npm - @the-ai-company/cbio-node-runtime - Versions diffs - 0.31.0 - Mend

@the-ai-company/cbio-node-runtime 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/LICENSE +21 -0
package/README.md +46 -0
package/dist/agent/agent.d.ts +234 -0
package/dist/agent/agent.js +565 -0
package/dist/agent/agent.js.map +1 -0
package/dist/audit/ActivityLog.d.ts +25 -0
package/dist/audit/ActivityLog.js +66 -0
package/dist/audit/ActivityLog.js.map +1 -0
package/dist/errors.d.ts +28 -0
package/dist/errors.js +37 -0
package/dist/errors.js.map +1 -0
package/dist/http/authClient.d.ts +26 -0
package/dist/http/authClient.js +132 -0
package/dist/http/authClient.js.map +1 -0
package/dist/http/localAuthProxy.d.ts +33 -0
package/dist/http/localAuthProxy.js +93 -0
package/dist/http/localAuthProxy.js.map +1 -0
package/dist/http/secretAcquisition.d.ts +54 -0
package/dist/http/secretAcquisition.js +177 -0
package/dist/http/secretAcquisition.js.map +1 -0
package/dist/protocol/childSecretNaming.d.ts +7 -0
package/dist/protocol/childSecretNaming.js +12 -0
package/dist/protocol/childSecretNaming.js.map +1 -0
package/dist/protocol/crypto.d.ts +23 -0
package/dist/protocol/crypto.js +37 -0
package/dist/protocol/crypto.js.map +1 -0
package/dist/protocol/identity.d.ts +8 -0
package/dist/protocol/identity.js +16 -0
package/dist/protocol/identity.js.map +1 -0
package/dist/runtime/index.d.ts +14 -0
package/dist/runtime/index.js +11 -0
package/dist/runtime/index.js.map +1 -0
package/dist/sealed/index.d.ts +6 -0
package/dist/sealed/index.js +6 -0
package/dist/sealed/index.js.map +1 -0
package/dist/sealed/seal.d.ts +19 -0
package/dist/sealed/seal.js +56 -0
package/dist/sealed/seal.js.map +1 -0
package/dist/storage/fs.d.ts +16 -0
package/dist/storage/fs.js +68 -0
package/dist/storage/fs.js.map +1 -0
package/dist/storage/memory.d.ts +11 -0
package/dist/storage/memory.js +19 -0
package/dist/storage/memory.js.map +1 -0
package/dist/storage/provider.d.ts +12 -0
package/dist/storage/provider.js +6 -0
package/dist/storage/provider.js.map +1 -0
package/dist/vault/secretPolicy.d.ts +3 -0
package/dist/vault/secretPolicy.js +14 -0
package/dist/vault/secretPolicy.js.map +1 -0
package/dist/vault/vault.d.ts +91 -0
package/dist/vault/vault.js +534 -0
package/dist/vault/vault.js.map +1 -0
package/docs/ARCHITECTURE.md +100 -0
package/docs/REFERENCE.md +184 -0
package/docs/TODO-multi-vault.md +29 -0
package/docs/WORKS_WITH_CUSTOM_FETCH.md +196 -0
package/docs/es/README.md +27 -0
package/docs/fr/README.md +27 -0
package/docs/ja/README.md +27 -0
package/docs/ko/README.md +27 -0
package/docs/pt/README.md +27 -0
package/docs/spec/runtime/README.md +27 -0
package/docs/spec/runtime/activity-log.md +67 -0
package/docs/spec/runtime/managed-agent-record.md +52 -0
package/docs/spec/runtime/merge-rules.md +52 -0
package/docs/spec/runtime/secret-origin-policy.md +46 -0
package/docs/zh/README.md +27 -0
package/examples/minimal.ts +13 -0
package/package.json +57 -0

package/dist/vault/vault.d.ts ADDED Viewed

@@ -0,0 +1,91 @@
+import { Signer } from '../protocol/crypto.js';
+import type { IStorageProvider } from '../storage/provider.js';
+import { type ActivityLogEntry, type ActivityLogMetadata } from '../audit/ActivityLog.js';
+export interface SecretPolicy {
+    allowedOrigins?: string[];
+}
+/**
+ * CbioVault
+ *
+ * A secure container for third-party API keys and secrets.
+ * Secrets are stored in a private field (#) and are inaccessible
+ * to the outside Agent logic. Vault stores ONLY secrets (encrypted).
+ */
+export declare class CbioVault {
+    #private;
+    private static readonly PERSIST_SALT;
+    private static readonly VERSIONED_SECRET_PREFIX;
+    /**
+     * @internal Used by Owner. Binds storage and loads vault from disk. Do not call directly.
+     */
+    initFromStorage(signer: Signer, storageKey: string, storage?: IStorageProvider, activityLogKey?: string, activityLogKeyIsDerived?: boolean): Promise<void>;
+    /**
+     * @internal Used by Owner.importIdentity. Binds storage and loads vault from blob. Do not call directly.
+     */
+    initFromBlob(signer: Signer, blob: string, storageKey: string, storage?: IStorageProvider, activityLogKey?: string, activityLogKeyIsDerived?: boolean): Promise<void>;
+    /**
+     * Add a new secret. Fails if secretName already exists.
+     */
+    addSecret(secretName: string, secretValue: string, options?: SecretPolicy): Promise<void>;
+    /**
+     * Update an existing secret. Fails if secretName does not exist.
+     */
+    updateSecret(secretName: string, secretValue: string): Promise<void>;
+    setSecretAllowedOrigins(secretName: string, allowedOrigins: readonly string[]): Promise<void>;
+    rotateSecret(secretName: string, secretValue: string, sourceOrigin: string): Promise<void>;
+    /**
+     * Case 3: Retrieve a secret in plaintext.
