrustWeight;\r\n \r\n totalWeight += weight;\r\n \r\n // Track verifier contributions\r\n const currentVerifierWeight = verifierWeights.get(verification.verifier) ?? 0;\r\n verifierWeights.set(verification.verifier, currentVerifierWeight + Math.abs(weight));\r\n }\r\n\r\n // Backtrack: remove current agent from visited set for correct DFS traversal\r\n if (visitedAgents) {\r\n visitedAgents.delete(agent);\r\n }\r\n \r\n // Normalize score to 0-1 range\r\n // Positive verifications push toward 1, negative push toward 0\r\n const rawScore = totalWeight / Math.max(relevantVerifications.length, 1);\r\n const normalizedScore = Math.max(0, Math.min(1, (rawScore + 1) / 2));\r\n \r\n // Find most recent verification\r\n const lastVerified = Math.max(...relevantVerifications.map(v => v.timestamp));\r\n \r\n // Get top verifiers by absolute weight\r\n const topVerifiers = Array.from(verifierWeights.entries())\r\n .sort((a, b) => b[1] - a[1])\r\n .slice(0, 5)\r\n .map(([verifier]) => verifier);\r\n \r\n return {\r\n agent,\r\n domain,\r\n score: normalizedScore,\r\n verificationCount: relevantVerifications.length,\r\n lastVerified,\r\n topVerifiers,\r\n };\r\n}\r\n\r\n/**\r\n * Compute trust scores for an agent across multiple domains\r\n * @param agent - Public key of the agent being scored\r\n * @param verifications - All verification records\r\n * @param currentTime - Current timestamp (ms)\r\n * @returns Map of domain to TrustScore\r\n */\r\nexport function computeTrustScores(\r\n agent: string,\r\n verifications: VerificationRecord[],\r\n currentTime: number\r\n): Map<string, TrustScore> {\r\n // Get unique domains for this agent\r\n const domains = new Set(\r\n verifications\r\n .filter(v => v.target === agent)\r\n .map(v => v.domain)\r\n );\r\n \r\n const scores = new Map<string, TrustScore>();\r\n for (const domain of domains) {\r\n const score = computeTrustScore(agent, domain, verifications, currentTime);\r\n scores.set(domain, score);\r\n }\r\n \r\n return scores;\r\n}\r\n\r\n// Alias for backward compatibility\r\nexport const computeAllTrustScores = computeTrustScores;\r\n"],"mappings":";;;;;;;AAAA,SAAS,cAAc,eAAe,kBAAkB;AA2BjD,SAAS,eAAe,MAA8B;AAC3D,QAAM,UAAU,aAAa,MAAM,OAAO;AAC1C,SAAO,KAAK,MAAM,OAAO;AAC3B;AAOO,SAAS,eAAe,MAAc,QAA8B;AACzE,QAAM,UAAU,KAAK,UAAU,QAAQ,MAAM,CAAC;AAC9C,gBAAc,MAAM,SAAS,OAAO;AACtC;AAQO,SAAS,eAAe,MAA8B;AAC3D,MAAI,WAAW,IAAI,GAAG;AACpB,WAAO,eAAe,IAAI;AAAA,EAC5B;AAGA,QAAM,WAAW,gBAAgB;AACjC,QAAM,SAAyB;AAAA,IAC7B;AAAA,IACA,OAAO,CAAC;AAAA,EACV;AAEA,iBAAe,MAAM,MAAM;AAC3B,SAAO;AACT;;;ACrCA,eAAsB,WACpB,QACA,eACA,MACA,SACA,WACA,eAC0D;AAE1D,QAAM,OAAO,OAAO,MAAM,IAAI,aAAa;AAC3C,MAAI,CAAC,MAAM;AACT,WAAO,EAAE,IAAI,OAAO,QAAQ,GAAG,OAAO,eAAe;AAAA,EACvD;AAGA,MAAI,CAAC,KAAK,KAAK;AACb,WAAO,EAAE,IAAI,OAAO,QAAQ,GAAG,OAAO,4BAA4B;AAAA,EACpE;AAGA,QAAM,WAAW;AAAA,IACf;AAAA,IACA,OAAO,SAAS;AAAA,IAChB,OAAO,SAAS;AAAA,IAChB;AAAA,IACA,KAAK,IAAI;AAAA,IACT;AAAA,IACA,iBAAiB,CAAC,aAAa;AAAA,EACjC;AAGA,QAAM,eAAe,KAAK,UAAU,QAAQ;AAC5C,QAAM,iBAAiB,OAAO,KAAK,YAAY,EAAE,SAAS,WAAW;AAGrE,QAAM,iBAAiB;AAAA,IACrB,SAAS,mBAAmB,cAAc;AAAA,IAC1C,MAAM;AAAA,IACN,YAAY,SAAS,SAAS,KAAK,UAAU,GAAG,EAAE,CAAC;AAAA,IACnD,SAAS;AAAA,EACX;AAGA,QAAM,UAAkC;AAAA,IACtC,gBAAgB;AAAA,EAClB;AACA,MAAI,KAAK,OAAO;AACd,YAAQ,eAAe,IAAI,UAAU,KAAK,KAAK;AAAA,EACjD;AAEA,QAAM,cAAc,KAAK,UAAU,cAAc;AAGjD,WAAS,UAAU,GAAG,UAAU,GAAG,WAAW;AAC5C,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,GAAG,KAAK,GAAG,UAAU;AAAA,QAChD,QAAQ;AAAA,QACR;AAAA,QACA,MAAM;AAAA,MACR,CAAC;AAED,aAAO;AAAA,QACL,IAAI,SAAS;AAAA,QACb,QAAQ,SAAS;AAAA,QACjB,OAAO,SAAS,KAAK,SAAY,MAAM,SAAS,KAAK;AAAA,MACvD;AAAA,IACF,SAAS,KAAK;AACZ,UAAI,YAAY,GAAG;AACjB,eAAO;AAAA,UACL,IAAI;AAAA,UACJ,QAAQ;AAAA,UACR,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,QACxD;AAAA,MACF;AAAA,IAEF;AAAA,EACF;AAGA,SAAO,EAAE,IAAI,OAAO,QAAQ,GAAG,OAAO,0BAA0B;AAClE;AAOO,SAAS,sBACd,SACA,YACkE;AAElE,QAAM,SAAS;AACf,MAAI,CAAC,QAAQ,WAAW,MAAM,GAAG;AAC/B,WAAO,EAAE,IAAI,OAAO,QAAQ,oBAAoB;AAAA,EAClD;AAGA,QAAM,gBAAgB,QAAQ,UAAU,OAAO,MAAM;AAGrD,MAAI,CAAC,eAAe;AAClB,WAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAAA,EAC/C;AAGA,MAAI;AACJ,MAAI;AACF,UAAM,UAAU,OAAO,KAAK,eAAe,WAAW;AAEtD,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAAA,IAC/C;AACA,mBAAe,QAAQ,SAAS,OAAO;AAAA,EACzC,QAAQ;AACN,WAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAAA,EAC/C;AAGA,MAAI;AACJ,MAAI;AACF,eAAW,KAAK,MAAM,YAAY;AAAA,EACpC,QAAQ;AACN,WAAO,EAAE,IAAI,OAAO,QAAQ,eAAe;AAAA,EAC7C;AAGA,QAAM,eAAe,eAAe,QAAQ;AAC5C,MAAI,CAAC,aAAa,OAAO;AACvB,WAAO,EAAE,IAAI,OAAO,QAAQ,aAAa,UAAU,sBAAsB;AAAA,EAC3E;AAGA,QAAM,cAAc,WAAW,IAAI,SAAS,IAAI;AAChD,MAAI,CAAC,aAAa;AAChB,WAAO,EAAE,IAAI,OAAO,QAAQ,iBAAiB;AAAA,EAC/C;AAEA,SAAO,EAAE,IAAI,MAAM,SAAS;AAC9B;;;ACpKA,OAAO,eAAe;AAuBtB,eAAsB,aACpB,QACA,eACA,MACA,SACA,WACA,eAC0C;AAE1C,MAAI,OAAO,eAAe,OAAO,YAAY,UAAU,GAAG;AACxD,UAAM,WAAW;AAAA,MACf;AAAA,MACA,OAAO,SAAS;AAAA,MAChB,OAAO,SAAS;AAAA,MAChB;AAAA,MACA,KAAK,IAAI;AAAA,MACT;AAAA,MACA,iBAAiB,CAAC,aAAa;AAAA,IACjC;AACA,WAAO,OAAO,YAAY,KAAK,eAAe,QAAQ;AAAA,EACxD;AAGA,SAAO,IAAI,QAAQ,CAACA,aAAY;AAC9B,UAAM,KAAK,IAAI,UAAU,OAAO,QAAQ;AACxC,QAAI,aAAa;AACjB,QAAI,cAAc;AAClB,QAAI,WAAW;AAGf,UAAM,cAAc,CAAC,WAAkD;AACrE,UAAI,CAAC,UAAU;AACb,mBAAW;AACX,qBAAa,OAAO;AACpB,QAAAA,SAAQ,MAAM;AAAA,MAChB;AAAA,IACF;AAGA,UAAM,UAAU,WAAW,MAAM;AAC/B,UAAI,CAAC,aAAa;AAChB,WAAG,MAAM;AACT,oBAAY,EAAE,IAAI,OAAO,OAAO,2BAA2B,CAAC;AAAA,MAC9D;AAAA,IACF,GAAG,GAAK;AAER,OAAG,GAAG,QAAQ,MAAM;AAElB,YAAM,cAAc;AAAA,QAClB,MAAM;AAAA,QACN,WAAW,OAAO,SAAS;AAAA,MAC7B;AACA,SAAG,KAAK,KAAK,UAAU,WAAW,CAAC;AAAA,IACrC,CAAC;AAED,OAAG,GAAG,WAAW,CAAC,SAAyB;AACzC,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,KAAK,SAAS,CAAC;AAEtC,YAAI,IAAI,SAAS,gBAAgB,CAAC,YAAY;AAC5C,uBAAa;AAGb,gBAAM,WAAqB;AAAA,YACzB;AAAA,YACA,OAAO,SAAS;AAAA,YAChB,OAAO,SAAS;AAAA,YAChB;AAAA,YACA,KAAK,IAAI;AAAA,YACT;AAAA,YACA,iBAAiB,CAAC,aAAa;AAAA,UACjC;AAGA,gBAAM,WAAW;AAAA,YACf,MAAM;AAAA,YACN,IAAI;AAAA,YACJ;AAAA,UACF;AACA,aAAG,KAAK,KAAK,UAAU,QAAQ,CAAC;AAChC,wBAAc;AAGd,qBAAW,MAAM;AACf,eAAG,MAAM;AACT,wBAAY,EAAE,IAAI,KAAK,CAAC;AAAA,UAC1B,GAAG,GAAG;AAAA,QACR,WAAW,IAAI,SAAS,SAAS;AAC/B,aAAG,MAAM;AACT,sBAAY,EAAE,IAAI,OAAO,OAAO,IAAI,WAAW,qBAAqB,CAAC;AAAA,QACvE;AAAA,MACF,SAAS,KAAK;AACZ,WAAG,MAAM;AACT,oBAAY,EAAE,IAAI,OAAO,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE,CAAC;AAAA,MACpF;AAAA,IACF,CAAC;AAED,OAAG,GAAG,SAAS,CAAC,QAAQ;AACtB,SAAG,MAAM;AACT,kBAAY,EAAE,IAAI,OAAO,OAAO,IAAI,QAAQ,CAAC;AAAA,IAC/C,CAAC;AAED,OAAG,GAAG,SAAS,MAAM;AACnB,UAAI,CAAC,aAAa;AAChB,oBAAY,EAAE,IAAI,OAAO,OAAO,wCAAwC,CAAC;AAAA,MAC3E;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AACH;;;ACnIA,SAAS,gBAAAC,eAAc,cAAAC,aAAY,aAAa,WAAW,iBAAAC,sBAAqB;AAChF,SAAS,gBAAgB;AACzB,SAAS,SAAS,MAAM,eAAe;AACvC,SAAS,eAAe;AA8CjB,SAAS,uBAA+B;AAC7C,MAAI,QAAQ,IAAI,cAAc;AAC5B,WAAO,QAAQ,QAAQ,IAAI,YAAY;AAAA,EACzC;AACA,SAAO,QAAQ,QAAQ,GAAG,WAAW,SAAS,aAAa;AAC7D;AAKA,SAAS,YAAY,QAA8C;AACjE,QAAM,cAAc,OAAO;AAC3B,MAAI,CAAC,aAAa,aAAa,CAAC,aAAa,YAAY;AACvD,UAAM,IAAI,MAAM,mEAAmE;AAAA,EACrF;AACA,QAAM,WAA0B;AAAA,IAC9B,WAAW,YAAY;AAAA,IACvB,YAAY,YAAY;AAAA,IACxB,MAAM,OAAO,YAAY,SAAS,WAAW,YAAY,OAAO;AAAA,EAClE;AAEA,QAAM,QAAyC,CAAC;AAChD,MAAI,OAAO,SAAS,OAAO,OAAO,UAAU,UAAU;AACpD,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,KAAK,GAAG;AACvD,YAAM,OAAO;AACb,UAAI,QAAQ,OAAO,KAAK,cAAc,UAAU;AAC9C,cAAM,KAAK,SAAmB,IAAI;AAAA,UAChC,WAAW,KAAK;AAAA,UAChB,KAAK,OAAO,KAAK,QAAQ,WAAW,KAAK,MAAM;AAAA,UAC/C,OAAO,OAAO,KAAK,UAAU,WAAW,KAAK,QAAQ;AAAA,UACrD,MAAM,OAAO,KAAK,SAAS,WAAW,KAAK,OAAQ,QAAQ,KAAK,YAAY,MAAM;AAAA,QACpF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACJ,QAAM,WAAW,OAAO;AACxB,MAAI,OAAO,aAAa,UAAU;AAChC,YAAQ,EAAE,KAAK,UAAU,aAAa,KAAK;AAAA,EAC7C,WAAW,YAAY,OAAO,aAAa,UAAU;AACnD,UAAM,IAAI;AACV,QAAI,OAAO,EAAE,QAAQ,UAAU;AAC7B,cAAQ;AAAA,QACN,KAAK,EAAE;AAAA,QACP,aAAa,OAAO,EAAE,gBAAgB,YAAY,EAAE,cAAc;AAAA,QAClE,MAAM,OAAO,EAAE,SAAS,WAAW,EAAE,OAAO;AAAA,QAC5C,gBAAgB,OAAO,EAAE,mBAAmB,WAAW,EAAE,iBAAiB;AAAA,MAC5E;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,EAC3B;AACF;AAUO,SAAS,gBAAgB,MAA4B;AAC1D,QAAM,aAAa,QAAQ,qBAAqB;AAEhD,MAAI,CAACD,YAAW,UAAU,GAAG;AAC3B,UAAM,IAAI,MAAM,4BAA4B,UAAU,2CAA2C;AAAA,EACnG;AAEA,QAAM,UAAUD,cAAa,YAAY,OAAO;AAChD,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,OAAO;AAAA,EAC7B,QAAQ;AACN,UAAM,IAAI,MAAM,gCAAgC,UAAU,EAAE;AAAA,EAC9D;AAEA,SAAO,YAAY,MAAM;AAC3B;AASA,eAAsB,qBAAqB,MAAqC;AAC9E,QAAM,aAAa,QAAQ,qBAAqB;AAEhD,MAAI;AACJ,MAAI;AACF,cAAU,MAAM,SAAS,YAAY,OAAO;AAAA,EAC9C,SAAS,KAAK;AACZ,UAAM,OAAO,OAAO,OAAO,QAAQ,YAAY,UAAU,MAAO,IAA8B,OAAO;AACrG,QAAI,SAAS,UAAU;AACrB,YAAM,IAAI,MAAM,4BAA4B,UAAU,2CAA2C;AAAA,IACnG;AACA,UAAM;AAAA,EACR;AAEA,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,OAAO;AAAA,EAC7B,QAAQ;AACN,UAAM,IAAI,MAAM,gCAAgC,UAAU,EAAE;AAAA,EAC9D;AAEA,SAAO,YAAY,MAAM;AAC3B;AASO,SAAS,eAAuB;AACrC,MAAI,QAAQ,IAAI,kBAAkB;AAChC,WAAO,QAAQ,QAAQ,IAAI,gBAAgB;AAAA,EAC7C;AACA,SAAO,QAAQ,QAAQ,GAAG,WAAW,OAAO;AAC9C;AAOO,SAAS,qBAAqB,SAA0B;AAC7D,MAAI,QAAQ,IAAI,cAAc;AAC5B,WAAO,QAAQ,QAAQ,IAAI,YAAY;AAAA,EACzC;AACA,QAAM,OAAO,aAAa;AAC1B,MAAI,CAAC,WAAW,YAAY,WAAW;AACrC,WAAO,KAAK,MAAM,aAAa;AAAA,EACjC;AACA,SAAO,KAAK,MAAM,YAAY,SAAS,aAAa;AACtD;AAMO,SAAS,eAAyB;AACvC,QAAM,OAAO,aAAa;AAC1B,QAAM,WAAqB,CAAC;AAG5B,MAAIC,YAAW,KAAK,MAAM,aAAa,CAAC,GAAG;AACzC,aAAS,KAAK,SAAS;AAAA,EACzB;AAGA,QAAM,cAAc,KAAK,MAAM,UAAU;AACzC,MAAIA,YAAW,WAAW,GAAG;AAC3B,eAAW,SAAS,YAAY,aAAa,EAAE,eAAe,KAAK,CAAC,GAAG;AACrE,UAAI,MAAM,YAAY,KAAKA,YAAW,KAAK,aAAa,MAAM,MAAM,aAAa,CAAC,GAAG;AACnF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAwBO,SAAS,aACd,QACA,OAAsC,CAAC,GACvB;AAChB,QAAM,WAA2B;AAAA,IAC/B,SAAS;AAAA,IACT,OAAO,OAAO;AAAA,MACZ,OAAO,QAAQ,OAAO,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;AAAA,IAC5D;AAAA,EACF;AACA,MAAI,KAAK,iBAAiB;AACxB,aAAS,WAAW,EAAE,GAAG,OAAO,SAAS;AAAA,EAC3C;AACA,MAAI,OAAO,OAAO;AAChB,aAAS,QAAQ,EAAE,GAAG,OAAO,MAAM;AAAA,EACrC;AACA,SAAO;AACT;AAMO,SAAS,aACd,QACA,UACA,OAAkE,CAAC,GACrD;AACd,QAAM,SAAuB;AAAA,IAC3B,YAAY,CAAC;AAAA,IACb,cAAc,CAAC;AAAA,IACf,kBAAkB;AAAA,IAClB,eAAe;AAAA,EACjB;AAGA,aAAW,CAAC,KAAK,IAAI,KAAK,OAAO,QAAQ,SAAS,KAAK,GAAG;AACxD,QAAI,OAAO,MAAM,GAAG,GAAG;AACrB,aAAO,aAAa,KAAK,GAAG;AAAA,IAC9B,OAAO;AACL,aAAO,MAAM,GAAG,IAAI,EAAE,GAAG,KAAK;AAC9B,aAAO,WAAW,KAAK,GAAG;AAAA,IAC5B;AAAA,EACF;AAGA,MAAI,KAAK,qBAAqB,SAAS,UAAU;AAC/C,WAAO,WAAW,EAAE,GAAG,SAAS,SAAS;AACzC,WAAO,mBAAmB;AAAA,EAC5B;AAGA,MAAI,KAAK,kBAAkB,SAAS,OAAO;AACzC,WAAO,QAAQ,EAAE,GAAG,SAAS,MAAM;AACnC,WAAO,gBAAgB;AAAA,EACzB;AAEA,SAAO;AACT;AAKO,SAAS,gBAAgB,MAAc,QAA2B;AACvE,QAAM,MAAM,QAAQ,IAAI;AACxB,MAAI,CAACA,YAAW,GAAG,GAAG;AACpB,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAAA,EACpC;AACA,QAAM,MAA+B;AAAA,IACnC,UAAU,OAAO;AAAA,IACjB,OAAO,OAAO;AAAA,EAChB;AACA,MAAI,OAAO,OAAO;AAChB,QAAI,QAAQ,OAAO;AAAA,EACrB;AACA,EAAAC,eAAc,MAAM,KAAK,UAAU,KAAK,MAAM,CAAC,IAAI,MAAM,OAAO;AAClE;;;AC/TA,SAAS,oBAAoB;AAC7B,OAAOC,gBAAe;AA4Cf,IAAM,cAAN,cAA0B,aAAa;AAAA,EACpC,KAAuB;AAAA,EACvB;AAAA,EACA,oBAAoB;AAAA,EACpB,mBAA0C;AAAA,EAC1C,eAAsC;AAAA,EACtC,cAAc;AAAA,EACd,eAAe;AAAA,EACf,kBAAkB;AAAA,EAClB,cAAc,oBAAI,IAAuB;AAAA,EAEjD,YAAY,QAA2B;AACrC,UAAM;AACN,SAAK,SAAS;AAAA,MACZ,cAAc;AAAA,MACd,mBAAmB;AAAA,MACnB,GAAG;AAAA,IACL;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAyB;AAC7B,QAAI,KAAK,OAAO,KAAK,GAAG,eAAeC,WAAU,cAAc,KAAK,GAAG,eAAeA,WAAU,OAAO;AACrG;AAAA,IACF;AAEA,SAAK,kBAAkB;AACvB,WAAO,KAAK,UAAU;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA,EAKA,aAAmB;AACjB,SAAK,kBAAkB;AACvB,SAAK,QAAQ;AACb,QAAI,KAAK,IAAI;AACX,WAAK,GAAG,MAAM;AACd,WAAK,KAAK;AAAA,IACZ;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAqB;AACnB,WAAO,KAAK,eAAe,KAAK;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,IAAY,UAA8D;AACnF,QAAI,CAAC,KAAK,UAAU,GAAG;AACrB,aAAO,EAAE,IAAI,OAAO,OAAO,yBAAyB;AAAA,IACtD;AAEA,UAAM,UAA8B;AAAA,MAClC,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACF;AAEA,QAAI;AACF,WAAK,GAAI,KAAK,KAAK,UAAU,OAAO,CAAC;AACrC,aAAO,EAAE,IAAI,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,aAAO,EAAE,IAAI,OAAO,OAAO,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,EAAE;AAAA,IAC9E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,iBACJ,YACA,MACA,SACA,WAC+E;AAC/E,QAAI,CAAC,KAAK,UAAU,GAAG;AACrB,aAAO,EAAE,IAAI,OAAO,QAAQ,CAAC,EAAE,WAAW,KAAK,OAAO,yBAAyB,CAAC,EAAE;AAAA,IACpF;AAEA,UAAM,SAAS,MAAM,KAAK,IAAI,IAAI,WAAW,OAAO,OAAO,CAAC,CAAC;AAC7D,UAAM,SAAsD,CAAC;AAE7D,eAAW,aAAa,QAAQ;AAC9B,YAAM,WAAW;AAAA,QACf;AAAA,QACA,KAAK,OAAO;AAAA,QACZ,KAAK,OAAO;AAAA,QACZ;AAAA,QACA,KAAK,IAAI;AAAA,QACT;AAAA,QACA;AAAA,MACF;AACA,YAAM,SAAS,MAAM,KAAK,KAAK,WAAW,QAAQ;AAClD,UAAI,CAAC,OAAO,IAAI;AACd,eAAO,KAAK,EAAE,WAAW,OAAO,OAAO,SAAS,gBAAgB,CAAC;AAAA,MACnE;AAAA,IACF;AAEA,WAAO,EAAE,IAAI,OAAO,WAAW,GAAG,OAAO;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,iBAA8B;AAC5B,WAAO,MAAM,KAAK,KAAK,YAAY,OAAO,CAAC;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,WAA4B;AACvC,WAAO,KAAK,YAAY,IAAI,SAAS;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YAA2B;AACvC,WAAO,IAAI,QAAQ,CAACC,UAAS,WAAW;AACtC,UAAI;AACF,aAAK,KAAK,IAAID,WAAU,KAAK,OAAO,QAAQ;AAC5C,YAAI,WAAW;AAEf,cAAM,cAAc,CAAC,aAA+B;AAClD,cAAI,CAAC,UAAU;AACb,uBAAW;AACX,qBAAS;AAAA,UACX;AAAA,QACF;AAEA,aAAK,GAAG,GAAG,QAAQ,MAAM;AACvB,eAAK,cAAc;AACnB,eAAK,oBAAoB;AACzB,eAAK,kBAAkB;AAGvB,gBAAM,cAAkC;AAAA,YACtC,MAAM;AAAA,YACN,WAAW,KAAK,OAAO;AAAA,YACvB,MAAM,KAAK,OAAO;AAAA,UACpB;AACA,eAAK,GAAI,KAAK,KAAK,UAAU,WAAW,CAAC;AAAA,QAC3C,CAAC;AAED,aAAK,GAAG,GAAG,WAAW,CAAC,SAAyB;AAC9C,cAAI;AACF,kBAAM,MAAM,KAAK,MAAM,KAAK,SAAS,CAAC;AACtC,iBAAK,cAAc,GAAG;AAGtB,gBAAI,IAAI,SAAS,gBAAgB,CAAC,UAAU;AAC1C,0BAAY,MAAMC,SAAQ,CAAC;AAAA,YAC7B;AAAA,UACF,SAAS,KAAK;AACZ,iBAAK,KAAK,SAAS,IAAI,MAAM,4BAA4B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,UAC9G;AAAA,QACF,CAAC;AAED,aAAK,GAAG,GAAG,SAAS,MAAM;AACxB,eAAK,cAAc;AACnB,eAAK,eAAe;AACpB,eAAK,QAAQ;AACb,eAAK,KAAK,cAAc;AAExB,cAAI,KAAK,iBAAiB;AACxB,iBAAK,kBAAkB;AAAA,UACzB;AAEA,cAAI,CAAC,UAAU;AACb,wBAAY,MAAM,OAAO,IAAI,MAAM,uCAAuC,CAAC,CAAC;AAAA,UAC9E;AAAA,QACF,CAAC;AAED,aAAK,GAAG,GAAG,SAAS,CAAC,QAAQ;AAC3B,eAAK,KAAK,SAAS,GAAG;AACtB,cAAI,CAAC,UAAU;AACb,wBAAY,MAAM,OAAO,GAAG,CAAC;AAAA,UAC/B;AAAA,QACF,CAAC;AAAA,MACH,SAAS,KAAK;AACZ,eAAO,GAAG;AAAA,MACZ;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAc,KAA+B;AACnD,YAAQ,IAAI,MAAM;AAAA,MAChB,KAAK;AACH,aAAK,eAAe;AACpB,YAAI,IAAI,OAAO;AAEb,qBAAW,QAAQ,IAAI,OAAO;AAC5B,iBAAK,YAAY,IAAI,KAAK,WAAW,IAAI;AAAA,UAC3C;AAAA,QACF;AACA,aAAK,KAAK,WAAW;AACrB;AAAA,MAEF,KAAK;AACH,YAAI,IAAI,YAAY,IAAI,MAAM;AAE5B,gBAAM,eAAe,eAAe,IAAI,QAAQ;AAChD,cAAI,CAAC,aAAa,OAAO;AACvB,iBAAK,KAAK,SAAS,IAAI,MAAM,+BAA+B,aAAa,MAAM,EAAE,CAAC;AAClF;AAAA,UACF;AAGA,gBAAM,eAAe,IAAI,SAAS;AAClC,cAAI,iBAAiB,IAAI,MAAM;AAC7B,iBAAK,KAAK,SAAS,IAAI,MAAM,iDAAiD,CAAC;AAC/E;AAAA,UACF;AAIA,eAAK,KAAK,WAAW,IAAI,UAAU,IAAI,IAAI;AAAA,QAC7C;AACA;AAAA,MAEF,KAAK;AACH,YAAI,IAAI,WAAW;AACjB,gBAAM,OAAkB;AAAA,YACtB,WAAW,IAAI;AAAA,YACf,MAAM,IAAI;AAAA,UACZ;AACA,eAAK,YAAY,IAAI,IAAI,WAAW,IAAI;AACxC,eAAK,KAAK,eAAe,IAAI;AAAA,QAC/B;AACA;AAAA,MAEF,KAAK;AACH,YAAI,IAAI,WAAW;AACjB,gBAAM,OAAO,KAAK,YAAY,IAAI,IAAI,SAAS;AAC/C,cAAI,MAAM;AACR,iBAAK,YAAY,OAAO,IAAI,SAAS;AACrC,iBAAK,KAAK,gBAAgB,IAAI;AAAA,UAChC;AAAA,QACF;AACA;AAAA,MAEF,KAAK;AACH,aAAK,KAAK,SAAS,IAAI,MAAM,gBAAgB,IAAI,WAAW,eAAe,EAAE,CAAC;AAC9E;AAAA,MAEF,KAAK;AAEH;AAAA,MAEF;AAEE;AAAA,IACJ;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAA0B;AAChC,QAAI,KAAK,kBAAkB;AACzB;AAAA,IACF;AAGA,UAAM,QAAQ,KAAK;AAAA,MACjB,MAAO,KAAK,IAAI,GAAG,KAAK,iBAAiB;AAAA,MACzC,KAAK,OAAO;AAAA,IACd;AAEA,SAAK;AAEL,SAAK,mBAAmB,WAAW,MAAM;AACvC,WAAK,mBAAmB;AACxB,UAAI,KAAK,iBAAiB;AACxB,aAAK,UAAU,EAAE,MAAM,CAAC,QAAQ;AAC9B,eAAK,KAAK,SAAS,GAAG;AAAA,QACxB,CAAC;AAAA,MACH;AAAA,IACF,GAAG,KAAK;AAAA,EACV;AAAA;AAAA;AAAA;AAAA,EAKQ,oBAA0B;AAChC,SAAK,iBAAiB;AACtB,SAAK,eAAe,YAAY,MAAM;AACpC,UAAI,KAAK,MAAM,KAAK,GAAG,eAAeD,WAAU,MAAM;AACpD,cAAM,OAA2B,EAAE,MAAM,OAAO;AAChD,aAAK,GAAG,KAAK,KAAK,UAAU,IAAI,CAAC;AAAA,MACnC;AAAA,IACF,GAAG,KAAK,OAAO,YAAa;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKQ,mBAAyB;AAC/B,QAAI,KAAK,cAAc;AACrB,oBAAc,KAAK,YAAY;AAC/B,WAAK,eAAe;AAAA,IACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAgB;AACtB,SAAK,iBAAiB;AACtB,QAAI,KAAK,kBAAkB;AACzB,mBAAa,KAAK,gBAAgB;AAClC,WAAK,mBAAmB;AAAA,IAC1B;AACA,SAAK,YAAY,MAAM;AAAA,EACzB;AACF;;;ACtXA,SAAS,gBAAAE,qBAAoB;AAkCtB,IAAM,uBAAN,cAAmCC,cAAa;AAAA,EAC7C;AAAA,EAER,YAAY,QAA6B;AACvC,UAAM;AACN,SAAK,SAAS;AAGd,SAAK,OAAO,YAAY,GAAG,WAAW,CAAC,UAAoB,SAAiB;AAC1E,UAAI,SAAS,SAAS,sBAAsB;AAC1C,aAAK,eAAe,QAA6C;AAAA,MACnE,WAAW,SAAS,SAAS,iBAAiB;AAC5C,aAAK,eAAe,UAA2C,IAAI;AAAA,MACrE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,iBAAiB,SAAsF;AAC3G,QAAI,CAAC,KAAK,OAAO,gBAAgB;AAC/B,YAAM,IAAI,MAAM,iCAAiC;AAAA,IACnD;AAEA,QAAI,CAAC,KAAK,OAAO,YAAY,UAAU,GAAG;AACxC,YAAM,IAAI,MAAM,wBAAwB;AAAA,IAC1C;AAEA,UAAM,UAAkC,UAAU,EAAE,QAAQ,IAAI,CAAC;AAEjE,UAAM,WAAW;AAAA,MACf;AAAA,MACA,KAAK,OAAO;AAAA,MACZ,KAAK,OAAO;AAAA,MACZ;AAAA,MACA,KAAK,IAAI;AAAA,MACT;AAAA,MACA,CAAC,KAAK,OAAO,cAAc;AAAA,IAC7B;AAGA,UAAM,SAAS,MAAM,KAAK,OAAO,YAAY,KAAK,KAAK,OAAO,gBAAgB,QAAQ;AACtF,QAAI,CAAC,OAAO,IAAI;AACd,YAAM,IAAI,MAAM,qCAAqC,OAAO,KAAK,EAAE;AAAA,IACrE;AAGA,WAAO,IAAI,QAAQ,CAACC,UAAS,WAAW;AACtC,YAAM,UAAU,WAAW,MAAM;AAC/B,gBAAQ;AACR,eAAO,IAAI,MAAM,6BAA6B,CAAC;AAAA,MACjD,GAAG,GAAK;AAER,YAAM,iBAAiB,CAAC,kBAA4B,SAAuB;AACzE,YAAI,iBAAiB,SAAS,wBAC1B,iBAAiB,cAAc,SAAS,MACxC,SAAS,KAAK,OAAO,gBAAgB;AACvC,kBAAQ;AACR,UAAAA,SAAQ,iBAAiB,OAAkC;AAAA,QAC7D;AAAA,MACF;AAEA,YAAM,UAAU,MAAY;AAC1B,qBAAa,OAAO;AACpB,aAAK,OAAO,YAAY,IAAI,WAAW,cAAc;AAAA,MACvD;AAEA,WAAK,OAAO,YAAY,GAAG,WAAW,cAAc;AAAA,IACtD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UACJ,oBACA,mBACA,UAC0C;AAC1C,QAAI,CAAC,KAAK,OAAO,YAAY,UAAU,GAAG;AACxC,aAAO,EAAE,IAAI,OAAO,OAAO,yBAAyB;AAAA,IACtD;AAEA,UAAM,UAA+B;AAAA,MACnC,WAAW;AAAA,MACX,UAAU,UAAU;AAAA,MACpB,UAAU,UAAU,OAAO,EAAE,MAAM,SAAS,KAAK,IAAI;AAAA,MACrD,SAAS,UAAU;AAAA,MACnB,YAAY,UAAU;AAAA,IACxB;AAEA,UAAM,WAAW;AAAA,MACf;AAAA,MACA,KAAK,OAAO;AAAA,MACZ,KAAK,OAAO;AAAA,MACZ;AAAA,MACA,KAAK,IAAI;AAAA,MACT;AAAA,MACA,CAAC,kBAAkB;AAAA,IACrB;AAEA,WAAO,KAAK,OAAO,YAAY,KAAK,oBAAoB,QAAQ;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,UAAyC,MAAoB;AAElF,UAAM,eAAe,eAAe,QAAQ;AAC5C,QAAI,CAAC,aAAa,OAAO;AACvB,WAAK,KAAK,SAAS,IAAI,MAAM,0BAA0B,aAAa,MAAM,EAAE,CAAC;AAC7E;AAAA,IACF;AAGA,SAAK,KAAK,iBAAiB,SAAS,SAAS,IAAI;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,UAAmD;AAExE,UAAM,eAAe,eAAe,QAAQ;AAC5C,QAAI,CAAC,aAAa,OAAO;AACvB,WAAK,KAAK,SAAS,IAAI,MAAM,+BAA+B,aAAa,MAAM,EAAE,CAAC;AAClF;AAAA,IACF;AAGA,QAAI,SAAS,SAAS,KAAK,OAAO,gBAAgB;AAChD,WAAK,KAAK,SAAS,IAAI,MAAM,8CAA8C,CAAC;AAC5E;AAAA,IACF;AAGA,SAAK,KAAK,oBAAoB,SAAS,QAAQ,KAAK;AAAA,EACtD;AACF;;;ACrKO,IAAM,2BAA2B;AAAA,EACtC;AAAA,IACE,KAAK;AAAA,IACL,MAAM;AAAA;AAAA;AAAA,EAGR;AACF;AAiBO,SAAS,2BAA4C;AAC1D,SAAO;AAAA,IACL,UAAU,yBAAyB,CAAC,EAAE;AAAA,IACtC,SAAS;AAAA,EACX;AACF;AAKO,SAAS,oBAAoB,KAAa,WAAqC;AACpF,SAAO;AAAA,IACL,UAAU;AAAA,IACV,gBAAgB;AAAA,IAChB,SAAS;AAAA,EACX;AACF;;;ACzCO,SAAS,SAAS,WAA2B;AAClD,SAAO,MAAM,UAAU,MAAM,EAAE;AACjC;AAYA,SAAS,mBAAmB,WAA0D;AACpF,MAAI,CAAC,WAAW;AACd,WAAO,CAAC;AAAA,EACV;AACA,MAAI,MAAM,QAAQ,SAAS,GAAG;AAC5B,WAAO,UAAU,OAAO,CAAC,MAAM,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,SAAS,CAAC;AAAA,EAC1F;AACA,MAAI,qBAAqB,KAAK;AAC5B,WAAO,MAAM,KAAK,UAAU,OAAO,CAAC,EAAE,OAAO,CAAC,MAAM,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,SAAS,CAAC;AAAA,EAC/G;AACA,SAAO,OAAO,OAAO,SAAS,EAAE,OAAO,CAAC,MAAM,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,SAAS,CAAC;AACzG;AAEA,SAAS,SAAS,IAAY,WAAoE;AAChG,SAAO,mBAAmB,SAAS,EAAE,KAAK,CAAC,UAAU,MAAM,cAAc,EAAE;AAC7E;AAQO,SAAS,QAAQ,IAAY,WAA4C;AAC9E,QAAM,SAAS,GAAG,MAAM,EAAE;AAC1B,QAAM,QAAQ,SAAS,IAAI,SAAS;AACpC,MAAI,CAAC,OAAO,MAAM;AAChB,WAAO,IAAI,MAAM;AAAA,EACnB;AACA,SAAO,GAAG,MAAM,IAAI,IAAI,MAAM;AAChC;AAOO,SAAS,OAAO,SAAiB,WAAuD;AAC7F,QAAM,UAAU,mBAAmB,SAAS;AAC5C,MAAI,QAAQ,WAAW,GAAG;AACxB,WAAO;AAAA,EACT;AAEA,QAAM,QAAQ,QAAQ,KAAK;AAC3B,QAAM,SAAS,QAAQ,KAAK,CAAC,UAAU,MAAM,cAAc,KAAK;AAChE,MAAI,QAAQ;AACV,WAAO,OAAO;AAAA,EAChB;AAGA,QAAM,gBAAgB,MAAM,MAAM,yBAAyB;AAC3D,MAAI,eAAe;AACjB,UAAM,CAAC,EAAE,MAAM,MAAM,IAAI;AACzB,UAAM,UAAU,QAAQ,OAAO,CAAC,UAAU,MAAM,SAAS,QAAQ,MAAM,UAAU,YAAY,EAAE,SAAS,OAAO,YAAY,CAAC,CAAC;AAC7H,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,QAAQ,CAAC,EAAE;AAAA,IACpB;AACA,WAAO;AAAA,EACT;AAGA,QAAM,eAAe,MAAM,MAAM,qBAAqB;AACtD,MAAI,cAAc;AAChB,UAAM,CAAC,EAAE,MAAM,IAAI;AACnB,UAAM,UAAU,QAAQ,OAAO,CAAC,UAAU,MAAM,UAAU,YAAY,EAAE,SAAS,OAAO,YAAY,CAAC,CAAC;AACtG,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,QAAQ,CAAC,EAAE;AAAA,IACpB;AACA,WAAO;AAAA,EACT;AAGA,QAAM,kBAAkB,MAAM,MAAM,8BAA8B;AAClE,MAAI,iBAAiB;AACnB,UAAM,CAAC,EAAE,MAAM,MAAM,IAAI;AACzB,UAAM,UAAU,QAAQ,OAAO,CAAC,UAAU,MAAM,SAAS,QAAQ,MAAM,UAAU,YAAY,EAAE,SAAS,OAAO,YAAY,CAAC,CAAC;AAC7H,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,QAAQ,CAAC,EAAE;AAAA,IACpB;AACA,WAAO;AAAA,EACT;AAGA,QAAM,aAAa,MAAM,MAAM,0BAA0B;AACzD,MAAI,YAAY;AACd,UAAM,CAAC,EAAE,MAAM,IAAI;AACnB,UAAM,UAAU,QAAQ,OAAO,CAAC,UAAU,MAAM,UAAU,YAAY,EAAE,SAAS,OAAO,YAAY,CAAC,CAAC;AACtG,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,QAAQ,CAAC,EAAE;AAAA,IACpB;AACA,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,QAAQ,OAAO,CAAC,UAAU,MAAM,SAAS,KAAK;AAC7D,MAAI,OAAO,WAAW,GAAG;AACvB,WAAO,OAAO,CAAC,EAAE;AAAA,EACnB;AAEA,SAAO;AACT;AAKO,SAAS,uBAAuB,MAAc,WAA2C;AAC9F,SAAO,KAAK,QAAQ,cAAc,CAAC,OAAO,UAAkB;AAC1D,UAAM,WAAW,OAAO,OAAO,SAAS;AACxC,WAAO,WAAW,IAAI,QAAQ,KAAK,IAAI,KAAK;AAAA,EAC9C,CAAC;AACH;AAKO,SAAS,wBAAwB,MAAc,WAA2C;AAC/F,SAAO,KAAK,QAAQ,wBAAwB,CAAC,OAAO,OAAe,IAAI,QAAQ,IAAI,SAAS,CAAC,EAAE;AACjG;AAMO,SAAS,6BAA6B,MAAc,WAA2C;AACpG,SAAO,KAAK,QAAQ,wBAAwB,CAAC,OAAO,OAAe;AACjE,UAAM,QAAQ,SAAS,IAAI,SAAS;AACpC,QAAI,CAAC,OAAO;AACV,aAAO,IAAI,EAAE;AAAA,IACf;AACA,WAAO,IAAI,QAAQ,IAAI,SAAS,CAAC;AAAA,EACnC,CAAC;AACH;AAOO,SAAS,uBAAuB,SAA0B;AAC/D,MAAI,WAAW,OAAO,YAAY,YAAY,UAAU,WAAW,OAAQ,QAA8B,SAAS,UAAU;AAC1H,WAAO,aAAc,QAA6B,IAAI;AAAA,EACxD;AACA,MAAI,OAAO,YAAY,SAAU,QAAO,aAAa,OAAO;AAC5D,SAAO,aAAa,KAAK,UAAU,WAAW,EAAE,CAAC;AACnD;AAMO,SAAS,aAAa,MAAsB;AACjD,SAAO,KACJ,QAAQ,0DAA0D,EAAE,EACpE,QAAQ,uCAAuC,QAAQ,EACvD,QAAQ,wCAAwC,QAAQ;AAC7D;AAOO,SAAS,mBACd,WACA,WACoB;AACpB,QAAM,QAAQ,SAAS,WAAW,SAAS;AAC3C,MAAI,OAAO,MAAM;AACf,WAAO,MAAM;AAAA,EACf;AAEA,SAAO;AACT;AAcO,SAAS,qBACd,QACA,SACoB;AAEpB,MAAI,SAAS;AACX,WAAO;AAAA,EACT;AAGA,MAAI,OAAO,OAAO;AAChB,QAAI,OAAO,OAAO,UAAU,YAAY,OAAO,MAAM,MAAM;AACzD,aAAO,OAAO,MAAM;AAAA,IACtB;AAAA,EACF;AAGA,MAAI,OAAO,SAAS,MAAM;AACxB,WAAO,OAAO,SAAS;AAAA,EACzB;AAGA,SAAO;AACT;AAWO,SAAS,kBAAkB,MAA0B,WAA2B;AACrF,QAAM,SAAS,UAAU,MAAM,EAAE;AAEjC,MAAI,CAAC,QAAQ,KAAK,KAAK,MAAM,MAAM,KAAK,WAAW,KAAK,KAAK,KAAK,WAAW,GAAG,GAAG;AACjF,WAAO,IAAI,MAAM;AAAA,EACnB;AACA,SAAO,GAAG,IAAI,IAAI,MAAM;AAC1B;AAgBO,SAAS,uBAAuB,OAAkC;AACvE,QAAM,KAAK,IAAI,KAAK,MAAM,SAAS,EAAE,YAAY;AACjD,QAAM,SAAS,MAAM,GAAG,SAAS,IAAI,MAAM,GAAG,KAAK,IAAI,IAAI;AAC3D,QAAM,WAAW,MAAM,KAAK,QAAQ,UAAU,GAAG;AACjD,SAAO,IAAI,EAAE,eAAe,MAAM,IAAI,YAAY,MAAM,IAAI,QAAQ;AACtE;AAMO,SAAS,sBAAsB,MAAwC;AAC5E,QAAM,QAAQ,KAAK;AAAA,IACjB;AAAA,EACF;AACA,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,CAAC,EAAE,IAAI,MAAM,OAAO,IAAI,IAAI;AAClC,QAAM,YAAY,IAAI,KAAK,EAAE,EAAE,QAAQ;AACvC,MAAI,MAAM,SAAS,EAAG,QAAO;AAC7B,QAAM,KAAK,UAAU,WAAW,CAAC,IAAI,MAAM,MAAM,IAAI,EAAE,OAAO,OAAO;AACrE,SAAO,EAAE,WAAW,MAAM,IAAI,MAAM,QAAQ,GAAG;AACjD;;;ACpGO,SAAS,2BAA2B,QAAmC;AAC5E,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,WAAW,YAAY,WAAW,MAAM;AACjD,WAAO,EAAE,OAAO,OAAO,QAAQ,CAAC,0BAA0B,EAAE;AAAA,EAC9D;AAEA,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,OAAO,YAAY,EAAE,GAAG,WAAW,GAAG;AACjD,WAAO,KAAK,+BAA+B;AAAA,EAC7C;AAEA,MAAI,OAAO,EAAE,aAAa,YAAY,EAAE,SAAS,WAAW,GAAG;AAC7D,WAAO,KAAK,qCAAqC;AAAA,EACnD;AAEA,MAAI,OAAO,EAAE,WAAW,YAAY,EAAE,OAAO,WAAW,GAAG;AACzD,WAAO,KAAK,mCAAmC;AAAA,EACjD;AAEA,MAAI,OAAO,EAAE,WAAW,YAAY,EAAE,OAAO,WAAW,GAAG;AACzD,WAAO,KAAK,mCAAmC;AAAA,EACjD;AAEA,MAAI,CAAC,CAAC,WAAW,aAAa,UAAU,EAAE,SAAS,EAAE,OAAiB,GAAG;AACvE,WAAO,KAAK,sDAAsD;AAAA,EACpE;AAEA,MAAI,OAAO,EAAE,eAAe,YAAY,EAAE,aAAa,KAAK,EAAE,aAAa,GAAG;AAC5E,WAAO,KAAK,6CAA6C;AAAA,EAC3D;AAEA,MAAI,EAAE,aAAa,UAAa,OAAO,EAAE,aAAa,UAAU;AAC9D,WAAO,KAAK,uCAAuC;AAAA,EACrD;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,aAAa,GAAG;AACvD,WAAO,KAAK,qCAAqC;AAAA,EACnD;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,WAAW,GAAG;AAC/D,WAAO,KAAK,sCAAsC;AAAA,EACpD;AAEA,SAAO,EAAE,OAAO,OAAO,WAAW,GAAG,OAAO;AAC9C;AAKO,SAAS,qBAAqB,QAAmC;AACtE,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,WAAW,YAAY,WAAW,MAAM;AACjD,WAAO,EAAE,OAAO,OAAO,QAAQ,CAAC,0BAA0B,EAAE;AAAA,EAC9D;AAEA,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,OAAO,YAAY,EAAE,GAAG,WAAW,GAAG;AACjD,WAAO,KAAK,+BAA+B;AAAA,EAC7C;AAEA,MAAI,OAAO,EAAE,UAAU,YAAY,EAAE,MAAM,WAAW,GAAG;AACvD,WAAO,KAAK,kCAAkC;AAAA,EAChD;AAEA,MAAI,OAAO,EAAE,WAAW,YAAY,EAAE,OAAO,WAAW,GAAG;AACzD,WAAO,KAAK,mCAAmC;AAAA,EACjD;AAEA,MAAI,OAAO,EAAE,eAAe,YAAY,EAAE,WAAW,WAAW,IAAI;AAClE,WAAO,KAAK,6DAA6D;AAAA,EAC3E;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,aAAa,GAAG;AACvD,WAAO,KAAK,qCAAqC;AAAA,EACnD;AAEA,MAAI,OAAO,EAAE,WAAW,YAAY,EAAE,UAAU,GAAG;AACjD,WAAO,KAAK,kCAAkC;AAAA,EAChD;AAEA,MAAI,OAAO,EAAE,WAAW,YAAY,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,EAAE,WAAW;AAC9F,WAAO,KAAK,gCAAgC;AAAA,EAC9C;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,WAAW,GAAG;AAC/D,WAAO,KAAK,sCAAsC;AAAA,EACpD;AAEA,SAAO,EAAE,OAAO,OAAO,WAAW,GAAG,OAAO;AAC9C;AAKO,SAAS,qBAAqB,QAAmC;AACtE,QAAM,SAAmB,CAAC;AAE1B,MAAI,OAAO,WAAW,YAAY,WAAW,MAAM;AACjD,WAAO,EAAE,OAAO,OAAO,QAAQ,CAAC,0BAA0B,EAAE;AAAA,EAC9D;AAEA,QAAM,IAAI;AAEV,MAAI,OAAO,EAAE,OAAO,YAAY,EAAE,GAAG,WAAW,GAAG;AACjD,WAAO,KAAK,+BAA+B;AAAA,EAC7C;AAEA,MAAI,OAAO,EAAE,UAAU,YAAY,EAAE,MAAM,WAAW,GAAG;AACvD,WAAO,KAAK,kCAAkC;AAAA,EAChD;AAEA,MAAI,OAAO,EAAE,iBAAiB,YAAY,EAAE,aAAa,WAAW,GAAG;AACrE,WAAO,KAAK,yCAAyC;AAAA,EACvD;AAEA,MAAI,OAAO,EAAE,eAAe,YAAY,EAAE,WAAW,WAAW,GAAG;AACjE,WAAO,KAAK,uCAAuC;AAAA,EACrD;AAEA,MAAI,OAAO,EAAE,YAAY,YAAY,EAAE,QAAQ,WAAW,GAAG;AAC3D,WAAO,KAAK,oCAAoC;AAAA,EAClD;AAEA,MAAI,EAAE,aAAa,UAAa,OAAO,EAAE,aAAa,UAAU;AAC9D,WAAO,KAAK,uCAAuC;AAAA,EACrD;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,aAAa,GAAG;AACvD,WAAO,KAAK,qCAAqC;AAAA,EACnD;AAEA,MAAI,OAAO,EAAE,cAAc,YAAY,EAAE,UAAU,WAAW,GAAG;AAC/D,WAAO,KAAK,sCAAsC;AAAA,EACpD;AAEA,SAAO,EAAE,OAAO,OAAO,WAAW,GAAG,OAAO;AAC9C;;;AChUA,SAAS,YAAY,UAAU;AAC/B,SAAS,WAAAC,gBAAe;AAejB,IAAM,kBAAN,MAAsB;AAAA,EACnB;AAAA,EACA,gBAAiD,oBAAI,IAAI;AAAA,EACzD,UAAqC,oBAAI,IAAI;AAAA,EAC7C,UAAqC,oBAAI,IAAI;AAAA,EAC7C,SAAS;AAAA,EAEjB,YAAY,UAAkB;AAC5B,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAsB;AAC1B,QAAI;AACF,YAAM,UAAU,MAAM,GAAG,SAAS,KAAK,UAAU,OAAO;AACxD,YAAM,QAAQ,QAAQ,KAAK,EAAE,MAAM,IAAI,EAAE,OAAO,UAAQ,KAAK,SAAS,CAAC;AAEvE,iBAAW,QAAQ,OAAO;AACxB,YAAI;AACF,gBAAM,SAAS,KAAK,MAAM,IAAI;AAE9B,kBAAQ,OAAO,MAAM;AAAA,YACnB,KAAK,gBAAgB;AAEnB,oBAAM,EAAE,MAAM,OAAO,GAAG,aAAa,IAAI;AACzC,oBAAM,aAAa,2BAA2B,YAAY;AAC1D,kBAAI,WAAW,OAAO;AACpB,qBAAK,cAAc,IAAI,aAAa,IAAI,YAAkC;AAAA,cAC5E;AACA;AAAA,YACF;AAAA,YACA,KAAK,UAAU;AAEb,oBAAM,EAAE,MAAM,OAAO,GAAG,OAAO,IAAI;AACnC,oBAAM,aAAa,qBAAqB,MAAM;AAC9C,kBAAI,WAAW,OAAO;AACpB,qBAAK,QAAQ,IAAI,OAAO,IAAI,MAAsB;AAAA,cACpD;AACA;AAAA,YACF;AAAA,YACA,KAAK,UAAU;AAEb,oBAAM,EAAE,MAAM,OAAO,GAAG,OAAO,IAAI;AACnC,oBAAM,aAAa,qBAAqB,MAAM;AAC9C,kBAAI,WAAW,OAAO;AACpB,qBAAK,QAAQ,IAAI,OAAO,IAAI,MAAsB;AAAA,cACpD;AACA;AAAA,YACF;AAAA,UACF;AAAA,QACF,QAAQ;AAEN;AAAA,QACF;AAAA,MACF;AAEA,WAAK,SAAS;AAAA,IAChB,SAAS,OAAO;AAEd,UAAK,MAAgC,SAAS,UAAU;AACtD,aAAK,SAAS;AACd;AAAA,MACF;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,eAA8B;AAC1C,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,KAAK,KAAK;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aAAa,QAAqC;AAE9D,UAAM,GAAG,MAAMC,SAAQ,KAAK,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAG1D,UAAM,OAAO,KAAK,UAAU,MAAM,IAAI;AACtC,UAAM,GAAG,WAAW,KAAK,UAAU,MAAM,OAAO;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,gBAAgB,cAAiD;AACrE,UAAM,KAAK,aAAa;AAExB,UAAM,aAAa,2BAA2B,YAAY;AAC1D,QAAI,CAAC,WAAW,OAAO;AACrB,YAAM,IAAI,MAAM,yBAAyB,WAAW,OAAO,KAAK,IAAI,CAAC,EAAE;AAAA,IACzE;AAEA,SAAK,cAAc,IAAI,aAAa,IAAI,YAAY;AACpD,UAAM,KAAK,aAAa,EAAE,MAAM,gBAAgB,GAAG,aAAa,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,QAAqC;AACnD,UAAM,KAAK,aAAa;AAExB,UAAM,aAAa,qBAAqB,MAAM;AAC9C,QAAI,CAAC,WAAW,OAAO;AACrB,YAAM,IAAI,MAAM,mBAAmB,WAAW,OAAO,KAAK,IAAI,CAAC,EAAE