@the-ai-company/cbio-node-runtime 0.39.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +116 -54
- package/dist/clients/agent/client.d.ts +9 -0
- package/dist/clients/agent/client.js +72 -0
- package/dist/clients/agent/client.js.map +1 -0
- package/dist/clients/agent/contracts.d.ts +34 -0
- package/dist/clients/agent/contracts.js +2 -0
- package/dist/clients/agent/contracts.js.map +1 -0
- package/dist/clients/agent/index.d.ts +3 -0
- package/dist/clients/agent/index.js +2 -0
- package/dist/clients/agent/index.js.map +1 -0
- package/dist/clients/owner/client.d.ts +18 -0
- package/dist/clients/owner/client.js +169 -0
- package/dist/clients/owner/client.js.map +1 -0
- package/dist/clients/owner/contracts.d.ts +34 -0
- package/dist/clients/owner/contracts.js +2 -0
- package/dist/clients/owner/contracts.js.map +1 -0
- package/dist/clients/owner/index.d.ts +3 -0
- package/dist/clients/owner/index.js +2 -0
- package/dist/clients/owner/index.js.map +1 -0
- package/dist/runtime/index.d.ts +8 -10
- package/dist/runtime/index.js +8 -7
- package/dist/runtime/index.js.map +1 -1
- package/dist/storage/fs.d.ts +1 -0
- package/dist/storage/fs.js +28 -0
- package/dist/storage/fs.js.map +1 -1
- package/dist/storage/memory.d.ts +1 -0
- package/dist/storage/memory.js +20 -0
- package/dist/storage/memory.js.map +1 -1
- package/dist/storage/provider.d.ts +2 -0
- package/dist/vault-core/contracts.d.ts +230 -0
- package/dist/vault-core/contracts.js +2 -0
- package/dist/vault-core/contracts.js.map +1 -0
- package/dist/vault-core/core.d.ts +21 -0
- package/dist/vault-core/core.js +335 -0
- package/dist/vault-core/core.js.map +1 -0
- package/dist/vault-core/defaults.d.ts +141 -0
- package/dist/vault-core/defaults.js +602 -0
- package/dist/vault-core/defaults.js.map +1 -0
- package/dist/vault-core/errors.d.ts +4 -0
- package/dist/vault-core/errors.js +9 -0
- package/dist/vault-core/errors.js.map +1 -0
- package/dist/vault-core/index.d.ts +6 -0
- package/dist/vault-core/index.js +5 -0
- package/dist/vault-core/index.js.map +1 -0
- package/dist/vault-core/persistence.d.ts +87 -0
- package/dist/vault-core/persistence.js +309 -0
- package/dist/vault-core/persistence.js.map +1 -0
- package/dist/vault-core/ports.d.ts +101 -0
- package/dist/vault-core/ports.js +2 -0
- package/dist/vault-core/ports.js.map +1 -0
- package/dist/vault-ingress/defaults.d.ts +14 -0
- package/dist/vault-ingress/defaults.js +41 -0
- package/dist/vault-ingress/defaults.js.map +1 -0
- package/dist/vault-ingress/flow-factories.d.ts +24 -0
- package/dist/vault-ingress/flow-factories.js +48 -0
- package/dist/vault-ingress/flow-factories.js.map +1 -0
- package/dist/vault-ingress/index.d.ts +81 -0
- package/dist/vault-ingress/index.js +357 -0
- package/dist/vault-ingress/index.js.map +1 -0
- package/docs/ARCHITECTURE.md +44 -76
- package/docs/REFERENCE.md +217 -218
- package/docs/WORKS_WITH_CUSTOM_FETCH.md +16 -191
- package/docs/es/README.md +8 -24
- package/docs/fr/README.md +8 -24
- package/docs/ja/README.md +8 -24
- package/docs/ko/README.md +8 -24
- package/docs/pt/README.md +8 -24
- package/docs/zh/README.md +21 -7
- package/package.json +2 -10
- package/dist/agent/agent.d.ts +0 -267
- package/dist/agent/agent.js +0 -689
- package/dist/agent/agent.js.map +0 -1
- package/dist/audit/ActivityLog.d.ts +0 -25
- package/dist/audit/ActivityLog.js +0 -71
- package/dist/audit/ActivityLog.js.map +0 -1
- package/dist/http/authClient.d.ts +0 -26
- package/dist/http/authClient.js +0 -132
- package/dist/http/authClient.js.map +0 -1
- package/dist/http/genericSecretValidator.d.ts +0 -11
- package/dist/http/genericSecretValidator.js +0 -42
- package/dist/http/genericSecretValidator.js.map +0 -1
- package/dist/http/localAuthProxy.d.ts +0 -33
- package/dist/http/localAuthProxy.js +0 -93
- package/dist/http/localAuthProxy.js.map +0 -1
- package/dist/http/localSecretIngress.d.ts +0 -33
- package/dist/http/localSecretIngress.js +0 -162
- package/dist/http/localSecretIngress.js.map +0 -1
- package/dist/http/secretAcquisition.d.ts +0 -54
- package/dist/http/secretAcquisition.js +0 -177
- package/dist/http/secretAcquisition.js.map +0 -1
- package/dist/protocol/childSecretNaming.d.ts +0 -7
- package/dist/protocol/childSecretNaming.js +0 -12
- package/dist/protocol/childSecretNaming.js.map +0 -1
- package/dist/protocol/identity.d.ts +0 -8
- package/dist/protocol/identity.js +0 -16
- package/dist/protocol/identity.js.map +0 -1
- package/dist/sealed/index.d.ts +0 -6
- package/dist/sealed/index.js +0 -6
- package/dist/sealed/index.js.map +0 -1
- package/dist/vault/secretPolicy.d.ts +0 -3
- package/dist/vault/secretPolicy.js +0 -14
- package/dist/vault/secretPolicy.js.map +0 -1
- package/dist/vault/vault.d.ts +0 -100
- package/dist/vault/vault.js +0 -603
- package/dist/vault/vault.js.map +0 -1
- package/docs/TODO-multi-vault.md +0 -29
- package/docs/spec/runtime/README.md +0 -44
- package/docs/spec/runtime/activity-log.md +0 -71
- package/docs/spec/runtime/exposure-surfaces.md +0 -99
- package/docs/spec/runtime/managed-agent-record.md +0 -52
- package/docs/spec/runtime/merge-rules.md +0 -52
- package/docs/spec/runtime/secret-origin-policy.md +0 -46
- package/docs/spec/runtime/secret-validation.md +0 -113
|
@@ -0,0 +1,602 @@
|
|
|
1
|
+
import * as crypto from "node:crypto";
|
|
2
|
+
import { verifySignature } from "../protocol/crypto.js";
|
|
3
|
+
import { VaultCoreError } from "./errors.js";
|
|
4
|
+
function canonicalizeHttpTarget(targetUrl, method) {
|
|
5
|
+
let parsed;
|
|
6
|
+
try {
|
|
7
|
+
parsed = new URL(targetUrl);
|
|
8
|
+
}
|
|
9
|
+
catch {
|
|
10
|
+
throw new VaultCoreError("target normalization failed", "VAULT_DISPATCH_DENIED");
|
|
11
|
+
}
|
|
12
|
+
if (parsed.username || parsed.password) {
|
|
13
|
+
throw new VaultCoreError("target credentials not allowed", "VAULT_DISPATCH_DENIED");
|
|
14
|
+
}
|
|
15
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
16
|
+
throw new VaultCoreError("target scheme denied", "VAULT_DISPATCH_DENIED");
|
|
17
|
+
}
|
|
18
|
+
if (!parsed.hostname) {
|
|
19
|
+
throw new VaultCoreError("target hostname missing", "VAULT_DISPATCH_DENIED");
|
|
20
|
+
}
|
|
21
|
+
parsed.protocol = parsed.protocol.toLowerCase();
|
|
22
|
+
