@the-ai-company/cbio-node-runtime 1.19.0 → 1.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -16
- package/dist/runtime/bootstrap.d.ts +1 -0
- package/dist/runtime/bootstrap.js +8 -5
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/private-vault.js +15 -46
- package/dist/runtime/private-vault.js.map +1 -1
- package/dist/runtime/vault-metadata.d.ts +4 -4
- package/dist/runtime/vault-metadata.js +26 -7
- package/dist/runtime/vault-metadata.js.map +1 -1
- package/dist/sealed/index.d.ts +7 -0
- package/dist/sealed/index.js +7 -0
- package/dist/sealed/index.js.map +1 -0
- package/dist/sealed/json-repo.d.ts +13 -0
- package/dist/sealed/json-repo.js +56 -0
- package/dist/sealed/json-repo.js.map +1 -0
- package/dist/vault-core/persistence.d.ts +17 -25
- package/dist/vault-core/persistence.js +63 -89
- package/dist/vault-core/persistence.js.map +1 -1
- package/docs/ARCHITECTURE.md +16 -0
- package/docs/REFERENCE.md +10 -10
- package/docs/es/README.md +2 -1
- package/docs/fr/README.md +3 -2
- package/docs/ja/README.md +2 -1
- package/docs/ko/README.md +2 -1
- package/docs/pt/README.md +3 -2
- package/docs/zh/README.md +2 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -75,14 +75,18 @@ const profile = await readIdentityPrivateVaultProfile(storage, rootIdentity);
|
|
|
75
75
|
const children = await readIdentityPrivateVaultChildrenState(storage, rootIdentity.privateKey);
|
|
76
76
|
```
|
|
77
77
|
|
|
78
|
-
Vaults also support
|
|
79
|
-
|
|
80
|
-
```ts
|
|
81
|
-
const createdVault = await createVault({
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
78
|
+
Vaults also support optional public metadata for discovery:
|
|
79
|
+
|
|
80
|
+
```ts
|
|
81
|
+
const createdVault = await createVault({
|
|
82
|
+
ownerIdentity: rootIdentity,
|
|
83
|
+
nickname: 'main-vault',
|
|
84
|
+
publicMetadata: {
|
|
85
|
+
displayName: 'Primary Vault',
|
|
86
|
+
tags: ['production', 'main'],
|
|
87
|
+
},
|
|
88
|
+
});
|
|
89
|
+
```
|
|
86
90
|
|
|
87
91
|
If you want to override the default workspace directory:
|
|
88
92
|
|
|
@@ -94,14 +98,9 @@ const createdVault = await createVault(storage, {
|
|
|
94
98
|
});
|
|
95
99
|
```
|
|
96
100
|
|
|
97
|
-
The workspace root can contain many vaults. Each vault is
|
|
98
|
-
|
|
99
|
-
Each identity
|
|
100
|
-
|
|
101
|
-
- `profile.json`
|
|
102
|
-
- `children.json`
|
|
103
|
-
|
|
104
|
-
Those files are encrypted with a key derived from the identity private key, so they are not stored as plaintext JSON.
|
|
101
|
+
The workspace root can contain many vaults. Each vault is physically divided into `vault/sealed/` (encrypted) and `vault/public/` (plaintext discovery).
|
|
102
|
+
|
|
103
|
+
Each identity also has its own private namespace under `identities/<identityId>/sealed/...` for encrypted metadata such as `profile.sealed` and `children.sealed`.
|
|
105
104
|
|
|
106
105
|
## Architecture
|
|
107
106
|
|
|
@@ -5,6 +5,7 @@ import type { CreatedIdentity } from "./identity.js";
|
|
|
5
5
|
export interface CreateVaultOptions extends Omit<CreatePersistentVaultCoreDependenciesOptions, "vaultWorkingKey" | "vaultId"> {
|
|
6
6
|
vaultId?: string;
|
|
7
7
|
nickname?: string;
|
|
8
|
+
publicMetadata?: Record<string, any>;
|
|
8
9
|
ownerIdentity: CreatedIdentity;
|
|
9
10
|
vault?: {
|
|
10
11
|
customFlows?: VaultCustomFlowResolver;
|
|
@@ -49,9 +49,12 @@ export async function createVault(storageOrOptions, maybeOptions) {
|
|
|
49
49
|
await core.bootstrapOwnerIdentity(bootstrapOwner);
|
|
50
50
|
const nickname = options.nickname?.trim() ? options.nickname.trim() : undefined;
|
|
51
51
|
await writeVaultProfile(storage, {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
52
|
+
sealed: {
|
|
53
|
+
vaultId,
|
|
54
|
+
nickname,
|
|
55
|
+
},
|
|
56
|
+
public: options.publicMetadata ?? {},
|
|
57
|
+
}, vaultWorkingKey);
|
|
55
58
|
return {
|
|
56
59
|
core,
|
|
57
60
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
@@ -69,11 +72,11 @@ export async function recoverVault(storageOrOptions, maybeOptions) {
|
|
|
69
72
|
vaultWorkingKey,
|
|
70
73
|
});
|
|
71
74
|
const core = createVaultCore(deps);
|
|
72
|
-
const profile = await readVaultProfile(storage);
|
|
75
|
+
const profile = await readVaultProfile(storage, vaultWorkingKey);
|
|
73
76
|
return {
|
|
74
77
|
core,
|
|
75
78
|
vault: wrapVaultCoreAsVaultService(core, options.vault),
|
|
76
|
-
nickname: profile?.nickname,
|
|
79
|
+
nickname: profile?.sealed.nickname,
|
|
77
80
|
storage,
|
|
78
81
|
};
|
|
79
82
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/runtime/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EACL,qCAAqC,GAItC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,2BAA2B,GAG5B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,SAAS,qBAAqB,CAAC,UAAkB,EAAE,OAAe;IAChE,OAAO,MAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,2BAA2B,CAAC;SACnC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,UAAU,OAAO,EAAE,CAAC;AAC7B,CAAC;AAsCD,SAAS,cAAc,CACrB,gBAA6E,EAC7E,YAAuD;IAEvD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,OAAO,EAAE,gBAAoC;YAC7C,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,sBAAsB,EAAE;QACjC,OAAO,EAAE,gBAA4D;KACtE,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,gBAAuD,EACvD,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,SAAS,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;IACrF,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzF,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO;QACP,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,cAAc,GAAwB;QAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,UAAU;QACzC,SAAS,EAAE,OAAO,CAAC,aAAa,CAAC,SAAS;KAC3C,CAAC;IACF,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAChF,MAAM,iBAAiB,CAAC,OAAO,EAAE;QAC/B,MAAM,EAAE;YACN,OAAO;YACP,QAAQ;SACT;QACD,MAAM,EAAE,OAAO,CAAC,cAAc,IAAI,EAAE;KACrC,EAAE,eAAe,CAAC,CAAC;IACpB,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ;QACR,OAAO;KACR,CAAC;AACJ,CAAC;AAID,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAAwD,EACxD,YAAkC;IAElC,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,gBAAgB,EAAE,YAAY,CAG3F,CAAC;IACF,MAAM,OAAO,GAAG,qBAAqB,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7F,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACjG,MAAM,IAAI,GAAG,qCAAqC,CAAC,OAAO,EAAE;QAC1D,GAAG,OAAO;QACV,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,eAAe;KAChB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACjE,OAAO;QACL,IAAI;QACJ,KAAK,EAAE,2BAA2B,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC;QACvD,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ;QAClC,OAAO;KACR,CAAC;AACJ,CAAC"}
|
|
@@ -1,20 +1,19 @@
|
|
|
1
|
-
import { Buffer } from "node:buffer";
|
|
2
1
|
import { createHash } from "node:crypto";
|
|
3
|
-
import {
|
|
2
|
+
import { SealedJsonRepository } from "../sealed/index.js";
|
|
4
3
|
import { restoreIdentity } from "./identity.js";
|
|
5
|
-
const PRIVATE_VAULT_PREFIX = "
|
|
4
|
+
const PRIVATE_VAULT_PREFIX = "identities";
|
|
6
5
|
const PRIVATE_VAULT_LOCK_SUFFIX = ".lock";
|
|
7
6
|
export function identityPrivateVaultPrefix(identityId) {
|
|
8
7
|
return `${PRIVATE_VAULT_PREFIX}/${identityId}`;
|
|
9
8
|
}
|
|
10
9
|
export function identityPrivateVaultProfileKey(identityId) {
|
|
11
|
-
return `${identityPrivateVaultPrefix(identityId)}/profile.
|
|
10
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/profile.sealed`;
|
|
12
11
|
}
|
|
13
12
|
export function identityPrivateVaultChildrenKey(identityId) {
|
|
14
|
-
return `${identityPrivateVaultPrefix(identityId)}/children.
