@sempdev/semp 0.5.2 → 0.5.6

package/dist/envelope/buckets.js

@@ -20,7 +20,7 @@ export const DefaultMaxEnvelopeSize = 25 * 1024 * 1024;
  * Select the size bucket for an unpadded envelope of the given byte
  * size per the default power-of-two curve (4096, 8192, 16384, ...).
  *
- * Throws on negative input or input that exceeds the ceiling — over-
+ * Throws on negative input or input that exceeds the ceiling - over-
  * limit envelopes MUST be recomposed; padding is not a remedy for
  * over-limit content.
  */
@@ -51,7 +51,7 @@ export function selectSizeBucket(unpaddedSize, maxEnvelopeSize) {
  * in which case the floor relaxes to 1 (a single-domain non-group
  * send reveals only the obvious cardinality and gains no
  * obfuscation from padding to 2). Real counts above 1024 force
- * recomposition into multiple envelopes — the runner returns a
+ * recomposition into multiple envelopes - the runner returns a
  * sentinel of -1 in that case so callers can detect it.
  */
 export function selectRecipientCountBucket(realRecipients, singleDomainNotGroup) {

package/dist/envelope/compose.d.ts

@@ -130,7 +130,7 @@ export interface Envelope {
  */
 export declare function compose(input: ComposeInput): Envelope;
 /**
- * Compute the §4.3 canonical envelope bytes — signature and
+ * Compute the §4.3 canonical envelope bytes - signature and
  * session_mac blanked, hop_count and padding omitted.
  */
 export declare function canonicalEnvelopeFor(envelope: unknown): Uint8Array;
@@ -162,7 +162,7 @@ export interface OpenedEnvelope {
  * returns the parsed plaintexts. Throws if the recipient slot is
  * absent or the AEAD tag does not verify.
  *
- * Does NOT verify seal.signature or seal.session_mac — those are
+ * Does NOT verify seal.signature or seal.session_mac - those are
  * the routing-server / receiving-server checks per §7.2 and live
  * on the server side. {@link verifySealSignature} and
  * {@link verifySessionMAC} are the corresponding verifier helpers.

package/dist/envelope/compose.js

@@ -89,10 +89,10 @@ export function compose(input) {
     //
     // Wire-shape rules:
     //   postmark.extensions and seal.extensions DEFAULT to {} when
-    //     the caller doesn't pass them — these slots are always
+    //     the caller doesn't pass them - these slots are always
     //     present on the wire (some routers depend on the keys
     //     existing as a marker even when empty).
-    //   Top-level extensions DEFAULTS to absent — the spec treats
+    //   Top-level extensions DEFAULTS to absent - the spec treats
     //     it as truly optional.
     const postmark = {
         ...input.postmark,
@@ -131,7 +131,7 @@ export function compose(input) {
     return env;
 }
 /**
- * Compute the §4.3 canonical envelope bytes — signature and
+ * Compute the §4.3 canonical envelope bytes - signature and
  * session_mac blanked, hop_count and padding omitted.
  */
 export function canonicalEnvelopeFor(envelope) {
@@ -161,7 +161,7 @@ export function canonicalEnvelopeFor(envelope) {
  * returns the parsed plaintexts. Throws if the recipient slot is
  * absent or the AEAD tag does not verify.
  *
- * Does NOT verify seal.signature or seal.session_mac — those are
+ * Does NOT verify seal.signature or seal.session_mac - those are
  * the routing-server / receiving-server checks per §7.2 and live
  * on the server side. {@link verifySealSignature} and
  * {@link verifySessionMAC} are the corresponding verifier helpers.

package/dist/envelope/encode.d.ts

@@ -6,7 +6,7 @@
  * (`Content-Type: application/semp-envelope`) and for storage as a
  * `.semp` file.
  *
- * `encodeEnvelope` does NOT produce the canonical form — use
+ * `encodeEnvelope` does NOT produce the canonical form - use
  * {@link "./canonical".canonicalEnvelopeBytes} for the byte stream
  * consumed by signature and MAC computation.
  *
@@ -19,7 +19,7 @@ export declare const EnvelopeMIMEType = "application/semp-envelope";
 export declare const EnvelopeFileExtension = ".semp";
 /**
  * Wire JSON serialization of `env`. UTF-8, no BOM, no trailing
- * newline — the byte sequence is suitable for transport bodies and
+ * newline - the byte sequence is suitable for transport bodies and
  * for direct `.semp` file content.
  */
 export declare function encodeEnvelope(env: Envelope): Uint8Array;

