@smonn/ids 0.13.1 → 0.14.1

package/spec/vectors.json

@@ -0,0 +1,97 @@
+{
+  "version": 1,
+  "vectors": [
+    {
+      "name": "timestamp_extract_running_example",
+      "category": "codec:timestamp",
+      "operation": "extract",
+      "input": "usr_06f80z92d2dbsqqg28t5cy4tqg",
+      "expected": 1780272145000
+    },
+    {
+      "name": "timestamp_generate_running_example",
+      "category": "codec:timestamp",
+      "operation": "generate",
+      "input": { "timestamp": 1780272145000, "rng": "9abcdef0123456789abc" },
+      "expected": "usr_06f80z92d2dbsqqg28t5cy4tqg"
+    },
+    {
+      "name": "reverse_extract_running_example",
+      "description": "the 6 timestamp bytes are bitwise-inverted before encoding; extract re-inverts them",
+      "category": "codec:reverse",
+      "operation": "extract",
+      "input": "usr_zsgqz0pxjydbsqqg28t5cy4tqg",
+      "expected": 1780272145000
+    },
+    {
+      "name": "reverse_generate_running_example",
+      "category": "codec:reverse",
+      "operation": "generate",
+      "input": { "timestamp": 1780272145000, "rng": "9abcdef0123456789abc" },
+      "expected": "usr_zsgqz0pxjydbsqqg28t5cy4tqg"
+    },
+    {
+      "name": "to_uuid_running_example",
+      "description": "the 16 payload bytes written verbatim as an RFC 9562 lowercase hyphenated UUID",
+      "category": "wire",
+      "operation": "to_uuid",
+      "input": "usr_06f80z92d2dbsqqg28t5cy4tqg",
+      "expected": "019e807d-2268-9abc-def0-123456789abc"
+    },
+    {
+      "name": "from_uuid_running_example",
+      "category": "wire",
+      "operation": "from_uuid",
+      "input": "019e807d-2268-9abc-def0-123456789abc",
+      "expected": { "ok": true, "id": "usr_06f80z92d2dbsqqg28t5cy4tqg" }
+    },
+    {
+      "name": "from_uuid_uppercase_accept",
+      "description": "RFC 9562 parsers accept uppercase hex; output is the same canonical id",
+      "category": "wire",
+      "operation": "from_uuid",
+      "input": "019E807D-2268-9ABC-DEF0-123456789ABC",
+      "expected": { "ok": true, "id": "usr_06f80z92d2dbsqqg28t5cy4tqg" }
+    },
+    {
+      "name": "from_uuid_reject_braces",
+      "description": "braced {…} form is rejected; only the hyphenated 8-4-4-4-12 form is accepted",
+      "category": "wire",
+      "operation": "from_uuid",
+      "input": "{019e807d-2268-9abc-def0-123456789abc}",
+      "expected": { "ok": false, "layer": "uuid" }
+    },
+    {
+      "name": "canonicalize_uppercase",
+      "description": "ASCII A-Z folds to lowercase",
+      "category": "wire",
+      "operation": "canonicalize",
+      "input": "USR_06F80Z92D2DBSQQG28T5CY4TQG",
+      "expected": { "ok": true, "id": "usr_06f80z92d2dbsqqg28t5cy4tqg" }
+    },
+    {
+      "name": "canonicalize_alias_o_to_zero",
+      "description": "Crockford visual alias o/O resolves to 0 before validation",
+      "category": "wire",
+      "operation": "canonicalize",
+      "input": "usr_o6f8oz92d2dbsqqg28t5cy4tqg",
+      "expected": { "ok": true, "id": "usr_06f80z92d2dbsqqg28t5cy4tqg" }
+    },
+    {
+      "name": "canonicalize_reject_padding_bit",
+      "description": "final base32 char '1' has non-zero low 2 bits (not in [048cgmrw])",
+      "category": "wire",
+      "operation": "canonicalize",
+      "input": "usr_00000000000000000000000001",
+      "expected": { "ok": false, "layer": "base32" }
+    },
+    {
+      "name": "canonicalize_reject_wrong_prefix",
+      "description": "a well-formed id of a different brand is rejected at the prefix layer (vectors are authored against brand usr)",
+      "category": "wire",
+      "operation": "canonicalize",
+      "input": "org_06f80z92d2dbsqqg28t5cy4tqg",
+      "expected": { "ok": false, "layer": "prefix" }
+    }
+  ]
+}

package/dist/codec-shell-C2NKQEx2.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"codec-shell-C2NKQEx2.mjs","names":[],"sources":["../src/codecs/_kernel/brand.ts","../src/wire/base32.ts","../src/wire/envelope.ts","../src/wire/invariants.ts","../src/codecs/_kernel/registry.ts","../src/wire/parse.ts","../src/wire/codec-shell.ts"],"sourcesContent":["import { IdsError } from \"../../error.js\";\n\nconst brandPattern = /^[a-z]{3}$/;\n\n/** Validates a three-character lowercase brand. Throws on invalid input. */\nexport function validateBrand(brand: string): void {\n  if (!brandPattern.test(brand)) {\n    throw new IdsError(\"invalid_brand\", \"invalid brand: expected three lowercase a-z characters\");\n  }\n}\n","/*\n  This is based on Crockford's Base32 spec: https://www.crockford.com/base32.html\n  One difference is that it uses lowercase instead of uppercase when encoding.\n\n  These functions are internal: codec constructors guarantee that input is a\n  16-byte buffer for encode, or a string of characters drawn from the alphabet\n  for decode. Invalid input produces silent garbage rather than a thrown error,\n  consistent with the trust-the-type rule in ADR-0003.\n*/\n\nexport const alphabet = \"0123456789abcdefghjkmnpqrstvwxyz\";\n\n// 0–31 → ASCII char code, for write-into-codes-then-fromCharCode encoding.\nconst valueToCharCode = new Uint8Array(32);\nfor (let i = 0; i < 32; i++) valueToCharCode[i] = alphabet.charCodeAt(i);\n\n// charCode → 0–31 value. Canonical lowercase only; upstream resolves case and\n// o/i/l aliases before any string reaches decodeBase32.\nconst INVALID = 0xff;\nconst charCodeToValue = new Uint8Array(256).fill(INVALID);\nfor (let i = 0; i < alphabet.length; i++) charCodeToValue[alphabet.charCodeAt(i)] = i;\n\nexport function encodeBase32(bytes: Uint8Array): string {\n  // Build an Array<number> of char codes and pass it to fromCharCode.apply.\n  // Faster than `result += char` (avoids cons-string overhead) and than\n  // Uint8Array variants (apply has a fast path for plain Arrays).\n  // oxlint-disable-next-line no-new-array\n  const codes = new Array<number>(Math.floor((bytes.length * 8) / 5) + 1);\n  let chi = 0;\n  let bits = 0;\n  let value = 0;\n\n  for (let i = 0; i < bytes.length; i++) {\n    value = (value << 8) | bytes[i]!;\n    bits += 8;\n    while (bits >= 5) {\n      bits -= 5;\n      codes[chi++] = valueToCharCode[(value >>> bits) & 0x1f]!;\n    }\n  }\n  codes[chi] = valueToCharCode[(value << (5 - bits)) & 0x1f]!;\n  return String.fromCharCode.apply(null, codes);\n}\n\nexport function decodeBase32(str: string): Uint8Array {\n  const result = new Uint8Array(Math.floor((str.length * 5) / 8));\n  let bits = 0;\n  let value = 0;\n  let index = 0;\n\n  for (let i = 0; i < str.length; i++) {\n    // Input is pre-validated by the upstream parse regex (safeParse / safeVerify /\n    // safeUnwrap), so every charCode is in [0, 255] and in the Crockford alphabet.\n    // No per-char bounds guard is needed here — contrast decodeHex, which guards\n    // `hiCode >= hexCharCodeToNibble.length` because it receives untrusted caller input.