@syncular/client-plugin-encryption 0.0.1-100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/crypto-utils.d.ts +7 -0
  2. package/dist/crypto-utils.d.ts.map +1 -0
  3. package/dist/crypto-utils.js +110 -0
  4. package/dist/crypto-utils.js.map +1 -0
  5. package/dist/index.d.ts +78 -0
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +639 -0
  8. package/dist/index.js.map +1 -0
  9. package/dist/key-sharing.d.ts +124 -0
  10. package/dist/key-sharing.d.ts.map +1 -0
  11. package/dist/key-sharing.js +332 -0
  12. package/dist/key-sharing.js.map +1 -0
  13. package/package.json +65 -0
  14. package/src/__tests__/field-encryption-keys.test.ts +68 -0
  15. package/src/__tests__/key-sharing.test.ts +225 -0
  16. package/src/__tests__/refresh-encrypted-fields.test.ts +182 -0
  17. package/src/__tests__/scope-resolution.test.ts +202 -0
  18. package/src/crypto-utils.test.ts +84 -0
  19. package/src/crypto-utils.ts +125 -0
  20. package/src/index.ts +939 -0
  21. package/src/key-sharing.ts +469 -0
package/dist/crypto-utils.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ export declare function randomBytes(length: number): Uint8Array;
2
+ export declare function bytesToBase64(bytes: Uint8Array): string;
3
+ export declare function base64ToBytes(base64: string): Uint8Array;
4
+ export declare function bytesToBase64Url(bytes: Uint8Array): string;
5
+ export declare function base64UrlToBytes(base64url: string): Uint8Array;
6
+ export declare function hexToBytes(hex: string): Uint8Array;
7
+ //# sourceMappingURL=crypto-utils.d.ts.map
package/dist/crypto-utils.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"crypto-utils.d.ts","sourceRoot":"","sources":["../src/crypto-utils.ts"],"names":[],"mappings":"AAYA,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAWtD;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAqCvD;AAED,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CA8BxD;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAK1D;AAED,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAO9D;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAYlD"}
package/dist/crypto-utils.js ADDED
@@ -0,0 +1,110 @@
1
+ const BASE64_CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
2
+ const BASE64_LOOKUP = new Uint8Array(256);
3
+ for (let i = 0; i < BASE64_CHARS.length; i++) {
4
+ BASE64_LOOKUP[BASE64_CHARS.charCodeAt(i)] = i;
5
+ }
6
+ const BASE64_PATTERN = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
7
+ const BASE64_URL_PATTERN = /^[A-Za-z0-9_-]*$/;
8
+ export function randomBytes(length) {
9
+ const cryptoObj = globalThis.crypto;
10
+ if (!cryptoObj?.getRandomValues) {
11
+ throw new Error('Secure random generator is not available (crypto.getRandomValues). ' +
12
+ 'Ensure you are running in a secure context or polyfill crypto.');
13
+ }
14
+ const out = new Uint8Array(length);
15
+ cryptoObj.getRandomValues(out);
16
+ return out;
17
+ }
18
+ export function bytesToBase64(bytes) {
19
+ if (typeof Buffer !== 'undefined') {
20
+ return Buffer.from(bytes).toString('base64');
21
+ }
22
+ let result = '';
23
+ const len = bytes.length;
24
+ const remainder = len % 3;
25
+ for (let i = 0; i < len - remainder; i += 3) {
26
+ const a = bytes[i];
27
+ const b = bytes[i + 1];
28
+ const c = bytes[i + 2];
29
+ result +=
30
+ BASE64_CHARS.charAt((a >> 2) & 0x3f) +
31
+ BASE64_CHARS.charAt(((a << 4) | (b >> 4)) & 0x3f) +
32
+ BASE64_CHARS.charAt(((b << 2) | (c >> 6)) & 0x3f) +
33
+ BASE64_CHARS.charAt(c & 0x3f);
34
+ }
35
+ if (remainder === 1) {
36
+ const a = bytes[len - 1];
37
+ result +=
38
+ BASE64_CHARS.charAt((a >> 2) & 0x3f) +
39
+ BASE64_CHARS.charAt((a << 4) & 0x3f) +
40
+ '==';
41
+ }
42
+ else if (remainder === 2) {
43
+ const a = bytes[len - 2];
44
+ const b = bytes[len - 1];
45
+ result +=
46
+ BASE64_CHARS.charAt((a >> 2) & 0x3f) +
47
+ BASE64_CHARS.charAt(((a << 4) | (b >> 4)) & 0x3f) +
48
+ BASE64_CHARS.charAt((b << 2) & 0x3f) +
49
+ '=';
50
+ }
51
+ return result;
52
+ }
53
+ export function base64ToBytes(base64) {
54
+ if (!BASE64_PATTERN.test(base64)) {
55
+ throw new Error('Invalid base64 string');
56
+ }
57
+ if (typeof Buffer !== 'undefined') {
58
+ return new Uint8Array(Buffer.from(base64, 'base64'));
59
+ }
60
+ const len = base64.length;
61
+ let padding = 0;
62
+ if (base64[len - 1] === '=')
63
+ padding++;
64
+ if (base64[len - 2] === '=')
65
+ padding++;
66
+ const outputLen = (len * 3) / 4 - padding;
67
+ const out = new Uint8Array(outputLen);
68
+ let outIdx = 0;
69
+ for (let i = 0; i < len; i += 4) {
70
+ const a = BASE64_LOOKUP[base64.charCodeAt(i)];
71
+ const b = BASE64_LOOKUP[base64.charCodeAt(i + 1)];
72
+ const c = BASE64_LOOKUP[base64.charCodeAt(i + 2)];
73
+ const d = BASE64_LOOKUP[base64.charCodeAt(i + 3)];
