@validpay/node-sdk 0.1.0 → 0.3.0

package/dist/crypto.js

@@ -0,0 +1,126 @@
+import { randomBytes, createCipheriv, createDecipheriv, createHash } from "node:crypto";
+import { ValidPayError } from "./types.js";
+const ALGORITHM = "aes-256-gcm";
+const KEY_BYTES = 32;
+const IV_BYTES = 12;
+const TAG_BYTES = 16;
+/**
+ * Wire format (matches the Python SDK so blobs are interoperable):
+ *   base64(iv[12] || authTag[16] || ciphertext)
+ */
+export function generateKey() {
+    return randomBytes(KEY_BYTES).toString("base64");
+}
+function decodeKey(key) {
+    let buf;
+    try {
+        buf = Buffer.from(key, "base64");
+    }
+    catch (cause) {
+        throw new ValidPayError("invalid_key", "Key is not valid base64", { cause });
+    }
+    if (buf.length !== KEY_BYTES) {
+        throw new ValidPayError("invalid_key", `Key must decode to ${KEY_BYTES} bytes (got ${buf.length})`);
+    }
+    return buf;
+}
+export function encrypt(plaintext, key) {
+    const keyBuf = decodeKey(key);
+    const iv = randomBytes(IV_BYTES);
+    const cipher = createCipheriv(ALGORITHM, keyBuf, iv);
+    const ciphertext = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    return Buffer.concat([iv, authTag, ciphertext]).toString("base64");
+}
+export function decrypt(blob, key) {
+    const keyBuf = decodeKey(key);
+    let buf;
+    try {
+        buf = Buffer.from(blob, "base64");
+    }
+    catch (cause) {
+        throw new ValidPayError("invalid_blob", "Blob is not valid base64", { cause });
+    }
+    if (buf.length < IV_BYTES + TAG_BYTES + 1) {
+        throw new ValidPayError("invalid_blob", `Blob too short: expected at least ${IV_BYTES + TAG_BYTES + 1} bytes`);
+    }
+    const iv = buf.subarray(0, IV_BYTES);
+    const authTag = buf.subarray(IV_BYTES, IV_BYTES + TAG_BYTES);
+    const ciphertext = buf.subarray(IV_BYTES + TAG_BYTES);
+    const decipher = createDecipheriv(ALGORITHM, keyBuf, iv);
+    decipher.setAuthTag(authTag);
+    try {
+        const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+        return plaintext.toString("utf8");
+    }
+    catch (cause) {
+        throw new ValidPayError("decryption_failed", "Decryption failed — wrong key or tampered blob", { cause });
+    }
+}
+export function commitmentHash(plaintext) {
+    return createHash("sha256").update(plaintext, "utf8").digest("hex");
+}
+export function splitKey(key) {
+    const keyBuf = decodeKey(key);
+    const shareA = randomBytes(KEY_BYTES);
+    const shareB = Buffer.alloc(KEY_BYTES);
+    for (let i = 0; i < KEY_BYTES; i++) {
+        shareB[i] = keyBuf[i] ^ shareA[i];
+    }
+    return [shareA.toString("base64"), shareB.toString("base64")];
+}
+export function combineKeyShares(shareA, shareB) {
+    const a = decodeKey(shareA);
+    const b = decodeKey(shareB);
+    const combined = Buffer.alloc(KEY_BYTES);
+    for (let i = 0; i < KEY_BYTES; i++) {
+        combined[i] = a[i] ^ b[i];
+    }
+    return combined.toString("base64");
+}
+/** Encrypt each field of payload with its own AES key (Selective Disclosure). */
+export function encryptFields(payload) {
+    const encryptedFields = {};
+    const fieldKeys = {};
+    for (const [name, value] of Object.entries(payload)) {
+        const k = generateKey();
+        const plaintext = typeof value === "string" ? value : JSON.stringify(value);
+        encryptedFields[name] = encrypt(plaintext, k);
+        fieldKeys[name] = k;
+    }
+    return { encryptedFields, fieldKeys };
+}
+/** Build per-role key map; "full" role always added with all keys. */
+export function buildKeyMap(fieldKeys, disclosurePolicy) {
+    const map = {};
+    for (const [role, fields] of Object.entries(disclosurePolicy)) {
+        const roleKeys = {};
+        for (const f of fields) {
+            if (fieldKeys[f] !== undefined)
+                roleKeys[f] = fieldKeys[f];
+        }
+        map[role] = roleKeys;
+    }
+    map["full"] = { ...fieldKeys };
+    return map;
+}
+/** Decrypt only fields with keys; others become "[REDACTED]". */
+export function decryptFields(encryptedFields, fieldKeys) {
+    const out = {};
+    for (const [name, blob] of Object.entries(encryptedFields)) {
