npm - @sempdev/semp - Versions diffs - 0.4.3 - Mend

@sempdev/semp 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/LICENSE +21 -0
package/README.md +59 -0
package/dist/brief/address.d.ts +77 -0
package/dist/brief/address.d.ts.map +1 -0
package/dist/brief/address.js +217 -0
package/dist/brief/address.js.map +1 -0
package/dist/brief/brief.d.ts +75 -0
package/dist/brief/brief.d.ts.map +1 -0
package/dist/brief/brief.js +56 -0
package/dist/brief/brief.js.map +1 -0
package/dist/brief/index.d.ts +11 -0
package/dist/brief/index.d.ts.map +1 -0
package/dist/brief/index.js +11 -0
package/dist/brief/index.js.map +1 -0
package/dist/canonical/index.d.ts +8 -0
package/dist/canonical/index.d.ts.map +1 -0
package/dist/canonical/index.js +8 -0
package/dist/canonical/index.js.map +1 -0
package/dist/canonical/marshal.d.ts +35 -0
package/dist/canonical/marshal.d.ts.map +1 -0
package/dist/canonical/marshal.js +107 -0
package/dist/canonical/marshal.js.map +1 -0
package/dist/clockskew/index.d.ts +52 -0
package/dist/clockskew/index.d.ts.map +1 -0
package/dist/clockskew/index.js +62 -0
package/dist/clockskew/index.js.map +1 -0
package/dist/closure/closure.d.ts +106 -0
package/dist/closure/closure.d.ts.map +1 -0
package/dist/closure/closure.js +152 -0
package/dist/closure/closure.js.map +1 -0
package/dist/closure/driver.d.ts +103 -0
package/dist/closure/driver.d.ts.map +1 -0
package/dist/closure/driver.js +126 -0
package/dist/closure/driver.js.map +1 -0
package/dist/closure/index.d.ts +13 -0
package/dist/closure/index.d.ts.map +1 -0
package/dist/closure/index.js +13 -0
package/dist/closure/index.js.map +1 -0
package/dist/closure/store.d.ts +80 -0
package/dist/closure/store.d.ts.map +1 -0
package/dist/closure/store.js +89 -0
package/dist/closure/store.js.map +1 -0
package/dist/crypto/aead.d.ts +29 -0
package/dist/crypto/aead.d.ts.map +1 -0
package/dist/crypto/aead.js +48 -0
package/dist/crypto/aead.js.map +1 -0
package/dist/crypto/argon2.d.ts +20 -0
package/dist/crypto/argon2.d.ts.map +1 -0
package/dist/crypto/argon2.js +28 -0
package/dist/crypto/argon2.js.map +1 -0
package/dist/crypto/index.d.ts +14 -0
package/dist/crypto/index.d.ts.map +1 -0
package/dist/crypto/index.js +14 -0
package/dist/crypto/index.js.map +1 -0
package/dist/crypto/kdf.d.ts +96 -0
package/dist/crypto/kdf.d.ts.map +1 -0
package/dist/crypto/kdf.js +122 -0
package/dist/crypto/kdf.js.map +1 -0
package/dist/crypto/kem.d.ts +85 -0
package/dist/crypto/kem.d.ts.map +1 -0
package/dist/crypto/kem.js +130 -0
package/dist/crypto/kem.js.map +1 -0
package/dist/crypto/mac.d.ts +19 -0
package/dist/crypto/mac.d.ts.map +1 -0
package/dist/crypto/mac.js +32 -0
package/dist/crypto/mac.js.map +1 -0
package/dist/delivery/ack.d.ts +125 -0
package/dist/delivery/ack.d.ts.map +1 -0
package/dist/delivery/ack.js +141 -0
package/dist/delivery/ack.js.map +1 -0
package/dist/delivery/blocklist.d.ts +87 -0
package/dist/delivery/blocklist.d.ts.map +1 -0
package/dist/delivery/blocklist.js +107 -0
package/dist/delivery/blocklist.js.map +1 -0
package/dist/delivery/cancel.d.ts +60 -0
package/dist/delivery/cancel.d.ts.map +1 -0
package/dist/delivery/cancel.js +43 -0
package/dist/delivery/cancel.js.map +1 -0
package/dist/delivery/disposition.d.ts +106 -0
package/dist/delivery/disposition.d.ts.map +1 -0
package/dist/delivery/disposition.js +105 -0
package/dist/delivery/disposition.js.map +1 -0
package/dist/delivery/fetch.d.ts +59 -0
package/dist/delivery/fetch.d.ts.map +1 -0
package/dist/delivery/fetch.js +47 -0
package/dist/delivery/fetch.js.map +1 -0
package/dist/delivery/forwarder.d.ts +106 -0
package/dist/delivery/forwarder.d.ts.map +1 -0
package/dist/delivery/forwarder.js +251 -0
package/dist/delivery/forwarder.js.map +1 -0
package/dist/delivery/inbox.d.ts +42 -0
package/dist/delivery/inbox.d.ts.map +1 -0
package/dist/delivery/inbox.js +68 -0
package/dist/delivery/inbox.js.map +1 -0
package/dist/delivery/index.d.ts +31 -0
package/dist/delivery/index.d.ts.map +1 -0
package/dist/delivery/index.js +31 -0
package/dist/delivery/index.js.map +1 -0
package/dist/delivery/internalroute.d.ts +50 -0
package/dist/delivery/internalroute.d.ts.map +1 -0
package/dist/delivery/internalroute.js +23 -0
package/dist/delivery/internalroute.js.map +1 -0
package/dist/delivery/pipeline.d.ts +153 -0
package/dist/delivery/pipeline.d.ts.map +1 -0
package/dist/delivery/pipeline.js +356 -0
package/dist/delivery/pipeline.js.map +1 -0
package/dist/delivery/policy_state.d.ts +105 -0
package/dist/delivery/policy_state.d.ts.map +1 -0
package/dist/delivery/policy_state.js +293 -0
package/dist/delivery/policy_state.js.map +1 -0
package/dist/delivery/queue.d.ts +47 -0
package/dist/delivery/queue.d.ts.map +1 -0
package/dist/delivery/queue.js +33 -0
package/dist/delivery/queue.js.map +1 -0
package/dist/delivery/receipt.d.ts +137 -0
package/dist/delivery/receipt.d.ts.map +1 -0
package/dist/delivery/receipt.js +181 -0
package/dist/delivery/receipt.js.map +1 -0
package/dist/delivery/receipt_store.d.ts +81 -0
package/dist/delivery/receipt_store.d.ts.map +1 -0
package/dist/delivery/receipt_store.js +74 -0
package/dist/delivery/receipt_store.js.map +1 -0
package/dist/delivery/retry.d.ts +78 -0
package/dist/delivery/retry.d.ts.map +1 -0
package/dist/delivery/retry.js +132 -0
package/dist/delivery/retry.js.map +1 -0
package/dist/delivery/scheduler.d.ts +156 -0
package/dist/delivery/scheduler.d.ts.map +1 -0
package/dist/delivery/scheduler.js +349 -0
package/dist/delivery/scheduler.js.map +1 -0
package/dist/delivery/stage_partition.d.ts +87 -0
package/dist/delivery/stage_partition.d.ts.map +1 -0
package/dist/delivery/stage_partition.js +122 -0
package/dist/delivery/stage_partition.js.map +1 -0
package/dist/delivery/staged_runner.d.ts +100 -0
package/dist/delivery/staged_runner.d.ts.map +1 -0
package/dist/delivery/staged_runner.js +277 -0
package/dist/delivery/staged_runner.js.map +1 -0
package/dist/delivery/submission.d.ts +72 -0
package/dist/delivery/submission.d.ts.map +1 -0
package/dist/delivery/submission.js +58 -0
package/dist/delivery/submission.js.map +1 -0
package/dist/delivery/sync.d.ts +68 -0
package/dist/delivery/sync.d.ts.map +1 -0
package/dist/delivery/sync.js +99 -0
package/dist/delivery/sync.js.map +1 -0
package/dist/delivery/user_policy.d.ts +74 -0
package/dist/delivery/user_policy.d.ts.map +1 -0
package/dist/delivery/user_policy.js +140 -0
package/dist/delivery/user_policy.js.map +1 -0
package/dist/discovery/cache.d.ts +37 -0
package/dist/discovery/cache.d.ts.map +1 -0
package/dist/discovery/cache.js +45 -0
package/dist/discovery/cache.js.map +1 -0