|
|
13
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/children.sealed`;
|
|
15
14
|
}
|
|
16
15
|
function lockKey(identityId) {
|
|
17
|
-
return `${identityPrivateVaultPrefix(identityId)}${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
16
|
+
return `${identityPrivateVaultPrefix(identityId)}/sealed/locks/vault${PRIVATE_VAULT_LOCK_SUFFIX}`;
|
|
18
17
|
}
|
|
19
18
|
function normalizeIdentityAccess(identityOrPrivateKey) {
|
|
20
19
|
if (typeof identityOrPrivateKey === "string") {
|
|
@@ -31,33 +30,6 @@ function deriveIdentityPrivateVaultKey(identity) {
|
|
|
31
30
|
.update(identity.privateKey)
|
|
32
31
|
.digest("base64url");
|
|
33
32
|
}
|
|
34
|
-
function sealIdentityPrivateVaultJson(identity, value, kind) {
|
|
35
|
-
const sealed = sealBlob({
|
|
36
|
-
version: SEALED_BLOB_VERSION,
|
|
37
|
-
secrets: {
|
|
38
|
-
payload: JSON.stringify(value),
|
|
39
|
-
},
|
|
40
|
-
secretMetadata: {
|
|
41
|
-
kind,
|
|
42
|
-
identityId: identity.identityId,
|
|
43
|
-
},
|
|
44
|
-
}, deriveIdentityPrivateVaultKey(identity));
|
|
45
|
-
return Buffer.from(sealed, "utf8");
|
|
46
|
-
}
|
|
47
|
-
function unsealIdentityPrivateVaultJson(identity, payload, expectedKind) {
|
|
48
|
-
const unsealed = unsealBlob(payload.toString("utf8"), deriveIdentityPrivateVaultKey(identity));
|
|
49
|
-
if (unsealed.secretMetadata.kind !== expectedKind) {
|
|
50
|
-
throw new Error(`unexpected identity private vault payload kind: ${String(unsealed.secretMetadata.kind)}`);
|
|
51
|
-
}
|
|
52
|
-
if (unsealed.secretMetadata.identityId !== identity.identityId) {
|
|
53
|
-
throw new Error("identity private vault payload identity mismatch");
|
|
54
|
-
}
|
|
55
|
-
const secretPayload = unsealed.secrets.payload;
|
|
56
|
-
if (typeof secretPayload !== "string") {
|
|
57
|
-
throw new Error("identity private vault payload missing body");
|
|
58
|
-
}
|
|
59
|
-
return JSON.parse(secretPayload);
|
|
60
|
-
}
|
|
61
33
|
export async function ensureIdentityPrivateVault(storage, identity) {
|
|
62
34
|
const profile = {
|
|
63
35
|
identityId: identity.identityId,
|
|
@@ -66,31 +38,27 @@ export async function ensureIdentityPrivateVault(storage, identity) {
|
|
|
66
38
|
parentIdentityId: identity.parentIdentityId,
|
|
67
39
|
childIndex: identity.childIndex,
|
|
68
40
|
};
|
|
69
|
-
|
|
41
|
+
const profileRepo = new SealedJsonRepository(storage, identityPrivateVaultProfileKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
42
|
+
await profileRepo.write(profile, "identity_private_vault_profile");
|
|
70
43
|
const childrenKey = identityPrivateVaultChildrenKey(identity.identityId);
|
|
71
44
|
if (!(await storage.has(childrenKey))) {
|
|
72
45
|
const emptyState = {
|
|
73
46
|
nextChildIndex: 0,
|
|
74
47
|
children: [],
|
|
75
48
|
};
|
|
76
|
-
|
|
49
|
+
const childrenRepo = new SealedJsonRepository(storage, childrenKey, deriveIdentityPrivateVaultKey(identity));
|
|
50
|
+
await childrenRepo.write(emptyState, "identity_private_vault_children");
|
|
77
51
|
}
|
|
78
52
|
}
|
|
79
53
|
export async function readIdentityPrivateVaultProfile(storage, identityOrPrivateKey) {
|
|
80
54
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
81
|
-
const
|
|
82
|
-
|
|
83
|
-
return null;
|
|
84
|
-
}
|
|
85
|
-
return unsealIdentityPrivateVaultJson(identity, raw, "identity_private_vault_profile");
|
|
55
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultProfileKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
56
|
+
return repo.read(null);
|
|
86
57
|
}
|
|
87
58
|
export async function readIdentityPrivateVaultChildrenState(storage, identityOrPrivateKey) {
|
|
88
59
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
89
|
-
const
|
|
90
|
-
|
|
91
|
-
return { nextChildIndex: 0, children: [] };
|
|
92
|
-
}
|
|
93
|
-
const parsed = unsealIdentityPrivateVaultJson(identity, raw, "identity_private_vault_children");
|
|
60
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultChildrenKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
61
|
+
const parsed = await repo.read({ nextChildIndex: 0, children: [] });
|
|
94
62
|
return {
|
|
95
63
|
nextChildIndex: parsed.nextChildIndex ?? parsed.children.length,
|
|
96
64
|
children: parsed.children ?? [],
|
|
@@ -98,7 +66,8 @@ export async function readIdentityPrivateVaultChildrenState(storage, identityOrP
|
|
|
98
66
|
}
|
|
99
67
|
export async function writeIdentityPrivateVaultChildrenState(storage, identityOrPrivateKey, state) {
|
|
100
68
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
101
|
-
|
|
69
|
+
const repo = new SealedJsonRepository(storage, identityPrivateVaultChildrenKey(identity.identityId), deriveIdentityPrivateVaultKey(identity));
|
|
70
|
+
await repo.write(state, "identity_private_vault_children");
|
|
102
71
|
}
|
|
103
72
|
export async function withIdentityPrivateVaultLock(storage, identityOrPrivateKey, task) {
|
|
104
73
|
const identity = normalizeIdentityAccess(identityOrPrivateKey);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"private-vault.js","sourceRoot":"","sources":["../../src/runtime/private-vault.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,OAAO,EAAE,eAAe,EAAwB,MAAM,eAAe,CAAC;AAEtE,MAAM,oBAAoB,GAAG,YAAY,CAAC;AAC1C,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAyB1C,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,OAAO,GAAG,oBAAoB,IAAI,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,UAAkB;IAC/D,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,wBAAwB,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,UAAkB;IAChE,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,yBAAyB,CAAC;AAC5E,CAAC;AAED,SAAS,OAAO,CAAC,UAAkB;IACjC,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,sBAAsB,yBAAyB,EAAE,CAAC;AACpG,CAAC;AAED,SAAS,uBAAuB,CAAC,oBAAgD;IAC/E,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,oBAAoB,CAAC;AAC9B,CAAC;AAED,SAAS,6BAA6B,CAAC,QAAyB;IAC9D,OAAO,UAAU,CAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,gCAAgC,CAAC;SACxC,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;SAC3B,MAAM,CAAC,IAAI,CAAC;SACZ,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC;SAC3B,MAAM,CAAC,WAAW,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,OAAyB,EACzB,QAAyB;IAEzB,MAAM,OAAO,GAAgC;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;IACF,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAC1C,OAAO,EACP,8BAA8B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACnD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,gCAAgC,CAAC,CAAC;IAEnE,MAAM,WAAW,GAAG,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACzE,IAAI,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACtC,MAAM,UAAU,GAAsC;YACpD,cAAc,EAAE,CAAC;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,MAAM,YAAY,GAAG,IAAI,oBAAoB,CAC3C,OAAO,EACP,WAAW,EACX,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;QACF,MAAM,YAAY,CAAC,KAAK,CAAC,UAAU,EAAE,iCAAiC,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,OAAyB,EACzB,oBAAgD;IAEhD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,8BAA8B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACnD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,IAAW,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,OAAyB,EACzB,oBAAgD;IAEhD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACpD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC/D,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sCAAsC,CAC1D,OAAyB,EACzB,oBAAgD,EAChD,KAAwC;IAExC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CACnC,OAAO,EACP,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,EACpD,6BAA6B,CAAC,QAAQ,CAAC,CACxC,CAAC;IACF,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,iCAAiC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,OAAyB,EACzB,oBAAgD,EAChD,IAAsB;IAEtB,MAAM,QAAQ,GAAG,uBAAuB,CAAC,oBAAoB,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
2
|
export interface VaultProfile {
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
sealed: Record<string, any>;
|
|
4
|
+
public: Record<string, any>;
|
|
5
5
|
}
|
|
6
|
-
export declare function writeVaultProfile(storage: IStorageProvider, profile: VaultProfile): Promise<void>;
|
|
7
|
-
export declare function readVaultProfile(storage: IStorageProvider): Promise<VaultProfile | null>;
|
|
6
|
+
export declare function writeVaultProfile(storage: IStorageProvider, profile: VaultProfile, vaultWorkingKey: string): Promise<void>;
|
|
7
|
+
export declare function readVaultProfile(storage: IStorageProvider, vaultWorkingKey: string): Promise<VaultProfile | null>;
|
|
@@ -1,13 +1,32 @@
|
|
|
1
1
|
import { Buffer } from "node:buffer";
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
2
|
+
import { SealedJsonRepository } from "../sealed/index.js";
|
|
3
|
+
const VAULT_SEALED_PROFILE_KEY = "vault/sealed/profile.sealed";
|
|
4
|
+
const VAULT_PUBLIC_PROFILE_KEY = "vault/public/profile.json";
|
|
5
|
+
export async function writeVaultProfile(storage, profile, vaultWorkingKey) {
|
|
6
|
+
// 1. Write Sealed Profile
|
|
7
|
+
const repo = new SealedJsonRepository(storage, VAULT_SEALED_PROFILE_KEY, vaultWorkingKey);
|
|
8
|
+
await repo.write(profile.sealed, "vault_profile_sealed");
|
|
9
|
+
// 2. Write Public Profile
|
|
10
|
+
if (profile.public && Object.keys(profile.public).length > 0) {
|
|
11
|
+
await storage.write(VAULT_PUBLIC_PROFILE_KEY, Buffer.from(JSON.stringify(profile.public, null, 2), "utf8"));
|
|
12
|
+
}
|
|
13
|
+
else {
|
|
14
|
+
if (await storage.has(VAULT_PUBLIC_PROFILE_KEY)) {
|
|
15
|
+
await storage.delete(VAULT_PUBLIC_PROFILE_KEY);
|
|
16
|
+
}
|
|
17
|
+
}
|
|
5
18
|
}
|
|
6
|
-
export async function readVaultProfile(storage) {
|
|
7
|
-
const
|
|
8
|
-
|
|
19
|
+
export async function readVaultProfile(storage, vaultWorkingKey) {
|
|
20
|
+
const repo = new SealedJsonRepository(storage, VAULT_SEALED_PROFILE_KEY, vaultWorkingKey);
|
|
21
|
+
const sealed = await repo.read(null);
|
|
22
|
+
if (!sealed) {
|
|
9
23
|
return null;
|
|
10
24
|
}
|
|
11
|
-
|
|
25
|
+
const publicRaw = await storage.read(VAULT_PUBLIC_PROFILE_KEY);
|
|
26
|
+
const publicData = publicRaw ? JSON.parse(publicRaw.toString("utf8")) : {};
|
|
27
|
+
return {
|
|
28
|
+
sealed,
|
|
29
|
+
public: publicData,
|
|
30
|
+
};
|
|
12
31
|
}
|
|
13
32
|
//# sourceMappingURL=vault-metadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vault-metadata.js","sourceRoot":"","sources":["../../src/runtime/vault-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"vault-metadata.js","sourceRoot":"","sources":["../../src/runtime/vault-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAO1D,MAAM,wBAAwB,GAAG,6BAA6B,CAAC;AAC/D,MAAM,wBAAwB,GAAG,2BAA2B,CAAC;AAE7D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAyB,EACzB,OAAqB,EACrB,eAAuB;IAEvB,0BAA0B;IAC1B,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAsB,OAAO,EAAE,wBAAwB,EAAE,eAAe,CAAC,CAAC;IAC/G,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IAEzD,0BAA0B;IAC1B,IAAI,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7D,MAAM,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9G,CAAC;SAAM,CAAC;QACN,IAAI,MAAM,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC;YAChD,MAAM,OAAO,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAyB,EACzB,eAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAsB,OAAO,EAAE,wBAAwB,EAAE,eAAe,CAAC,CAAC;IAC/G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAW,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE3E,OAAO;QACL,MAAM;QACN,MAAM,EAAE,UAAU;KACnB,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sealed blob export. Seal/unseal primitives and sealed blob format helpers.
