@verusidx/identity-mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 VerusIDX Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,93 @@
+# @verusidx/identity-mcp
+
+MCP server for creating, managing, querying, and signing with VerusIDs. Covers the full identity lifecycle — registration, updates, revocation, recovery, timelocks — plus VDXF key resolution and cryptographic signing/verification.
+
+## Setup
+
+**Prerequisite:** `@verusidx/chain-mcp` must be configured and `refresh_chains` called at least once so the chain registry exists.
+
+Add to your MCP client config (e.g., Claude Code `claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "verusidx-identity": {
+      "command": "npx",
+      "args": ["@verusidx/identity-mcp"],
+      "env": {}
+    }
+  }
+}
+```
+
+**Alternative: local install.** If you prefer a pinned version or offline use, install into a project directory with `npm install @verusidx/identity-mcp` (or `pnpm add` / `yarn add`) and point your config at the local path instead of using `npx`.
+
+### Environment Variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `VERUSIDX_READ_ONLY` | `false` | Set to `true` to disable write tools. Read tools and signing tools (`signdata`, `verifysignature`) remain available. |
+| `VERUSIDX_AUDIT_LOG` | `true` | Set to `false` to disable audit logging of write operations. |
+| `VERUSIDX_AUDIT_DIR` | OS default | Custom directory for audit log files. |
+
+### Read-Only Mode
+
+Set `VERUSIDX_READ_ONLY=true` to disable write tools. In read-only mode, 7 tools remain available:
+
+- All read tools (`getidentity`, `getidentitycontent`, `getidentityhistory`, `getvdxfid`, `listidentities`)
+- Signing tools (`signdata`, `verifysignature`) — signing reads the private key but does not spend funds or change blockchain/wallet state
+
+Write tools (`registernamecommitment`, `registeridentity`, `updateidentity`, `revokeidentity`, `recoveridentity`, `setidentitytimelock`) are not registered and won't appear in the tool list.
+
+You can set read-only mode independently per MCP server. For example, keep identity-mcp read-write while running send-mcp in read-only mode.
+
+## Tools
+
+### Always available (including read-only mode)
+
+| Tool | Description |
+|---|---|
+| `getidentity` | Look up a VerusID by name or i-address — current state, authorities, content, wallet relationship |
+| `getidentitycontent` | Get identity content/data with optional VDXF key filter and height range (cumulative) |
+| `getidentityhistory` | Full revision history — one snapshot per update transaction |
+| `getvdxfid` | Resolve a VDXF URI to its on-chain i-address, with optional key/hash/index binding |
+| `listidentities` | List wallet's VerusIDs — spendable, signable, and/or watch-only |
+| `signdata` | Sign data with a VerusID or t-address (message, file, hex, base64, hash, or MMR) |
+| `verifysignature` | Verify a signature produced by `signdata` |
+
+### Write tools (disabled in read-only mode)
+
+| Tool | Description |
+|---|---|
+| `registernamecommitment` | Step 1 of ID registration — create a name commitment transaction |
+| `registeridentity` | Step 2 of ID registration — register using a confirmed commitment |
+| `updateidentity` | Update identity fields (addresses, content, authorities) |
+| `revokeidentity` | Revoke an identity (safety mechanism for key compromise) |
+| `recoveridentity` | Recover a revoked/compromised identity with new keys |
+| `setidentitytimelock` | Set or modify a spending timelock on an identity |
+
+## Identity Registration (Two-Step)
+
+Registering a new VerusID is a two-step process:
+
+1. **`registernamecommitment`** — creates a commitment that reserves the name without revealing it (prevents front-running). The commitment data is automatically saved to `~/.verusidx/commitments/<chain>/<name>.json`.
+
+2. **Wait 1 block** for the commitment to confirm.
+
+3. **`registeridentity`** — registers the identity using the confirmed commitment. On success, the saved commitment file is cleaned up.
+
+The commitment file persists across conversations. If a session ends between steps 1 and 2, the next session can pick up where it left off.
+
+## Timelock Safety
+
+The `updateidentity`, `registeridentity`, and `recoveridentity` tools warn that `timelock` must only be set to `0` in the identity definition. Setting `timelock` to any other value can lock the identity — potentially making it unspendable for an extremely long time or permanently. Use `setidentitytimelock` instead, which provides safe `unlockatblock` and `setunlockdelay` controls.
+
+## Audit Logging
+
+All write operations are logged to date-stamped JSONL files in the audit directory. Each entry records the tool name, chain, parameters, result, and success status. Logs are append-only with `0600` permissions.
+
+## Requirements
+
+- Node.js >= 18.0.0
+- `@verusidx/chain-mcp` installed and `refresh_chains` called (chain registry must exist)
+- At least one Verus daemon running for RPC tools

package/build/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/build/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/build/index.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { registerTools } from './tools.js';
+const server = new McpServer({
+    name: 'verusidx-identity-mcp',
+    version: '0.1.0',
+});
+registerTools(server);
+const transport = new StdioServerTransport();
+await server.connect(transport);
+process.on('SIGINT', async () => {
+    await server.close();
+    process.exit(0);
+});
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,uBAAuB;IAC7B,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,aAAa,CAAC,MAAM,CAAC,CAAC;AAEtB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;AAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAEhC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;IAC9B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/tools.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+export declare function registerTools(server: McpServer): void;
+//# sourceMappingURL=tools.d.ts.map

package/build/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAmFzE,wBAAgB,aAAa,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAojBrD"}

package/build/tools.js

@@ -0,0 +1,571 @@
+import { z } from 'zod';
+import { mkdirSync, writeFileSync, readFileSync, unlinkSync, readdirSync, rmdirSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { rpcCall, auditLog, isReadOnly, assertWriteEnabled, VerusError, getCommitmentsDir, } from '@verusidx/shared';
+// ---------------------------------------------------------------------------
+// Response helpers
+// ---------------------------------------------------------------------------
+function ok(data) {
+    return {
+        content: [{ type: 'text', text: JSON.stringify(data, null, 2) }],
+    };
+}
+function fail(category, message) {
+    return {
+        content: [{ type: 'text', text: JSON.stringify({ error: category, message }, null, 2) }],
+        isError: true,
+    };
+}
+function handleError(err) {
+    if (err instanceof VerusError) {
+        return fail(err.category, err.message);
+    }
+    return fail('INTERNAL_ERROR', err instanceof Error ? err.message : 'Unknown error');
+}
+// ---------------------------------------------------------------------------
+// Commitment file helpers
+// ---------------------------------------------------------------------------
+function getCommitmentPath(chain, name) {
+    return join(getCommitmentsDir(), chain, `${name}.json`);
+}
+function saveCommitment(chain, name, data) {
+    const filePath = getCommitmentPath(chain, name);
+    mkdirSync(dirname(filePath), { recursive: true });
+    writeFileSync(filePath, JSON.stringify({ ...data, savedAt: new Date().toISOString() }, null, 2), { mode: 0o600 });
+}
+function loadCommitment(chain, name) {
+    const filePath = getCommitmentPath(chain, name);
+    try {
+        const raw = readFileSync(filePath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function deleteCommitment(chain, name) {
+    const filePath = getCommitmentPath(chain, name);
+    try {
+        unlinkSync(filePath);
+    }
+    catch { /* ignore */ }
+    // Clean up empty chain directory
+    const chainDir = dirname(filePath);
+    try {
+        const remaining = readdirSync(chainDir);