\n    const v = charCodeToValue[str.charCodeAt(i)]!;\n    value = (value << 5) | v;\n    bits += 5;\n    if (bits >= 8) {\n      bits -= 8;\n      result[index++] = (value >>> bits) & 0xff;\n    }\n  }\n  return result;\n}\n","import { decodeBase32, encodeBase32 } from \"./base32.js\";\nimport type { Id, Prefix } from \"../types.js\";\n\n/** Encodes a 16-byte payload as lowercase Crockford base32 (26 chars). */\nfunction encodePayload(bytes: Uint8Array): string {\n  return encodeBase32(bytes);\n}\n\n/** Decodes a 26-char base32 payload suffix to 16 bytes. Trust-the-type. */\nfunction decodePayload(base32: string): Uint8Array {\n  return decodeBase32(base32);\n}\n\n/** Composes a canonical wire ID from a prefix and 16-byte payload. */\nexport function toWireId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  payload: Uint8Array,\n): Id<Brand> {\n  return (prefix + encodePayload(payload)) as Id<Brand>;\n}\n\n/** Decodes the full 16-byte payload from a trusted wire ID. */\nexport function payloadBytesFromId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  id: Id<Brand>,\n): Uint8Array {\n  return decodePayload(id.slice(prefix.length));\n}\n","// Payload is always 16 bytes on the wire (every codec). 16 bytes → 26 Crockford\n// base32 chars. ADR-0002 codifies this as the shared wire-format invariant.\nexport const payloadByteLength: number = 16;\nexport const payloadBase32Length: number = Math.ceil((payloadByteLength * 8) / 5);\n\n// Compact regex character class for the canonical lowercase Crockford alphabet\n// (`0123456789abcdefghjkmnpqrstvwxyz` — excludes i, l, o, u). Used in the JSON\n// Schema `pattern`, which describes the canonical wire form only (ADR-0003).\nexport const base32CharClass: string = \"[0-9a-hjkmnp-tv-z]\";\n\n// The 8 alphabet values at indices divisible by 4 (low 2 bits = 00) that satisfy the\n// canonical padding-bit constraint for a 130-bit encoding of 16 bytes. ADR-0003.\nexport const base32FinalCharClass: string = \"[048cgmrw]\";\n","const registeredBrands = new Set<string>();\nconst warnedBrands = new Set<string>();\n\nexport function registerBrand(brand: string, allowDuplicateBrand: boolean | undefined): void {\n  if (\n    typeof process === \"undefined\" ||\n    process.env.NODE_ENV === \"production\" ||\n    allowDuplicateBrand\n  ) {\n    return;\n  }\n\n  if (registeredBrands.has(brand)) {\n    if (!warnedBrands.has(brand)) {\n      console.warn(\n        `[@smonn/ids] brand \"${brand}\" was registered more than once — this usually indicates a bundling or import bug, or that more than one codec variant is using the same brand. Pass { allowDuplicateBrand: true } to silence.`,\n      );\n      warnedBrands.add(brand);\n    }\n  } else {\n    registeredBrands.add(brand);\n  }\n}\n\n/**\n * Clears the process-global brand registry. Internal test hook only — not part\n * of the public API. Lets a test suite reset duplicate-detection state between\n * cases (e.g. in `beforeEach`) so it can reuse stable brands instead of minting\n * throwaway ones to dodge cross-test contamination. See ADR-0021.\n */\nexport function resetBrandRegistry(): void {\n  registeredBrands.clear();\n  warnedBrands.clear();\n}\n","import { alphabet } from \"./base32.js\";\nimport type { Id, ParseError, ParseResult, Prefix } from \"../types.js\";\nimport { base32FinalCharClass, payloadBase32Length } from \"./invariants.js\";\n\nconst replacePattern = /[ilo]/g;\nconst aliasTestPattern = /[ilo]/;\nconst replacer = (match: string): string => (match === \"o\" ? \"0\" : \"1\");\nconst base32Pattern = new RegExp(\n  `^[${alphabet}]{${payloadBase32Length - 1}}${base32FinalCharClass}$`,\n);\n\nexport function safeParse<Brand extends string>(\n  prefix: Prefix<Brand>,\n  value: unknown,\n): ParseResult<Brand> {\n  if (typeof value !== \"string\") return { ok: false, error: \"not_string\" };\n  if (value.startsWith(prefix) && base32Pattern.test(value.slice(prefix.length))) {\n    return { ok: true, id: value as Id<Brand> };\n  }\n  const lowercase = value.toLowerCase();\n  if (!lowercase.startsWith(prefix)) return { ok: false, error: \"invalid_prefix\" };\n\n  const sliced = lowercase.slice(prefix.length);\n  const base32 = aliasTestPattern.test(sliced)\n    ? sliced.replaceAll(replacePattern, replacer)\n    : sliced;\n\n  if (!base32Pattern.test(base32)) return { ok: false, error: \"invalid_base32\" };\n\n  const id = (prefix + base32) as Id<Brand>;\n  return { ok: true, id };\n}\n\nexport function is<Brand extends string>(\n  prefix: Prefix<Brand>,\n  value: unknown,\n): value is Id<Brand> {\n  if (typeof value !== \"string\") return false;\n  if (!value.startsWith(prefix)) return false;\n  return base32Pattern.test(value.slice(prefix.length));\n}\n\nfunction errorMessage<Brand extends string>(prefix: Prefix<Brand>, error: ParseError): string {\n  switch (error) {\n    case \"not_string\":\n      return \"expected string\";\n    case \"invalid_prefix\":\n      return `expected prefix '${prefix}'`;\n    case \"invalid_base32\":\n      return \"invalid base32 payload\";\n  }\n}\n\nexport function standardValidate<Brand extends string>(\n  prefix: Prefix<Brand>,\n  value: unknown,\n):\n  | { readonly value: Id<Brand>; readonly issues?: undefined }\n  | { readonly issues: ReadonlyArray<{ readonly message: string }> } {\n  const result = safeParse(prefix, value);\n  if (result.ok) return { value: result.id };\n  return { issues: [{ message: errorMessage(prefix, result.error) }] };\n}\n","import { IdsError } from \"../error.js\";\nimport type { Id, JsonSchema, ParseResult, Prefix, StandardSchemaProps } from \"../types.js\";\nimport { base32CharClass, base32FinalCharClass, payloadBase32Length } from \"./invariants.js\";\nimport { is, safeParse, standardValidate } from \"./parse.js\";\n\ntype WireMethods<Brand extends string> = {\n  is: (value: unknown) => value is Id<Brand>;\n  parse: (value: unknown) => Id<Brand>;\n  safeParse: (value: unknown) => ParseResult<Brand>;\n  toJsonSchema: (brand: Brand, example: string) => JsonSchema;\n  \"~standard\": StandardSchemaProps<Brand>;\n};\n\n/** Wire-only methods shared by every codec variant for a fixed prefix. */\nexport function wireMethods<Brand extends string>(prefix: Prefix<Brand>): WireMethods<Brand> {\n  const standard: StandardSchemaProps<Brand> = {\n    version: 1,\n    vendor: \"@smonn/ids\",\n    validate: (value: unknown) => standardValidate(prefix, value),\n  };\n  return {\n    is: (value: unknown): value is Id<Brand> => is(prefix, value),\n    parse: (value: unknown): Id<Brand> => {\n      const result = safeParse(prefix, value);\n      if (result.ok) return result.id;\n      throw new IdsError(\"invalid_id\", `invalid ID: ${result.error}`, { cause: result.error });\n    },\n    safeParse: (value: unknown): ParseResult<Brand> => safeParse(prefix, value),\n    toJsonSchema: (brand: Brand, example: string): JsonSchema => ({\n      type: \"string\",\n      pattern: `^${prefix}${base32CharClass}{${payloadBase32Length - 1}}${base32FinalCharClass}$`,\n      description: `Branded ID for '${brand}'`,\n      example,\n    }),\n    \"~standard\": standard,\n  };\n}\n"],"mappings":";;AAEA,MAAM,eAAe;;AAGrB,SAAgB,cAAc,OAAqB;CACjD,IAAI,CAAC,aAAa,KAAK,KAAK,GAC1B,MAAM,IAAI,SAAS,iBAAiB,wDAAwD;AAEhG;;;ACCA,MAAa,WAAW;AAGxB,MAAM,kCAAkB,IAAI,WAAW,EAAE;AACzC,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,KAAK,gBAAgB,KAAK,SAAS,WAAW,CAAC;AAKvE,MAAM,mCAAkB,IAAI,WAAW,GAAG,EAAA,CAAE,KAAK,GAAO;AACxD,KAAK,IAAI,IAAI,GAAG,IAAI,IAAiB,KAAK,gBAAgB,SAAS,WAAW,CAAC,KAAK;AAEpF,SAAgB,aAAa,OAA2B;CAKtD,MAAM,QAAQ,IAAI,MAAc,KAAK,MAAO,MAAM,SAAS,IAAK,CAAC,IAAI,CAAC;CACtE,IAAI,MAAM;CACV,IAAI,OAAO;CACX,IAAI,QAAQ;CAEZ,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACrC,QAAS,SAAS,IAAK,MAAM;EAC7B,QAAQ;EACR,OAAO,QAAQ,GAAG;GAChB,QAAQ;GACR,MAAM,SAAS,gBAAiB,UAAU,OAAQ;EACpD;CACF;CACA,MAAM,OAAO,gBAAiB,SAAU,IAAI,OAAS;CACrD,OAAO,OAAO,aAAa,MAAM,MAAM,KAAK;AAC9C;AAEA,SAAgB,aAAa,KAAyB;CACpD,MAAM,SAAS,IAAI,WAAW,KAAK,MAAO,IAAI,SAAS,IAAK,CAAC,CAAC;CAC9D,IAAI,OAAO;CACX,IAAI,QAAQ;CACZ,IAAI,QAAQ;CAEZ,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK;EAKnC,MAAM,IAAI,gBAAgB,IAAI,WAAW,CAAC;EAC1C,QAAS,SAAS,IAAK;EACvB,QAAQ;EACR,IAAI,QAAQ,GAAG;GACb,QAAQ;GACR,OAAO,WAAY,UAAU,OAAQ;EACvC;CACF;CACA,OAAO;AACT;;;;AC5DA,SAAS,cAAc,OAA2B;CAChD,OAAO,aAAa,KAAK;AAC3B;;AAGA,SAAS,cAAc,QAA4B;CACjD,OAAO,aAAa,MAAM;AAC5B;;AAGA,SAAgB,SACd,QACA,SACW;CACX,OAAQ,SAAS,cAAc,OAAO;AACxC;;AAGA,SAAgB,mBACd,QACA,IACY;CACZ,OAAO,cAAc,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C;ACxBA,MAAa,sBAA8B,KAAK,KAAA,MAA+B,CAAC;AAKhF,MAAa,kBAA0B;AAIvC,MAAa,uBAA+B;;;ACZ5C,MAAM,mCAAmB,IAAI,IAAY;AACzC,MAAM,+BAAe,IAAI,IAAY;AAErC,SAAgB,cAAc,OAAe,qBAAgD;CAC3F,IACE,OAAO,YAAY,eACnB,QAAQ,IAAI,aAAa,gBACzB,qBAEA;CAGF,IAAI,iBAAiB,IAAI,KAAK;MACxB,CAAC,aAAa,IAAI,KAAK,GAAG;GAC5B,QAAQ,KACN,uBAAuB,MAAM,+LAC/B;GACA,aAAa,IAAI,KAAK;EACxB;QAEA,iBAAiB,IAAI,KAAK;AAE9B;;;AClBA,MAAM,iBAAiB;AACvB,MAAM,mBAAmB;AACzB,MAAM,YAAY,UAA2B,UAAU,MAAM,MAAM;AACnE,MAAM,gBAAgB,IAAI,OACxB,KAAK,SAAS,IAAI,sBAAsB,EAAE,GAAG,qBAAqB,EACpE;AAEA,SAAgB,UACd,QACA,OACoB;CACpB,IAAI,OAAO,UAAU,UAAU,OAAO;EAAE,IAAI;EAAO,OAAO;CAAa;CACvE,IAAI,MAAM,WAAW,MAAM,KAAK,cAAc,KAAK,MAAM,MAAM,OAAO,MAAM,CAAC,GAC3E,OAAO;EAAE,IAAI;EAAM,IAAI;CAAmB;CAE5C,MAAM,YAAY,MAAM,YAAY;CACpC,IAAI,CAAC,UAAU,WAAW,MAAM,GAAG,OAAO;EAAE,IAAI;EAAO,OAAO;CAAiB;CAE/E,MAAM,SAAS,UAAU,MAAM,OAAO,MAAM;CAC5C,MAAM,SAAS,iBAAiB,KAAK,MAAM,IACvC,OAAO,WAAW,gBAAgB,QAAQ,IAC1C;CAEJ,IAAI,CAAC,cAAc,KAAK,MAAM,GAAG,OAAO;EAAE,IAAI;EAAO,OAAO;CAAiB;CAG7E,OAAO;EAAE,IAAI;EAAM,IADP,SAAS;CACC;AACxB;AAEA,SAAgB,GACd,QACA,OACoB;CACpB,IAAI,OAAO,UAAU,UAAU,OAAO;CACtC,IAAI,CAAC,MAAM,WAAW,MAAM,GAAG,OAAO;CACtC,OAAO,cAAc,KAAK,MAAM,MAAM,OAAO,MAAM,CAAC;AACtD;AAEA,SAAS,aAAmC,QAAuB,OAA2B;CAC5F,QAAQ,OAAR;EACE,KAAK,cACH,OAAO;EACT,KAAK,kBACH,OAAO,oBAAoB,OAAO;EACpC,KAAK,kBACH,OAAO;CACX;AACF;AAEA,SAAgB,iBACd,QACA,OAGmE;CACnE,MAAM,SAAS,UAAU,QAAQ,KAAK;CACtC,IAAI,OAAO,IAAI,OAAO,EAAE,OAAO,OAAO,GAAG;CACzC,OAAO,EAAE,QAAQ,CAAC,EAAE,SAAS,aAAa,QAAQ,OAAO,KAAK,EAAE,CAAC,EAAE;AACrE;;;;AChDA,SAAgB,YAAkC,QAA2C;CAM3F,OAAO;EACL,KAAK,UAAuC,GAAG,QAAQ,KAAK;EAC5D,QAAQ,UAA8B;GACpC,MAAM,SAAS,UAAU,QAAQ,KAAK;GACtC,IAAI,OAAO,IAAI,OAAO,OAAO;GAC7B,MAAM,IAAI,SAAS,cAAc,eAAe,OAAO,SAAS,EAAE,OAAO,OAAO,MAAM,CAAC;EACzF;EACA,YAAY,UAAuC,UAAU,QAAQ,KAAK;EAC1E,eAAe,OAAc,aAAiC;GAC5D,MAAM;GACN,SAAS,IAAI,SAAS,gBAAgB,GAAG,sBAAsB,EAAE,GAAG,qBAAqB;GACzF,aAAa,mBAAmB,MAAM;GACtC;EACF;EACA,aAAa;GAlBb,SAAS;GACT,QAAQ;GACR,WAAW,UAAmB,iBAAiB,QAAQ,KAAK;EAgBxC;CACtB;AACF"}

package/dist/opaque-BW3Uzeeb.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"opaque-BW3Uzeeb.mjs","names":[],"sources":["../src/codecs/opaque/layout.ts","../src/codecs/opaque/key.ts","../src/codecs/opaque/index.ts"],"sourcesContent":["import type { webcrypto } from \"node:crypto\";\nimport type { Id, LayoutOps, Prefix } from \"../../types.js\";\nimport { decryptPayload, encryptPayload } from \"../_kernel/crypto.js\";\nimport { payloadBytesFromId, toWireId } from \"../../wire/envelope.js\";\nimport { payloadBase32Length, payloadByteLength } from \"../../wire/invariants.js\";\nimport {\n  readTimestampMs,\n  timestampByteLength,\n  writeTimestamp,\n} from \"../../wire/timestamp-bytes.js\";\n\nfunction buildPlaintext(ms: number, rng: (target: Uint8Array) => void): Uint8Array {\n  const plaintext = new Uint8Array(payloadByteLength);\n  writeTimestamp(ms, plaintext);\n  rng(plaintext.subarray(timestampByteLength, payloadByteLength));\n  return plaintext;\n}\n\nasync function extractTimestampFromId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: webcrypto.CryptoKey,\n  id: Id<Brand>,\n): Promise<Date> {\n  const plaintext = await decryptPayload(key, payloadBytesFromId(prefix, id));\n  return new Date(readTimestampMs(plaintext));\n}\n\n/** Produces a canonical encrypted wire ID. Per-call plaintext/ciphertext buffers —\n * subtle dominates this path; reuse would be safe but not worth pinning to spec detail. */\nasync function generateWireId<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: webcrypto.CryptoKey,\n  rng: (target: Uint8Array) => void,\n  ms: number,\n): Promise<Id<Brand>> {\n  const plaintext = buildPlaintext(ms, rng);\n  const encrypted = await encryptPayload(key, plaintext);\n  return toWireId(prefix, encrypted);\n}\n\n/** Structural placeholder for JSON Schema (encrypt is async). */\nfunction schemaExample<Brand extends string>(prefix: Prefix<Brand>): string {\n  return prefix + \"0\".repeat(payloadBase32Length);\n}\n\n/** Layout ops binder for the Opaque Timestamp variant. `extractTimestampFromId` is module-private; the binder exposes `extractTimestamp` for the codec constructor. */\nexport function createOpaqueLayoutOps<Brand extends string>(\n  prefix: Prefix<Brand>,\n  key: webcrypto.CryptoKey,\n  rng: (target: Uint8Array) => void,\n): LayoutOps<Brand> & {\n  generateAt(ms: number): Promise<Id<Brand>>;\n  extractTimestamp(id: Id<Brand>): Promise<Date>;\n} {\n  return {\n    generateAt: (ms: number): Promise<Id<Brand>> => generateWireId(prefix, key, rng, ms),\n    extractTimestamp: (id: Id<Brand>): Promise<Date> => extractTimestampFromId(prefix, key, id),\n    exampleWireId: (_ms?: number): Id<Brand> => schemaExample(prefix) as Id<Brand>,\n  };\n}\n","import type { webcrypto } from \"node:crypto\";\nimport {\n  assertValidKeyMaterialByteLength,\n  decodeKeyMaterial,\n  encodeKeyMaterial,\n} from \"../_kernel/key-material.js\";\n\n/** Wire encoding for opaque AES key material (not Crockford base32). */\nexport type OpaqueKeyFormat = \"hex\" | \"base64url\";\n\ndeclare const opaqueKeyBrand: unique symbol;\n\n/**\n * Opaque imported handle for one AES key used by the Opaque Timestamp codec.\n *\n * Holds the underlying `webcrypto.CryptoKey` internally; callers never access it directly.\n * Obtain handles via {@link importOpaqueKey} and pass them to\n * `createOpaqueTimestampId` as the `key` option.\n *\n * Distinct from the `WrappingKey` used by `@smonn/ids/wrapped` — one raw\n * secret must not silently serve both codecs without an explicit import.\n */\nexport type OpaqueKey = {\n  readonly [opaqueKeyBrand]: \"OpaqueKey\";\n};\n\nconst opaqueKeyInternals = new WeakMap<OpaqueKey, webcrypto.CryptoKey>();\n\n/**\n * Imports raw AES key bytes into an {@link OpaqueKey} handle for the Opaque\n * Timestamp codec.\n *\n * Accepts 16, 24, or 32 bytes (AES-128 / AES-192 / AES-256 strength).\n * To store or transport key material, use {@link encodeOpaqueKey} /\n * {@link decodeOpaqueKey} (`\"hex\"` or `\"base64url\"` — not Crockford base32).\n *\n * @param bytes - 16, 24, or 32 raw key bytes.\n */\nexport async function importOpaqueKey(bytes: Uint8Array): Promise<OpaqueKey> {\n  assertValidKeyMaterialByteLength(bytes.length, \"AES\");\n  const cryptoKey = await crypto.subtle.importKey(\n    \"raw\",\n    bytes as Uint8Array<ArrayBuffer>,\n    \"AES-CBC\",\n    false,\n    [\"encrypt\", \"decrypt\"],\n  );\n  const key = Object.freeze({}) as OpaqueKey;\n  opaqueKeyInternals.set(key, cryptoKey);\n  return key;\n}\n\nexport function getOpaqueKeyCryptoKey(key: OpaqueKey): webcrypto.CryptoKey {\n  const cryptoKey = opaqueKeyInternals.get(key);\n  if (cryptoKey === undefined) {\n    throw new Error(\"invalid opaque key\");\n  }\n  return cryptoKey;\n}\n\n/**\n * Encodes raw AES key bytes for storage in env vars or secret managers.