parsed.hostname = parsed.hostname.toLowerCase();
|
|
23
|
+
parsed.hash = "";
|
|
24
|
+
parsed.search = "";
|
|
25
|
+
if ((parsed.protocol === "https:" && parsed.port === "443") || (parsed.protocol === "http:" && parsed.port === "80")) {
|
|
26
|
+
parsed.port = "";
|
|
27
|
+
}
|
|
28
|
+
const path = parsed.pathname || "/";
|
|
29
|
+
parsed.pathname = path;
|
|
30
|
+
return {
|
|
31
|
+
origin: parsed.origin,
|
|
32
|
+
url: parsed.toString(),
|
|
33
|
+
method: method.toUpperCase(),
|
|
34
|
+
path,
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
function canonicalizeAllowedTarget(targetUrl) {
|
|
38
|
+
return canonicalizeHttpTarget(targetUrl, "GET").url;
|
|
39
|
+
}
|
|
40
|
+
function createDispatchBinding(request) {
|
|
41
|
+
return JSON.stringify({
|
|
42
|
+
requestId: request.requestId,
|
|
43
|
+
requestedAt: request.requestedAt,
|
|
44
|
+
agentId: request.agent.id,
|
|
45
|
+
capabilityId: request.capability.capabilityId,
|
|
46
|
+
secretAlias: request.secretAlias ?? null,
|
|
47
|
+
targetUrl: request.targetUrl,
|
|
48
|
+
method: request.method,
|
|
49
|
+
body: request.body ?? null,
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
function createOwnerWriteBinding(command) {
|
|
53
|
+
return JSON.stringify({
|
|
54
|
+
requestId: command.requestId,
|
|
55
|
+
requestedAt: command.requestedAt,
|
|
56
|
+
ownerId: command.owner.id,
|
|
57
|
+
alias: command.alias,
|
|
58
|
+
plaintext: command.plaintext,
|
|
59
|
+
targetBindings: command.targetBindings,
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
function createOwnerAuditBinding(request) {
|
|
63
|
+
return JSON.stringify({
|
|
64
|
+
requestId: request.requestId,
|
|
65
|
+
requestedAt: request.requestedAt,
|
|
66
|
+
ownerId: request.actor.id,
|
|
67
|
+
query: request.query,
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
function createOwnerRegisterAgentBinding(command) {
|
|
71
|
+
return JSON.stringify({
|
|
72
|
+
requestId: command.requestId,
|
|
73
|
+
requestedAt: command.requestedAt,
|
|
74
|
+
ownerId: command.owner.id,
|
|
75
|
+
agentIdentity: command.agentIdentity,
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
function createOwnerRegisterOwnerBinding(command) {
|
|
79
|
+
return JSON.stringify({
|
|
80
|
+
requestId: command.requestId,
|
|
81
|
+
requestedAt: command.requestedAt,
|
|
82
|
+
ownerId: command.owner.id,
|
|
83
|
+
ownerIdentity: command.ownerIdentity,
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
function createOwnerRegisterCustomFlowBinding(command) {
|
|
87
|
+
return JSON.stringify({
|
|
88
|
+
requestId: command.requestId,
|
|
89
|
+
requestedAt: command.requestedAt,
|
|
90
|
+
ownerId: command.owner.id,
|
|
91
|
+
flow: command.flow,
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
export class SystemClock {
|
|
95
|
+
nowIso() {
|
|
96
|
+
return new Date().toISOString();
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
export class RandomIdGenerator {
|
|
100
|
+
newSecretId() {
|
|
101
|
+
return { value: `secret_${crypto.randomUUID()}` };
|
|
102
|
+
}
|
|
103
|
+
newVersion() {
|
|
104
|
+
return { value: `v_${crypto.randomUUID()}` };
|
|
105
|
+
}
|
|
106
|
+
newAuditEntryId() {
|
|
107
|
+
return `audit_${crypto.randomUUID()}`;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
export class InMemorySecretRepository {
|
|
111
|
+
_byAlias = new Map();
|
|
112
|
+
_byId = new Map();
|
|
113
|
+
async save(record) {
|
|
114
|
+
this._byAlias.set(record.alias.value, record);
|
|
115
|
+
this._byId.set(record.secretId.value, record);
|
|
116
|
+
}
|
|
117
|
+
async delete(secretId) {
|
|
118
|
+
const existing = this._byId.get(secretId.value);
|
|
119
|
+
if (!existing) {
|
|
120
|
+
return;
|
|
121
|
+
}
|
|
122
|
+
this._byId.delete(secretId.value);
|
|
123
|
+
this._byAlias.delete(existing.alias.value);
|
|
124
|
+
}
|
|
125
|
+
async getByAlias(alias) {
|
|
126
|
+
return this._byAlias.get(alias.value) ?? null;
|
|
127
|
+
}
|
|
128
|
+
async getById(secretId) {
|
|
129
|
+
return this._byId.get(secretId.value) ?? null;
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
export class InMemoryAuditLog {
|
|
133
|
+
_entries = [];
|
|
134
|
+
async append(entry) {
|
|
135
|
+
this._entries.push(entry);
|
|
136
|
+
}
|
|
137
|
+
async query(query) {
|
|
138
|
+
return this._entries.filter((entry) => {
|
|
139
|
+
if (query.actorId && entry.actor.id !== query.actorId)
|
|
140
|
+
return false;
|
|
141
|
+
if (query.secretAlias && entry.secretAlias !== query.secretAlias)
|
|
142
|
+
return false;
|
|
143
|
+
if (query.requestId && entry.requestId !== query.requestId)
|
|
144
|
+
return false;
|
|
145
|
+
if (query.since && entry.occurredAt < query.since)
|
|
146
|
+
return false;
|
|
147
|
+
return true;
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
export class InMemorySecretCustody {
|
|
152
|
+
_plaintextById = new Map();
|
|
153
|
+
async store(secretId, plaintext) {
|
|
154
|
+
this._plaintextById.set(secretId.value, plaintext);
|
|
155
|
+
}
|
|
156
|
+
async load(secretId) {
|
|
157
|
+
return this._plaintextById.get(secretId.value) ?? null;
|
|
158
|
+
}
|
|
159
|
+
async delete(secretId) {
|
|
160
|
+
this._plaintextById.delete(secretId.value);
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
export class InMemoryAgentIdentityRegistry {
|
|
164
|
+
_identities = new Map();
|
|
165
|
+
async register(identity) {
|
|
166
|
+
this._identities.set(`${identity.vaultId.value}:${identity.agentId}`, identity);
|
|
167
|
+
}
|
|
168
|
+
async get(vaultId, agentId) {
|
|
169
|
+
return this._identities.get(`${vaultId.value}:${agentId}`) ?? null;
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
export class InMemoryOwnerIdentityRegistry {
|
|
173
|
+
_identities = new Map();
|
|
174
|
+
async register(identity) {
|
|
175
|
+
this._identities.set(`${identity.vaultId.value}:${identity.ownerId}`, identity);
|
|
176
|
+
}
|
|
177
|
+
async get(vaultId, ownerId) {
|
|
178
|
+
return this._identities.get(`${vaultId.value}:${ownerId}`) ?? null;
|
|
179
|
+
}
|
|
180
|
+
async hasAny(vaultId) {
|
|
181
|
+
const prefix = `${vaultId.value}:`;
|
|
182
|
+
return Array.from(this._identities.keys()).some((key) => key.startsWith(prefix));