+     * @internal @admin
+     * WARNING: This is an ADMIN-ONLY method. Do not use in Agent's autonomous logic.
+     */
+    getSecret(secretName: string): string | undefined;
+    /**
+     * Case 4: Permanently delete a secret from memory and disk.
+     * @internal @admin
+     * WARNING: This is an ADMIN-ONLY method. Agent should NEVER be allowed
+     * to delete its own memory autonomously. Only Owner (Human) can call this.
+     */
+    deleteSecret(secretName: string): Promise<void>;
+    /**
+     * @internal Used by AuthClient to append activity log entries.
+     */
+    appendActivityLogEntry(entry: ActivityLogEntry): Promise<void>;
+    /**
+     * Persistence: Atomic save with write-read-verify.
+     */
+    save(signer: Signer, storageKey?: string, storage?: IStorageProvider): Promise<void>;
+    serializeToBlob(signer: Signer): Promise<string>;
+    /**
+     * Seal vault with external key (AES-256-GCM) for portable local storage.
+     */
+    seal(kdk: string): string;
+    /**
+     * Unseal vault from blob encrypted with kdk.
+     */
+    unseal(kdk: string, sealed: string): void;
+    hasSecret(secretName: string): boolean;
+    listSecretNames(): string[];
+    /**
+     * Read activity log. Owner-only. Returns [] if activity log not enabled.
+     */
+    getActivityLog(): Promise<readonly ActivityLogEntry[]>;
+    /**
+     * Read activity log metadata (agentId, storageKey). Returns null if not present.
+     */
+    getActivityLogMetadata(): Promise<ActivityLogMetadata | null>;
+    /**
+     * Merge secrets from another vault instance.
+     * Only allowed if both vaults belong to the same identity.
+     * @param options.onConflict 'abort' = return conflicts (default); 'skip' = merge non-conflicting only; 'overwrite' = use other's value for conflicts.
+     */
+    mergeFrom(otherVault: CbioVault, options?: {
+        onConflict?: 'abort' | 'skip' | 'overwrite';
+    }): Promise<MergeResult>;
+}
+export interface MergeResult {
+    merged: boolean;
+    added: string[];
+    skipped: string[];
+    overwritten: string[];
+    conflicts?: string[];
+}

package/dist/vault/vault.js ADDED Viewed

@@ -0,0 +1,534 @@
+var _a;
+import { Buffer } from 'node:buffer';
+import * as crypto from 'node:crypto';
+import { deriveRootAgentId } from '../protocol/identity.js';
+import { IdentityError, IdentityErrorCode } from '../errors.js';
+import { FsStorageProvider } from '../storage/fs.js';
+import { appendActivityLog, readActivityLog, readActivityLogMetadata, } from '../audit/ActivityLog.js';
+import { sealBlob, unsealBlob } from '../sealed/seal.js';
+import { normalizeSecretPolicyOrigin } from './secretPolicy.js';
+const VAULT_FORMAT_VERSION = "v1.0";
+const SUPPORTED_VERSIONS = ["v1.0"];
+/**
+ * CbioVault
+ *
+ * A secure container for third-party API keys and secrets.
+ * Secrets are stored in a private field (#) and are inaccessible
+ * to the outside Agent logic. Vault stores ONLY secrets (encrypted).
+ */
+export class CbioVault {
+    #secrets = new Map();
+    #secretMetadata = new Map();
+    #autoSigner = null;
+    #storage = null;
+    #storageKey = null;
+    #activityLogKey = null;
+    #activityLogKeyIsDerived = false;
+    #identityFingerprint = null;
+    static PERSIST_SALT = "CBIO_VAULT_PERSIST_V1";
+    static VERSIONED_SECRET_PREFIX = "__cbio_secret_version__:";
+    static #isVersionStorageKey(secretName) {
+        return secretName.startsWith(_a.VERSIONED_SECRET_PREFIX);
+    }
+    static #normalizeAllowedOrigins(allowedOrigins) {
+        if (!allowedOrigins || allowedOrigins.length === 0)
+            return undefined;
+        const normalized = Array.from(new Set(allowedOrigins.map((origin) => {
+            try {
+                return normalizeSecretPolicyOrigin(origin);
+            }
+            catch (error) {
+                throw new IdentityError(IdentityErrorCode.SECRET_POLICY_REQUIRED, error instanceof Error ? error.message : String(error));
+            }
+        })));
+        return normalized.length > 0 ? normalized : undefined;
+    }
+    #makeVersionStorageKey(secretName, versionId) {
+        return `${_a.VERSIONED_SECRET_PREFIX}${secretName}:${versionId}`;
+    }
+    #assertPublicSecretName(secretName) {
+        if (_a.#isVersionStorageKey(secretName)) {
+            throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret name '${secretName}' is reserved for internal version storage.`);
+        }
+    }
+    #createVersionedSecret(secretName, secretValue, options) {
+        const versionId = 'v1';
+        const storageKey = this.#makeVersionStorageKey(secretName, versionId);
+        this.#secrets.set(storageKey, secretValue);
+        this.#secretMetadata.set(secretName, {
+            activeVersion: versionId,
+            nextVersionNumber: 2,
+            versions: {
+                [versionId]: {
+                    storageKey,
+                    state: 'active',
+                    createdAt: Date.now(),
+                    ...(options?.sourceOrigin && { sourceOrigin: options.sourceOrigin }),
+                }
+            },
+            ...(options?.allowedOrigins && { allowedOrigins: _a.#normalizeAllowedOrigins(options.allowedOrigins) }),
+        });
+    }
+    #ensureVersionedSecret(secretName) {
+        const existing = this.#secretMetadata.get(secretName);
+        if (existing)
+            return existing;
+        const legacyValue = this.#secrets.get(secretName);