package/dist/discovery/configuration.d.ts +97 -0
package/dist/discovery/configuration.d.ts.map +1 -0
package/dist/discovery/configuration.js +146 -0
package/dist/discovery/configuration.js.map +1 -0
package/dist/discovery/dns.d.ts +56 -0
package/dist/discovery/dns.d.ts.map +1 -0
package/dist/discovery/dns.js +120 -0
package/dist/discovery/dns.js.map +1 -0
package/dist/discovery/domain_keys.d.ts +62 -0
package/dist/discovery/domain_keys.d.ts.map +1 -0
package/dist/discovery/domain_keys.js +89 -0
package/dist/discovery/domain_keys.js.map +1 -0
package/dist/discovery/index.d.ts +19 -0
package/dist/discovery/index.d.ts.map +1 -0
package/dist/discovery/index.js +19 -0
package/dist/discovery/index.js.map +1 -0
package/dist/discovery/lookup.d.ts +72 -0
package/dist/discovery/lookup.d.ts.map +1 -0
package/dist/discovery/lookup.js +121 -0
package/dist/discovery/lookup.js.map +1 -0
package/dist/discovery/onion.d.ts +34 -0
package/dist/discovery/onion.d.ts.map +1 -0
package/dist/discovery/onion.js +61 -0
package/dist/discovery/onion.js.map +1 -0
package/dist/discovery/partition.d.ts +96 -0
package/dist/discovery/partition.d.ts.map +1 -0
package/dist/discovery/partition.js +247 -0
package/dist/discovery/partition.js.map +1 -0
package/dist/discovery/resolver.d.ts +113 -0
package/dist/discovery/resolver.d.ts.map +1 -0
package/dist/discovery/resolver.js +176 -0
package/dist/discovery/resolver.js.map +1 -0
package/dist/discovery/txt.d.ts +39 -0
package/dist/discovery/txt.d.ts.map +1 -0
package/dist/discovery/txt.js +71 -0
package/dist/discovery/txt.js.map +1 -0
package/dist/enclosure/forwarding.d.ts +128 -0
package/dist/enclosure/forwarding.d.ts.map +1 -0
package/dist/enclosure/forwarding.js +119 -0
package/dist/enclosure/forwarding.js.map +1 -0
package/dist/enclosure/index.d.ts +11 -0
package/dist/enclosure/index.d.ts.map +1 -0
package/dist/enclosure/index.js +11 -0
package/dist/enclosure/index.js.map +1 -0
package/dist/envelope/buckets.d.ts +38 -0
package/dist/envelope/buckets.d.ts.map +1 -0
package/dist/envelope/buckets.js +73 -0
package/dist/envelope/buckets.js.map +1 -0
package/dist/envelope/canonical.d.ts +28 -0
package/dist/envelope/canonical.d.ts.map +1 -0
package/dist/envelope/canonical.js +54 -0
package/dist/envelope/canonical.js.map +1 -0
package/dist/envelope/compose.d.ts +171 -0
package/dist/envelope/compose.d.ts.map +1 -0
package/dist/envelope/compose.js +237 -0
package/dist/envelope/compose.js.map +1 -0
package/dist/envelope/encode.d.ts +41 -0
package/dist/envelope/encode.d.ts.map +1 -0
package/dist/envelope/encode.js +69 -0
package/dist/envelope/encode.js.map +1 -0
package/dist/envelope/index.d.ts +20 -0
package/dist/envelope/index.d.ts.map +1 -0
package/dist/envelope/index.js +20 -0
package/dist/envelope/index.js.map +1 -0
package/dist/envelope/open_any.d.ts +48 -0
package/dist/envelope/open_any.d.ts.map +1 -0
package/dist/envelope/open_any.js +81 -0
package/dist/envelope/open_any.js.map +1 -0
package/dist/envelope/open_verified.d.ts +59 -0
package/dist/envelope/open_verified.d.ts.map +1 -0
package/dist/envelope/open_verified.js +67 -0
package/dist/envelope/open_verified.js.map +1 -0
package/dist/envelope/padding.d.ts +55 -0
package/dist/envelope/padding.d.ts.map +1 -0
package/dist/envelope/padding.js +162 -0
package/dist/envelope/padding.js.map +1 -0
package/dist/envelope/rejection.d.ts +22 -0
package/dist/envelope/rejection.d.ts.map +1 -0
package/dist/envelope/rejection.js +30 -0
package/dist/envelope/rejection.js.map +1 -0
package/dist/envelope/sendtime.d.ts +49 -0
package/dist/envelope/sendtime.d.ts.map +1 -0
package/dist/envelope/sendtime.js +87 -0
package/dist/envelope/sendtime.js.map +1 -0
package/dist/envelope/verify.d.ts +29 -0
package/dist/envelope/verify.d.ts.map +1 -0
package/dist/envelope/verify.js +90 -0
package/dist/envelope/verify.js.map +1 -0
package/dist/extensions/index.d.ts +7 -0
package/dist/extensions/index.d.ts.map +1 -0
package/dist/extensions/index.js +7 -0
package/dist/extensions/index.js.map +1 -0
package/dist/extensions/limits.d.ts +101 -0
package/dist/extensions/limits.d.ts.map +1 -0
package/dist/extensions/limits.js +175 -0
package/dist/extensions/limits.js.map +1 -0
package/dist/handshake/abort.d.ts +49 -0
package/dist/handshake/abort.d.ts.map +1 -0
package/dist/handshake/abort.js +82 -0
package/dist/handshake/abort.js.map +1 -0
package/dist/handshake/capabilities.d.ts +46 -0
package/dist/handshake/capabilities.d.ts.map +1 -0
package/dist/handshake/capabilities.js +114 -0
package/dist/handshake/capabilities.js.map +1 -0
package/dist/handshake/client_state.d.ts +186 -0
package/dist/handshake/client_state.d.ts.map +1 -0
package/dist/handshake/client_state.js +520 -0
package/dist/handshake/client_state.js.map +1 -0
package/dist/handshake/confirm.d.ts +21 -0
package/dist/handshake/confirm.d.ts.map +1 -0
package/dist/handshake/confirm.js +27 -0
package/dist/handshake/confirm.js.map +1 -0
package/dist/handshake/driver.d.ts +126 -0
package/dist/handshake/driver.d.ts.map +1 -0
package/dist/handshake/driver.js +251 -0
package/dist/handshake/driver.js.map +1 -0
package/dist/handshake/federation.d.ts +365 -0
package/dist/handshake/federation.d.ts.map +1 -0
package/dist/handshake/federation.js +664 -0
package/dist/handshake/federation.js.map +1 -0
package/dist/handshake/first_contact.d.ts +57 -0
package/dist/handshake/first_contact.d.ts.map +1 -0
package/dist/handshake/first_contact.js +124 -0
package/dist/handshake/first_contact.js.map +1 -0
package/dist/handshake/identity.d.ts +101 -0
package/dist/handshake/identity.d.ts.map +1 -0
package/dist/handshake/identity.js +117 -0
package/dist/handshake/identity.js.map +1 -0
package/dist/handshake/index.d.ts +21 -0
package/dist/handshake/index.d.ts.map +1 -0
package/dist/handshake/index.js +21 -0
package/dist/handshake/index.js.map +1 -0
package/dist/handshake/messages.d.ts +176 -0
package/dist/handshake/messages.d.ts.map +1 -0
package/dist/handshake/messages.js +125 -0
package/dist/handshake/messages.js.map +1 -0
package/dist/handshake/pow.d.ts +53 -0
package/dist/handshake/pow.d.ts.map +1 -0
package/dist/handshake/pow.js +142 -0
package/dist/handshake/pow.js.map +1 -0
package/dist/handshake/resume_driver.d.ts +56 -0
package/dist/handshake/resume_driver.d.ts.map +1 -0
package/dist/handshake/resume_driver.js +75 -0
package/dist/handshake/resume_driver.js.map +1 -0
package/dist/handshake/server.d.ts +112 -0
package/dist/handshake/server.d.ts.map +1 -0
package/dist/handshake/server.js +247 -0
package/dist/handshake/server.js.map +1 -0
package/dist/handshake/server_state.d.ts +102 -0
