@terminals-tech/agent-zero 1.0.0

package/dist/security/skillVerify.js

@@ -0,0 +1,220 @@
+import { createHash, generateKeyPairSync, sign, verify } from 'node:crypto';
+import { readFile, readdir, stat } from 'node:fs/promises';
+import { join, relative } from 'node:path';
+import { z } from 'zod';
+// ============================================================================
+// SCHEMAS
+// ============================================================================
+const FileHashSchema = z.object({
+    path: z.string(),
+    sha256: z.string().regex(/^[a-f0-9]{64}$/)
+});
+export const SkillManifestSchema = z.object({
+    name: z.string(),
+    version: z.string(),
+    files: z.array(FileHashSchema),
+    timestamp: z.number(),
+    publicKey: z.string()
+});
+export const SignedManifestSchema = SkillManifestSchema.extend({
+    signature: z.string()
+});
+// ============================================================================
+// KEYPAIR GENERATION
+// ============================================================================
+/**
+ * Generate Ed25519 keypair for skill signing
+ */
+export function generateSigningKeyPair() {
+    const { publicKey, privateKey } = generateKeyPairSync('ed25519', {
+        publicKeyEncoding: { type: 'spki', format: 'pem' },
+        privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    });
+    return { publicKey, privateKey };
+}
+// ============================================================================
+// FILE HASHING
+// ============================================================================
+/**
+ * Compute SHA256 hash of file contents
+ */
+export async function hashFile(filePath) {
+    const contents = await readFile(filePath);
+    return createHash('sha256').update(contents).digest('hex');
+}
+/**
+ * Walk directory recursively and collect file paths
+ */
+async function walkDirectory(dir, baseDir = dir) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    const files = [];
+    for (const entry of entries) {
+        const fullPath = join(dir, entry.name);
+        if (entry.isDirectory()) {
+            // Skip node_modules, .git, etc.
+            if (['node_modules', '.git', 'dist', 'build'].includes(entry.name)) {
+                continue;
+            }
+            files.push(...(await walkDirectory(fullPath, baseDir)));
+        }
+        else if (entry.isFile()) {
+            files.push(relative(baseDir, fullPath));
+        }
+    }
+    return files.sort(); // Deterministic ordering
+}
+// ============================================================================
+// MANIFEST CREATION
+// ============================================================================
+/**
+ * Create skill manifest by hashing all files in directory
+ */
+export async function createManifest(skillDir, name, version) {
+    const filePaths = await walkDirectory(skillDir);
+    const files = [];
+    for (const relPath of filePaths) {
+        const fullPath = join(skillDir, relPath);
+        const sha256 = await hashFile(fullPath);
+        files.push({ path: relPath, sha256 });
+    }
+    // Configure via SKILL_VERIFY_PUBLIC_KEY env var or pass to constructor
+    return {
+        name,
+        version,
+        files,
+        timestamp: Date.now(),
+        publicKey: process.env['SKILL_VERIFY_PUBLIC_KEY'] ?? ''
+    };
+}
+// ============================================================================
+// SIGNING & VERIFICATION
+// ============================================================================
+/**
+ * Compute deterministic hash chain from manifest files
+ */
+function computeManifestHash(manifest) {
+    // Concatenate all file hashes in order
+    const hashChain = manifest.files
+        .map(f => f.sha256)
+        .join('');
+    // Add metadata
+    const payload = JSON.stringify({
+        name: manifest.name,
+        version: manifest.version,
+        timestamp: manifest.timestamp,
+        publicKey: manifest.publicKey,
+        hashChain
+    });
+    return Buffer.from(payload, 'utf8');
+}
+/**
+ * Sign manifest with Ed25519 private key
+ */
+export function signManifest(manifest, privateKey) {
+    // Set public key from private key if not already set
+    if (!manifest.publicKey) {
+        const { publicKey } = generateKeyPairSync('ed25519', {
+            publicKeyEncoding: { type: 'spki', format: 'pem' },
+            privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+        });
+        manifest.publicKey = publicKey;
+    }
+    const payload = computeManifestHash(manifest);
+    const signature = sign(null, payload, privateKey);
+    return {
+        ...manifest,
+        signature: signature.toString('base64')
+    };
+}
+/**
+ * Verify manifest signature using embedded public key
+ */
+export function verifyManifest(signed) {
+    try {
+        // Validate schema
+        SignedManifestSchema.parse(signed);
+        const payload = computeManifestHash(signed);
+        const signature = Buffer.from(signed.signature, 'base64');
+        return verify(null, payload, signed.publicKey, signature);
+    }
+    catch (error) {
+        return false;
+    }
+}
+// ============================================================================
+// INTEGRITY VERIFICATION
+// ============================================================================
+/**
+ * Verify skill directory matches signed manifest
+ * Returns list of tampered files (empty if valid)
+ */
+export async function verifySkillIntegrity(skillDir, signed) {
+    // First verify signature
+    if (!verifyManifest(signed)) {
+        return { valid: false, tamperedFiles: ['__SIGNATURE_INVALID__'] };
+    }
+    const tamperedFiles = [];
+    // Re-hash all files and compare to manifest
+    for (const fileEntry of signed.files) {
+        const fullPath = join(skillDir, fileEntry.path);
+        try {
+            const currentHash = await hashFile(fullPath);
+            if (currentHash !== fileEntry.sha256) {
+                tamperedFiles.push(fileEntry.path);
+            }
+        }
+        catch (error) {
+            // File missing or unreadable
+            tamperedFiles.push(fileEntry.path);
+        }
+    }
+    // Check for unexpected files
+    const currentFiles = await walkDirectory(skillDir);
+    const manifestPaths = new Set(signed.files.map(f => f.path));
+    for (const filePath of currentFiles) {
+        if (!manifestPaths.has(filePath)) {
+            tamperedFiles.push(`__EXTRA__:${filePath}`);
+        }
+    }
+    return {
+        valid: tamperedFiles.length === 0,
+        tamperedFiles
+    };
+}
+// ============================================================================
+// UTILITY
+// ============================================================================
+/**
+ * Load and parse signed manifest from JSON file
+ */
+export async function loadSignedManifest(manifestPath) {
+    const contents = await readFile(manifestPath, 'utf8');
+    const parsed = JSON.parse(contents);
+    return SignedManifestSchema.parse(parsed);
+}
+/**
+ * Check if skill directory has been modified since signing
+ * Useful for hot-reload scenarios
+ */
+export async function needsReVerification(skillDir, signed) {
+    // Quick check: compare file count first
+    const currentFiles = await walkDirectory(skillDir);
+    if (currentFiles.length !== signed.files.length) {
+        return true;
+    }
+    // Check modification times (heuristic - not cryptographically secure)
+    for (const fileEntry of signed.files) {
+        const fullPath = join(skillDir, fileEntry.path);
+        try {
+            const stats = await stat(fullPath);
+            if (stats.mtimeMs > signed.timestamp) {
+                return true;
+            }
+        }
+        catch {
+            return true; // File missing
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=skillVerify.js.map