+        if (legacyValue !== undefined) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Secret '${secretName}' exists in legacy format. Legacy vault format is no longer supported.`);
+        }
+        throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret name '${secretName}' not found. Use addSecret to add.`);
+    }
+    #getActiveVersionValue(secretName) {
+        const metadata = this.#secretMetadata.get(secretName);
+        if (!metadata) {
+            if (this.#secrets.has(secretName)) {
+                throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Secret '${secretName}' exists in legacy format. Legacy vault format is no longer supported.`);
+            }
+            return undefined;
+        }
+        const active = metadata.versions[metadata.activeVersion];
+        return active ? this.#secrets.get(active.storageKey) : undefined;
+    }
+    #cloneSecretMetadata(secretName, metadata) {
+        const versions = {};
+        for (const [versionId, version] of Object.entries(metadata.versions)) {
+            versions[versionId] = {
+                storageKey: version.storageKey,
+                state: version.state,
+                createdAt: version.createdAt,
+                ...(version.sourceOrigin ? { sourceOrigin: version.sourceOrigin } : {}),
+            };
+        }
+        return {
+            activeVersion: metadata.activeVersion,
+            nextVersionNumber: metadata.nextVersionNumber,
+            versions,
+            ...(metadata.allowedOrigins ? { allowedOrigins: [...metadata.allowedOrigins] } : {}),
+        };
+    }
+    async #replaceSecretFromVault(secretName, otherVault) {
+        const otherMetadata = otherVault.#secretMetadata.get(secretName);
+        if (otherMetadata) {
+            if (this.hasSecret(secretName)) {
+                await this.deleteSecret(secretName);
+            }
+            const clonedMetadata = this.#cloneSecretMetadata(secretName, otherMetadata);
+            for (const version of Object.values(clonedMetadata.versions)) {
+                const value = otherVault.#secrets.get(version.storageKey);
+                if (value === undefined) {
+                    throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret '${secretName}' is missing version data during merge.`);
+                }
+                this.#secrets.set(version.storageKey, value);
+            }
+            this.#secretMetadata.set(secretName, clonedMetadata);
+            return;
+        }
+        if (otherVault.#secrets.has(secretName)) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Secret '${secretName}' exists in legacy format in source vault. Legacy vault format is no longer supported.`);
+        }
+        throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret '${secretName}' metadata is missing from source vault.`);
+    }
+    /**
+     * @internal Used by Owner. Binds storage and loads vault from disk. Do not call directly.
+     */
+    async initFromStorage(signer, storageKey, storage, activityLogKey, activityLogKeyIsDerived = false) {
+        await this.#setupAutoSave(signer, storageKey, storage, activityLogKey, activityLogKeyIsDerived);
+        await this.#load(signer, storageKey, storage);
+    }
+    /**
+     * @internal Used by Owner.importIdentity. Binds storage and loads vault from blob. Do not call directly.
+     */
+    async initFromBlob(signer, blob, storageKey, storage, activityLogKey, activityLogKeyIsDerived = false) {
+        await this.#setupAutoSave(signer, storageKey, storage, activityLogKey, activityLogKeyIsDerived);
+        await this.#deserializeFromBlob(signer, blob);
+    }
+    async #setupAutoSave(signer, storageKey, storage, activityLogKey, activityLogKeyIsDerived = false) {
+        const provider = storage ?? new FsStorageProvider();
+        const testKey = `${storageKey}.cbio_write_test_${crypto.randomBytes(4).toString('hex')}`;
+        try {
+            await provider.write(testKey, Buffer.from('test'));
+            await provider.delete(testKey);
+        }
+        catch (e) {
+            const msg = `CRITICAL: Vault persistence failed. Storage is not writable.\n` +
+                `Error: ${e.message}\n` +
+                `Solution: Check storage permissions or provide a custom IStorageProvider.`;
+            throw new IdentityError(IdentityErrorCode.VAULT_PERSISTENCE_FAILED, msg, { cause: e });
+        }
+        this.#autoSigner = signer;
+        this.#storage = provider;
+        this.#storageKey = storageKey;
+        this.#activityLogKey = activityLogKey ?? null;
+        this.#activityLogKeyIsDerived = activityLogKeyIsDerived;
+        const publicKey = await signer.getPublicKey();
+        this.#identityFingerprint = crypto.createHash('sha256').update(publicKey).digest('hex');
+    }
+    /**
+     * Add a new secret. Fails if secretName already exists.
+     */
+    async addSecret(secretName, secretValue, options) {
+        this.#assertPublicSecretName(secretName);
+        if (this.hasSecret(secretName)) {
+            throw new IdentityError(IdentityErrorCode.SECRET_ALREADY_EXISTS, `Secret name '${secretName}' already exists. Use updateSecret to overwrite.`);
+        }
+        this.#createVersionedSecret(secretName, secretValue, { allowedOrigins: options?.allowedOrigins });
+        await this.#persistIfPossible();
+    }
+    /**
+     * Update an existing secret. Fails if secretName does not exist.