|
|
3
|
+
* Do not depend on agent-facing client code.
|
|
4
|
+
*/
|
|
5
|
+
export { sealBlob, unsealBlob, SEALED_BLOB_VERSION } from './seal.js';
|
|
6
|
+
export type { SealedBlobPayload } from './seal.js';
|
|
7
|
+
export { SealedJsonRepository } from './json-repo.js';
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sealed blob export. Seal/unseal primitives and sealed blob format helpers.
|
|
3
|
+
* Do not depend on agent-facing client code.
|
|
4
|
+
*/
|
|
5
|
+
export { sealBlob, unsealBlob, SEALED_BLOB_VERSION } from './seal.js';
|
|
6
|
+
export { SealedJsonRepository } from './json-repo.js';
|
|
7
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sealed/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAEtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { IStorageProvider } from "../storage/provider.js";
|
|
2
|
+
/**
|
|
3
|
+
* Universal sealed JSON storage repository.
|
|
4
|
+
* Used by both ordinary vaults and identity private vaults.
|
|
5
|
+
*/
|
|
6
|
+
export declare class SealedJsonRepository<T> {
|
|
7
|
+
readonly storage: IStorageProvider;
|
|
8
|
+
private readonly _key;
|
|
9
|
+
private readonly _vaultWorkingKey?;
|
|
10
|
+
constructor(storage: IStorageProvider, _key: string, _vaultWorkingKey?: string | undefined);
|
|
11
|
+
read(fallback: T): Promise<T>;
|
|
12
|
+
write(value: T, metadataKind?: string): Promise<void>;
|
|
13
|
+
}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
import { sealBlob, unsealBlob } from "./seal.js";
|
|
3
|
+
/**
|
|
4
|
+
* Universal sealed JSON storage repository.
|
|
5
|
+
* Used by both ordinary vaults and identity private vaults.
|
|
6
|
+
*/
|
|
7
|
+
export class SealedJsonRepository {
|
|
8
|
+
storage;
|
|
9
|
+
_key;
|
|
10
|
+
_vaultWorkingKey;
|
|
11
|
+
constructor(storage, _key, _vaultWorkingKey) {
|
|
12
|
+
this.storage = storage;
|
|
13
|
+
this._key = _key;
|
|
14
|
+
this._vaultWorkingKey = _vaultWorkingKey;
|
|
15
|
+
}
|
|
16
|
+
async read(fallback) {
|
|
17
|
+
const payload = await this.storage.read(this._key);
|
|
18
|
+
if (!payload) {
|
|
19
|
+
return fallback;
|
|
20
|
+
}
|
|
21
|
+
if (!this._vaultWorkingKey) {
|
|
22
|
+
return JSON.parse(payload.toString("utf8"));
|
|
23
|
+
}
|
|
24
|
+
try {
|
|
25
|
+
const unsealed = unsealBlob(payload.toString("utf8"), this._vaultWorkingKey);
|
|
26
|
+
const secretPayload = unsealed.secrets.payload;
|
|
27
|
+
if (typeof secretPayload !== "string") {
|
|
28
|
+
throw new Error("sealed payload missing body");
|
|
29
|
+
}
|
|
30
|
+
return JSON.parse(secretPayload);
|
|
31
|
+
}
|
|
32
|
+
catch (e) {
|
|
33
|
+
// If we have a key but unseal fails, it might be legacy plaintext or wrong key.
|
|
34
|
+
throw e;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
async write(value, metadataKind) {
|
|
38
|
+
if (!this._vaultWorkingKey) {
|
|
39
|
+
const data = Buffer.from(JSON.stringify(value, null, 2), "utf8");
|
|
40
|
+
await this.storage.write(this._key, data);
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
const sealed = sealBlob({
|
|
44
|
+
version: "v1.0",
|
|
45
|
+
secrets: {
|
|
46
|
+
payload: JSON.stringify(value),
|
|
47
|
+
},
|
|
48
|
+
secretMetadata: {
|
|
49
|
+
kind: metadataKind || "sealed_json",
|
|
50
|
+
key: this._key,
|
|
51
|
+
},
|
|
52
|
+
}, this._vaultWorkingKey);
|
|
53
|
+
await this.storage.write(this._key, Buffer.from(sealed, "utf8"));
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=json-repo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"json-repo.js","sourceRoot":"","sources":["../../src/sealed/json-repo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGjD;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IAEb;IACC;IACA;IAHnB,YACkB,OAAyB,EACxB,IAAY,EACZ,gBAAyB;QAF1B,YAAO,GAAP,OAAO,CAAkB;QACxB,SAAI,GAAJ,IAAI,CAAQ;QACZ,qBAAgB,GAAhB,gBAAgB,CAAS;IACzC,CAAC;IAEJ,KAAK,CAAC,IAAI,CAAC,QAAW;QACpB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;QACnD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC7E,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC;YAC/C,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAM,CAAC;QACxC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,gFAAgF;YAChF,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAQ,EAAE,YAAqB;QACzC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACjE,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,QAAQ,CACrB;YACE,OAAO,EAAE,MAAM;YACf,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;aAC/B;YACD,cAAc,EAAE;gBACd,IAAI,EAAE,YAAY,IAAI,aAAa;gBACnC,GAAG,EAAE,IAAI,CAAC,IAAI;aACf;SACF,EACD,IAAI,CAAC,gBAAgB,CACtB,CAAC;QACF,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;CACF"}
|
|
@@ -3,7 +3,7 @@ import type { AgentCapability, AgentIdentityRecord, AuditEntry, AuditQuery, Owne
|
|
|
3
3
|
import type { AgentIdentityRegistry, AuditLog, CapabilityRegistry, CapabilityRevocationRegistry, CustomHttpFlowRegistry, OwnerIdentityRegistry, RateLimitStore, ReplayGuard, SecretCustody, SecretRepository } from "./ports.js";
|
|
4
4
|
import { createDefaultVaultCoreDependencies, type CreateDefaultVaultCoreDependenciesOptions } from "./defaults.js";
|
|
5
5
|
import type { DispatchRequest } from "./contracts.js";
|
|
6
|
-
export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/custody/working-key.sealed";
|
|
6
|
+
export declare const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/sealed/custody/working-key.sealed";
|
|
7
7
|
export interface InitializeVaultCustodyOptions {
|
|
8
8
|
vaultWorkingKey?: string;
|
|
9
9
|
vaultRecoveryKey?: string;
|
|
@@ -21,10 +21,9 @@ export interface CreatePersistentVaultCoreDependenciesOptions extends CreateDefa
|
|
|
21
21
|
export declare function initializeVaultCustody(storage: IStorageProvider, options?: InitializeVaultCustodyOptions): Promise<InitializedVaultCustody>;
|
|
22
22
|
export declare function recoverVaultWorkingKey(storage: IStorageProvider, vaultRecoveryKey: string, storageKey?: string): Promise<string>;
|
|
23
23
|
export declare class FileSecretRepository implements SecretRepository {
|
|
24
|
-
private readonly _storage;
|
|
25
|
-
private readonly _key;
|
|
26
24
|
private readonly _lockKey;
|
|
27
|
-
|
|
25
|
+
private readonly _repo;
|
|
26
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
28
27
|
private loadState;
|
|
29
28
|
save(record: SecretRecord): Promise<void>;
|
|
30
29
|
delete(secretId: SecretId): Promise<void>;
|
|
@@ -32,19 +31,17 @@ export declare class FileSecretRepository implements SecretRepository {
|
|
|
32
31
|
getById(secretId: SecretId): Promise<SecretRecord | null>;
|
|
33
32
|
}
|
|
34
33
|
export declare class FileAgentIdentityRegistry implements AgentIdentityRegistry {
|
|
35
|
-
private readonly _storage;
|
|
36
|
-
private readonly _key;
|
|
37
34
|
private readonly _lockKey;
|
|
38
|
-
|
|
35
|
+
private readonly _repo;
|
|
36
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
39
37
|
private loadState;
|
|
40
38
|
register(identity: AgentIdentityRecord): Promise<void>;
|
|
41
39
|
get(vaultId: VaultId, agentId: string): Promise<AgentIdentityRecord | null>;
|
|
42
40
|
}
|
|
43
41
|
export declare class FileOwnerIdentityRegistry implements OwnerIdentityRegistry {
|
|
44
|
-
private readonly _storage;
|
|
45
|
-
private readonly _key;
|
|
46
42
|
private readonly _lockKey;
|
|
47
|
-
|
|
43
|
+
private readonly _repo;
|
|
44
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
48
45
|
private loadState;
|
|
49
46
|
register(identity: OwnerIdentityRecord): Promise<void>;
|
|
50
47
|
get(vaultId: VaultId, ownerId: string): Promise<OwnerIdentityRecord | null>;
|
|
@@ -72,43 +69,38 @@ export declare class FileSecretCustody implements SecretCustody {
|