package/dist/envelope/encode.js

@@ -6,7 +6,7 @@
  * (`Content-Type: application/semp-envelope`) and for storage as a
  * `.semp` file.
  *
- * `encodeEnvelope` does NOT produce the canonical form — use
+ * `encodeEnvelope` does NOT produce the canonical form - use
  * {@link "./canonical".canonicalEnvelopeBytes} for the byte stream
  * consumed by signature and MAC computation.
  *
@@ -18,11 +18,11 @@ export const EnvelopeMIMEType = "application/semp-envelope";
 export const EnvelopeFileExtension = ".semp";
 /**
  * Wire JSON serialization of `env`. UTF-8, no BOM, no trailing
- * newline — the byte sequence is suitable for transport bodies and
+ * newline - the byte sequence is suitable for transport bodies and
  * for direct `.semp` file content.
  */
 export function encodeEnvelope(env) {
-    // Plain JSON — NOT canonical. Used for transport, not signing.
+    // Plain JSON - NOT canonical. Used for transport, not signing.
     return new TextEncoder().encode(JSON.stringify(env));
 }
 /**

package/dist/envelope/open_verified.d.ts

@@ -10,7 +10,7 @@
  *   3. Walk the supplied recipient candidates and open the brief +
  *      enclosure for the first matching device key.
  *
- * `openAndVerify` does NOT run `seal.session_mac` — that is the
+ * `openAndVerify` does NOT run `seal.session_mac` - that is the
  * routing-server / receiving-server check between adjacent SEMP
  * peers; the recipient client uses {@link "./verify".verifySessionMAC}
  * separately when it has access to the K_env_mac.

package/dist/envelope/open_verified.js

@@ -10,7 +10,7 @@
  *   3. Walk the supplied recipient candidates and open the brief +
  *      enclosure for the first matching device key.
  *
- * `openAndVerify` does NOT run `seal.session_mac` — that is the
+ * `openAndVerify` does NOT run `seal.session_mac` - that is the
  * routing-server / receiving-server check between adjacent SEMP
  * peers; the recipient client uses {@link "./verify".verifySessionMAC}
  * separately when it has access to the K_env_mac.

package/dist/envelope/padding.d.ts

@@ -35,7 +35,7 @@ export interface PadConfig {
 /**
  * Populate `env.padding` so that `JSON.stringify(env)` lands on
  * exactly the size of the chosen bucket. Safe to call before OR
- * after `compose` populates `seal.signature` / `seal.session_mac` —
+ * after `compose` populates `seal.signature` / `seal.session_mac` -
  * if either is empty, fillPadding temporarily substitutes a
  * fixed-length placeholder for measurement so the post-sign size
  * is correct either way.
@@ -47,7 +47,7 @@ export declare function fillPadding(env: Envelope, cfg?: PadConfig): number;
 /**
  * Build a string of exactly `targetLen` base64-alphabet characters,
  * drawn from a CSPRNG. The bulk is a base64 encoding of CSPRNG
- * bytes; the final 1–3 characters (when targetLen is not reachable
+ * bytes; the final 1-3 characters (when targetLen is not reachable
  * by `btoa` 4-character chunks) are CSPRNG-seeded alphabet
  * characters appended for length alignment per §2.4.2.
  */

package/dist/envelope/padding.js

@@ -28,7 +28,7 @@ const Base64AlphabetFillers = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvw
 /**
  * Populate `env.padding` so that `JSON.stringify(env)` lands on
  * exactly the size of the chosen bucket. Safe to call before OR
- * after `compose` populates `seal.signature` / `seal.session_mac` —
+ * after `compose` populates `seal.signature` / `seal.session_mac` -
  * if either is empty, fillPadding temporarily substitutes a
  * fixed-length placeholder for measurement so the post-sign size
  * is correct either way.
@@ -83,7 +83,7 @@ export function fillPadding(env, cfg = {}) {
 /**
  * Build a string of exactly `targetLen` base64-alphabet characters,
  * drawn from a CSPRNG. The bulk is a base64 encoding of CSPRNG
- * bytes; the final 1–3 characters (when targetLen is not reachable
+ * bytes; the final 1-3 characters (when targetLen is not reachable
  * by `btoa` 4-character chunks) are CSPRNG-seeded alphabet
  * characters appended for length alignment per §2.4.2.
  */
@@ -96,7 +96,7 @@ export function buildPaddingValue(targetLen, rand = defaultRand) {
     }
     // base64 emits 4 chars per 3 input bytes. Pick the largest
     // multiple of 4 ≤ targetLen as the base64-encoded portion; the
-    // remainder (0–3 chars) is filled from the alphabet pool.
+    // remainder (0-3 chars) is filled from the alphabet pool.
     const baseChars = targetLen - (targetLen % 4);
     const inputBytes = (baseChars / 4) * 3;
     const out = [];