+        if (fieldKeys[name] !== undefined) {
+            const plaintext = decrypt(blob, fieldKeys[name]);
+            try {
+                out[name] = JSON.parse(plaintext);
+            }
+            catch {
+                out[name] = plaintext;
+            }
+        }
+        else {
+            out[name] = "[REDACTED]";
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB;;;GAGG;AAEH,MAAM,UAAU,WAAW;IACzB,OAAO,WAAW,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,aAAa,CAAC,aAAa,EAAE,yBAAyB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,aAAa,CACrB,aAAa,EACb,sBAAsB,SAAS,eAAe,GAAG,CAAC,MAAM,GAAG,CAC5D,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,SAAiB,EAAE,GAAW;IACpD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACpC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,GAAW;IAC/C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAE9B,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,aAAa,CAAC,cAAc,EAAE,0BAA0B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,aAAa,CACrB,cAAc,EACd,qCAAqC,QAAQ,GAAG,SAAS,GAAG,CAAC,QAAQ,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,GAAG,SAAS,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,aAAa,CACrB,mBAAmB,EACnB,gDAAgD,EAChD,EAAE,KAAK,EAAE,CACV,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,SAAiB;IAC9C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,GAAW;IAClC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;IACtC,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAc,EAAE,MAAc;IAC7D,MAAM,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;IAC9B,CAAC;IACD,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,aAAa,CAC3B,OAAgC;IAEhC,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,MAAM,SAAS,GAA2B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAC9C,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;AACxC,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,WAAW,CACzB,SAAiC,EACjC,gBAA0C;IAE1C,MAAM,GAAG,GAA2C,EAAE,CAAC;IACvD,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC9D,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,SAAS;gBAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC;IACvB,CAAC;IACD,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;IAC/B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,aAAa,CAC3B,eAAuC,EACvC,SAAiC;IAEjC,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/index.d.ts

@@ -1,24 +1,5 @@
-export interface ValidPayClientOptions {
-  apiKey: string;
-  baseUrl?: string;
-}
-
-export interface CreateIntentParams {
-  documentType: 'check' | 'invoice' | 'receipt' | 'document';
-  payload: Record<string, unknown>;
-}
-
-export interface Intent {
-  id: string;
-  verifyUrl: string;
-  createdAt: string;
-  expiresAt: string;
-}
-
-export declare class ValidPayClient {
-  constructor(options: ValidPayClientOptions);
-  createIntent(params: CreateIntentParams): Promise<Intent>;
-  getIntent(id: string): Promise<Intent>;
-}
-
-export default ValidPayClient;
+export { ValidPayClient } from "./client.js";
+export { generateKey, encrypt, decrypt, commitmentHash, splitKey, combineKeyShares, encryptFields, buildKeyMap, decryptFields, } from "./crypto.js";
+export { ValidPayError, type ValidPayClientOptions, type CreateIntentParams, type BatchIntentItem, type SelectiveIntentParams, type CreateIntentResult, type VerifyIntentResult, type TimeLockStatus, type RevocationResult, type RevocationEvent, type RawIntentResponse, type RawCreateIntentResponse, } from "./types.js";
+export { verifyWebhookSignature, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, type VerifyWebhookOptions, type WebhookVerifyResult, type WebhookVerifyFailureReason, } from "./webhookSignature.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,WAAW,EACX,OAAO,EACP,OAAO,EACP,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,WAAW,EACX,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,sBAAsB,EACtB,iCAAiC,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,GAChC,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -1,33 +1,5 @@
-/**
- * @validpay/node-sdk
- * Official Node.js SDK for the ValidPay document verification API.
- *
- * Status: Private Beta — Contact mike@validpay.io for API access.