|
|
72
69
|
delete(secretId: SecretId): Promise<void>;
|
|
73
70
|
}
|
|
74
71
|
export declare class FileReplayGuard implements ReplayGuard {
|
|
75
|
-
private readonly _storage;
|
|
76
|
-
private readonly _key;
|
|
77
72
|
private readonly _lockKey;
|
|
78
73
|
private readonly _ttlMs;
|
|
79
|
-
|
|
74
|
+
private readonly _repo;
|
|
75
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string, _ttlMs?: number);
|
|
80
76
|
assertNotReplayed(request: DispatchRequest): Promise<void>;
|
|
81
77
|
}
|
|
82
78
|
export declare class FileCapabilityRegistry implements CapabilityRegistry {
|
|
83
|
-
private readonly _storage;
|
|
84
|
-
private readonly _key;
|
|
85
79
|
private readonly _lockKey;
|
|
86
|
-
|
|
80
|
+
private readonly _repo;
|
|
81
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
87
82
|
private loadState;
|
|
88
83
|
register(capability: AgentCapability): Promise<void>;
|
|
89
84
|
get(vaultId: VaultId, agentId: string, capabilityId: string): Promise<AgentCapability | null>;
|
|
90
85
|
}
|
|
91
86
|
export declare class FileRateLimitStore implements RateLimitStore {
|
|
92
|
-
private readonly _storage;
|
|
93
|
-
private readonly _key;
|
|
94
87
|
private readonly _lockKey;
|
|
95
|
-
|
|
88
|
+
private readonly _repo;
|
|
89
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
96
90
|
consume(key: string, maxRequests: number, windowMs: number, nowMs: number): Promise<void>;
|
|
97
91
|
}
|
|
98
92
|
export declare class FileCapabilityRevocationRegistry implements CapabilityRevocationRegistry {
|
|
99
|
-
private readonly _storage;
|
|
100
|
-
private readonly _key;
|
|
101
93
|
private readonly _lockKey;
|
|
102
|
-
|
|
94
|
+
private readonly _repo;
|
|
95
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
103
96
|
private compositeKey;
|
|
104
97
|
get(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
|
|
105
98
|
revoke(vaultId: VaultId, agentId: string, capabilityId: string): Promise<number>;
|
|
106
99
|
}
|
|
107
100
|
export declare class FileCustomHttpFlowRegistry implements CustomHttpFlowRegistry {
|
|
108
|
-
private readonly _storage;
|
|
109
|
-
private readonly _key;
|
|
110
101
|
private readonly _lockKey;
|
|
111
|
-
|
|
102
|
+
private readonly _repo;
|
|
103
|
+
constructor(storage: IStorageProvider, vaultWorkingKey: string, key?: string, _lockKey?: string);
|
|
112
104
|
private loadState;
|
|
113
105
|
register(flow: CustomHttpFlowDefinition): Promise<void>;
|
|
114
106
|
get(vaultId: VaultId, flowId: string): Promise<CustomHttpFlowDefinition | null>;
|
|
@@ -1,18 +1,8 @@
|
|
|
1
|
-
import { sealBlob, unsealBlob } from "../sealed/
|
|
1
|
+
import { sealBlob, unsealBlob, SealedJsonRepository } from "../sealed/index.js";
|
|
2
2
|
import { DefaultPolicyEngine, SignatureAgentProofVerifier, SignatureOwnerProofVerifier, createDefaultVaultCoreDependencies, } from "./defaults.js";
|
|
3
3
|
import { createHash, randomBytes } from "node:crypto";
|
|
4
4
|
import { VaultCoreError } from "./errors.js";
|
|
5
|
-
export const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/custody/working-key.sealed";
|
|
6
|
-
function serializeJson(value) {
|
|
7
|
-
return Buffer.from(JSON.stringify(value, null, 2), "utf8");
|
|
8
|
-
}
|
|
9
|
-
async function readJson(storage, key, fallback) {
|
|
10
|
-
const payload = await storage.read(key);
|
|
11
|
-
if (!payload) {
|
|
12
|
-
return fallback;
|
|
13
|
-
}
|
|
14
|
-
return JSON.parse(payload.toString("utf8"));
|
|
15
|
-
}
|
|
5
|
+
export const DEFAULT_VAULT_KEY_CUSTODY_BLOB_KEY = "vault/sealed/custody/working-key.sealed";
|
|
16
6
|
async function withStorageLock(storage, key, task) {
|
|
17
7
|
if (storage.withLock) {
|
|
18
8
|
return storage.withLock(key, task);
|
|
@@ -58,30 +48,28 @@ export async function recoverVaultWorkingKey(storage, vaultRecoveryKey, storageK
|
|
|
58
48
|
return vaultWorkingKey;
|
|
59
49
|
}
|
|
60
50
|
export class FileSecretRepository {
|
|
61
|
-
_storage;
|
|
62
|
-
_key;
|
|
63
51
|
_lockKey;
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
this._key = _key;
|
|
52
|
+
_repo;
|
|
53
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/secrets.sealed", _lockKey = "vault/sealed/locks/secrets") {
|
|
67
54
|
this._lockKey = _lockKey;
|
|
55
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
68
56
|
}
|
|
69
57
|
async loadState() {
|
|
70
|
-
return
|
|
58
|
+
return this._repo.read({ records: [] });
|
|
71
59
|
}
|
|
72
60
|
async save(record) {
|
|
73
|
-
await withStorageLock(this.
|
|
61
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
74
62
|
const state = await this.loadState();
|
|
75
63
|
const next = state.records.filter((candidate) => candidate.secretId.value !== record.secretId.value);
|
|
76
64
|
next.push(record);
|
|
77
|
-
await this.
|
|
65
|
+
await this._repo.write({ records: next }, "secrets_state");
|
|
78
66
|
});
|
|
79
67
|
}
|
|
80
68
|
async delete(secretId) {
|
|
81
|
-
await withStorageLock(this.
|
|
69
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
82
70
|
const state = await this.loadState();
|
|
83
71
|
const next = state.records.filter((candidate) => candidate.secretId.value !== secretId.value);
|
|
84
|
-
await this.
|
|
72
|
+
await this._repo.write({ records: next }, "secrets_state");
|
|
85
73
|
});
|
|
86
74
|
}
|
|
87
75
|
async getByAlias(alias) {
|
|
@@ -94,23 +82,21 @@ export class FileSecretRepository {
|
|
|
94
82
|
}
|
|
95
83
|
}
|
|
96
84
|
export class FileAgentIdentityRegistry {
|
|
97
|
-
_storage;
|
|
98
|
-
_key;
|
|
99
85
|
_lockKey;
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
this._key = _key;
|
|
86
|
+
_repo;
|
|
87
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/identities/agents.sealed", _lockKey = "vault/sealed/locks/agent-identities") {
|
|
103
88
|
this._lockKey = _lockKey;
|
|
89
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
104
90
|
}
|
|
105
91
|
async loadState() {
|
|
106
|
-
return
|
|
92
|
+
return this._repo.read({ identities: [] });
|
|
107
93
|
}
|
|
108
94
|
async register(identity) {
|
|
109
|
-
await withStorageLock(this.
|
|
95
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
110
96
|
const state = await this.loadState();
|
|
111
97
|
const next = state.identities.filter((candidate) => !(candidate.vaultId.value === identity.vaultId.value && candidate.agentId === identity.agentId));
|
|
112
98
|
next.push(identity);
|
|
113
|
-
await this.
|
|
99
|
+
await this._repo.write({ identities: next }, "agent_identity_state");
|
|
114
100
|
});
|
|
115
101
|
}
|
|
116
102
|
async get(vaultId, agentId) {
|
|
@@ -119,23 +105,21 @@ export class FileAgentIdentityRegistry {
|
|
|
119
105
|
}
|
|
120
106
|
}
|
|
121
107
|
export class FileOwnerIdentityRegistry {
|
|
122
|
-
_storage;
|
|
123
|
-
_key;
|
|
124
108
|
_lockKey;
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
this._key = _key;
|
|
109
|
+
_repo;
|
|
110
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/identities/owners.sealed", _lockKey = "vault/sealed/locks/owner-identities") {
|
|
128
111
|
this._lockKey = _lockKey;
|
|
112
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
129
113
|
}
|
|
130
114
|
async loadState() {
|
|
131
|
-
return
|
|
115
|
+
return this._repo.read({ identities: [] });
|
|
132
116
|
}
|
|
133
117
|
async register(identity) {
|
|
134
|
-
await withStorageLock(this.
|
|
118
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
135
119
|
const state = await this.loadState();
|
|
136
120
|
const next = state.identities.filter((candidate) => !(candidate.vaultId.value === identity.vaultId.value && candidate.ownerId === identity.ownerId));
|
|
137
121
|
next.push(identity);
|
|
138
|
-
await this.