+     */
+    async updateSecret(secretName, secretValue) {
+        this.#assertPublicSecretName(secretName);
+        const metadata = this.#secretMetadata.get(secretName);
+        if (!metadata) {
+            throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret name '${secretName}' not found. Use addSecret to add.`);
+        }
+        const active = metadata.versions[metadata.activeVersion];
+        if (!active) {
+            throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret name '${secretName}' has no active version.`);
+        }
+        this.#secrets.set(active.storageKey, secretValue);
+        await this.#persistIfPossible();
+    }
+    async setSecretAllowedOrigins(secretName, allowedOrigins) {
+        this.#assertPublicSecretName(secretName);
+        const metadata = this.#ensureVersionedSecret(secretName);
+        metadata.allowedOrigins = _a.#normalizeAllowedOrigins(allowedOrigins);
+        await this.#persistIfPossible();
+    }
+    async rotateSecret(secretName, secretValue, sourceOrigin) {
+        this.#assertPublicSecretName(secretName);
+        const metadata = this.#ensureVersionedSecret(secretName);
+        const allowedOrigins = metadata.allowedOrigins;
+        if (!allowedOrigins || allowedOrigins.length === 0) {
+            throw new IdentityError(IdentityErrorCode.SECRET_POLICY_REQUIRED, `Secret '${secretName}' cannot be rotated by agent until owner sets allowedOrigins.`);
+        }
+        const normalizedOrigin = new URL(sourceOrigin).origin;
+        if (!allowedOrigins.includes(normalizedOrigin)) {
+            throw new IdentityError(IdentityErrorCode.SECRET_SOURCE_ORIGIN_MISMATCH, `Secret '${secretName}' only allows rotation from ${allowedOrigins.join(', ')}. Received: ${normalizedOrigin}`);
+        }
+        const current = metadata.versions[metadata.activeVersion];
+        if (current)
+            current.state = 'deprecated';
+        const versionId = `v${metadata.nextVersionNumber}`;
+        metadata.nextVersionNumber += 1;
+        const storageKey = this.#makeVersionStorageKey(secretName, versionId);
+        this.#secrets.set(storageKey, secretValue);
+        metadata.versions[versionId] = {
+            storageKey,
+            state: 'active',
+            createdAt: Date.now(),
+            sourceOrigin: normalizedOrigin,
+        };
+        metadata.activeVersion = versionId;
+        await this.#persistIfPossible();
+    }
+    /**
+     * Case 3: Retrieve a secret in plaintext.
+     * @internal @admin
+     * WARNING: This is an ADMIN-ONLY method. Do not use in Agent's autonomous logic.
+     */
+    getSecret(secretName) {
+        if (_a.#isVersionStorageKey(secretName))
+            return undefined;
+        return this.#getActiveVersionValue(secretName);
+    }
+    /**
+     * Case 4: Permanently delete a secret from memory and disk.
+     * @internal @admin
+     * WARNING: This is an ADMIN-ONLY method. Agent should NEVER be allowed
+     * to delete its own memory autonomously. Only Owner (Human) can call this.
+     */
+    async deleteSecret(secretName) {
+        this.#assertPublicSecretName(secretName);
+        const metadata = this.#secretMetadata.get(secretName);
+        if (!metadata) {
+            throw new IdentityError(IdentityErrorCode.SECRET_NOT_FOUND, `Secret name '${secretName}' not found. Nothing to delete.`);
+        }
+        for (const version of Object.values(metadata.versions)) {
+            this.#secrets.delete(version.storageKey);
+        }
+        this.#secretMetadata.delete(secretName);
+        await this.#persistIfPossible();
+    }
+    async #appendActivityLog(entry) {
+        if (!this.#storage || !this.#activityLogKey || !this.#autoSigner || !this.#storageKey)
+            return;
+        const metadata = {
+            v: 1,
+            agentId: deriveRootAgentId(await this.#autoSigner.getPublicKey()),
+            storageKey: this.#storageKey,
+        };
+        await appendActivityLog(this.#storage, this.#activityLogKey, entry, metadata);
+    }
+    /**
+     * @internal Used by AuthClient to append activity log entries.
+     */
+    async appendActivityLogEntry(entry) {
+        await this.#appendActivityLog(entry);
+    }
+    /**
+     * Persistence: Atomic save with write-read-verify.
+     */
+    async save(signer, storageKey, storage) {
+        const resolvedStorageKey = storageKey ?? this.#storageKey;
+        if (!resolvedStorageKey) {
+            throw new IdentityError(IdentityErrorCode.VAULT_PERSISTENCE_FAILED, 'Vault save requires a bound storageKey or an explicit storageKey argument.');
+        }
+        const provider = storage ?? this.#storage ?? new FsStorageProvider();
+        const tmpKey = `${resolvedStorageKey}.tmp`;
+        const bundle = await this.#serializeToBundle(signer);
+        const checksum = crypto.createHash('sha256').update(bundle).digest('hex');
+        await provider.write(tmpKey, bundle);
+        const readBack = await provider.read(tmpKey);
+        if (!readBack) {
+            throw new IdentityError(IdentityErrorCode.VAULT_WRITE_INTEGRITY_FAILED, `Vault write integrity failure: could not read back ${tmpKey}`);
+        }
+        const readChecksum = crypto.createHash('sha256').update(readBack).digest('hex');
+        if (readChecksum !== checksum) {
+            throw new IdentityError(IdentityErrorCode.VAULT_WRITE_INTEGRITY_FAILED, `Vault write integrity failure: checksum mismatch. Do not delete ${tmpKey} for forensic analysis.`);
+        }
+        if (provider.rename) {
+            await provider.rename(tmpKey, resolvedStorageKey);
+        }
+        else {
+            await provider.write(resolvedStorageKey, bundle);
+            await provider.delete(tmpKey);
+        }
+    }
+    async serializeToBlob(signer) {
+        const bundle = await this.#serializeToBundle(signer);
+        return bundle.toString('base64url');
+    }
+    /**
+     * Seal vault with external key (AES-256-GCM) for portable local storage.
+     */
+    seal(kdk) {
+        try {
+            return sealBlob({
+                version: VAULT_FORMAT_VERSION,
+                secrets: Object.fromEntries(this.#secrets),
+                secretMetadata: Object.fromEntries(this.#secretMetadata),
+            }, kdk);
+        }
+        catch (e) {
+            if (e.code === IdentityErrorCode.INVALID_KDK)
+                throw e;
+            throw new IdentityError(IdentityErrorCode.INVALID_KDK, "seal: " + (e.message || String(e)), { cause: e });
+        }
+    }
+    /**
+     * Unseal vault from blob encrypted with kdk.