;AAAA,IACnE;AAEA,SAAK,QAAQ,IAAI,OAAO,IAAI,MAAM;AAClC,UAAM,KAAK,aAAa,EAAE,MAAM,UAAU,GAAG,OAAO,CAAC;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,QAAqC;AACnD,UAAM,KAAK,aAAa;AAExB,UAAM,aAAa,qBAAqB,MAAM;AAC9C,QAAI,CAAC,WAAW,OAAO;AACrB,YAAM,IAAI,MAAM,mBAAmB,WAAW,OAAO,KAAK,IAAI,CAAC,EAAE;AAAA,IACnE;AAEA,SAAK,QAAQ,IAAI,OAAO,IAAI,MAAM;AAClC,UAAM,KAAK,aAAa,EAAE,MAAM,UAAU,GAAG,OAAO,CAAC;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBAAkD;AACtD,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,cAAc,OAAO,CAAC;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,yBAAyB,QAA+C;AAC5E,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,cAAc,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,WAAW,MAAM;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,yBAAyB,QAA+C;AAC5E,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,cAAc,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,WAAW,MAAM;AAAA,EAChF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,iCAAiC,QAA+C;AACpF,WAAO,KAAK,yBAAyB,MAAM;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAsC;AAC1C,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,IAA0C;AACxD,UAAM,KAAK,aAAa;AACxB,WAAO,KAAK,QAAQ,IAAI,EAAE,KAAK;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,OAAwC;AAC9D,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,UAAU,KAAK;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAsC;AAC1C,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,sBAAsB,cAAoD;AAC9E,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC,EAAE,KAAK,OAAK,EAAE,iBAAiB,YAAY,KAAK;AAAA,EACzF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,OAAwC;AAC9D,UAAM,KAAK,aAAa;AACxB,WAAO,MAAM,KAAK,KAAK,QAAQ,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,UAAU,KAAK;AAAA,EACxE;AACF;;;ACvNO,SAAS,mBACd,UACA,YACA,QACA,QACA,SACA,YACA,WACA,UACoB;AAEpB,MAAI,aAAa,KAAK,aAAa,GAAG;AACpC,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAGA,QAAM,UAAmC;AAAA,IACvC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,MAAI,aAAa,QAAW;AAC1B,YAAQ,WAAW;AAAA,EACrB;AAGA,QAAM,WAAW,eAAe,gBAAgB,UAAU,YAAY,SAAS,WAAW,QAAW,CAAC,QAAQ,CAAC;AAG/G,QAAM,SAA6B;AAAA,IACjC,IAAI,SAAS;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,SAAS;AAAA,EACtB;AAEA,MAAI,aAAa,QAAW;AAC1B,WAAO,WAAW;AAAA,EACpB;AAEA,SAAO;AACT;AAOO,SAAS,4BACd,QACqC;AAErC,QAAM,sBAAsB,2BAA2B,MAAM;AAC7D,MAAI,CAAC,oBAAoB,OAAO;AAC9B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,QAAQ,sBAAsB,oBAAoB,OAAO,KAAK,IAAI,CAAC;AAAA,IACrE;AAAA,EACF;AAGA,QAAM,UAAmC;AAAA,IACvC,UAAU,OAAO;AAAA,IACjB,QAAQ,OAAO;AAAA,IACf,QAAQ,OAAO;AAAA,IACf,SAAS,OAAO;AAAA,IAChB,YAAY,OAAO;AAAA,IACnB,WAAW,OAAO;AAAA,EACpB;AAEA,MAAI,OAAO,aAAa,QAAW;AACjC,YAAQ,WAAW,OAAO;AAAA,EAC5B;AAEA,QAAM,WAAW;AAAA,IACf,IAAI,OAAO;AAAA,IACX,MAAM;AAAA,IACN,MAAM,OAAO;AAAA,IACb,IAAI,CAAC,OAAO,QAAQ;AAAA,IACpB,WAAW,OAAO;AAAA,IAClB;AAAA,IACA,WAAW,OAAO;AAAA,EACpB;AAGA,SAAO,eAAe,QAAQ;AAChC;;;AC9GA,SAAS,kBAAkB;AAUpB,SAAS,eAAe,YAA4B;AACzD,SAAO,WAAW,QAAQ,EAAE,OAAO,UAAU,EAAE,OAAO,KAAK;AAC7D;AAYO,SAAS,aACd,OACA,YACA,QACA,YACA,WACA,UACc;AACd,QAAM,aAAa,eAAe,UAAU;AAC5C,QAAM,SAAS,YAAY;AAG3B,QAAM,UAAU;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAGA,QAAM,WAAW,eAAe,UAAU,OAAO,YAAY,SAAS,WAAW,QAAW,CAAC,KAAK,CAAC;AAGnG,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,SAAS;AAAA,EACtB;AACF;AAaO,SAAS,aACd,OACA,YACA,cACA,YACA,SACA,WACA,UACc;AAGd,QAAM,UAAmC;AAAA,IACvC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,MAAI,aAAa,QAAW;AAC1B,YAAQ,WAAW;AAAA,EACrB;AAGA,QAAM,WAAW,eAAe,UAAU,OAAO,YAAY,SAAS,WAAW,QAAW,CAAC,KAAK,CAAC;AAGnG,QAAM,SAAuB;AAAA,IAC3B,IAAI,SAAS;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,SAAS;AAAA,EACtB;AAEA,MAAI,aAAa,QAAW;AAC1B,WAAO,WAAW;AAAA,EACpB;AAEA,SAAO;AACT;AAQO,SAAS,aACd,QACA,QACqC;AAErC,QAAM,mBAAmB,qBAAqB,MAAM;AACpD,MAAI,CAAC,iBAAiB,OAAO;AAC3B,WAAO,EAAE,OAAO,OAAO,QAAQ,mBAAmB,iBAAiB,OAAO,KAAK,IAAI,CAAC,GAAG;AAAA,EACzF;AAEA,QAAM,mBAAmB,qBAAqB,MAAM;AACpD,MAAI,CAAC,iBAAiB,OAAO;AAC3B,WAAO,EAAE,OAAO,OAAO,QAAQ,mBAAmB,iBAAiB,OAAO,KAAK,IAAI,CAAC,GAAG;AAAA,EACzF;AAGA,MAAI,OAAO,iBAAiB,OAAO,IAAI;AACrC,WAAO,EAAE,OAAO,OAAO,QAAQ,wCAAwC;AAAA,EACzE;AAGA,MAAI,OAAO,UAAU,OAAO,OAAO;AACjC,WAAO,EAAE,OAAO,OAAO,QAAQ,2CAA2C;AAAA,EAC5E;AAGA,MAAI,OAAO,YAAY,OAAO,QAAQ;AACpC,WAAO,EAAE,OAAO,OAAO,QAAQ,2CAA2C;AAAA,EAC5E;AAGA,QAAM,gBAAgB,eAAe,OAAO,UAAU;AACtD,MAAI,kBAAkB,OAAO,YAAY;AACvC,WAAO,EAAE,OAAO,OAAO,QAAQ,4CAA4C;AAAA,EAC7E;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;;;ACrJO,SAAS,MAAM,aAAqB,SAAS,KAAK,IAAI,CAAC,IAAI,IAAY;AAC5E,QAAM,YAAY,eAAe,MAAO,KAAK,KAAK;AAClD,SAAO,KAAK,IAAI,CAAC,SAAS,SAAS;AACrC;AAOA,SAAS,cAAc,SAAuD;AAC5E,UAAQ,SAAS;AAAA,IACf,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,EACX;AACF;AAmCO,SAAS,kBACd,OACA,QACA,eACA,aACA,SACY;AAEZ,QAAM,wBAAwB,cAAc;AAAA,IAC1C,OAAK,EAAE,WAAW,SAAS,EAAE,WAAW;AAAA,EAC1C;AAEA,MAAI,sBAAsB,WAAW,GAAG;AACtC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,OAAO;AAAA,MACP,mBAAmB;AAAA,MACnB,cAAc;AAAA,MACd,cAAc,CAAC;AAAA,IACjB;AAAA,EACF;AAEA,QAAM,WAAW,SAAS,YAAY;AACtC,QAAM,gBAAgB,SAAS;AAC/B,QAAM,mBAAmB,SAAS;AAGlC,MAAI,eAAe;AACjB,kBAAc,IAAI,KAAK;AAAA,EACzB;AAGA,MAAI,cAAc;AAClB,QAAM,kBAAkB,oBAAI,IAAoB;AAEhD,aAAW,gBAAgB,uBAAuB;AAChD,UAAM,YAAY,cAAc,aAAa;AAC7C,UAAM,cAAc,MAAM,SAAS;AACnC,UAAM,UAAU,cAAc,aAAa,OAAO;AAGlD,QAAI;AACJ,QAAI,CAAC,oBAAoB,YAAY,GAAG;AAEtC,4BAAsB;AAAA,IACxB,WAAW,eAAe,IAAI,aAAa,QAAQ,GAAG;AAEpD,4BAAsB;AAAA,IACxB,OAAO;AACL,4BAAsB,iBAAiB,aAAa,UAAU,MAAM;AAAA,IACtE;AAEA,UAAM,SAAS,UAAU,aAAa,aAAa,cAAc;AAEjE,mBAAe;AAGf,UAAM,wBAAwB,gBAAgB,IAAI,aAAa,QAAQ,KAAK;AAC5E,oBAAgB,IAAI,aAAa,UAAU,wBAAwB,KAAK,IAAI,MAAM,CAAC;AAAA,EACrF;AAGA,MAAI,eAAe;AACjB,kBAAc,OAAO,KAAK;AAAA,EAC5B;AAIA,QAAM,WAAW,cAAc,KAAK,IAAI,sBAAsB,QAAQ,CAAC;AACvE,QAAM,kBAAkB,KAAK,IAAI,GAAG,KAAK,IAAI,IAAI,WAAW,KAAK,CAAC,CAAC;AAGnE,QAAM,eAAe,KAAK,IAAI,GAAG,sBAAsB,IAAI,OAAK,EAAE,SAAS,CAAC;AAG5E,QAAM,eAAe,MAAM,KAAK,gBAAgB,QAAQ,CAAC,EACtD,KAAK,CAAC,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,EAC1B,MAAM,GAAG,CAAC,EACV,IAAI,CAAC,CAAC,QAAQ,MAAM,QAAQ;AAE/B,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,mBAAmB,sBAAsB;AAAA,IACzC;AAAA,IACA;AAAA,EACF;AACF;AASO,SAAS,mBACd,OACA,eACA,aACyB;AAEzB,QAAM,UAAU,IAAI;AAAA,IAClB,cACG,OAAO,OAAK,EAAE,WAAW,KAAK,EAC9B,IAAI,OAAK,EAAE,MAAM;AAAA,EACtB;AAEA,QAAM,SAAS,oBAAI,IAAwB;AAC3C,aAAW,UAAU,SAAS;AAC5B,UAAM,QAAQ,kBAAkB,OAAO,QAAQ,eAAe,WAAW;AACzE,WAAO,IAAI,QAAQ,KAAK;AAAA,EAC1B;AAEA,SAAO;AACT;AAGO,IAAM,wBAAwB;","names":["resolve","readFileSync","existsSync","writeFileSync","WebSocket","WebSocket","resolve","EventEmitter","EventEmitter","resolve","dirname","dirname"]}
package/dist/chunk-HGXMAZZI.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/identity/keypair.ts","../src/message/envelope.ts","../src/relay/store.ts","../src/relay/server.ts"],"sourcesContent":["import { sign, verify, generateKeyPairSync } from 'node:crypto';\r\n\r\n/**\r\n * Represents an ed25519 key pair for agent identity\r\n */\r\nexport interface KeyPair {\r\n publicKey: string; // hex-encoded\r\n privateKey: string; // hex-encoded\r\n}\r\n\r\n/**\r\n * Generates a new ed25519 key pair\r\n * @returns KeyPair with hex-encoded public and private keys\r\n */\r\nexport function generateKeyPair(): KeyPair {\r\n const { publicKey, privateKey } = generateKeyPairSync('ed25519');\r\n \r\n return {\r\n publicKey: publicKey.export({ type: 'spki', format: 'der' }).toString('hex'),\r\n privateKey: privateKey.export({ type: 'pkcs8', format: 'der' }).toString('hex'),\r\n };\r\n}\r\n\r\n/**\r\n * Signs a message with the private key\r\n * @param message - The message to sign (string or Buffer)\r\n * @param privateKeyHex - The private key in hex format\r\n * @returns Signature as hex string\r\n */\r\nexport function signMessage(message: string | Buffer, privateKeyHex: string): string {\r\n const messageBuffer = typeof message === 'string' ? Buffer.from(message) : message;\r\n const privateKey = Buffer.from(privateKeyHex, 'hex');\r\n \r\n const signature = sign(null, messageBuffer, {\r\n key: privateKey,\r\n format: 'der',\r\n type: 'pkcs8',\r\n });\r\n \r\n return signature.toString('hex');\r\n}\r\n\r\n/**\r\n * Verifies a signature with the public key\r\n * @param message - The original message (string or Buffer)\r\n * @param signatureHex - The signature in hex format\r\n * @param publicKeyHex - The public key in hex format\r\n * @returns true if signature is valid, false otherwise\r\n */\r\nexport function verifySignature(\r\n message: string | Buffer,\r\n signatureHex: string,\r\n publicKeyHex: string\r\n): boolean {\r\n const messageBuffer = typeof message === 'string' ? Buffer.from(message) : message;\r\n const signature = Buffer.from(signatureHex, 'hex');\r\n const publicKey = Buffer.from(publicKeyHex, 'hex');\r\n \r\n try {\r\n return verify(null, messageBuffer, {\r\n key: publicKey,\r\n format: 'der',\r\n type: 'spki',\r\n }, signature);\r\n } catch {\r\n return false;\r\n }\r\n}\r\n\r\n/**\r\n * Exports a key pair to a JSON-serializable format\r\n * @param keyPair - The key pair to export\r\n * @returns KeyPair object with hex-encoded keys\r\n */\r\nexport function exportKeyPair(keyPair: KeyPair): KeyPair {\r\n return {\r\n publicKey: keyPair.publicKey,\r\n privateKey: keyPair.privateKey,\r\n };\r\n}\r\n\r\n/**\r\n * Imports a key pair from hex strings\r\n * @param publicKeyHex - The public key in hex format\r\n * @param privateKeyHex - The private key in hex format\r\n * @returns KeyPair object\r\n * @throws Error if keys are not valid hex strings\r\n */\r\nexport function importKeyPair(publicKeyHex: string, privateKeyHex: string): KeyPair {\r\n // Validate that keys are valid hex strings\r\n const hexPattern = /^[0-9a-f]+$/i;\r\n if (!hexPattern.test(publicKeyHex)) {\r\n throw new Error('Invalid public key: must be a hex string');\r\n }\r\n if (!hexPattern.test(privateKeyHex)) {\r\n throw new Error('Invalid private key: must be a hex string');\r\n }\r\n \r\n return {\r\n publicKey: publicKeyHex,\r\n privateKey: privateKeyHex,\r\n };\r\n}\r\n","import { createHash } from 'node:crypto';\nimport { signMessage, verifySignature } from '../identity/keypair';\n\n/**\n * Message types on the Agora network.\n * Every piece of data flowing between agents is wrapped in an envelope.\n */\nexport type MessageType =\n | 'announce' // Agent publishes capabilities/state\n | 'discover' // Agent requests peer discovery\n | 'request' // Agent requests a service\n | 'response' // Agent responds to a request\n | 'publish' // Agent publishes knowledge/state\n | 'subscribe' // Agent subscribes to a topic/domain\n | 'verify' // Agent verifies another agent's claim\n | 'ack' // Acknowledgement\n | 'error' // Error response\n | 'paper_discovery' // Agent publishes a discovered academic paper\n | 'peer_list_request' // Request peer list from relay\n | 'peer_list_response' // Relay responds with connected peers\n | 'peer_referral' // Agent recommends another agent\n | 'capability_announce' // Agent publishes capabilities to network\n | 'capability_query' // Agent queries for capabilities\n | 'capability_response' // Response with matching peers\n | 'commit' // Agent commits to a prediction (commit-reveal pattern)\n | 'reveal' // Agent reveals prediction and outcome\n | 'verification' // Agent verifies another agent's output\n | 'revocation' // Agent revokes a prior verification\n | 'reputation_query' // Agent queries for reputation data\n | 'reputation_response'; // Response to reputation query\n\n/**\n * The signed envelope that wraps every message on the network.\n * Content-addressed: the ID is the hash of the canonical payload.\n * Signed: every envelope carries a signature from the sender's private key.\n */\nexport interface Envelope<T = unknown> {\n /** Content-addressed ID: SHA-256 hash of canonical payload */\n id: string;\n /** Message type */\n type: MessageType;\n /** Sender peer ID (full ID) */\n from: string;\n /** Recipient peer IDs (full IDs) */\n to: string[];\n /** Unix timestamp (ms) when the message was created */\n timestamp: number;\n /** Optional: ID of the message this is responding to */\n inReplyTo?: string;\n /** The actual payload */\n payload: T;\n /** ed25519 signature over the canonical form (hex-encoded) */\n signature: string;\n}\n\n/**\n * Deterministic JSON serialization with recursively sorted keys.\n */\nfunction stableStringify(value: unknown): string {\n if (value === null || value === undefined) return JSON.stringify(value);\n if (typeof value !== 'object') return JSON.stringify(value);\n if (Array.isArray(value)) {\n return '[' + value.map(stableStringify).join(',') + ']';\n }\n const keys = Object.keys(value as Record<string, unknown>).sort();\n const pairs = keys.map(k => JSON.stringify(k) + ':' + stableStringify((value as Record<string, unknown>)[k]));\n return '{' + pairs.join(',') + '}';\n}\n\n/**\n * Canonical form of an envelope for signing/hashing.\n * Deterministic JSON serialization: recursively sorted keys, no whitespace.\n */\nexport function canonicalize(\n type: MessageType,\n from: string,\n to: string[],\n timestamp: number,\n payload: unknown,\n inReplyTo?: string,\n): string {\n const obj: Record<string, unknown> = { from, payload, timestamp, to, type };\n if (inReplyTo !== undefined) {\n obj.inReplyTo = inReplyTo;\n }\n return stableStringify(obj);\n}\n\nfunction normalizeRecipients(from: string, to?: string | string[]): string[] {\n const list = Array.isArray(to) ? to : (typeof to === 'string' ? [to] : [from]);\n const unique = new Set<string>();\n for (const recipient of list) {\n if (typeof recipient === 'string' && recipient.trim().length > 0) {\n unique.add(recipient);\n }\n }\n if (unique.size === 0) {\n unique.add(from);\n }\n return Array.from(unique);\n}\n\n/**\n * Compute the content-addressed ID for a message.\n */\nexport function computeId(canonical: string): string {\n return createHash('sha256').update(canonical).digest('hex');\n}\n\n/**\n * Create a signed envelope.