package/dist/envelope/verify.d.ts

@@ -15,7 +15,7 @@ import { type Envelope } from "./compose.js";
  * true when the Ed25519 signature over the canonical envelope bytes
  * (prefixed with `SEMP-ENVELOPE:`) verifies. Does NOT cross-check
  * that the supplied public key actually belongs to the
- * `postmark.from_domain` — that lookup is the caller's responsibility.
+ * `postmark.from_domain` - that lookup is the caller's responsibility.
  */
 export declare function verifySealSignature(env: Envelope, senderDomainPub: Uint8Array): boolean;
 /**

package/dist/envelope/verify.js

@@ -19,7 +19,7 @@ const EnvelopePrefix = "SEMP-ENVELOPE:";
  * true when the Ed25519 signature over the canonical envelope bytes
  * (prefixed with `SEMP-ENVELOPE:`) verifies. Does NOT cross-check
  * that the supplied public key actually belongs to the
- * `postmark.from_domain` — that lookup is the caller's responsibility.
+ * `postmark.from_domain` - that lookup is the caller's responsibility.
  */
 export function verifySealSignature(env, senderDomainPub) {
     if (env.seal?.signature === undefined || env.seal.signature === "") {

package/dist/extensions/index.d.ts

@@ -4,4 +4,5 @@
  * @module
  */
 export { type Entry, type Layer, type Map, type RegistryEntry, KeyError, MaxKeyLength, NamespacePrefixCore, Registry, SizeError, UnsupportedError, maxBytesFor, validate, validateKey, validateSize, } from "./limits.js";
+export { type ValidationFailureCode, type ValidationFailureItem, type ValidationFailureRejection, DefinitionPathPrefix, newValidationFailureRejection, } from "./validation_failure.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/extensions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,KAAK,EACV,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,aAAa,EAClB,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,KAAK,EACV,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,aAAa,EAClB,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,0BAA0B,EAC/B,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,yBAAyB,CAAC"}

package/dist/extensions/index.js

@@ -4,4 +4,5 @@
  * @module
  */
 export { KeyError, MaxKeyLength, NamespacePrefixCore, Registry, SizeError, UnsupportedError, maxBytesFor, validate, validateKey, validateSize, } from "./limits.js";
+export { DefinitionPathPrefix, newValidationFailureRejection, } from "./validation_failure.js";
 //# sourceMappingURL=index.js.map

package/dist/extensions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/extensions/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,QAAQ,EACR,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACR,WAAW,EACX,YAAY,GACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAIL,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,yBAAyB,CAAC"}

package/dist/extensions/limits.d.ts

@@ -8,7 +8,7 @@
  * ```
  *
  * Per-layer byte-size ceilings (§4) are enforced before signature
- * verification — an over-large `extensions` map MUST be rejected
+ * verification - an over-large `extensions` map MUST be rejected
  * outright, regardless of any signature it might carry.
  *
  * Required extensions a recipient does not understand MUST be
@@ -90,7 +90,7 @@ export declare function validateKey(key: string): Error | null;
  *     ({@link SizeError})
  *
  * Non-required (`required: false`) extensions are passed through
- * unconditionally — the receiver is free to ignore them.
+ * unconditionally - the receiver is free to ignore them.
  */
 export declare function validate(registry: Registry | null, layer: Layer, m: Map | null | undefined): Error | null;
 /**

package/dist/extensions/limits.js

@@ -8,7 +8,7 @@
  * ```
  *
  * Per-layer byte-size ceilings (§4) are enforced before signature
- * verification — an over-large `extensions` map MUST be rejected
+ * verification - an over-large `extensions` map MUST be rejected
  * outright, regardless of any signature it might carry.
  *
  * Required extensions a recipient does not understand MUST be
@@ -121,7 +121,7 @@ export function validateKey(key) {
  *     ({@link SizeError})
  *
  * Non-required (`required: false`) extensions are passed through
- * unconditionally — the receiver is free to ignore them.
+ * unconditionally - the receiver is free to ignore them.
  */
 export function validate(registry, layer, m) {
     if (m === null || m === undefined || Object.keys(m).length === 0) {

package/dist/extensions/validation_failure.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export declare const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Extension validation failure reporting per EXTENSIONS.md §3.9.3.
+ *
+ * Runtime validation failures across one or more extensions in an
+ * envelope are reported with the `extension_unsupported` reason
+ * code and an `errors` array carrying per-extension diagnostics.
+ * Implementations MAY stop at the first failure and report a
+ * single-entry array or continue and report all failures.
+ *
+ * @module
+ */
+/** Defined validation_failure diagnostics per §3.9.3 table. */
+export type ValidationFailureCode = "definition_unfetchable" | "definition_signature_invalid" | "data_schema_mismatch" | "placement_violation" | "authority_violation" | "dependency_unsatisfied" | "conflict_present";
+/** Single entry in the §3.9.3 `errors` array. */
+export interface ValidationFailureItem {
+    extension: string;
+    validation_failure: ValidationFailureCode;
+}
+/**
+ * Envelope-rejection wire shape carrying one or more extension
+ * validation failures. The reason_code is always
+ * `extension_unsupported`; per-rule diagnostics live in
+ * `errors[i].validation_failure`.
+ */
+export interface ValidationFailureRejection {
+    type: "SEMP_ENVELOPE";
+    step: "rejected";
+    version: string;
+    reason_code: "extension_unsupported";
+    reason: string;
+    errors: ValidationFailureItem[];
+}
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export declare function newValidationFailureRejection(items: ValidationFailureItem[], reason?: string): ValidationFailureRejection;
+//# sourceMappingURL=validation_failure.d.ts.map