\n *\n * @param bytes - 16, 24, or 32 raw key bytes (AES-128/192/256).\n * @param format - `hex` (lowercase) or `base64url`.\n */\nexport function encodeOpaqueKey(bytes: Uint8Array, format: OpaqueKeyFormat): string {\n  return encodeKeyMaterial(bytes, format, \"opaque\", \"AES\");\n}\n\n/**\n * Decodes key material emitted by `encodeOpaqueKey` (or `ids keygen`) back to raw bytes.\n *\n * @param encoded - Hex or base64url string.\n * @param format - Must match how the string was encoded.\n */\nexport function decodeOpaqueKey(encoded: string, format: OpaqueKeyFormat): Uint8Array {\n  return decodeKeyMaterial(encoded, format, \"opaque\", \"AES\");\n}\n","import { validateBrand } from \"../_kernel/brand.js\";\nimport { createOpaqueLayoutOps } from \"./layout.js\";\nimport { getOpaqueKeyCryptoKey, type OpaqueKey } from \"./key.js\";\nimport { registerBrand } from \"../_kernel/registry.js\";\nimport { defaultRng } from \"../_kernel/rng.js\";\nimport type {\n  Id,\n  JsonSchema,\n  ParseResult,\n  Prefix,\n  StandardSchemaProps,\n  ValidBrand,\n} from \"../../types.js\";\nimport { wireMethods } from \"../../wire/codec-shell.js\";\n\n/** {@link IdsError} class, {@link isIdsError} type guard, and {@link IdsErrorCode} union — re-exported from `\"@smonn/ids\"` for convenience. */\nexport { IdsError, isIdsError, type IdsErrorCode } from \"../../error.js\";\nexport {\n  decodeOpaqueKey,\n  encodeOpaqueKey,\n  importOpaqueKey,\n  type OpaqueKey,\n  type OpaqueKeyFormat,\n} from \"./key.js\";\n\n/**\n * Configuration options for an Opaque Timestamp codec instance.\n */\nexport type OpaqueTimestampOptions = {\n  /**\n   * {@link OpaqueKey} handle for AES-CBC encryption and decryption.\n   * Obtain via {@link importOpaqueKey}.\n   *\n   * A single key, not a ring: rotation is forward-only and caller-tracked —\n   * hold one codec per key epoch and select it from your own records. The\n   * library cannot trial keys (the payload is unauthenticated). See ADR-0013.\n   */\n  key: OpaqueKey;\n  /** Returns the current timestamp in milliseconds. Defaults to `Date.now`. */\n  now?: () => number;\n  /** Writes random bytes into `target` for ID generation. Defaults to `crypto.getRandomValues`. */\n  rng?: (target: Uint8Array) => void;\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\n/**\n * A brand-scoped codec for generating and validating Opaque Timestamp IDs.\n *\n * Same wire shape as the Timestamp codec (`{brand}_` + 26 base32 chars) but the\n * payload is AES-CBC encrypted. `generate`, `generateAt`, and `extractTimestamp`\n * are async; parsing methods are sync. No `minIdForTime` / `maxIdForTime` —\n * encrypted payloads do not sort by creation time.\n *\n * @remarks\n * **Security properties (unauthenticated, deterministic, and malleable by design):**\n *\n * - The payload is AES-CBC encrypted but **unauthenticated** — there is no\n *   integrity tag. A tampered or wrong-key payload decrypts to garbage bytes\n *   without throwing.\n * - Opaque IDs must be treated as **opaque handles**, not as trusted or\n *   authenticated tokens.\n * - `extractTimestamp` is best-effort on untrusted input: a wrong or tampered\n *   key returns a plausible-looking `Date` without error, not a verification\n *   failure. Do not treat the returned timestamp as proof of origin.\n */\nexport type OpaqueTimestampCodec<Brand extends string> = {\n  /** Produces a new canonical encrypted ID using the codec's `now` and `rng`. */\n  generate(): Promise<Id<Brand>>;\n  /** Produces a new canonical encrypted ID with timestamp bytes from `date`. Throws on invalid dates. */\n  generateAt(date: Date): Promise<Id<Brand>>;\n  /**\n   * Strict type guard: `true` only for already-canonical strings for this brand.\n   * For untrusted input, use `safeParse()` or `parse()` instead. See ADR-0003.\n   */\n  is(value: unknown): value is Id<Brand>;\n  /**\n   * Lenient parse: normalises case and Crockford aliases, returns canonical `Id<Brand>`, or throws.\n   */\n  parse(value: unknown): Id<Brand>;\n  /**\n   * Lenient parse without throwing: normalises to canonical form, or returns `{ ok: false, error }`.\n   */\n  safeParse(value: unknown): ParseResult<Brand>;\n  /**\n   * Decrypts and decodes the creation `Date` from an `Id<Brand>`. Trusts the type — use `safeParse()` at boundaries first. See ADR-0002.\n   *\n   * Requires the same key used at generation; a wrong key returns a plausible\n   * but wrong `Date`, never an error. With rotation, select the codec for the\n   * ID's key epoch from your own records — the library cannot. See ADR-0013.\n   */\n  extractTimestamp(id: Id<Brand>): Promise<Date>;\n  /**\n   * JSON Schema for the canonical wire form. The `pattern` matches the canonical stored\n   * form only and is deliberately stricter than `parse()`/`safeParse()`, which accept\n   * uppercase letters and Crockford aliases (`o`/`i`/`l`) before normalising. See ADR-0003.\n   * The `example` is a structural placeholder (generated at construction time).\n   */\n  toJsonSchema(): JsonSchema;\n  /** Standard Schema validate entry point. */\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n/**\n * Creates an Opaque Timestamp codec for `brand` (three lowercase a–z characters).\n *\n * @param brand - Entity type brand validated once at construction.\n * @param opts - Required `key` (an {@link OpaqueKey} from {@link importOpaqueKey}) plus\n *   optional `now`, `rng`, and `allowDuplicateBrand` overrides.\n */\nexport function createOpaqueTimestampId<Brand extends string>(\n  brand: Brand & ValidBrand<Brand>,\n  opts: OpaqueTimestampOptions,\n): OpaqueTimestampCodec<Brand> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n\n  const cryptoKey = getOpaqueKeyCryptoKey(opts.key);\n  const now = opts.now ?? Date.now;\n  const rng = opts.rng ?? defaultRng;\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createOpaqueLayoutOps(prefix, cryptoKey, rng);\n\n  return {\n    generate: () => layout.generateAt(now()),\n    generateAt: (date: Date) => layout.generateAt(date.getTime()),\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    extractTimestamp: layout.extractTimestamp,\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;;AAWA,SAAS,eAAe,IAAY,KAA+C;CACjF,MAAM,4BAAY,IAAI,WAAA,EAA4B;CAClD,eAAe,IAAI,SAAS;CAC5B,IAAI,UAAU,SAAA,GAAA,EAA+C,CAAC;CAC9D,OAAO;AACT;AAEA,eAAe,uBACb,QACA,KACA,IACe;CACf,MAAM,YAAY,MAAM,eAAe,KAAK,mBAAmB,QAAQ,EAAE,CAAC;CAC1E,OAAO,IAAI,KAAK,gBAAgB,SAAS,CAAC;AAC5C;;;AAIA,eAAe,eACb,QACA,KACA,KACA,IACoB;CAGpB,OAAO,SAAS,QAAQ,MADA,eAAe,KADrB,eAAe,IAAI,GACe,CAAC,CACpB;AACnC;;AAGA,SAAS,cAAoC,QAA+B;CAC1E,OAAO,SAAS,IAAI,OAAO,mBAAmB;AAChD;;AAGA,SAAgB,sBACd,QACA,KACA,KAIA;CACA,OAAO;EACL,aAAa,OAAmC,eAAe,QAAQ,KAAK,KAAK,EAAE;EACnF,mBAAmB,OAAiC,uBAAuB,QAAQ,KAAK,EAAE;EAC1F,gBAAgB,QAA4B,cAAc,MAAM;CAClE;AACF;;;ACjCA,MAAM,qCAAqB,IAAI,QAAwC;;;;;;;;;;;AAYvE,eAAsB,gBAAgB,OAAuC;CAC3E,iCAAiC,MAAM,QAAQ,KAAK;CACpD,MAAM,YAAY,MAAM,OAAO,OAAO,UACpC,OACA,OACA,WACA,OACA,CAAC,WAAW,SAAS,CACvB;CACA,MAAM,MAAM,OAAO,OAAO,CAAC,CAAC;CAC5B,mBAAmB,IAAI,KAAK,SAAS;CACrC,OAAO;AACT;AAEA,SAAgB,sBAAsB,KAAqC;CACzE,MAAM,YAAY,mBAAmB,IAAI,GAAG;CAC5C,IAAI,cAAc,KAAA,GAChB,MAAM,IAAI,MAAM,oBAAoB;CAEtC,OAAO;AACT;;;;;;;AAQA,SAAgB,gBAAgB,OAAmB,QAAiC;CAClF,OAAO,kBAAkB,OAAO,QAAQ,UAAU,KAAK;AACzD;;;;;;;AAQA,SAAgB,gBAAgB,SAAiB,QAAqC;CACpF,OAAO,kBAAkB,SAAS,QAAQ,UAAU,KAAK;AAC3D;;;;;;;;;;ACgCA,SAAgB,wBACd,OACA,MAC6B;CAC7B,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAE7C,MAAM,YAAY,sBAAsB,KAAK,GAAG;CAChD,MAAM,MAAM,KAAK,OAAO,KAAK;CAC7B,MAAM,MAAM,KAAK,OAAO;CACxB,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,sBAAsB,QAAQ,WAAW,GAAG;CAE3D,OAAO;EACL,gBAAgB,OAAO,WAAW,IAAI,CAAC;EACvC,aAAa,SAAe,OAAO,WAAW,KAAK,QAAQ,CAAC;EAC5D,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,kBAAkB,OAAO;EACzB,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,CAAC;EACnE,aAAa,KAAK;CACpB;AACF"}