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
export class InMemoryCapabilityRevocationRegistry {
|
|
186
|
+
_versions = new Map();
|
|
187
|
+
revoke(vaultId, agentId, capabilityId) {
|
|
188
|
+
const key = `${vaultId.value}:${agentId}:${capabilityId}`;
|
|
189
|
+
const next = (this._versions.get(key) ?? 0) + 1;
|
|
190
|
+
this._versions.set(key, next);
|
|
191
|
+
return next;
|
|
192
|
+
}
|
|
193
|
+
get(vaultId, agentId, capabilityId) {
|
|
194
|
+
return this._versions.get(`${vaultId.value}:${agentId}:${capabilityId}`) ?? 0;
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
export class InMemoryCustomHttpFlowRegistry {
|
|
198
|
+
_flows = new Map();
|
|
199
|
+
async register(flow) {
|
|
200
|
+
this._flows.set(`${flow.vaultId.value}:${flow.flowId}`, flow);
|
|
201
|
+
}
|
|
202
|
+
async get(vaultId, flowId) {
|
|
203
|
+
return this._flows.get(`${vaultId.value}:${flowId}`) ?? null;
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
export class InMemoryRateLimitStore {
|
|
207
|
+
_buckets = new Map();
|
|
208
|
+
async consume(key, maxRequests, windowMs, nowMs) {
|
|
209
|
+
const current = this._buckets.get(key);
|
|
210
|
+
if (!current || nowMs >= current.resetAt) {
|
|
211
|
+
this._buckets.set(key, {
|
|
212
|
+
count: 1,
|
|
213
|
+
resetAt: nowMs + windowMs,
|
|
214
|
+
});
|
|
215
|
+
return;
|
|
216
|
+
}
|
|
217
|
+
if (current.count >= maxRequests) {
|
|
218
|
+
throw new VaultCoreError("capability rate limit exceeded", "VAULT_DISPATCH_DENIED");
|
|
219
|
+
}
|
|
220
|
+
current.count += 1;
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
export class DefaultPolicyEngine {
|
|
224
|
+
_options;
|
|
225
|
+
_rateLimitStore;
|
|
226
|
+
constructor(_options = {}) {
|
|
227
|
+
this._options = _options;
|
|
228
|
+
this._rateLimitStore = this._options.rateLimitStore ?? new InMemoryRateLimitStore();
|
|
229
|
+
}
|
|
230
|
+
validateRequestedAt(requestedAt, fieldName) {
|
|
231
|
+
const parsed = Date.parse(requestedAt);
|
|
232
|
+
if (Number.isNaN(parsed)) {
|
|
233
|
+
throw new VaultCoreError(`${fieldName} invalid`, "VAULT_WRITE_DENIED");
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
async isTrustedIssuer(issuerId) {
|
|
237
|
+
if (this._options.trustedIssuerIdResolver) {
|
|
238
|
+
return await this._options.trustedIssuerIdResolver(issuerId);
|
|
239
|
+
}
|
|
240
|
+
if (this._options.trustedIssuerIds) {
|
|
241
|
+
return this._options.trustedIssuerIds.includes(issuerId);
|
|
242
|
+
}
|
|
243
|
+
return false;
|
|
244
|
+
}
|
|
245
|
+
validateTargetBindings(bindings, code) {
|
|
246
|
+
if (bindings.length === 0) {
|
|
247
|
+
throw new VaultCoreError("target bindings required", code);
|
|
248
|
+
}
|
|
249
|
+
for (const binding of bindings) {
|
|
250
|
+
if (!binding.targetId?.trim()) {
|
|
251
|
+
throw new VaultCoreError("target binding id required", code);
|
|
252
|
+
}
|
|
253
|
+
if (binding.kind === "site") {
|
|
254
|
+
if (!binding.targetUrl) {
|
|
255
|
+
throw new VaultCoreError("site target url required", code);
|
|
256
|
+
}
|
|
257
|
+
canonicalizeAllowedTarget(binding.targetUrl);
|
|
258
|
+
}
|
|
259
|
+
if (binding.methods?.length === 0) {
|
|
260
|
+
throw new VaultCoreError("empty target methods denied", code);
|
|
261
|
+
}
|
|
262
|
+
if (binding.paths?.length === 0) {
|
|
263
|
+
throw new VaultCoreError("empty target paths denied", code);
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
async assertCapabilityRateLimit(request) {
|
|
268
|
+
const rateLimit = request.capability.rateLimit;
|
|
269
|
+
if (!rateLimit) {
|
|
270
|
+
return;
|
|
271
|
+
}
|
|
272
|
+
if (!Number.isInteger(rateLimit.maxRequests) || rateLimit.maxRequests <= 0) {
|
|
273
|
+
throw new VaultCoreError("capability rate limit invalid", "VAULT_DISPATCH_DENIED");
|
|
274
|
+
}
|
|
275
|
+
if (!Number.isInteger(rateLimit.windowMs) || rateLimit.windowMs <= 0) {
|
|
276
|
+
throw new VaultCoreError("capability rate limit invalid", "VAULT_DISPATCH_DENIED");
|
|
277
|
+
}
|
|
278
|
+
const now = this._options.now?.().getTime() ?? Date.now();
|
|
279
|
+
const key = `${request.vaultId.value}:${request.agent.id}:${request.capability.capabilityId}`;
|
|
280
|
+
await this._rateLimitStore.consume(key, rateLimit.maxRequests, rateLimit.windowMs, now);
|
|
281
|
+
}
|
|
282
|
+
async authorizeWrite(command) {
|
|
283
|
+
if (!command.alias.trim()) {
|
|
284
|
+
throw new VaultCoreError("secret alias required", "VAULT_WRITE_DENIED");
|
|
285
|
+
}
|
|
286
|
+
if (!command.plaintext) {
|
|
287
|
+
throw new VaultCoreError("secret plaintext required", "VAULT_WRITE_DENIED");
|
|
288
|
+
}
|
|
289
|
+
this.validateRequestedAt(command.requestedAt, "requestedAt");
|
|
290
|
+
if (command.kind === "owner.write_secret") {
|
|
291
|
+
if (!command.owner.id.trim()) {
|
|
292
|
+
throw new VaultCoreError("owner id required", "VAULT_WRITE_DENIED");
|
|
293
|
+
}
|
|
294
|
+
this.validateTargetBindings(command.targetBindings, "VAULT_WRITE_DENIED");
|
|
295
|
+
return;
|
|
296
|
+
}
|
|
297
|
+
if (command.issuer.id !== command.issuerSiteId) {
|
|
298
|
+
throw new VaultCoreError("issuer identity mismatch", "VAULT_WRITE_DENIED");
|
|
299
|
+
}
|
|
300
|
+
if (!await this.isTrustedIssuer(command.issuer.id)) {
|
|
301
|
+
throw new VaultCoreError("trusted issuer required", "VAULT_WRITE_DENIED");
|
|
302
|
+
}
|
|
303
|
+
if (!command.targetBindings?.length) {
|
|
304
|
+
throw new VaultCoreError("trusted issuer target bindings required", "VAULT_WRITE_DENIED");
|
|
305
|
+
}
|
|
306
|
+
this.validateTargetBindings(command.targetBindings, "VAULT_WRITE_DENIED");
|
|
307
|
+
}
|
|
308
|
+
async authorizeDispatch(request, record) {
|
|
309
|
+
const now = this._options.now?.() ?? new Date();
|
|
310
|
+
const canonicalRequestTarget = canonicalizeHttpTarget(request.targetUrl, request.method);
|
|
311
|
+
if (request.capability.vaultId.value !== request.vaultId.value) {
|
|
312
|
+
throw new VaultCoreError("capability vault mismatch", "VAULT_DISPATCH_DENIED");
|
|
313
|
+
}
|
|
314
|
+
if (record && record.vaultId.value !== request.vaultId.value) {
|
|
315
|
+
throw new VaultCoreError("record vault mismatch", "VAULT_DISPATCH_DENIED");
|
|
316
|
+
}
|
|
317
|
+