package/dist/extensions/validation_failure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.d.ts","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE;;;;;;;;;;GAUG;AAEH,+DAA+D;AAC/D,MAAM,MAAM,qBAAqB,GAC7B,wBAAwB,GACxB,8BAA8B,GAC9B,sBAAsB,GACtB,qBAAqB,GACrB,qBAAqB,GACrB,wBAAwB,GACxB,kBAAkB,CAAC;AAEvB,iDAAiD;AACjD,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,qBAAqB,CAAC;CAC3C;AAED;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,uBAAuB,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,qBAAqB,EAAE,CAAC;CACjC;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE,qBAAqB,EAAE,EAC9B,MAAM,SAAgC,GACrC,0BAA0B,CAS5B"}

package/dist/extensions/validation_failure.js

@@ -0,0 +1,25 @@
+/**
+ * Canonical URL path prefix at which an extension's definition
+ * document is published per EXTENSIONS.md §3.5 and RFC 8615. The
+ * full URL is
+ *   "https://<host>" + DefinitionPathPrefix + "<name>.json"
+ * where <name> is the namespace-prefixed identifier such as
+ * "semp.dev/foo" or "vendor.example.com/feature1".
+ */
+export const DefinitionPathPrefix = "/.well-known/semp-extensions/";
+/**
+ * Wrap one or more validation failures in the §3.9.3 envelope
+ * rejection. The reason defaults to "Extension validation failed"
+ * when omitted.
+ */
+export function newValidationFailureRejection(items, reason = "Extension validation failed") {
+    return {
+        type: "SEMP_ENVELOPE",
+        step: "rejected",
+        version: "1.0.0",
+        reason_code: "extension_unsupported",
+        reason,
+        errors: items,
+    };
+}
+//# sourceMappingURL=validation_failure.js.map

package/dist/extensions/validation_failure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation_failure.js","sourceRoot":"","sources":["../../src/extensions/validation_failure.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AA6CpE;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAC3C,KAA8B,EAC9B,MAAM,GAAG,6BAA6B;IAEtC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,uBAAuB;QACpC,MAAM;QACN,MAAM,EAAE,KAAK;KACd,CAAC;AACJ,CAAC"}

package/dist/handshake/abort.d.ts

@@ -30,7 +30,7 @@ export declare function isChallengeInvalid(err: unknown): err is ChallengeInvali
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/abort.js

@@ -38,7 +38,7 @@ export function isChallengeInvalid(err) {
 /**
  * Build an unsigned client-initiator abort message per §2.2a.6.
  *
- * The wire shape is `party: "client"` with no `server_signature` —
+ * The wire shape is `party: "client"` with no `server_signature` -
  * the initiator has not authenticated to the server at this point
  * and MUST NOT do so as part of an abort.
  *

package/dist/handshake/client_state.d.ts

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -90,7 +90,7 @@ export interface HandshakeClientSession {
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export declare class HandshakeClient {
@@ -109,7 +109,7 @@ export declare class HandshakeClient {
     private serverIdProofSignature;
     private resumptionSecret;
     private resumeNonce;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     private finalSession;
     constructor(cfg: HandshakeClientConfig);
     /**
@@ -124,12 +124,12 @@ export declare class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     onChallenge(data: Uint8Array): Promise<Uint8Array>;
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data: Uint8Array): Uint8Array;