package/dist/security/skillVerify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skillVerify.js","sourceRoot":"","sources":["../../src/security/skillVerify.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC5E,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,MAAM,CAAC;IAC7D,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAMH,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE;QAC/D,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;QAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;KACrD,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC;AAED,+EAA+E;AAC/E,eAAe;AACf,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,QAAgB;IAC7C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,GAAW,EAAE,UAAkB,GAAG;IAC7D,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,gCAAgC;YAChC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnE,SAAS;YACX,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,yBAAyB;AAChD,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,IAAY,EACZ,OAAe;IAEf,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,uEAAuE;IACvE,OAAO;QACL,IAAI;QACJ,OAAO;QACP,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,IAAI,EAAE;KACxD,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,mBAAmB,CAAC,QAAuB;IAClD,uCAAuC;IACvC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK;SAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;SAClB,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,eAAe;IACf,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAuB,EAAE,UAAkB;IACtE,qDAAqD;IACrD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QACxB,MAAM,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,EAAE;YACnD,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE;YAClD,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE;SACrD,CAAC,CAAC;QACH,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;IACjC,CAAC;IAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAElD,OAAO;QACL,GAAG,QAAQ;QACX,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACxC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,IAAI,CAAC;QACH,kBAAkB;QAClB,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEnC,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAE1D,OAAO,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,MAAsB;IAEtB,yBAAyB;IACzB,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC;IACpE,CAAC;IAED,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,4CAA4C;IAC5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAEhD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC7C,IAAI,WAAW,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;gBACrC,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,6BAA6B;YAC7B,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE7D,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;QACpC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,aAAa,CAAC,IAAI,CAAC,aAAa,QAAQ,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,aAAa,CAAC,MAAM,KAAK,CAAC;QACjC,aAAa;KACd,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC3D,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACpC,OAAO,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,MAAsB;IAEtB,wCAAwC;IACxC,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,YAAY,CAAC,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sEAAsE;IACtE,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,CAAC,eAAe;QAC9B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/security/vault.d.ts