- * Docs: https://validpay.io/docs
- */
-
-export class ValidPayClient {
-  constructor(options = {}) {
-    if (!options.apiKey) {
-      throw new Error(
-        'ValidPay: API key required. Get yours at https://validpay.io'
-      );
-    }
-    this.apiKey = options.apiKey;
-    this.baseUrl = options.baseUrl || 'https://api.validpay.io';
-  }
-
-  async createIntent(params) {
-    throw new Error(
-      'ValidPay SDK is in private beta. Contact mike@validpay.io for access.'
-    );
-  }
-
-  async getIntent(id) {
-    throw new Error(
-      'ValidPay SDK is in private beta. Contact mike@validpay.io for access.'
-    );
-  }
-}
-
-export default ValidPayClient;
+export { ValidPayClient } from "./client.js";
+export { generateKey, encrypt, decrypt, commitmentHash, splitKey, combineKeyShares, encryptFields, buildKeyMap, decryptFields, } from "./crypto.js";
+export { ValidPayError, } from "./types.js";
+export { verifyWebhookSignature, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, } from "./webhookSignature.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,WAAW,EACX,OAAO,EACP,OAAO,EACP,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,WAAW,EACX,aAAa,GACd,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,GAYd,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,sBAAsB,EACtB,iCAAiC,GAIlC,MAAM,uBAAuB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,159 @@
+export interface ValidPayClientOptions {
+    apiKey: string;
+    baseUrl?: string;
+    timeout?: number;
+    fetch?: typeof fetch;
+}
+export interface CreateIntentParams {
+    documentType: string;
+    payload: unknown;
+    validFrom?: string;
+    validUntil?: string;
+}
+export interface BatchIntentItem {
+    documentType: string;
+    payload: unknown;
+    validFrom?: string;
+    validUntil?: string;
+}
+export interface SelectiveIntentParams {
+    documentType: string;
+    payload: Record<string, unknown>;
+    disclosurePolicy: Record<string, string[]>;
+    splitKey?: boolean;
+    validFrom?: string;
+    validUntil?: string;
+}
+export interface CreateIntentResult {
+    retrievalId: string;
+    key: string;
+}
+export type TimeLockStatus = "valid" | "not_yet_valid" | "expired";
+export interface VerifyIntentResult<T = unknown> {
+    intentId: string;
+    payload: T;
+    issuer: string;
+    issuerVerified: boolean;
+    registeredAt: string;
+    status: string;
+    integrityVerified: boolean;
+    validFrom?: string | null;
+    validUntil?: string | null;
+    timeLockStatus?: TimeLockStatus | null;
+}
+export interface RevocationResult {
+    intentId: string;
+    status: string;
+    revokedAt?: string;
+    reinstatedAt?: string;
+}
+export interface RevocationEvent {
+    id: string;
+    action: "revoked" | "reinstated";
+    reason?: string;
+    performedAt: string;
+}
+export interface RawIntentResponse {
+    intent_id: string;
+    encrypted_payload: string | null;
+    issuer: string;
+    issuer_verified: boolean;
+    registered_at: string;
+    status: string;
+    commitment_hash?: string;
+    valid_from?: string | null;
+    valid_until?: string | null;
+    selective_disclosure?: boolean;
+    encrypted_key_map?: string;
+    split_key?: boolean;
+    revocation_reason?: string;
+    revoked_at?: string;
+}
+export interface RawCreateIntentResponse {
+    retrieval_id: string;
+    status: string;
+}
+export interface RawBatchCreateResponse {
+    results: Array<{
+        retrieval_id: string;
+        status?: string;
+    }>;
+}
+export interface ListIntentsParams {
+    /** Max results, default 50, max 200. */
+    limit?: number;
+    offset?: number;
+    /** ISO datetime — only intents created at or after this time. */
+    since?: string;
+    /** ISO datetime — only intents created at or before this time. */
+    until?: string;
+    status?: "active" | "revoked";
+    documentType?: string;
+    /** Ordering by createdAt. Default "desc". */
+    order?: "asc" | "desc";
+}
+export interface IntentMetadata {
+    retrievalId: string;
+    documentType: string;
+    status: string;
+    createdAt: string;
+    revokedAt: string | null;
+    revocationReason: string | null;
+    validFrom: string | null;