\n * @param type - Message type\n * @param from - Sender's public key (hex)\n * @param privateKey - Sender's private key (hex) for signing\n * @param payload - The message payload\n * @param timestamp - Timestamp for the envelope (ms), defaults to Date.now()\n * @param inReplyTo - Optional ID of the message being replied to\n * @param to - Recipient peer ID(s)\n * @returns A signed Envelope\n */\nexport function createEnvelope<T>(\n type: MessageType,\n from: string,\n privateKey: string,\n payload: T,\n timestamp: number = Date.now(),\n inReplyTo?: string,\n to?: string | string[],\n): Envelope<T> {\n const recipients = normalizeRecipients(from, to);\n const canonical = canonicalize(type, from, recipients, timestamp, payload, inReplyTo);\n const id = computeId(canonical);\n const signature = signMessage(canonical, privateKey);\n\n return {\n id,\n type,\n from,\n to: recipients,\n timestamp,\n ...(inReplyTo !== undefined ? { inReplyTo } : {}),\n payload,\n signature,\n };\n}\n\n/**\n * Verify an envelope's integrity and authenticity.\n * Checks:\n * 1. Canonical form matches the ID (content-addressing)\n * 2. Signature is valid for the sender's public key\n * \n * @returns Object with `valid` boolean and optional `reason` for failure\n */\nexport function verifyEnvelope(envelope: Envelope): { valid: boolean; reason?: string } {\n const { id, type, from, to, timestamp, payload, signature, inReplyTo } = envelope;\n if (!from || !Array.isArray(to) || to.length === 0) {\n return { valid: false, reason: 'invalid_routing_fields' };\n }\n\n // Reconstruct canonical form.\n const canonical = canonicalize(type, from, to, timestamp, payload, inReplyTo);\n\n // Check content-addressed ID\n const expectedId = computeId(canonical);\n if (id !== expectedId) {\n return { valid: false, reason: 'id_mismatch' };\n }\n\n const sigValid = verifySignature(canonical, signature, from);\n if (!sigValid) {\n return { valid: false, reason: 'signature_invalid' };\n }\n\n return { valid: true };\n}\n","/**\r\n * store.ts — File-based message store for offline peers.\r\n * When the relay has storage enabled for certain public keys, messages\r\n * for offline recipients are persisted and delivered when they connect.\r\n */\r\n\r\nimport * as fs from 'node:fs';\r\nimport * as path from 'node:path';\r\n\r\nexport interface StoredMessage {\r\n from: string;\r\n name?: string;\r\n envelope: object;\r\n}\r\n\r\nexport class MessageStore {\r\n private storageDir: string;\r\n\r\n constructor(storageDir: string) {\r\n this.storageDir = storageDir;\r\n fs.mkdirSync(storageDir, { recursive: true });\r\n }\r\n\r\n private recipientDir(publicKey: string): string {\r\n const safe = publicKey.replace(/[^a-zA-Z0-9_-]/g, '_');\r\n return path.join(this.storageDir, safe);\r\n }\r\n\r\n save(recipientKey: string, message: StoredMessage): void {\r\n const dir = this.recipientDir(recipientKey);\r\n fs.mkdirSync(dir, { recursive: true });\r\n const filename = `${Date.now()}-${crypto.randomUUID()}.json`;\r\n fs.writeFileSync(path.join(dir, filename), JSON.stringify(message));\r\n }\r\n\r\n load(recipientKey: string): StoredMessage[] {\r\n const dir = this.recipientDir(recipientKey);\r\n if (!fs.existsSync(dir)) return [];\r\n const files = fs.readdirSync(dir).sort();\r\n const messages: StoredMessage[] = [];\r\n for (const file of files) {\r\n if (!file.endsWith('.json')) continue;\r\n try {\r\n const data = fs.readFileSync(path.join(dir, file), 'utf8');\r\n messages.push(JSON.parse(data) as StoredMessage);\r\n } catch {\r\n // Skip files that cannot be read or parsed\r\n }\r\n }\r\n return messages;\r\n }\r\n\r\n clear(recipientKey: string): void {\r\n const dir = this.recipientDir(recipientKey);\r\n if (!fs.existsSync(dir)) return;\r\n const files = fs.readdirSync(dir);\r\n for (const file of files) {\r\n if (file.endsWith('.json')) {\r\n fs.unlinkSync(path.join(dir, file));\r\n }\r\n }\r\n }\r\n}\r\n","import { EventEmitter } from 'node:events';\r\nimport { WebSocketServer, WebSocket } from 'ws';\r\nimport { verifyEnvelope, createEnvelope, type Envelope } from '../message/envelope';\r\nimport type { PeerListRequestPayload, PeerListResponsePayload } from '../message/types/peer-discovery';\r\nimport { MessageStore } from './store';\r\n\r\ninterface SenderWindow {\r\n count: number;\r\n windowStart: number;\r\n}\r\n\r\nexport interface RelayRateLimitOptions {\r\n enabled?: boolean;\r\n maxMessages?: number;\r\n windowMs?: number;\r\n}\r\n\r\nexport interface RelayEnvelopeDedupOptions {\r\n enabled?: boolean;\r\n maxIds?: number;\r\n}\r\n\r\n/**\r\n * Represents a connected agent in the relay\r\n */\r\ninterface ConnectedAgent {\r\n /** Agent's public key */\r\n publicKey: string;\r\n /** Optional agent name */\r\n name?: string;\r\n /** WebSocket connection */\r\n socket: WebSocket;\r\n /** Last seen timestamp (ms) */\r\n lastSeen: number;\r\n /** Optional metadata */\r\n metadata?: {\r\n version?: string;\r\n capabilities?: string[];\r\n };\r\n}\r\n\r\n/**\r\n * Events emitted by RelayServer\r\n */\r\nexport interface RelayServerEvents {\r\n 'agent-registered': (publicKey: string) => void;\r\n 'agent-disconnected': (publicKey: string) => void;\r\n /** Emitted when a session disconnects (same as agent-disconnected for compatibility) */\r\n 'disconnection': (publicKey: string) => void;\r\n 'message-relayed': (from: string, to: string, envelope: Envelope) => void;\r\n 'error': (error: Error) => void;\r\n}\r\n\r\n/**\r\n * WebSocket relay server for routing messages between agents.\r\n * \r\n * Agents connect to the relay and register with their public key.\r\n * Messages are routed to recipients based on the 'to' field.\r\n * All envelopes are verified before being forwarded.\r\n */\r\nexport interface RelayServerOptions {\r\n /** Optional relay identity for peer_list_request handling */\r\n identity?: { publicKey: string; privateKey: string };\r\n /** Public keys that should have messages stored when offline */\r\n storagePeers?: string[];\r\n /** Directory for persisting messages for storage peers */\r\n storageDir?: string;\r\n /** Maximum number of concurrent registered peers (default: 100) */\r\n maxPeers?: number;\r\n /** Per-sender sliding-window message rate limiting */\r\n rateLimit?: RelayRateLimitOptions;\r\n /** Envelope ID deduplication options */\r\n envelopeDedup?: RelayEnvelopeDedupOptions;\r\n}\r\n\r\nexport class RelayServer extends EventEmitter {\r\n private wss: WebSocketServer | null = null;\r\n /** publicKey -> sessionId -> ConnectedAgent (multiple sessions per key) */\r\n private sessions = new Map<string, Map<string, ConnectedAgent>>();\r\n private identity?: { publicKey: string; privateKey: string };\r\n private storagePeers: string[] = [];\r\n private store: MessageStore | null = null;\r\n private maxPeers: number = 100;\r\n private readonly senderWindows: Map<string, SenderWindow> = new Map();\r\n private static readonly MAX_SENDER_ENTRIES = 500;\r\n private readonly processedEnvelopeIds: Set<string> = new Set();\r\n private rateLimitEnabled = true;\r\n private rateLimitMaxMessages = 10;\r\n private rateLimitWindowMs = 60_000;\r\n private envelopeDedupEnabled = true;\r\n private envelopeDedupMaxIds = 1000;\r\n\r\n constructor(options?: { publicKey: string; privateKey: string } | RelayServerOptions) {\r\n super();\r\n if (options) {\r\n if ('identity' in options && options.identity) {\r\n this.identity = options.identity;\r\n } else if ('publicKey' in options && 'privateKey' in options) {\r\n this.identity = { publicKey: options.publicKey, privateKey: options.privateKey };\r\n }\r\n const opts = options as RelayServerOptions;\r\n if (opts.storagePeers?.length && opts.storageDir) {\r\n this.storagePeers = opts.storagePeers;\r\n this.store = new MessageStore(opts.storageDir);\r\n }\r\n if (opts.maxPeers !== undefined) {\r\n this.maxPeers = opts.maxPeers;\r\n }\r\n if (opts.rateLimit) {\r\n if (opts.rateLimit.enabled !== undefined) {\r\n this.rateLimitEnabled = opts.rateLimit.enabled;\r\n }\r\n if (opts.rateLimit.maxMessages !== undefined && opts.rateLimit.maxMessages > 0) {\r\n this.rateLimitMaxMessages = opts.rateLimit.maxMessages;\r\n }\r\n if (opts.rateLimit.windowMs !== undefined && opts.rateLimit.windowMs > 0) {\r\n this.rateLimitWindowMs = opts.rateLimit.windowMs;\r\n }\r\n }\r\n if (opts.envelopeDedup) {\r\n if (opts.envelopeDedup.enabled !== undefined) {\r\n this.envelopeDedupEnabled = opts.envelopeDedup.enabled;\r\n }\r\n if (opts.envelopeDedup.maxIds !== undefined && opts.envelopeDedup.maxIds > 0) {\r\n this.envelopeDedupMaxIds = opts.envelopeDedup.maxIds;\r\n }\r\n }\r\n }\r\n }\r\n\r\n private isRateLimitedSender(senderPublicKey: string): boolean {\r\n if (!this.rateLimitEnabled) {\r\n return false;\r\n }\r\n\r\n const now = Date.now();\r\n const window = this.senderWindows.get(senderPublicKey);\r\n\r\n if (this.senderWindows.size >= RelayServer.MAX_SENDER_ENTRIES && !window) {\r\n this.evictOldestSenderWindow();\r\n }\r\n\r\n if (!window || (now - window.windowStart) > this.rateLimitWindowMs) {\r\n this.senderWindows.set(senderPublicKey, { count: 1, windowStart: now });\r\n return false;\r\n }\r\n\r\n window.count++;\r\n return window.count > this.rateLimitMaxMessages;\r\n }\r\n\r\n private evictOldestSenderWindow(): void {\r\n let oldestKey: string | null = null;\r\n let oldestTime = Infinity;\r\n\r\n for (const [key, window] of this.senderWindows.entries()) {\r\n if (window.windowStart < oldestTime) {\r\n oldestTime = window.windowStart;\r\n oldestKey = key;\r\n }\r\n }\r\n\r\n if (oldestKey !== null) {\r\n this.senderWindows.delete(oldestKey);\r\n }\r\n }\r\n\r\n private isDuplicateEnvelopeId(envelopeId: string): boolean {\r\n if (!this.envelopeDedupEnabled) {\r\n return false;\r\n }\r\n\r\n if (this.processedEnvelopeIds.has(envelopeId)) {\r\n return true;\r\n }\r\n\r\n this.processedEnvelopeIds.add(envelopeId);\r\n if (this.processedEnvelopeIds.size > this.envelopeDedupMaxIds) {\r\n const oldest = this.processedEnvelopeIds.values().next().value;\r\n if (oldest !== undefined) {\r\n this.processedEnvelopeIds.delete(oldest);\r\n }\r\n }\r\n\r\n return false;\r\n }\r\n\r\n /**\r\n * Start the relay server\r\n * @param port - Port to listen on\r\n * @param host - Optional host (default: all interfaces)\r\n */\r\n start(port: number, host?: string): Promise<void> {\r\n return new Promise((resolve, reject) => {\r\n try {\r\n this.wss = new WebSocketServer({ port, host: host ?? '0.0.0.0' });\r\n let resolved = false;\r\n\r\n this.wss.on('error', (error) => {\r\n this.emit('error', error);\r\n if (!resolved) {\r\n resolved = true;\r\n reject(error);\r\n }\r\n });\r\n\r\n this.wss.on('listening', () => {\r\n if (!resolved) {\r\n resolved = true;\r\n resolve();\r\n }\r\n });\r\n\r\n this.wss.on('connection', (socket: WebSocket) => {\r\n this.handleConnection(socket);\r\n });\r\n } catch (error) {\r\n reject(error);\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Stop the relay server\r\n */\r\n async stop(): Promise<void> {\r\n return new Promise((resolve, reject) => {\r\n if (!this.wss) {\r\n resolve();\r\n return;\r\n }\r\n\r\n // Close all agent connections (all sessions)\r\n for (const sessionMap of this.sessions.values()) {\r\n for (const agent of sessionMap.values()) {\r\n agent.socket.close();\r\n }\r\n }\r\n this.sessions.clear();\r\n\r\n this.wss.close((err) => {\r\n if (err) {\r\n reject(err);\r\n } else {\r\n this.wss = null;\r\n resolve();\r\n }\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Get one connected agent per public key (first session). For backward compatibility.\r\n */\r\n getAgents(): Map<string, ConnectedAgent> {\r\n const out = new Map<string, ConnectedAgent>();\r\n for (const [key, sessionMap] of this.sessions) {\r\n const first = sessionMap.values().next().value;\r\n if (first) out.set(key, first);\r\n }\r\n return out;\r\n }\r\n\r\n /**\r\n * Handle incoming connection\r\n */\r\n private handleConnection(socket: WebSocket): void {\r\n let agentPublicKey: string | null = null;\r\n let sessionId: string | null = null;\r\n\r\n socket.on('message', (data: Buffer) => {\r\n try {\r\n const msg = JSON.parse(data.toString());\r\n\r\n // Handle registration\r\n if (msg.type === 'register' && !agentPublicKey) {\r\n if (!msg.publicKey || typeof msg.publicKey !== 'string') {\r\n this.sendError(socket, 'Invalid registration: missing or invalid publicKey');\r\n socket.close();\r\n return;\r\n }\r\n\r\n const publicKey = msg.publicKey;\r\n const name = msg.name;\r\n agentPublicKey = publicKey;\r\n sessionId = crypto.randomUUID();\r\n\r\n // Allow multiple sessions per publicKey; only enforce max unique peers\r\n if (!this.sessions.has(publicKey) && this.sessions.size >= this.maxPeers) {\r\n this.sendError(socket, `Relay is at capacity (max ${this.maxPeers} peers)`);\r\n socket.close();\r\n return;\r\n }\r\n\r\n const agent: ConnectedAgent = {\r\n publicKey,\r\n name,\r\n socket,\r\n lastSeen: Date.now(),\r\n };\r\n\r\n if (!this.sessions.has(publicKey)) {\r\n this.sessions.set(publicKey, new Map());\r\n }\r\n this.sessions.get(publicKey)!.set(sessionId, agent);\r\n const isFirstSession = this.sessions.get(publicKey)!.size === 1;\r\n\r\n this.emit('agent-registered', publicKey);\r\n\r\n // Build peers list: one entry per connected publicKey + storage peers\r\n const peers: Array<{ publicKey: string; name?: string }> = [];\r\n for (const [key, sessionMap] of this.sessions) {\r\n if (key === publicKey) continue;\r\n const firstAgent = sessionMap.values().next().value;\r\n peers.push({ publicKey: key, name: firstAgent?.name });\r\n }\r\n for (const storagePeer of this.storagePeers) {\r\n if (storagePeer !