|
|
122
|
+
await this._repo.write({ identities: next }, "owner_identity_state");
|
|
139
123
|
});
|
|
140
124
|
}
|
|
141
125
|
async get(vaultId, ownerId) {
|
|
@@ -151,7 +135,7 @@ export class FileAuditLog {
|
|
|
151
135
|
_storage;
|
|
152
136
|
_key;
|
|
153
137
|
_lockKey;
|
|
154
|
-
constructor(_storage, _key = "vault/audit.jsonl", _lockKey = "vault/locks/audit") {
|
|
138
|
+
constructor(_storage, _key = "vault/sealed/audit.jsonl", _lockKey = "vault/sealed/locks/audit") {
|
|
155
139
|
this._storage = _storage;
|
|
156
140
|
this._key = _key;
|
|
157
141
|
this._lockKey = _lockKey;
|
|
@@ -224,7 +208,7 @@ export class FileSecretCustody {
|
|
|
224
208
|
_storage;
|
|
225
209
|
_vaultWorkingKey;
|
|
226
210
|
_keyPrefix;
|
|
227
|
-
constructor(_storage, _vaultWorkingKey, _keyPrefix = "vault/custody") {
|
|
211
|
+
constructor(_storage, _vaultWorkingKey, _keyPrefix = "vault/sealed/custody") {
|
|
228
212
|
this._storage = _storage;
|
|
229
213
|
this._vaultWorkingKey = _vaultWorkingKey;
|
|
230
214
|
this._keyPrefix = _keyPrefix;
|
|
@@ -261,20 +245,18 @@ export class FileSecretCustody {
|
|
|
261
245
|
}
|
|
262
246
|
}
|
|
263
247
|
export class FileReplayGuard {
|
|
264
|
-
_storage;
|
|
265
|
-
_key;
|
|
266
248
|
_lockKey;
|
|
267
249
|
_ttlMs;
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
this._key = _key;
|
|
250
|
+
_repo;
|
|
251
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/security/replay.sealed", _lockKey = "vault/sealed/locks/replay", _ttlMs = 5 * 60 * 1000) {
|
|
271
252
|
this._lockKey = _lockKey;
|
|
272
253
|
this._ttlMs = _ttlMs;
|
|
254
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
273
255
|
}
|
|
274
256
|
async assertNotReplayed(request) {
|
|
275
|
-
await withStorageLock(this.
|
|
257
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
276
258
|
const now = Date.now();
|
|
277
|
-
const state = await
|
|
259
|
+
const state = await this._repo.read({ seen: {} });
|
|
278
260
|
const nextSeen = {};
|
|
279
261
|
for (const [key, seenAt] of Object.entries(state.seen)) {
|
|
280
262
|
if (now - seenAt <= this._ttlMs) {
|
|
@@ -286,30 +268,28 @@ export class FileReplayGuard {
|
|
|
286
268
|
throw new VaultCoreError("request replay detected", "VAULT_DISPATCH_DENIED");
|
|
287
269
|
}
|
|
288
270
|
nextSeen[replayKey] = now;
|
|
289
|
-
await this.
|
|
271
|
+
await this._repo.write({ seen: nextSeen }, "replay_guard_state");
|
|
290
272
|
});
|
|
291
273
|
}
|
|
292
274
|
}
|
|
293
275
|
export class FileCapabilityRegistry {
|
|
294
|
-
_storage;
|
|
295
|
-
_key;
|
|
296
276
|
_lockKey;
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
this._key = _key;
|
|
277
|
+
_repo;
|
|
278
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/capabilities.sealed", _lockKey = "vault/sealed/locks/capabilities") {
|
|
300
279
|
this._lockKey = _lockKey;
|
|
280
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
301
281
|
}
|
|
302
282
|
async loadState() {
|
|
303
|
-
return
|
|
283
|
+
return this._repo.read({ capabilities: [] });
|
|
304
284
|
}
|
|
305
285
|
async register(capability) {
|
|
306
|
-
await withStorageLock(this.
|
|
286
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
307
287
|
const state = await this.loadState();
|
|
308
288
|
const next = state.capabilities.filter((candidate) => !(candidate.vaultId.value === capability.vaultId.value
|
|
309
289
|
&& candidate.agentId === capability.agentId
|
|
310
290
|
&& candidate.capabilityId === capability.capabilityId));
|
|
311
291
|
next.push(capability);
|
|
312
|
-
await this.
|
|
292
|
+
await this._repo.write({ capabilities: next }, "capability_state");
|
|
313
293
|
});
|
|
314
294
|
}
|
|
315
295
|
async get(vaultId, agentId, capabilityId) {
|
|
@@ -320,17 +300,15 @@ export class FileCapabilityRegistry {
|
|
|
320
300
|
}
|
|
321
301
|
}
|
|
322
302
|
export class FileRateLimitStore {
|
|
323
|
-
_storage;
|
|
324
|
-
_key;
|
|
325
303
|
_lockKey;
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
this._key = _key;
|
|
304
|
+
_repo;
|
|
305
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/security/rate-limits.sealed", _lockKey = "vault/sealed/locks/rate-limits") {
|
|
329
306
|
this._lockKey = _lockKey;
|
|
307
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
330
308
|
}
|
|
331
309
|
async consume(key, maxRequests, windowMs, nowMs) {
|
|
332
|
-
await withStorageLock(this.
|
|
333
|
-
const state = await
|
|
310
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
311
|
+
const state = await this._repo.read({ buckets: {} });
|
|
334
312
|
const nextBuckets = {};
|
|
335
313
|
for (const [bucketKey, bucket] of Object.entries(state.buckets)) {
|
|
336
314
|
if (nowMs < bucket.resetAt) {
|
|
@@ -350,55 +328,51 @@ export class FileRateLimitStore {
|
|
|
350
328
|
}
|
|
351
329
|
current.count += 1;
|
|
352
330
|
}
|
|
353
|
-
await this.
|
|
331
|
+
await this._repo.write({ buckets: nextBuckets }, "rate_limit_state");
|
|
354
332
|
});
|
|
355
333
|
}
|
|
356
334
|
}
|
|
357
335
|
export class FileCapabilityRevocationRegistry {
|
|
358
|
-
_storage;
|
|
359
|
-
_key;
|
|
360
336
|
_lockKey;
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
this._key = _key;
|
|
337
|
+
_repo;
|
|
338
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/security/revocations.sealed", _lockKey = "vault/sealed/locks/revocations") {
|
|
364
339
|
this._lockKey = _lockKey;
|
|
340
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
365
341
|
}
|
|
366
342
|
compositeKey(vaultId, agentId, capabilityId) {
|
|
367
343
|
return `${vaultId.value}:${agentId}:${capabilityId}`;
|
|
368
344
|
}
|
|
369
345
|
async get(vaultId, agentId, capabilityId) {
|
|
370
|
-
const state = await
|
|
346
|
+
const state = await this._repo.read({ versions: {} });
|
|
371
347
|
return state.versions[this.compositeKey(vaultId, agentId, capabilityId)] ?? 0;
|
|
372
348
|
}
|
|
373
349
|
async revoke(vaultId, agentId, capabilityId) {
|
|
374
|
-
return withStorageLock(this.
|
|
375
|
-
const state = await
|
|
350
|
+
return withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
351
|
+
const state = await this._repo.read({ versions: {} });
|
|
376
352
|
const key = this.compositeKey(vaultId, agentId, capabilityId);
|
|
377
353
|
const next = (state.versions[key] ?? 0) + 1;
|
|
378
354
|
state.versions[key] = next;
|
|
379
|
-
await this.
|
|
355
|
+
await this._repo.write(state, "revocation_state");
|
|
380
356
|
return next;
|
|
381
357
|
});
|
|
382
358
|
}
|
|
383
359
|
}
|
|
384
360
|
export class FileCustomHttpFlowRegistry {
|
|
385
|
-
_storage;
|
|
386
|
-
_key;
|
|
387
361
|
_lockKey;
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
this._key = _key;
|
|
362
|
+
_repo;
|
|
363
|
+
constructor(storage, vaultWorkingKey, key = "vault/sealed/custom-flows.sealed", _lockKey = "vault/sealed/locks/custom-flows") {
|
|
391
364
|
this._lockKey = _lockKey;
|
|
365
|
+
this._repo = new SealedJsonRepository(storage, key, vaultWorkingKey);
|
|
392
366
|
}
|
|
393
367
|
async loadState() {
|
|
394
|
-
return
|
|
368
|
+
return this._repo.read({ flows: [] });
|
|
395
369
|
}
|
|
396
370
|
async register(flow) {
|
|
397
|
-
await withStorageLock(this.
|
|
371
|
+
await withStorageLock(this._repo.storage, this._lockKey, async () => {
|
|
398
372
|
const state = await this.loadState();
|
|
399
373
|
const next = state.flows.filter((candidate) => candidate.flowId !== flow.flowId);
|
|
400
374
|
next.push(flow);
|
|
401
|
-
await this.
|
|
375
|
+
await this._repo.write({ flows: next }, "custom_flow_state");
|
|
402
376
|
});
|
|
403
377
|
}
|
|
404
378
|
async get(vaultId, flowId) {
|
|
@@ -408,14 +382,14 @@ export class FileCustomHttpFlowRegistry {
|
|
|
408
382
|
}
|
|
409
383
|
export function createPersistentVaultCoreDependencies(storage, options) {
|
|
410
384
|
const defaults = createDefaultVaultCoreDependencies(options);
|
|
411
|
-
const agentIdentities = new FileAgentIdentityRegistry(storage);
|
|
412
|
-
const ownerIdentities = new FileOwnerIdentityRegistry(storage);
|
|
413
|
-
const capabilityRevocations = new FileCapabilityRevocationRegistry(storage);
|
|
414
|
-
const capabilities = new FileCapabilityRegistry(storage);
|
|
415
|
-
const customFlows = new FileCustomHttpFlowRegistry(storage);
|
|
385
|
+
const agentIdentities = new FileAgentIdentityRegistry(storage, options.vaultWorkingKey);
|
|
386
|
+
const ownerIdentities = new FileOwnerIdentityRegistry(storage, options.vaultWorkingKey);
|
|
387
|
+
const capabilityRevocations = new FileCapabilityRevocationRegistry(storage, options.vaultWorkingKey);
|
|
388
|
+
const capabilities = new FileCapabilityRegistry(storage, options.vaultWorkingKey);
|
|
389
|
+
const customFlows = new FileCustomHttpFlowRegistry(storage, options.vaultWorkingKey);
|
|
416
390
|
return {
|
|
417
391
|
...defaults,
|
|
418
|
-
secrets: new FileSecretRepository(storage),
|
|
392
|
+
secrets: new FileSecretRepository(storage, options.vaultWorkingKey),
|
|
419
393
|
custody: new FileSecretCustody(storage, options.vaultWorkingKey),
|
|
420
394
|
audit: new FileAuditLog(storage),
|
|
421
395
|
agentIdentities,
|
|
@@ -423,9 +397,9 @@ export function createPersistentVaultCoreDependencies(storage, options) {
|
|
|
423
397
|
policy: new DefaultPolicyEngine({
|
|
424
398
|
...(options.policy ?? {}),
|
|
425
399
|
capabilityRevocationRegistry: capabilityRevocations,
|
|
426
|
-
rateLimitStore: new FileRateLimitStore(storage),
|
|
400
|
+
rateLimitStore: new FileRateLimitStore(storage, options.vaultWorkingKey),
|
|
427
401
|
}),
|
|
428
|
-
replayGuard: new FileReplayGuard(storage, "vault/security/replay.