package/dist/handshake/client_state.js

@@ -3,7 +3,7 @@
  *
  * Mirror of `semp-go/handshake.Client`: a state machine the caller
  * drives over a transport. The class never performs network I/O
- * directly — the caller moves bytes between this object and the
+ * directly - the caller moves bytes between this object and the
  * underlying transport.
  *
  * Lifecycle:
@@ -55,7 +55,7 @@ const POW_HARDCAP = MaxPoWDifficulty;
 export { HandshakeRejectedError };
 /**
  * Stateful handshake client. One instance handles exactly one
- * handshake — discard after success or error. Re-using an instance
+ * handshake - discard after success or error. Re-using an instance
  * is a programming error (the state machine is single-shot).
  */
 export class HandshakeClient {
@@ -78,7 +78,7 @@ export class HandshakeClient {
     // Resume state (HANDSHAKE.md §2.8).
     resumptionSecret = null;
     resumeNonce = null;
-    /** Final session — populated by {@link onAccepted}. */
+    /** Final session - populated by {@link onAccepted}. */
     finalSession = null;
     constructor(cfg) {
         if (cfg.suite !== "x25519-chacha20-poly1305" &&
@@ -151,7 +151,7 @@ export class HandshakeClient {
      *
      * Throws {@link ChallengeInvalidError} when the difficulty
      * exceeds the protocol cap or the challenge has already
-     * expired — the caller follows up with a §2.2a.6 client abort.
+     * expired - the caller follows up with a §2.2a.6 client abort.
      */
     async onChallenge(data) {
         if (this.initCanonical === null) {
@@ -206,7 +206,7 @@ export class HandshakeClient {
     }
     /**
      * Process the server's RESPONSE, derive session keys, and produce
-     * CONFIRM bytes per §2.3 — §2.5. The ephemeral private key is
+     * CONFIRM bytes per §2.3 - §2.5. The ephemeral private key is
      * zeroed before return.
      */
     onResponse(data) {

package/dist/handshake/confirm.d.ts

@@ -11,8 +11,8 @@
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/confirm.js

@@ -12,8 +12,8 @@ import { sha256 } from "@noble/hashes/sha2.js";
 /**
  * Compute SHA-256 over the concatenation of canonical(message_1)
  * and canonical(message_2). The caller MUST pass the canonical
- * bytes — sorted keys, no insignificant whitespace, as defined in
- * ENVELOPE.md §4.3 — not the wire-format bytes.
+ * bytes - sorted keys, no insignificant whitespace, as defined in
+ * ENVELOPE.md §4.3 - not the wire-format bytes.
  *
  * The output is the 32-byte digest the client signs as part of its
  * identity proof.

package/dist/handshake/driver.d.ts

@@ -76,7 +76,7 @@ export interface ClientConfig {
      * AEAD-Seal under K_enc_c2s with AAD = session_id.
      *
      * When omitted (the default), the driver leaves identity_proof
-     * empty — the higher-level client wraps runClient with its
+     * empty - the higher-level client wraps runClient with its
      * own auth supply.
      */
     identity?: {
@@ -131,7 +131,7 @@ export declare class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export declare function runClient(transport: Transport, config: ClientConfig): Promise<Session>;
 //# sourceMappingURL=driver.d.ts.map

package/dist/handshake/driver.js

@@ -59,7 +59,7 @@ export class HandshakeRejectedError extends Error {
  *
  * On error the transport is closed so the peer's pending `receive`
  * unblocks. Successful completion leaves the transport owned by
- * the returned Session — closing the Session closes the transport.
+ * the returned Session - closing the Session closes the transport.
  */
 export async function runClient(transport, config) {
     if (config.suite !== "x25519-chacha20-poly1305" &&