+        if (remaining.length === 0)
+            rmdirSync(chainDir);
+    }
+    catch { /* ignore */ }
+    // Clean up empty commitments directory
+    const commitmentsDir = getCommitmentsDir();
+    try {
+        const remaining = readdirSync(commitmentsDir);
+        if (remaining.length === 0)
+            rmdirSync(commitmentsDir);
+    }
+    catch { /* ignore */ }
+}
+const SERVER_NAME = 'verusidx-identity-mcp';
+// ---------------------------------------------------------------------------
+// Tool registration
+// ---------------------------------------------------------------------------
+export function registerTools(server) {
+    // ------ Read-only tools (always registered) ------
+    server.tool('getidentity', 'Look up a VerusID by name or i-address. Returns the identity\'s current state including primary addresses, signing authorities, content data (contentmultimap), revocation/recovery authorities, and wallet relationship (canspendfor/cansignfor). Optionally retrieve the identity as it existed at a specific block height. Use this to check if an identity exists, inspect its configuration, or verify wallet authority before performing write operations.', {
+        chain: z.string().describe('Chain to query (e.g., "VRSC", "vrsctest")'),
+        identity: z.string().describe('VerusID name (e.g., "alice@") or i-address'),
+        height: z.number().optional().describe('Return identity as of this block height. Default: current height. Pass -1 to include mempool.'),
+        txproof: z.boolean().optional().describe('If true, returns a proof of the identity. Default: false.'),
+        txproofheight: z.number().optional().describe('Height from which to generate the proof. Default: same as height.'),
+    }, async ({ chain, identity, height, txproof, txproofheight }) => {
+        try {
+            const params = [identity];
+            if (height !== undefined || txproof !== undefined || txproofheight !== undefined) {
+                params.push(height ?? 0);
+            }
+            if (txproof !== undefined || txproofheight !== undefined) {
+                params.push(txproof ?? false);
+            }
+            if (txproofheight !== undefined) {
+                params.push(txproofheight);
+            }
+            const result = await rpcCall(chain, 'getidentity', params);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    server.tool('getidentitycontent', 'Get identity content/data with optional VDXF key filter and height range. Returns the cumulative content state — all content across all updates within the specified range. Unlike getidentityhistory, this does not return per-revision snapshots. Use this to read structured data stored on an identity (profiles, timestamps, application data) without needing to process the full revision history.', {
+        chain: z.string().describe('Chain to query (e.g., "VRSC", "vrsctest")'),
+        identity: z.string().describe('VerusID name (e.g., "alice@") or i-address'),
+        heightstart: z.number().optional().describe('Only return content from this height forward (inclusive). Default: 0.'),
+        heightend: z.number().optional().describe('Only return content up to this height (inclusive). Default: 0 (max height). Pass -1 to include mempool.'),
+        txproofs: z.boolean().optional().describe('If true, returns proofs. Default: false.'),
+        txproofheight: z.number().optional().describe('Height from which to generate proofs.'),
+        vdxfkey: z.string().optional().describe('Filter to a specific VDXF key. The key is automatically bound to the identity and multimap key.'),
+        keepdeleted: z.boolean().optional().describe('If true, include deleted items. Default: false.'),
+    }, async ({ chain, identity, heightstart, heightend, txproofs, txproofheight, vdxfkey, keepdeleted }) => {
+        try {
+            // getidentitycontent identity heightstart heightend txproofs txproofheight vdxfkey keepdeleted
+            const params = [identity];
+            params.push(heightstart ?? 0);
+            params.push(heightend ?? 0);
+            params.push(txproofs ?? false);
+            params.push(txproofheight ?? 0);
+            if (vdxfkey !== undefined || keepdeleted !== undefined) {
+                params.push(vdxfkey ?? '');
+            }
+            if (keepdeleted !== undefined) {
+                params.push(keepdeleted);
+            }
+            const result = await rpcCall(chain, 'getidentitycontent', params);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    server.tool('getidentityhistory', 'Get the full revision history of a VerusID. Returns an array of identity snapshots, one per update transaction. Each entry shows the identity state as it was set in that specific transaction, along with the block hash, height, and transaction details. Use this to audit changes to an identity over time — primary address changes (transfers), content updates, authority changes, etc. Note: each history entry\'s contentmultimap shows only the content set in that specific update, not the cumulative state.', {
+        chain: z.string().describe('Chain to query (e.g., "VRSC", "vrsctest")'),
+        identity: z.string().describe('VerusID name (e.g., "alice@") or i-address'),
+        heightstart: z.number().optional().describe('Only return history from this height forward (inclusive). Default: 0.'),
+        heightend: z.number().optional().describe('Only return history up to this height (inclusive). Default: 0 (max height). Pass -1 to include mempool.'),
+        txproofs: z.boolean().optional().describe('If true, returns proofs. Default: false.'),
+        txproofheight: z.number().optional().describe('Height from which to generate proofs.'),
+    }, async ({ chain, identity, heightstart, heightend, txproofs, txproofheight }) => {
+        try {
+            const params = [identity];
+            params.push(heightstart ?? 0);
+            params.push(heightend ?? 0);
+            params.push(txproofs ?? false);
+            if (txproofheight !== undefined) {
+                params.push(txproofheight);
+            }
+            const result = await rpcCall(chain, 'getidentityhistory', params);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    server.tool('getvdxfid', 'Get the VDXF key ID from a URI string. Converts a human-readable VDXF URI (e.g., "vrsc::system.currency.export") into its on-chain i-address representation. Optionally combine with additional data (another VDXF key, a 256-bit hash, or an index number) to derive bound keys. Use this to resolve VDXF key names to i-addresses before querying getidentitycontent with a vdxfkey filter.', {
+        chain: z.string().describe('Chain to query (e.g., "VRSC", "vrsctest")'),
+        vdxfuri: z.string().describe('VDXF URI string (e.g., "vrsc::system.currency.export", "idname::userdefinedgroup.subgroup.name")'),
+        vdxfkey: z.string().optional().describe('VDXF key or i-address to combine via hash'),
+        uint256: z.string().optional().describe('256-bit hex hash to combine with the key'),
+        indexnum: z.number().optional().describe('Integer to combine with the key'),
+    }, async ({ chain, vdxfuri, vdxfkey, uint256, indexnum }) => {
+        try {
+            // getvdxfid "vdxfuri" '{"vdxfkey":..., "uint256":..., "indexnum":...}'
+            const params = [vdxfuri];
+            if (vdxfkey !== undefined || uint256 !== undefined || indexnum !== undefined) {
+                const bindObj = {};
+                if (vdxfkey !== undefined)
+                    bindObj.vdxfkey = vdxfkey;
+                if (uint256 !== undefined)
+                    bindObj.uint256 = uint256;
+                if (indexnum !== undefined)
+                    bindObj.indexnum = indexnum;
+                params.push(bindObj);
+            }
+            const result = await rpcCall(chain, 'getvdxfid', params);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    server.tool('listidentities', 'List VerusIDs in the local wallet. Returns all identities that this wallet can spend for, sign for, or watch. Use this to discover which identities are available before performing identity operations. By default includes identities we can spend for and sign for, but not watch-only.', {