package/dist/wrapped-DPlsv1x-.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"wrapped-DPlsv1x-.mjs","names":[],"sources":["../src/codecs/wrapped/layout.ts","../src/codecs/wrapped/key.ts","../src/codecs/wrapped/index.ts"],"sourcesContent":["import type { webcrypto } from \"node:crypto\";\nimport type { Id, LayoutOps, Prefix } from \"../../types.js\";\nimport { decryptPayload, encryptPayload, timingSafeEqual } from \"../_kernel/crypto.js\";\nimport { writeLen32 } from \"../_kernel/bytes.js\";\nimport { payloadBytesFromId, toWireId } from \"../../wire/envelope.js\";\nimport { payloadBase32Length, payloadByteLength } from \"../../wire/invariants.js\";\n\nconst laneByteLength = 8;\nconst tagByteLength = 8;\n\ntype LayoutWrappingKey = {\n  aesKey: webcrypto.CryptoKey;\n  hmacKey: webcrypto.CryptoKey;\n};\n\ntype LayoutWrappedKind = \"u32\" | \"i32\" | \"u64\" | \"i64\";\ntype LayoutLookupKey<K extends LayoutWrappedKind> = K extends \"u32\" | \"i32\" ? number : bigint;\n\nfunction writeU32Lane(value: number, lane: Uint8Array): void {\n  lane[0] = 0;\n  lane[1] = 0;\n  lane[2] = 0;\n  lane[3] = 0;\n  lane[4] = (value >>> 24) & 0xff;\n  lane[5] = (value >>> 16) & 0xff;\n  lane[6] = (value >>> 8) & 0xff;\n  lane[7] = value & 0xff;\n}\n\nfunction readU32Lane(lane: Uint8Array): number | null {\n  for (let i = 0; i < 4; i++) {\n    if (lane[i] !== 0) return null;\n  }\n  return ((lane[4]! << 24) | (lane[5]! << 16) | (lane[6]! << 8) | lane[7]!) >>> 0;\n}\n\nfunction writeI32Lane(value: number, lane: Uint8Array): void {\n  lane.fill(value < 0 ? 0xff : 0x00, 0, 4);\n  new DataView(lane.buffer, lane.byteOffset, lane.byteLength).setInt32(4, value, false);\n}\n\nfunction readI32Lane(lane: Uint8Array): number | null {\n  const signExtension = (lane[4]! & 0x80) === 0 ? 0x00 : 0xff;\n  for (let i = 0; i < 4; i++) {\n    if (lane[i] !== signExtension) return null;\n  }\n  return new DataView(lane.buffer, lane.byteOffset, lane.byteLength).getInt32(4, false);\n}\n\nfunction writeU64Lane(value: bigint, lane: Uint8Array): void {\n  new DataView(lane.buffer, lane.byteOffset, lane.byteLength).setBigUint64(0, value, false);\n}\n\nfunction readU64Lane(lane: Uint8Array): bigint {\n  return new DataView(lane.buffer, lane.byteOffset, lane.byteLength).getBigUint64(0, false);\n}\n\nfunction writeI64Lane(value: bigint, lane: Uint8Array): void {\n  new DataView(lane.buffer, lane.byteOffset, lane.byteLength).setBigInt64(0, value, false);\n}\n\nfunction readI64Lane(lane: Uint8Array): bigint {\n  return new DataView(lane.buffer, lane.byteOffset, lane.byteLength).getBigInt64(0, false);\n}\n\nfunction writeLane<K extends LayoutWrappedKind>(\n  kind: K,\n  value: LayoutLookupKey<K>,\n  lane: Uint8Array,\n): void {\n  if (kind === \"i32\") {\n    writeI32Lane(value as number, lane);\n    return;\n  }\n  if (kind === \"u64\") {\n    writeU64Lane(value as bigint, lane);\n    return;\n  }\n  if (kind === \"i64\") {\n    writeI64Lane(value as bigint, lane);\n    return;\n  }\n  writeU32Lane(value as number, lane);\n}\n\nfunction readLane<K extends LayoutWrappedKind>(\n  kind: K,\n  lane: Uint8Array,\n): LayoutLookupKey<K> | null {\n  if (kind === \"u64\") return readU64Lane(lane) as LayoutLookupKey<K>;\n  if (kind === \"i64\") return readI64Lane(lane) as LayoutLookupKey<K>;\n  const value = kind === \"i32\" ? readI32Lane(lane) : readU32Lane(lane);\n  return value as LayoutLookupKey<K> | null;\n}\n\n/**\n * Precomputed HMAC-message template for a fixed (brand, kind) pair.\n *\n * The message is `len32(brand) ‖ brand ‖ len32(kind) ‖ kind ‖ lane`. Everything\n * except the trailing 8-byte lane is constant for the life of the codec, so we\n * build it once at construction. `brand`/`kind` are never re-encoded and no\n * `TextEncoder` is allocated on the `wrap` / `unwrap` hot paths.\n */\ntype HmacMessageTemplate = {\n  /** Full-length buffer with the constant prefix written and the lane region zeroed. */\n  readonly buffer: Uint8Array;\n  /** Byte offset where the lane is copied in on each call. */\n  readonly laneOffset: number;\n};\n\nfunction createHmacMessageTemplate(brand: string, kind: LayoutWrappedKind): HmacMessageTemplate {\n  const encoder = new TextEncoder();\n  const brandBytes = encoder.encode(brand);\n  const kindBytes = encoder.encode(kind);\n  const laneOffset = 4 + brandBytes.length + 4 + kindBytes.length;\n  const buffer = new Uint8Array(laneOffset + laneByteLength);\n  let offset = 0;\n  writeLen32(brandBytes.length, buffer, offset);\n  offset += 4;\n  buffer.set(brandBytes, offset);\n  offset += brandBytes.length;\n  writeLen32(kindBytes.length, buffer, offset);\n  offset += 4;\n  buffer.set(kindBytes, offset);\n  return { buffer, laneOffset };\n}\n\n/** Materialise the HMAC message for `lane`. Fresh buffer per call → safe under concurrent async signs. */\nfunction hmacMessage(template: HmacMessageTemplate, lane: Uint8Array): Uint8Array {\n  const message = template.buffer.slice();\n  message.set(lane, template.laneOffset);\n  return message;\n}\n\nasync function computeTag(\n  key: LayoutWrappingKey,\n  template: HmacMessageTemplate,\n  lane: Uint8Array,\n): Promise<Uint8Array> {\n  const signature = new Uint8Array(\n    await crypto.subtle.sign(\n      \"HMAC\",\n      key.hmacKey,\n      hmacMessage(template, lane) as Uint8Array<ArrayBuffer>,\n    ),\n  );\n  return signature.subarray(0, tagByteLength);\n}\n\nfunction buildPlaintext(lane: Uint8Array, tag: Uint8Array): Uint8Array {\n  const plaintext = new Uint8Array(payloadByteLength);\n  plaintext.set(lane, 0);\n  plaintext.set(tag, laneByteLength);\n  return plaintext;\n}\n\nasync function wrapLookupKey<Brand extends string, Kind extends LayoutWrappedKind>(\n  prefix: Prefix<Brand>,\n  template: HmacMessageTemplate,\n  key: LayoutWrappingKey,\n  kind: Kind,\n  lookupKey: LayoutLookupKey<Kind>,\n): Promise<Id<Brand>> {\n  const lane = new Uint8Array(laneByteLength);\n  writeLane(kind, lookupKey, lane);\n  const tag = await computeTag(key, template, lane);\n  const encrypted = await encryptPayload(key.aesKey, buildPlaintext(lane, tag));\n  return toWireId(prefix, encrypted);\n}\n\nasync function tryUnwrapLookupKey<Brand extends string, Kind extends LayoutWrappedKind>(\n  prefix: Prefix<Brand>,\n  template: HmacMessageTemplate,\n  key: LayoutWrappingKey,\n  kind: Kind,\n  id: Id<Brand>,\n): Promise<LayoutLookupKey<Kind> | null> {\n  const plaintext = await decryptPayload(key.aesKey, payloadBytesFromId(prefix, id));\n  const lane = plaintext.subarray(0, laneByteLength);\n  const tag = plaintext.subarray(laneByteLength, payloadByteLength);\n  const expected = await computeTag(key, template, lane);\n  if (!timingSafeEqual(tag, expected)) return null;\n  return readLane(kind, lane);\n}\n\nfunction schemaExample<Brand extends string>(prefix: Prefix<Brand>): string {\n  return prefix + \"0\".repeat(payloadBase32Length);\n}\n\nexport function createWrappedLayoutOps<Brand extends string, Kind extends LayoutWrappedKind>(\n  prefix: Prefix<Brand>,\n  brand: Brand,\n  kind: Kind,\n  keys: readonly LayoutWrappingKey[],\n): LayoutOps<Brand> & {\n  wrap(lookupKey: LayoutLookupKey<Kind>): Promise<Id<Brand>>;\n  tryUnwrap(id: Id<Brand>): Promise<LayoutLookupKey<Kind> | null>;\n} {\n  const wrapKey = keys[0]!;\n  // brand + kind are fixed for the codec's lifetime; encode them and build the\n  // HMAC-message prefix once instead of on every wrap / unwrap-trial.