|
|
402
|
+
replayGuard: new FileReplayGuard(storage, options.vaultWorkingKey, "vault/sealed/security/replay.sealed", "vault/sealed/locks/replay", options.proofVerifier?.maxSkewMs ?? (5 * 60 * 1000)),
|
|
429
403
|
proofVerifier: new SignatureAgentProofVerifier(agentIdentities, options.proofVerifier),
|
|
430
404
|
ownerProofVerifier: new SignatureOwnerProofVerifier(ownerIdentities, options.proofVerifier),
|
|
431
405
|
capabilities,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"persistence.js","sourceRoot":"","sources":["../../src/vault-core/persistence.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAyBzD,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,2BAA2B,EAC3B,kCAAkC,GAEnC,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAmC7C,MAAM,CAAC,MAAM,kCAAkC,GAAG,kCAAkC,CAAC;AAmBrF,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,QAAQ,CAAI,OAAyB,EAAE,GAAW,EAAE,QAAW;IAC5E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAM,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,eAAe,CAAI,OAAyB,EAAE,GAAW,EAAE,IAAsB;IAC9F,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAyB,EACzB,UAAyC,EAAE;IAE3C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,kCAAkC,CAAC;IAC5E,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,eAAe,EAAE,CAAC;IACrE,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,eAAe,EAAE,CAAC;IACvE,MAAM,MAAM,GAAG,QAAQ,CACrB;QACE,OAAO,EAAE,MAAM;QACf,OAAO,EAAE;YACP,eAAe;SAChB;QACD,cAAc,EAAE;YACd,IAAI,EAAE,mBAAmB;SAC1B;KACF,EACD,gBAAgB,CACjB,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7D,OAAO;QACL,eAAe;QACf,gBAAgB;QAChB,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAyB,EACzB,gBAAwB,EACxB,UAAU,GAAG,kCAAkC;IAE/C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACxE,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC;IACzD,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,OAAO,oBAAoB;IAEZ;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,oBAAoB,EAC3B,WAAW,qBAAqB;QAFhC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAuB;QAC3B,aAAQ,GAAR,QAAQ,CAAwB;IAChD,CAAC;IAEI,KAAK,CAAC,SAAS;QACrB,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAoB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC9F,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAkB;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAC1F,CAAC;CACF;AAED,MAAM,OAAO,yBAAyB;IAEjB;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,8BAA8B,EACrC,WAAW,8BAA8B;QAFzC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAiC;QACrC,aAAQ,GAAR,QAAQ,CAAiC;IACzD,CAAC;IAEI,KAAK,CAAC,SAAS;QACrB,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACjD,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO,CAAC,CAChG,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpB,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,CAAC;IAC/H,CAAC;CACF;AAED,MAAM,OAAO,yBAAyB;IAEjB;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,8BAA8B,EACrC,WAAW,8BAA8B;QAFzC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAiC;QACrC,aAAQ,GAAR,QAAQ,CAAiC;IACzD,CAAC;IAEI,KAAK,CAAC,SAAS;QACrB,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACjD,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO,CAAC,CAChG,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpB,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,CAAC;IAC/H,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC;CACF;AAED,MAAM,OAAO,YAAY;IAEJ;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,mBAAmB,EAC1B,WAAW,mBAAmB;QAF9B,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAsB;QAC1B,aAAQ,GAAR,QAAQ,CAAsB;IAC9C,CAAC;IAEI,IAAI,CAAC,KAAa;QACxB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAEO,mBAAmB,CAAC,KAAe;QACzC,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,IAAI,YAAY,GAAG,SAAS,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA6D,CAAC;YAC5F,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5F,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,QAAQ,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACrE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM;gBAC/B,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAsB,CAAC,IAAI;gBAChE,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,YAAY,GAAG;gBACnB,QAAQ,EAAE,YAAY;gBACtB,KAAK;gBACL,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;aACnE,CAAC;YACF,MAAM,QAAQ,GAAG,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;YAC5E,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAiB;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YACpE,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW;gBAAE,OAAO,KAAK,CAAC;YAC/E,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC;YACzE,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,iBAAiB;IAET;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,gBAAwB,EACxB,aAAa,eAAe;QAF5B,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,eAAU,GAAV,UAAU,CAAkB;IAC5C,CAAC;IAEI,GAAG,CAAC,QAAkB;QAC5B,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAC,KAAK,SAAS,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,QAAkB,EAAE,SAAiB;QAC/C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,MAAM,GAAG,QAAQ,CACrB;gBACE,OAAO,EAAE,MAAM;gBACf,OAAO,EAAE;oBACP,QAAQ,EAAE,SAAS;iBACpB;gBACD,cAAc,EAAE;oBACd,QAAQ,EAAE,QAAQ,CAAC,KAAK;iBACzB;aACF,EACD,IAAI,CAAC,gBAAgB,CACtB,CAAC;YACF,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAkB;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,eAAe;IAEP;IACA;IACA;IACA;IAJnB,YACmB,QAA0B,EAC1B,OAAO,4BAA4B,EACnC,WAAW,oBAAoB,EAC/B,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI;QAHtB,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAA+B;QACnC,aAAQ,GAAR,QAAQ,CAAuB;QAC/B,WAAM,GAAN,MAAM,CAAgB;IACtC,CAAC;IAEJ,KAAK,CAAC,iBAAiB,CAAC,OAAwB;QAC9C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAc,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAClF,MAAM,QAAQ,GAA2B,EAAE,CAAC;YAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvD,IAAI,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;gBACzB,CAAC;YACH,CAAC;YACD,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YAC7D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CAAC;YAC/E,CAAC;YACD,QAAQ,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC;YAC1B,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,sBAAsB;IAEd;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,yBAAyB,EAChC,WAAW,0BAA0B;QAFrC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAA4B;QAChC,aAAQ,GAAR,QAAQ,CAA6B;IACrD,CAAC;IAEI,KAAK,CAAC,SAAS;QACrB,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAA2B;QACxC,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACnD,CAAC,CACC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,UAAU,CAAC,OAAO,CAAC,KAAK;mBACjD,SAAS,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO;mBACxC,SAAS,CAAC,YAAY,KAAK,UAAU,CAAC,YAAY,CACtD,CACF,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtB,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC/D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAC5C,UAAU,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK;eACvC,UAAU,CAAC,OAAO,KAAK,OAAO;eAC9B,UAAU,CAAC,YAAY,KAAK,YAAY,CAC5C,IAAI,IAAI,CAAC;IACZ,CAAC;CACF;AAED,MAAM,OAAO,kBAAkB;IAEV;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,iCAAiC,EACxC,WAAW,yBAAyB;QAFpC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAoC;QACxC,aAAQ,GAAR,QAAQ,CAA4B;IACpD,CAAC;IAEJ,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB,EAAE,QAAgB,EAAE,KAAa;QAC7E,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAiB,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;YACxF,MAAM,WAAW,GAAuD,EAAE,CAAC;YAC3E,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChE,IAAI,KAAK,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC3B,WAAW,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,CAAC,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACzC,WAAW,CAAC,GAAG,CAAC,GAAG;oBACjB,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE,KAAK,GAAG,QAAQ;iBAC1B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,cAAc,CAAC,gCAAgC,EAAE,uBAAuB,CAAC,CAAC;gBACtF,CAAC;gBACD,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,gCAAgC;IAExB;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,iCAAiC,EACxC,WAAW,yBAAyB;QAFpC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAAoC;QACxC,aAAQ,GAAR,QAAQ,CAA4B;IACpD,CAAC;IAEI,YAAY,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC1E,OAAO,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,IAAI,YAAY,EAAE,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC/D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAkB,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1F,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAClE,OAAO,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC9D,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAkB,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;YAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;YAC9D,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC5C,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YAC3B,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,0BAA0B;IAElB;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,yBAAyB,EAChC,WAAW,0BAA0B;QAFrC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAA4B;QAChC,aAAQ,GAAR,QAAQ,CAA6B;IACrD,CAAC;IAEI,KAAK,CAAC,SAAS;QACrB,OAAO,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAA8B;QAC3C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC;YACjF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChB,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,MAAc;QACxC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC;IAC5G,CAAC;CACF;AAED,MAAM,UAAU,qCAAqC,CACnD,OAAyB,EACzB,OAAqD;IAmBrD,MAAM,QAAQ,GAAG,kCAAkC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,eAAe,GAAG,IAAI,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,qBAAqB,GAAG,IAAI,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,IAAI,0BAA0B,CAAC,OAAO,CAAC,CAAC;IAC5D,OAAO;QACL,GAAG,QAAQ;QACX,OAAO,EAAE,IAAI,oBAAoB,CAAC,OAAO,CAAC;QAC1C,OAAO,EAAE,IAAI,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC;QAChE,KAAK,EAAE,IAAI,YAAY,CAAC,OAAO,CAAC;QAChC,eAAe;QACf,eAAe;QACf,MAAM,EAAE,IAAI,mBAAmB,CAAC;YAC9B,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,4BAA4B,EAAE,qBAAqB;YACnD,cAAc,EAAE,IAAI,kBAAkB,CAAC,OAAO,CAAC;SAChD,CAAC;QACF,WAAW,EAAE,IAAI,eAAe,CAC9B,OAAO,EACP,4BAA4B,EAC5B,oBAAoB,EACpB,OAAO,CAAC,aAAa,EAAE,SAAS,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CACpD;QACD,aAAa,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QACtF,kBAAkB,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QAC3F,YAAY;QACZ,qBAAqB;QACrB,WAAW;KACZ,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"persistence.js","sourceRoot":"","sources":["../../src/vault-core/persistence.