+    validUntil: string | null;
+    commitmentHash: string | null;
+    splitKey: boolean;
+    selectiveDisclosure: boolean;
+    verificationCount: number;
+    lastVerifiedAt: string | null;
+}
+export interface ListIntentsResult {
+    intents: IntentMetadata[];
+    total: number;
+    limit: number;
+    offset: number;
+}
+export interface RawIntentMetadata {
+    retrieval_id: string;
+    document_type: string;
+    status: string;
+    created_at: string;
+    revoked_at: string | null;
+    revocation_reason: string | null;
+    valid_from: string | null;
+    valid_until: string | null;
+    commitment_hash: string | null;
+    split_key: boolean;
+    selective_disclosure: boolean;
+    verification_count: number;
+    last_verified_at: string | null;
+}
+export interface RawListIntentsResponse {
+    intents: RawIntentMetadata[];
+    total: number;
+    limit: number;
+    offset: number;
+}
+export interface RawFragmentResponse {
+    fragment_b?: string;
+    error?: string;
+}
+export interface RawRevocationHistoryResponse {
+    events?: Array<{
+        id: string;
+        action: "revoked" | "reinstated";
+        reason?: string;
+        performed_at: string;
+    }>;
+}
+export declare class ValidPayError extends Error {
+    readonly code: string;
+    readonly status?: number;
+    readonly details?: unknown;
+    constructor(code: string, message: string, options?: {
+        status?: number;
+        details?: unknown;
+        cause?: unknown;
+    });
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,eAAe,GAAG,SAAS,CAAC;AAEnE,MAAM,WAAW,kBAAkB,CAAC,CAAC,GAAG,OAAO;IAC7C,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,CAAC,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,OAAO,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,OAAO,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,cAAc,CAAC,EAAE,cAAc,GAAG,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,SAAS,GAAG,YAAY,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,OAAO,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,iBAAiB;IAChC,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iEAAiE;IACjE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,oBAAoB,EAAE,OAAO,CAAC;IAC9B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,CAAC,EAAE,KAAK,CAAC;QACb,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,SAAS,GAAG,YAAY,CAAC;QACjC,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC,CAAC;CACJ;AAED,qBAAa,aAAc,SAAQ,KAAK;IACtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;gBAGzB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAO;CAQxE"}

package/dist/types.js

@@ -0,0 +1,13 @@
+export class ValidPayError extends Error {
+    code;
+    status;
+    details;
+    constructor(code, message, options = {}) {
+        super(message, options.cause !== undefined ? { cause: options.cause } : undefined);
+        this.name = "ValidPayError";
+        this.code = code;
+        this.status = options.status;
+        this.details = options.details;
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAoKA,MAAM,OAAO,aAAc,SAAQ,KAAK;IAC7B,IAAI,CAAS;IACb,MAAM,CAAU;IAChB,OAAO,CAAW;IAE3B,YACE,IAAY,EACZ,OAAe,EACf,UAAmE,EAAE;QAErE,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACnF,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;CACF"}

package/dist/webhookSignature.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Webhook signature verification (Prompt 079).
+ *
+ * Mirrors `ValidPay-API/src/services/webhookSignature.ts` so SDK
+ * customers can verify inbound webhooks with one import instead of
+ * rolling their own constant-time compare.
+ *
+ * Wire format
+ * -----------
+ *   X-ValidPay-Signature: t=<unix-seconds>,v1=<hex-hmac>
+ *
+ * The HMAC is computed over the EXACT bytes of `${t}.${rawBody}` using
+ * the per-webhook secret. The timestamp inside the signed payload
+ * bounds the replay window — even if an attacker captures a delivered
+ * request, they can't replay it more than `toleranceSeconds` later.
+ *
+ * IMPORTANT
+ * ---------
+ *   `rawBody` MUST be the unparsed body string the framework gave you.
+ *   `JSON.parse(body).toString()` is NOT equivalent — it loses key order
+ *   and whitespace and the HMAC won't match.