== publicKey && !this.sessions.has(storagePeer)) {\r\n peers.push({ publicKey: storagePeer, name: undefined });\r\n }\r\n }\r\n\r\n socket.send(JSON.stringify({\r\n type: 'registered',\r\n publicKey,\r\n sessionId,\r\n peers,\r\n }));\r\n\r\n // Notify other agents only when this is the first session for this peer\r\n if (isFirstSession) {\r\n this.broadcastPeerEvent('peer_online', publicKey, name);\r\n }\r\n\r\n // Deliver any stored messages for this peer\r\n if (this.store && this.storagePeers.includes(publicKey)) {\r\n const queued = this.store.load(publicKey);\r\n for (const stored of queued) {\r\n socket.send(JSON.stringify({\r\n type: 'message',\r\n from: stored.from,\r\n name: stored.name,\r\n envelope: stored.envelope,\r\n }));\r\n }\r\n this.store.clear(publicKey);\r\n }\r\n return;\r\n }\r\n\r\n // Require registration before processing messages\r\n if (!agentPublicKey) {\r\n this.sendError(socket, 'Not registered: send registration message first');\r\n socket.close();\r\n return;\r\n }\r\n\r\n // Handle message relay\r\n if (msg.type === 'message') {\r\n if (!msg.to || typeof msg.to !== 'string') {\r\n this.sendError(socket, 'Invalid message: missing or invalid \"to\" field');\r\n return;\r\n }\r\n\r\n if (!msg.envelope || typeof msg.envelope !== 'object') {\r\n this.sendError(socket, 'Invalid message: missing or invalid \"envelope\" field');\r\n return;\r\n }\r\n\r\n const envelope = msg.envelope as Envelope;\r\n\r\n // Verify envelope signature\r\n const verification = verifyEnvelope(envelope);\r\n if (!verification.valid) {\r\n this.sendError(socket, `Invalid envelope: ${verification.reason || 'verification failed'}`);\r\n return;\r\n }\r\n\r\n // Verify sender matches registered agent\r\n const envelopeFrom = envelope.from;\r\n if (envelopeFrom !== agentPublicKey) {\r\n this.sendError(socket, 'Envelope sender does not match registered public key');\r\n return;\r\n }\r\n\r\n // Strict p2p routing: envelope.to must include the relay transport recipient.\r\n if (!Array.isArray(envelope.to) || envelope.to.length === 0 || !envelope.to.includes(msg.to)) {\r\n this.sendError(socket, 'Envelope recipients do not include requested relay recipient');\r\n return;\r\n }\r\n\r\n if (this.isRateLimitedSender(agentPublicKey)) {\r\n return;\r\n }\r\n\r\n if (this.isDuplicateEnvelopeId(envelope.id)) {\r\n return;\r\n }\r\n\r\n // Update lastSeen for any session of sender\r\n const senderSessionMap = this.sessions.get(agentPublicKey);\r\n if (senderSessionMap) {\r\n for (const a of senderSessionMap.values()) {\r\n a.lastSeen = Date.now();\r\n }\r\n }\r\n\r\n // Handle peer_list_request directed at relay\r\n if (envelope.type === 'peer_list_request' && this.identity && msg.to === this.identity.publicKey) {\r\n this.handlePeerListRequest(envelope as Envelope<PeerListRequestPayload>, socket, agentPublicKey);\r\n return;\r\n }\r\n\r\n // Find all recipient sessions\r\n const recipientSessionMap = this.sessions.get(msg.to);\r\n const openRecipients = recipientSessionMap\r\n ? Array.from(recipientSessionMap.values()).filter(a => a.socket.readyState === WebSocket.OPEN)\r\n : [];\r\n if (openRecipients.length === 0) {\r\n // If recipient is a storage peer, queue the message\r\n if (this.store && this.storagePeers.includes(msg.to)) {\r\n const senderSessionMap = this.sessions.get(agentPublicKey);\r\n const senderAgent = senderSessionMap?.values().next().value;\r\n this.store.save(msg.to, {\r\n from: agentPublicKey,\r\n name: senderAgent?.name,\r\n envelope,\r\n });\r\n this.emit('message-relayed', agentPublicKey, msg.to, envelope);\r\n } else {\r\n this.sendError(socket, 'Recipient not connected', 'unknown_recipient');\r\n }\r\n return;\r\n }\r\n\r\n // Forward envelope to all sessions of the recipient\r\n try {\r\n const senderSessionMap = this.sessions.get(agentPublicKey);\r\n const senderAgent = senderSessionMap?.values().next().value;\r\n const relayMessage = {\r\n type: 'message',\r\n from: agentPublicKey,\r\n name: senderAgent?.name,\r\n envelope,\r\n };\r\n const messageStr = JSON.stringify(relayMessage);\r\n for (const recipient of openRecipients) {\r\n recipient.socket.send(messageStr);\r\n }\r\n this.emit('message-relayed', agentPublicKey, msg.to, envelope);\r\n } catch (err) {\r\n this.sendError(socket, 'Failed to relay message');\r\n this.emit('error', err as Error);\r\n }\r\n return;\r\n }\r\n\r\n // Handle ping\r\n if (msg.type === 'ping') {\r\n socket.send(JSON.stringify({ type: 'pong' }));\r\n return;\r\n }\r\n\r\n // Unknown message type\r\n this.sendError(socket, `Unknown message type: ${msg.type}`);\r\n } catch (err) {\r\n // Invalid JSON or other parsing errors\r\n this.emit('error', new Error(`Message parsing failed: ${err instanceof Error ? err.message : String(err)}`));\r\n this.sendError(socket, 'Invalid message format');\r\n }\r\n });\r\n\r\n socket.on('close', () => {\r\n if (agentPublicKey && sessionId) {\r\n const sessionMap = this.sessions.get(agentPublicKey);\r\n if (sessionMap) {\r\n const agent = sessionMap.get(sessionId);\r\n const agentName = agent?.name;\r\n sessionMap.delete(sessionId);\r\n if (sessionMap.size === 0) {\r\n this.sessions.delete(agentPublicKey);\r\n this.emit('agent-disconnected', agentPublicKey);\r\n this.emit('disconnection', agentPublicKey);\r\n // Storage-enabled peers are always considered connected; skip peer_offline for them\r\n if (!this.storagePeers.includes(agentPublicKey)) {\r\n this.broadcastPeerEvent('peer_offline', agentPublicKey, agentName);\r\n }\r\n }\r\n }\r\n }\r\n });\r\n\r\n socket.on('error', (error) => {\r\n this.emit('error', error);\r\n });\r\n }\r\n\r\n /**\r\n * Send an error message to a client\r\n */\r\n private sendError(socket: WebSocket, message: string, code?: string): void {\r\n try {\r\n if (socket.readyState === WebSocket.OPEN) {\r\n const payload: { type: 'error'; message: string; code?: string } = { type: 'error', message };\r\n if (code) payload.code = code;\r\n socket.send(JSON.stringify(payload));\r\n }\r\n } catch (err) {\r\n // Log errors when sending error messages, but don't propagate to avoid cascading failures\r\n this.emit('error', new Error(`Failed to send error message: ${err instanceof Error ? err.message : String(err)}`));\r\n }\r\n }\r\n\r\n /**\r\n * Broadcast a peer event to all connected agents (all sessions except the one for publicKey)\r\n */\r\n private broadcastPeerEvent(eventType: 'peer_online' | 'peer_offline', publicKey: string, name?: string): void {\r\n const message = {\r\n type: eventType,\r\n publicKey,\r\n name,\r\n };\r\n const messageStr = JSON.stringify(message);\r\n\r\n for (const [key, sessionMap] of this.sessions) {\r\n if (key === publicKey) continue;\r\n for (const agent of sessionMap.values()) {\r\n if (agent.socket.readyState === WebSocket.OPEN) {\r\n try {\r\n agent.socket.send(messageStr);\r\n } catch (err) {\r\n this.emit('error', new Error(`Failed to send ${eventType} event: ${err instanceof Error ? err.message : String(err)}`));\r\n }\r\n }\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Handle peer list request from an agent\r\n */\r\n private handlePeerListRequest(envelope: Envelope<PeerListRequestPayload>, socket: WebSocket, requesterPublicKey: string): void {\r\n if (!this.identity) {\r\n this.sendError(socket, 'Relay does not support peer discovery (no identity configured)');\r\n return;\r\n }\r\n\r\n const { filters } = envelope.payload;\r\n const now = Date.now();\r\n\r\n // One entry per publicKey (first session for lastSeen/metadata)\r\n const peersList: ConnectedAgent[] = [];\r\n for (const [key, sessionMap] of this.sessions) {\r\n if (key === requesterPublicKey) continue;\r\n const first = sessionMap.values().next().value;\r\n if (first) peersList.push(first);\r\n }\r\n\r\n let peers = peersList;\r\n\r\n // Apply filters\r\n if (filters?.activeWithin) {\r\n peers = peers.filter(p => (now - p.lastSeen) < filters.activeWithin!);\r\n }\r\n\r\n if (filters?.limit && filters.limit > 0) {\r\n peers = peers.slice(0, filters.limit);\r\n }\r\n\r\n // Build response payload\r\n const response: PeerListResponsePayload = {\r\n peers: peers.map(p => ({\r\n publicKey: p.publicKey,\r\n metadata: p.name || p.metadata ? {\r\n name: p.name,\r\n version: p.metadata?.version,\r\n capabilities: p.metadata?.capabilities,\r\n } : undefined,\r\n lastSeen: p.lastSeen,\r\n })),\r\n totalPeers: this.sessions.size - (this.sessions.has(requesterPublicKey) ? 1 : 0),\r\n relayPublicKey: this.identity.publicKey,\r\n };\r\n\r\n // Create signed envelope\r\n const responseEnvelope = createEnvelope(\r\n 'peer_list_response',\r\n this.identity.publicKey,\r\n this.identity.privateKey,\r\n response,\r\n Date.now(),\r\n envelope.id, // Reply to the request\r\n [requesterPublicKey]\r\n );\r\n\r\n // Send response\r\n const relayMessage = {\r\n type: 'message',\r\n from: this.identity.publicKey,\r\n name: 'relay',\r\n envelope: responseEnvelope,\r\n };\r\n\r\n try {\r\n socket.send(JSON.stringify(relayMessage));\r\n } catch (err) {\r\n this.emit('error', new Error(`Failed to send peer list response: ${err instanceof Error ? err.message : String(err)}`));\r\n }\r\n }\r\n}\r\n"],"mappings":";AAAA,SAAS,MAAM,QAAQ,2BAA2B;AAc3C,SAAS,kBAA2B;AACzC,QAAM,EAAE,WAAW,WAAW,IAAI,oBAAoB,SAAS;AAE/D,SAAO;AAAA,IACL,WAAW,UAAU,OAAO,EAAE,MAAM,QAAQ,QAAQ,MAAM,CAAC,EAAE,SAAS,KAAK;AAAA,IAC3E,YAAY,WAAW,OAAO,EAAE,MAAM,SAAS,QAAQ,MAAM,CAAC,EAAE,SAAS,KAAK;AAAA,EAChF;AACF;AAQO,SAAS,YAAY,SAA0B,eAA+B;AACnF,QAAM,gBAAgB,OAAO,YAAY,WAAW,OAAO,KAAK,OAAO,IAAI;AAC3E,QAAM,aAAa,OAAO,KAAK,eAAe,KAAK;AAEnD,QAAM,YAAY,KAAK,MAAM,eAAe;AAAA,IAC1C,KAAK;AAAA,IACL,QAAQ;AAAA,IACR,MAAM;AAAA,EACR,CAAC;AAED,SAAO,UAAU,SAAS,KAAK;AACjC;AASO,SAAS,gBACd,SACA,cACA,cACS;AACT,QAAM,gBAAgB,OAAO,YAAY,WAAW,OAAO,KAAK,OAAO,IAAI;AAC3E,QAAM,YAAY,OAAO,KAAK,cAAc,KAAK;AACjD,QAAM,YAAY,OAAO,KAAK,cAAc,KAAK;AAEjD,MAAI;AACF,WAAO,OAAO,MAAM,eAAe;AAAA,MACjC,KAAK;AAAA,MACL,QAAQ;AAAA,MACR,MAAM;AAAA,IACR,GAAG,SAAS;AAAA,EACd,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAOO,SAAS,cAAc,SAA2B;AACvD,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,YAAY,QAAQ;AAAA,EACtB;AACF;AASO,SAAS,cAAc,cAAsB,eAAgC;AAElF,QAAM,aAAa;AACnB,MAAI,CAAC,WAAW,KAAK,YAAY,GAAG;AAClC,UAAM,IAAI,MAAM,0CAA0C;AAAA,EAC5D;AACA,MAAI,CAAC,WAAW,KAAK,aAAa,GAAG;AACnC,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,SAAO;AAAA,IACL,WAAW;AAAA,IACX,YAAY;AAAA,EACd;AACF;;;ACtGA,SAAS,kBAAkB;AA0D3B,SAAS,gBAAgB,OAAwB;AAC/C,MAAI,UAAU,QAAQ,UAAU,OAAW,QAAO,KAAK,UAAU,KAAK;AACtE,MAAI,OAAO,UAAU,SAAU,QAAO,KAAK,UAAU,KAAK;AAC1D,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,MAAM,IAAI,eAAe,EAAE,KAAK,GAAG,IAAI;AAAA,EACtD;AACA,QAAM,OAAO,OAAO,KAAK,KAAgC,EAAE,KAAK;AAChE,QAAM,QAAQ,KAAK,IAAI,OAAK,KAAK,UAAU,CAAC,IAAI,MAAM,gBAAiB,MAAkC,CAAC,CAAC,CAAC;AAC5G,SAAO,MAAM,MAAM,KAAK,GAAG,IAAI;AACjC;AAMO,SAAS,aACd,MACA,MACA,IACA,WACA,SACA,WACQ;AACR,QAAM,MAA+B,EAAE,MAAM,SAAS,WAAW,IAAI,KAAK;AAC1E,MAAI,cAAc,QAAW;AAC3B,QAAI,YAAY;AAAA,EAClB;AACA,SAAO,gBAAgB,GAAG;AAC5B;AAEA,SAAS,oBAAoB,MAAc,IAAkC;AAC3E,QAAM,OAAO,MAAM,QAAQ,EAAE,IAAI,KAAM,OAAO,OAAO,WAAW,CAAC,EAAE,IAAI,CAAC,IAAI;AAC5E,QAAM,SAAS,oBAAI,IAAY;AAC/B,aAAW,aAAa,MAAM;AAC5B,QAAI,OAAO,cAAc,YAAY,UAAU,KAAK,EAAE,SAAS,GAAG;AAChE,aAAO,IAAI,SAAS;AAAA,IACtB;AAAA,EACF;AACA,MAAI,OAAO,SAAS,GAAG;AACrB,WAAO,IAAI,IAAI;AAAA,EACjB;AACA,SAAO,MAAM,KAAK,MAAM;AAC1B;AAKO,SAAS,UAAU,WAA2B;AACnD,SAAO,WAAW,QAAQ,EAAE,OAAO,SAAS,EAAE,OAAO,KAAK;AAC5D;AAaO,SAAS,eACd,MACA,MACA,YACA,SACA,YAAoB,KAAK,IAAI,GAC7B,WACA,IACa;AACb,QAAM,aAAa,oBAAoB,MAAM,EAAE;AAC/C,QAAM,YAAY,aAAa,MAAM,MAAM,YAAY,WAAW,SAAS,SAAS;AACpF,QAAM,KAAK,UAAU,SAAS;AAC9B,QAAM,YAAY,YAAY,WAAW,UAAU;AAEnD,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,IACA,GAAI,cAAc,SAAY,EAAE,UAAU,IAAI,CAAC;AAAA,IAC/C;AAAA,IACA;AAAA,EACF;AACF;AAUO,SAAS,eAAe,UAAyD;AACtF,QAAM,EAAE,IAAI,MAAM,MAAM,IAAI,WAAW,SAAS,WAAW,UAAU,IAAI;AACzE,MAAI,CAAC,QAAQ,CAAC,MAAM,QAAQ,EAAE,KAAK,GAAG,WAAW,GAAG;AAClD,WAAO,EAAE,OAAO,OAAO,QAAQ,yBAAyB;AAAA,EAC1D;AAGA,QAAM,YAAY,aAAa,MAAM,MAAM,IAAI,WAAW,SAAS,SAAS;AAG5E,QAAM,aAAa,UAAU,SAAS;AACtC,MAAI,OAAO,YAAY;AACrB,WAAO,EAAE,OAAO,OAAO,QAAQ,cAAc;AAAA,EAC/C;AAEA,QAAM,WAAW,gBAAgB,WAAW,WAAW,IAAI;AAC3D,MAAI,CAAC,UAAU;AACb,WAAO,EAAE,OAAO,OAAO,QAAQ,oBAAoB;AAAA,EACrD;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;;;ACzKA,YAAY,QAAQ;AACpB,YAAY,UAAU;AAQf,IAAM,eAAN,MAAmB;AAAA,EAChB;AAAA,EAER,YAAY,YAAoB;AAC9B,SAAK,aAAa;AAClB,IAAG,aAAU,YAAY,EAAE,WAAW,KAAK,CAAC;AAAA,EAC9C;AAAA,EAEQ,aAAa,WAA2B;AAC9C,UAAM,OAAO,UAAU,QAAQ,mBAAmB,GAAG;AACrD,WAAY,UAAK,KAAK,YAAY,IAAI;AAAA,EACxC;AAAA,EAEA,KAAK,cAAsB,SAA8B;AACvD,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,IAAG,aAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACrC,UAAM,WAAW,GAAG,KAAK,IAAI,CAAC,IAAI,OAAO,WAAW,CAAC;AACrD,IAAG,iBAAmB,UAAK,KAAK,QAAQ,GAAG,KAAK,UAAU,OAAO,CAAC;AAAA,EACpE;AAAA,EAEA,KAAK,cAAuC;AAC1C,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,QAAI,CAAI,cAAW,GAAG,EAAG,QAAO,CAAC;AACjC,UAAM,QAAW,eAAY,GAAG,EAAE,KAAK;AACvC,UAAM,WAA4B,CAAC;AACnC,eAAW,QAAQ,OAAO;AACxB,UAAI,CAAC,KAAK,SAAS,OAAO,EAAG;AAC7B,UAAI;AACF,cAAM,OAAU,gBAAkB,UAAK,KAAK,IAAI,GAAG,MAAM;AACzD,iBAAS,KAAK,KAAK,MAAM,IAAI,CAAkB;AAAA,MACjD,QAAQ;AAAA,MAER;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cAA4B;AAChC,UAAM,MAAM,KAAK,aAAa,YAAY;AAC1C,QAAI,CAAI,cAAW,GAAG,EAAG;AACzB,UAAM,QAAW,eAAY,GAAG;AAChC,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,SAAS,OAAO,GAAG;AAC1B,QAAG,cAAgB,UAAK,KAAK,IAAI,CAAC;AAAA,MACpC;AAAA,IACF;AAAA,EACF;AACF;;;AC9DA,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB,iBAAiB;AA0EpC,IAAM,cAAN,MAAM,qBAAoB,aAAa;AAAA,EACpC,MAA8B;AAAA;AAAA,EAE9B,WAAW,oBAAI,IAAyC;AAAA,EACxD;AAAA,EACA,eAAyB,CAAC;AAAA,EAC1B,QAA6B;AAAA,EAC7B,WAAmB;AAAA,EACV,gBAA2C,oBAAI,IAAI;AAAA,EACpE,OAAwB,qBAAqB;AAAA,EAC5B,uBAAoC,oBAAI,IAAI;AAAA,EACrD,mBAAmB;AAAA,EACnB,uBAAuB;AAAA,EACvB,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,EACvB,sBAAsB;AAAA,EAE9B,YAAY,SAA0E;AACpF,UAAM;AACN,QAAI,SAAS;AACX,UAAI,cAAc,WAAW,QAAQ,UAAU;AAC7C,aAAK,WAAW,QAAQ;AAAA,MAC1B,