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AA0BhF,OAAO,EACL,mBAAmB,EACnB,2BAA2B,EAC3B,2BAA2B,EAC3B,kCAAkC,GAEnC,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAmC7C,MAAM,CAAC,MAAM,kCAAkC,GAAG,yCAAyC,CAAC;AAmB5F,KAAK,UAAU,eAAe,CAAI,OAAyB,EAAE,GAAW,EAAE,IAAsB;IAC9F,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAGD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAyB,EACzB,UAAyC,EAAE;IAE3C,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,kCAAkC,CAAC;IAC5E,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,MAAM,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,eAAe,EAAE,CAAC;IACrE,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,eAAe,EAAE,CAAC;IACvE,MAAM,MAAM,GAAG,QAAQ,CACrB;QACE,OAAO,EAAE,MAAM;QACf,OAAO,EAAE;YACP,eAAe;SAChB;QACD,cAAc,EAAE;YACd,IAAI,EAAE,mBAAmB;SAC1B;KACF,EACD,gBAAgB,CACjB,CAAC;IACF,MAAM,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7D,OAAO;QACL,eAAe;QACf,gBAAgB;QAChB,UAAU;KACX,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAyB,EACzB,gBAAwB,EACxB,UAAU,GAAG,kCAAkC;IAE/C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACxE,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC;IACzD,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,OAAO,oBAAoB;IAOZ;IANF,KAAK,CAA8C;IAEpE,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,6BAA6B,EAClB,WAAW,4BAA4B;QAAvC,aAAQ,GAAR,QAAQ,CAA+B;QAExD,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAoB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,KAAK,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,eAAe,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC9F,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,eAAe,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAkB;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,QAAkB;QAC9B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IAC1F,CAAC;CACF;AAED,MAAM,OAAO,yBAAyB;IAOjB;IANF,KAAK,CAA2C;IAEjE,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,uCAAuC,EAC5B,WAAW,qCAAqC;QAAhD,aAAQ,GAAR,QAAQ,CAAwC;QAEjE,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACjD,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO,CAAC,CAChG,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,sBAAsB,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,CAAC;IAC/H,CAAC;CACF;AAED,MAAM,OAAO,yBAAyB;IAOjB;IANF,KAAK,CAA2C;IAEjE,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,uCAAuC,EAC5B,WAAW,qCAAqC;QAAhD,aAAQ,GAAR,QAAQ,CAAwC;QAEjE,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAA6B;QAC1C,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACjD,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO,CAAC,CAChG,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,sBAAsB,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe;QACzC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,CAAC;IAC/H,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgB;QAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC;CACF;AAED,MAAM,OAAO,YAAY;IAEJ;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,OAAO,0BAA0B,EACjC,WAAW,0BAA0B;QAFrC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,SAAI,GAAJ,IAAI,CAA6B;QACjC,aAAQ,GAAR,QAAQ,CAA6B;IACrD,CAAC;IAEI,IAAI,CAAC,KAAa;QACxB,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAEO,mBAAmB,CAAC,KAAe;QACzC,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,IAAI,YAAY,GAAG,SAAS,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA6D,CAAC;YAC5F,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5F,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,QAAQ,KAAK,YAAY,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACrE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAiB;QAC5B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM;gBAC/B,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAsB,CAAC,IAAI;gBAChE,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,YAAY,GAAG;gBACnB,QAAQ,EAAE,YAAY;gBACtB,KAAK;gBACL,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;aACnE,CAAC;YACF,MAAM,QAAQ,GAAG,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;YAC5E,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAAiB;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QACzC,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YACpE,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,KAAK,KAAK,CAAC,WAAW;gBAAE,OAAO,KAAK,CAAC;YAC/E,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC;YACzE,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,iBAAiB;IAET;IACA;IACA;IAHnB,YACmB,QAA0B,EAC1B,gBAAwB,EACxB,aAAa,sBAAsB;QAFnC,aAAQ,GAAR,QAAQ,CAAkB;QAC1B,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,eAAU,GAAV,UAAU,CAAyB;IACnD,CAAC;IAEI,GAAG,CAAC,QAAkB;QAC5B,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,QAAQ,CAAC,KAAK,SAAS,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,QAAkB,EAAE,SAAiB;QAC/C,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,MAAM,GAAG,QAAQ,CACrB;gBACE,OAAO,EAAE,MAAM;gBACf,OAAO,EAAE;oBACP,QAAQ,EAAE,SAAS;iBACpB;gBACD,cAAc,EAAE;oBACd,QAAQ,EAAE,QAAQ,CAAC,KAAK;iBACzB;aACF,EACD,IAAI,CAAC,gBAAgB,CACtB,CAAC;YACF,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAkB;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,QAAkB;QAC7B,MAAM,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,eAAe;IAOP;IACA;IAPF,KAAK,CAAoC;IAE1D,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,qCAAqC,EAC1B,WAAW,2BAA2B,EACtC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI;QADtB,aAAQ,GAAR,QAAQ,CAA8B;QACtC,WAAM,GAAN,MAAM,CAAgB;QAEvC,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,OAAwB;QAC9C,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YAClD,MAAM,QAAQ,GAA2B,EAAE,CAAC;YAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvD,IAAI,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;gBACzB,CAAC;YACH,CAAC;YACD,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YAC7D,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,cAAc,CAAC,yBAAyB,EAAE,uBAAuB,CAAC,CAAC;YAC/E,CAAC;YACD,QAAQ,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC;YAC1B,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,oBAAoB,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,sBAAsB;IAOd;IANF,KAAK,CAAwC;IAE9D,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,kCAAkC,EACvB,WAAW,iCAAiC;QAA5C,aAAQ,GAAR,QAAQ,CAAoC;QAE7D,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,UAA2B;QACxC,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CACnD,CAAC,CACC,SAAS,CAAC,OAAO,CAAC,KAAK,KAAK,UAAU,CAAC,OAAO,CAAC,KAAK;mBACjD,SAAS,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO;mBACxC,SAAS,CAAC,YAAY,KAAK,UAAU,CAAC,YAAY,CACtD,CACF,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC/D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAC5C,UAAU,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK;eACvC,UAAU,CAAC,OAAO,KAAK,OAAO;eAC9B,UAAU,CAAC,YAAY,KAAK,YAAY,CAC5C,IAAI,IAAI,CAAC;IACZ,CAAC;CACF;AAED,MAAM,OAAO,kBAAkB;IAOV;IANF,KAAK,CAAuC;IAE7D,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,0CAA0C,EAC/B,WAAW,gCAAgC;QAA3C,aAAQ,GAAR,QAAQ,CAAmC;QAE5D,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB,EAAE,QAAgB,EAAE,KAAa;QAC7E,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,WAAW,GAAuD,EAAE,CAAC;YAC3E,KAAK,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChE,IAAI,KAAK,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;oBAC3B,WAAW,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,CAAC,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACzC,WAAW,CAAC,GAAG,CAAC,GAAG;oBACjB,KAAK,EAAE,CAAC;oBACR,OAAO,EAAE,KAAK,GAAG,QAAQ;iBAC1B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,cAAc,CAAC,gCAAgC,EAAE,uBAAuB,CAAC,CAAC;gBACtF,CAAC;gBACD,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;YACrB,CAAC;YACD,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,gCAAgC;IAOxB;IANF,KAAK,CAAwC;IAE9D,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,0CAA0C,EAC/B,WAAW,gCAAgC;QAA3C,aAAQ,GAAR,QAAQ,CAAmC;QAE5D,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,YAAY,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC1E,OAAO,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,IAAI,YAAY,EAAE,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAC/D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAgB,EAAE,OAAe,EAAE,YAAoB;QAClE,OAAO,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YACnE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;YAC9D,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YAC5C,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;YAC3B,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,0BAA0B;IAOlB;IANF,KAAK,CAAwC;IAE9D,YACE,OAAyB,EACzB,eAAuB,EACvB,GAAG,GAAG,kCAAkC,EACvB,WAAW,iCAAiC;QAA5C,aAAQ,GAAR,QAAQ,CAAoC;QAE7D,IAAI,CAAC,KAAK,GAAG,IAAI,oBAAoB,CAAC,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;IACvE,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAA8B;QAC3C,MAAM,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC;YACjF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChB,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAgB,EAAE,MAAc;QACxC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC;IAC5G,CAAC;CACF;AAED,MAAM,UAAU,qCAAqC,CACnD,OAAyB,EACzB,OAAqD;IAmBrD,MAAM,QAAQ,GAAG,kCAAkC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,eAAe,GAAG,IAAI,yBAAyB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,IAAI,yBAAyB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACxF,MAAM,qBAAqB,GAAG,IAAI,gCAAgC,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrG,MAAM,YAAY,GAAG,IAAI,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IAClF,MAAM,WAAW,GAAG,IAAI,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IACrF,OAAO;QACL,GAAG,QAAQ;QACX,OAAO,EAAE,IAAI,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC;QACnE,OAAO,EAAE,IAAI,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC;QAChE,KAAK,EAAE,IAAI,YAAY,CAAC,OAAO,CAAC;QAChC,eAAe;QACf,eAAe;QACf,MAAM,EAAE,IAAI,mBAAmB,CAAC;YAC9B,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;YACzB,4BAA4B,EAAE,qBAAqB;YACnD,cAAc,EAAE,IAAI,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,eAAe,CAAC;SACzE,CAAC;QACF,WAAW,EAAE,IAAI,eAAe,CAC9B,OAAO,EACP,OAAO,CAAC,eAAe,EACvB,qCAAqC,EACrC,2BAA2B,EAC3B,OAAO,CAAC,aAAa,EAAE,SAAS,IAAI,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CACpD;QACD,aAAa,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QACtF,kBAAkB,EAAE,IAAI,2BAA2B,CAAC,eAAe,EAAE,OAAO,CAAC,aAAa,CAAC;QAC3F,YAAY;QACZ,qBAAqB;QACrB,WAAW;KACZ,CAAC;AACJ,CAAC"}
|
package/docs/ARCHITECTURE.md
CHANGED
|
@@ -44,6 +44,20 @@ This means:
|
|
|
44
44
|
|
|
45
45
|
- `vault-ingress`
|
|
46
46
|
Accepts request-shaped calls, resolves vault-managed capability records inside the vault boundary, performs trusted acquisition flows, and forwards dispatch into vault-core internals.