package/dist/handshake/federation.d.ts

@@ -2,7 +2,7 @@
  * Federation handshake (server ↔ server) per HANDSHAKE.md §5.
  *
  * Two servers establish a federation session by exchanging four
- * messages — symmetric in shape to the client handshake but with
+ * messages - symmetric in shape to the client handshake but with
  * domain identity in plaintext on both sides plus a domain-proof
  * verification step:
  *
@@ -23,6 +23,11 @@
  */
 import { type SessionKeys } from "../crypto/index.js";
 import { type Capabilities, type Negotiated, type ResumptionTicket } from "./messages.js";
+/**
+ * Algorithm suites the federation handshake supports. Mirrors the
+ * client handshake's {@link "./driver".HandshakeSuite}.
+ */
+export type FederationSuite = "x25519-chacha20-poly1305" | "pq-kyber768-x25519";
 /** Wire-level discriminators (shared with the client handshake). */
 export declare const FederationMessageType = "SEMP_HANDSHAKE";
 /**
@@ -181,7 +186,7 @@ export interface FederationResume {
 /**
  * Domain-ownership verifier invoked by the responder during the
  * handshake. `verify` resolves on success; rejects (or throws) on
- * failure — the rejection reason is surfaced in
+ * failure - the rejection reason is surfaced in
  * {@link DomainVerificationResult.detail}.
  */
 export interface DomainVerifier {
@@ -189,7 +194,7 @@ export interface DomainVerifier {
 }
 /**
  * Permissive verifier that accepts every proof. Tests / single-
- * process deployments only — production MUST NOT use it.
+ * process deployments only - production MUST NOT use it.
  */
 export declare class TrustingDomainVerifier implements DomainVerifier {
     verify(): Promise<void>;
@@ -197,7 +202,7 @@ export declare class TrustingDomainVerifier implements DomainVerifier {
 /**
  * Decide which of two simultaneously-initiated federation handshakes
  * proceeds per SESSION.md §2.5.2. Both peers agree on the winner
- * without external coordination — lexicographic compare provides
+ * without external coordination - lexicographic compare provides
  * exactly this property.
  *
  * Returns the winning `session_id` (the one that proceeds).
@@ -209,8 +214,15 @@ export type PolicyAcceptor = (policy: FederationPolicy) => string | null;
 export declare const acceptAllPolicies: PolicyAcceptor;
 /** Configuration for {@link FederationInitiator}. */
 export interface FederationInitiatorConfig {
-    /** Algorithm suite. v1: `"x25519-chacha20-poly1305"`. */
-    suite: "x25519-chacha20-poly1305";
+    /**
+     * Algorithm suite. Either `"x25519-chacha20-poly1305"` (baseline)
+     * or `"pq-kyber768-x25519"` (hybrid post-quantum); the latter
+     * generates a 1216-byte hybrid ephemeral pub and decapsulates the
+     * responder's 1120-byte hybrid KEM ciphertext per ENVELOPE.md
+     * §4.4.1. The negotiated suite recorded on the wire is taken from
+     * this field; for multi-suite operators, run multiple initiators.
+     */
+    suite: FederationSuite;
     /** Capability set to advertise. */
     capabilities: Capabilities;
     /** Initiator's own domain. */
@@ -246,7 +258,7 @@ export interface FederationInitiatorSession {
 }
 /**
  * Stateful federation initiator. Mirror of `semp-go/handshake.Initiator`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationInitiator {
     private readonly cfg;
@@ -293,7 +305,13 @@ export declare class FederationInitiator {
 }
 /** Configuration for {@link FederationResponder}. */
 export interface FederationResponderConfig {
-    suite: "x25519-chacha20-poly1305";
+    /**
+     * Algorithm suite. Either `"x25519-chacha20-poly1305"` (baseline)
+     * or `"pq-kyber768-x25519"` (hybrid post-quantum). The responder
+     * accepts only this suite during negotiation; multi-suite support
+     * requires running multiple responders.
+     */
+    suite: FederationSuite;
     capabilities: Capabilities;
     /** Responder's own domain. */
     localDomain: string;
@@ -325,7 +343,7 @@ export interface FederationResponderSession {
 }
 /**
  * Stateful federation responder. Mirror of `semp-go/handshake.Responder`.
- * Single-shot — discard after success or error.
+ * Single-shot - discard after success or error.
  */
 export declare class FederationResponder {
     private readonly cfg;

