@vorionsys/atsf-core 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -12
- package/dist/api/server.d.ts.map +1 -1
- package/dist/api/server.js +463 -35
- package/dist/api/server.js.map +1 -1
- package/dist/arbitration/index.d.ts.map +1 -1
- package/dist/arbitration/index.js +8 -6
- package/dist/arbitration/index.js.map +1 -1
- package/dist/audit/key-manager.d.ts +118 -0
- package/dist/audit/key-manager.d.ts.map +1 -0
- package/dist/audit/key-manager.js +565 -0
- package/dist/audit/key-manager.js.map +1 -0
- package/dist/basis/evaluator.d.ts +31 -0
- package/dist/basis/evaluator.d.ts.map +1 -1
- package/dist/basis/evaluator.js +205 -10
- package/dist/basis/evaluator.js.map +1 -1
- package/dist/basis/parser.d.ts +210 -210
- package/dist/basis/parser.js.map +1 -1
- package/dist/carbon-aware/carbon-metrics.d.ts +151 -0
- package/dist/carbon-aware/carbon-metrics.d.ts.map +1 -0
- package/dist/carbon-aware/carbon-metrics.js +370 -0
- package/dist/carbon-aware/carbon-metrics.js.map +1 -0
- package/dist/carbon-aware/carbon-router.d.ts +101 -0
- package/dist/carbon-aware/carbon-router.d.ts.map +1 -0
- package/dist/carbon-aware/carbon-router.js +400 -0
- package/dist/carbon-aware/carbon-router.js.map +1 -0
- package/dist/chain/index.d.ts +147 -0
- package/dist/chain/index.d.ts.map +1 -0
- package/dist/chain/index.js +219 -0
- package/dist/chain/index.js.map +1 -0
- package/dist/cognigate/index.d.ts +33 -4
- package/dist/cognigate/index.d.ts.map +1 -1
- package/dist/cognigate/index.js +199 -24
- package/dist/cognigate/index.js.map +1 -1
- package/dist/common/adapters.d.ts +172 -0
- package/dist/common/adapters.d.ts.map +1 -0
- package/dist/common/adapters.js +329 -0
- package/dist/common/adapters.js.map +1 -0
- package/dist/common/config.d.ts +168 -163
- package/dist/common/config.d.ts.map +1 -1
- package/dist/common/config.js +2 -0
- package/dist/common/config.js.map +1 -1
- package/dist/common/index.d.ts +1 -0
- package/dist/common/index.d.ts.map +1 -1
- package/dist/common/index.js +1 -0
- package/dist/common/index.js.map +1 -1
- package/dist/common/types.d.ts +67 -16
- package/dist/common/types.d.ts.map +1 -1
- package/dist/common/types.js +4 -0
- package/dist/common/types.js.map +1 -1
- package/dist/enforce/index.d.ts +226 -16
- package/dist/enforce/index.d.ts.map +1 -1
- package/dist/enforce/index.js +196 -49
- package/dist/enforce/index.js.map +1 -1
- package/dist/governance/fluid-workflow.d.ts +217 -0
- package/dist/governance/fluid-workflow.d.ts.map +1 -0
- package/dist/governance/fluid-workflow.js +491 -0
- package/dist/governance/fluid-workflow.js.map +1 -0
- package/dist/governance/index.d.ts +1 -0
- package/dist/governance/index.d.ts.map +1 -1
- package/dist/governance/index.js +1 -0
- package/dist/governance/index.js.map +1 -1
- package/dist/index.d.ts +9 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +14 -3
- package/dist/index.js.map +1 -1
- package/dist/intent/index.d.ts +127 -10
- package/dist/intent/index.d.ts.map +1 -1
- package/dist/intent/index.js +121 -16
- package/dist/intent/index.js.map +1 -1
- package/dist/langchain/executor.d.ts +19 -5
- package/dist/langchain/executor.d.ts.map +1 -1
- package/dist/langchain/executor.js +287 -36
- package/dist/langchain/executor.js.map +1 -1
- package/dist/langchain/index.d.ts +2 -1
- package/dist/langchain/index.d.ts.map +1 -1
- package/dist/langchain/index.js +3 -1
- package/dist/langchain/index.js.map +1 -1
- package/dist/langchain/tools.d.ts.map +1 -1
- package/dist/langchain/tools.js +2 -1
- package/dist/langchain/tools.js.map +1 -1
- package/dist/langchain/types.d.ts +41 -0
- package/dist/langchain/types.d.ts.map +1 -1
- package/dist/layers/index.d.ts +1 -1
- package/dist/layers/index.d.ts.map +1 -1
- package/dist/persistence/file.d.ts +35 -3
- package/dist/persistence/file.d.ts.map +1 -1
- package/dist/persistence/file.js +138 -11
- package/dist/persistence/file.js.map +1 -1
- package/dist/persistence/index.d.ts +11 -1
- package/dist/persistence/index.d.ts.map +1 -1
- package/dist/persistence/index.js +25 -1
- package/dist/persistence/index.js.map +1 -1
- package/dist/persistence/sqlite.d.ts +135 -0
- package/dist/persistence/sqlite.d.ts.map +1 -0
- package/dist/persistence/sqlite.js +372 -0
- package/dist/persistence/sqlite.js.map +1 -0
- package/dist/persistence/supabase.d.ts +93 -0
- package/dist/persistence/supabase.d.ts.map +1 -0
- package/dist/persistence/supabase.js +219 -0
- package/dist/persistence/supabase.js.map +1 -0
- package/dist/persistence/types.d.ts +5 -1
- package/dist/persistence/types.d.ts.map +1 -1
- package/dist/phase6/ceiling.d.ts +177 -0
- package/dist/phase6/ceiling.d.ts.map +1 -0
- package/dist/phase6/ceiling.js +463 -0
- package/dist/phase6/ceiling.js.map +1 -0
- package/dist/phase6/context.d.ts +207 -0
- package/dist/phase6/context.d.ts.map +1 -0
- package/dist/phase6/context.js +603 -0
- package/dist/phase6/context.js.map +1 -0
- package/dist/phase6/index.d.ts +79 -0
- package/dist/phase6/index.d.ts.map +1 -0
- package/dist/phase6/index.js +152 -0
- package/dist/phase6/index.js.map +1 -0
- package/dist/phase6/presets.d.ts +148 -0
- package/dist/phase6/presets.d.ts.map +1 -0
- package/dist/phase6/presets.js +467 -0
- package/dist/phase6/presets.js.map +1 -0
- package/dist/phase6/provenance.d.ts +148 -0
- package/dist/phase6/provenance.d.ts.map +1 -0
- package/dist/phase6/provenance.js +545 -0