+        chain: z.string().describe('Chain to query (e.g., "VRSC", "vrsctest")'),
+        includecanspend: z.boolean().optional().describe('Include identities we can spend/authorize for. Default: true.'),
+        includecansign: z.boolean().optional().describe('Include identities we can only sign for but not spend. Default: true.'),
+        includewatchonly: z.boolean().optional().describe('Include identities we can neither sign nor spend, but are watched or are co-signers. Default: false.'),
+    }, async ({ chain, includecanspend, includecansign, includewatchonly }) => {
+        try {
+            // listidentities (includecanspend) (includecansign) (includewatchonly)
+            const params = [];
+            if (includecanspend !== undefined || includecansign !== undefined || includewatchonly !== undefined) {
+                params.push(includecanspend ?? true);
+            }
+            if (includecansign !== undefined || includewatchonly !== undefined) {
+                params.push(includecansign ?? true);
+            }
+            if (includewatchonly !== undefined) {
+                params.push(includewatchonly);
+            }
+            const result = await rpcCall(chain, 'listidentities', params);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    // ------ Signing tools (available in read-only mode) ------
+    server.tool('signdata', 'Sign data with a VerusID or transparent address. Generates a hash of the provided data and signs it. Supports multiple input modes (message, file, hex, base64, pre-computed hash) and hash algorithms (sha256, sha256D, blake2b, keccak256). Can sign a single piece of data or build a Merkle Mountain Range (MMR) over multiple items. For multi-sig identities, pass an existing partial signature to accumulate signatures. Available in read-only mode — signing does not spend funds or change blockchain/wallet state.', {
+        chain: z.string().describe('Chain to sign on (e.g., "VRSC", "vrsctest")'),
+        address: z.string().describe('VerusID name or t-address to sign with. A t-address produces a simple signature.'),
+        message: z.string().optional().describe('Text message to sign.'),
+        filename: z.string().optional().describe('File path to sign.'),
+        messagehex: z.string().optional().describe('Hex-encoded data to sign.'),
+        messagebase64: z.string().optional().describe('Base64-encoded data to sign.'),
+        datahash: z.string().optional().describe('Pre-computed 256-bit hex hash to sign directly.'),
+        mmrdata: z.array(z.record(z.unknown())).optional().describe('Array of data objects for MMR signing. Each element: {"filename" or "message" or "serializedhex" or "serializedbase64" or "vdxfdata" or "datahash": "value"}.'),
+        mmrsalt: z.array(z.string()).optional().describe('Array of salt strings to protect privacy of MMR leaf nodes.'),
+        mmrhashtype: z.string().optional().describe('Hash type for MMR: "sha256", "sha256D", "blake2b", "keccak256". Default: "blake2b".'),
+        prefixstring: z.string().optional().describe('Extra string hashed during signing — must be supplied for verification.'),
+        vdxfkeys: z.array(z.string()).optional().describe('Array of VDXF keys or i-addresses to bind to the signature.'),
+        vdxfkeynames: z.array(z.string()).optional().describe('Array of VDXF key names or friendly name IDs (no i-addresses).'),
+        boundhashes: z.array(z.string()).optional().describe('Array of hex hashes to bind to the signature.'),
+        hashtype: z.string().optional().describe('Hash algorithm: "sha256" (default), "sha256D", "blake2b", "keccak256".'),
+        signature: z.string().optional().describe('Existing base64 signature for multi-sig accumulation.'),
+        encrypttoaddress: z.string().optional().describe('Sapling address to encrypt data to.'),
+        createmmr: z.boolean().optional().describe('If true (or if multiple items are provided), returns MMR data and root signature.'),
+    }, async ({ chain, address, message, filename, messagehex, messagebase64, datahash, mmrdata, mmrsalt, mmrhashtype, prefixstring, vdxfkeys, vdxfkeynames, boundhashes, hashtype, signature, encrypttoaddress, createmmr }) => {
+        try {
+            // signdata builds a JSON object parameter
+            const sigObj = { address };
+            if (message !== undefined)
+                sigObj.message = message;
+            if (filename !== undefined)
+                sigObj.filename = filename;
+            if (messagehex !== undefined)
+                sigObj.messagehex = messagehex;
+            if (messagebase64 !== undefined)
+                sigObj.messagebase64 = messagebase64;
+            if (datahash !== undefined)
+                sigObj.datahash = datahash;
+            if (mmrdata !== undefined)
+                sigObj.mmrdata = mmrdata;
+            if (mmrsalt !== undefined)
+                sigObj.mmrsalt = mmrsalt;
+            if (mmrhashtype !== undefined)
+                sigObj.mmrhashtype = mmrhashtype;
+            if (prefixstring !== undefined)
+                sigObj.prefixstring = prefixstring;
+            if (vdxfkeys !== undefined)
+                sigObj.vdxfkeys = vdxfkeys;
+            if (vdxfkeynames !== undefined)
+                sigObj.vdxfkeynames = vdxfkeynames;
+            if (boundhashes !== undefined)
+                sigObj.boundhashes = boundhashes;
+            if (hashtype !== undefined)
+                sigObj.hashtype = hashtype;
+            if (signature !== undefined)
+                sigObj.signature = signature;
+            if (encrypttoaddress !== undefined)
+                sigObj.encrypttoaddress = encrypttoaddress;
+            if (createmmr !== undefined)
+                sigObj.createmmr = createmmr;
+            const result = await rpcCall(chain, 'signdata', [sigObj]);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    server.tool('verifysignature', 'Verify a signature produced by signdata. Checks that the signature is valid for the given data and identity/address. By default, validates against the identity\'s keys at the block height stored in the signature — use checklatest to verify against the identity\'s current keys instead.', {
+        chain: z.string().describe('Chain to verify on (e.g., "VRSC", "vrsctest")'),
+        address: z.string().describe('VerusID name or t-address to verify against.'),
+        message: z.string().optional().describe('Text message that was signed.'),
+        filename: z.string().optional().describe('File path that was signed.'),
+        messagehex: z.string().optional().describe('Hex-encoded data that was signed.'),
+        messagebase64: z.string().optional().describe('Base64-encoded data that was signed.'),
+        datahash: z.string().optional().describe('Pre-computed 256-bit hex hash that was signed.'),
+        prefixstring: z.string().optional().describe('Prefix string used during signing (must match).'),
+        vdxfkeys: z.array(z.string()).optional().describe('VDXF keys bound during signing (must match).'),
+        vdxfkeynames: z.array(z.string()).optional().describe('VDXF key names bound during signing (must match).'),
+        boundhashes: z.array(z.string()).optional().describe('Hashes bound during signing (must match).'),
+        hashtype: z.string().optional().describe('Hash algorithm used during signing. Default: "sha256".'),
+        signature: z.string().describe('Base64-encoded signature to verify.'),
+        checklatest: z.boolean().optional().describe('If true, verify against the identity\'s current keys. Default: false (verify against keys at the signing height stored in the signature).'),
+    }, async ({ chain, address, message, filename, messagehex, messagebase64, datahash, prefixstring, vdxfkeys, vdxfkeynames, boundhashes, hashtype, signature, checklatest }) => {
+        try {
+            // verifysignature builds a JSON object parameter
+            // Daemon param spec uses "address" key (despite example showing "identity")
+            const verifyObj = { address, signature };
+            // Daemon bug: verifysignature hashes "message" differently than signdata,
+            // producing a different hash for the same string. Convert message to messagehex
+            // so the raw bytes are hashed identically to signdata.