package/dist/handshake/federation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"federation.d.ts","sourceRoot":"","sources":["../../src/handshake/federation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EACL,KAAK,WAAW,EAKjB,MAAM,oBAAoB,CAAC;AAW5B,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,gBAAgB,EAGtB,MAAM,eAAe,CAAC;AAEvB,oEAAoE;AACpE,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AAEtD;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GACzB,SAAS,GACT,aAAa,GACb,YAAY;AACd,wEAAwE;GACtE,YAAY,CAAC;AAEjB,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yDAAyD;AACzD,MAAM,WAAW,wBAAwB;IACvC,yEAAyE;IACzE,MAAM,EAAE,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAC/C,yDAAyD;IACzD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,mDAAmD;AACnD,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iCAAiC;IACjC,cAAc,EAAE,SAAS,GAAG,QAAQ,CAAC;IACrC,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,oCAAoC;AACpC,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,oCAAoC;AACpC,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,qBAAqB,EAAE,eAAe,CAAC;IACvC,YAAY,EAAE,WAAW,CAAC;IAC1B,YAAY,EAAE,YAAY,CAAC;IAC3B,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,qCAAqC;AACrC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,qBAAqB,EAAE,eAAe,CAAC;IACvC,0BAA0B,EAAE,wBAAwB,CAAC;IACrD,UAAU,EAAE,UAAU,CAAC;IACvB,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,oBAAoB,CAAC;IAC5C,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,UAAU,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;IAC9C,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;IACrC,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,wCAAwC;AACxC,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,oEAAoE;IACpE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,CACJ,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,WAAW,EAClB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,cAAc;IACrD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAG9B;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED,kEAAkE;AAClE,MAAM,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,gBAAgB,KAAK,MAAM,GAAG,IAAI,CAAC;AAEzE,0DAA0D;AAC1D,eAAO,MAAM,iBAAiB,EAAE,cAA2B,CAAC;AAM5D,qDAAqD;AACrD,MAAM,WAAW,yBAAyB;IACxC,yDAAyD;IACzD,KAAK,EAAE,0BAA0B,CAAC;IAClC,mCAAmC;IACnC,YAAY,EAAE,YAAY,CAAC;IAC3B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,eAAe,EAAE,UAAU,CAAC;IAC5B,kEAAkE;IAClE,mBAAmB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACpD,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,WAAW,EAAE,WAAW,CAAC;IACzB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,mEAAmE;IACnE,sBAAsB,CAAC,EAAE,UAAU,CAAC;IACpC,mDAAmD;IACnD,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B;AAED,qEAAqE;AACrE,MAAM,WAAW,0BAA0B;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAA4B;IAChD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAE1C,OAAO,CAAC,KAAK,CAA2B;IACxC,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAA2C;IAC/D,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,WAAW,CAA2B;gBAElC,GAAG,EAAE,yBAAyB;IA6B1C,0CAA0C;IAC1C,IAAI,IAAI,UAAU;IAgDlB,kFAAkF;IAClF,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAqHxC,uEAAuE;IACvE,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAwDlC,qDAAqD;IACrD,OAAO,IAAI,0BAA0B;IAOrC,gFAAgF;IAChF,oBAAoB,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI;IAO9C;;;;;OAKG;IACH,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,yBAAyB,SAAI,GAAG,UAAU;IAsCrE;;;OAGG;IACH,gBAAgB,CAAC,IAAI,EAAE,UAAU,GAAG;QAClC,OAAO,EAAE,0BAA0B,CAAC;QACpC,SAAS,EAAE,UAAU,GAAG,SAAS,CAAC;KACnC;IAwFD,mCAAmC;IACnC,KAAK,IAAI,IAAI;CAed;AAMD,qDAAqD;AACrD,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,0BAA0B,CAAC;IAClC,YAAY,EAAE,YAAY,CAAC;IAC3B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,aAAa,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,eAAe,EAAE,UAAU,CAAC;IAC5B,kEAAkE;IAClE,mBAAmB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACpD,wDAAwD;IACxD,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,+CAA+C;IAC/C,MAAM,EAAE,gBAAgB,CAAC;IACzB,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4CAA4C;IAC5C,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,mEAAmE;IACnE,sBAAsB,CAAC,EAAE,UAAU,CAAC;IACpC,mDAAmD;IACnD,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B;AAED,qEAAqE;AACrE,MAAM,WAAW,0BAA0B;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAA4B;IAChD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IAEpC,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,UAAU,CAAM;IACxB,OAAO,CAAC,SAAS,CAA2B;IAC5C,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAA2C;gBAEnD,GAAG,EAAE,yBAAyB;IAmB1C;;;;OAIG;IACG,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IA0InD;;;;OAIG;IACH,SAAS,CACP,IAAI,EAAE,UAAU,EAChB,IAAI,GAAE;QACJ,qBAAqB,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,KAAK,gBAAgB,CAAC;KAC5D,GACL,UAAU;IA4Eb,oDAAoD;IACpD,OAAO,IAAI,0BAA0B;IASrC,mCAAmC;IACnC,KAAK,IAAI,IAAI;CAed"}