if (request.capability.expiresAt) {
|
|
318
|
+
const expiresAt = Date.parse(request.capability.expiresAt);
|
|
319
|
+
if (Number.isNaN(expiresAt) || expiresAt < now.getTime()) {
|
|
320
|
+
throw new VaultCoreError("capability expired", "VAULT_DISPATCH_DENIED");
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
if (request.capability.agentId !== request.agent.id) {
|
|
324
|
+
throw new VaultCoreError("capability agent mismatch", "VAULT_DISPATCH_DENIED");
|
|
325
|
+
}
|
|
326
|
+
if (request.capability.operation !== "dispatch_http" && request.capability.operation !== "custom_http") {
|
|
327
|
+
throw new VaultCoreError("operation denied", "VAULT_DISPATCH_DENIED");
|
|
328
|
+
}
|
|
329
|
+
const issuedAt = Date.parse(request.capability.issuedAt);
|
|
330
|
+
if (Number.isNaN(issuedAt) || issuedAt > now.getTime()) {
|
|
331
|
+
throw new VaultCoreError("capability issuedAt invalid", "VAULT_DISPATCH_DENIED");
|
|
332
|
+
}
|
|
333
|
+
if (record) {
|
|
334
|
+
if (request.capability.secretIds?.length) {
|
|
335
|
+
if (!request.capability.secretIds.includes(record.secretId.value)) {
|
|
336
|
+
throw new VaultCoreError("secret id denied", "VAULT_DISPATCH_DENIED");
|
|
337
|
+
}
|
|
338
|
+
}
|
|
339
|
+
else if (request.capability.secretAliases?.length && !request.capability.secretAliases.includes(record.alias.value)) {
|
|
340
|
+
throw new VaultCoreError("secret alias denied", "VAULT_DISPATCH_DENIED");
|
|
341
|
+
}
|
|
342
|
+
}
|
|
343
|
+
else {
|
|
344
|
+
if (request.capability.operation !== "custom_http") {
|
|
345
|
+
throw new VaultCoreError("secret alias required", "VAULT_DISPATCH_DENIED");
|
|
346
|
+
}
|
|
347
|
+
if (request.capability.secretIds?.length || request.capability.secretAliases?.length) {
|
|
348
|
+
throw new VaultCoreError("secret scope denied", "VAULT_DISPATCH_DENIED");
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
if (!request.capability.allowedTargets.some((target) => canonicalizeAllowedTarget(target) === canonicalRequestTarget.url)) {
|
|
352
|
+
throw new VaultCoreError("target denied", "VAULT_DISPATCH_DENIED");
|
|
353
|
+
}
|
|
354
|
+
if (!request.capability.allowedMethods.includes(canonicalRequestTarget.method)) {
|
|
355
|
+
throw new VaultCoreError("method denied", "VAULT_DISPATCH_DENIED");
|
|
356
|
+
}
|
|
357
|
+
if (request.capability.allowedPaths?.length && !request.capability.allowedPaths.includes(canonicalRequestTarget.path)) {
|
|
358
|
+
throw new VaultCoreError("path denied", "VAULT_DISPATCH_DENIED");
|
|
359
|
+
}
|
|
360
|
+
const currentRevocationVersion = this._options.capabilityRevocationRegistry
|
|
361
|
+
? await this._options.capabilityRevocationRegistry.get(request.capability.vaultId, request.capability.agentId, request.capability.capabilityId)
|
|
362
|
+
: 0;
|
|
363
|
+
if ((request.capability.revocationVersion ?? 0) < currentRevocationVersion) {
|
|
364
|
+
throw new VaultCoreError("capability revoked", "VAULT_DISPATCH_DENIED");
|
|
365
|
+
}
|
|
366
|
+
if (record) {
|
|
367
|
+
const targetAllowed = record.targetBindings.some((binding) => {
|
|
368
|
+
if (binding.kind === "owner") {
|
|
369
|
+
return binding.targetId === canonicalRequestTarget.url;
|
|
370
|
+
}
|
|
371
|
+
if (binding.targetUrl && canonicalizeAllowedTarget(binding.targetUrl) !== canonicalRequestTarget.url)
|
|
372
|
+
return false;
|
|
373
|
+
if (binding.methods?.length && !binding.methods.includes(canonicalRequestTarget.method))
|
|
374
|
+
return false;
|
|
375
|
+
if (binding.paths?.length && !binding.paths.includes(canonicalRequestTarget.path))
|
|
376
|
+
return false;
|
|
377
|
+
return true;
|
|
378
|
+
});
|
|
379
|
+
if (!targetAllowed) {
|
|
380
|
+
throw new VaultCoreError("record target denied", "VAULT_DISPATCH_DENIED");
|
|
381
|
+
}
|
|
382
|
+
}
|
|
383
|
+
await this.assertCapabilityRateLimit(request);
|
|
384
|
+
}
|
|
385
|
+
}
|
|
386
|
+
export class SignatureAgentProofVerifier {
|
|
387
|
+
_maxSkewMs;
|
|
388
|
+
_now;
|
|
389
|
+
_agentIdentities;
|
|
390
|
+
constructor(agentIdentities, options = {}) {
|
|
391
|
+
this._agentIdentities = agentIdentities;
|
|
392
|
+
this._maxSkewMs = options.maxSkewMs ?? (5 * 60 * 1000);
|
|
393
|
+
this._now = options.now ?? (() => new Date());
|
|
394
|
+
}
|
|
395
|
+
async verify(request) {
|
|
396
|
+
if (request.proof.agentId !== request.agent.id) {
|
|
397
|
+
throw new VaultCoreError("proof agent mismatch", "VAULT_DISPATCH_DENIED");
|
|
398
|
+
}
|
|
399
|
+
if (request.proof.requestId !== request.requestId || request.proof.requestedAt !== request.requestedAt) {
|
|
400
|
+
throw new VaultCoreError("proof binding mismatch", "VAULT_DISPATCH_DENIED");
|
|
401
|
+
}
|
|
402
|
+
const requestedAt = Date.parse(request.requestedAt);
|
|
403
|
+
if (Number.isNaN(requestedAt) || Math.abs(this._now().getTime() - requestedAt) > this._maxSkewMs) {
|
|
404
|
+
throw new VaultCoreError("proof timestamp out of range", "VAULT_DISPATCH_DENIED");
|
|
405
|
+
}
|
|
406
|
+
const registeredIdentity = await this._agentIdentities.get(request.vaultId, request.agent.id);
|
|
407
|
+
if (!registeredIdentity) {
|
|
408
|
+
throw new VaultCoreError("agent identity not registered", "VAULT_DISPATCH_DENIED");
|
|
409
|
+
}
|
|
410
|
+
const binding = createDispatchBinding(request);
|
|
411
|
+
if (!verifySignature(registeredIdentity.publicKey, request.proof.signature, binding)) {
|
|
412
|
+
throw new VaultCoreError("invalid proof signature", "VAULT_DISPATCH_DENIED");
|
|
413
|
+
}
|
|
414
|
+
}
|
|
415
|
+
}
|
|
416
|
+
export class SignatureOwnerProofVerifier {
|
|
417
|
+
_maxSkewMs;
|
|
418
|
+
_now;
|
|
419
|
+
_ownerIdentities;
|
|
420
|
+
constructor(ownerIdentities, options = {}) {
|
|
421
|
+
this._ownerIdentities = ownerIdentities;
|
|
422
|
+
this._maxSkewMs = options.maxSkewMs ?? (5 * 60 * 1000);
|
|
423
|
+
this._now = options.now ?? (() => new Date());
|
|
424
|
+
}
|
|
425
|
+
async verifyBinding(ownerId, vaultId, requestedAt, signature, binding) {
|
|
426
|
+
const parsedRequestedAt = Date.parse(requestedAt);
|
|
427
|
+
if (Number.isNaN(parsedRequestedAt) || Math.abs(this._now().getTime() - parsedRequestedAt) > this._maxSkewMs) {
|
|
428
|
+
throw new VaultCoreError("owner proof timestamp out of range", "VAULT_AUDIT_DENIED");