+     */
+    unseal(kdk, sealed) {
+        try {
+            const data = unsealBlob(sealed, kdk);
+            this.#loadFromPayload(data);
+        }
+        catch (e) {
+            if (e instanceof IdentityError)
+                throw e;
+            throw new IdentityError(IdentityErrorCode.INVALID_KDK, "unseal: " + (e.message || String(e)), { cause: e });
+        }
+    }
+    async #serializeToBundle(signer) {
+        const signature = await signer.sign(_a.PERSIST_SALT);
+        const encryptionKey = crypto.createHash('sha256').update(signature).digest();
+        const payload = {
+            version: VAULT_FORMAT_VERSION,
+            secrets: Object.fromEntries(this.#secrets),
+            secretMetadata: Object.fromEntries(this.#secretMetadata),
+        };
+        const plainText = JSON.stringify(payload);
+        const iv = crypto.randomBytes(12);
+        const cipher = crypto.createCipheriv('aes-256-gcm', encryptionKey, iv);
+        const encrypted = Buffer.concat([cipher.update(plainText, 'utf8'), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return Buffer.concat([iv, tag, encrypted]);
+    }
+    #loadFromPayload(data) {
+        if (typeof data.secrets !== 'object' || data.secrets === null) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, 'Vault payload must have a secrets object. Legacy format is no longer supported.');
+        }
+        if (typeof data.secretMetadata !== 'object' || data.secretMetadata === null) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, 'Vault payload must have a secretMetadata object. Legacy format is no longer supported.');
+        }
+        this.#secrets = new Map(Object.entries(data.secrets));
+        this.#secretMetadata = new Map(Object.entries(data.secretMetadata));
+    }
+    async #persistIfPossible() {
+        if (this.#autoSigner && this.#storage && this.#storageKey) {
+            await this.save(this.#autoSigner, this.#storageKey, this.#storage);
+        }
+    }
+    async #load(signer, storageKey, storage, mode = 'optional') {
+        const provider = storage ?? this.#storage ?? new FsStorageProvider();
+        const tmpKey = `${storageKey}.tmp`;
+        const tryLoad = async (k) => {
+            try {
+                const bundle = await provider.read(k);
+                if (!bundle)
+                    return false;
+                await this.#deserializeFromBundle(signer, bundle);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        };
+        if (await tryLoad(storageKey)) {
+            await provider.delete(tmpKey).catch(() => { });
+            return;
+        }
+        const mainMissing = !(await provider.has(storageKey));
+        if (mainMissing) {
+            if (await tryLoad(tmpKey)) {
+                if (provider.rename) {
+                    await provider.rename(tmpKey, storageKey);
+                }
+                else {
+                    const bundle = await provider.read(tmpKey);
+                    if (bundle)
+                        await provider.write(storageKey, bundle);
+                    await provider.delete(tmpKey);
+                }
+                return;
+            }
+            if (mode === 'required') {
+                throw new IdentityError(IdentityErrorCode.VAULT_FILE_NOT_FOUND, `Vault file not found: ${storageKey}`);
+            }
+            return;
+        }
+        if (await tryLoad(tmpKey)) {
+            if (provider.rename) {
+                await provider.rename(tmpKey, storageKey);
+            }
+            else {
+                const bundle = await provider.read(tmpKey);
+                if (bundle)
+                    await provider.write(storageKey, bundle);
+                await provider.delete(tmpKey);
+            }
+            return;
+        }
+        // Path collision: main exists but decrypt failed. Try suffixed paths only if file looks valid (not obviously corrupt).
+        const bundle = await provider.read(storageKey);
+        if (!bundle || bundle.length < 32) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Vault corrupted: both ${storageKey} and ${tmpKey} are unreadable. Do not overwrite. Seek recovery support.`);
+        }
+        const base = storageKey.replace(/\.enc$/, '');
+        for (let n = 1; n <= 100; n++) {
+            const altKey = `${base}_${n}.enc`;
+            if (await tryLoad(altKey)) {
+                this.#storageKey = altKey;
+                if (this.#activityLogKey && this.#activityLogKeyIsDerived) {
+                    this.#activityLogKey = `${base}_${n}.activity.jsonl`;
+                }
+                return;
+            }
+        }
+        throw new IdentityError(IdentityErrorCode.VAULT_DECRYPT_FAILED, `Vault decrypt failed: ${storageKey} exists but could not be decrypted with this key. Wrong key, tampered file, or incompatible format. Do not overwrite. Seek recovery support.`);
+    }
+    async #deserializeFromBlob(signer, blob) {
+        const bundle = Buffer.from(blob, 'base64url');
+        await this.#deserializeFromBundle(signer, bundle);
+    }
+    async #deserializeFromBundle(signer, bundle) {
+        const signature = await signer.sign(_a.PERSIST_SALT);
+        const encryptionKey = crypto.createHash('sha256').update(signature).digest();
+        const iv = bundle.subarray(0, 12);
+        const tag = bundle.subarray(12, 28);
+        const encrypted = bundle.subarray(28);
+        const decipher = crypto.createDecipheriv('aes-256-gcm', encryptionKey, iv);
+        decipher.setAuthTag(tag);
+        const plainText = decipher.update(encrypted, undefined, 'utf8') + decipher.final('utf8');
+        const data = JSON.parse(plainText);
+        if (!SUPPORTED_VERSIONS.includes(data.version)) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Vault format version '${data.version ?? '(missing)'}' not supported. Expected v1.0. Legacy formats are no longer supported.`);
+        }
+        this.#loadFromPayload(data);
+    }
+    hasSecret(secretName) {
+        if (_a.#isVersionStorageKey(secretName))
+            return false;
+        if (this.#secrets.has(secretName)) {
+            throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Secret '${secretName}' exists in legacy format. Legacy vault format is no longer supported.`);
+        }
+        return this.#secretMetadata.has(secretName);
+    }
+    listSecretNames() {
+        for (const secretName of this.#secrets.keys()) {
+            if (!_a.#isVersionStorageKey(secretName)) {
+                throw new IdentityError(IdentityErrorCode.VAULT_CORRUPTED, `Secret '${secretName}' exists in legacy format. Legacy vault format is no longer supported.`);
+            }
+        }
+        return Array.from(this.#secretMetadata.keys());
+    }
+    /**
+     * Read activity log. Owner-only. Returns [] if activity log not enabled.