+            if (message !== undefined)
+                verifyObj.messagehex = Buffer.from(message, 'utf8').toString('hex');
+            if (filename !== undefined)
+                verifyObj.filename = filename;
+            if (messagehex !== undefined)
+                verifyObj.messagehex = messagehex;
+            if (messagebase64 !== undefined)
+                verifyObj.messagebase64 = messagebase64;
+            if (datahash !== undefined)
+                verifyObj.datahash = datahash;
+            if (prefixstring !== undefined)
+                verifyObj.prefixstring = prefixstring;
+            if (vdxfkeys !== undefined)
+                verifyObj.vdxfkeys = vdxfkeys;
+            if (vdxfkeynames !== undefined)
+                verifyObj.vdxfkeynames = vdxfkeynames;
+            if (boundhashes !== undefined)
+                verifyObj.boundhashes = boundhashes;
+            if (hashtype !== undefined)
+                verifyObj.hashtype = hashtype;
+            if (checklatest !== undefined)
+                verifyObj.checklatest = checklatest;
+            const result = await rpcCall(chain, 'verifysignature', [verifyObj]);
+            return ok(result);
+        }
+        catch (err) {
+            return handleError(err);
+        }
+    });
+    // ------ Write tools (registered only when not read-only) ------
+    if (!isReadOnly()) {
+        server.tool('registernamecommitment', 'Step 1 of identity registration. Creates a name commitment transaction that reserves a name without revealing it. The commitment hides the name itself while ensuring miners cannot front-run the registration. After this tool succeeds, wait 1 block before calling registeridentity (step 2). The commitment data is saved to disk so it persists across conversations — if a session ends before registration, the next session can pick up the commitment. Names must not have leading, trailing, or multiple consecutive spaces and must not include: \\ / : * ? " < > | @', {
+            chain: z.string().describe('Chain to register on (e.g., "VRSC", "vrsctest")'),
+            name: z.string().describe('The unique name to commit to. Creating a commitment is not a registration — if the name already exists, the daemon will reject the transaction.'),
+            controladdress: z.string().describe('Address that will control this commitment. Must be present in the current wallet. This is not necessarily the address that will control the actual identity.'),
+            referralidentity: z.string().optional().describe('Friendly name or i-address of a referral identity, used to lower network cost of the ID.'),
+            parentnameorid: z.string().optional().describe('Parent name or currency i-address. Dictates issuance rules and pricing. Only for PBaaS sub-identities.'),
+            sourceoffunds: z.string().optional().describe('Address to use as source of funds. Default: transparent wildcard "*".'),
+        }, async ({ chain, name, controladdress, referralidentity, parentnameorid, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                // registernamecommitment "name" "controladdress" ("referralidentity") ("parentnameorid") ("sourceoffunds")
+                const params = [name, controladdress];
+                if (referralidentity !== undefined || parentnameorid !== undefined || sourceoffunds !== undefined) {
+                    params.push(referralidentity ?? '');
+                }
+                if (parentnameorid !== undefined || sourceoffunds !== undefined) {
+                    params.push(parentnameorid ?? '');
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'registernamecommitment', params);
+                // Save commitment to disk for cross-session persistence
+                saveCommitment(chain, name, result);
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'registernamecommitment',
+                    chain,
+                    params: { name, controladdress, referralidentity, parentnameorid },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+        server.tool('registeridentity', 'Step 2 of identity registration. Uses a confirmed name commitment to register the identity on-chain. The commitment must have been mined (wait 1 block after registernamecommitment). The tool checks for saved commitment data from a previous registernamecommitment call — if available, the agent does not need to pass the commitment details manually. On successful registration, the saved commitment file is cleaned up. IDENTITY DEFINITION: Keep it minimal — only include fields you are explicitly setting to non-default values. Omit revocationauthority/recoveryauthority to default to self. TIMELOCK: Do NOT include timelock in the identity JSON unless you deliberately intend to set an absolute block height lock. Omitting timelock defaults to 0 (unlocked). To configure timelocks safely after registration, use setidentitytimelock which provides setunlockdelay and unlockatblock controls. Setting a timelock value here creates an absolute block height lock that CANNOT be removed by updateidentity — only by revoke+recover. Omit privateaddress unless explicitly assigning one. SAFETY: NEVER set revocationauthority to another identity while leaving recoveryauthority as self — if the identity is revoked by the external authority, it cannot recover itself (recovery requires the recovery authority to act, and a revoked identity cannot authorize its own recovery). This bricks the identity. If delegating revocation, always also delegate recovery to a different identity. POSITIONAL PARAMS: The daemon RPC is positional: registeridentity jsonidregistration (returntx) (feeoffer) (sourceoffunds). If passing sourceoffunds, you must also fill returntx and feeoffer. FEE DISCOVERY: Call getcurrency (chain-mcp) on the parent currency to find idregistrationfees. For basket currencies, if idimportfees is a satoshi-scale value it encodes a reserve currency index: 0.00000000 = first reserve (index 0), 0.00000001 = second reserve (index 1), etc. The idregistrationfees amount is then denominated in that reserve currency — calculate how much of the basket currency equals that amount at current conversion prices. Example: idregistrationfees=15 + idimportfees=0.00000001 (index 1=USD) means 15 USD worth of the basket currency. Default idimportfees (e.g., 0.02) means the fee is in the basket currency itself, but defaults may differ per chain — check getcurrency to verify. FEE SHORTCUT: If unsure of the exact fee (especially with reserve-denominated fees and referral discounts), pass feeoffer=0.00000001 — the daemon will reject and return the minimum required fee in the error message, then retry with that amount.', {
+            chain: z.string().describe('Chain to register on (e.g., "VRSC", "vrsctest")'),
+            jsonidregistration: z.record(z.unknown()).describe('Registration object containing: txid (from registernamecommitment), namereservation {name, salt, referral}, and identity definition {name, parent, primaryaddresses, minimumsignatures}. Only include revocationauthority/recoveryauthority if delegating to a DIFFERENT identity (defaults to self) — accepts friendly name (e.g., "alice@") or i-address. TIMELOCK: Do NOT include timelock unless you deliberately intend to set an absolute block height lock. An absolute lock CANNOT be removed by updateidentity — only by revoke+recover. If setting a timelock, ensure revocationauthority and recoveryauthority are set to identities that can perform the revoke+recover to remove it. Omit timelock to default to 0 (unlocked). Use setidentitytimelock after registration for safe timelock configuration. Omit privateaddress unless explicitly assigning one.'),
+            returntx: z.boolean().optional().describe('If true, return the signed transaction hex instead of broadcasting. Default: false.'),
+            feeoffer: z.number().optional().describe('Amount to offer miner/staker for the registration fee. Default: standard price.'),
+            sourceoffunds: z.string().optional().describe('Address to use as source of funds. Default: transparent wildcard "*".'),
+        }, async ({ chain, jsonidregistration, returntx, feeoffer, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                // registeridentity jsonidregistration (returntx) (feeoffer) (sourceoffunds)