|
|
429
|
+
}
|
|
430
|
+
const registeredIdentity = await this._ownerIdentities.get(vaultId, ownerId);
|
|
431
|
+
if (!registeredIdentity) {
|
|
432
|
+
throw new VaultCoreError("owner identity not registered", "VAULT_AUDIT_DENIED");
|
|
433
|
+
}
|
|
434
|
+
if (!verifySignature(registeredIdentity.publicKey, signature, binding)) {
|
|
435
|
+
throw new VaultCoreError("invalid owner proof signature", "VAULT_AUDIT_DENIED");
|
|
436
|
+
}
|
|
437
|
+
}
|
|
438
|
+
async verifyWrite(command) {
|
|
439
|
+
if (command.proof.ownerId !== command.owner.id) {
|
|
440
|
+
throw new VaultCoreError("owner proof identity mismatch", "VAULT_WRITE_DENIED");
|
|
441
|
+
}
|
|
442
|
+
if (command.proof.requestId !== command.requestId || command.proof.requestedAt !== command.requestedAt) {
|
|
443
|
+
throw new VaultCoreError("owner proof binding mismatch", "VAULT_WRITE_DENIED");
|
|
444
|
+
}
|
|
445
|
+
const binding = createOwnerWriteBinding(command);
|
|
446
|
+
try {
|
|
447
|
+
await this.verifyBinding(command.owner.id, command.vaultId, command.requestedAt, command.proof.signature, binding);
|
|
448
|
+
}
|
|
449
|
+
catch (error) {
|
|
450
|
+
if (error instanceof VaultCoreError && error.code === "VAULT_AUDIT_DENIED") {
|
|
451
|
+
throw new VaultCoreError(error.message, "VAULT_WRITE_DENIED");
|
|
452
|
+
}
|
|
453
|
+
throw error;
|
|
454
|
+
}
|
|
455
|
+
}
|
|
456
|
+
async verifyAudit(request) {
|
|
457
|
+
if (request.proof.ownerId !== request.actor.id) {
|
|
458
|
+
throw new VaultCoreError("owner proof identity mismatch", "VAULT_AUDIT_DENIED");
|
|
459
|
+
}
|
|
460
|
+
if (request.proof.requestId !== request.requestId || request.proof.requestedAt !== request.requestedAt) {
|
|
461
|
+
throw new VaultCoreError("owner proof binding mismatch", "VAULT_AUDIT_DENIED");
|
|
462
|
+
}
|
|
463
|
+
await this.verifyBinding(request.actor.id, request.vaultId, request.requestedAt, request.proof.signature, createOwnerAuditBinding(request));
|
|
464
|
+
}
|
|
465
|
+
async verifyRegisterAgentIdentity(command) {
|
|
466
|
+
if (command.proof.ownerId !== command.owner.id) {
|
|
467
|
+
throw new VaultCoreError("owner proof identity mismatch", "VAULT_IDENTITY_DENIED");
|
|
468
|
+
}
|
|
469
|
+
if (command.proof.requestId !== command.requestId || command.proof.requestedAt !== command.requestedAt) {
|
|
470
|
+
throw new VaultCoreError("owner proof binding mismatch", "VAULT_IDENTITY_DENIED");
|
|
471
|
+
}
|
|
472
|
+
try {
|
|
473
|
+
await this.verifyBinding(command.owner.id, command.vaultId, command.requestedAt, command.proof.signature, createOwnerRegisterAgentBinding(command));
|
|
474
|
+
}
|
|
475
|
+
catch (error) {
|
|
476
|
+
if (error instanceof VaultCoreError && error.code === "VAULT_AUDIT_DENIED") {
|
|
477
|
+
throw new VaultCoreError(error.message, "VAULT_IDENTITY_DENIED");
|
|
478
|
+
}
|
|
479
|
+
throw error;
|
|
480
|
+
}
|
|
481
|
+
}
|
|
482
|
+
async verifyRegisterOwnerIdentity(command) {
|
|
483
|
+
if (command.proof.ownerId !== command.owner.id) {
|
|
484
|
+
throw new VaultCoreError("owner proof identity mismatch", "VAULT_IDENTITY_DENIED");
|
|
485
|
+
}
|
|
486
|
+
if (command.proof.requestId !== command.requestId || command.proof.requestedAt !== command.requestedAt) {
|
|
487
|
+
throw new VaultCoreError("owner proof binding mismatch", "VAULT_IDENTITY_DENIED");
|
|
488
|
+
}
|
|
489
|
+
try {
|
|
490
|
+
await this.verifyBinding(command.owner.id, command.vaultId, command.requestedAt, command.proof.signature, createOwnerRegisterOwnerBinding(command));
|
|
491
|
+
}
|
|
492
|
+
catch (error) {
|
|
493
|
+
if (error instanceof VaultCoreError && error.code === "VAULT_AUDIT_DENIED") {
|
|
494
|
+
throw new VaultCoreError(error.message, "VAULT_IDENTITY_DENIED");
|
|
495
|
+
}
|
|
496
|
+
throw error;
|
|
497
|
+
}
|
|
498
|
+
}
|
|
499
|
+
async verifyRegisterCustomFlow(command) {
|
|
500
|
+
if (command.proof.ownerId !== command.owner.id) {
|
|
501
|
+
throw new VaultCoreError("owner proof identity mismatch", "VAULT_IDENTITY_DENIED");
|
|
502
|
+
}
|
|
503
|
+
if (command.proof.requestId !== command.requestId || command.proof.requestedAt !== command.requestedAt) {
|
|
504
|
+
throw new VaultCoreError("owner proof binding mismatch", "VAULT_IDENTITY_DENIED");
|
|
505
|
+
}
|
|
506
|
+
try {
|
|
507
|
+
await this.verifyBinding(command.owner.id, command.vaultId, command.requestedAt, command.proof.signature, createOwnerRegisterCustomFlowBinding(command));
|
|
508
|
+
}
|
|
509
|
+
catch (error) {
|
|
510
|
+
if (error instanceof VaultCoreError && error.code === "VAULT_AUDIT_DENIED") {
|
|
511
|
+
throw new VaultCoreError(error.message, "VAULT_IDENTITY_DENIED");
|
|
512
|
+
}
|
|
513
|
+
throw error;
|
|
514
|
+
}
|
|
515
|
+
}
|
|
516
|
+
}
|
|
517
|
+
export class InMemoryReplayGuard {
|
|
518
|
+
_seen = new Map();
|
|
519
|
+
_ttlMs;
|
|
520
|
+
_now;
|
|
521
|
+
constructor(options = {}) {
|
|
522
|
+
this._ttlMs = options.maxSkewMs ?? (5 * 60 * 1000);
|
|
523
|
+
this._now = options.now ?? (() => new Date());
|
|
524
|
+
}
|
|
525
|
+
async assertNotReplayed(request) {
|
|
526
|
+
const now = this._now().getTime();
|
|
527
|
+
for (const [key, seenAt] of this._seen.entries()) {
|
|
528
|
+
if (now - seenAt > this._ttlMs) {
|
|
529
|
+
this._seen.delete(key);
|
|
530
|
+
}
|
|
531
|
+
}
|
|
532
|
+
const replayKey = `${request.agent.id}:${request.requestId}`;
|
|
533
|
+
if (this._seen.has(replayKey)) {
|
|
534
|
+
throw new VaultCoreError("request replay detected", "VAULT_DISPATCH_DENIED");
|
|
535
|
+
}
|
|
536
|
+
this._seen.set(replayKey, now);
|
|
537
|
+
}
|
|
538
|
+
}
|
|
539
|
+
export class HttpDispatchExecutor {
|
|
540
|
+
_fetchImpl;
|
|
541
|
+
_authHeaderName;
|
|
542
|
+
_authPrefix;
|
|
543
|
+
constructor(_fetchImpl = fetch, _authHeaderName = "Authorization", _authPrefix = "Bearer ") {
|
|
544
|
+
this._fetchImpl = _fetchImpl;
|
|
545
|
+
this._authHeaderName = _authHeaderName;
|
|
546
|
+
this._authPrefix = _authPrefix;
|
|
547
|
+
}
|
|
548
|
+
async dispatch(instruction, secret) {
|
|
549
|
+
try {
|
|
550
|
+
const response = await this._fetchImpl(instruction.targetUrl, {
|
|
551
|
+
method: instruction.method,
|
|
552
|
+
headers: {
|
|
553
|
+