WAAW,eAAe,WAAW,gBAAgB,SAAS;AAC5D,aAAK,WAAW,EAAE,WAAW,QAAQ,WAAW,YAAY,QAAQ,WAAW;AAAA,MACjF;AACA,YAAM,OAAO;AACb,UAAI,KAAK,cAAc,UAAU,KAAK,YAAY;AAChD,aAAK,eAAe,KAAK;AACzB,aAAK,QAAQ,IAAI,aAAa,KAAK,UAAU;AAAA,MAC/C;AACA,UAAI,KAAK,aAAa,QAAW;AAC/B,aAAK,WAAW,KAAK;AAAA,MACvB;AACA,UAAI,KAAK,WAAW;AAClB,YAAI,KAAK,UAAU,YAAY,QAAW;AACxC,eAAK,mBAAmB,KAAK,UAAU;AAAA,QACzC;AACA,YAAI,KAAK,UAAU,gBAAgB,UAAa,KAAK,UAAU,cAAc,GAAG;AAC9E,eAAK,uBAAuB,KAAK,UAAU;AAAA,QAC7C;AACA,YAAI,KAAK,UAAU,aAAa,UAAa,KAAK,UAAU,WAAW,GAAG;AACxE,eAAK,oBAAoB,KAAK,UAAU;AAAA,QAC1C;AAAA,MACF;AACA,UAAI,KAAK,eAAe;AACtB,YAAI,KAAK,cAAc,YAAY,QAAW;AAC5C,eAAK,uBAAuB,KAAK,cAAc;AAAA,QACjD;AACA,YAAI,KAAK,cAAc,WAAW,UAAa,KAAK,cAAc,SAAS,GAAG;AAC5E,eAAK,sBAAsB,KAAK,cAAc;AAAA,QAChD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,oBAAoB,iBAAkC;AAC5D,QAAI,CAAC,KAAK,kBAAkB;AAC1B,aAAO;AAAA,IACT;AAEA,UAAM,MAAM,KAAK,IAAI;AACrB,UAAM,SAAS,KAAK,cAAc,IAAI,eAAe;AAErD,QAAI,KAAK,cAAc,QAAQ,aAAY,sBAAsB,CAAC,QAAQ;AACxE,WAAK,wBAAwB;AAAA,IAC/B;AAEA,QAAI,CAAC,UAAW,MAAM,OAAO,cAAe,KAAK,mBAAmB;AAClE,WAAK,cAAc,IAAI,iBAAiB,EAAE,OAAO,GAAG,aAAa,IAAI,CAAC;AACtE,aAAO;AAAA,IACT;AAEA,WAAO;AACP,WAAO,OAAO,QAAQ,KAAK;AAAA,EAC7B;AAAA,EAEQ,0BAAgC;AACtC,QAAI,YAA2B;AAC/B,QAAI,aAAa;AAEjB,eAAW,CAAC,KAAK,MAAM,KAAK,KAAK,cAAc,QAAQ,GAAG;AACxD,UAAI,OAAO,cAAc,YAAY;AACnC,qBAAa,OAAO;AACpB,oBAAY;AAAA,MACd;AAAA,IACF;AAEA,QAAI,cAAc,MAAM;AACtB,WAAK,cAAc,OAAO,SAAS;AAAA,IACrC;AAAA,EACF;AAAA,EAEQ,sBAAsB,YAA6B;AACzD,QAAI,CAAC,KAAK,sBAAsB;AAC9B,aAAO;AAAA,IACT;AAEA,QAAI,KAAK,qBAAqB,IAAI,UAAU,GAAG;AAC7C,aAAO;AAAA,IACT;AAEA,SAAK,qBAAqB,IAAI,UAAU;AACxC,QAAI,KAAK,qBAAqB,OAAO,KAAK,qBAAqB;AAC7D,YAAM,SAAS,KAAK,qBAAqB,OAAO,EAAE,KAAK,EAAE;AACzD,UAAI,WAAW,QAAW;AACxB,aAAK,qBAAqB,OAAO,MAAM;AAAA,MACzC;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAc,MAA8B;AAChD,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI;AACF,aAAK,MAAM,IAAI,gBAAgB,EAAE,MAAM,MAAM,QAAQ,UAAU,CAAC;AAChE,YAAI,WAAW;AAEf,aAAK,IAAI,GAAG,SAAS,CAAC,UAAU;AAC9B,eAAK,KAAK,SAAS,KAAK;AACxB,cAAI,CAAC,UAAU;AACb,uBAAW;AACX,mBAAO,KAAK;AAAA,UACd;AAAA,QACF,CAAC;AAED,aAAK,IAAI,GAAG,aAAa,MAAM;AAC7B,cAAI,CAAC,UAAU;AACb,uBAAW;AACX,oBAAQ;AAAA,UACV;AAAA,QACF,CAAC;AAED,aAAK,IAAI,GAAG,cAAc,CAAC,WAAsB;AAC/C,eAAK,iBAAiB,MAAM;AAAA,QAC9B,CAAC;AAAA,MACH,SAAS,OAAO;AACd,eAAO,KAAK;AAAA,MACd;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAsB;AAC1B,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,CAAC,KAAK,KAAK;AACb,gBAAQ;AACR;AAAA,MACF;AAGA,iBAAW,cAAc,KAAK,SAAS,OAAO,GAAG;AAC/C,mBAAW,SAAS,WAAW,OAAO,GAAG;AACvC,gBAAM,OAAO,MAAM;AAAA,QACrB;AAAA,MACF;AACA,WAAK,SAAS,MAAM;AAEpB,WAAK,IAAI,MAAM,CAAC,QAAQ;AACtB,YAAI,KAAK;AACP,iBAAO,GAAG;AAAA,QACZ,OAAO;AACL,eAAK,MAAM;AACX,kBAAQ;AAAA,QACV;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,YAAyC;AACvC,UAAM,MAAM,oBAAI,IAA4B;AAC5C,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,YAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,EAAE;AACzC,UAAI,MAAO,KAAI,IAAI,KAAK,KAAK;AAAA,IAC/B;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKQ,iBAAiB,QAAyB;AAChD,QAAI,iBAAgC;AACpC,QAAI,YAA2B;AAE/B,WAAO,GAAG,WAAW,CAAC,SAAiB;AACrC,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,KAAK,SAAS,CAAC;AAGtC,YAAI,IAAI,SAAS,cAAc,CAAC,gBAAgB;AAC9C,cAAI,CAAC,IAAI,aAAa,OAAO,IAAI,cAAc,UAAU;AACvD,iBAAK,UAAU,QAAQ,oDAAoD;AAC3E,mBAAO,MAAM;AACb;AAAA,UACF;AAEA,gBAAM,YAAY,IAAI;AACtB,gBAAM,OAAO,IAAI;AACjB,2BAAiB;AACjB,sBAAY,OAAO,WAAW;AAG9B,cAAI,CAAC,KAAK,SAAS,IAAI,SAAS,KAAK,KAAK,SAAS,QAAQ,KAAK,UAAU;AACxE,iBAAK,UAAU,QAAQ,6BAA6B,KAAK,QAAQ,SAAS;AAC1E,mBAAO,MAAM;AACb;AAAA,UACF;AAEA,gBAAM,QAAwB;AAAA,YAC5B;AAAA,YACA;AAAA,YACA;AAAA,YACA,UAAU,KAAK,IAAI;AAAA,UACrB;AAEA,cAAI,CAAC,KAAK,SAAS,IAAI,SAAS,GAAG;AACjC,iBAAK,SAAS,IAAI,WAAW,oBAAI,IAAI,CAAC;AAAA,UACxC;AACA,eAAK,SAAS,IAAI,SAAS,EAAG,IAAI,WAAW,KAAK;AAClD,gBAAM,iBAAiB,KAAK,SAAS,IAAI,SAAS,EAAG,SAAS;AAE9D,eAAK,KAAK,oBAAoB,SAAS;AAGvC,gBAAM,QAAqD,CAAC;AAC5D,qBAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,gBAAI,QAAQ,UAAW;AACvB,kBAAM,aAAa,WAAW,OAAO,EAAE,KAAK,EAAE;AAC9C,kBAAM,KAAK,EAAE,WAAW,KAAK,MAAM,YAAY,KAAK,CAAC;AAAA,UACvD;AACA,qBAAW,eAAe,KAAK,cAAc;AAC3C,gBAAI,gBAAgB,aAAa,CAAC,KAAK,SAAS,IAAI,WAAW,GAAG;AAChE,oBAAM,KAAK,EAAE,WAAW,aAAa,MAAM,OAAU,CAAC;AAAA,YACxD;AAAA,UACF;AAEA,iBAAO,KAAK,KAAK,UAAU;AAAA,YACzB,MAAM;AAAA,YACN;AAAA,YACA;AAAA,YACA;AAAA,UACF,CAAC,CAAC;AAGF,cAAI,gBAAgB;AAClB,iBAAK,mBAAmB,eAAe,WAAW,IAAI;AAAA,UACxD;AAGA,cAAI,KAAK,SAAS,KAAK,aAAa,SAAS,SAAS,GAAG;AACvD,kBAAM,SAAS,KAAK,MAAM,KAAK,SAAS;AACxC,uBAAW,UAAU,QAAQ;AAC3B,qBAAO,KAAK,KAAK,UAAU;AAAA,gBACzB,MAAM;AAAA,gBACN,MAAM,OAAO;AAAA,gBACb,MAAM,OAAO;AAAA,gBACb,UAAU,OAAO;AAAA,cACnB,CAAC,CAAC;AAAA,YACJ;AACA,iBAAK,MAAM,MAAM,SAAS;AAAA,UAC5B;AACA;AAAA,QACF;AAGA,YAAI,CAAC,gBAAgB;AACnB,eAAK,UAAU,QAAQ,iDAAiD;AACxE,iBAAO,MAAM;AACb;AAAA,QACF;AAGA,YAAI,IAAI,SAAS,WAAW;AAC1B,cAAI,CAAC,IAAI,MAAM,OAAO,IAAI,OAAO,UAAU;AACzC,iBAAK,UAAU,QAAQ,gDAAgD;AACvE;AAAA,UACF;AAEA,cAAI,CAAC,IAAI,YAAY,OAAO,IAAI,aAAa,UAAU;AACrD,iBAAK,UAAU,QAAQ,sDAAsD;AAC7E;AAAA,UACF;AAEA,gBAAM,WAAW,IAAI;AAGrB,gBAAM,eAAe,eAAe,QAAQ;AAC5C,cAAI,CAAC,aAAa,OAAO;AACvB,iBAAK,UAAU,QAAQ,qBAAqB,aAAa,UAAU,qBAAqB,EAAE;AAC1F;AAAA,UACF;AAGA,gBAAM,eAAe,SAAS;AAC9B,cAAI,iBAAiB,gBAAgB;AACnC,iBAAK,UAAU,QAAQ,sDAAsD;AAC7E;AAAA,UACF;AAGA,cAAI,CAAC,MAAM,QAAQ,SAAS,EAAE,KAAK,SAAS,GAAG,WAAW,KAAK,CAAC,SAAS,GAAG,SAAS,IAAI,EAAE,GAAG;AAC5F,iBAAK,UAAU,QAAQ,8DAA8D;AACrF;AAAA,UACF;AAEA,cAAI,KAAK,oBAAoB,cAAc,GAAG;AAC5C;AAAA,UACF;AAEA,cAAI,KAAK,sBAAsB,SAAS,EAAE,GAAG;AAC3C;AAAA,UACF;AAGA,gBAAM,mBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,cAAI,kBAAkB;AACpB,uBAAW,KAAK,iBAAiB,OAAO,GAAG;AACzC,gBAAE,WAAW,KAAK,IAAI;AAAA,YACxB;AAAA,UACF;AAGA,cAAI,SAAS,SAAS,uBAAuB,KAAK,YAAY,IAAI,OAAO,KAAK,SAAS,WAAW;AAChG,iBAAK,sBAAsB,UAA8C,QAAQ,cAAc;AAC/F;AAAA,UACF;AAGA,gBAAM,sBAAsB,KAAK,SAAS,IAAI,IAAI,EAAE;AACpD,gBAAM,iBAAiB,sBACnB,MAAM,KAAK,oBAAoB,OAAO,CAAC,EAAE,OAAO,OAAK,EAAE,OAAO,eAAe,UAAU,IAAI,IAC3F,CAAC;AACL,cAAI,eAAe,WAAW,GAAG;AAE/B,gBAAI,KAAK,SAAS,KAAK,aAAa,SAAS,IAAI,EAAE,GAAG;AACpD,oBAAMA,oBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,oBAAM,cAAcA,mBAAkB,OAAO,EAAE,KAAK,EAAE;AACtD,mBAAK,MAAM,KAAK,IAAI,IAAI;AAAA,gBACtB,MAAM;AAAA,gBACN,MAAM,aAAa;AAAA,gBACnB;AAAA,cACF,CAAC;AACD,mBAAK,KAAK,mBAAmB,gBAAgB,IAAI,IAAI,QAAQ;AAAA,YAC/D,OAAO;AACL,mBAAK,UAAU,QAAQ,2BAA2B,mBAAmB;AAAA,YACvE;AACA;AAAA,UACF;AAGA,cAAI;AACF,kBAAMA,oBAAmB,KAAK,SAAS,IAAI,cAAc;AACzD,kBAAM,cAAcA,mBAAkB,OAAO,EAAE,KAAK,EAAE;AACtD,kBAAM,eAAe;AAAA,cACnB,MAAM;AAAA,cACN,MAAM;AAAA,cACN,MAAM,aAAa;AAAA,cACnB;AAAA,YACF;AACA,kBAAM,aAAa,KAAK,UAAU,YAAY;AAC9C,uBAAW,aAAa,gBAAgB;AACtC,wBAAU,OAAO,KAAK,UAAU;AAAA,YAClC;AACA,iBAAK,KAAK,mBAAmB,gBAAgB,IAAI,IAAI,QAAQ;AAAA,UAC/D,SAAS,KAAK;AACZ,iBAAK,UAAU,QAAQ,yBAAyB;AAChD,iBAAK,KAAK,SAAS,GAAY;AAAA,UACjC;AACA;AAAA,QACF;AAGA,YAAI,IAAI,SAAS,QAAQ;AACvB,iBAAO,KAAK,KAAK,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC;AAC5C;AAAA,QACF;AAGA,aAAK,UAAU,QAAQ,yBAAyB,IAAI,IAAI,EAAE;AAAA,MAC5D,SAAS,KAAK;AAEZ,aAAK,KAAK,SAAS,IAAI,MAAM,2BAA2B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAC3G,aAAK,UAAU,QAAQ,wBAAwB;AAAA,MACjD;AAAA,IACF,CAAC;AAED,WAAO,GAAG,SAAS,MAAM;AACvB,UAAI,kBAAkB,WAAW;AAC/B,cAAM,aAAa,KAAK,SAAS,IAAI,cAAc;AACnD,YAAI,YAAY;AACd,gBAAM,QAAQ,WAAW,IAAI,SAAS;AACtC,gBAAM,YAAY,OAAO;AACzB,qBAAW,OAAO,SAAS;AAC3B,cAAI,WAAW,SAAS,GAAG;AACzB,iBAAK,SAAS,OAAO,cAAc;AACnC,iBAAK,KAAK,sBAAsB,cAAc;AAC9C,iBAAK,KAAK,iBAAiB,cAAc;AAEzC,gBAAI,CAAC,KAAK,aAAa,SAAS,cAAc,GAAG;AAC/C,mBAAK,mBAAmB,gBAAgB,gBAAgB,SAAS;AAAA,YACnE;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAED,WAAO,GAAG,SAAS,CAAC,UAAU;AAC5B,WAAK,KAAK,SAAS,KAAK;AAAA,IAC1B,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAU,QAAmB,SAAiB,MAAqB;AACzE,QAAI;AACF,UAAI,OAAO,eAAe,UAAU,MAAM;AACxC,cAAM,UAA6D,EAAE,MAAM,SAAS,QAAQ;AAC5F,YAAI,KAAM,SAAQ,OAAO;AACzB,eAAO,KAAK,KAAK,UAAU,OAAO,CAAC;AAAA,MACrC;AAAA,IACF,SAAS,KAAK;AAEZ,WAAK,KAAK,SAAS,IAAI,MAAM,iCAAiC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,IACnH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,mBAAmB,WAA2C,WAAmB,MAAqB;AAC5G,UAAM,UAAU;AAAA,MACd,MAAM;AAAA,MACN;AAAA,MACA;AAAA,IACF;AACA,UAAM,aAAa,KAAK,UAAU,OAAO;AAEzC,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,UAAI,QAAQ,UAAW;AACvB,iBAAW,SAAS,WAAW,OAAO,GAAG;AACvC,YAAI,MAAM,OAAO,eAAe,UAAU,MAAM;AAC9C,cAAI;AACF,kBAAM,OAAO,KAAK,UAAU;AAAA,UAC9B,SAAS,KAAK;AACZ,iBAAK,KAAK,SAAS,IAAI,MAAM,kBAAkB,SAAS,WAAW,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,UACxH;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,sBAAsB,UAA4C,QAAmB,oBAAkC;AAC7H,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,UAAU,QAAQ,gEAAgE;AACvF;AAAA,IACF;AAEA,UAAM,EAAE,QAAQ,IAAI,SAAS;AAC7B,UAAM,MAAM,KAAK,IAAI;AAGrB,UAAM,YAA8B,CAAC;AACrC,eAAW,CAAC,KAAK,UAAU,KAAK,KAAK,UAAU;AAC7C,UAAI,QAAQ,mBAAoB;AAChC,YAAM,QAAQ,WAAW,OAAO,EAAE,KAAK,EAAE;AACzC,UAAI,MAAO,WAAU,KAAK,KAAK;AAAA,IACjC;AAEA,QAAI,QAAQ;AAGZ,QAAI,SAAS,cAAc;AACzB,cAAQ,MAAM,OAAO,OAAM,MAAM,EAAE,WAAY,QAAQ,YAAa;AAAA,IACtE;AAEA,QAAI,SAAS,SAAS,QAAQ,QAAQ,GAAG;AACvC,cAAQ,MAAM,MAAM,GAAG,QAAQ,KAAK;AAAA,IACtC;AAGA,UAAM,WAAoC;AAAA,MACxC,OAAO,MAAM,IAAI,QAAM;AAAA,QACrB,WAAW,EAAE;AAAA,QACb,UAAU,EAAE,QAAQ,EAAE,WAAW;AAAA,UAC/B,MAAM,EAAE;AAAA,UACR,SAAS,EAAE,UAAU;AAAA,UACrB,cAAc,EAAE,UAAU;AAAA,QAC1B,IAAI;AAAA,QACJ,UAAU,EAAE;AAAA,MACd,EAAE;AAAA,MACJ,YAAY,KAAK,SAAS,QAAQ,KAAK,SAAS,IAAI,kBAAkB,IAAI,IAAI;AAAA,MAC9E,gBAAgB,KAAK,SAAS;AAAA,IAChC;AAGA,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,KAAK,SAAS;AAAA,MACd,KAAK,SAAS;AAAA,MACd;AAAA,MACA,KAAK,IAAI;AAAA,MACT,SAAS;AAAA;AAAA,MACT,CAAC,kBAAkB;AAAA,IACrB;AAGA,UAAM,eAAe;AAAA,MACnB,MAAM;AAAA,MACN,MAAM,KAAK,SAAS;AAAA,MACpB,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAEA,QAAI;AACF,aAAO,KAAK,KAAK,UAAU,YAAY,CAAC;AAAA,IAC1C,SAAS,KAAK;AACZ,WAAK,KAAK,SAAS,IAAI,MAAM,sCAAsC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,EAAE,CAAC;AAAA,IACxH;AAAA,EACF;AACF;","names":["senderSessionMap"]}
package/dist/chunk-VQ4BE6OV.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/relay/message-buffer.ts","../src/relay/jwt-auth.ts","../src/relay/rest-api.ts","../src/relay/run-relay.ts"],"sourcesContent":["/**\r\n * message-buffer.ts — In-memory bounded message queue per agent.\r\n *\r\n * When messages are delivered to an agent via the relay, they are also\r\n * stored here so that HTTP polling clients can retrieve them via GET /v1/messages.\r\n */\r\n\r\nexport interface BufferedMessage {\r\n id: string;\r\n from: string;\r\n fromName?: string;\r\n type: string;\r\n payload: unknown;\r\n timestamp: number;\r\n inReplyTo?: string;\r\n}\r\n\r\ninterface StoredMessage {\r\n message: BufferedMessage;\r\n receivedAt: number;\r\n}\r\n\r\nconst MAX_MESSAGES_PER_AGENT = 100;\r\n\r\n/**\r\n * MessageBuffer stores inbound messages per agent public key.\r\n * FIFO eviction when the buffer is full (max 100 messages).\r\n * Messages older than ttlMs (measured from when they were received) are pruned on access.\r\n */\r\nexport class MessageBuffer {\r\n private buffers: Map<string, StoredMessage[]> = new Map();\r\n private ttlMs: number;\r\n\r\n constructor(options?: { ttlMs?: number }) {\r\n this.ttlMs = options?.ttlMs ?? 86400000; // default 24h\r\n }\r\n\r\n /**\r\n * Add a message to an agent's buffer.\r\n * Evicts the oldest message if the buffer is full.\r\n */\r\n add(publicKey: string, message: BufferedMessage): void {\r\n let queue = this.buffers.get(publicKey);\r\n if (!queue) {\r\n queue = [];\r\n this.buffers.set(publicKey, queue);\r\n }\r\n queue.push({ message, receivedAt: Date.now() });\r\n if (queue.length > MAX_MESSAGES_PER_AGENT) {\r\n queue.shift(); // FIFO eviction\r\n }\r\n }\r\n\r\n /**\r\n * Retrieve messages for an agent, optionally filtering by `since` timestamp.\r\n * Returns messages with timestamp > since (exclusive). Prunes expired messages.\r\n */\r\n get(publicKey: string, since?: number): BufferedMessage[] {\r\n const now = Date.now();\r\n let queue = this.buffers.get(publicKey) ?? [];\r\n // Prune messages older than ttlMs (based on wall-clock receive time)\r\n queue = queue.filter((s) => now - s.receivedAt < this.ttlMs);\r\n this.buffers.set(publicKey, queue);\r\n const messages = queue.map((s) => s.message);\r\n if (since === undefined) {\r\n return [...messages];\r\n }\r\n return messages.filter((m) => m.timestamp > since);\r\n }\r\n\r\n /**\r\n * Clear all messages for an agent (after polling without `since`).\r\n */\r\n clear(publicKey: string): void {\r\n this.buffers.set(publicKey, []);\r\n }\r\n\r\n /**\r\n * Remove all state for a disconnected agent.\r\n */\r\n delete(publicKey: string): void {\r\n this.buffers.delete(publicKey);\r\n }\r\n}\r\n","/**\r\n * jwt-auth.ts — JWT token creation and validation middleware.\r\n *\r\n * Tokens are signed with AGORA_RELAY_JWT_SECRET (required env var).\r\n * Expiry defaults to 3600 seconds (1 hour), configurable via AGORA_JWT_EXPIRY_SECONDS.\r\n *\r\n * Token payload: { publicKey, name }\r\n */\r\n\r\nimport jwt from 'jsonwebtoken';\r\nimport { randomBytes } from 'node:crypto';\r\nimport type { Request, Response, NextFunction } from 'express';\r\n\r\nexport interface JwtPayload {\r\n publicKey: string;\r\n name?: string;\r\n}\r\n\r\n/**\r\n * Augment Express Request to carry decoded JWT payload.\r\n */\r\nexport interface AuthenticatedRequest extends Request {\r\n agent?: JwtPayload;\r\n}\r\n\r\n/**\r\n * Revocation set for invalidated tokens (populated by DELETE /v1/disconnect).\r\n * Stored as a Map of JWT `jti` → expiry timestamp (ms).\r\n * Entries are automatically removed once their JWT would have expired anyway,\r\n * preventing unbounded memory growth.\r\n */\r\nconst revokedJtis: Map<string, number> = new Map();\r\n\r\n/**\r\n * Remove revoked JTI entries whose token expiry has already passed.\r\n * These tokens can no longer be used regardless, so no need to keep them.