package/dist/handshake/server_state.d.ts.map +1 -0
package/dist/handshake/server_state.js +278 -0
package/dist/handshake/server_state.js.map +1 -0
package/dist/index.d.ts +33 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +33 -0
package/dist/index.js.map +1 -0
package/dist/keys/compromise.d.ts +118 -0
package/dist/keys/compromise.d.ts.map +1 -0
package/dist/keys/compromise.js +218 -0
package/dist/keys/compromise.js.map +1 -0
package/dist/keys/device_certificate.d.ts +166 -0
package/dist/keys/device_certificate.d.ts.map +1 -0
package/dist/keys/device_certificate.js +328 -0
package/dist/keys/device_certificate.js.map +1 -0
package/dist/keys/device_records.d.ts +175 -0
package/dist/keys/device_records.d.ts.map +1 -0
package/dist/keys/device_records.js +418 -0
package/dist/keys/device_records.js.map +1 -0
package/dist/keys/directory_cache.d.ts +64 -0
package/dist/keys/directory_cache.d.ts.map +1 -0
package/dist/keys/directory_cache.js +98 -0
package/dist/keys/directory_cache.js.map +1 -0
package/dist/keys/directory_state.d.ts +79 -0
package/dist/keys/directory_state.d.ts.map +1 -0
package/dist/keys/directory_state.js +155 -0
package/dist/keys/directory_state.js.map +1 -0
package/dist/keys/index.d.ts +18 -0
package/dist/keys/index.d.ts.map +1 -0
package/dist/keys/index.js +18 -0
package/dist/keys/index.js.map +1 -0
package/dist/keys/key_revocation.d.ts +61 -0
package/dist/keys/key_revocation.d.ts.map +1 -0
package/dist/keys/key_revocation.js +88 -0
package/dist/keys/key_revocation.js.map +1 -0
package/dist/keys/request.d.ts +124 -0
package/dist/keys/request.d.ts.map +1 -0
package/dist/keys/request.js +130 -0
package/dist/keys/request.js.map +1 -0
package/dist/keys/sign.d.ts +49 -0
package/dist/keys/sign.d.ts.map +1 -0
package/dist/keys/sign.js +80 -0
package/dist/keys/sign.js.map +1 -0
package/dist/keys/signed.d.ts +80 -0
package/dist/keys/signed.d.ts.map +1 -0
package/dist/keys/signed.js +138 -0
package/dist/keys/signed.js.map +1 -0
package/dist/keys/store.d.ts +138 -0
package/dist/keys/store.d.ts.map +1 -0
package/dist/keys/store.js +107 -0
package/dist/keys/store.js.map +1 -0
package/dist/largeattachment/crypto.d.ts +47 -0
package/dist/largeattachment/crypto.d.ts.map +1 -0
package/dist/largeattachment/crypto.js +235 -0
package/dist/largeattachment/crypto.js.map +1 -0
package/dist/largeattachment/enclosure.d.ts +48 -0
package/dist/largeattachment/enclosure.d.ts.map +1 -0
package/dist/largeattachment/enclosure.js +102 -0
package/dist/largeattachment/enclosure.js.map +1 -0
package/dist/largeattachment/index.d.ts +15 -0
package/dist/largeattachment/index.d.ts.map +1 -0
package/dist/largeattachment/index.js +15 -0
package/dist/largeattachment/index.js.map +1 -0
package/dist/largeattachment/store.d.ts +36 -0
package/dist/largeattachment/store.d.ts.map +1 -0
package/dist/largeattachment/store.js +37 -0
package/dist/largeattachment/store.js.map +1 -0
package/dist/largeattachment/types.d.ts +56 -0
package/dist/largeattachment/types.d.ts.map +1 -0
package/dist/largeattachment/types.js +31 -0
package/dist/largeattachment/types.js.map +1 -0
package/dist/largeattachment/upload.d.ts +62 -0
package/dist/largeattachment/upload.d.ts.map +1 -0
package/dist/largeattachment/upload.js +166 -0
package/dist/largeattachment/upload.js.map +1 -0
package/dist/migration/index.d.ts +17 -0
package/dist/migration/index.d.ts.map +1 -0
package/dist/migration/index.js +17 -0
package/dist/migration/index.js.map +1 -0
package/dist/migration/lockout.d.ts +48 -0
package/dist/migration/lockout.d.ts.map +1 -0
package/dist/migration/lockout.js +57 -0
package/dist/migration/lockout.js.map +1 -0
package/dist/migration/migration.d.ts +48 -0
package/dist/migration/migration.d.ts.map +1 -0
package/dist/migration/migration.js +58 -0
package/dist/migration/migration.js.map +1 -0
package/dist/migration/notice.d.ts +33 -0
package/dist/migration/notice.d.ts.map +1 -0
package/dist/migration/notice.js +85 -0
package/dist/migration/notice.js.map +1 -0
package/dist/migration/orchestrate.d.ts +109 -0
package/dist/migration/orchestrate.d.ts.map +1 -0
package/dist/migration/orchestrate.js +212 -0
package/dist/migration/orchestrate.js.map +1 -0
package/dist/migration/publication_store.d.ts +34 -0
package/dist/migration/publication_store.d.ts.map +1 -0
package/dist/migration/publication_store.js +44 -0
package/dist/migration/publication_store.js.map +1 -0
package/dist/migration/sign.d.ts +65 -0
package/dist/migration/sign.d.ts.map +1 -0
package/dist/migration/sign.js +331 -0
package/dist/migration/sign.js.map +1 -0
package/dist/migration/types.d.ts +92 -0
package/dist/migration/types.d.ts.map +1 -0
package/dist/migration/types.js +26 -0
package/dist/migration/types.js.map +1 -0
package/dist/reasoncodes.d.ts +42 -0
package/dist/reasoncodes.d.ts.map +1 -0
package/dist/reasoncodes.js +80 -0
package/dist/reasoncodes.js.map +1 -0
package/dist/recovery/bundle.d.ts +34 -0
package/dist/recovery/bundle.d.ts.map +1 -0
package/dist/recovery/bundle.js +144 -0
package/dist/recovery/bundle.js.map +1 -0
package/dist/recovery/bundle_crypto.d.ts +60 -0
package/dist/recovery/bundle_crypto.d.ts.map +1 -0
package/dist/recovery/bundle_crypto.js +179 -0
package/dist/recovery/bundle_crypto.js.map +1 -0
package/dist/recovery/bundle_store.d.ts +57 -0
package/dist/recovery/bundle_store.d.ts.map +1 -0
package/dist/recovery/bundle_store.js +104 -0
package/dist/recovery/bundle_store.js.map +1 -0
package/dist/recovery/index.d.ts +19 -0
package/dist/recovery/index.d.ts.map +1 -0
package/dist/recovery/index.js +19 -0
package/dist/recovery/index.js.map +1 -0
package/dist/recovery/manifest_crosscheck.d.ts +59 -0
package/dist/recovery/manifest_crosscheck.d.ts.map +1 -0
package/dist/recovery/manifest_crosscheck.js +59 -0
package/dist/recovery/manifest_crosscheck.js.map +1 -0
package/dist/recovery/shamir.d.ts +51 -0
package/dist/recovery/shamir.d.ts.map +1 -0
package/dist/recovery/shamir.js +181 -0
package/dist/recovery/shamir.js.map +1 -0
package/dist/recovery/sign.d.ts +61 -0
package/dist/recovery/sign.d.ts.map +1 -0
package/dist/recovery/sign.js +359 -0
package/dist/recovery/sign.js.map +1 -0
package/dist/recovery/types.d.ts +180 -0
package/dist/recovery/types.d.ts.map +1 -0
package/dist/recovery/types.js +31 -0
package/dist/recovery/types.js.map +1 -0
package/dist/reputation/abuse_report.d.ts +62 -0
package/dist/reputation/abuse_report.d.ts.map +1 -0
package/dist/reputation/abuse_report.js +111 -0
package/dist/reputation/abuse_report.js.map +1 -0
package/dist/reputation/bucketize.d.ts +31 -0
package/dist/reputation/bucketize.d.ts.map +1 -0