- package/dist/phase6/provenance.js.map +1 -0
- package/dist/phase6/role-gates/index.d.ts +7 -0
- package/dist/phase6/role-gates/index.d.ts.map +1 -0
- package/dist/phase6/role-gates/index.js +7 -0
- package/dist/phase6/role-gates/index.js.map +1 -0
- package/dist/phase6/role-gates/kernel.d.ts +84 -0
- package/dist/phase6/role-gates/kernel.d.ts.map +1 -0
- package/dist/phase6/role-gates/kernel.js +258 -0
- package/dist/phase6/role-gates/kernel.js.map +1 -0
- package/dist/phase6/role-gates/policy.d.ts +110 -0
- package/dist/phase6/role-gates/policy.d.ts.map +1 -0
- package/dist/phase6/role-gates/policy.js +157 -0
- package/dist/phase6/role-gates/policy.js.map +1 -0
- package/dist/phase6/role-gates.d.ts +164 -0
- package/dist/phase6/role-gates.d.ts.map +1 -0
- package/dist/phase6/role-gates.js +536 -0
- package/dist/phase6/role-gates.js.map +1 -0
- package/dist/phase6/types.d.ts +1827 -0
- package/dist/phase6/types.d.ts.map +1 -0
- package/dist/phase6/types.js +450 -0
- package/dist/phase6/types.js.map +1 -0
- package/dist/phase6/weight-presets/canonical.d.ts +93 -0
- package/dist/phase6/weight-presets/canonical.d.ts.map +1 -0
- package/dist/phase6/weight-presets/canonical.js +122 -0
- package/dist/phase6/weight-presets/canonical.js.map +1 -0
- package/dist/phase6/weight-presets/deltas.d.ts +144 -0
- package/dist/phase6/weight-presets/deltas.d.ts.map +1 -0
- package/dist/phase6/weight-presets/deltas.js +184 -0
- package/dist/phase6/weight-presets/deltas.js.map +1 -0
- package/dist/phase6/weight-presets/index.d.ts +8 -0
- package/dist/phase6/weight-presets/index.d.ts.map +1 -0
- package/dist/phase6/weight-presets/index.js +8 -0
- package/dist/phase6/weight-presets/index.js.map +1 -0
- package/dist/phase6/weight-presets/merger.d.ts +79 -0
- package/dist/phase6/weight-presets/merger.d.ts.map +1 -0
- package/dist/phase6/weight-presets/merger.js +161 -0
- package/dist/phase6/weight-presets/merger.js.map +1 -0
- package/dist/proof/index.d.ts +50 -1
- package/dist/proof/index.d.ts.map +1 -1
- package/dist/proof/index.js +122 -3
- package/dist/proof/index.js.map +1 -1
- package/dist/proof/merkle.d.ts +195 -0
- package/dist/proof/merkle.d.ts.map +1 -0
- package/dist/proof/merkle.js +412 -0
- package/dist/proof/merkle.js.map +1 -0
- package/dist/proof/zk-proofs.d.ts +218 -0
- package/dist/proof/zk-proofs.d.ts.map +1 -0
- package/dist/proof/zk-proofs.js +531 -0
- package/dist/proof/zk-proofs.js.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts +98 -0
- package/dist/trust-engine/ceiling-enforcement/audit.d.ts.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/audit.js +160 -0
- package/dist/trust-engine/ceiling-enforcement/audit.js.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/index.d.ts +6 -0
- package/dist/trust-engine/ceiling-enforcement/index.d.ts.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/index.js +6 -0
- package/dist/trust-engine/ceiling-enforcement/index.js.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts +112 -0
- package/dist/trust-engine/ceiling-enforcement/kernel.d.ts.map +1 -0
- package/dist/trust-engine/ceiling-enforcement/kernel.js +158 -0
- package/dist/trust-engine/ceiling-enforcement/kernel.js.map +1 -0
- package/dist/trust-engine/context-policy/enforcement.d.ts +62 -0
- package/dist/trust-engine/context-policy/enforcement.d.ts.map +1 -0
- package/dist/trust-engine/context-policy/enforcement.js +104 -0
- package/dist/trust-engine/context-policy/enforcement.js.map +1 -0
- package/dist/trust-engine/context-policy/factory.d.ts +75 -0
- package/dist/trust-engine/context-policy/factory.d.ts.map +1 -0
- package/dist/trust-engine/context-policy/factory.js +130 -0
- package/dist/trust-engine/context-policy/factory.js.map +1 -0
- package/dist/trust-engine/context-policy/index.d.ts +6 -0
- package/dist/trust-engine/context-policy/index.d.ts.map +1 -0
- package/dist/trust-engine/context-policy/index.js +6 -0
- package/dist/trust-engine/context-policy/index.js.map +1 -0
- package/dist/trust-engine/creation-modifiers/index.d.ts +5 -0
- package/dist/trust-engine/creation-modifiers/index.d.ts.map +1 -0
- package/dist/trust-engine/creation-modifiers/index.js +5 -0
- package/dist/trust-engine/creation-modifiers/index.js.map +1 -0
- package/dist/trust-engine/creation-modifiers/types.d.ts +112 -0
- package/dist/trust-engine/creation-modifiers/types.d.ts.map +1 -0
- package/dist/trust-engine/creation-modifiers/types.js +166 -0
- package/dist/trust-engine/creation-modifiers/types.js.map +1 -0
- package/dist/trust-engine/decay-profiles.d.ts +159 -0
- package/dist/trust-engine/decay-profiles.d.ts.map +1 -0
- package/dist/trust-engine/decay-profiles.js +210 -0
- package/dist/trust-engine/decay-profiles.js.map +1 -0
- package/dist/trust-engine/index.d.ts +144 -5
- package/dist/trust-engine/index.d.ts.map +1 -1
- package/dist/trust-engine/index.js +320 -15
- package/dist/trust-engine/index.js.map +1 -1
- package/dist/trust-engine/phase6-types.d.ts +123 -0
- package/dist/trust-engine/phase6-types.d.ts.map +1 -0
- package/dist/trust-engine/phase6-types.js +88 -0
- package/dist/trust-engine/phase6-types.js.map +1 -0
- package/package.json +26 -10
|
@@ -0,0 +1,565 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Key Manager - Secure Key Management for Audit Signing
|
|
3
|
+
*
|
|
4
|
+
* Provides secure key generation, storage, loading, and rotation
|
|
5
|
+
* for Ed25519 cryptographic signing of audit records.