74
+ out[outIdx++] = (a << 2) | (b >> 4);
75
+ if (outIdx < outputLen)
76
+ out[outIdx++] = ((b << 4) | (c >> 2)) & 0xff;
77
+ if (outIdx < outputLen)
78
+ out[outIdx++] = ((c << 6) | d) & 0xff;
79
+ }
80
+ return out;
81
+ }
82
+ export function bytesToBase64Url(bytes) {
83
+ return bytesToBase64(bytes)
84
+ .replace(/\+/g, '-')
85
+ .replace(/\//g, '_')
86
+ .replace(/=+$/g, '');
87
+ }
88
+ export function base64UrlToBytes(base64url) {
89
+ if (!BASE64_URL_PATTERN.test(base64url)) {
90
+ throw new Error('Invalid base64url string');
91
+ }
92
+ const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
93
+ const padded = base64 + '==='.slice((base64.length + 3) % 4);
94
+ return base64ToBytes(padded);
95
+ }
96
+ export function hexToBytes(hex) {
97
+ const normalized = hex.trim().toLowerCase();
98
+ if (normalized.length % 2 !== 0) {
99
+ throw new Error('Invalid hex string (length must be even)');
100
+ }
101
+ const out = new Uint8Array(normalized.length / 2);
102
+ for (let i = 0; i < out.length; i++) {
103
+ const byte = Number.parseInt(normalized.slice(i * 2, i * 2 + 2), 16);
104
+ if (!Number.isFinite(byte))
105
+ throw new Error('Invalid hex string');
106
+ out[i] = byte;
107
+ }
108
+ return out;
109
+ }
110
+ //# sourceMappingURL=crypto-utils.js.map
package/dist/crypto-utils.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"crypto-utils.js","sourceRoot":"","sources":["../src/crypto-utils.ts"],"names":[],"mappings":"AAAA,MAAM,YAAY,GAChB,kEAAkE,CAAC;AACrE,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;IAC7C,aAAa,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,cAAc,GAClB,kEAAkE,CAAC;AACrE,MAAM,kBAAkB,GAAG,kBAAkB,CAAC;AAE9C,MAAM,UAAU,WAAW,CAAC,MAAc,EAAc;IACtD,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC;IACpC,IAAI,CAAC,SAAS,EAAE,eAAe,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,qEAAqE;YACnE,gEAAgE,CACnE,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC/B,OAAO,GAAG,CAAC;AAAA,CACZ;AAED,MAAM,UAAU,aAAa,CAAC,KAAiB,EAAU;IACvD,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,CAAC;IAE1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,GAAG,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QACxB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QACxB,MAAM;YACJ,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;gBACpC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;gBACjD,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;gBACjD,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAE,CAAC;QAC1B,MAAM;YACJ,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;gBACpC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;gBACpC,IAAI,CAAC;IACT,CAAC;SAAM,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAE,CAAC;QAC1B,MAAM;YACJ,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;gBACpC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;gBACjD,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;gBACpC,GAAG,CAAC;IACR,CAAC;IAED,OAAO,MAAM,CAAC;AAAA,CACf;AAED,MAAM,UAAU,aAAa,CAAC,MAAc,EAAc;IACxD,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;IAC1B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,CAAC;IAEvC,MAAM,SAAS,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IAEtC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAE,CAAC;QAC/C,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;QACnD,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;QACnD,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;QAEnD,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACpC,IAAI,MAAM,GAAG,SAAS;YAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QACrE,IAAI,MAAM,GAAG,SAAS;YAAE,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAChE,CAAC;IAED,OAAO,GAAG,CAAC;AAAA,CACZ;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAiB,EAAU;IAC1D,OAAO,aAAa,CAAC,KAAK,CAAC;SACxB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAAA,CACxB;AAED,MAAM,UAAU,gBAAgB,CAAC,SAAiB,EAAc;IAC9D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,OAAO,aAAa,CAAC,MAAM,CAAC,CAAC;AAAA,CAC9B;AAED,MAAM,UAAU,UAAU,CAAC,GAAW,EAAc;IAClD,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAClD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAClE,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AAAA,CACZ"}
package/dist/index.d.ts ADDED
@@ -0,0 +1,78 @@
1
+ import type { SyncClientDb, SyncClientPlugin, SyncClientPluginContext, SyncEngine } from '@syncular/client';
2
+ import { type Kysely } from 'kysely';
3
+ export * from './key-sharing';
4
+ type FieldDecryptionErrorMode = 'throw' | 'keepCiphertext';
5
+ interface FieldEncryptionRule {
6
+ scope: string;
7
+ /**
8
+ * Optional table selector. Strongly recommended for correctness:
9
+ * - Push/incremental changes have a table name.