...(instruction.headers ?? {}),
|
|
554
|
+
[this._authHeaderName]: `${this._authPrefix}${secret.plaintext}`,
|
|
555
|
+
},
|
|
556
|
+
body: instruction.body,
|
|
557
|
+
});
|
|
558
|
+
return {
|
|
559
|
+
vaultId: instruction.vaultId,
|
|
560
|
+
requestId: instruction.requestId,
|
|
561
|
+
status: response.ok ? "succeeded" : "failed",
|
|
562
|
+
targetUrl: instruction.targetUrl,
|
|
563
|
+
method: instruction.method,
|
|
564
|
+
responseStatus: response.status,
|
|
565
|
+
responseBody: await response.text(),
|
|
566
|
+
error: response.ok ? undefined : `HTTP_${response.status}`,
|
|
567
|
+
};
|
|
568
|
+
}
|
|
569
|
+
catch (error) {
|
|
570
|
+
return {
|
|
571
|
+
vaultId: instruction.vaultId,
|
|
572
|
+
requestId: instruction.requestId,
|
|
573
|
+
status: "failed",
|
|
574
|
+
targetUrl: instruction.targetUrl,
|
|
575
|
+
method: instruction.method,
|
|
576
|
+
error: error instanceof Error ? error.message : String(error),
|
|
577
|
+
};
|
|
578
|
+
}
|
|
579
|
+
}
|
|
580
|
+
}
|
|
581
|
+
export function createDefaultVaultCoreDependencies(options = {}) {
|
|
582
|
+
const agentIdentities = new InMemoryAgentIdentityRegistry();
|
|
583
|
+
const ownerIdentities = new InMemoryOwnerIdentityRegistry();
|
|
584
|
+
const vaultId = { value: options.vaultId ?? `vault_${crypto.randomUUID()}` };
|
|
585
|
+
return {
|
|
586
|
+
vaultId,
|
|
587
|
+
secrets: new InMemorySecretRepository(),
|
|
588
|
+
custody: new InMemorySecretCustody(),
|
|
589
|
+
policy: new DefaultPolicyEngine(options.policy),
|
|
590
|
+
audit: new InMemoryAuditLog(),
|
|
591
|
+
executor: new HttpDispatchExecutor(options.fetchImpl, options.authHeaderName, options.authPrefix),
|
|
592
|
+
agentIdentities,
|
|
593
|
+
ownerIdentities,
|
|
594
|
+
proofVerifier: new SignatureAgentProofVerifier(agentIdentities, options.proofVerifier),
|
|
595
|
+
ownerProofVerifier: new SignatureOwnerProofVerifier(ownerIdentities, options.proofVerifier),
|
|
596
|
+
customFlows: new InMemoryCustomHttpFlowRegistry(),
|
|
597
|
+
replayGuard: new InMemoryReplayGuard(options.proofVerifier),
|
|
598
|
+
clock: new SystemClock(),
|
|
599
|
+
ids: new RandomIdGenerator(),
|
|
600
|
+
};
|
|
601
|
+
}
|
|
602
|
+
//# sourceMappingURL=defaults.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/vault-core/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAoBxD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AA4C7C,SAAS,sBAAsB,CAAC,SAAiB,EAAE,MAAc;IAC/D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,cAAc,CAAC,6BAA6B,EAAE,uBAAuB,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,cAAc,CAAC,gCAAgC,EAAE,uBAAuB,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,cAAc,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChD,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChD,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;IACjB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACrH,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,IAAI,GAAG,CAAC;IACpC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC;IACvB,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE;QACtB,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;QAC5B,IAAI;KACL,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAiB;IAClD,OAAO,sBAAsB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC;AACtD,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAwB;IACrD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,YAAY,EAAE,OAAO,CAAC,UAAU,CAAC,YAAY;QAC7C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;QACxC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;KAC3B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,uBAAuB,CAC9B,OAAkG;IAElG,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,cAAc,EAAE,OAAO,CAAC,cAAc;KACvC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,uBAAuB,CAAC,OAA0B;IACzD,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,+BAA+B,CAAC,OAA0C;IACjF,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,aAAa,EAAE,OAAO,CAAC,aAAa;KACrC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,+BAA+B,CAAC,OAA0C;IACjF,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,aAAa,EAAE,OAAO,CAAC,aAAa;KACrC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,oCAAoC,CAAC,OAA2C;IACvF,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;QACzB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,WAAW;IACtB,MAAM;QACJ,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,iBAAiB;IAC5B,WAAW;QACT,OAAO,EAAE,KAAK,EAAE,UAAU,MAAM,CAAC,UAAU,EAAE,EAAE,EAAE,CAAC;IACpD,CAAC;IAED,UAAU;QACR,OAAO,EAAE,KAAK,EAAE,KAAK,MAAM,CAAC,UAAU,EAAE,EAAE,EAAE,CAAC;IAC/C,CAAC;IAED,eAAe;QACb,OAAO,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,wBAAwB;IAClB,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC3C,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAC;IAEzD,KAAK,CAAC,IAAI,CAAC,MAAoB;QAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAkB;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IACV,QAAQ,GAAiB,EAAE,CAAC;IAE7C,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAiB;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACpC,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YACpE,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW;gBAAE,OAAO,KAAK,CAAC;YAC/E,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC;YACzE,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,qBAAqB;IACf,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5D,KAAK,CAAC,KAAK,CAAC,QAAkB,EAAE,SAAiB;QAC/C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAkB;QAC3B,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC;CACF;AAED,MAAM,OAAO,6BAA6B;IACvB,WAAW,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEtE,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC,IAAI,IAAI,CAAC;IACrE,CAAC;CACF;AAED,MAAM,OAAO,6BAA6B;IACvB,WAAW,GAAG,IAAI,GAAG,EAA+B,CAAC;IAEtE,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,EAAE,CAAC,IAAI,IAAI,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,GAAG,CAAC;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACnF,CAAC;CACF;AAED,MAAM,OAAO,oCAAoC;IAC9B,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEvD,MAAM,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC5D,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