|
|
6
|
+
*
|
|
7
|
+
* Supports multiple storage backends:
|
|
8
|
+
* - Memory (development/testing)
|
|
9
|
+
* - File (with optional encryption)
|
|
10
|
+
* - Environment variables
|
|
11
|
+
* - HSM (Hardware Security Module) - interface only
|
|
12
|
+
*
|
|
13
|
+
* @packageDocumentation
|
|
14
|
+
*/
|
|
15
|
+
import { createLogger } from '../common/logger.js';
|
|
16
|
+
const logger = createLogger({ component: 'key-manager' });
|
|
17
|
+
/**
|
|
18
|
+
* Generate a new Ed25519 key pair using jose library
|
|
19
|
+
* Note: This uses the jose library which is available in AgentAnchor
|
|
20
|
+
*/
|
|
21
|
+
export async function generateKeyPair(keyId) {
|
|
22
|
+
// Dynamic import of jose to allow this module to work standalone
|
|
23
|
+
const jose = await import('jose');
|
|
24
|
+
const { publicKey, privateKey } = await jose.generateKeyPair('EdDSA', {
|
|
25
|
+
crv: 'Ed25519',
|
|
26
|
+
extractable: true, // Required to export keys as JWK
|
|
27
|
+
});
|
|
28
|
+
// Export keys to JWK format, then to base64
|
|
29
|
+
const publicJwk = await jose.exportJWK(publicKey);
|
|
30
|
+
const privateJwk = await jose.exportJWK(privateKey);
|
|
31
|
+
const now = new Date().toISOString();
|
|
32
|
+
const generatedKeyId = keyId ?? `key-${crypto.randomUUID()}`;
|
|
33
|
+
return {
|
|
34
|
+
keyId: generatedKeyId,
|
|
35
|
+
publicKey: Buffer.from(JSON.stringify(publicJwk)).toString('base64'),
|
|
36
|
+
privateKey: Buffer.from(JSON.stringify(privateJwk)).toString('base64'),
|
|
37
|
+
algorithm: 'Ed25519',
|
|
38
|
+
createdAt: now,
|
|
39
|
+
rotationSequence: 0,
|
|
40
|
+
active: true,
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
/**
|
|
44
|
+
* Extract public key info from a key pair
|
|
45
|
+
*/
|
|
46
|
+
export function extractPublicKeyInfo(keyPair) {
|
|
47
|
+
return {
|
|
48
|
+
keyId: keyPair.keyId,
|
|
49
|
+
publicKey: keyPair.publicKey,
|
|
50
|
+
algorithm: keyPair.algorithm,
|
|
51
|
+
createdAt: keyPair.createdAt,
|
|
52
|
+
expiresAt: keyPair.expiresAt,
|
|
53
|
+
rotationSequence: keyPair.rotationSequence,
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Key Manager for secure key operations
|
|
58
|
+
*/
|
|
59
|
+
export class KeyManager {
|
|
60
|
+
keys = new Map();
|
|
61
|
+
activeKeyId = null;
|
|
62
|
+
config;
|
|
63
|
+
hsmProvider = null;
|
|
64
|
+
constructor(config = { type: 'memory' }) {
|
|
65
|
+
this.config = config;
|
|
66
|
+
if (config.hsmProvider) {
|
|
67
|
+
this.hsmProvider = config.hsmProvider;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Initialize the key manager
|
|
72
|
+
*/
|
|
73
|
+
async initialize() {
|
|
74
|
+
switch (this.config.type) {
|
|
75
|
+
case 'memory':
|
|
76
|
+
// Nothing to load for memory storage
|
|
77
|
+
logger.info('Key manager initialized with memory storage');
|
|
78
|
+
break;
|
|
79
|
+
case 'file':
|
|
80
|
+
await this.loadFromFile();
|
|
81
|
+
break;
|
|
82
|
+
case 'env':
|
|
83
|
+
await this.loadFromEnv();
|
|
84
|
+
break;
|
|
85
|
+
case 'hsm':
|
|
86
|
+
await this.initializeHSM();
|
|
87
|
+
break;
|
|
88
|
+
default:
|
|
89
|
+
throw new Error(`Unknown storage type: ${this.config.type}`);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Generate and store a new key pair
|
|
94
|
+
*/
|
|
95
|
+
async generateKey(keyId) {
|
|
96
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
97
|
+
return this.generateKeyInHSM(keyId);
|
|
98
|
+
}
|
|
99
|
+
const keyPair = await generateKeyPair(keyId);
|
|
100
|
+
await this.storeKey(keyPair);
|
|
101
|
+
if (!this.activeKeyId) {
|
|
102
|
+
this.activeKeyId = keyPair.keyId;
|
|
103
|
+
}
|
|
104
|
+
logger.info({ keyId: keyPair.keyId }, 'Generated new key pair');
|
|
105
|
+
return keyPair;
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Store a key pair
|
|
109
|
+
*/
|
|
110
|
+
async storeKey(keyPair) {
|
|
111
|
+
this.keys.set(keyPair.keyId, keyPair);
|
|
112
|
+
switch (this.config.type) {
|
|
113
|
+
case 'file':
|
|
114
|
+
await this.saveToFile();
|
|
115
|
+
break;
|
|
116
|
+
// env storage is read-only
|
|
117
|
+
// hsm storage is handled separately
|
|
118
|
+
}
|
|
119
|
+
logger.debug({ keyId: keyPair.keyId }, 'Key stored');
|
|
120
|
+
}
|
|
121
|
+
/**
|
|
122
|
+
* Get a key pair by ID
|
|
123
|
+
*/
|
|
124
|
+
async getKey(keyId) {
|
|
125
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
126
|
+
// HSM keys don't expose private keys, so we return null
|
|
127
|
+
// Use sign/verify methods directly with HSM
|
|
128
|
+
return null;
|
|
129
|
+
}
|
|
130
|
+
return this.keys.get(keyId) ?? null;
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Get public key info by ID
|
|
134
|
+
*/
|
|
135
|
+
async getPublicKey(keyId) {
|
|
136
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
137
|
+
return this.hsmProvider.getPublicKey(keyId);
|
|
138
|
+
}
|
|
139
|
+
const keyPair = this.keys.get(keyId);
|
|
140
|
+
if (!keyPair)
|
|
141
|
+
return null;
|
|
142
|
+
return extractPublicKeyInfo(keyPair);
|
|
143
|
+
}
|
|
144
|
+
/**
|
|
145
|
+
* Get the active key pair
|
|
146
|
+
*/
|
|
147
|
+
async getActiveKey() {
|
|
148
|
+
if (!this.activeKeyId)
|
|
149
|
+
return null;
|
|
150
|
+
return this.getKey(this.activeKeyId);
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Get the active key ID
|
|
154
|
+
*/
|
|
155
|
+
getActiveKeyId() {
|
|
156
|
+
return this.activeKeyId;
|
|
157
|
+
}
|
|
158
|
+
/**
|
|
159
|
+
* Set the active key
|
|
160
|
+
*/
|
|
161
|
+
setActiveKey(keyId) {
|
|
162
|
+
if (!this.keys.has(keyId)) {
|
|
163
|
+
throw new Error(`Key not found: ${keyId}`);
|
|
164
|
+
}
|
|
165
|
+
this.activeKeyId = keyId;
|
|
166
|
+
logger.info({ keyId }, 'Active key changed');
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Rotate keys - generate new key and deactivate old
|
|
170
|
+
*/
|
|
171
|
+
async rotateKey(request) {
|
|
172
|
+
const previousKeyId = this.activeKeyId;
|
|
173
|
+
if (!previousKeyId) {
|
|
174
|