+                const params = [jsonidregistration];
+                if (returntx !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(returntx ?? false);
+                }
+                if (feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(feeoffer ?? 0);
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'registeridentity', params);
+                // Clean up commitment file on success
+                const idName = jsonidregistration.namereservation
+                    ? jsonidregistration.namereservation.name
+                    : undefined;
+                if (idName) {
+                    deleteCommitment(chain, idName);
+                }
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'registeridentity',
+                    chain,
+                    params: { name: idName, returntx },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+        server.tool('updateidentity', 'Update an identity\'s fields — primary addresses, content, authorities, or any other mutable property. The wallet must hold authority to update (either primary authority, or token authority if tokenupdate is true). Pass the full identity definition with the desired changes. Fields not included revert to defaults — to preserve existing values, first read them with getidentity and include them in the update. Always include "parent" in the identity definition. PRIVATEADDRESS BEHAVIOR: Omit privateaddress entirely to preserve the existing one (carried over). Pass null to clear/remove it. Include a new zs1... address to change it. Empty string "" does NOT clear — daemon treats it the same as omitting. TIMELOCK: Do NOT include timelock in the identity JSON unless you deliberately intend to set an absolute block height lock. An absolute lock CANNOT be removed by updateidentity — only by revoke+recover. If setting a timelock, ensure revocationauthority and recoveryauthority are set to identities that can perform the revoke+recover to remove it. Omit timelock entirely to preserve the current value. Setting timelock to 0 is ONLY valid when there is no active timelock — it will be rejected if any timelock (delay or absolute) is currently set. Use setidentitytimelock for safe timelock configuration. SAFETY: NEVER set revocationauthority to another identity while leaving recoveryauthority as self — if revoked by the external authority, the identity cannot recover itself (a revoked identity cannot authorize its own recovery). This bricks the identity. If delegating revocation, always also delegate recovery to a different identity.', {
+            chain: z.string().describe('Chain to update on (e.g., "VRSC", "vrsctest")'),
+            jsonidentity: z.record(z.unknown()).describe('New identity definition. Must include "name" at minimum. Always include "parent" to ensure correct namespace resolution. revocationauthority/recoveryauthority accept friendly name (e.g., "alice@") or i-address.'),
+            returntx: z.boolean().optional().describe('If true, return signed transaction hex instead of broadcasting. Default: false.'),
+            tokenupdate: z.boolean().optional().describe('If true, use the tokenized ID control token for authority. Default: false.'),
+            feeoffer: z.number().optional().describe('Non-standard fee amount.'),
+            sourceoffunds: z.string().optional().describe('Address to source funds from, to preserve privacy.'),
+        }, async ({ chain, jsonidentity, returntx, tokenupdate, feeoffer, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                // updateidentity jsonidentity (returntx) (tokenupdate) (feeoffer) (sourceoffunds)
+                const params = [jsonidentity];
+                if (returntx !== undefined || tokenupdate !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(returntx ?? false);
+                }
+                if (tokenupdate !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(tokenupdate ?? false);
+                }
+                if (feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(feeoffer ?? 0);
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'updateidentity', params);
+                const idName = jsonidentity.name;
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'updateidentity',
+                    chain,
+                    params: { name: idName, returntx, tokenupdate },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+        server.tool('revokeidentity', 'Revoke an identity, making it unable to spend funds or sign transactions. Only the revocation authority (or token revocation authority) can perform this action. A revoked identity can only be restored by the recovery authority using recoveridentity. This is a safety mechanism — use it if the identity\'s private keys are compromised.', {
+            chain: z.string().describe('Chain to revoke on (e.g., "VRSC", "vrsctest")'),
+            identity: z.string().describe('VerusID name (e.g., "alice@") or i-address to revoke'),
+            returntx: z.boolean().optional().describe('If true, return signed transaction hex instead of broadcasting. Default: false.'),
+            tokenrevoke: z.boolean().optional().describe('If true, use the tokenized ID control token to revoke. Default: false.'),
+            feeoffer: z.number().optional().describe('Non-standard fee amount.'),
+            sourceoffunds: z.string().optional().describe('Address to source funds from, to preserve privacy.'),
+        }, async ({ chain, identity, returntx, tokenrevoke, feeoffer, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                // revokeidentity "identity" (returntx) (tokenrevoke) (feeoffer) (sourceoffunds)
+                const params = [identity];
+                if (returntx !== undefined || tokenrevoke !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(returntx ?? false);
+                }
+                if (tokenrevoke !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(tokenrevoke ?? false);
+                }
+                if (feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(feeoffer ?? 0);
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'revokeidentity', params);
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'revokeidentity',
+                    chain,
+                    params: { identity, returntx, tokenrevoke },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+        server.tool('recoveridentity', 'Recover a revoked or compromised identity. Only the recovery authority (or token recovery authority) can perform this. Typically used to set new primary addresses after a key compromise, effectively transferring control to new keys. Pass the full identity definition with the desired recovery state (new primary addresses, etc.). Always include "parent" in the identity definition. PRIVATEADDRESS BEHAVIOR: Omit privateaddress entirely to preserve the existing one (carried over). Pass null to clear/remove it. Include a new zs1... address to change it. Empty string "" does NOT clear — daemon treats it the same as omitting. TIMELOCK: Do NOT include timelock in the identity JSON unless you deliberately intend to set an absolute block height lock or clear an existing one. Omitting timelock resets it to 0 (unlocked) — timelock does NOT carry over like privateaddress does. To clear a timelock via recovery, simply omit the timelock field. If setting a timelock value, ensure revocationauthority and recoveryauthority are set to identities that can perform a future revoke+recover to remove it, since absolute locks CANNOT be removed by updateidentity. Use setidentitytimelock after recovery for safe timelock configuration. SAFETY: When setting new authorities during recovery, NEVER set revocationauthority to another identity while leaving recoveryauthority as self — if later revoked by the external authority, the identity cannot recover itself. This bricks the identity. If delegating revocation, always also delegate recovery to a different identity.', {
+            chain: z.string().describe('Chain to recover on (e.g., "VRSC", "vrsctest")'),
+            jsonidentity: z.record(z.unknown()).describe('New identity definition for the recovered state. Always include "parent" for correct namespace resolution. revocationauthority/recoveryauthority accept friendly name (e.g., "alice@") or i-address.'),