\n  const template = createHmacMessageTemplate(brand, kind);\n  return {\n    wrap: (lookupKey: LayoutLookupKey<Kind>): Promise<Id<Brand>> =>\n      wrapLookupKey(prefix, template, wrapKey, kind, lookupKey),\n    tryUnwrap: async (id: Id<Brand>): Promise<LayoutLookupKey<Kind> | null> => {\n      for (const key of keys) {\n        const lookupKey = await tryUnwrapLookupKey(prefix, template, key, kind, id);\n        if (lookupKey !== null) return lookupKey;\n      }\n      return null;\n    },\n    exampleWireId: (_ms?: number): Id<Brand> => schemaExample(prefix) as Id<Brand>,\n  };\n}\n","import type { webcrypto } from \"node:crypto\";\nimport { deriveKey, timingSafeEqual } from \"../_kernel/crypto.js\";\nimport {\n  assertValidKeyMaterialByteLength,\n  assertValidKeyring,\n  decodeKeyMaterial,\n  encodeKeyMaterial,\n} from \"../_kernel/key-material.js\";\n\nexport { assertValidKeyring };\n\n/** Wire encoding for wrapping operator secret bytes (not Crockford base32). */\nexport type WrappingKeyFormat = \"hex\" | \"base64url\";\n\nconst aesInfo = new TextEncoder().encode(\"@smonn/ids/wrapped/aes\");\nconst hmacInfo = new TextEncoder().encode(\"@smonn/ids/wrapped/hmac\");\n\ndeclare const wrappingKeyBrand: unique symbol;\n\n/**\n * Opaque imported handle for one operator wrapping secret.\n *\n * Holds derived AES and HMAC subkeys internally; callers never access subkeys\n * or raw `webcrypto.CryptoKey` values directly. Obtain handles via {@link importWrappingKey}\n * and pass them to `createWrappedKeyId` as the `keys` wrapping keyring.\n *\n * Distinct from the **Opaque key** used by `@smonn/ids/opaque` — one raw\n * secret must not silently serve both codecs without an explicit import.\n */\nexport type WrappingKey = {\n  readonly [wrappingKeyBrand]: \"WrappingKey\";\n};\n\ntype WrappingKeyInternals = {\n  keyDigest: Uint8Array;\n  aesKey: webcrypto.CryptoKey;\n  hmacKey: webcrypto.CryptoKey;\n};\n\nexport type WrappingKeyMaterial = {\n  aesKey: webcrypto.CryptoKey;\n  hmacKey: webcrypto.CryptoKey;\n};\n\nconst internals = new WeakMap<WrappingKey, WrappingKeyInternals>();\n\n/**\n * Import raw operator secret bytes into a {@link WrappingKey} handle.\n *\n * One raw secret derives into AES and HMAC subkeys held inside the returned\n * handle. Accepts 16, 24, or 32 bytes (AES-128 / AES-192 / AES-256 strength).\n * To store or transport key material, use {@link encodeWrappingKey} /\n * {@link decodeWrappingKey} (`\"hex\"` or `\"base64url\"` — not Crockford base32).\n *\n * @param bytes - 16, 24, or 32 raw key bytes.\n */\nexport async function importWrappingKey(bytes: Uint8Array): Promise<WrappingKey> {\n  assertValidKeyMaterialByteLength(bytes.length, \"wrapping\");\n  const [aesKey, hmacKey, digestBuffer] = await Promise.all([\n    deriveKey(bytes, aesInfo, { name: \"AES-CBC\", length: 256 }, [\"encrypt\", \"decrypt\"]),\n    deriveKey(bytes, hmacInfo, { name: \"HMAC\", hash: \"SHA-256\", length: 256 }, [\"sign\", \"verify\"]),\n    crypto.subtle.digest(\"SHA-256\", bytes as Uint8Array<ArrayBuffer>),\n  ]);\n  const key = Object.freeze({}) as WrappingKey;\n  internals.set(key, {\n    keyDigest: new Uint8Array(digestBuffer),\n    aesKey,\n    hmacKey,\n  });\n  return key;\n}\n\n/**\n * Encode raw wrapping operator secret bytes for storage in env vars or secret managers.\n *\n * Supports `\"hex\"` (lowercase) and `\"base64url\"`. Output round-trips through\n * {@link decodeWrappingKey} back to the original bytes.\n */\nexport function encodeWrappingKey(bytes: Uint8Array, format: WrappingKeyFormat): string {\n  return encodeKeyMaterial(bytes, format, \"wrapping\", \"wrapping\");\n}\n\n/**\n * Decode key material emitted by {@link encodeWrappingKey} back to raw bytes.\n *\n * The result can be passed directly to {@link importWrappingKey}.\n */\nexport function decodeWrappingKey(encoded: string, format: WrappingKeyFormat): Uint8Array {\n  return decodeKeyMaterial(encoded, format, \"wrapping\", \"wrapping\");\n}\n\n/**\n * Returns true when two handles were imported from the same raw operator secret.\n *\n * Uses a constant-time comparison so duplicate detection over key material does\n * not leak the position of the first differing byte through a timing side channel.\n */\nexport function wrappingKeysEqual(a: WrappingKey, b: WrappingKey): boolean {\n  return timingSafeEqual(\n    getWrappingKeyInternals(a).keyDigest,\n    getWrappingKeyInternals(b).keyDigest,\n  );\n}\n\nexport function getWrappingKeyMaterial(key: WrappingKey): WrappingKeyMaterial {\n  const keyInternals = getWrappingKeyInternals(key);\n  return {\n    aesKey: keyInternals.aesKey,\n    hmacKey: keyInternals.hmacKey,\n  };\n}\n\nfunction getWrappingKeyInternals(key: WrappingKey): WrappingKeyInternals {\n  const keyInternals = internals.get(key);\n  if (keyInternals === undefined) {\n    throw new Error(\"invalid wrapping key\");\n  }\n  return keyInternals;\n}\n","import { validateBrand } from \"../_kernel/brand.js\";\nimport { IdsError } from \"../../error.js\";\nimport { createWrappedLayoutOps } from \"./layout.js\";\nimport { registerBrand } from \"../_kernel/registry.js\";\nimport type {\n  Id,\n  JsonSchema,\n  ParseError,\n  ParseResult,\n  Prefix,\n  StandardSchemaProps,\n  ValidBrand,\n} from \"../../types.js\";\nimport { wireMethods } from \"../../wire/codec-shell.js\";\nimport {\n  assertValidKeyring,\n  decodeWrappingKey,\n  encodeWrappingKey,\n  getWrappingKeyMaterial,\n  importWrappingKey,\n  type WrappingKey,\n  type WrappingKeyFormat,\n  wrappingKeysEqual,\n} from \"./key.js\";\n\n/** {@link IdsError} class, {@link isIdsError} type guard, and {@link IdsErrorCode} union — re-exported from `\"@smonn/ids\"` for convenience. */\nexport { IdsError, isIdsError, type IdsErrorCode } from \"../../error.js\";\nexport {\n  decodeWrappingKey,\n  encodeWrappingKey,\n  importWrappingKey,\n  type WrappingKey,\n  type WrappingKeyFormat,\n};\n\n/**\n * Integer kind for a {@link WrappedKeyCodec}, fixed at construction time.\n *\n * - `\"u32\"` — unsigned 32-bit integer; JS type `number`, range `[0, 4 294 967 295]`.\n * - `\"i32\"` — signed 32-bit integer; JS type `number`, range `[-2 147 483 648, 2 147 483 647]`.\n * - `\"u64\"` — unsigned 64-bit integer; JS type `bigint`, range `[0n, 18 446 744 073 709 551 615n]`.\n * - `\"i64\"` — signed 64-bit integer; JS type `bigint`, range `[-9 223 372 036 854 775 808n, 9 223 372 036 854 775 807n]`.\n *\n * 32-bit kinds use safe JavaScript `number` values; 64-bit kinds always use `bigint`\n * even when the magnitude would fit in a `number`, preventing silent truncation or sign erasure.\n */\nexport type WrappedKind = \"u32\" | \"i32\" | \"u64\" | \"i64\";\n\ntype LookupKeyForKind<K extends WrappedKind> = K extends \"u32\" | \"i32\" ? number : bigint;\n\n/**\n * Result returned by {@link WrappedKeyCodec.safeUnwrap}.