+
return {
|
|
175
|
+
success: false,
|
|
176
|
+
chainId: request.chainId,
|
|
177
|
+
previousKeyId: '',
|
|
178
|
+
newKeyId: '',
|
|
179
|
+
rotationSequence: 0,
|
|
180
|
+
rotatedAt: new Date().toISOString(),
|
|
181
|
+
issues: ['No active key to rotate'],
|
|
182
|
+
};
|
|
183
|
+
}
|
|
184
|
+
const previousKey = await this.getKey(previousKeyId);
|
|
185
|
+
const previousSequence = previousKey?.rotationSequence ?? 0;
|
|
186
|
+
// Generate or use provided new key
|
|
187
|
+
let newKeyPair;
|
|
188
|
+
if (request.newKeyPair) {
|
|
189
|
+
newKeyPair = {
|
|
190
|
+
...request.newKeyPair,
|
|
191
|
+
rotationSequence: previousSequence + 1,
|
|
192
|
+
active: true,
|
|
193
|
+
};
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
newKeyPair = await generateKeyPair();
|
|
197
|
+
newKeyPair.rotationSequence = previousSequence + 1;
|
|
198
|
+
}
|
|
199
|
+
// Deactivate old key
|
|
200
|
+
if (previousKey) {
|
|
201
|
+
previousKey.active = false;
|
|
202
|
+
await this.storeKey(previousKey);
|
|
203
|
+
}
|
|
204
|
+
// Store and activate new key
|
|
205
|
+
await this.storeKey(newKeyPair);
|
|
206
|
+
this.activeKeyId = newKeyPair.keyId;
|
|
207
|
+
logger.info({
|
|
208
|
+
previousKeyId,
|
|
209
|
+
newKeyId: newKeyPair.keyId,
|
|
210
|
+
rotationSequence: newKeyPair.rotationSequence,
|
|
211
|
+
reason: request.reason,
|
|
212
|
+
}, 'Key rotated');
|
|
213
|
+
return {
|
|
214
|
+
success: true,
|
|
215
|
+
chainId: request.chainId,
|
|
216
|
+
previousKeyId,
|
|
217
|
+
newKeyId: newKeyPair.keyId,
|
|
218
|
+
rotationSequence: newKeyPair.rotationSequence,
|
|
219
|
+
rotatedAt: new Date().toISOString(),
|
|
220
|
+
};
|
|
221
|
+
}
|
|
222
|
+
/**
|
|
223
|
+
* List all key IDs
|
|
224
|
+
*/
|
|
225
|
+
async listKeys() {
|
|
226
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
227
|
+
return this.hsmProvider.listKeys();
|
|
228
|
+
}
|
|
229
|
+
return Array.from(this.keys.keys());
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* List all public keys
|
|
233
|
+
*/
|
|
234
|
+
async listPublicKeys() {
|
|
235
|
+
const keyIds = await this.listKeys();
|
|
236
|
+
const publicKeys = [];
|
|
237
|
+
for (const keyId of keyIds) {
|
|
238
|
+
const pubKey = await this.getPublicKey(keyId);
|
|
239
|
+
if (pubKey) {
|
|
240
|
+
publicKeys.push(pubKey);
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
return publicKeys;
|
|
244
|
+
}
|
|
245
|
+
/**
|
|
246
|
+
* Delete a key
|
|
247
|
+
*/
|
|
248
|
+
async deleteKey(keyId) {
|
|
249
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
250
|
+
return this.hsmProvider.deleteKey(keyId);
|
|
251
|
+
}
|
|
252
|
+
const deleted = this.keys.delete(keyId);
|
|
253
|
+
if (deleted && this.activeKeyId === keyId) {
|
|
254
|
+
this.activeKeyId = null;
|
|
255
|
+
}
|
|
256
|
+
if (this.config.type === 'file') {
|
|
257
|
+
await this.saveToFile();
|
|
258
|
+
}
|
|
259
|
+
logger.info({ keyId, deleted }, 'Key deletion attempted');
|
|
260
|
+
return deleted;
|
|
261
|
+
}
|
|
262
|
+
/**
|
|
263
|
+
* Check if a key exists
|
|
264
|
+
*/
|
|
265
|
+
async hasKey(keyId) {
|
|
266
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
267
|
+
const keys = await this.hsmProvider.listKeys();
|
|
268
|
+
return keys.includes(keyId);
|
|
269
|
+
}
|
|
270
|
+
return this.keys.has(keyId);
|
|
271
|
+
}
|
|
272
|
+
/**
|
|
273
|
+
* Sign data with the active key (or specified key)
|
|
274
|
+
*/
|
|
275
|
+
async sign(data, keyId) {
|
|
276
|
+
const targetKeyId = keyId ?? this.activeKeyId;
|
|
277
|
+
if (!targetKeyId) {
|
|
278
|
+
throw new Error('No key available for signing');
|
|
279
|
+
}
|
|
280
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
281
|
+
return this.hsmProvider.sign(targetKeyId, data);
|
|
282
|
+
}
|
|
283
|
+
const keyPair = await this.getKey(targetKeyId);
|
|
284
|
+
if (!keyPair) {
|
|
285
|
+
throw new Error(`Key not found: ${targetKeyId}`);
|
|
286
|
+
}
|
|
287
|
+
const jose = await import('jose');
|
|
288
|
+
const privateJwk = JSON.parse(Buffer.from(keyPair.privateKey, 'base64').toString());
|
|
289
|
+
const privateKey = await jose.importJWK(privateJwk, 'EdDSA');
|
|
290
|
+
// Create a compact JWS
|
|
291
|
+
const jws = await new jose.CompactSign(data)
|
|
292
|
+
.setProtectedHeader({ alg: 'EdDSA' })
|
|
293
|
+
.sign(privateKey);
|
|
294
|
+
// Extract just the signature part
|
|
295
|
+
const parts = jws.split('.');
|
|
296
|
+
const signature = parts[2];
|
|
297
|
+
return Buffer.from(signature, 'base64url');
|
|
298
|
+
}
|
|
299
|
+
/**
|
|
300
|
+
* Verify a signature
|
|
301
|
+
*/
|
|
302
|
+
async verify(data, signature, keyId) {
|
|
303
|
+
if (this.config.type === 'hsm' && this.hsmProvider) {
|
|
304
|
+
return this.hsmProvider.verify(keyId, data, signature);
|
|
305
|
+
}
|
|
306
|
+
const keyPair = await this.getKey(keyId);
|
|
307
|
+
if (!keyPair) {
|
|
308
|
+
throw new Error(`Key not found: ${keyId}`);
|
|
309
|
+
}
|
|
310
|
+
try {
|
|
311
|
+
const jose = await import('jose');
|
|
312
|
+
const publicJwk = JSON.parse(Buffer.from(keyPair.publicKey, 'base64').toString());
|
|
313
|
+
const publicKey = await jose.importJWK(publicJwk, 'EdDSA');
|
|
314
|
+
// Reconstruct the JWS for verification
|
|
315
|
+
const header = Buffer.from(JSON.stringify({ alg: 'EdDSA' })).toString('base64url');
|
|
316
|
+
const payload = Buffer.from(data).toString('base64url');
|
|
317
|
+
const sig = Buffer.from(signature).toString('base64url');
|
|
318
|
+
const jws = `${header}.${payload}.${sig}`;
|
|
319
|
+
await jose.compactVerify(jws, publicKey);
|
|
320
|
+
return true;
|
|
321
|
+
}
|
|
322
|
+
catch {
|
|
323
|
+
return false;
|
|
324
|
+
}
|
|
325
|
+
}
|
|
326
|
+
/**
|
|
327
|
+
* Get storage configuration
|
|
328
|
+
*/
|
|
329
|
+
getConfig() {
|
|
330
|
+
return { ...this.config };
|
|
331
|
+
}
|
|
332
|
+
/**
|
|
333
|
+
* Check if using HSM
|
|
334
|
+
*/
|
|
335
|
+
isUsingHSM() {
|
|
336
|
+