|
|
47
|
+
|
|
48
|
+
## Dual-Area Storage
|
|
49
|
+
|
|
50
|
+
The vault is physically divided into two partitions to balance security and discoverability:
|
|
51
|
+
|
|
52
|
+
- **Sealed Area (`vault/sealed/`)**
|
|
53
|
+
- **Security**: AES-256-GCM encrypted blobs (`.sealed`).
|
|
54
|
+
- **Access**: Requires the Vault Working Key (identity-derived) for both read and write.
|
|
55
|
+
- **Auditing**: Every access is tracked and logged in the append-only audit trail.
|
|
56
|
+
|
|
57
|
+
- **Public Area (`vault/public/`)**
|
|
58
|
+
- **Security**: Plaintext JSON (`.json`).
|
|
59
|
+
- **Access**: Identity is required for **writing** (authorized update), but **reading is open**.
|
|
60
|
+
- **Auditing**: Reading from the public area is **untracked**, reducing audit noise for discovery / identity resolution.
|
|
47
61
|
|
|
48
62
|
## Core Rules
|
|
49
63
|
|
|
@@ -51,6 +65,8 @@ This means:
|
|
|
51
65
|
2. Only owner and trusted issuer paths may write secrets.
|
|
52
66
|
3. Agent can only request dispatch through capability + proof.
|
|
53
67
|
4. Vault validates and audits every dispatch.
|
|
68
|
+
5. Public data (e.g., nicknames, public keys) is explicitly mirrored to the Public Area for discovery.
|
|
69
|
+
6. Identity-specific private data is stored in `identities/`, separate from named `vaults/`.
|
|
54
70
|
|
|
55
71
|
## Current HTTP Secret Flows
|
|
56
72
|
|
package/docs/REFERENCE.md
CHANGED
|
@@ -36,11 +36,11 @@ Recommended persistent-vault entrypoints:
|
|
|
36
36
|
- `createVault(...)`
|
|
37
37
|
- `recoverVault(...)`
|
|
38
38
|
|
|
39
|
-
`createVault({ ownerIdentity, nickname })` creates a vault in the default workspace
|
|
39
|
+
`createVault({ ownerIdentity, nickname, publicMetadata })` creates a vault in the default workspace.
|
|
40
40
|
|
|
41
|
-
`createVault(storage, { ownerIdentity, nickname })` overrides the workspace storage explicitly.
|
|
41
|
+
`createVault(storage, { ownerIdentity, nickname, publicMetadata })` overrides the workspace storage explicitly.
|
|
42
42
|
|
|
43
|
-
`recoverVault({ vaultId, ownerIdentity })` reopens a vault
|
|
43
|
+
`recoverVault({ vaultId, ownerIdentity })` reopens a vault and returns the `nickname` from the sealed profile.
|
|
44
44
|
|
|
45
45
|
`recoverVault(storage, { vaultId, ownerIdentity })` overrides the workspace storage explicitly.
|
|
46
46
|
|
|
@@ -78,14 +78,14 @@ Role rules:
|
|
|
78
78
|
|
|
79
79
|
`deriveChildIdentity(parentIdentity, childIndex, { nickname })` deterministically reconstructs a child identity for a known `childIndex`.
|
|
80
80
|
|
|
81
|
-
`ensureIdentityPrivateVault(storage, identity)` creates or refreshes the identity's fixed namespace under `
|
|
81
|
+
`ensureIdentityPrivateVault(storage, identity)` creates or refreshes the identity's fixed namespace under `identities/<identityId>/...`.
|
|
82
|
+
|
|
83
|
+
That namespace stores identity-level files such as:
|
|
82
84
|
|
|
83
|
-
|
|
85
|
+
- `sealed/profile.sealed`
|
|
86
|
+
- `sealed/children.sealed`
|
|
84
87
|
|
|
85
|
-
-
|
|
86
|
-
- `children.json`
|
|
87
|
-
|
|
88
|
-
Those files are encrypted at rest with a key derived from that identity's private key. They are not readable as plain JSON on disk.
|
|
88
|
+
Those files are encrypted at rest in the `sealed/` sub-directory and are not readable as plain JSON on disk.
|
|
89
89
|
|
|
90
90
|
`restoreIdentity(privateKey)` returns the same shape for an existing private key.
|
|
91
91
|
|
|
@@ -354,7 +354,7 @@ If the custom flow mode includes secret acquisition, the owner also defines a re
|
|
|
354
354
|
|
|
355
355
|
## Persistent Dependencies
|
|
356
356
|
|
|
357
|
-
`createPersistentVaultCoreDependencies(...)` builds a file-backed single-node profile with:
|
|
357
|
+
`createPersistentVaultCoreDependencies(...)` builds a file-backed single-node profile under `vault/sealed/` with:
|
|
358
358
|
|
|
359
359
|
- persistent secret metadata
|
|
360
360
|
- sealed secret custody blobs
|
package/docs/es/README.md
CHANGED
|
@@ -38,8 +38,9 @@ import {
|
|
|
38
38
|
|
|
39
39
|
Ruta principal recomendada para vault persistente:
|
|
40
40
|
|
|
41
|
-
- crear el vault persistente con `createVault(...)`
|
|
41
|
+
- crear el vault persistente con `createVault(...)` (soporta `publicMetadata` para el descubrimiento de información pública)
|
|
42
42
|
- recuperar el vault persistente con `recoverVault(...)` usando la identidad del owner
|
|
43
|
+
- Capas de almacenamiento divididas: `vaults/` (Bóvedas con nombre) e `identities/` (Espacio de identidad personal)
|
|
43
44
|
|
|
44
45
|
La API antigua centrada en `CbioIdentity` ya no es la superficie principal del producto.
|
|
45
46
|
|
package/docs/fr/README.md
CHANGED
|
@@ -38,8 +38,9 @@ import {
|
|
|
38
38
|
|
|
39
39
|
Chemin principal recommande pour un vault persistant :
|
|
40
40
|
|
|
41
|
-
-
|
|
42
|
-
- restaurer le
|
|
41
|
+
- créer le coffre persistant avec `createVault(...)` (prend en charge `publicMetadata` pour la découverte d'informations publiques)
|
|
42
|
+
- restaurer le coffre persistant avec `recoverVault(...)` via l'identité de l'owner
|
|
43
|
+
- Couches de stockage divisées : `vaults/` (Coffres nommés) et `identities/` (Espace d'identité personnel)
|
|
43
44
|
|
|
44
45
|
L'ancienne API centree sur `CbioIdentity` n'est plus la surface principale du produit.
|
|
45
46
|
|
package/docs/ja/README.md
CHANGED
|
@@ -38,8 +38,9 @@ import {
|
|
|
38
38
|
|
|
39
39
|
推奨される persistent-vault の主経路:
|
|
40
40
|
|
|
41
|
-
- `createVault(...)` で persistent vault を作成する
|
|
41
|
+
- `createVault(...)` で persistent vault を作成する (`publicMetadata` による公開情報のディスカバリをサポート)
|
|
42
42
|
- `recoverVault(...)` で owner identity を使って persistent vault を復旧する
|
|
43
|
+
- 分離されたストレージ層: `vaults/` (具名 Vault) と `identities/` (個人 ID スペース)
|
|
43
44
|
|
|
44
45
|
旧 `CbioIdentity` 中心 API は、もはや主要な公開面ではありません。
|
|
45
46
|
|
package/docs/ko/README.md
CHANGED
|
@@ -38,8 +38,9 @@ import {
|
|
|
38
38
|
|
|
39
39
|
권장되는 persistent-vault 주 경로:
|
|
40
40
|
|
|
41
|
-
- `createVault(...)` 로 persistent vault 를 생성합니다
|
|
41
|
+
- `createVault(...)` 로 persistent vault 를 생성합니다 (`publicMetadata` 를 통한 공개 정보 검색 지원)
|
|
42
42
|
- `recoverVault(...)` 로 owner identity 를 사용해 persistent vault 를 복구합니다
|
|
43
|
+
- 분리된 스토리지 계층: `vaults/` (기명 Vault) 및 `identities/` (개인 ID 공간)
|
|
43
44
|
|
|
44
45
|
이전 `CbioIdentity` 중심 API 는 더 이상 주요 제품 표면이 아닙니다.
|
|
45
46
|
|
package/docs/pt/README.md
CHANGED
|
@@ -38,8 +38,9 @@ import {
|
|
|
38
38
|
|
|
39
39
|
Caminho principal recomendado para vault persistente:
|
|
40
40
|
|
|
41
|
-
- criar o
|
|
42
|
-
- recuperar o
|
|
41
|
+
- criar o cofre persistente com `createVault(...)` (suporta `publicMetadata` para a descoberta de informações públicas)
|
|
42
|
+
- recuperar o cofre persistente com `recoverVault(...)` usando a identidade do owner
|
|
43
|
+
- Camadas de armazenamento divididas: `vaults/` (Cofres nomeados) e `identities/` (Espaço de identidade pessoal)
|
|
43
44
|
|
|
44
45
|
A antiga API centrada em `CbioIdentity` nao e mais a superficie principal do produto.
|
|
45
46
|
|
package/docs/zh/README.md
CHANGED
package/package.json
CHANGED