\n *\n * On success, `id` is the canonical {@link Id} and `lookupKey` is the recovered\n * integer (`number` for 32-bit kinds, `bigint` for 64-bit kinds).\n * On failure, `error` is a {@link ParseError} for structural problems or\n * `\"verification_failed\"` when the payload is structurally valid but the\n * verification tag does not match any entry in the wrapping keyring.\n */\nexport type UnwrapResult<Brand extends string, Kind extends WrappedKind> =\n  | { ok: true; id: Id<Brand>; lookupKey: LookupKeyForKind<Kind> }\n  | { ok: false; error: ParseError | \"verification_failed\" };\n\n/**\n * Codec returned by {@link createWrappedKeyId}.\n *\n * Wraps a caller-owned integer **lookup key** into a public {@link Id} and\n * recovers it on unwrap. The codec is deterministic under fixed key material:\n * the same lookup key always yields the same public ID (**equality leakage**).\n *\n * - `wrap` / `unwrap` / `safeUnwrap` are async (WebCrypto).\n * - `is`, `parse`, `safeParse`, and `toJsonSchema` are synchronous and require\n *   no key material — they validate prefix and base32 shape only.\n * - The `Kind` type parameter drives value types at the TypeScript boundary:\n *   `u32` / `i32` → `number`; `u64` / `i64` → `bigint`.\n *\n * @remarks\n * **Security properties (correctness-grade verification, not AEAD):**\n *\n * - The construction is deterministic — the same lookup key always yields the\n *   same public ID (**equality leakage**).\n * - The verification tag is a fixed **64-bit (8-byte) truncation** of a\n *   domain-separated HMAC over the brand, kind, and lookup key lane.\n * - False-accept rate is approximately `keyring_size / 2^64` per `unwrap`\n *   trial — correctness-grade verification, not AEAD-strength origin\n *   authentication.\n * - Consumers requiring full AEAD guarantees must use a different construction.\n */\nexport type WrappedKeyCodec<Brand extends string, Kind extends WrappedKind> = {\n  /**\n   * Wrap `lookupKey` into a public ID using the current (first) wrapping key.\n   *\n   * Throws if `lookupKey` is out of range or the wrong JS type for `Kind`.\n   */\n  wrap(lookupKey: LookupKeyForKind<Kind>): Promise<Id<Brand>>;\n  /**\n   * Verify the payload of a trusted `Id<Brand>` and return the lookup key.\n   *\n   * Throws `IdsError` with `code: \"verification_failed\"` if no entry in the\n   * wrapping keyring matches the payload tag. Use {@link safeUnwrap} for\n   * untrusted input.\n   */\n  unwrap(id: Id<Brand>): Promise<LookupKeyForKind<Kind>>;\n  /**\n   * Non-throwing path for untrusted input.\n   *\n   * Structurally parses `input` first (same rules as {@link safeParse}), then\n   * verifies the payload. Returns `{ ok: false, error }` on any failure —\n   * `ParseError` for structural problems or `\"verification_failed\"` for tag\n   * mismatch — without throwing. Tamper, wrong keyring, and revoked-key cases\n   * all surface as `\"verification_failed\"`.\n   */\n  safeUnwrap(input: unknown): Promise<UnwrapResult<Brand, Kind>>;\n  /** Strict type guard: `true` only for already-canonical `Id<Brand>` strings. */\n  is(value: unknown): value is Id<Brand>;\n  /** Normalise to canonical form, or throw on parse failure. */\n  parse(value: unknown): Id<Brand>;\n  /** Normalise to canonical form, or return `{ ok: false, error }`. */\n  safeParse(value: unknown): ParseResult<Brand>;\n  toJsonSchema(): JsonSchema;\n  readonly \"~standard\": StandardSchemaProps<Brand>;\n};\n\n/**\n * Construction options for {@link createWrappedKeyId}.\n */\nexport type WrappedKeyOptions<K extends WrappedKind> = {\n  /** Integer kind for the codec — fixed for the lifetime of the codec. Drives the JS value type (`number` for 32-bit, `bigint` for 64-bit). */\n  kind: K;\n  /** Non-empty ordered wrapping keyring. The first entry is current (used by `wrap`); all entries are tried on `unwrap`. Duplicate operator secrets are rejected at construction. */\n  keys: [WrappingKey, ...WrappingKey[]];\n  /** If true, silences the duplicate-brand warning in non-production environments. */\n  allowDuplicateBrand?: boolean;\n};\n\nconst u32Max = 0xffff_ffff;\nconst i32Min = -0x8000_0000;\nconst i32Max = 0x7fff_ffff;\nconst u64Max = 0xffff_ffff_ffff_ffffn;\nconst i64Min = -(1n << 63n);\nconst i64Max = (1n << 63n) - 1n;\n\nfunction assertSupportedKind(kind: WrappedKind): asserts kind is WrappedKind {\n  if (kind !== \"u32\" && kind !== \"i32\" && kind !== \"u64\" && kind !== \"i64\") {\n    throw new IdsError(\"invalid_kind\", \"invalid wrapped key kind: expected u32, i32, u64, or i64\");\n  }\n}\n\nfunction assertU32LookupKey(lookupKey: unknown): asserts lookupKey is number {\n  if (\n    typeof lookupKey !== \"number\" ||\n    !Number.isInteger(lookupKey) ||\n    Object.is(lookupKey, -0) ||\n    lookupKey < 0 ||\n    lookupKey > u32Max\n  ) {\n    throw new IdsError(\n      \"invalid_lookup_key\",\n      `invalid u32 lookup key: expected integer in [0, ${u32Max}], got ${lookupKey}`,\n    );\n  }\n}\n\nfunction assertI32LookupKey(lookupKey: unknown): asserts lookupKey is number {\n  if (\n    typeof lookupKey !== \"number\" ||\n    !Number.isInteger(lookupKey) ||\n    Object.is(lookupKey, -0) ||\n    lookupKey < i32Min ||\n    lookupKey > i32Max\n  ) {\n    throw new IdsError(\n      \"invalid_lookup_key\",\n      `invalid i32 lookup key: expected integer in [${i32Min}, ${i32Max}], got ${lookupKey}`,\n    );\n  }\n}\n\nfunction assertU64LookupKey(lookupKey: unknown): asserts lookupKey is bigint {\n  if (typeof lookupKey !== \"bigint\" || lookupKey < 0n || lookupKey > u64Max) {\n    throw new IdsError(\n      \"invalid_lookup_key\",\n      `invalid u64 lookup key: expected bigint in [0, ${u64Max}], got ${lookupKey}`,\n    );\n  }\n}\n\nfunction assertI64LookupKey(lookupKey: unknown): asserts lookupKey is bigint {\n  if (typeof lookupKey !== \"bigint\" || lookupKey < i64Min || lookupKey > i64Max) {\n    throw new IdsError(\n      \"invalid_lookup_key\",\n      `invalid i64 lookup key: expected bigint in [${i64Min}, ${i64Max}], got ${lookupKey}`,\n    );\n  }\n}\n\nfunction assertLookupKey<Kind extends WrappedKind>(\n  kind: Kind,\n  lookupKey: unknown,\n): asserts lookupKey is LookupKeyForKind<Kind> {\n  if (kind === \"i32\") {\n    assertI32LookupKey(lookupKey);\n    return;\n  }\n  if (kind === \"u64\") {\n    assertU64LookupKey(lookupKey);\n    return;\n  }\n  if (kind === \"i64\") {\n    assertI64LookupKey(lookupKey);\n    return;\n  }\n  assertU32LookupKey(lookupKey);\n}\n\n/**\n * Construct a {@link WrappedKeyCodec} for `brand` and the given `kind`.\n *\n * `opts.kind` fixes the integer type at construction time — one brand, one\n * kind. `opts.keys` is a non-empty ordered wrapping keyring: the first entry\n * is current (used by `wrap`); all entries are tried on `unwrap`; duplicate\n * operator secrets are rejected at construction.