\r\n */\r\nfunction pruneExpiredRevocations(): void {\r\n const now = Date.now();\r\n for (const [jti, expiry] of revokedJtis) {\r\n if (expiry <= now) {\r\n revokedJtis.delete(jti);\r\n }\r\n }\r\n}\r\n\r\nfunction getJwtSecret(): string {\r\n const secret = process.env.AGORA_RELAY_JWT_SECRET;\r\n if (!secret) {\r\n throw new Error(\r\n 'AGORA_RELAY_JWT_SECRET environment variable is required but not set'\r\n );\r\n }\r\n return secret;\r\n}\r\n\r\nfunction getExpirySeconds(): number {\r\n const raw = process.env.AGORA_JWT_EXPIRY_SECONDS;\r\n if (raw) {\r\n const parsed = parseInt(raw, 10);\r\n if (!isNaN(parsed) && parsed > 0) {\r\n return parsed;\r\n }\r\n }\r\n return 3600; // 1 hour default\r\n}\r\n\r\n/**\r\n * Create a signed JWT for a registered agent.\r\n * Returns the token string and its expiry timestamp (ms since epoch).\r\n */\r\nexport function createToken(payload: JwtPayload): {\r\n token: string;\r\n expiresAt: number;\r\n} {\r\n const secret = getJwtSecret();\r\n const expirySeconds = getExpirySeconds();\r\n const jti = `${Date.now()}-${randomBytes(16).toString('hex')}`;\r\n\r\n const token = jwt.sign(\r\n { publicKey: payload.publicKey, name: payload.name, jti },\r\n secret,\r\n { expiresIn: expirySeconds }\r\n );\r\n\r\n const expiresAt = Date.now() + expirySeconds * 1000;\r\n return { token, expiresAt };\r\n}\r\n\r\n/**\r\n * Revoke a token by its jti claim so it cannot be used again.\r\n * The revocation entry is stored with the token's expiry so it can be\r\n * pruned automatically once the token would no longer be valid anyway.\r\n */\r\nexport function revokeToken(token: string): void {\r\n try {\r\n const secret = getJwtSecret();\r\n const decoded = jwt.verify(token, secret) as jwt.JwtPayload & {\r\n jti?: string;\r\n exp?: number;\r\n };\r\n if (decoded.jti) {\r\n const expiry = decoded.exp ? decoded.exp * 1000 : Date.now();\r\n revokedJtis.set(decoded.jti, expiry);\r\n pruneExpiredRevocations();\r\n }\r\n } catch {\r\n // Token already invalid — nothing to revoke\r\n }\r\n}\r\n\r\n/**\r\n * Express middleware that validates the Authorization: Bearer <token> header.\r\n * Attaches decoded payload to `req.agent` on success.\r\n * Responds with 401 if missing/invalid/expired/revoked.\r\n */\r\nexport function requireAuth(\r\n req: AuthenticatedRequest,\r\n res: Response,\r\n next: NextFunction\r\n): void {\r\n const authHeader = req.headers.authorization;\r\n if (!authHeader || !authHeader.startsWith('Bearer ')) {\r\n res.status(401).json({ error: 'Missing or malformed Authorization header' });\r\n return;\r\n }\r\n\r\n const token = authHeader.slice(7);\r\n try {\r\n const secret = getJwtSecret();\r\n const decoded = jwt.verify(token, secret) as jwt.JwtPayload & {\r\n publicKey: string;\r\n name?: string;\r\n jti?: string;\r\n };\r\n\r\n if (decoded.jti && revokedJtis.has(decoded.jti)) {\r\n res.status(401).json({ error: 'Token has been revoked' });\r\n return;\r\n }\r\n\r\n req.agent = { publicKey: decoded.publicKey, name: decoded.name };\r\n next();\r\n } catch (err) {\r\n if (err instanceof jwt.TokenExpiredError) {\r\n res.status(401).json({ error: 'Token expired' });\r\n } else {\r\n res.status(401).json({ error: 'Invalid token' });\r\n }\r\n }\r\n}\r\n","/**\r\n * rest-api.ts — Express router implementing the Agora relay REST API.\r\n *\r\n * Endpoints:\r\n * POST /v1/register — Register agent, obtain JWT session token\r\n * POST /v1/send — Send message to a peer (requires auth)\r\n * GET /v1/peers — List online peers (requires auth)\r\n * GET /v1/messages — Poll for new inbound messages (requires auth)\r\n * DELETE /v1/disconnect — Invalidate token and disconnect (requires auth)\r\n */\r\n\r\nimport { Router } from 'express';\r\nimport type { Request, Response } from 'express';\r\nimport { rateLimit } from 'express-rate-limit';\r\nimport {\r\n createToken,\r\n revokeToken,\r\n requireAuth,\r\n type AuthenticatedRequest,\r\n} from './jwt-auth';\r\nimport { MessageBuffer, type BufferedMessage } from './message-buffer';\r\n\r\nconst apiRateLimit = (rpm: number): ReturnType<typeof rateLimit> => rateLimit({\r\n windowMs: 60_000,\r\n limit: rpm,\r\n standardHeaders: 'draft-7',\r\n legacyHeaders: false,\r\n message: { error: 'Too many requests — try again later' },\r\n});\r\n\r\n/**\r\n * A session for a REST-connected agent.\r\n * privateKey is held only in memory and never logged or persisted.\r\n */\r\nexport interface RestSession {\r\n publicKey: string;\r\n privateKey: string;\r\n name?: string;\r\n metadata?: { version?: string; capabilities?: string[] };\r\n registeredAt: number;\r\n expiresAt: number;\r\n token: string;\r\n}\r\n\r\nfunction pruneExpiredSessions(\r\n sessions: Map<string, RestSession>,\r\n buffer: MessageBuffer\r\n): void {\r\n const now = Date.now();\r\n for (const [publicKey, session] of sessions) {\r\n if (session.expiresAt <= now) {\r\n sessions.delete(publicKey);\r\n buffer.delete(publicKey);\r\n }\r\n }\r\n}\r\n\r\n/**\r\n * Minimal interface for the relay server that the REST API depends on.\r\n */\r\nexport interface RelayInterface {\r\n getAgents(): Map<\r\n string,\r\n {\r\n publicKey: string;\r\n name?: string;\r\n lastSeen: number;\r\n metadata?: { version?: string; capabilities?: string[] };\r\n socket: unknown;\r\n }\r\n >;\r\n on(\r\n event: 'message-relayed',\r\n handler: (from: string, to: string, envelope: unknown) => void\r\n ): void;\r\n}\r\n\r\n/**\r\n * Envelope creation function interface (matches createEnvelope from message/envelope).\r\n */\r\nexport type CreateEnvelopeFn = (\r\n type: string,\r\n from: string,\r\n to: string[],\r\n privateKey: string,\r\n payload: unknown,\r\n timestamp?: number,\r\n inReplyTo?: string\r\n) => {\r\n id: string;\r\n type: string;\r\n from: string;\r\n to: string[];\r\n timestamp: number;\r\n payload: unknown;\r\n signature: string;\r\n inReplyTo?: string;\r\n};\r\n\r\n/**\r\n * Envelope verification function interface.\r\n */\r\nexport type VerifyEnvelopeFn = (envelope: unknown) => {\r\n valid: boolean;\r\n reason?: string;\r\n};\r\n\r\n/**\r\n * Create the REST API router.\r\n */\r\nexport function createRestRouter(\r\n relay: RelayInterface,\r\n buffer: MessageBuffer,\r\n sessions: Map<string, RestSession>,\r\n createEnv: CreateEnvelopeFn,\r\n verifyEnv: VerifyEnvelopeFn,\r\n rateLimitRpm = 60\r\n): Router {\r\n const router = Router();\r\n router.use(apiRateLimit(rateLimitRpm));\r\n\r\n relay.on('message-relayed', (from, to, envelope) => {\r\n if (!sessions.has(to)) return;\r\n const agentMap = relay.getAgents();\r\n const senderAgent = agentMap.get(from);\r\n const env = envelope as {\r\n id: string;\r\n type: string;\r\n payload: unknown;\r\n timestamp: number;\r\n inReplyTo?: string;\r\n };\r\n const msg: BufferedMessage = {\r\n id: env.id,\r\n from,\r\n fromName: senderAgent?.name,\r\n type: env.type,\r\n payload: env.payload,\r\n timestamp: env.timestamp,\r\n inReplyTo: env.inReplyTo,\r\n };\r\n buffer.add(to, msg);\r\n });\r\n\r\n router.post('/v1/register', async (req: Request, res: Response) => {\r\n const { publicKey, privateKey, name, metadata } = req.body as {\r\n publicKey?: string;\r\n privateKey?: string;\r\n name?: string;\r\n metadata?: { version?: string; capabilities?: string[] };\r\n };\r\n\r\n if (!publicKey || typeof publicKey !== 'string') {\r\n res.status(400).json({ error: 'publicKey is required' });\r\n return;\r\n }\r\n if (!privateKey || typeof privateKey !== 'string') {\r\n res.status(400).json({ error: 'privateKey is required' });\r\n return;\r\n }\r\n\r\n const testEnvelope = createEnv(\r\n 'announce',\r\n publicKey,\r\n [publicKey],\r\n privateKey,\r\n { challenge: 'register' },\r\n Date.now()\r\n );\r\n const verification = verifyEnv(testEnvelope);\r\n if (!verification.valid) {\r\n res\r\n .status(400)\r\n .json({ error: 'Key pair verification failed: ' + verification.reason });\r\n return;\r\n }\r\n\r\n const { token, expiresAt } = createToken({ publicKey, name });\r\n pruneExpiredSessions(sessions, buffer);\r\n\r\n const session: RestSession = {\r\n publicKey,\r\n privateKey,\r\n name,\r\n metadata,\r\n registeredAt: Date.now(),\r\n expiresAt,\r\n token,\r\n };\r\n sessions.set(publicKey, session);\r\n\r\n const wsAgents = relay.getAgents();\r\n const peers: Array<{ publicKey: string; name?: string; lastSeen: number }> = [];\r\n for (const agent of wsAgents.values()) {\r\n if (agent.publicKey !== publicKey) {\r\n peers.push({\r\n publicKey: agent.publicKey,\r\n name: agent.name,\r\n lastSeen: agent.lastSeen,\r\n });\r\n }\r\n }\r\n for (const s of sessions.values()) {\r\n if (s.publicKey !== publicKey && !wsAgents.has(s.publicKey)) {\r\n peers.push({\r\n publicKey: s.publicKey,\r\n name: s.name,\r\n lastSeen: s.registeredAt,\r\n });\r\n }\r\n }\r\n\r\n res.json({ token, expiresAt, peers });\r\n });\r\n\r\n router.post(\r\n '/v1/send',\r\n requireAuth,\r\n async (req: AuthenticatedRequest, res: Response) => {\r\n const { to, type, payload, inReplyTo } = req.body as {\r\n to?: string;\r\n type?: string;\r\n payload?: unknown;\r\n inReplyTo?: string;\r\n };\r\n\r\n if (!to || typeof to !== 'string') {\r\n res.status(400).json({ error: 'to is required' });\r\n return;\r\n }\r\n if (!type || typeof type !== 'string') {\r\n res.status(400).json({ error: 'type is required' });\r\n return;\r\n }\r\n if (payload === undefined) {\r\n res.status(400).json({ error: 'payload is required' });\r\n return;\r\n }\r\n\r\n const senderPublicKey = req.agent!.publicKey;\r\n const session = sessions.get(senderPublicKey);\r\n if (!session) {\r\n res.status(401).json({ error: 'Session not found — please re-register' });\r\n return;\r\n }\r\n\r\n const envelope = createEnv(\r\n type,\r\n senderPublicKey,\r\n [to],\r\n session.privateKey,\r\n payload,\r\n Date.now(),\r\n inReplyTo\r\n );\r\n\r\n const wsAgents = relay.getAgents();\r\n const wsRecipient = wsAgents.get(to);\r\n if (wsRecipient && wsRecipient.socket) {\r\n const ws = wsRecipient.socket as { readyState: number; send(data: string): void };\r\n const OPEN = 1;\r\n if (ws.readyState !== OPEN) {\r\n res.status(503).json({ error: 'Recipient connection is not open' });\r\n return;\r\n }\r\n try {\r\n const relayMsg = JSON.stringify({\r\n type: 'message',\r\n from: senderPublicKey,\r\n name: session.name,\r\n envelope,\r\n });\r\n ws.send(relayMsg);\r\n res.json({ ok: true, envelopeId: envelope.id });\r\n return;\r\n } catch (err) {\r\n res.status(500).json({\r\n error:\r\n 'Failed to deliver message: ' +\r\n (err instanceof Error ? err.message : String(err)),\r\n });\r\n return;\r\n }\r\n }\r\n\r\n const restRecipient = sessions.get(to);\r\n if (restRecipient) {\r\n const senderAgent = wsAgents.get(senderPublicKey);\r\n const msg: BufferedMessage = {\r\n id: envelope.id,\r\n from: senderPublicKey,\r\n fromName: session.name ?? senderAgent?.name,\r\n type: envelope.type,\r\n payload: envelope.payload,\r\n timestamp: envelope.timestamp,\r\n inReplyTo: envelope.inReplyTo,\r\n };\r\n buffer.add(to, msg);\r\n res.json({ ok: true, envelopeId: envelope.id });\r\n return;\r\n }\r\n\r\n res.status(404).json({ error: 'Recipient not connected' });\r\n }\r\n );\r\n\r\n router.get(\r\n '/v1/peers',\r\n requireAuth,\r\n (req: AuthenticatedRequest, res: Response) => {\r\n const callerPublicKey = req.agent!.publicKey;\r\n const wsAgents = relay.getAgents();\r\n const peerList: Array<{\r\n publicKey: string;\r\n name?: string;\r\n lastSeen: number;\r\n metadata?: { version?: string; capabilities?: string[] };\r\n }> = [];\r\n\r\n for (const agent of wsAgents.values()) {\r\n if (agent.publicKey !== callerPublicKey) {\r\n peerList.push({\r\n publicKey: agent.publicKey,\r\n name: agent.name,\r\n lastSeen: agent.lastSeen,\r\n metadata: agent.metadata,\r\n });\r\n }\r\n }\r\n\r\n for (const s of sessions.values()) {\r\n if (s.publicKey !== callerPublicKey && !wsAgents.has(s.publicKey)) {\r\n peerList.push({\r\n publicKey: s.publicKey,\r\n name: s.name,\r\n lastSeen: s.registeredAt,\r\n metadata: s.metadata,\r\n });\r\n }\r\n }\r\n\r\n res.json({ peers: peerList });\r\n }\r\n );\r\n\r\n router.get(\r\n '/v1/messages',\r\n requireAuth,\r\n (req: AuthenticatedRequest, res: Response) => {\r\n const publicKey = req.agent!.publicKey;\r\n const sinceRaw = req.query.since as string | undefined;\r\n const limitRaw = req.query.limit as string | undefined;\r\n\r\n const since = sinceRaw ? parseInt(sinceRaw, 10) : undefined;\r\n const limit = Math.min(limitRaw ? parseInt(limitRaw, 10) : 50, 100);\r\n\r\n let messages = buffer.get(publicKey, since);\r\n const hasMore = messages.length > limit;\r\n if (hasMore) {\r\n messages = messages.slice(0, limit);\r\n }\r\n\r\n if (since === undefined) {\r\n buffer.clear(publicKey);\r\n }\r\n\r\n res.json({ messages, hasMore });\r\n }\r\n );\r\n\r\n router.delete(\r\n '/v1/disconnect',\r\n requireAuth,\r\n (req: AuthenticatedRequest, res: Response) => {\r\n const publicKey = req.agent!.publicKey;\r\n const authHeader = req.headers.authorization!;\r\n const token = authHeader.slice(7);\r\n\r\n revokeToken(token);\r\n sessions.delete(publicKey);\r\n buffer.delete(publicKey);\r\n\r\n res.json({ ok: true });\r\n }\r\n );\r\n\r\n return router;\r\n}\r\n","/**\r\n * run-relay.ts — Start Agora relay: WebSocket server and optional REST API.\r\n *\r\n * When REST is enabled, starts:\r\n * 1. WebSocket relay (RelayServer) on wsPort\r\n * 2. REST API server (Express) on restPort\r\n *\r\n * Environment variables:\r\n * RELAY_PORT — WebSocket relay port (default: 3002); alias: PORT\r\n * REST_PORT — REST API port (default: 3001)\r\n * JWT_SECRET — Secret for JWT session tokens (alias: AGORA_RELAY_JWT_SECRET)\r\n * AGORA_JWT_EXPIRY_SECONDS — JWT expiry in seconds (default: 3600)\r\n * MAX_PEERS — Maximum concurrent registered peers (default: 100)\r\n * MESSAGE_TTL_MS — Message buffer TTL in ms (default: 86400000 = 24h)\r\n * RATE_LIMIT_RPM — REST API requests per minute per IP (default: 60)\r\n * ALLOWED_ORIGINS — CORS origins, comma-separated or * (default: *)\r\n */\r\n\r\nimport http from 'node:http';\r\nimport express from 'express';\r\nimport cors from 'cors';\r\nimport { RelayServer, type RelayServerOptions } from './server';\r\nimport {\r\n createEnvelope,\r\n verifyEnvelope,\r\n type Envelope,\r\n type MessageType,\r\n} from '../message/envelope';\r\nimport { createRestRouter, type CreateEnvelopeFn } from './rest-api';\r\nimport { MessageBuffer } from './message-buffer';\r\nimport type { RestSession } from './rest-api';\r\n\r\n/** Wrapper so REST API can pass string type; createEnvelope expects MessageType */\r\nconst createEnvelopeForRest: CreateEnvelopeFn = (\r\n type,\r\n from,\r\n to,\r\n privateKey,\r\n payload,\r\n timestamp,\r\n inReplyTo\r\n) =>\r\n createEnvelope(\r\n type as MessageType,\r\n from,\r\n privateKey,\r\n payload,\r\n timestamp ?? Date.now(),\r\n inReplyTo,\r\n to\r\n );\r\n\r\nexport interface RunRelayOptions {\r\n /** WebSocket port (default from RELAY_PORT or PORT env, or 3002) */\r\n wsPort?: number;\r\n /** REST API port (default from REST_PORT env, or 3001). Ignored if enableRest is false. */\r\n restPort?: number;\r\n /** Enable REST API (requires JWT_SECRET or AGORA_RELAY_JWT_SECRET). Default: true if secret is set. */\r\n enableRest?: boolean;\r\n /** Relay server options (identity, storagePeers, storageDir) */\r\n relayOptions?: RelayServerOptions;\r\n}\r\n\r\n/**\r\n * Start WebSocket relay and optionally REST API.\r\n * Returns { relay, httpServer } where httpServer is set only when REST is enabled.\r\n */\r\nexport async function runRelay(options: RunRelayOptions = {}): Promise<{\r\n relay: RelayServer;\r\n httpServer?: http.Server;\r\n}> {\r\n const wsPort = options.wsPort ?? parseInt(\r\n process.env.RELAY_PORT ?? process.env.PORT ?? '3002', 10\r\n );\r\n const jwtSecret = process.env.JWT_SECRET ?? process.env.AGORA_RELAY_JWT_SECRET;\r\n const enableRest =\r\n options.enableRest ??\r\n (typeof jwtSecret === 'string' && jwtSecret.length > 0);\r\n\r\n const maxPeers = parseInt(process.env.MAX_PEERS ?? '100', 10);\r\n const relayOptions: RelayServerOptions = { ...options.relayOptions, maxPeers };\r\n\r\n const relay = new RelayServer(relayOptions);\r\n await relay.start(wsPort);\r\n\r\n if (!enableRest) {\r\n return { relay };\r\n }\r\n\r\n if (!jwtSecret) {\r\n await relay.stop();\r\n throw new Error(\r\n 'JWT_SECRET (or AGORA_RELAY_JWT_SECRET) environment variable is required when REST API is enabled'\r\n );\r\n }\r\n\r\n // Expose jwtSecret via env so jwt-auth.ts can read it (it reads AGORA_RELAY_JWT_SECRET)\r\n if (!process.env.AGORA_RELAY_JWT_SECRET) {\r\n process.env.AGORA_RELAY_JWT_SECRET = jwtSecret;\r\n }\r\n\r\n const restPort = options.restPort ?? parseInt(process.env.REST_PORT ?? '3001', 10);\r\n const messageTtlMs = parseInt(process.env.MESSAGE_TTL_MS ?? '86400000', 10);\r\n const messageBuffer = new MessageBuffer({ ttlMs: messageTtlMs });\r\n const restSessions = new Map<string, RestSession>();\r\n\r\n const allowedOrigins = process.env.ALLOWED_ORIGINS ?? '*';\r\n const corsOrigins = allowedOrigins === '*'\r\n ? '*'\r\n : allowedOrigins.split(',').map((o) => o.trim()).filter((o) => o.length > 0);\r\n\r\n const app = express();\r\n app.use(cors({\r\n origin: corsOrigins,\r\n methods: ['GET', 'POST', 'DELETE'],\r\n allowedHeaders: ['Content-Type', 'Authorization'],\r\n }));\r\n app.use(express.json());\r\n\r\n const verifyForRest = (envelope: unknown): { valid: boolean; reason?: string } =>\r\n verifyEnvelope(envelope as Envelope);\r\n\r\n const rateLimitRpm = parseInt(process.env.RATE_LIMIT_RPM ?? '60', 10);\r\n const router = createRestRouter(\r\n relay as Parameters<typeof createRestRouter>[0],\r\n messageBuffer,\r\n restSessions,\r\n createEnvelopeForRest,\r\n verifyForRest,\r\n rateLimitRpm\r\n );\r\n app.use(router);\r\n\r\n app.use((_req, res) => {\r\n res.status(404).json({ error: 'Not found' });\r\n });\r\n\r\n const httpServer = http.createServer(app);\r\n await new Promise<void>((resolve, reject) => {\r\n httpServer.listen(restPort, () => resolve());\r\n httpServer.on('error', reject);\r\n });\r\n\r\n return { relay, httpServer };\r\n}\r\n"],"mappings":";;;;;;;AAsBA,IAAM,yBAAyB;AAOxB,IAAM,gBAAN,MAAoB;AAAA,EACjB,UAAwC,oBAAI,IAAI;AAAA,EAChD;AAAA,EAER,YAAY,SAA8B;AACxC,SAAK,QAAQ,SAAS,SAAS;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,WAAmB,SAAgC;AACrD,QAAI,QAAQ,KAAK,QAAQ,IAAI,SAAS;AACtC,QAAI,CAAC,OAAO;AACV,cAAQ,CAAC;AACT,WAAK,QAAQ,IAAI,WAAW,KAAK;AAAA,IACnC;AACA,UAAM,KAAK,EAAE,SAAS,YAAY,KAAK,IAAI,EAAE,CAAC;AAC9C,QAAI,MAAM,SAAS,wBAAwB;AACzC,YAAM,MAAM;AAAA,IACd;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,WAAmB,OAAmC;AACxD,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,QAAQ,KAAK,QAAQ,IAAI,SAAS,KAAK,CAAC;AAE5C,YAAQ,MAAM,OAAO,CAAC,MAAM,MAAM,EAAE,aAAa,KAAK,KAAK;AAC3D,SAAK,QAAQ,IAAI,WAAW,KAAK;AACjC,UAAM,WAAW,MAAM,IAAI,CAAC,MAAM,EAAE,OAAO;AAC3C,QAAI,UAAU,QAAW;AACvB,aAAO,CAAC,GAAG,QAAQ;AAAA,IACrB;AACA,WAAO,SAAS,OAAO,CAAC,MAAM,EAAE,YAAY,KAAK;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAyB;AAC7B,SAAK,QAAQ,IAAI,WAAW,CAAC,CAAC;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,WAAyB;AAC9B,SAAK,QAAQ,OAAO,SAAS;AAAA,EAC/B;AACF;;;AC1EA,OAAO,SAAS;AAChB,SAAS,mBAAmB;AAqB5B,IAAM,cAAmC,oBAAI,IAAI;AAMjD,SAAS,0BAAgC;AACvC,QAAM,MAAM,KAAK,IAAI;AACrB,aAAW,CAAC,KAAK,MAAM,KAAK,aAAa;AACvC,QAAI,UAAU,KAAK;AACjB,kBAAY,OAAO,GAAG;AAAA,IACxB;AAAA,EACF;AACF;AAEA,SAAS,eAAuB;AAC9B,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,mBAA2B;AAClC,QAAM,MAAM,QAAQ,IAAI;AACxB,MAAI,KAAK;AACP,UAAM,SAAS,SAAS,KAAK,EAAE;AAC/B,QAAI,CAAC,MAAM,MAAM,KAAK,SAAS,GAAG;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAMO,SAAS,YAAY,SAG1B;AACA,QAAM,SAAS,aAAa;AAC5B,QAAM,gBAAgB,iBAAiB;AACvC,QAAM,MAAM,GAAG,KAAK,IAAI,CAAC,IAAI,YAAY,EAAE,EAAE,SAAS,KAAK,CAAC;AAE5D,QAAM,QAAQ,IAAI;AAAA,IAChB,EAAE,WAAW,QAAQ,WAAW,MAAM,QAAQ,MAAM,IAAI;AAAA,IACxD;AAAA,IACA,EAAE,WAAW,cAAc;AAAA,EAC7B;AAEA,QAAM,YAAY,KAAK,IAAI,IAAI,gBAAgB;AAC/C,SAAO,EAAE,OAAO,UAAU;AAC5B;AAOO,SAAS,YAAY,OAAqB;AAC/C,MAAI;AACF,UAAM,SAAS,aAAa;AAC5B,UAAM,UAAU,IAAI,OAAO,OAAO,MAAM;AAIxC,QAAI,QAAQ,KAAK;AACf,YAAM,SAAS,QAAQ,MAAM,QAAQ,MAAM,MAAO,KAAK,IAAI;AAC3D,kBAAY,IAAI,QAAQ,KAAK,MAAM;AACnC,8BAAwB;AAAA,IAC1B;AAAA,EACF,QAAQ;AAAA,EAER;AACF;AAOO,SAAS,YACd,KACA,KACA,MACM;AACN,QAAM,aAAa,IAAI,QAAQ;AAC/B,MAAI,CAAC,cAAc,CAAC,WAAW,WAAW,SAAS,GAAG;AACpD,QAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,4CAA4C,CAAC;AAC3E;AAAA,EACF;AAEA,QAAM,QAAQ,WAAW,MAAM,CAAC;AAChC,MAAI;AACF,UAAM,SAAS,aAAa;AAC5B,UAAM,UAAU,IAAI,OAAO,OAAO,MAAM;AAMxC,QAAI,QAAQ,OAAO,YAAY,IAAI,QAAQ,GAAG,GAAG;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;AACxD;AAAA,IACF;AAEA,QAAI,QAAQ,EAAE,WAAW,QAAQ,WAAW,MAAM,QAAQ,KAAK;AAC/D,SAAK;AAAA,EACP,SAAS,KAAK;AACZ,QAAI,eAAe,IAAI,mBAAmB;AACxC,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB,CAAC;AAAA,IACjD,OAAO;AACL,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,gBAAgB,CAAC;AAAA,IACjD;AAAA,EACF;AACF;;;AC3IA,SAAS,cAAc;AAEvB,SAAS,iBAAiB;AAS1B,IAAM,eAAe,CAAC,QAA8C,UAAU;AAAA,EAC5E,UAAU;AAAA,EACV,OAAO;AAAA,EACP,iBAAiB;AAAA,EACjB,eAAe;AAAA,EACf,SAAS,EAAE,OAAO,2CAAsC;AAC1D,CAAC;AAgBD,SAAS,qBACP,UACA,QACM;AACN,QAAM,MAAM,KAAK,IAAI;AACrB,aAAW,CAAC,WAAW,OAAO,KAAK,UAAU;AAC3C,QAAI,QAAQ,aAAa,KAAK;AAC5B,eAAS,OAAO,SAAS;AACzB,aAAO,OAAO,SAAS;AAAA,IACzB;AAAA,EACF;AACF;AAuDO,SAAS,iBACd,OACA,QACA,UACA,WACA,WACA,eAAe,IACP;AACR,QAAM,SAAS,OAAO;AACtB,SAAO,IAAI,aAAa,YAAY,CAAC;AAErC,QAAM,GAAG,mBAAmB,CAAC,MAAM,IAAI,aAAa;AAClD,QAAI,CAAC,SAAS,IAAI,EAAE,EAAG;AACvB,UAAM,WAAW,MAAM,UAAU;AACjC,UAAM,cAAc,SAAS,IAAI,IAAI;AACrC,UAAM,MAAM;AAOZ,UAAM,MAAuB;AAAA,MAC3B,IAAI,IAAI;AAAA,MACR;AAAA,MACA,UAAU,aAAa;AAAA,MACvB,MAAM,IAAI;AAAA,MACV,SAAS,IAAI;AAAA,MACb,WAAW,IAAI;AAAA,MACf,WAAW,IAAI;AAAA,IACjB;AACA,WAAO,IAAI,IAAI,GAAG;AAAA,EACpB,CAAC;AAED,SAAO,KAAK,gBAAgB,OAAO,KAAc,QAAkB;AACjE,UAAM,EAAE,WAAW,YAAY,MAAM,SAAS,IAAI,IAAI;AAOtD,QAAI,CAAC,aAAa,OAAO,cAAc,UAAU;AAC/C,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,wBAAwB,CAAC;AACvD;AAAA,IACF;AACA,QAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,yBAAyB,CAAC;AACxD;AAAA,IACF;AAEA,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,CAAC,SAAS;AAAA,MACV;AAAA,MACA,EAAE,WAAW,WAAW;AAAA,MACxB,KAAK,IAAI;AAAA,IACX;AACA,UAAM,eAAe,UAAU,YAAY;AAC3C,QAAI,CAAC,aAAa,OAAO;AACvB,UACG,OAAO,GAAG,EACV,KAAK,EAAE,OAAO,mCAAmC,aAAa,OAAO,CAAC;AACzE;AAAA,IACF;AAEA,UAAM,EAAE,OAAO,UAAU,IAAI,YAAY,EAAE,WAAW,KAAK,CAAC;AAC5D,yBAAqB,UAAU,MAAM;AAErC,UAAM,UAAuB;AAAA,MAC3B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,KAAK,IAAI;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AACA,aAAS,IAAI,WAAW,OAAO;AAE/B,UAAM,WAAW,MAAM,UAAU;AACjC,UAAM,QAAuE,CAAC;AAC9E,eAAW,SAAS,SAAS,OAAO,GAAG;AACrC,UAAI,MAAM,cAAc,WAAW;AACjC,cAAM,KAAK;AAAA,UACT,WAAW,MAAM;AAAA,UACjB,MAAM,MAAM;AAAA,UACZ,UAAU,MAAM;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AACA,eAAW,KAAK,SAAS,OAAO,GAAG;AACjC,UAAI,EAAE,cAAc,aAAa,CAAC,SAAS,IAAI,EAAE,SAAS,GAAG;AAC3D,cAAM,KAAK;AAAA,UACT,WAAW,EAAE;AAAA,UACb,MAAM,EAAE;AAAA,UACR,UAAU,EAAE;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF;AAEA,QAAI,KAAK,EAAE,OAAO,WAAW,MAAM,CAAC;AAAA,EACtC,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,OAAO,KAA2B,QAAkB;AAClD,YAAM,EAAE,IAAI,MAAM,SAAS,UAAU,IAAI,IAAI;AAO7C,UAAI,CAAC,MAAM,OAAO,OAAO,UAAU;AACjC,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,iBAAiB,CAAC;AAChD;AAAA,MACF;AACA,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mBAAmB,CAAC;AAClD;AAAA,MACF;AACA,UAAI,YAAY,QAAW;AACzB,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,sBAAsB,CAAC;AACrD;AAAA,MACF;AAEA,YAAM,kBAAkB,IAAI,MAAO;AACnC,YAAM,UAAU,SAAS,IAAI,eAAe;AAC5C,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,8CAAyC,CAAC;AACxE;AAAA,MACF;AAEA,YAAM,WAAW;AAAA,QACf;AAAA,QACA;AAAA,QACA,CAAC,EAAE;AAAA,QACH,QAAQ;AAAA,QACR;AAAA,QACA,KAAK,IAAI;AAAA,QACT;AAAA,MACF;AAEA,YAAM,WAAW,MAAM,UAAU;AACjC,YAAM,cAAc,SAAS,IAAI,EAAE;AACnC,UAAI,eAAe,YAAY,QAAQ;AACrC,cAAM,KAAK,YAAY;AACvB,cAAM,OAAO;AACb,YAAI,GAAG,eAAe,MAAM;AAC1B,cAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,mCAAmC,CAAC;AAClE;AAAA,QACF;AACA,YAAI;AACF,gBAAM,WAAW,KAAK,UAAU;AAAA,YAC9B,MAAM;AAAA,YACN,MAAM;AAAA,YACN,MAAM,QAAQ;AAAA,YACd;AAAA,UACF,CAAC;AACD,aAAG,KAAK,QAAQ;AAChB,cAAI,KAAK,EAAE,IAAI,MAAM,YAAY,SAAS,GAAG,CAAC;AAC9C;AAAA,QACF,SAAS,KAAK;AACZ,cAAI,OAAO,GAAG,EAAE,KAAK;AAAA,YACnB,OACE,iCACC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG;AAAA,UACpD,CAAC;AACD;AAAA,QACF;AAAA,MACF;AAEA,YAAM,gBAAgB,SAAS,IAAI,EAAE;AACrC,UAAI,eAAe;AACjB,cAAM,cAAc,SAAS,IAAI,eAAe;AAChD,cAAM,MAAuB;AAAA,UAC3B,IAAI,SAAS;AAAA,UACb,MAAM;AAAA,UACN,UAAU,QAAQ,QAAQ,aAAa;AAAA,UACvC,MAAM,SAAS;AAAA,UACf,SAAS,SAAS;AAAA,UAClB,WAAW,SAAS;AAAA,UACpB,WAAW,SAAS;AAAA,QACtB;AACA,eAAO,IAAI,IAAI,GAAG;AAClB,YAAI,KAAK,EAAE,IAAI,MAAM,YAAY,SAAS,GAAG,CAAC;AAC9C;AAAA,MACF;AAEA,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,0BAA0B,CAAC;AAAA,IAC3D;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,kBAAkB,IAAI,MAAO;AACnC,YAAM,WAAW,MAAM,UAAU;AACjC,YAAM,WAKD,CAAC;AAEN,iBAAW,SAAS,SAAS,OAAO,GAAG;AACrC,YAAI,MAAM,cAAc,iBAAiB;AACvC,mBAAS,KAAK;AAAA,YACZ,WAAW,MAAM;AAAA,YACjB,MAAM,MAAM;AAAA,YACZ,UAAU,MAAM;AAAA,YAChB,UAAU,MAAM;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF;AAEA,iBAAW,KAAK,SAAS,OAAO,GAAG;AACjC,YAAI,EAAE,cAAc,mBAAmB,CAAC,SAAS,IAAI,EAAE,SAAS,GAAG;AACjE,mBAAS,KAAK;AAAA,YACZ,WAAW,EAAE;AAAA,YACb,MAAM,EAAE;AAAA,YACR,UAAU,EAAE;AAAA,YACZ,UAAU,EAAE;AAAA,UACd,CAAC;AAAA,QACH;AAAA,MACF;AAEA,UAAI,KAAK,EAAE,OAAO,SAAS,CAAC;AAAA,IAC9B;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,YAAY,IAAI,MAAO;AAC7B,YAAM,WAAW,IAAI,MAAM;AAC3B,YAAM,WAAW,IAAI,MAAM;AAE3B,YAAM,QAAQ,WAAW,SAAS,UAAU,EAAE,IAAI;AAClD,YAAM,QAAQ,KAAK,IAAI,WAAW,SAAS,UAAU,EAAE,IAAI,IAAI,GAAG;AAElE,UAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC1C,YAAM,UAAU,SAAS,SAAS;AAClC,UAAI,SAAS;AACX,mBAAW,SAAS,MAAM,GAAG,KAAK;AAAA,MACpC;AAEA,UAAI,UAAU,QAAW;AACvB,eAAO,MAAM,SAAS;AAAA,MACxB;AAEA,UAAI,KAAK,EAAE,UAAU,QAAQ,CAAC;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA,CAAC,KAA2B,QAAkB;AAC5C,YAAM,YAAY,IAAI,MAAO;AAC7B,YAAM,aAAa,IAAI,QAAQ;AAC/B,YAAM,QAAQ,WAAW,MAAM,CAAC;AAEhC,kBAAY,KAAK;AACjB,eAAS,OAAO,SAAS;AACzB,aAAO,OAAO,SAAS;AAEvB,UAAI,KAAK,EAAE,IAAI,KAAK,CAAC;AAAA,IACvB;AAAA,EACF;AAEA,SAAO;AACT;;;ACjXA,OAAO,UAAU;AACjB,OAAO,aAAa;AACpB,OAAO,UAAU;AAajB,IAAM,wBAA0C,CAC9C,MACA,MACA,IACA,YACA,SACA,WACA,cAEA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,aAAa,KAAK,IAAI;AAAA,EACtB;AAAA,EACA;AACF;AAiBF,eAAsB,SAAS,UAA2B,CAAC,GAGxD;AACD,QAAM,SAAS,QAAQ,UAAU;AAAA,IAC/B,QAAQ,IAAI,cAAc,QAAQ,IAAI,QAAQ;AAAA,IAAQ;AAAA,EACxD;AACA,QAAM,YAAY,QAAQ,IAAI,cAAc,QAAQ,IAAI;AACxD,QAAM,aACJ,QAAQ,eACP,OAAO,cAAc,YAAY,UAAU,SAAS;AAEvD,QAAM,WAAW,SAAS,QAAQ,IAAI,aAAa,OAAO,EAAE;AAC5D,QAAM,eAAmC,EAAE,GAAG,QAAQ,cAAc,SAAS;AAE7E,QAAM,QAAQ,IAAI,YAAY,YAAY;AAC1C,QAAM,MAAM,MAAM,MAAM;AAExB,MAAI,CAAC,YAAY;AACf,WAAO,EAAE,MAAM;AAAA,EACjB;AAEA,MAAI,CAAC,WAAW;AACd,UAAM,MAAM,KAAK;AACjB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAGA,MAAI,CAAC,QAAQ,IAAI,wBAAwB;AACvC,YAAQ,IAAI,yBAAyB;AAAA,EACvC;AAEA,QAAM,WAAW,QAAQ,YAAY,SAAS,QAAQ,IAAI,aAAa,QAAQ,EAAE;AACjF,QAAM,eAAe,SAAS,QAAQ,IAAI,kBAAkB,YAAY,EAAE;AAC1E,QAAM,gBAAgB,IAAI,cAAc,EAAE,OAAO,aAAa,CAAC;AAC/D,QAAM,eAAe,oBAAI,IAAyB;AAElD,QAAM,iBAAiB,QAAQ,IAAI,mBAAmB;AACtD,QAAM,cAAc,mBAAmB,MACnC,MACA,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;AAE7E,QAAM,MAAM,QAAQ;AACpB,MAAI,IAAI,KAAK;AAAA,IACX,QAAQ;AAAA,IACR,SAAS,CAAC,OAAO,QAAQ,QAAQ;AAAA,IACjC,gBAAgB,CAAC,gBAAgB,eAAe;AAAA,EAClD,CAAC,CAAC;AACF,MAAI,IAAI,QAAQ,KAAK,CAAC;AAEtB,QAAM,gBAAgB,CAAC,aACrB,eAAe,QAAoB;AAErC,QAAM,eAAe,SAAS,QAAQ,IAAI,kBAAkB,MAAM,EAAE;AACpE,QAAM,SAAS;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,IAAI,MAAM;AAEd,MAAI,IAAI,CAAC,MAAM,QAAQ;AACrB,QAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,YAAY,CAAC;AAAA,EAC7C,CAAC;AAED,QAAM,aAAa,KAAK,aAAa,GAAG;AACxC,QAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,eAAW,OAAO,UAAU,MAAM,QAAQ,CAAC;AAC3C,eAAW,GAAG,SAAS,MAAM;AAAA,EAC/B,CAAC;AAED,SAAO,EAAE,OAAO,WAAW;AAC7B;","names":[]}