+            returntx: z.boolean().optional().describe('If true, return signed transaction hex instead of broadcasting. Default: false.'),
+            tokenrecover: z.boolean().optional().describe('If true, use the tokenized ID control token to recover. Default: false.'),
+            feeoffer: z.number().optional().describe('Non-standard fee amount.'),
+            sourceoffunds: z.string().optional().describe('Address to source funds from, to preserve privacy.'),
+        }, async ({ chain, jsonidentity, returntx, tokenrecover, feeoffer, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                // recoveridentity jsonidentity (returntx) (tokenrecover) (feeoffer) (sourceoffunds)
+                const params = [jsonidentity];
+                if (returntx !== undefined || tokenrecover !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(returntx ?? false);
+                }
+                if (tokenrecover !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(tokenrecover ?? false);
+                }
+                if (feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(feeoffer ?? 0);
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'recoveridentity', params);
+                const idName = jsonidentity.name;
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'recoveridentity',
+                    chain,
+                    params: { name: idName, returntx, tokenrecover },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+        server.tool('setidentitytimelock', 'Set or modify a timelock on a VerusID. Timelocking restricts when an identity can spend funds on this chain. This only affects the identity on the current chain. Two modes:\n\n- setunlockdelay: Set a delay (in blocks) that must pass after an unlock request. Sets flags=2 (delay lock active), timelock=N (the delay in blocks). The identity cannot spend until an unlock is triggered and the delay passes.\n\n- unlockatblock: Set an absolute block height at which the identity unlocks. When used with unlockatblock=0 on a delay-locked identity (flags=2), it TRIGGERS the unlock countdown — the daemon converts the delay into an absolute block height (approximately current_block + delay) and clears the delay flag. This is the standard way to initiate unlocking a delay-locked identity. unlockatblock=0 does NOT work on absolute block height locks (flags=0, timelock > 0) — those can only be removed by revoke+recover.\n\nExactly one of unlockatblock or setunlockdelay must be specified.\n\nTIMELOCK WORKFLOW: 1) Set delay: setunlockdelay=N → identity locked with N-block delay. 2) Trigger unlock: unlockatblock=0 → countdown starts, identity unlocks at ~current_block+N. 3) Wait for block to pass. 4) Identity can spend again. To cancel a countdown (e.g., attacker triggered unlock), the revocation authority can revoke — revocation destroys the countdown entirely. Then recover to restore the identity with no timelock.\n\nREMOVING TIMELOCKS: Delay locks (flags=2) can be cleared by revoke+recover (omit timelock in recovery JSON). Absolute locks (flags=0, timelock > 0) can ONLY be cleared by revoke+recover. updateidentity CANNOT modify or remove any timelock once set.', {
+            chain: z.string().describe('Chain to set timelock on (e.g., "VRSC", "vrsctest")'),
+            identity: z.string().describe('VerusID name (e.g., "alice@") or i-address'),
+            unlockatblock: z.number().optional().describe('Absolute block height to unlock at. Mutually exclusive with setunlockdelay.'),
+            setunlockdelay: z.number().optional().describe('Number of blocks to delay after unlock request. Mutually exclusive with unlockatblock.'),
+            returntx: z.boolean().optional().describe('If true, return signed transaction hex instead of broadcasting. Default: false.'),
+            feeoffer: z.number().optional().describe('Non-standard fee amount.'),
+            sourceoffunds: z.string().optional().describe('Address to source funds from, to preserve privacy.'),
+        }, async ({ chain, identity, unlockatblock, setunlockdelay, returntx, feeoffer, sourceoffunds }) => {
+            try {
+                assertWriteEnabled();
+                if (unlockatblock === undefined && setunlockdelay === undefined) {
+                    return fail('INVALID_PARAMS', 'Exactly one of unlockatblock or setunlockdelay must be specified.');
+                }
+                if (unlockatblock !== undefined && setunlockdelay !== undefined) {
+                    return fail('INVALID_PARAMS', 'unlockatblock and setunlockdelay are mutually exclusive — specify only one.');
+                }
+                // setidentitytimelock "identity" (unlockatblock | setunlockdelay) (returntx) (feeoffer) (sourceoffunds)
+                const timelockObj = {};
+                if (unlockatblock !== undefined)
+                    timelockObj.unlockatblock = unlockatblock;
+                if (setunlockdelay !== undefined)
+                    timelockObj.setunlockdelay = setunlockdelay;
+                const params = [identity, timelockObj];
+                if (returntx !== undefined || feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(returntx ?? false);
+                }
+                if (feeoffer !== undefined || sourceoffunds !== undefined) {
+                    params.push(feeoffer ?? 0);
+                }
+                if (sourceoffunds !== undefined) {
+                    params.push(sourceoffunds);
+                }
+                const result = await rpcCall(chain, 'setidentitytimelock', params);
+                auditLog({
+                    server: SERVER_NAME,
+                    tool: 'setidentitytimelock',
+                    chain,
+                    params: { identity, unlockatblock, setunlockdelay, returntx },
+                    result,
+                    success: true,
+                });
+                return ok(result);
+            }
+            catch (err) {
+                return handleError(err);
+            }
+        });
+    }
+}
+//# sourceMappingURL=tools.js.map

package/build/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAc,MAAM,SAAS,CAAC;AACjH,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EACL,OAAO,EACP,QAAQ,EACR,UAAU,EACV,kBAAkB,EAClB,UAAU,EACV,iBAAiB,GAClB,MAAM,kBAAkB,CAAC;AAE1B,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,EAAE,CAAC,IAAa;IACvB,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KAC1E,CAAC;AACJ,CAAC;AAED,SAAS,IAAI,CAAC,QAAgB,EAAE,OAAe;IAC7C,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QACjG,OAAO,EAAE,IAAa;KACvB,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;IAC/B,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,IAAI,CAAC,gBAAgB,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;AACtF,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,SAAS,iBAAiB,CAAC,KAAa,EAAE,IAAY;IACpD,OAAO,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,IAAY,EAAE,IAAa;IAChE,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChD,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,IAA+B,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/I,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,IAAY;IACjD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa,EAAE,IAAY;IACnD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChD,IAAI,CAAC;QAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAEpD,iCAAiC;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAExB,uCAAuC;IACvC,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;QAC9C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAE5C,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,UAAU,aAAa,CAAC,MAAiB;IAC7C,oDAAoD;IAEpD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,kcAAkc,EAClc;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACvE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;QAC3E,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+FAA+F,CAAC;QACvI,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2DAA2D,CAAC;QACrG,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mEAAmE,CAAC;KACnH,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,EAAE;QAC5