+     */
+    async getActivityLog() {
+        if (!this.#storage || !this.#activityLogKey)
+            return [];
+        return await readActivityLog(this.#storage, this.#activityLogKey);
+    }
+    /**
+     * Read activity log metadata (agentId, storageKey). Returns null if not present.
+     */
+    async getActivityLogMetadata() {
+        if (!this.#storage || !this.#activityLogKey)
+            return null;
+        return await readActivityLogMetadata(this.#storage, this.#activityLogKey);
+    }
+    /**
+     * Merge secrets from another vault instance.
+     * Only allowed if both vaults belong to the same identity.
+     * @param options.onConflict 'abort' = return conflicts (default); 'skip' = merge non-conflicting only; 'overwrite' = use other's value for conflicts.
+     */
+    async mergeFrom(otherVault, options) {
+        const onConflict = options?.onConflict ?? 'abort';
+        if (this.#identityFingerprint !== otherVault.#identityFingerprint) {
+            throw new IdentityError(IdentityErrorCode.MERGE_IDENTITY_MISMATCH, "Cannot merge vaults belonging to different identities.");
+        }
+        const conflicts = [];
+        for (const secretName of otherVault.listSecretNames()) {
+            if (this.hasSecret(secretName))
+                conflicts.push(secretName);
+        }
+        if (conflicts.length > 0 && onConflict === 'abort') {
+            return {
+                merged: false,
+                added: [],
+                skipped: [],
+                overwritten: [],
+                conflicts,
+            };
+        }
+        const added = [];
+        const skipped = [];
+        const overwritten = [];
+        for (const secretName of otherVault.listSecretNames()) {
+            if (!this.hasSecret(secretName)) {
+                await this.#replaceSecretFromVault(secretName, otherVault);
+                added.push(secretName);
+            }
+            else if (onConflict === 'skip') {
+                skipped.push(secretName);
+            }
+            else if (onConflict === 'overwrite') {
+                await this.#replaceSecretFromVault(secretName, otherVault);
+                overwritten.push(secretName);
+            }
+        }
+        await this.#persistIfPossible();
+        return {
+            merged: true,
+            added,
+            skipped,
+            overwritten,
+        };
+    }
+}
+_a = CbioVault;
+//# sourceMappingURL=vault.js.map

package/dist/vault/vault.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vault.js","sourceRoot":"","sources":["../../src/vault/vault.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEhE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EACH,iBAAiB,EACjB,eAAe,EACf,uBAAuB,GAG1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,oBAAoB,GAAG,MAAM,CAAC;AACpC,MAAM,kBAAkB,GAAG,CAAC,MAAM,CAAC,CAAC;AAsBpC;;;;;;GAMG;AACH,MAAM,OAAO,SAAS;IAClB,QAAQ,GAAwB,IAAI,GAAG,EAAE,CAAC;IAC1C,eAAe,GAAsC,IAAI,GAAG,EAAE,CAAC;IAC/D,WAAW,GAAkB,IAAI,CAAC;IAClC,QAAQ,GAA4B,IAAI,CAAC;IACzC,WAAW,GAAkB,IAAI,CAAC;IAClC,eAAe,GAAkB,IAAI,CAAC;IACtC,wBAAwB,GAAG,KAAK,CAAC;IACjC,oBAAoB,GAAkB,IAAI,CAAC;IACnC,MAAM,CAAU,YAAY,GAAG,uBAAuB,CAAC;IACvD,MAAM,CAAU,uBAAuB,GAAG,0BAA0B,CAAC;IAE7E,MAAM,CAAC,oBAAoB,CAAC,UAAkB;QAC1C,OAAO,UAAU,CAAC,UAAU,CAAC,EAAS,CAAC,uBAAuB,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,CAAC,wBAAwB,CAAC,cAAkC;QAC9D,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAChE,IAAI,CAAC;gBACD,OAAO,2BAA2B,CAAC,MAAM,CAAC,CAAC;YAC/C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,sBAAsB,EACxC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACzD,CAAC;YACN,CAAC;QACL,CAAC,CAAC,CAAC,CAAC,CAAC;QACL,OAAO,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED,sBAAsB,CAAC,UAAkB,EAAE,SAAiB;QACxD,OAAO,GAAG,EAAS,CAAC,uBAAuB,GAAG,UAAU,IAAI,SAAS,EAAE,CAAC;IAC5E,CAAC;IAED,uBAAuB,CAAC,UAAkB;QACtC,IAAI,EAAS,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,gBAAgB,UAAU,6CAA6C,CAAC,CAAC;QACzI,CAAC;IACL,CAAC;IAED,sBAAsB,CAAC,UAAkB,EAAE,WAAmB,EAAE,OAAuE;QACnI,MAAM,SAAS,GAAG,IAAI,CAAC;QACvB,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC3C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE;YACjC,aAAa,EAAE,SAAS;YACxB,iBAAiB,EAAE,CAAC;YACpB,QAAQ,EAAE;gBACN,CAAC,SAAS,CAAC,EAAE;oBACT,UAAU;oBACV,KAAK,EAAE,QAAQ;oBACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,GAAG,CAAC,OAAO,EAAE,YAAY,IAAI,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC;iBACvE;aACJ;YACD,GAAG,CAAC,OAAO,EAAE,cAAc,IAAI,EAAE,cAAc,EAAE,EAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;SACjH,CAAC,CAAC;IACP,CAAC;IAED,sBAAsB,CAAC,UAAkB;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,WAAW,UAAU,wEAAwE,CAChG,CAAC;QACN,CAAC;QAED,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,gBAAgB,UAAU,oCAAoC,CAAC,CAAC;IAChI,CAAC;IAED,sBAAsB,CAAC,UAAkB;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,WAAW,UAAU,wEAAwE,CAChG,CAAC;YACN,CAAC;YACD,OAAO,SAAS,CAAC;QACrB,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACzD,OAAO,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACrE,CAAC;IAED,oBAAoB,CAAC,UAAkB,EAAE,QAA8B;QACnE,MAAM,QAAQ,GAAwC,EAAE,CAAC;QACzD,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,SAAS,CAAC,GAAG;gBAClB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC1E,CAAC;QACN,CAAC;QACD,OAAO;YACH,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,QAAQ;YACR,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvF,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,UAAkB,EAAE,UAAqB;QACnE,MAAM,aAAa,GAAG,UAAU,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,aAAa,EAAE,CAAC;YAChB,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC7B,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YACxC,CAAC;YACD,MAAM,cAAc,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC5E,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAC1D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;oBACtB,