package/dist/reputation/bucketize.js +77 -0
package/dist/reputation/bucketize.js.map +1 -0
package/dist/reputation/gossip.d.ts +24 -0
package/dist/reputation/gossip.d.ts.map +1 -0
package/dist/reputation/gossip.js +64 -0
package/dist/reputation/gossip.js.map +1 -0
package/dist/reputation/gossip_fetch.d.ts +64 -0
package/dist/reputation/gossip_fetch.d.ts.map +1 -0
package/dist/reputation/gossip_fetch.js +114 -0
package/dist/reputation/gossip_fetch.js.map +1 -0
package/dist/reputation/index.d.ts +20 -0
package/dist/reputation/index.d.ts.map +1 -0
package/dist/reputation/index.js +20 -0
package/dist/reputation/index.js.map +1 -0
package/dist/reputation/observation_store.d.ts +67 -0
package/dist/reputation/observation_store.d.ts.map +1 -0
package/dist/reputation/observation_store.js +171 -0
package/dist/reputation/observation_store.js.map +1 -0
package/dist/reputation/pow.d.ts +91 -0
package/dist/reputation/pow.d.ts.map +1 -0
package/dist/reputation/pow.js +209 -0
package/dist/reputation/pow.js.map +1 -0
package/dist/reputation/sign.d.ts +40 -0
package/dist/reputation/sign.d.ts.map +1 -0
package/dist/reputation/sign.js +202 -0
package/dist/reputation/sign.js.map +1 -0
package/dist/reputation/types.d.ts +133 -0
package/dist/reputation/types.d.ts.map +1 -0
package/dist/reputation/types.js +33 -0
package/dist/reputation/types.js.map +1 -0
package/dist/reputation/whois.d.ts +25 -0
package/dist/reputation/whois.d.ts.map +1 -0
package/dist/reputation/whois.js +20 -0
package/dist/reputation/whois.js.map +1 -0
package/dist/seal/index.d.ts +8 -0
package/dist/seal/index.d.ts.map +1 -0
package/dist/seal/index.js +8 -0
package/dist/seal/index.js.map +1 -0
package/dist/seal/wrap.d.ts +74 -0
package/dist/seal/wrap.d.ts.map +1 -0
package/dist/seal/wrap.js +213 -0
package/dist/seal/wrap.js.map +1 -0
package/dist/session/dispatcher.d.ts +65 -0
package/dist/session/dispatcher.d.ts.map +1 -0
package/dist/session/dispatcher.js +96 -0
package/dist/session/dispatcher.js.map +1 -0
package/dist/session/index.d.ts +15 -0
package/dist/session/index.d.ts.map +1 -0
package/dist/session/index.js +15 -0
package/dist/session/index.js.map +1 -0
package/dist/session/rekey.d.ts +108 -0
package/dist/session/rekey.d.ts.map +1 -0
package/dist/session/rekey.js +207 -0
package/dist/session/rekey.js.map +1 -0
package/dist/session/rekey_seal.d.ts +66 -0
package/dist/session/rekey_seal.d.ts.map +1 -0
package/dist/session/rekey_seal.js +153 -0
package/dist/session/rekey_seal.js.map +1 -0
package/dist/session/resume.d.ts +125 -0
package/dist/session/resume.d.ts.map +1 -0
package/dist/session/resume.js +263 -0
package/dist/session/resume.js.map +1 -0
package/dist/session/session.d.ts +136 -0
package/dist/session/session.d.ts.map +1 -0
package/dist/session/session.js +188 -0
package/dist/session/session.js.map +1 -0
package/dist/transparency/index.d.ts +13 -0
package/dist/transparency/index.d.ts.map +1 -0
package/dist/transparency/index.js +13 -0
package/dist/transparency/index.js.map +1 -0
package/dist/transparency/log.d.ts +61 -0
package/dist/transparency/log.d.ts.map +1 -0
package/dist/transparency/log.js +133 -0
package/dist/transparency/log.js.map +1 -0
package/dist/transparency/merkle.d.ts +59 -0
package/dist/transparency/merkle.d.ts.map +1 -0
package/dist/transparency/merkle.js +314 -0
package/dist/transparency/merkle.js.map +1 -0
package/dist/transparency/sign.d.ts +48 -0
package/dist/transparency/sign.d.ts.map +1 -0
package/dist/transparency/sign.js +140 -0
package/dist/transparency/sign.js.map +1 -0
package/dist/transparency/types.d.ts +97 -0
package/dist/transparency/types.d.ts.map +1 -0
package/dist/transparency/types.js +25 -0
package/dist/transparency/types.js.map +1 -0
package/dist/transport/h2.d.ts +163 -0
package/dist/transport/h2.d.ts.map +1 -0
package/dist/transport/h2.js +397 -0
package/dist/transport/h2.js.map +1 -0
package/dist/transport/index.d.ts +15 -0
package/dist/transport/index.d.ts.map +1 -0
package/dist/transport/index.js +15 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/memory.d.ts +21 -0
package/dist/transport/memory.d.ts.map +1 -0
package/dist/transport/memory.js +112 -0
package/dist/transport/memory.js.map +1 -0
package/dist/transport/transport.d.ts +54 -0
package/dist/transport/transport.d.ts.map +1 -0
package/dist/transport/transport.js +20 -0
package/dist/transport/transport.js.map +1 -0
package/dist/transport/ws.d.ts +40 -0
package/dist/transport/ws.d.ts.map +1 -0
package/dist/transport/ws.js +204 -0
package/dist/transport/ws.js.map +1 -0
package/package.json +147 -0

package/dist/keys/device_records.js ADDED Viewed

@@ -0,0 +1,418 @@
+/**
+ * Multi-device record primitives per KEY.md §10.1, §10.5, §10.6.
+ *
+ * Three record kinds share an account-identity-key signature on the
+ * outer envelope so a home server or correspondent can verify
+ * "this record was authored by the account's current identity key"
+ * without knowing the device graph in advance:
+ *
+ *   - {@link DeviceRegistration} (`SEMP_DEVICE`, step="register"):
+ *     announces a new device. Carries device pubkey, role, and an
+ *     INNER authorization signature from an existing full-access
+ *     device that authorized the enrollment (§10.2).
+ *   - {@link DeviceRevocation} (`SEMP_DEVICE_REVOCATION`): removes
+ *     a device from the active set per §10.5.
+ *   - {@link DeviceDirectory} (`SEMP_DEVICE_DIRECTORY`): the
+ *     home server's signed list of currently active devices, with
+ *     a monotonically increasing revision so correspondents can
+ *     detect rollback per §10.6.
+ *
+ * The SEMP_DEVICE_CERTIFICATE (scoped delegation) lives in
+ * {@link "./device_certificate"}.
+ *
+ * @module
+ */
+import { sign as ed25519Sign, verify as ed25519Verify } from "./sign.js";
+import { signSignedDoc, verifySignedDoc } from "./signed.js";
+/** Wire-level type discriminators. */
+export const DeviceRegistrationType = "SEMP_DEVICE";
+export const DeviceRegistrationStep = "register";
+export const DeviceRevocationType = "SEMP_DEVICE_REVOCATION";
+export const DeviceDirectoryType = "SEMP_DEVICE_DIRECTORY";
+export const DeviceRecordVersion = "1.0.0";
+/** Domain-separation prefixes per ENVELOPE.md §4.3. */
+export const DeviceRegisterPrefix = "SEMP-DEVICE-REGISTER:";
+export const DeviceAuthorizeRecordPrefix = "SEMP-DEVICE-AUTHORIZE:";
+export const DeviceRevocationPrefix = "SEMP-DEVICE-REVOCATION:";
+export const DeviceDirectoryPrefix = "SEMP-DEVICE-DIRECTORY:";
+/**
+ * Report whether `r` is the kind of revocation that triggers
+ * mandatory identity-key rotation per §10.5.5.