return this.config.type === 'hsm' && this.hsmProvider !== null;
|
|
337
|
+
}
|
|
338
|
+
// Private methods for file storage
|
|
339
|
+
async loadFromFile() {
|
|
340
|
+
if (!this.config.filePath) {
|
|
341
|
+
throw new Error('File path not configured');
|
|
342
|
+
}
|
|
343
|
+
try {
|
|
344
|
+
const fs = await import('node:fs/promises');
|
|
345
|
+
const exists = await fs.access(this.config.filePath).then(() => true).catch(() => false);
|
|
346
|
+
if (!exists) {
|
|
347
|
+
logger.info({ filePath: this.config.filePath }, 'Key file does not exist, starting fresh');
|
|
348
|
+
return;
|
|
349
|
+
}
|
|
350
|
+
let content = await fs.readFile(this.config.filePath, 'utf-8');
|
|
351
|
+
// Decrypt if encryption is enabled
|
|
352
|
+
if (this.config.encryptAtRest && this.config.encryptionKey) {
|
|
353
|
+
content = await this.decrypt(content);
|
|
354
|
+
}
|
|
355
|
+
const data = JSON.parse(content);
|
|
356
|
+
this.activeKeyId = data.activeKeyId;
|
|
357
|
+
for (const key of data.keys) {
|
|
358
|
+
this.keys.set(key.keyId, key);
|
|
359
|
+
}
|
|
360
|
+
logger.info({ filePath: this.config.filePath, keyCount: this.keys.size }, 'Keys loaded from file');
|
|
361
|
+
}
|
|
362
|
+
catch (error) {
|
|
363
|
+
logger.error({ error, filePath: this.config.filePath }, 'Failed to load keys from file');
|
|
364
|
+
throw error;
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
async saveToFile() {
|
|
368
|
+
if (!this.config.filePath) {
|
|
369
|
+
throw new Error('File path not configured');
|
|
370
|
+
}
|
|
371
|
+
try {
|
|
372
|
+
const fs = await import('node:fs/promises');
|
|
373
|
+
const path = await import('node:path');
|
|
374
|
+
const data = {
|
|
375
|
+
activeKeyId: this.activeKeyId,
|
|
376
|
+
keys: Array.from(this.keys.values()),
|
|
377
|
+
};
|
|
378
|
+
let content = JSON.stringify(data, null, 2);
|
|
379
|
+
// Encrypt if encryption is enabled
|
|
380
|
+
if (this.config.encryptAtRest && this.config.encryptionKey) {
|
|
381
|
+
content = await this.encrypt(content);
|
|
382
|
+
}
|
|
383
|
+
// Ensure directory exists
|
|
384
|
+
const dir = path.dirname(this.config.filePath);
|
|
385
|
+
await fs.mkdir(dir, { recursive: true });
|
|
386
|
+
await fs.writeFile(this.config.filePath, content, 'utf-8');
|
|
387
|
+
logger.debug({ filePath: this.config.filePath }, 'Keys saved to file');
|
|
388
|
+
}
|
|
389
|
+
catch (error) {
|
|
390
|
+
logger.error({ error, filePath: this.config.filePath }, 'Failed to save keys to file');
|
|
391
|
+
throw error;
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
async loadFromEnv() {
|
|
395
|
+
const prefix = this.config.envPrefix ?? 'AUDIT_KEY';
|
|
396
|
+
// Look for AUDIT_KEY_PRIVATE and AUDIT_KEY_PUBLIC
|
|
397
|
+
const privateKeyEnv = process.env[`${prefix}_PRIVATE`];
|
|
398
|
+
const publicKeyEnv = process.env[`${prefix}_PUBLIC`];
|
|
399
|
+
const keyIdEnv = process.env[`${prefix}_ID`] ?? 'env-key';
|
|
400
|
+
if (privateKeyEnv && publicKeyEnv) {
|
|
401
|
+
const keyPair = {
|
|
402
|
+
keyId: keyIdEnv,
|
|
403
|
+
publicKey: publicKeyEnv,
|
|
404
|
+
privateKey: privateKeyEnv,
|
|
405
|
+
algorithm: 'Ed25519',
|
|
406
|
+
createdAt: new Date().toISOString(),
|
|
407
|
+
rotationSequence: 0,
|
|
408
|
+
active: true,
|
|
409
|
+
};
|
|
410
|
+
this.keys.set(keyPair.keyId, keyPair);
|
|
411
|
+
this.activeKeyId = keyPair.keyId;
|
|
412
|
+
logger.info({ keyId: keyPair.keyId }, 'Key loaded from environment');
|
|
413
|
+
}
|
|
414
|
+
else {
|
|
415
|
+
logger.warn({ prefix }, 'No keys found in environment variables');
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
async initializeHSM() {
|
|
419
|
+
if (!this.hsmProvider) {
|
|
420
|
+
throw new Error('HSM provider not configured');
|
|
421
|
+
}
|
|
422
|
+
const connected = await this.hsmProvider.isConnected();
|
|
423
|
+
if (!connected) {
|
|
424
|
+
throw new Error('HSM is not connected');
|
|
425
|
+
}
|
|
426
|
+
const keys = await this.hsmProvider.listKeys();
|
|
427
|
+
if (keys.length > 0) {
|
|
428
|
+
this.activeKeyId = keys[0] ?? null;
|
|
429
|
+
}
|
|
430
|
+
logger.info({ provider: this.hsmProvider.name, keyCount: keys.length }, 'HSM initialized');
|
|
431
|
+
}
|
|
432
|
+
async generateKeyInHSM(keyId) {
|
|
433
|
+
if (!this.hsmProvider) {
|
|
434
|
+
throw new Error('HSM provider not configured');
|
|
435
|
+
}
|
|
436
|
+
const generatedKeyId = keyId ?? `hsm-key-${crypto.randomUUID()}`;
|
|
437
|
+
const publicKeyInfo = await this.hsmProvider.generateKeyPair(generatedKeyId);
|
|
438
|
+
// For HSM, we don't have direct access to private key
|
|
439
|
+
const keyPair = {
|
|
440
|
+
keyId: publicKeyInfo.keyId,
|
|
441
|
+
publicKey: publicKeyInfo.publicKey,
|
|
442
|
+
privateKey: '', // HSM-managed, not exposed
|
|
443
|
+
algorithm: 'Ed25519',
|
|
444
|
+
createdAt: publicKeyInfo.createdAt,
|
|
445
|
+
expiresAt: publicKeyInfo.expiresAt,
|
|
446
|
+
rotationSequence: publicKeyInfo.rotationSequence,
|
|
447
|
+
active: true,
|
|
448
|
+
};
|
|
449
|
+
if (!this.activeKeyId) {
|
|
450
|
+
this.activeKeyId = keyPair.keyId;
|
|
451
|
+
}
|
|
452
|
+
logger.info({ keyId: keyPair.keyId }, 'Generated key in HSM');
|
|
453
|
+
return keyPair;
|
|
454
|
+
}
|
|
455
|
+
// Simple encryption/decryption for file storage (uses AES-256-GCM)
|
|
456
|
+
async encrypt(data) {
|
|
457
|
+
if (!this.config.encryptionKey) {
|
|
458
|
+
throw new Error('Encryption key not configured');
|
|
459
|
+
}
|
|
460
|
+
// Derive a key from the encryption key
|
|
461
|
+
const keyMaterial = new TextEncoder().encode(this.config.encryptionKey);
|
|
462
|
+
const hashBuffer = await crypto.subtle.digest('SHA-256', keyMaterial);
|
|
463
|
+
const key = await crypto.subtle.importKey('raw', hashBuffer, { name: 'AES-GCM' }, false, ['encrypt']);
|
|
464
|
+
const iv = crypto.getRandomValues(new Uint8Array(12));
|
|
465
|
+
const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, new TextEncoder().encode(data));
|
|
466
|
+