\n *\n * @example\n * ```ts\n * const key = await importWrappingKey(new Uint8Array(32));\n * const invoices = createWrappedKeyId(\"inv\", { kind: \"u32\", keys: [key] });\n *\n * const id = await invoices.wrap(42);      // Id<\"inv\">\n * await invoices.unwrap(id);               // 42\n * ```\n */\nexport function createWrappedKeyId<Brand extends string, Kind extends WrappedKind>(\n  brand: Brand & ValidBrand<Brand>,\n  opts: WrappedKeyOptions<Kind>,\n): WrappedKeyCodec<Brand, Kind> {\n  validateBrand(brand);\n  registerBrand(brand, opts.allowDuplicateBrand);\n  assertSupportedKind(opts.kind);\n  assertValidKeyring(opts.keys, wrappingKeysEqual, \"wrapping\");\n  const layoutKeys = opts.keys.map(getWrappingKeyMaterial);\n\n  const prefix: Prefix<Brand> = `${brand}_`;\n  const wire = wireMethods(prefix);\n  const layout = createWrappedLayoutOps(prefix, brand, opts.kind, layoutKeys);\n\n  return {\n    wrap: async (lookupKey) => {\n      assertLookupKey(opts.kind, lookupKey);\n      return layout.wrap(lookupKey);\n    },\n    unwrap: async (id) => {\n      const lookupKey = await layout.tryUnwrap(id);\n      if (lookupKey === null) {\n        throw new IdsError(\"verification_failed\", \"verification failed\");\n      }\n      return lookupKey;\n    },\n    safeUnwrap: async (input) => {\n      const parsed = wire.safeParse(input);\n      if (!parsed.ok) return parsed;\n      const lookupKey = await layout.tryUnwrap(parsed.id);\n      if (lookupKey === null) return { ok: false, error: \"verification_failed\" };\n      return { ok: true, id: parsed.id, lookupKey };\n    },\n    is: wire.is,\n    parse: wire.parse,\n    safeParse: wire.safeParse,\n    toJsonSchema: () => wire.toJsonSchema(brand, layout.exampleWireId()),\n    \"~standard\": wire[\"~standard\"],\n  };\n}\n"],"mappings":";;;;AAOA,MAAM,iBAAiB;AACvB,MAAM,gBAAgB;AAUtB,SAAS,aAAa,OAAe,MAAwB;CAC3D,KAAK,KAAK;CACV,KAAK,KAAK;CACV,KAAK,KAAK;CACV,KAAK,KAAK;CACV,KAAK,KAAM,UAAU,KAAM;CAC3B,KAAK,KAAM,UAAU,KAAM;CAC3B,KAAK,KAAM,UAAU,IAAK;CAC1B,KAAK,KAAK,QAAQ;AACpB;AAEA,SAAS,YAAY,MAAiC;CACpD,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KACrB,IAAI,KAAK,OAAO,GAAG,OAAO;CAE5B,QAAS,KAAK,MAAO,KAAO,KAAK,MAAO,KAAO,KAAK,MAAO,IAAK,KAAK,QAAS;AAChF;AAEA,SAAS,aAAa,OAAe,MAAwB;CAC3D,KAAK,KAAK,QAAQ,IAAI,MAAO,GAAM,GAAG,CAAC;CACvC,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,SAAS,GAAG,OAAO,KAAK;AACtF;AAEA,SAAS,YAAY,MAAiC;CACpD,MAAM,iBAAiB,KAAK,KAAM,SAAU,IAAI,IAAO;CACvD,KAAK,IAAI,IAAI,GAAG,IAAI,GAAG,KACrB,IAAI,KAAK,OAAO,eAAe,OAAO;CAExC,OAAO,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,SAAS,GAAG,KAAK;AACtF;AAEA,SAAS,aAAa,OAAe,MAAwB;CAC3D,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,aAAa,GAAG,OAAO,KAAK;AAC1F;AAEA,SAAS,YAAY,MAA0B;CAC7C,OAAO,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,aAAa,GAAG,KAAK;AAC1F;AAEA,SAAS,aAAa,OAAe,MAAwB;CAC3D,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,YAAY,GAAG,OAAO,KAAK;AACzF;AAEA,SAAS,YAAY,MAA0B;CAC7C,OAAO,IAAI,SAAS,KAAK,QAAQ,KAAK,YAAY,KAAK,UAAU,CAAC,CAAC,YAAY,GAAG,KAAK;AACzF;AAEA,SAAS,UACP,MACA,OACA,MACM;CACN,IAAI,SAAS,OAAO;EAClB,aAAa,OAAiB,IAAI;EAClC;CACF;CACA,IAAI,SAAS,OAAO;EAClB,aAAa,OAAiB,IAAI;EAClC;CACF;CACA,IAAI,SAAS,OAAO;EAClB,aAAa,OAAiB,IAAI;EAClC;CACF;CACA,aAAa,OAAiB,IAAI;AACpC;AAEA,SAAS,SACP,MACA,MAC2B;CAC3B,IAAI,SAAS,OAAO,OAAO,YAAY,IAAI;CAC3C,IAAI,SAAS,OAAO,OAAO,YAAY,IAAI;CAE3C,OADc,SAAS,QAAQ,YAAY,IAAI,IAAI,YAAY,IAAI;AAErE;AAiBA,SAAS,0BAA0B,OAAe,MAA8C;CAC9F,MAAM,UAAU,IAAI,YAAY;CAChC,MAAM,aAAa,QAAQ,OAAO,KAAK;CACvC,MAAM,YAAY,QAAQ,OAAO,IAAI;CACrC,MAAM,aAAa,IAAI,WAAW,SAAS,IAAI,UAAU;CACzD,MAAM,SAAS,IAAI,WAAW,aAAa,cAAc;CACzD,IAAI,SAAS;CACb,WAAW,WAAW,QAAQ,QAAQ,MAAM;CAC5C,UAAU;CACV,OAAO,IAAI,YAAY,MAAM;CAC7B,UAAU,WAAW;CACrB,WAAW,UAAU,QAAQ,QAAQ,MAAM;CAC3C,UAAU;CACV,OAAO,IAAI,WAAW,MAAM;CAC5B,OAAO;EAAE;EAAQ;CAAW;AAC9B;;AAGA,SAAS,YAAY,UAA+B,MAA8B;CAChF,MAAM,UAAU,SAAS,OAAO,MAAM;CACtC,QAAQ,IAAI,MAAM,SAAS,UAAU;CACrC,OAAO;AACT;AAEA,eAAe,WACb,KACA,UACA,MACqB;CAQrB,OAAO,IAPe,WACpB,MAAM,OAAO,OAAO,KAClB,QACA,IAAI,SACJ,YAAY,UAAU,IAAI,CAC5B,CAEa,CAAC,CAAC,SAAS,GAAG,aAAa;AAC5C;AAEA,SAAS,eAAe,MAAkB,KAA6B;CACrE,MAAM,4BAAY,IAAI,WAAA,EAA4B;CAClD,UAAU,IAAI,MAAM,CAAC;CACrB,UAAU,IAAI,KAAK,cAAc;CACjC,OAAO;AACT;AAEA,eAAe,cACb,QACA,UACA,KACA,MACA,WACoB;CACpB,MAAM,OAAO,IAAI,WAAW,cAAc;CAC1C,UAAU,MAAM,WAAW,IAAI;CAC/B,MAAM,MAAM,MAAM,WAAW,KAAK,UAAU,IAAI;CAEhD,OAAO,SAAS,QAAQ,MADA,eAAe,IAAI,QAAQ,eAAe,MAAM,GAAG,CAAC,CAC3C;AACnC;AAEA,eAAe,mBACb,QACA,UACA,KACA,MACA,IACuC;CACvC,MAAM,YAAY,MAAM,eAAe,IAAI,QAAQ,mBAAmB,QAAQ,EAAE,CAAC;CACjF,MAAM,OAAO,UAAU,SAAS,GAAG,cAAc;CAGjD,IAAI,CAAC,gBAFO,UAAU,SAAS,gBAAA,EAER,GAAG,MADH,WAAW,KAAK,UAAU,IAAI,CACnB,GAAG,OAAO;CAC5C,OAAO,SAAS,MAAM,IAAI;AAC5B;AAEA,SAAS,cAAoC,QAA+B;CAC1E,OAAO,SAAS,IAAI,OAAO,mBAAmB;AAChD;AAEA,SAAgB,uBACd,QACA,OACA,MACA,MAIA;CACA,MAAM,UAAU,KAAK;CAGrB,MAAM,WAAW,0BAA0B,OAAO,IAAI;CACtD,OAAO;EACL,OAAO,cACL,cAAc,QAAQ,UAAU,SAAS,MAAM,SAAS;EAC1D,WAAW,OAAO,OAAyD;GACzE,KAAK,MAAM,OAAO,MAAM;IACtB,MAAM,YAAY,MAAM,mBAAmB,QAAQ,UAAU,KAAK,MAAM,EAAE;IAC1E,IAAI,cAAc,MAAM,OAAO;GACjC;GACA,OAAO;EACT;EACA,gBAAgB,QAA4B,cAAc,MAAM;CAClE;AACF;;;ACxMA,MAAM,UAAU,IAAI,YAAY,CAAC,CAAC,OAAO,wBAAwB;AACjE,MAAM,WAAW,IAAI,YAAY,CAAC,CAAC,OAAO,yBAAyB;AA6BnE,MAAM,4BAAY,IAAI,QAA2C;;;;;;;;;;;AAYjE,eAAsB,kBAAkB,OAAyC;CAC/E,iCAAiC,MAAM,QAAQ,UAAU;CACzD,MAAM,CAAC,QAAQ,SAAS,gBAAgB,MAAM,QAAQ,IAAI;EACxD,UAAU,OAAO,SAAS;GAAE,MAAM;GAAW,QAAQ;EAAI,GAAG,CAAC,WAAW,SAAS,CAAC;EAClF,UAAU,OAAO,UAAU;GAAE,MAAM;GAAQ,MAAM;GAAW,QAAQ;EAAI,GAAG,CAAC,QAAQ,QAAQ,CAAC;EAC7F,OAAO,OAAO,OAAO,WAAW,KAAgC;CAClE,CAAC;CACD,MAAM,MAAM,OAAO,OAAO,CAAC,CAAC;CAC5B,UAAU,IAAI,KAAK;EACjB,WAAW,IAAI,WAAW,YAAY;EACtC;EACA;CACF,CAAC;CACD,OAAO;AACT;;;;;;;AAQA,SAAgB,kBAAkB,OAAmB,QAAmC;CACtF,OAAO,kBAAkB,OAAO,QAAQ,YAAY,UAAU;AAChE;;;;;;AAOA,SAAgB,kBAAkB,SAAiB,QAAuC;CACxF,OAAO,kBAAkB,SAAS,QAAQ,YAAY,UAAU;AAClE;;;;;;;AAQA,SAAgB,kBAAkB,GAAgB,GAAyB;CACzE,OAAO,gBACL,wBAAwB,CAAC,CAAC,CAAC,WAC3B,wBAAwB,CAAC,CAAC,CAAC,SAC7B;AACF;AAEA,SAAgB,uBAAuB,KAAuC;CAC5E,MAAM,eAAe,wBAAwB,GAAG;CAChD,OAAO;EACL,QAAQ,aAAa;EACrB,SAAS,aAAa;CACxB;AACF;AAEA,SAAS,wBAAwB,KAAwC;CACvE,MAAM,eAAe,UAAU,IAAI,GAAG;CACtC,IAAI,iBAAiB,KAAA,GACnB,MAAM,IAAI,MAAM,sBAAsB;CAExC,OAAO;AACT;;;ACiBA,MAAM,SAAS;AACf,MAAM,SAAS;AACf,MAAM,SAAS;AACf,MAAM,SAAS;AACf,MAAM,SAAS,EAAE,MAAM;AACvB,MAAM,UAAU,MAAM,OAAO;AAE7B,SAAS,oBAAoB,MAAgD;CAC3E,IAAI,SAAS,SAAS,SAAS,SAAS,SAAS,SAAS,SAAS,OACjE,MAAM,IAAI,SAAS,gBAAgB,0DAA0D;AAEjG;AAEA,SAAS,mBAAmB,WAAiD;CAC3E,IACE,OAAO,cAAc,YACrB,CAAC,OAAO,UAAU,SAAS,KAC3B,OAAO,GAAG,WAAW,EAAE,KACvB,YAAY,KACZ,YAAY,QAEZ,MAAM,IAAI,SACR,sBACA,mDAAmD,OAAO,SAAS,WACrE;AAEJ;AAEA,SAAS,mBAAmB,WAAiD;CAC3E,IACE,OAAO,cAAc,YACrB,CAAC,OAAO,UAAU,SAAS,KAC3B,OAAO,GAAG,WAAW,EAAE,KACvB,YAAY,UACZ,YAAY,QAEZ,MAAM,IAAI,SACR,sBACA,gDAAgD,OAAO,IAAI,OAAO,SAAS,WAC7E;AAEJ;AAEA,SAAS,mBAAmB,WAAiD;CAC3E,IAAI,OAAO,cAAc,YAAY,YAAY,MAAM,YAAY,QACjE,MAAM,IAAI,SACR,sBACA,kDAAkD,OAAO,SAAS,WACpE;AAEJ;AAEA,SAAS,mBAAmB,WAAiD;CAC3E,IAAI,OAAO,cAAc,YAAY,YAAY,UAAU,YAAY,QACrE,MAAM,IAAI,SACR,sBACA,+CAA+C,OAAO,IAAI,OAAO,SAAS,WAC5E;AAEJ;AAEA,SAAS,gBACP,MACA,WAC6C;CAC7C,IAAI,SAAS,OAAO;EAClB,mBAAmB,SAAS;EAC5B;CACF;CACA,IAAI,SAAS,OAAO;EAClB,mBAAmB,SAAS;EAC5B;CACF;CACA,IAAI,SAAS,OAAO;EAClB,mBAAmB,SAAS;EAC5B;CACF;CACA,mBAAmB,SAAS;AAC9B;;;;;;;;;;;;;;;;;;AAmBA,SAAgB,mBACd,OACA,MAC8B;CAC9B,cAAc,KAAK;CACnB,cAAc,OAAO,KAAK,mBAAmB;CAC7C,oBAAoB,KAAK,IAAI;CAC7B,mBAAmB,KAAK,MAAM,mBAAmB,UAAU;CAC3D,MAAM,aAAa,KAAK,KAAK,IAAI,sBAAsB;CAEvD,MAAM,SAAwB,GAAG,MAAM;CACvC,MAAM,OAAO,YAAY,MAAM;CAC/B,MAAM,SAAS,uBAAuB,QAAQ,OAAO,KAAK,MAAM,UAAU;CAE1E,OAAO;EACL,MAAM,OAAO,cAAc;GACzB,gBAAgB,KAAK,MAAM,SAAS;GACpC,OAAO,OAAO,KAAK,SAAS;EAC9B;EACA,QAAQ,OAAO,OAAO;GACpB,MAAM,YAAY,MAAM,OAAO,UAAU,EAAE;GAC3C,IAAI,cAAc,MAChB,MAAM,IAAI,SAAS,uBAAuB,qBAAqB;GAEjE,OAAO;EACT;EACA,YAAY,OAAO,UAAU;GAC3B,MAAM,SAAS,KAAK,UAAU,KAAK;GACnC,IAAI,CAAC,OAAO,IAAI,OAAO;GACvB,MAAM,YAAY,MAAM,OAAO,UAAU,OAAO,EAAE;GAClD,IAAI,cAAc,MAAM,OAAO;IAAE,IAAI;IAAO,OAAO;GAAsB;GACzE,OAAO;IAAE,IAAI;IAAM,IAAI,OAAO;IAAI;GAAU;EAC9C;EACA,IAAI,KAAK;EACT,OAAO,KAAK;EACZ,WAAW,KAAK;EAChB,oBAAoB,KAAK,aAAa,OAAO,OAAO,cAAc,CAAC;EACnE,aAAa,KAAK;CACpB;AACF"}