+ */
+export function requiresIdentityRotation(r) {
+    return r === "key_compromise";
+}
+/**
+ * Sign the inner authorization block and place it on
+ * `registration.authorization`. The caller MUST have populated
+ * `registration.device_id`, `device_public_key`, `enrolled_at`
+ * before calling.
+ */
+export function signDeviceAuthorization(input) {
+    const reg = input.registration;
+    if (input.enrollNonce.length === 0) {
+        throw new Error("keys: empty enroll nonce");
+    }
+    if (input.authorizingDeviceId === "") {
+        throw new Error("keys: empty authorizing_device_id");
+    }
+    if (input.authorizingDeviceKeyId === "") {
+        throw new Error("keys: empty authorizing key_id");
+    }
+    if (reg.device_id === "" || reg.device_public_key === "" || reg.enrolled_at === "") {
+        throw new Error("keys: device registration missing device_id / device_public_key / enrolled_at");
+    }
+    const authBytes = authorizationCanonicalBytes(reg.device_id, reg.device_public_key, reg.enrolled_at, input.enrollNonce);
+    const prefixed = concat(new TextEncoder().encode(DeviceAuthorizeRecordPrefix), authBytes);
+    const sig = ed25519Sign(input.authorizingDeviceSeed, prefixed);
+    reg.authorization = {
+        method: input.method,
+        authorizing_device_id: input.authorizingDeviceId,
+        authorizing_signature: {
+            algorithm: "ed25519",
+            key_id: input.authorizingDeviceKeyId,
+            value: base64Encode(sig),
+        },
+    };
+}
+/**
+ * Verify the inner authorizing-device signature on `registration`
+ * using the supplied authorizing-device public key and the SAME
+ * `enrollNonce` that was used at sign time. Returns true on success.
+ */
+export function verifyDeviceAuthorization(registration, authorizingDevicePub, enrollNonce) {
+    const sigB64 = registration.authorization?.authorizing_signature?.value;
+    if (typeof sigB64 !== "string" || sigB64 === "") {
+        return false;
+    }
+    let sig;
+    try {
+        sig = base64Decode(sigB64);
+    }
+    catch {
+        return false;
+    }
+    const authBytes = authorizationCanonicalBytes(registration.device_id, registration.device_public_key, registration.enrolled_at, enrollNonce);
+    const prefixed = concat(new TextEncoder().encode(DeviceAuthorizeRecordPrefix), authBytes);
+    return ed25519Verify(authorizingDevicePub, sig, prefixed);
+}
+function authorizationCanonicalBytes(deviceId, devicePublicKey, enrolledAt, enrollNonce) {
+    // Per semp-go: NUL-separated concatenation. Boundaries are
+    // unambiguous because none of the three string components can
+    // contain a NUL byte under SEMP rules.
+    const parts = [
+        new TextEncoder().encode(deviceId),
+        new Uint8Array([0]),
+        new TextEncoder().encode(devicePublicKey),
+        new Uint8Array([0]),
+        new TextEncoder().encode(enrolledAt),
+        new Uint8Array([0]),
+        enrollNonce,
+    ];
+    let total = 0;
+    for (const p of parts) {
+        total += p.length;
+    }
+    const out = new Uint8Array(total);
+    let off = 0;
+    for (const p of parts) {
+        out.set(p, off);
+        off += p.length;
+    }
+    return out;
+}
+// ---------------------------------------------------------------------------
+// Outer registration signature (canonical JSON)
+/** Sign the outer identity-key signature on a registration record. */
+export function signDeviceRegistration(reg, identityPriv, identityKeyId) {
+    if (identityKeyId === "") {
+        throw new Error("keys: empty identity key_id");
+    }
+    validateDeviceRegistration(reg, { skipSignatureCheck: true });
+    reg.signature.algorithm = "ed25519";
+    reg.signature.key_id = identityKeyId;
+    reg.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: reg,
+        seed: identityPriv,
+        signaturePath: "signature.value",
+        prefix: DeviceRegisterPrefix,
+    });
+    reg.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify the outer identity-key signature on a registration record. */
+export function verifyDeviceRegistration(reg, identityPub) {
+    validateDeviceRegistration(reg);
+    if (reg.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: reg,
+        publicKey: identityPub,
+        signaturePath: "signature.value",
+        prefix: DeviceRegisterPrefix,
+    });
+    return ok;
+}
+/** Structural validation per §10.1. Throws on first violation. */
+export function validateDeviceRegistration(reg, opts = {}) {
+    if (reg.type !== DeviceRegistrationType) {
+        throw new Error(`keys: device registration type ${JSON.stringify(reg.type)}, want ${DeviceRegistrationType}`);
+    }
+    if (reg.step !== DeviceRegistrationStep) {
+        throw new Error(`keys: device registration step ${JSON.stringify(reg.step)}, want ${DeviceRegistrationStep}`);
+    }
+    for (const f of [
+        "version",
+        "user_id",
+        "device_id",
+        "device_name",
+        "device_type",
+        "device_public_key",
+        "device_identity_pubkey_algorithm",
+        "enrolled_at",
+    ]) {
+        if (typeof reg[f] !== "string" || reg[f] === "") {
+            throw new Error(`keys: device registration missing ${f}`);
+        }
+    }
+    if (Number.isNaN(Date.parse(reg.enrolled_at))) {
+        throw new Error("keys: device registration enrolled_at is not ISO 8601");
+    }
+    if (reg.role !== "full_access" && reg.role !== "delegated") {
+        throw new Error(`keys: device registration role ${JSON.stringify(reg.role)} is invalid`);
+    }
+    if (reg.role === "full_access" && reg.certificate_id !== null) {
+        throw new Error("keys: device registration role=full_access requires certificate_id=null");
+    }
+    if (reg.role === "delegated") {
+        if (reg.certificate_id === null || reg.certificate_id === "") {
+            throw new Error("keys: device registration role=delegated requires non-empty certificate_id");
+        }
+    }
+    if (reg.authorization === undefined || reg.authorization === null) {
+        throw new Error("keys: device registration missing authorization");
+    }
+    if (reg.authorization.method !== "qr_scan" &&
+        reg.authorization.method !== "numeric_code") {
+        throw new Error(`keys: device registration authorization.method ${JSON.stringify(reg.authorization.method)} is invalid`);
+    }
+    if (typeof reg.authorization.authorizing_device_id !== "string" ||
+        reg.authorization.authorizing_device_id === "") {
+        throw new Error("keys: device registration missing authorization.authorizing_device_id");
+    }
+    if (typeof reg.authorization.authorizing_signature?.value !== "string") {
+        throw new Error("keys: device registration missing authorization.authorizing_signature.value");
+    }
+    if (typeof reg.signature?.algorithm !== "string") {
+        throw new Error("keys: device registration missing signature.algorithm");
+    }
+    if (typeof reg.signature?.key_id !== "string") {
+        throw new Error("keys: device registration missing signature.key_id");
+    }
+    if (typeof reg.signature?.value !== "string") {
+        throw new Error("keys: device registration signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && reg.signature.value === "") {
+        throw new Error("keys: device registration is unsigned");
+    }
+}
+// ---------------------------------------------------------------------------
+// DeviceRevocation
+/** Sign the identity-key signature on a device revocation record. */
+export function signDeviceRevocation(rev, identityPriv, identityKeyId) {
+    if (identityKeyId === "") {
+        throw new Error("keys: empty identity key_id");
+    }
+    validateDeviceRevocation(rev, { skipSignatureCheck: true });
+    rev.signature.algorithm = "ed25519";
+    rev.signature.key_id = identityKeyId;
+    rev.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: rev,
+        seed: identityPriv,
+        signaturePath: "signature.value",
+        prefix: DeviceRevocationPrefix,
+    });
+    rev.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify a device revocation record. */
+export function verifyDeviceRevocation(rev, identityPub) {
+    validateDeviceRevocation(rev);
+    if (rev.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: rev,
+        publicKey: identityPub,
+        signaturePath: "signature.value",
+        prefix: DeviceRevocationPrefix,