// Combine IV and ciphertext
|
|
467
|
+
const combined = new Uint8Array(iv.length + encrypted.byteLength);
|
|
468
|
+
combined.set(iv);
|
|
469
|
+
combined.set(new Uint8Array(encrypted), iv.length);
|
|
470
|
+
return Buffer.from(combined).toString('base64');
|
|
471
|
+
}
|
|
472
|
+
async decrypt(data) {
|
|
473
|
+
if (!this.config.encryptionKey) {
|
|
474
|
+
throw new Error('Encryption key not configured');
|
|
475
|
+
}
|
|
476
|
+
// Derive a key from the encryption key
|
|
477
|
+
const keyMaterial = new TextEncoder().encode(this.config.encryptionKey);
|
|
478
|
+
const hashBuffer = await crypto.subtle.digest('SHA-256', keyMaterial);
|
|
479
|
+
const key = await crypto.subtle.importKey('raw', hashBuffer, { name: 'AES-GCM' }, false, ['decrypt']);
|
|
480
|
+
const combined = Buffer.from(data, 'base64');
|
|
481
|
+
const iv = combined.slice(0, 12);
|
|
482
|
+
const ciphertext = combined.slice(12);
|
|
483
|
+
const decrypted = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext);
|
|
484
|
+
return new TextDecoder().decode(decrypted);
|
|
485
|
+
}
|
|
486
|
+
}
|
|
487
|
+
/**
|
|
488
|
+
* Create a new key manager instance
|
|
489
|
+
*/
|
|
490
|
+
export function createKeyManager(config) {
|
|
491
|
+
return new KeyManager(config);
|
|
492
|
+
}
|
|
493
|
+
/**
|
|
494
|
+
* Create a mock HSM provider for testing
|
|
495
|
+
*/
|
|
496
|
+
export function createMockHSMProvider() {
|
|
497
|
+
const keys = new Map();
|
|
498
|
+
return {
|
|
499
|
+
name: 'MockHSM',
|
|
500
|
+
async isConnected() {
|
|
501
|
+
return true;
|
|
502
|
+
},
|
|
503
|
+
async generateKeyPair(keyId) {
|
|
504
|
+
const keyPair = await generateKeyPair(keyId);
|
|
505
|
+
keys.set(keyId, {
|
|
506
|
+
public: keyPair.publicKey,
|
|
507
|
+
private: keyPair.privateKey,
|
|
508
|
+
});
|
|
509
|
+
return extractPublicKeyInfo(keyPair);
|
|
510
|
+
},
|
|
511
|
+
async sign(keyId, data) {
|
|
512
|
+
const keyData = keys.get(keyId);
|
|
513
|
+
if (!keyData) {
|
|
514
|
+
throw new Error(`Key not found in HSM: ${keyId}`);
|
|
515
|
+
}
|
|
516
|
+
const jose = await import('jose');
|
|
517
|
+
const privateJwk = JSON.parse(Buffer.from(keyData.private, 'base64').toString());
|
|
518
|
+
const privateKey = await jose.importJWK(privateJwk, 'EdDSA');
|
|
519
|
+
const jws = await new jose.CompactSign(data)
|
|
520
|
+
.setProtectedHeader({ alg: 'EdDSA' })
|
|
521
|
+
.sign(privateKey);
|
|
522
|
+
const parts = jws.split('.');
|
|
523
|
+
return Buffer.from(parts[2], 'base64url');
|
|
524
|
+
},
|
|
525
|
+
async verify(keyId, data, signature) {
|
|
526
|
+
const keyData = keys.get(keyId);
|
|
527
|
+
if (!keyData) {
|
|
528
|
+
throw new Error(`Key not found in HSM: ${keyId}`);
|
|
529
|
+
}
|
|
530
|
+
try {
|
|
531
|
+
const jose = await import('jose');
|
|
532
|
+
const publicJwk = JSON.parse(Buffer.from(keyData.public, 'base64').toString());
|
|
533
|
+
const publicKey = await jose.importJWK(publicJwk, 'EdDSA');
|
|
534
|
+
const header = Buffer.from(JSON.stringify({ alg: 'EdDSA' })).toString('base64url');
|
|
535
|
+
const payload = Buffer.from(data).toString('base64url');
|
|
536
|
+
const sig = Buffer.from(signature).toString('base64url');
|
|
537
|
+
const jws = `${header}.${payload}.${sig}`;
|
|
538
|
+
await jose.compactVerify(jws, publicKey);
|
|
539
|
+
return true;
|
|
540
|
+
}
|
|
541
|
+
catch {
|
|
542
|
+
return false;
|
|
543
|
+
}
|
|
544
|
+
},
|
|
545
|
+
async getPublicKey(keyId) {
|
|
546
|
+
const keyData = keys.get(keyId);
|
|
547
|
+
if (!keyData)
|
|
548
|
+
return null;
|
|
549
|
+
return {
|
|
550
|
+
keyId,
|
|
551
|
+
publicKey: keyData.public,
|
|
552
|
+
algorithm: 'Ed25519',
|
|
553
|
+
createdAt: new Date().toISOString(),
|
|
554
|
+
rotationSequence: 0,
|
|
555
|
+
};
|
|
556
|
+
},
|
|
557
|
+
async deleteKey(keyId) {
|
|
558
|
+
return keys.delete(keyId);
|
|
559
|
+
},
|
|
560
|
+
async listKeys() {
|
|
561
|
+
return Array.from(keys.keys());
|
|
562
|
+
},
|
|
563
|
+
};
|
|
564
|
+
}
|
|
565
|
+
//# sourceMappingURL=key-manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"key-manager.js","sourceRoot":"","sources":["../../src/audit/key-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAUnD,MAAM,MAAM,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;AAE1D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAc;IAClD,iEAAiE;IACjE,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAElC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE;QACpE,GAAG,EAAE,SAAS;QACd,WAAW,EAAE,IAAI,EAAE,iCAAiC;KACrD,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAEpD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,cAAc,GAAG,KAAK,IAAI,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;IAE7D,OAAO;QACL,KAAK,EAAE,cAAc;QACrB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACpE,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACtE,SAAS,EAAE,SAAS;QACpB,SAAS,EAAE,GAAG;QACd,gBAAgB,EAAE,CAAC;QACnB,MAAM,EAAE,IAAI;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAqB;IACxD,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,UAAU;IACb,IAAI,GAA8B,IAAI,GAAG,EAAE,CAAC;IAC5C,WAAW,GAAkB,IAAI,CAAC;IAClC,MAAM,CAAmB;IACzB,WAAW,GAAuB,IAAI,CAAC;IAE/C,YAAY,SAA2B,EAAE,IAAI,EAAE,QAAQ,EAAE;QACvD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACxC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACzB,KAAK,QAAQ;gBACX,qCAAqC;gBACrC,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,MAAM;YAER,KAAK,MAAM;gBACT,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC1B,MAAM;YAER,KAAK,KAAK;gBACR,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;gBACzB,MAAM;YAER,KAAK,KAAK;gBACR,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,MAAM;YAER;gBACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,KAAc;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,wBAAwB,CAAC,CAAC;QAChE,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,OAAqB;QAClC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAEtC,QAAQ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACzB,KAAK,MAAM;gBACT,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;gBACxB,MAAM;YACR,2BAA2B;YAC3B,oCAAoC;QACtC,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,YAAY,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,wDAAwD;YACxD,4CAA4C;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,KAAa;QAC9B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1B,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAa;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,kBAAkB,KAAK,EAAE,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAA2B;QACzC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,aAAa,EAAE,EAAE;gBACjB,QAAQ,EAAE,EAAE;gBACZ,gBAAgB,EAAE,CAAC;gBACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,MAAM,EAAE,CAAC,yBAAyB,CAAC;aACpC,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,WAAW,EAAE,gBAAgB,IAAI,CAAC,CAAC;QAE5D,mCAAmC;QACnC,IAAI,UAAwB,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,UAAU,GAAG;gBACX,GAAG,OAAO,CAAC,UAAU;gBACrB,gBAAgB,EAAE,gBAAgB,GAAG,CAAC;gBACtC,MAAM,EAAE,IAAI;aACb,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAM,eAAe,EAAE,CAAC;YACrC,UAAU,CAAC,gBAAgB,GAAG,gBAAgB,GAAG,CAAC,CAAC;QACrD,CAAC;QAED,qBAAqB;QACrB,IAAI,WAAW,EAAE,CAAC;YAChB,WAAW,CAAC,MAAM,GAAG,KAAK,CAAC;YAC3B,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACnC,CAAC;QAED,6BAA6B;QAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAChC,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC;QAEpC,MAAM,CAAC,IAAI,CACT;YACE,aAAa;YACb,QAAQ,EAAE,UAAU,CAAC,KAAK;YAC1B,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;YAC7C,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,EACD,aAAa,CACd,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,aAAa;YACb,QAAQ,EAAE,UAAU,CAAC,KAAK;YAC1B,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;YAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ;QACZ,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QACrC,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrC,MAAM,UAAU,GAAoB,EAAE,CAAC;QAEvC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,MAAM,EAAE,CAAC;gBACX,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,KAAa;QAC3B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,OAAO,IAAI,IAAI,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;YAC1C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,wBAAwB,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,IAAgB,EAAE,KAAc;QACzC,MAAM,WAAW,GAAG,KAAK,IAAI,IAAI,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kBAAkB,WAAW,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAE7D,uBAAuB;QACvB,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;aACzC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,kCAAkC;QAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,OAAO,MAAM,CAAC,IAAI,CAAC,SAAU,EAAE,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,IAAgB,EAAE,SAAqB,EAAE,KAAa;QACjE,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,kBAAkB,KAAK,EAAE,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAClF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAE3D,uCAAuC;YACvC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACnF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACxD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACzD,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;YAE1C,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,CAAC;IACjE,CAAC;IAED,mCAAmC;IAE3B,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;YAEzF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,yCAAyC,CAAC,CAAC;gBAC3F,OAAO;YACT,CAAC;YAED,IAAI,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAE/D,mCAAmC;YACnC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC3D,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACxC,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAG9B,CAAC;YAEF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;YACpC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,CAAC,IAAI,CACT,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAC5D,uBAAuB,CACxB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,+BAA+B,CAAC,CAAC;YACzF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;YAEvC,MAAM,IAAI,GAAG;gBACX,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;aACrC,CAAC;YAEF,IAAI,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YAE5C,mCAAmC;YACnC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC3D,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACxC,CAAC;YAED,0BAA0B;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEzC,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAE3D,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,oBAAoB,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,6BAA6B,CAAC,CAAC;YACvF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,WAAW,CAAC;QAEpD,kDAAkD;QAClD,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,UAAU,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,KAAK,CAAC,IAAI,SAAS,CAAC;QAE1D,IAAI,aAAa,IAAI,YAAY,EAAE,CAAC;YAClC,MAAM,OAAO,GAAiB;gBAC5B,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,YAAY;gBACvB,UAAU,EAAE,aAAa;gBACzB,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,gBAAgB,EAAE,CAAC;gBACnB,MAAM,EAAE,IAAI;aACb,CAAC;YAEF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACtC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC;YAEjC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,6BAA6B,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,wCAAwC,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QACvD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC/C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QACrC,CAAC;QAED,MAAM,CAAC,IAAI,CACT,EAAE,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,EAC1D,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,KAAc;QAC3C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,cAAc,GAAG,KAAK,IAAI,WAAW,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE7E,sDAAsD;QACtD,MAAM,OAAO,GAAiB;YAC5B,