+ *
+ * Express example
+ * ---------------
+ *   app.post(
+ *     "/webhooks/validpay",
+ *     express.raw({ type: "application/json" }),  // <- RAW, not json()
+ *     (req, res) => {
+ *       const result = verifyWebhookSignature(
+ *         req.headers["x-validpay-signature"],
+ *         req.body.toString("utf8"),
+ *         process.env.VALIDPAY_WEBHOOK_SECRET!,
+ *       );
+ *       if (!result.valid) return res.status(401).send(result.reason);
+ *       const event = JSON.parse(req.body.toString("utf8"));
+ *       // ... handle event ...
+ *       res.status(200).send("OK");
+ *     },
+ *   );
+ */
+/** Default replay-protection window. 5 minutes matches the API side. */
+export declare const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;
+export interface VerifyWebhookOptions {
+    /**
+     * Reject signatures older than this many seconds. Default 300.
+     * Pass `Infinity` to disable — only safe for tests.
+     */
+    toleranceSeconds?: number;
+    /** Inject a clock for tests. */
+    nowSeconds?: number;
+}
+export type WebhookVerifyFailureReason = "missing_header" | "malformed_header" | "unsupported_version" | "bad_signature" | "timestamp_outside_tolerance";
+export type WebhookVerifyResult = {
+    valid: true;
+    timestamp: number;
+} | {
+    valid: false;
+    reason: WebhookVerifyFailureReason;
+};
+/**
+ * Verify a received webhook payload against an X-ValidPay-Signature
+ * header. Constant-time signature compare to prevent timing oracles.
+ *
+ * @param headerValue The X-ValidPay-Signature header value (or null/undefined
+ *                    if absent — returns `missing_header`).
+ * @param rawBody     The exact unparsed request body string.
+ * @param secret      The per-webhook secret returned by POST /v1/webhooks.
+ */
+export declare function verifyWebhookSignature(headerValue: string | null | undefined, rawBody: string, secret: string, opts?: VerifyWebhookOptions): WebhookVerifyResult;
+//# sourceMappingURL=webhookSignature.d.ts.map

package/dist/webhookSignature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhookSignature.d.ts","sourceRoot":"","sources":["../src/webhookSignature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAIH,wEAAwE;AACxE,eAAO,MAAM,iCAAiC,MAAM,CAAC;AAErD,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gCAAgC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,0BAA0B,GAClC,gBAAgB,GAChB,kBAAkB,GAClB,qBAAqB,GACrB,eAAe,GACf,6BAA6B,CAAC;AAElC,MAAM,MAAM,mBAAmB,GAC3B;IAAE,KAAK,EAAE,IAAI,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAClC;IAAE,KAAK,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,0BAA0B,CAAA;CAAE,CAAC;AAEzD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,WAAW,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACtC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,oBAAyB,GAC9B,mBAAmB,CA4BrB"}

package/dist/webhookSignature.js

@@ -0,0 +1,107 @@
+/**
+ * Webhook signature verification (Prompt 079).
+ *
+ * Mirrors `ValidPay-API/src/services/webhookSignature.ts` so SDK
+ * customers can verify inbound webhooks with one import instead of
+ * rolling their own constant-time compare.
+ *
+ * Wire format
+ * -----------
+ *   X-ValidPay-Signature: t=<unix-seconds>,v1=<hex-hmac>
+ *
+ * The HMAC is computed over the EXACT bytes of `${t}.${rawBody}` using
+ * the per-webhook secret. The timestamp inside the signed payload
+ * bounds the replay window — even if an attacker captures a delivered
+ * request, they can't replay it more than `toleranceSeconds` later.
+ *
+ * IMPORTANT
+ * ---------
+ *   `rawBody` MUST be the unparsed body string the framework gave you.
+ *   `JSON.parse(body).toString()` is NOT equivalent — it loses key order
+ *   and whitespace and the HMAC won't match.
+ *
+ * Express example
+ * ---------------
+ *   app.post(
+ *     "/webhooks/validpay",
+ *     express.raw({ type: "application/json" }),  // <- RAW, not json()
+ *     (req, res) => {
+ *       const result = verifyWebhookSignature(
+ *         req.headers["x-validpay-signature"],
+ *         req.body.toString("utf8"),
+ *         process.env.VALIDPAY_WEBHOOK_SECRET!,
+ *       );
+ *       if (!result.valid) return res.status(401).send(result.reason);
+ *       const event = JSON.parse(req.body.toString("utf8"));
+ *       // ... handle event ...