+    });
+    return ok;
+}
+/** Structural validation per §10.5.1. Throws on first violation. */
+export function validateDeviceRevocation(rev, opts = {}) {
+    if (rev.type !== DeviceRevocationType) {
+        throw new Error(`keys: device revocation type ${JSON.stringify(rev.type)}, want ${DeviceRevocationType}`);
+    }
+    for (const f of ["version", "user_id", "device_id", "revoked_at", "revoked_by_device_id"]) {
+        if (typeof rev[f] !== "string" || rev[f] === "") {
+            throw new Error(`keys: device revocation missing ${f}`);
+        }
+    }
+    if (Number.isNaN(Date.parse(rev.revoked_at))) {
+        throw new Error("keys: device revocation revoked_at is not ISO 8601");
+    }
+    if (rev.reason !== "key_compromise" &&
+        rev.reason !== "lost" &&
+        rev.reason !== "retired" &&
+        rev.reason !== "superseded") {
+        throw new Error(`keys: device revocation reason ${JSON.stringify(rev.reason)} is invalid`);
+    }
+    if (rev.reason === "superseded") {
+        if (rev.replacement_device_id === null || rev.replacement_device_id === "") {
+            throw new Error("keys: device revocation reason=superseded requires replacement_device_id");
+        }
+    }
+    else if (rev.replacement_device_id !== null) {
+        throw new Error(`keys: device revocation reason=${rev.reason} forbids replacement_device_id`);
+    }
+    if (typeof rev.signature?.value !== "string") {
+        throw new Error("keys: device revocation signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && rev.signature.value === "") {
+        throw new Error("keys: device revocation is unsigned");
+    }
+}
+// ---------------------------------------------------------------------------
+// DeviceDirectory
+/** Sign the identity-key signature on a device directory record. */
+export function signDeviceDirectory(dir, identityPriv, identityKeyId) {
+    if (identityKeyId === "") {
+        throw new Error("keys: empty identity key_id");
+    }
+    validateDeviceDirectory(dir, { skipSignatureCheck: true });
+    dir.signature.algorithm = "ed25519";
+    dir.signature.key_id = identityKeyId;
+    dir.signature.value = "";
+    const { signedJSON, signatureB64 } = signSignedDoc({
+        preSignJSON: dir,
+        seed: identityPriv,
+        signaturePath: "signature.value",
+        prefix: DeviceDirectoryPrefix,
+    });
+    dir.signature.value = signedJSON.signature.value;
+    return signatureB64;
+}
+/** Verify a device directory record. */
+export function verifyDeviceDirectory(dir, identityPub) {
+    validateDeviceDirectory(dir);
+    if (dir.signature.value === "") {
+        return false;
+    }
+    const { ok } = verifySignedDoc({
+        signedJSON: dir,
+        publicKey: identityPub,
+        signaturePath: "signature.value",
+        prefix: DeviceDirectoryPrefix,
+    });
+    return ok;
+}
+/** Structural validation per §10.6.1. Throws on first violation. */
+export function validateDeviceDirectory(dir, opts = {}) {
+    if (dir.type !== DeviceDirectoryType) {
+        throw new Error(`keys: device directory type ${JSON.stringify(dir.type)}, want ${DeviceDirectoryType}`);
+    }
+    for (const f of ["version", "user_id", "issued_at"]) {
+        if (typeof dir[f] !== "string" || dir[f] === "") {
+            throw new Error(`keys: device directory missing ${f}`);
+        }
+    }
+    if (!Number.isInteger(dir.revision) || dir.revision < 0) {
+        throw new Error(`keys: device directory revision ${dir.revision} MUST be >= 0`);
+    }
+    if (Number.isNaN(Date.parse(dir.issued_at))) {
+        throw new Error("keys: device directory issued_at is not ISO 8601");
+    }
+    if (!Array.isArray(dir.devices)) {
+        throw new Error("keys: device directory devices must be an array");
+    }
+    const seenIds = new Set();
+    for (let i = 0; i < dir.devices.length; i++) {
+        const d = dir.devices[i];
+        for (const f of [
+            "device_id",
+            "device_public_key",
+            "device_identity_pubkey_algorithm",
+            "enrolled_at",
+            "device_name",
+            "device_type",
+        ]) {
+            if (typeof d[f] !== "string" || d[f] === "") {
+                throw new Error(`keys: device directory devices[${i}] missing ${f}`);
+            }
+        }
+        if (seenIds.has(d.device_id)) {
+            throw new Error(`keys: device directory device_id ${JSON.stringify(d.device_id)} appears more than once`);
+        }
+        seenIds.add(d.device_id);
+        if (d.role !== "full_access" && d.role !== "delegated") {
+            throw new Error(`keys: device directory devices[${i}] role ${JSON.stringify(d.role)} is invalid`);
+        }
+        if (d.role === "full_access" && d.certificate_id !== null) {
+            throw new Error(`keys: device directory devices[${i}] role=full_access requires certificate_id=null`);
+        }
+        if (d.role === "delegated") {
+            if (d.certificate_id === null || d.certificate_id === "") {
+                throw new Error(`keys: device directory devices[${i}] role=delegated requires non-empty certificate_id`);
+            }
+        }
+    }
+    if (typeof dir.signature?.value !== "string") {
+        throw new Error("keys: device directory signature.value must be a string");
+    }
+    if (!opts.skipSignatureCheck && dir.signature.value === "") {
+        throw new Error("keys: device directory is unsigned");
+    }
+}
+/** Look up a device entry by id. Returns null when not found. */
+export function findDevice(dir, deviceId) {
+    for (const d of dir.devices) {
+        if (d.device_id === deviceId) {
+            return d;
+        }
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Helpers
+function concat(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+function base64Encode(b) {
+    if (typeof Buffer !== "undefined") {
+        return Buffer.from(b).toString("base64");
+    }
+    let bin = "";
+    for (let i = 0; i < b.length; i++) {
+        bin += String.fromCharCode(b[i] ?? 0);
+    }
+    return btoa(bin);
+}
+function base64Decode(s) {
+    if (typeof Buffer !== "undefined") {
+        return new Uint8Array(Buffer.from(s, "base64"));
+    }
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+//# sourceMappingURL=device_records.js.map

package/dist/keys/device_records.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"device_records.js","sourceRoot":"","sources":["../../src/keys/device_records.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,IAAI,IAAI,WAAW,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,WAAW,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D,sCAAsC;AACtC,MAAM,CAAC,MAAM,sBAAsB,GAAG,aAAa,CAAC;AACpD,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AACjD,MAAM,CAAC,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;AAC7D,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAC3D,MAAM,CAAC,MAAM,mBAAmB,GAAG,OAAO,CAAC;AAE3C,uDAAuD;AACvD,MAAM,CAAC,MAAM,oBAAoB,GAAG,uBAAuB,CAAC;AAC5D,MAAM,CAAC,MAAM,2BAA2B,GAAG,wBAAwB,CAAC;AACpE,MAAM,CAAC,MAAM,sBAAsB,GAAG,yBAAyB,CAAC;AAChE,MAAM,CAAC,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAe9D;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,CAAyB;IAChE,OAAO,CAAC,KAAK,gBAAgB,CAAC;AAChC,CAAC;AAqGD;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,KAAmC;IAEnC,MAAM,GAAG,GAAG,KAAK,CAAC,YAAY,CAAC;IAC/B,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,CAAC,mBAAmB,KAAK,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,KAAK,CAAC,sBAAsB,KAAK,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,GAAG,CAAC,SAAS,KAAK,EAAE,IAAI,GAAG,CAAC,iBAAiB,KAAK,EAAE,IAAI,GAAG,CAAC,WAAW,KAAK,EAAE,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,2BAA2B,CAC3C,GAAG,CAAC,SAAS,EACb,GAAG,CAAC,iBAAiB,EACrB,GAAG,CAAC,WAAW,EACf,KAAK,CAAC,WAAW,CAClB,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,CACrB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,2BAA2B,CAAC,EACrD,SAAS,CACV,CAAC;IACF,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;IAC/D,GAAG,CAAC,aAAa,GAAG;QAClB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,qBAAqB,EAAE,KAAK,CAAC,mBAAmB;QAChD,qBAAqB,EAAE;YACrB,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,KAAK,CAAC,sBAAsB;YACpC,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC;SACzB;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CACvC,YAAgC,EAChC,oBAAgC,EAChC,WAAuB;IAEvB,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,EAAE,qBAAqB,EAAE,KAAK,CAAC;IACxE,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,EAAE,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAe,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,SAAS,GAAG,2BAA2B,CAC3C,YAAY,CAAC,SAAS,EACtB,YAAY,CAAC,iBAAiB,EAC9B,YAAY,CAAC,WAAW,EACxB,WAAW,CACZ,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,CACrB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,2BAA2B,CAAC,EACrD,SAAS,CACV,CAAC;IACF,OAAO,aAAa,CAAC,oBAAoB,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,2BAA2B,CAClC,QAAgB,EAChB,eAAuB,EACvB,UAAkB,EAClB,WAAuB;IAEvB,2DAA2D;IAC3D,8DAA8D;IAC9D,uCAAuC;IACvC,MAAM,KAAK,GAAiB;QAC1B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;QAClC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC;QACzC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,WAAW;KACZ,CAAC;IACF,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IACpB,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChB,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,gDAAgD;AAEhD,sEAAsE;AACtE,MAAM,UAAU,sBAAsB,CACpC,GAAuB,EACvB,YAAwB,EACxB,aAAqB;IAErB,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,0BAA0B,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9D,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;IACrC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,GAAyC;QACtD,IAAI,EAAE,YAAY;QAClB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,oBAAoB;KAC7B,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACxE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,wBAAwB,CACtC,GAAuB,EACvB,WAAuB;IAEvB,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,GAAyC;QACrD,SAAS,EAAE,WAAW;QACtB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,oBAAoB;KAC7B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,0BAA0B,CACxC,GAAuB,EACvB,OAAyC,EAAE;IAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,sBAAsB,EAAE,CAC7F,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,sBAAsB,EAAE,CAC7F,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI;QACd,SAAS;QACT,SAAS;QACT,WAAW;QACX,aAAa;QACb,aAAa;QACb,mBAAmB;QACnB,kCAAkC;QAClC,aAAa;KACL,EAAE,CAAC;QACX,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CACxE,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,aAAa,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAC7F,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,cAAc,KAAK,IAAI,IAAI,GAAG,CAAC,cAAc,KAAK,EAAE,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,4EAA4E,CAC7E,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,GAAG,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,IACE,GAAG,CAAC,aAAa,CAAC,MAAM,KAAK,SAAS;QACtC,GAAG,CAAC,aAAa,CAAC,MAAM,KAAK,cAAc,EAC3C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,kDAAkD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,CAAC,aAAa,CACxG,CAAC;IACJ,CAAC;IACD,IACE,OAAO,GAAG,CAAC,aAAa,CAAC,qBAAqB,KAAK,QAAQ;QAC3D,GAAG,CAAC,aAAa,CAAC,qBAAqB,KAAK,EAAE,EAC9C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;IAC3F,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;IACjG,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AAEnB,qEAAqE;AACrE,MAAM,UAAU,oBAAoB,CAClC,GAAqB,EACrB,YAAwB,EACxB,aAAqB;IAErB,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,wBAAwB,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;IACrC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,GAAyC;QACtD,IAAI,EAAE,YAAY;QAClB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,sBAAsB;KAC/B,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACxE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,yCAAyC;AACzC,MAAM,UAAU,sBAAsB,CACpC,GAAqB,EACrB,WAAuB;IAEvB,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,GAAyC;QACrD,SAAS,EAAE,WAAW;QACtB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,sBAAsB;KAC/B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,wBAAwB,CACtC,GAAqB,EACrB,OAAyC,EAAE;IAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,gCAAgC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,oBAAoB,EAAE,CACzF,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,EAAE,sBAAsB,CAAU,EAAE,CAAC;QACnG,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IACD,IACE,GAAG,CAAC,MAAM,KAAK,gBAAgB;QAC/B,GAAG,CAAC,MAAM,KAAK,MAAM;QACrB,GAAG,CAAC,MAAM,KAAK,SAAS;QACxB,GAAG,CAAC,MAAM,KAAK,YAAY,EAC3B,CAAC;QACD,MAAM,IAAI,KAAK,CACb,kCAAkC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAC1E,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,qBAAqB,KAAK,IAAI,IAAI,GAAG,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,qBAAqB,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,kCAAkC,GAAG,CAAC,MAAM,gCAAgC,CAC7E,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAElB,oEAAoE;AACpE,MAAM,UAAU,mBAAmB,CACjC,GAAoB,EACpB,YAAwB,EACxB,aAAqB;IAErB,IAAI,aAAa,KAAK,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,uBAAuB,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,SAAS,CAAC;IACpC,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC;IACrC,GAAG,CAAC,SAAS,CAAC,KAAK,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;QACjD,WAAW,EAAE,GAAyC;QACtD,IAAI,EAAE,YAAY;QAClB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,qBAAqB;KAC9B,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,CAAC,KAAK,GAAI,UAAU,CAAC,SAA+B,CAAC,KAAK,CAAC;IACxE,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,qBAAqB,CACnC,GAAoB,EACpB,WAAuB;IAEvB,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,GAAG,eAAe,CAAC;QAC7B,UAAU,EAAE,GAAyC;QACrD,SAAS,EAAE,WAAW;QACtB,aAAa,EAAE,iBAAiB;QAChC,MAAM,EAAE,qBAAqB;KAC9B,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,uBAAuB,CACrC,GAAoB,EACpB,OAAyC,EAAE;IAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,+BAA+B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,mBAAmB,EAAE,CACvF,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,WAAW,CAAU,EAAE,CAAC;QAC7D,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,CAAC,QAAQ,eAAe,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI;YACd,WAAW;YACX,mBAAmB;YACnB,kCAAkC;YAClC,aAAa;YACb,aAAa;YACb,aAAa;SACL,EAAE,CAAC;YACX,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,oCAAoC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,yBAAyB,CACzF,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACzB,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,kCAAkC,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CACjF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,IAAI,CAAC,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CACb,kCAAkC,CAAC,iDAAiD,CACrF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,cAAc,KAAK,IAAI,IAAI,CAAC,CAAC,cAAc,KAAK,EAAE,EAAE,CAAC;gBACzD,MAAM,IAAI,KAAK,CACb,kCAAkC,CAAC,oDAAoD,CACxF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,EAAE,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,kBAAkB,IAAI,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,UAAU,CACxB,GAAoB,EACpB,QAAgB;IAEhB,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,UAAU;AAEV,SAAS,MAAM,CAAC,CAAa,EAAE,CAAa;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,CAAa;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/keys/directory_cache.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+/**
+ * Consumer-side device directory cache per KEY.md §10.6.2 / §10.6.3.
+ *
+ * A consumer that fetches a {@link DeviceDirectory} for `user_id` MUST
+ * record the highest `revision` it has accepted. Any later fetch
+ * whose `revision` is strictly less than the cached value MUST be
+ * treated with the same suspicion as a key-substitution attempt
+ * (rollback).
+ *
+ * @module
+ */
+import { type DeviceDirectory } from "./device_records.js";
+/**
+ * Optional callback invoked on each `delegated` directory entry to
+ * confirm the entry's scoped certificate is published and unexpired
+ * per §10.6.3 / §10.3.8. May be `undefined`; passing nothing disables
+ * the check.
+ */
+export type CertificateCheck = (certificateId: string) => void;
+/** A typed error subclass for rollback detection failures. */
+export declare class DirectoryRollbackError extends Error {
+    readonly userId: string;
+    readonly fetchedRevision: number;
+    readonly cachedRevision: number;
+    readonly name = "DirectoryRollbackError";
+    constructor(userId: string, fetchedRevision: number, cachedRevision: number);
+}
+/**
+ * Per-user highest accepted revision tracker. Concurrent verifiers
+ * see each other's updates because every mutation goes through the
+ * same Map.