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAc,CAAC,QAAQ,CAAC,CAAC;YACrC,IAAI,MAAM,KAAK,SAAS,IAAI,OAAO,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBACjF,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;YAC3B,CAAC;YACD,IAAI,OAAO,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBACzD,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC7B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YAC3D,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,2YAA2Y,EAC3Y;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACvE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;QAC3E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uEAAuE,CAAC;QACpH,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yGAAyG,CAAC;QACpJ,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QACrF,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;QACtF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iGAAiG,CAAC;QAC1I,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;KAChG,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE;QACnG,IAAI,CAAC;YACH,+FAA+F;YAC/F,MAAM,MAAM,GAAc,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC,CAAC;YAChC,IAAI,OAAO,KAAK,SAAS,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBACvD,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;YAC7B,CAAC;YACD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;YAClE,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,0fAA0f,EAC1f;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACvE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;QAC3E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uEAAuE,CAAC;QACpH,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yGAAyG,CAAC;QACpJ,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QACrF,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;KACvF,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;QAC7E,IAAI,CAAC;YACH,MAAM,MAAM,GAAc,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;YAC/B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC7B,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;YAClE,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,WAAW,EACX,+XAA+X,EAC/X;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACvE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kGAAkG,CAAC;QAChI,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACpF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;QACnF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;KAC5E,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE;QACvD,IAAI,CAAC;YACH,uEAAuE;YACvE,MAAM,MAAM,GAAc,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC7E,MAAM,OAAO,GAA4B,EAAE,CAAC;gBAC5C,IAAI,OAAO,KAAK,SAAS;oBAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBACrD,IAAI,OAAO,KAAK,SAAS;oBAAE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;gBACrD,IAAI,QAAQ,KAAK,SAAS;oBAAE,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;YACzD,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,4RAA4R,EAC5R;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACvE,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+DAA+D,CAAC;QACjH,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uEAAuE,CAAC;QACxH,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sGAAsG,CAAC;KAC1J,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,EAAE,EAAE;QACrE,IAAI,CAAC;YACH,uEAAuE;YACvE,MAAM,MAAM,GAAc,EAAE,CAAC;YAC7B,IAAI,eAAe,KAAK,SAAS,IAAI,cAAc,KAAK,SAAS,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACpG,MAAM,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,CAAC;YACvC,CAAC;YACD,IAAI,cAAc,KAAK,SAAS,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnE,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,CAAC;YACtC,CAAC;YACD,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;YAC9D,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,4DAA4D;IAE5D,MAAM,CAAC,IAAI,CACT,UAAU,EACV,ggBAAggB,EAChgB;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;QACzE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kFAAkF,CAAC;QAChH,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAChE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QAC9D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QACvE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC7E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;QAC3F,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+JAA+J,CAAC;QAC5N,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;QAC/G,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qFAAqF,CAAC;QAClI,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yEAAyE,CAAC;QACvH,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6DAA6D,CAAC;QAChH,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gEAAgE,CAAC;QACvH,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;QACrG,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wEAAwE,CAAC;QAClH,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC;QAClG,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QACvF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mFAAmF,CAAC;KAChI,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,SAAS,EAAE,EAAE,EAAE;QACvN,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,MAAM,GAA4B,EAAE,OAAO,EAAE,CAAC;YACpD,IAAI,OAAO,KAAK,SAAS;gBAAE,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;YACpD,IAAI,QAAQ,KAAK,SAAS;gBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACvD,IAAI,UAAU,KAAK,SAAS;gBAAE,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7D,IAAI,aAAa,KAAK,SAAS;gBAAE,MAAM,CAAC,aAAa,GAAG,aAAa,CAAC;YACtE,IAAI,QAAQ,KAAK,SAAS;gBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACvD,IAAI,OAAO,KAAK,SAAS;gBAAE,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;YACpD,IAAI,OAAO,KAAK,SAAS;gBAAE,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;YACpD,IAAI,WAAW,KAAK,SAAS;gBAAE,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;YAChE,IAAI,YAAY,KAAK,SAAS;gBAAE,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;YACnE,IAAI,QAAQ,KAAK,SAAS;gBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACvD,IAAI,YAAY,KAAK,SAAS;gBAAE,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC;YACnE,IAAI,WAAW,KAAK,SAAS;gBAAE,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;YAChE,IAAI,QAAQ,KAAK,SAAS;gBAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACvD,IAAI,SAAS,KAAK,SAAS;gBAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;YAC1D,IAAI,gBAAgB,KAAK,SAAS;gBAAE,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;YAC/E,IAAI,SAAS,KAAK,SAAS;gBAAE,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC;YAE1D,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;YAC1D,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,+RAA+R,EAC/R;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;QAC3E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;QAC5E,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC;QACxE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;QACtE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;QAC/E,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACrF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;QAC1F,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;QAC/F,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;QACjG,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mDAAmD,CAAC;QAC1G,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;QACjG,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;QAClG,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;QACrE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2IAA2I,CAAC;KAC1L,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;QACxK,IAAI,CAAC;YACH,iDAAiD;YACjD,4EAA4E;YAC5E,MAAM,SAAS,GAA4B,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAClE,0EAA0E;YAC1E,gFAAgF;YAChF,uDAAuD;YACvD,IAAI,OAAO,KAAK,SAAS;gBAAE,SAAS,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/F,IAAI,QAAQ,KAAK,SAAS;gBAAE,SAAS,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1D,IAAI,UAAU,KAAK,SAAS;gBAAE,SAAS,CAAC,UAAU,GAAG,UAAU,CAAC;YAChE,IAAI,aAAa,KAAK,SAAS;gBAAE,SAAS,CAAC,aAAa,GAAG,aAAa,CAAC;YACzE,IAAI,QAAQ,KAAK,SAAS;gBAAE,SAAS,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1D,IAAI,YAAY,KAAK,SAAS;gBAAE,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;YACtE,IAAI,QAAQ,KAAK,SAAS;gBAAE,SAAS,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1