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,UAAU,EAAE,EAAE,EAAE,2BAA2B;YAC3C,SAAS,EAAE,SAAS;YACpB,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,SAAS,EAAE,aAAa,CAAC,SAAS;YAClC,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;YAChD,MAAM,EAAE,IAAI;SACb,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,sBAAsB,CAAC,CAAC;QAC9D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,mEAAmE;IAC3D,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,uCAAuC;QACvC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACxE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,UAAU,EACV,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;QAEF,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAC/B,CAAC;QAEF,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAClE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjB,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QAED,uCAAuC;QACvC,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACxE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,UAAU,EACV,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAEtC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,GAAG,EACH,UAAU,CACX,CAAC;QAEF,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAyB;IACxD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAA+C,CAAC;IAEpE,OAAO;QACL,IAAI,EAAE,SAAS;QAEf,KAAK,CAAC,WAAW;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,KAAa;YACjC,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC;YAC7C,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE;gBACd,MAAM,EAAE,OAAO,CAAC,SAAS;gBACzB,OAAO,EAAE,OAAO,CAAC,UAAU;aAC5B,CAAC,CAAC;YACH,OAAO,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,IAAgB;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YACjF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAE7D,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;iBACzC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;iBACpC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,WAAW,CAAC,CAAC;QAC7C,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,IAAgB,EAAE,SAAqB;YACjE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC/E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAE3D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBACnF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBACzD,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,GAAG,EAAE,CAAC;gBAE1C,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBACzC,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,KAAa;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;YAE1B,OAAO;gBACL,KAAK;gBACL,SAAS,EAAE,OAAO,CAAC,MAAM;gBACzB,SAAS,EAAE,SAAS;gBACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,gBAAgB,EAAE,CAAC;aACpB,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,KAAa;YAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,CAAC;QAED,KAAK,CAAC,QAAQ;YACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACjC,CAAC;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -43,8 +43,39 @@ export declare class RuleEvaluator {
|
|
|
43
43
|
private evaluateRule;
|
|
44
44
|
/**
|
|
45
45
|
* Evaluate a condition expression string
|
|
46
|
+
* Supports: boolean literals, field comparisons, logical operators (AND, OR, NOT)
|
|
47
|
+
* Examples:
|
|
48
|
+
* - "true", "false"
|
|
49
|
+
* - "entity.trustScore > 300"
|
|
50
|
+
* - "intent.context.amount <= 1000"
|
|
51
|
+
* - "entity.type == 'agent' AND entity.trustScore >= 500"
|
|
52
|
+
* - "NOT intent.context.restricted"
|
|
46
53
|
*/
|
|
47
54
|
private evaluateExpression;
|
|
55
|
+
/**
|
|
56
|
+
* Tokenize expression string
|
|
57
|
+
*/
|
|
58
|
+
private tokenize;
|
|
59
|
+
/**
|
|
60
|
+
* Parse OR expression (lowest precedence)
|
|
61
|
+
*/
|
|
62
|
+
private parseOrExpression;
|
|
63
|
+
/**
|
|
64
|
+
* Parse AND expression
|
|
65
|
+
*/
|
|
66
|
+
private parseAndExpression;
|
|
67
|
+
/**
|
|
68
|
+
* Parse NOT expression
|
|
69
|
+
*/
|
|
70
|
+
private parseNotExpression;
|
|
71
|
+
/**
|
|
72
|
+
* Parse comparison expression
|
|
73
|
+
*/
|
|
74
|
+
private parseComparison;
|
|
75
|
+
/**
|
|
76
|
+
* Parse a value (field path, literal, or number)
|
|
77
|
+
*/
|
|
78
|
+
private parseValue;
|
|
48
79
|
/**
|
|
49
80
|
* Determine the final action from all rule results
|
|
50
81
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/basis/evaluator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAEV,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAKpB;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAAyC;IAE3D;;OAEG;IACH,iBAAiB,CAAC,SAAS,EAAE,aAAa,GAAG,IAAI;IAKjD;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvC;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAqDrE;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAe1B;;OAEG;IACH,OAAO,CAAC,WAAW;IAmCnB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoCzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAcpB;;OAEG;YACW,YAAY;
|
|
1
|
+
{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/basis/evaluator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAEV,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAKpB;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAAyC;IAE3D;;OAEG;IACH,iBAAiB,CAAC,SAAS,EAAE,aAAa,GAAG,IAAI;IAKjD;;OAEG;IACH,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvC;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAqDrE;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAe1B;;OAEG;IACH,OAAO,CAAC,WAAW;IAmCnB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAoCzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAcpB;;OAEG;YACW,YAAY;IAmC1B;;;;;;;;;OASG;IACH,OAAO,CAAC,kBAAkB;IA2B1B;;OAEG;IACH,OAAO,CAAC,QAAQ;IAsDhB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAqB1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAc1B;;OAEG;IACH,OAAO,CAAC,eAAe;IA8DvB;;OAEG;IACH,OAAO,CAAC,UAAU;IA6BlB;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAwB7B;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,aAAa,CAE/C"}
|