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,gBAAgB,EAClC,WAAW,UAAU,yCAAyC,CACjE,CAAC;gBACN,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACjD,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACrD,OAAO;QACX,CAAC;QAED,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,WAAW,UAAU,wFAAwF,CAChH,CAAC;QACN,CAAC;QAED,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,gBAAgB,EAClC,WAAW,UAAU,0CAA0C,CAClE,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACjB,MAAc,EACd,UAAkB,EAClB,OAA0B,EAC1B,cAAuB,EACvB,uBAAuB,GAAG,KAAK;QAE/B,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,uBAAuB,CAAC,CAAC;QAChG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CACd,MAAc,EACd,IAAY,EACZ,UAAkB,EAClB,OAA0B,EAC1B,cAAuB,EACvB,uBAAuB,GAAG,KAAK;QAE/B,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,uBAAuB,CAAC,CAAC;QAChG,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,cAAc,CAChB,MAAc,EACd,UAAkB,EAClB,OAA0B,EAC1B,cAAuB,EACvB,uBAAuB,GAAG,KAAK;QAE/B,MAAM,QAAQ,GAAG,OAAO,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,GAAG,UAAU,oBAAoB,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzF,IAAI,CAAC;YACD,MAAM,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;YACnD,MAAM,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACd,MAAM,GAAG,GAAG,gEAAgE;gBAChE,UAAU,CAAC,CAAC,OAAO,IAAI;gBACvB,2EAA2E,CAAC;YACxF,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,wBAAwB,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC;QAC1B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,eAAe,GAAG,cAAc,IAAI,IAAI,CAAC;QAC9C,IAAI,CAAC,wBAAwB,GAAG,uBAAuB,CAAC;QAExD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC9C,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5F,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB,EAAE,WAAmB,EAAE,OAAsB;QAC3E,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,gBAAgB,UAAU,kDAAkD,CAAC,CAAC;QACnJ,CAAC;QACD,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;QAClG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,WAAmB;QACtD,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,gBAAgB,UAAU,oCAAoC,CAAC,CAAC;QAChI,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,gBAAgB,UAAU,0BAA0B,CAAC,CAAC;QACtH,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,UAAkB,EAAE,cAAiC;QAC/E,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACzD,QAAQ,CAAC,cAAc,GAAG,EAAS,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;QAC7E,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,WAAmB,EAAE,YAAoB;QAC5E,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,QAAQ,CAAC,cAAc,CAAC;QAC/C,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,sBAAsB,EACxC,WAAW,UAAU,+DAA+D,CACvF,CAAC;QACN,CAAC;QACD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,6BAA6B,EAC/C,WAAW,UAAU,+BAA+B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,gBAAgB,EAAE,CACjH,CAAC;QACN,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC1D,IAAI,OAAO;YAAE,OAAO,CAAC,KAAK,GAAG,YAAY,CAAC;QAE1C,MAAM,SAAS,GAAG,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACnD,QAAQ,CAAC,iBAAiB,IAAI,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACtE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC3C,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG;YAC3B,UAAU;YACV,KAAK,EAAE,QAAQ;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,YAAY,EAAE,gBAAgB;SACjC,CAAC;QACF,QAAQ,CAAC,aAAa,GAAG,SAAS,CAAC;QACnC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,SAAS,CAAC,UAAkB;QACxB,IAAI,EAAS,CAAC,oBAAoB,CAAC,UAAU,CAAC;YAAE,OAAO,SAAS,CAAC;QACjE,OAAO,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,UAAkB;QACjC,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,gBAAgB,UAAU,iCAAiC,CAAC,CAAC;QAC7H,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAuB;QAC5C,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO;QAC9F,MAAM,QAAQ,GAAG;YACb,CAAC,EAAE,CAAC;YACJ,OAAO,EAAE,iBAAiB,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC;YACjE,UAAU,EAAE,IAAI,CAAC,WAAW;SAC/B,CAAC;QACF,MAAM,iBAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IAClF,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,KAAuB;QAChD,MAAM,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,MAAc,EAAE,UAAmB,EAAE,OAA0B;QACtE,MAAM,kBAAkB,GAAG,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC;QAC1D,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,wBAAwB,EAC1C,4EAA4E,CAC/E,CAAC;QACN,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrE,MAAM,MAAM,GAAG,GAAG,kBAAkB,MAAM,CAAC;QAE3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE1E,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,4BAA4B,EAC9C,sDAAsD,MAAM,EAAE,CACjE,CAAC;QACN,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChF,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,4BAA4B,EAC9C,mEAAmE,MAAM,yBAAyB,CACrG,CAAC;QACN,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACJ,MAAM,QAAQ,CAAC,KAAK,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;YACjD,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,MAAc;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrD,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,GAAW;QACZ,IAAI,CAAC;YACD,OAAO,QAAQ,CAAC;gBACZ,OAAO,EAAE,oBAAoB;gBAC7B,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAC1C,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC;aAC3D,EAAE,GAAG,CAAC,CAAC;QACZ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACd,IAAI,CAAC,CAAC,IAAI,KAAK,iBAAiB,CAAC,WAAW;gBAAE,MAAM,CAAC,CAAC;YACtD,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,WAAW,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9G,CAAC;IACL,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,GAAW,EAAE,MAAc;QAC9B,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACrC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YACd,IAAI,CAAC,YAAY,aAAa;gBAAE,MAAM,CAAC,CAAC;YACxC,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,WAAW,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAChH,CAAC;IACL,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACnC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,EAAS,CAAC,YAAY,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7E,MAAM,OAAO,GAAG;YACZ,OAAO,EAAE,oBAAoB;YAC7B,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC1C,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC;SAC3D,CAAC;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,gBAAgB,CAAC,IAAS;QACtB,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;YAC5D,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,iFAAiF,CACpF,CAAC;QACN,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,cAAc,KAAK,QAAQ,IAAI,IAAI,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;YAC1E,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,wFAAwF,CAC3F,CAAC;QACN,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACtD,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,CAC1B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,cAAsD,CAAC,CACzC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,kBAAkB;QACpB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACxD,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACvE,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAAc,EAAE,UAAkB,EAAE,OAA0B,EAAE,OAAgC,UAAU;QAClH,MAAM,QAAQ,GAAG,OAAO,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrE,MAAM,MAAM,GAAG,GAAG,UAAU,MAAM,CAAC;QAEnC,MAAM,OAAO,GAAG,KAAK,EAAE,CAAS,EAAoB,EAAE;YAClD,IAAI,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACtC,IAAI,CAAC,MAAM;oBAAE,OAAO,KAAK,CAAC;gBAC1B,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,MAAM,CAAC;gBACL,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC9C,OAAO;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QACtD,IAAI,WAAW,EAAE,CAAC;YACd,IAAI,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxB,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAClB,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAC9C,CAAC;qBAAM,CAAC;oBACJ,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAC3C,IAAI,MAAM;wBAAE,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;oBACrD,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,CAAC;gBACD,OAAO;YACX,CAAC;YACD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;gBACtB,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,oBAAoB,EAAE,yBAAyB,UAAU,EAAE,CAAC,CAAC;YAC3G,CAAC;YACD,OAAO;QACX,CAAC;QAED,IAAI,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACxB,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACJ,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC3C,IAAI,MAAM;oBAAE,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;gBACrD,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;YACD,OAAO;QACX,CAAC;QAED,uHAAuH;QACvH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,yBAAyB,UAAU,QAAQ,MAAM,2DAA2D,CAC/G,CAAC;QACN,CAAC;QACD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC;YAClC,IAAI,MAAM,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC;gBAC1B,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;oBACxD,IAAI,CAAC,eAAe,GAAG,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC;gBACzD,CAAC;gBACD,OAAO;YACX,CAAC;QACL,CAAC;QAED,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,oBAAoB,EACtC,yBAAyB,UAAU,8IAA8I,CACpL,CAAC;IACN,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc,EAAE,IAAY;QACnD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QAC9C,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,MAAc;QACvD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,EAAS,CAAC,YAAY,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;QAC7E,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;QAC3E,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAgB,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChG,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACnC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,yBAAyB,IAAI,CAAC,OAAO,IAAI,WAAW,yEAAyE,CAChI,CAAC;QACN,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,SAAS,CAAC,UAAkB;QACxB,IAAI,EAAS,CAAC,oBAAoB,CAAC,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7D,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,WAAW,UAAU,wEAAwE,CAChG,CAAC;QACN,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAChD,CAAC;IAED,eAAe;QACX,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5C,IAAI,CAAC,EAAS,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9C,MAAM,IAAI,aAAa,CACnB,iBAAiB,CAAC,eAAe,EACjC,WAAW,UAAU,wEAAwE,CAChG,CAAC;YACN,CAAC;QACL,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO,EAAE,CAAC;QACvD,OAAO,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB;QACxB,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe;YAAE,OAAO,IAAI,CAAC;QACzD,OAAO,MAAM,uBAAuB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAC9E,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,SAAS,CAAC,UAAqB,EAAE,OAAyD;QAC5F,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,OAAO,CAAC;QAElD,IAAI,IAAI,CAAC,oBAAoB,KAAK,UAAU,CAAC,oBAAoB,EAAE,CAAC;YAChE,MAAM,IAAI,aAAa,CAAC,iBAAiB,CAAC,uBAAuB,EAAE,wDAAwD,CAAC,CAAC;QACjI,CAAC;QAED,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,MAAM,UAAU,IAAI,UAAU,CAAC,eAAe,EAAE,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;gBAAE,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;YACjD,OAAO;gBACH,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE;gBACX,WAAW,EAAE,EAAE;gBACf,SAAS;aACZ,CAAC;QACN,CAAC;QAED,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAa,EAAE,CAAC;QACjC,KAAK,MAAM,UAAU,IAAI,UAAU,CAAC,eAAe,EAAE,EAAE,CAAC;YACpD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC3D,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC3B,CAAC;iBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC/B,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7B,CAAC;iBAAM,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC3D,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACjC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAChC,OAAO;YACH,MAAM,EAAE,IAAI;YACZ,KAAK;YACL,OAAO;YACP,WAAW;SACd,CAAC;IACN,CAAC"}