+ *       res.status(200).send("OK");
+ *     },
+ *   );
+ */
+import crypto from "node:crypto";
+/** Default replay-protection window. 5 minutes matches the API side. */
+export const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;
+/**
+ * Verify a received webhook payload against an X-ValidPay-Signature
+ * header. Constant-time signature compare to prevent timing oracles.
+ *
+ * @param headerValue The X-ValidPay-Signature header value (or null/undefined
+ *                    if absent — returns `missing_header`).
+ * @param rawBody     The exact unparsed request body string.
+ * @param secret      The per-webhook secret returned by POST /v1/webhooks.
+ */
+export function verifyWebhookSignature(headerValue, rawBody, secret, opts = {}) {
+    if (!headerValue)
+        return { valid: false, reason: "missing_header" };
+    const parsed = parseSignatureHeader(headerValue);
+    if (!parsed)
+        return { valid: false, reason: "malformed_header" };
+    if (!parsed.v1)
+        return { valid: false, reason: "unsupported_version" };
+    const tolerance = opts.toleranceSeconds ?? DEFAULT_WEBHOOK_TOLERANCE_SECONDS;
+    const now = opts.nowSeconds ?? Math.floor(Date.now() / 1000);
+    if (Math.abs(now - parsed.t) > tolerance) {
+        return { valid: false, reason: "timestamp_outside_tolerance" };
+    }
+    const expected = crypto
+        .createHmac("sha256", secret)
+        .update(`${parsed.t}.${rawBody}`, "utf8")
+        .digest("hex");
+    const expectedBuf = Buffer.from(expected, "hex");
+    const actualBuf = Buffer.from(parsed.v1, "hex");
+    if (expectedBuf.length !== actualBuf.length) {
+        return { valid: false, reason: "bad_signature" };
+    }
+    if (!crypto.timingSafeEqual(expectedBuf, actualBuf)) {
+        return { valid: false, reason: "bad_signature" };
+    }
+    return { valid: true, timestamp: parsed.t };
+}
+function parseSignatureHeader(header) {
+    const parts = header.split(",").map((p) => p.trim());
+    let t = null;
+    let v1 = null;
+    for (const part of parts) {
+        const eq = part.indexOf("=");
+        if (eq <= 0)
+            return null;
+        const key = part.slice(0, eq);
+        const value = part.slice(eq + 1);
+        if (key === "t") {
+            const parsed = Number.parseInt(value, 10);
+            if (!Number.isFinite(parsed) || parsed <= 0)
+                return null;
+            t = parsed;
+        }
+        else if (key === "v1") {
+            if (!/^[0-9a-fA-F]+$/.test(value) || value.length !== 64)
+                return null;
+            v1 = value.toLowerCase();
+        }
+        // Unknown keys skipped — forward-compat with future versions.
+    }
+    if (t === null)
+        return null;
+    return { t, v1 };
+}
+//# sourceMappingURL=webhookSignature.js.map

package/dist/webhookSignature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhookSignature.js","sourceRoot":"","sources":["../src/webhookSignature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,wEAAwE;AACxE,MAAM,CAAC,MAAM,iCAAiC,GAAG,GAAG,CAAC;AAuBrD;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CACpC,WAAsC,EACtC,OAAe,EACf,MAAc,EACd,OAA6B,EAAE;IAE/B,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IAEpE,MAAM,MAAM,GAAG,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAEvE,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,IAAI,iCAAiC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,SAAS,EAAE,CAAC;QACzC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IACjE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM;SACpB,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC5B,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,OAAO,EAAE,EAAE,MAAM,CAAC;SACxC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAChD,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;QAC5C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACnD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,SAAS,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;AAC9C,CAAC;AAOD,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,CAAC,GAAkB,IAAI,CAAC;IAC5B,IAAI,EAAE,GAAkB,IAAI,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACjC,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACzD,CAAC,GAAG,MAAM,CAAC;QACb,CAAC;aAAM,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;gBAAE,OAAO,IAAI,CAAC;YACtE,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAC3B,CAAC;QACD,8DAA8D;IAChE,CAAC;IACD,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACnB,CAAC"}