+{"version":3,"file":"federation.d.ts","sourceRoot":"","sources":["../../src/handshake/federation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EACL,KAAK,WAAW,EASjB,MAAM,oBAAoB,CAAC;AAW5B,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,gBAAgB,EAGtB,MAAM,eAAe,CAAC;AAEvB;;;GAGG;AACH,MAAM,MAAM,eAAe,GACvB,0BAA0B,GAC1B,oBAAoB,CAAC;AAEzB,oEAAoE;AACpE,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AAEtD;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GACzB,SAAS,GACT,aAAa,GACb,YAAY;AACd,wEAAwE;GACtE,YAAY,CAAC;AAEjB,uCAAuC;AACvC,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yDAAyD;AACzD,MAAM,WAAW,wBAAwB;IACvC,yEAAyE;IACzE,MAAM,EAAE,UAAU,GAAG,UAAU,GAAG,YAAY,CAAC;IAC/C,yDAAyD;IACzD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,mDAAmD;AACnD,MAAM,WAAW,gBAAgB;IAC/B,qDAAqD;IACrD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iCAAiC;IACjC,cAAc,EAAE,SAAS,GAAG,QAAQ,CAAC;IACrC,2EAA2E;IAC3E,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,oCAAoC;AACpC,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,oCAAoC;AACpC,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,qBAAqB,EAAE,eAAe,CAAC;IACvC,YAAY,EAAE,WAAW,CAAC;IAC1B,YAAY,EAAE,YAAY,CAAC;IAC3B,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,qCAAqC;AACrC,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,qBAAqB,EAAE,eAAe,CAAC;IACvC,0BAA0B,EAAE,wBAAwB,CAAC;IACrD,UAAU,EAAE,UAAU,CAAC;IACvB,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,oCAAoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,oBAAoB,CAAC;IAC5C,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,8CAA8C;AAC9C,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,UAAU,CAAC;IACjB,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,UAAU,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,sBAAsB,CAAC;IAC9C,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;IACrC,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,wCAAwC;AACxC,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,qBAAqB,CAAC;IACnC,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,QAAQ,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,oEAAoE;IACpE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,sBAAsB,CAAC;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,CACJ,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,WAAW,EAClB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,cAAc;IACrD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAG9B;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAEjE;AAED,kEAAkE;AAClE,MAAM,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,gBAAgB,KAAK,MAAM,GAAG,IAAI,CAAC;AAEzE,0DAA0D;AAC1D,eAAO,MAAM,iBAAiB,EAAE,cAA2B,CAAC;AAM5D,qDAAqD;AACrD,MAAM,WAAW,yBAAyB;IACxC;;;;;;;OAOG;IACH,KAAK,EAAE,eAAe,CAAC;IACvB,mCAAmC;IACnC,YAAY,EAAE,YAAY,CAAC;IAC3B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,eAAe,EAAE,UAAU,CAAC;IAC5B,kEAAkE;IAClE,mBAAmB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACpD,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,WAAW,EAAE,WAAW,CAAC;IACzB,6CAA6C;IAC7C,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,mEAAmE;IACnE,sBAAsB,CAAC,EAAE,UAAU,CAAC;IACpC,mDAAmD;IACnD,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B;AAED,qEAAqE;AACrE,MAAM,WAAW,0BAA0B;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IACpC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAA4B;IAChD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAE1C,OAAO,CAAC,KAAK,CAA2B;IACxC,OAAO,CAAC,OAAO,CAA2B;IAC1C,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAA2C;IAC/D,OAAO,CAAC,gBAAgB,CAA2B;IACnD,OAAO,CAAC,WAAW,CAA2B;gBAElC,GAAG,EAAE,yBAAyB;IAgC1C,0CAA0C;IAC1C,IAAI,IAAI,UAAU;IAiElB,kFAAkF;IAClF,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU;IAoIxC,uEAAuE;IACvE,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAwDlC,qDAAqD;IACrD,OAAO,IAAI,0BAA0B;IAOrC,gFAAgF;IAChF,oBAAoB,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI;IAO9C;;;;;OAKG;IACH,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,yBAAyB,SAAI,GAAG,UAAU;IAsCrE;;;OAGG;IACH,gBAAgB,CAAC,IAAI,EAAE,UAAU,GAAG;QAClC,OAAO,EAAE,0BAA0B,CAAC;QACpC,SAAS,EAAE,UAAU,GAAG,SAAS,CAAC;KACnC;IAwFD,mCAAmC;IACnC,KAAK,IAAI,IAAI;CAed;AAMD,qDAAqD;AACrD,MAAM,WAAW,yBAAyB;IACxC;;;;;OAKG;IACH,KAAK,EAAE,eAAe,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,aAAa,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,eAAe,EAAE,UAAU,CAAC;IAC5B,kEAAkE;IAClE,mBAAmB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,UAAU,CAAC;IACpD,wDAAwD;IACxD,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,+CAA+C;IAC/C,MAAM,EAAE,gBAAgB,CAAC;IACzB,gDAAgD;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4CAA4C;IAC5C,iBAAiB,EAAE,MAAM,MAAM,CAAC;IAChC,mEAAmE;IACnE,sBAAsB,CAAC,EAAE,UAAU,CAAC;IACpC,mDAAmD;IACnD,cAAc,CAAC,EAAE,UAAU,CAAC;CAC7B;AAED,qEAAqE;AACrE,MAAM,WAAW,0BAA0B;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAA4B;IAChD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAa;IAC5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IAEpC,OAAO,CAAC,SAAS,CAAM;IACvB,OAAO,CAAC,UAAU,CAAM;IACxB,OAAO,CAAC,SAAS,CAA2B;IAC5C,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,aAAa,CAA2B;IAChD,OAAO,CAAC,WAAW,CAA4B;IAC/C,OAAO,CAAC,YAAY,CAA2C;gBAEnD,GAAG,EAAE,yBAAyB;IAsB1C;;;;OAIG;IACG,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IA+JnD;;;;OAIG;IACH,SAAS,CACP,IAAI,EAAE,UAAU,EAChB,IAAI,GAAE;QACJ,qBAAqB,CAAC,EAAE,CAAC,IAAI,EAAE,WAAW,KAAK,gBAAgB,CAAC;KAC5D,GACL,UAAU;IA4Eb,oDAAoD;IACpD,OAAO,IAAI,0BAA0B;IASrC,mCAAmC;IACnC,KAAK,IAAI,IAAI;CAed"}