,IAAI,YAAY,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QACzD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,IAAI,YAAY,EAAE,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC;CACF;AAED,MAAM,OAAO,8BAA8B;IACxB,MAAM,GAAG,IAAI,GAAG,EAAoC,CAAC;IAEtE,KAAK,CAAC,QAAQ,CAAC,IAA8B;QAC3C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,MAAc;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,EAAE,CAAC,IAAI,IAAI,CAAC;IAC/D,CAAC;CACF;AAED,MAAM,OAAO,sBAAsB;IAChB,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE/D,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB,EAAE,QAAgB,EAAE,KAAa;QAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACzC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,KAAK,GAAG,QAAQ;aAC1B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,cAAc,CAAC,gCAAgC,EAAE,uBAAuB,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;IACrB,CAAC;CACF;AAED,MAAM,OAAO,mBAAmB;IAGD;IAFZ,eAAe,CAAiB;IAEjD,YAA6B,WAAuC,EAAE;QAAzC,aAAQ,GAAR,QAAQ,CAAiC;QACpE,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,IAAI,IAAI,sBAAsB,EAAE,CAAC;IACtF,CAAC;IAEO,mBAAmB,CAAC,WAAmB,EAAE,SAAiB;QAChE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,cAAc,CAAC,GAAG,SAAS,UAAU,EAAE,oBAAoB,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,QAAgB;QAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,uBAAuB,EAAE,CAAC;YAC1C,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,sBAAsB,CAAC,QAAuC,EAAE,IAAoD;QAC1H,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,cAAc,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC;gBAC9B,MAAM,IAAI,cAAc,CAAC,4BAA4B,EAAE,IAAI,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;oBACvB,MAAM,IAAI,cAAc,CAAC,0BAA0B,EAAE,IAAI,CAAC,CAAC;gBAC7D,CAAC;gBACD,yBAAyB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC/C,CAAC;YACD,IAAI,OAAO,CAAC,OAAO,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,cAAc,CAAC,6BAA6B,EAAE,IAAI,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,cAAc,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,OAAwB;QAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;QACT,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;YAC3E,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAC9F,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC1F,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAyD;QAC5E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,cAAc,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,MAAM,IAAI,cAAc,CAAC,2BAA2B,EAAE,oBAAoB,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC7D,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;gBAC7B,MAAM,IAAI,cAAc,CAAC,mBAAmB,EAAE,oBAAoB,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,cAAc,EAAE,oBAAoB,CAAC,CAAC;YAC1E,OAAO;QACT,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,KAAK,OAAO,CAAC,YAAY,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,0BAA0B,EAAE,oBAAoB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,oBAAoB,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;YACpC,MAAM,IAAI,cAAc,CAAC,yCAAyC,EAAE,oBAAoB,CAAC,CAAC;QAC5F,CAAC;QACD,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,cAAc,EAAE,oBAAoB,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAwB,EAAE,MAA4B;QAC5E,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC;QAChD,MAAM,sBAAsB,GAAG,sBAAsB,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACzF,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC/D,MAAM,IAAI,cAAc,CAAC,2BAA2B,EAAE,uBAAuB,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAC7D,MAAM,IAAI,cAAc,CAAC,uBAAuB,EAAE,uBAAuB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBACzD,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YACpD,MAAM,IAAI,cAAc,CAAC,2BAA2B,EAAE,uBAAuB,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,uBAAuB,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QACzD,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,cAAc,CAAC,6BAA6B,EAAE,uBAAuB,CAAC,CAAC;QACnF,CAAC;QACD,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;gBACzC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBAClE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,uBAAuB,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtH,MAAM,IAAI,cAAc,CAAC,qBAAqB,EAAE,uBAAuB,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,aAAa,EAAE,CAAC;gBACnD,MAAM,IAAI,cAAc,CAAC,uBAAuB,EAAE,uBAAuB,CAAC,CAAC;YAC7E,CAAC;YACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;gBACrF,MAAM,IAAI,cAAc,CAAC,qBAAqB,EAAE,uBAAuB,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,yBAAyB,CAAC,MAAM,CAAC,KAAK,sBAAsB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1H,MAAM,IAAI,cAAc,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,cAAc,CAAC,eAAe,EAAE,uBAAuB,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;YACtH,MAAM,IAAI,cAAc,CAAC,aAAa,EAAE,uBAAuB,CAAC,CAAC;QACnE,CAAC;QACD,MAAM,wBAAwB,GAAG,IAAI,CAAC,QAAQ,CAAC,4BAA4B;YACzE,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,4BAA4B,CAAC,GAAG,CACpD,OAAO,CAAC,UAAU,CAAC,OAAO,EAC1B,OAAO,CAAC,UAAU,CAAC,OAAO,EAC1B,OAAO,CAAC,UAAU,CAAC,YAAY,CAChC;YACD,CAAC,CAAC,CAAC,CAAC;QACN,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,iBAAiB,IAAI,CAAC,CAAC,GAAG,wBAAwB,EAAE,CAAC;YAC3E,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,uBAAuB,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,aAAa,GAAG,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC3D,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC7B,OAAO,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,GAAG,CAAC;gBACzD,CAAC;gBACD,IAAI,OAAO,CAAC,SAAS,IAAI,yBAAyB,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,sBAAsB,CAAC,GAAG;oBAAE,OAAO,KAAK,CAAC;gBACnH,IAAI,OAAO,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACtG,IAAI,OAAO,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAChG,OAAO,IAAI,CAAC;YACd,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,cAAc,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;QACD,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;CACF;AAED,MAAM,OAAO,2BAA2B;IACrB,UAAU,CAAS;IACnB,IAAI,CAAa;IACjB,gBAAgB,CAAwB;IAEzD,YAAY,eAAsC,EAAE,UAA8C,EAAE;QAClG,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;QACxC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,CAAC;QAC5E,