D,IAAI,YAAY,KAAK,SAAS;gBAAE,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;YACtE,IAAI,WAAW,KAAK,SAAS;gBAAE,SAAS,CAAC,WAAW,GAAG,WAAW,CAAC;YACnE,IAAI,QAAQ,KAAK,SAAS;gBAAE,SAAS,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1D,IAAI,WAAW,KAAK,SAAS;gBAAE,SAAS,CAAC,WAAW,GAAG,WAAW,CAAC;YAEnE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,iBAAiB,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;YACpE,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CACF,CAAC;IAEF,iEAAiE;IAEjE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CACT,wBAAwB,EACxB,kjBAAkjB,EACljB;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;YAC7E,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iJAAiJ,CAAC;YAC5K,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8JAA8J,CAAC;YACnM,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0FAA0F,CAAC;YAC5I,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wGAAwG,CAAC;YACxJ,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uEAAuE,CAAC;SACvH,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,gBAAgB,EAAE,cAAc,EAAE,aAAa,EAAE,EAAE,EAAE;YACzF,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,2GAA2G;gBAC3G,MAAM,MAAM,GAAc,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;gBACjD,IAAI,gBAAgB,KAAK,SAAS,IAAI,cAAc,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAClG,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC;gBACtC,CAAC;gBACD,IAAI,cAAc,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChE,MAAM,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,wBAAwB,EAAE,MAAM,CAAC,CAAC;gBAEtE,wDAAwD;gBACxD,cAAc,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;gBAEpC,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,wBAAwB;oBAC9B,KAAK;oBACL,MAAM,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,gBAAgB,EAAE,cAAc,EAAE;oBAClE,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB,0jFAA0jF,EAC1jF;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;YAC7E,kBAAkB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,80BAA80B,CAAC;YACl4B,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qFAAqF,CAAC;YAChI,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iFAAiF,CAAC;YAC3H,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uEAAuE,CAAC;SACvH,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;YACzE,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,4EAA4E;gBAC5E,MAAM,MAAM,GAAc,CAAC,kBAAkB,CAAC,CAAC;gBAC/C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACpF,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEhE,sCAAsC;gBACtC,MAAM,MAAM,GAAI,kBAA8C,CAAC,eAAe;oBAC5E,CAAC,CAAG,kBAA8C,CAAC,eAA2C,CAAC,IAAc;oBAC7G,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI,MAAM,EAAE,CAAC;oBACX,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAClC,CAAC;gBAED,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,kBAAkB;oBACxB,KAAK;oBACL,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAClC,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,8mDAA8mD,EAC9mD;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;YAC3E,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,oNAAoN,CAAC;YAClQ,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iFAAiF,CAAC;YAC5H,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,4EAA4E,CAAC;YAC1H,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;SACpG,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;YAChF,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,kFAAkF;gBAClF,MAAM,MAAM,GAAc,CAAC,YAAY,CAAC,CAAC;gBACzC,IAAI,QAAQ,KAAK,SAAS,IAAI,WAAW,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACjH,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,WAAW,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACvF,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;gBAE9D,MAAM,MAAM,GAAI,YAAwC,CAAC,IAA0B,CAAC;gBAEpF,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,gBAAgB;oBACtB,KAAK;oBACL,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE;oBAC/C,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gVAAgV,EAChV;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;YAC3E,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC;YACrF,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iFAAiF,CAAC;YAC5H,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wEAAwE,CAAC;YACtH,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;SACpG,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;YAC5E,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,gFAAgF;gBAChF,MAAM,MAAM,GAAc,CAAC,QAAQ,CAAC,CAAC;gBACrC,IAAI,QAAQ,KAAK,SAAS,IAAI,WAAW,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACjH,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,WAAW,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACvF,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,CAAC;gBACpC,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,gBAAgB,EAAE,MAAM,CAAC,CAAC;gBAE9D,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,gBAAgB;oBACtB,KAAK;oBACL,MAAM,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE;oBAC3C,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,yhDAAyhD,EACzhD;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;YAC5E,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,sMAAsM,CAAC;YACpP,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iFAAiF,CAAC;YAC5H,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yEAAyE,CAAC;YACxH,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;SACpG,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;YACjF,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,oFAAoF;gBACpF,MAAM,MAAM,GAAc,CAAC,YAAY,CAAC,CAAC;gBACzC,IAAI,QAAQ,KAAK,SAAS,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAClH,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,YAAY,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACxF,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,KAAK,CAAC,CAAC;gBACrC,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;gBAE/D,MAAM,MAAM,GAAI,YAAwC,CAAC,IAA0B,CAAC;gBAEpF,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,iBAAiB;oBACvB,KAAK;oBACL,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE;oBAChD,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,qBAAqB,EACrB,woDAAwoD,EACxoD;YACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;YACjF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;YAC3E,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6EAA6E,CAAC;YAC5H,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wFAAwF,CAAC;YACxI,QAAQ,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iFAAiF,CAAC;YAC5H,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;SACpG,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE;YAC9F,IAAI,CAAC;gBACH,kBAAkB,EAAE,CAAC;gBAErB,IAAI,aAAa,KAAK,SAAS,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oBAChE,OAAO,IAAI,CAAC,gBAAgB,EAAE,mEAAmE,CAAC,CAAC;gBACrG,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;oBAChE,OAAO,IAAI,CAAC,gBAAgB,EAAE,6EAA6E,CAAC,CAAC;gBAC/G,CAAC;gBAED,wGAAwG;gBACxG,MAAM,WAAW,GAA4B,EAAE,CAAC;gBAChD,IAAI,aAAa,KAAK,SAAS;oBAAE,WAAW,CAAC,aAAa,GAAG,aAAa,CAAC;gBAC3E,IAAI,cAAc,KAAK,SAAS;oBAAE,WAAW,CAAC,cAAc,GAAG,cAAc,CAAC;gBAE9E,MAAM,MAAM,GAAc,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBAClD,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBACpF,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC;gBACjC,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAC1D,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;gBAC7B,CAAC;gBACD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAC7B,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,qBAAqB,EAAE,MAAM,CAAC,CAAC;gBAEnE,QAAQ,CAAC;oBACP,MAAM,EAAE,WAAW;oBACnB,IAAI,EAAE,qBAAqB;oBAC3B,KAAK;oBACL,MAAM,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,QAAQ,EAAE;oBAC7D,MAAM;oBACN,OAAO,EAAE,IAAI;iBACd,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@verusidx/identity-mcp",
+  "version": "0.1.0",
+  "description": "MCP server for VerusID identity management — create, update, revoke, recover, sign, and query Verus identities",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "verusidx-identity-mcp": "./build/index.js"
+  },
+  "files": [
+    "build"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.27.0",
+    "zod": "^3.23.0",
+    "@verusidx/shared": "0.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  }
+}