@@ -0,0 +1,60 @@
+export declare class Vault {
+    private masterKey;
+    private passphrase;
+    private deviceSlots;
+    private data;
+    private locked;
+    private version;
+    private masterSalt?;
+    private constructor();
+    /**
+     * Native machine fingerprint (ignores VAULT_MACHINE_FINGERPRINT override).
+     * Used by addDevice() to register the actual current machine.
+     */
+    static getNativeFingerprint(): string;
+    /**
+     * Auth fingerprint — respects VAULT_MACHINE_FINGERPRINT override.
+     * Used for vault open/key derivation.
+     */
+    private static getAuthFingerprint;
+    private static deriveDeviceKey;
+    /** v1 compat: derive key using auth fingerprint (old behavior). */
+    private static deriveKeyV1;
+    private static encryptMasterKey;
+    private static decryptMasterKey;
+    static create(passphrase: string): Promise<Vault>;
+    private static createFreshV2;
+    private static openV2;
+    private static openV1;
+    private static migrateV1ToV2;
+    /**
+     * Register the current machine's native fingerprint as a new device slot.
+     * Always uses the NATIVE fingerprint (ignores VAULT_MACHINE_FINGERPRINT override),
+     * so you can open with an override and add-device to register the real machine.
+     */
+    addDevice(label?: string): Promise<string>;
+    /**
+     * List registered device slots (no secrets exposed).
+     */
+    listDevices(): Array<{
+        index: number;
+        addedAt: string;
+        label?: string;
+    }>;
+    getVersion(): number;
+    private static ensureVaultDirStatic;
+    private acquireLock;
+    private releaseLock;
+    private encrypt;
+    private decrypt;
+    store(key: string, value: string): Promise<void>;
+    retrieve(key: string): Promise<string | null>;
+    rotate(key: string, newValue: string): Promise<void>;
+    delete(key: string): Promise<void>;
+    list(): Promise<string[]>;
+    migrateFromPlaintext(dir: string): Promise<number>;
+    destroy(): Promise<void>;
+    private persist;
+}
+export declare function createVault(passphrase: string): Promise<Vault>;
+//# sourceMappingURL=vault.d.ts.map

package/dist/security/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../src/security/vault.ts"],"names":[],"mappings":"AAgEA,qBAAa,KAAK;IAChB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,IAAI,CAAiB;IAC7B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,OAAO,CAAY;IAE3B,OAAO,CAAC,UAAU,CAAC,CAAS;IAE5B,OAAO;IAWP;;;OAGG;IACH,MAAM,CAAC,oBAAoB,IAAI,MAAM;IAOrC;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,kBAAkB;mBAQZ,eAAe;IAUpC,mEAAmE;mBAC9C,WAAW;IAQhC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAY/B,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAalB,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;mBA0BlC,aAAa;mBAqBb,MAAM;mBAwBN,MAAM;mBAsDN,aAAa;IAkElC;;;;OAIG;IACG,SAAS,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsBhD;;OAEG;IACH,WAAW,IAAI,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAQxE,UAAU,IAAI,MAAM;mBAQC,oBAAoB;YAQ3B,WAAW;YAgCX,WAAW;IAczB,OAAO,CAAC,OAAO;IAoBf,OAAO,CAAC,OAAO;IAoBT,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhD,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY7C,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOpD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKlC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAIzB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAyBlD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YAqBhB,OAAO;CAgBtB;AAMD,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAEpE"}