+ */
+export declare class DirectoryCache {
+    private highest;
+    /**
+     * Run every §10.6.3 consumer rule against `dir` and, on success,
+     * advance the cached revision for `dir.user_id`. Throws on the
+     * first violation; returns nothing on success.
+     *
+     * Steps run in order so the most-fundamental failures surface
+     * first:
+     *
+     *  1. Schema validation (every device_id unique, every entry's
+     *     role/certificate_id consistent, revision >= 0).
+     *  2. Identity-key signature verification under `userIdentityPub`.
+     *  3. Rollback check against the cached highest revision.
+     *  4. Optional certificate-presence callback per delegated entry.
+     *
+     * @param dir - directory to verify
+     * @param userIdentityPub - account's currently active identity public key
+     * @param certCheck - per-delegated-entry certificate presence check; optional
+     */
+    verifyAndCache(dir: DeviceDirectory, userIdentityPub: Uint8Array, certCheck?: CertificateCheck): void;
+    /** Highest accepted revision for `userId`, or 0 if none cached. */
+    highestRevision(userId: string): number;
+    /**
+     * Forget the cached revision for `userId`. Intended for tests and
+     * operator-driven manual overrides; production consumers MUST NOT
+     * reset cached revisions absent strong evidence the prior cache
+     * was poisoned.
+     */
+    reset(userId: string): void;
+}
+//# sourceMappingURL=directory_cache.d.ts.map

package/dist/keys/directory_cache.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"directory_cache.d.ts","sourceRoot":"","sources":["../../src/keys/directory_cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,KAAK,eAAe,EAGrB,MAAM,qBAAqB,CAAC;AAE7B;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,aAAa,EAAE,MAAM,KAAK,IAAI,CAAC;AAE/D,8DAA8D;AAC9D,qBAAa,sBAAuB,SAAQ,KAAK;aAG7B,MAAM,EAAE,MAAM;aACd,eAAe,EAAE,MAAM;aACvB,cAAc,EAAE,MAAM;IAJxC,SAAkB,IAAI,4BAA4B;gBAEhC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,MAAM,EACvB,cAAc,EAAE,MAAM;CAMzC;AAED;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAA6B;IAE5C;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CACZ,GAAG,EAAE,eAAe,EACpB,eAAe,EAAE,UAAU,EAC3B,SAAS,CAAC,EAAE,gBAAgB,GAC3B,IAAI;IAqCP,mEAAmE;IACnE,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAIvC;;;;;OAKG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;CAG5B"}

package/dist/keys/directory_cache.js ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Consumer-side device directory cache per KEY.md §10.6.2 / §10.6.3.
+ *
+ * A consumer that fetches a {@link DeviceDirectory} for `user_id` MUST
+ * record the highest `revision` it has accepted. Any later fetch
+ * whose `revision` is strictly less than the cached value MUST be
+ * treated with the same suspicion as a key-substitution attempt
+ * (rollback).
+ *
+ * @module
+ */
+import { validateDeviceDirectory, verifyDeviceDirectory, } from "./device_records.js";
+/** A typed error subclass for rollback detection failures. */
+export class DirectoryRollbackError extends Error {
+    userId;
+    fetchedRevision;
+    cachedRevision;
+    name = "DirectoryRollbackError";
+    constructor(userId, fetchedRevision, cachedRevision) {
+        super(`keys: directory revision ${fetchedRevision} for ${userId} is less than cached revision ${cachedRevision} (rollback suspected per KEY.md §10.6.2)`);
+        this.userId = userId;
+        this.fetchedRevision = fetchedRevision;
+        this.cachedRevision = cachedRevision;
+    }
+}
+/**
+ * Per-user highest accepted revision tracker. Concurrent verifiers
+ * see each other's updates because every mutation goes through the
+ * same Map.
+ */
+export class DirectoryCache {
+    highest = new Map();
+    /**
+     * Run every §10.6.3 consumer rule against `dir` and, on success,
+     * advance the cached revision for `dir.user_id`. Throws on the
+     * first violation; returns nothing on success.
+     *
+     * Steps run in order so the most-fundamental failures surface
+     * first:
+     *
+     *  1. Schema validation (every device_id unique, every entry's
+     *     role/certificate_id consistent, revision >= 0).
+     *  2. Identity-key signature verification under `userIdentityPub`.
+     *  3. Rollback check against the cached highest revision.
+     *  4. Optional certificate-presence callback per delegated entry.
+     *
+     * @param dir - directory to verify
+     * @param userIdentityPub - account's currently active identity public key
+     * @param certCheck - per-delegated-entry certificate presence check; optional
+     */
+    verifyAndCache(dir, userIdentityPub, certCheck) {
+        if (dir === undefined || dir === null) {
+            throw new Error("keys: directory cache verify nil directory");
+        }
+        validateDeviceDirectory(dir);
+        if (userIdentityPub.length === 0) {
+            throw new Error("keys: directory cache verify missing identity public key");
+        }
+        if (!verifyDeviceDirectory(dir, userIdentityPub)) {
+            throw new Error("keys: device directory signature did not verify");
+        }
+        const cached = this.highest.get(dir.user_id);
+        if (cached !== undefined && dir.revision < cached) {
+            throw new DirectoryRollbackError(dir.user_id, dir.revision, cached);
+        }
+        if (certCheck !== undefined) {
+            for (const entry of dir.devices) {
+                if (entry.role !== "delegated") {
+                    continue;
+                }
+                if (entry.certificate_id === null) {
+                    continue;
+                }
+                try {
+                    certCheck(entry.certificate_id);
+                }
+                catch (err) {
+                    throw new Error(`keys: directory delegated entry ${entry.device_id}: ${err instanceof Error ? err.message : String(err)}`);
+                }
+            }
+        }
+        this.highest.set(dir.user_id, dir.revision);
+    }
+    /** Highest accepted revision for `userId`, or 0 if none cached. */
+    highestRevision(userId) {
+        return this.highest.get(userId) ?? 0;
+    }
+    /**
+     * Forget the cached revision for `userId`. Intended for tests and
+     * operator-driven manual overrides; production consumers MUST NOT
+     * reset cached revisions absent strong evidence the prior cache
+     * was poisoned.
+     */
+    reset(userId) {
+        this.highest.delete(userId);
+    }
+}
+//# sourceMappingURL=directory_cache.js.map

package/dist/keys/directory_cache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"directory_cache.js","sourceRoot":"","sources":["../../src/keys/directory_cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAEL,uBAAuB,EACvB,qBAAqB,GACtB,MAAM,qBAAqB,CAAC;AAU7B,8DAA8D;AAC9D,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAG7B;IACA;IACA;IAJA,IAAI,GAAG,wBAAwB,CAAC;IAClD,YACkB,MAAc,EACd,eAAuB,EACvB,cAAsB;QAEtC,KAAK,CACH,4BAA4B,eAAe,QAAQ,MAAM,iCAAiC,cAAc,0CAA0C,CACnJ,CAAC;QANc,WAAM,GAAN,MAAM,CAAQ;QACd,oBAAe,GAAf,eAAe,CAAQ;QACvB,mBAAc,GAAd,cAAc,CAAQ;IAKxC,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACjB,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C;;;;;;;;;;;;;;;;;OAiBG;IACH,cAAc,CACZ,GAAoB,EACpB,eAA2B,EAC3B,SAA4B;QAE5B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,eAAe,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,MAAM,KAAK,SAAS,IAAI,GAAG,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAsB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtE,CAAC;QACD,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBAC/B,SAAS;gBACX,CAAC;gBACD,IAAI,KAAK,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;oBAClC,SAAS;gBACX,CAAC;gBACD,IAAI,CAAC;oBACH,SAAS,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;gBAClC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,IAAI,KAAK,CACb,mCAAmC,KAAK,CAAC,SAAS,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC1G,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,mEAAmE;IACnE,eAAe,CAAC,MAAc;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,MAAc;QAClB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;CACF"}