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,wBAAwB,EAAE,uBAAuB,CAAC,CAAC;QAC9E,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACpD,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,WAAW,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YACjG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9F,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;YACrF,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;CACF;AAED,MAAM,OAAO,2BAA2B;IACrB,UAAU,CAAS;IACnB,IAAI,CAAa;IACjB,gBAAgB,CAAwB;IAEzD,YAAY,eAAsC,EAAE,UAA8C,EAAE;QAClG,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;QACxC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,OAAe,EAAE,OAAgB,EAAE,WAAmB,EAAE,SAAiB,EAAE,OAAe;QACpH,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,iBAAiB,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7G,MAAM,IAAI,cAAc,CAAC,oCAAoC,EAAE,oBAAoB,CAAC,CAAC;QACvF,CAAC;QACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7E,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,CAAC;YACvE,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAkG;QAClH,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,OAAO,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBAC3E,MAAM,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAA0B;QAC1C,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,oBAAoB,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,IAAI,CAAC,aAAa,CACtB,OAAO,CAAC,KAAK,CAAC,EAAE,EAChB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,KAAK,CAAC,SAAS,EACvB,uBAAuB,CAAC,OAAO,CAAC,CACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,2BAA2B,CAAC,OAA0C;QAC1E,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CACtB,OAAO,CAAC,KAAK,CAAC,EAAE,EAChB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,KAAK,CAAC,SAAS,EACvB,+BAA+B,CAAC,OAAO,CAAC,CACzC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBAC3E,MAAM,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;YACnE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,2BAA2B,CAAC,OAA0C;QAC1E,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CACtB,OAAO,CAAC,KAAK,CAAC,EAAE,EAChB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,KAAK,CAAC,SAAS,EACvB,+BAA+B,CAAC,OAAO,CAAC,CACzC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBAC3E,MAAM,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;YACnE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,OAA2C;QACxE,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,cAAc,CAAC,+BAA+B,EAAE,uBAAuB,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;YACvG,MAAM,IAAI,cAAc,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CACtB,OAAO,CAAC,KAAK,CAAC,EAAE,EAChB,OAAO,CAAC,OAAO,EACf,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,KAAK,CAAC,SAAS,EACvB,oCAAoC,CAAC,OAAO,CAAC,CAC9C,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBAC3E,MAAM,IAAI,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;YACnE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAED,MAAM,OAAO,mBAAmB;IACb,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAClC,MAAM,CAAS;IACf,IAAI,CAAa;IAElC,YAAY,UAA8C,EAAE;QAC1D,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAwB;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QAClC,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,IAAI,GAAG,GAAG,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC/B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QACD,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QAC7D,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,oBAAoB;IAEZ;IACA;IACA;IAHnB,YACmB,aAA2B,KAAK,EAChC,kBAAkB,eAAe,EACjC,cAAc,SAAS;QAFvB,eAAU,GAAV,UAAU,CAAsB;QAChC,oBAAe,GAAf,eAAe,CAAkB;QACjC,gBAAW,GAAX,WAAW,CAAY;IACvC,CAAC;IAEJ,KAAK,CAAC,QAAQ,CACZ,WAAgC,EAChC,MAAmD;QAEnD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,EAAE;gBAC5D,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,OAAO,EAAE;oBACP,GAAG,CAAC,WAAW,CAAC,OAAO,IAAI,EAAE,CAAC;oBAC9B,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE;iBACjE;gBACD,IAAI,EAAE,WAAW,CAAC,IAAI;aACvB,CAAC,CAAC;YACH,OAAO;gBACL,OAAO,EAAE,WAAW,CAAC,OAAO;gBAC5B,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;gBAC5C,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,cAAc,EAAE,QAAQ,CAAC,MAAM;gBAC/B,YAAY,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE;gBACnC,KAAK,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE;aAC3D,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,WAAW,CAAC,OAAO;gBAC5B,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,MAAM,EAAE,QAAQ;gBAChB,SAAS,EAAE,WAAW,CAAC,SAAS;gBAChC,MAAM,EAAE,WAAW,CAAC,MAAM;gBAC1B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAYD,MAAM,UAAU,kCAAkC,CAChD,UAAqD,EAAE;IAiBvD,MAAM,eAAe,GAAG,IAAI,6BAA6B,EAAE,CAAC;IAC5D,MAAM,eAAe,GAAG,IAAI,6BAA6B,EAAE,CAAC;IAC5D,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,IAAI,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7E,OAAO;QACL,OAAO;QACP,OAAO,EAAE,IAAI,wBAAwB,EAAE;QACvC,OAAO,EAAE,IAAI,qBAAqB,EAAE;QACpC,MAAM,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,MAAM,CAAC;QAC/C,KAAK,EAAE,IAAI,gBAAgB,EAAE;QAC7B,QAAQ,EAAE,IAAI,oBAAoB,CAChC,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,cAAc,EACtB,OAAO,CAAC,UAAU,CACnB;QACD,eAAe;QACf,eAAe;QACf,aAAa,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QACtF,kBAAkB,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QAC3F,WAAW,EAAE,IAAI,8BAA8B,EAAE;QACjD,WAAW,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,aAAa,CAAC;QAC3D,KAAK,EAAE,IAAI,WAAW,EAAE;QACxB,GAAG,EAAE,IAAI,iBAAiB,EAAE;KAC7B,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export declare class VaultCoreError extends Error {
|
|
2
|
+
readonly code: "VAULT_SECRET_NOT_FOUND" | "VAULT_WRITE_DENIED" | "VAULT_IDENTITY_DENIED" | "VAULT_DISPATCH_DENIED" | "VAULT_AUDIT_DENIED" | "VAULT_AUDIT_FAILED";
|
|
3
|
+
constructor(message: string, code: "VAULT_SECRET_NOT_FOUND" | "VAULT_WRITE_DENIED" | "VAULT_IDENTITY_DENIED" | "VAULT_DISPATCH_DENIED" | "VAULT_AUDIT_DENIED" | "VAULT_AUDIT_FAILED");
|
|
4
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/vault-core/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,cAAe,SAAQ,KAAK;IAG5B;IAFX,YACE,OAAe,EACN,IAMe;QAExB,KAAK,CAAC,OAAO,CAAC,CAAC;QARN,SAAI,GAAJ,IAAI,CAMW;QAGxB,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF"}
|