10
+ * - Snapshot rows often do not; if omitted, the plugin must be able to infer it.
11
+ */
12
+ table?: string;
13
+ /** Column names to encrypt/decrypt */
14
+ fields: string[];
15
+ /**
16
+ * Row id column in snapshot row objects (defaults to "id").
17
+ * Push/incremental changes use the protocol `row_id` and ignore this.
18
+ */
19
+ rowIdField?: string;
20
+ }
21
+ export interface FieldEncryptionKeys {
22
+ /**
23
+ * Resolve a 32-byte symmetric key for a given key id.
24
+ * Throws (or rejects) when the key is unavailable.
25
+ */
26
+ getKey: (kid: string) => Uint8Array | Promise<Uint8Array>;
27
+ /**
28
+ * Select which key id to use when encrypting new values.
29
+ * Defaults to "default".
30
+ */
31
+ getEncryptionKid?: (ctx: SyncClientPluginContext, args: {
32
+ scope: string;
33
+ table: string;
34
+ rowId: string;
35
+ field: string;
36
+ }) => string | Promise<string>;
37
+ }
38
+ interface FieldEncryptionPluginOptions {
39
+ name?: string;
40
+ rules: FieldEncryptionRule[];
41
+ keys: FieldEncryptionKeys;
42
+ /**
43
+ * Controls what happens when ciphertext is present but decryption fails
44
+ * (unknown key, bad AAD, corrupted data).
45
+ */
46
+ decryptionErrorMode?: FieldDecryptionErrorMode;
47
+ /**
48
+ * Envelope prefix written into the DB. Changing this breaks decryption
49
+ * for existing rows.
50
+ */
51
+ envelopePrefix?: string;
52
+ }
53
+ interface RefreshEncryptedFieldsTarget {
54
+ scope: string;
55
+ table: string;
56
+ fields?: string[];
57
+ }
58
+ export interface RefreshEncryptedFieldsResult {
59
+ tablesProcessed: number;
60
+ rowsScanned: number;
61
+ rowsUpdated: number;
62
+ fieldsUpdated: number;
63
+ }
64
+ export interface FieldEncryptionPluginRefreshRequest<DB extends SyncClientDb = SyncClientDb> {
65
+ db: Kysely<DB>;
66
+ engine?: Pick<SyncEngine<DB>, 'recordLocalMutations'>;
67
+ targets?: RefreshEncryptedFieldsTarget[];
68
+ ctx?: Partial<SyncClientPluginContext>;
69
+ }
70
+ export interface FieldEncryptionPlugin extends SyncClientPlugin {
71
+ refreshEncryptedFields: <DB extends SyncClientDb = SyncClientDb>(options: FieldEncryptionPluginRefreshRequest<DB>) => Promise<RefreshEncryptedFieldsResult>;
72
+ }
73
+ export declare function createStaticFieldEncryptionKeys(args: {
74
+ keys: Record<string, Uint8Array | string>;
75
+ encryptionKid?: string;
76
+ }): FieldEncryptionKeys;
77
+ export declare function createFieldEncryptionPlugin(pluginOptions: FieldEncryptionPluginOptions): FieldEncryptionPlugin;
78
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,EACvB,UAAU,EACX,MAAM,kBAAkB,CAAC;AAQ1B,OAAO,EAAE,KAAK,MAAM,EAAO,MAAM,QAAQ,CAAC;AAU1C,cAAc,eAAe,CAAC;AAI9B,KAAK,wBAAwB,GAAG,OAAO,GAAG,gBAAgB,CAAC;AAE3D,UAAU,mBAAmB;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAC1D;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CACjB,GAAG,EAAE,uBAAuB,EAC5B,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,KACjE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,4BAA4B;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,mBAAmB,EAAE,CAAC;IAC7B,IAAI,EAAE,mBAAmB,CAAC;IAC1B;;;OAGG;IACH,mBAAmB,CAAC,EAAE,wBAAwB,CAAC;IAC/C;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,UAAU,4BAA4B;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;CACvB;AAeD,MAAM,WAAW,mCAAmC,CAClD,EAAE,SAAS,YAAY,GAAG,YAAY;IAEtC,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,MAAM,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,sBAAsB,CAAC,CAAC;IACtD,OAAO,CAAC,EAAE,4BAA4B,EAAE,CAAC;IACzC,GAAG,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,sBAAsB,EAAE,CAAC,EAAE,SAAS,YAAY,GAAG,YAAY,EAC7D,OAAO,EAAE,mCAAmC,CAAC,EAAE,CAAC,KAC7C,OAAO,CAAC,4BAA4B,CAAC,CAAC;CAC5C;AA0BD,wBAAgB,+BAA+B,CAAC,IAAI,EAAE;IACpD,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAAC,CAAC;IAC1C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,mBAAmB,CAsBtB;AAqjBD,wBAAgB,2BAA2B,CACzC,aAAa,EAAE,4BAA4B,GAC1C,qBAAqB,CA0MvB"}