@winbit32/wallet-kit 0.1.0

package/dist/cosign/transports.js

@@ -0,0 +1,426 @@
+"use strict";
+/**
+ * @fileoverview Pluggable transport layer for the WB32COSIGN MPC relay.
+ *
+ * A framework-agnostic port of WINBIT32's `cosignTransports`, trimmed to the
+ * transports an online initiator needs and with `fetch` injected (rather
+ * than a global) so the module stays host-portable and testable. Works in
+ * browsers and Node ≥ 18 (BroadcastChannel, Web Streams and WebCrypto are
+ * global there; WebRTC is browser-only and skipped automatically).
+ *
+ * Each transport moves an already-encrypted opaque body between two roles
+ * (`init` / `cosign`); the relay/MPC layer above is responsible for crypto.
+ *
+ * Included:
+ *   - BroadcastChannelTransport — same-origin / same-device (zero config).
+ *   - HttpRelayTransport        — cross-device via any WB32COSIGN relay
+ *                                 (Secresea's API mounts one at /api/cosign).
+ *   - WebRTCTransport           — peer-to-peer data channel, signalled over the
+ *                                 relay; low-latency once the P2P link is up.
+ *   - MultiTransport            — fan-out send, merge receive.
+ *
+ * Deferred (airgap copy-paste only; not required online): ManualTransport.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createDefaultTransports = exports.isWebRtcSupported = exports.WebRTCTransport = exports.MultiTransport = exports.HttpRelayTransport = exports.BroadcastChannelTransport = void 0;
+// ── BroadcastChannel (same-origin, zero config) ──────────────────────
+class BroadcastChannelTransport {
+    constructor(sessionId) {
+        this.name = 'BroadcastChannel (local)';
+        this.inbox = new Map();
+        this.channel = new BroadcastChannel(`wb32cosign-${sessionId}`);
+        this.channel.onmessage = (ev) => {
+            const { to, body } = ev.data || {};
+            if (!to || !body)
+                return;
+            const queue = this.inbox.get(to) || [];
+            queue.push(body);
+            this.inbox.set(to, queue);
+        };
+        // Node's BroadcastChannel keeps the event loop alive; the ceremony's
+        // polling drives all work, so the channel must not hold the process
+        // open. No-op in browsers (no unref there).
+        this.channel.unref?.();
+    }
+    async send(from, to, encryptedBody) {
+        this.channel.postMessage({ from, to, body: encryptedBody });
+    }
+    async receive(myRole) {
+        const queue = this.inbox.get(myRole) || [];
+        if (queue.length === 0)
+            return [];
+        this.inbox.set(myRole, []);
+        return queue;
+    }
+    close() {
+        this.channel.close();
+    }
+}
+exports.BroadcastChannelTransport = BroadcastChannelTransport;
+// ── HTTP relay (cross-device) ────────────────────────────────────────
+const RELAY_START_RETRIES = 2;
+const RATE_LIMIT_INITIAL_DELAY_MS = 2000;
+const RATE_LIMIT_MAX_DELAY_MS = 30000;
+/** Parse an integer `Retry-After` (seconds), clamped so a bad server can't stall us. */
+const parseRetryAfterSeconds = (header) => {
+    if (!header)
+        return null;
+    const n = parseInt(header.trim(), 10);
+    if (!Number.isFinite(n) || n < 0)
+        return null;
+    return Math.min(n, RATE_LIMIT_MAX_DELAY_MS / 1000);
+};
+/** Exponential "do not call before" window shared across one relay origin. */
+class RateLimitBackoff {
+    constructor() {
+        this.notBeforeMs = 0;
+        this.nextDelayMs = RATE_LIMIT_INITIAL_DELAY_MS;
+    }
+    delayBeforeNext() {
+        const remaining = this.notBeforeMs - Date.now();
+        return remaining > 0 ? remaining : 0;
+    }
+    noteRateLimited(retryAfterSeconds) {
+        const explicitMs = retryAfterSeconds !== null ? retryAfterSeconds * 1000 : this.nextDelayMs;
+        this.notBeforeMs = Date.now() + explicitMs;
+        this.nextDelayMs = Math.min(this.nextDelayMs * 2, RATE_LIMIT_MAX_DELAY_MS);
+    }
+    noteOk() {
+        this.notBeforeMs = 0;
+        this.nextDelayMs = RATE_LIMIT_INITIAL_DELAY_MS;
+    }
+}
+const sleepForBackoff = async (backoff) => {
+    const wait = backoff.delayBeforeNext();
+    if (wait > 0)
+        await new Promise((r) => setTimeout(r, wait));
+};
+class HttpRelayTransport {
+    constructor(relayUrl, sessionId, fetchImpl) {
+        this.started = false;
+        this.backoff = new RateLimitBackoff();
+        this.relayUrl = relayUrl.replace(/\/+$/, '');
+        this.sessionId = sessionId;
+        this.fetchImpl = fetchImpl;
+        this.name = `HTTP relay (${this.relayUrl.replace(/^https?:\/\//, '').split('/')[0] || 'same-origin'})`;
+    }
+    async ensureSession() {
+        if (this.started)
+            return;
+        for (let attempt = 0; attempt <= RELAY_START_RETRIES; attempt++) {
+            await sleepForBackoff(this.backoff);
+            try {
+                const resp = await this.fetchImpl(`${this.relayUrl}/${this.sessionId}`, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify([]),
+                });
+                if (resp.ok || resp.status === 201 || resp.status === 409) {
+                    this.started = true;
+                    this.backoff.noteOk();
+                    return;
+                }
+                if (resp.status === 429) {
+                    this.backoff.noteRateLimited(parseRetryAfterSeconds(resp.headers.get('Retry-After')));
+                    continue;
+                }
+            }
+            catch (err) {
+                console.warn(`[cosign/relay] ensureSession attempt ${attempt}:`, err?.message);
+            }
+        }
+        this.started = true;
+    }
+    async send(from, to, encryptedBody) {
+        await this.ensureSession();
+        await sleepForBackoff(this.backoff);
+        const response = await this.fetchImpl(`${this.relayUrl}/message/${this.sessionId}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ session_id: this.sessionId, from, to: [to], body: encryptedBody }),
+        });
+        if (response.status === 429) {
+            this.backoff.noteRateLimited(parseRetryAfterSeconds(response.headers.get('Retry-After')));
+            return; // soft failure — MPC layer retries on its next round-trip
+        }
+        if (!response.ok) {
+            const text = await response.text().catch(() => '');
+            throw new Error(`Relay send failed: ${response.status} ${text}`);
+        }
+        this.backoff.noteOk();
+    }
+    async receive(myRole) {
+        await this.ensureSession();
+        await sleepForBackoff(this.backoff);
+        const response = await this.fetchImpl(`${this.relayUrl}/message/${this.sessionId}/${encodeURIComponent(myRole)}`, { method: 'GET' });
+        if (response.status === 429) {
+            this.backoff.noteRateLimited(parseRetryAfterSeconds(response.headers.get('Retry-After')));
+            return [];
+        }
+        if (!response.ok) {
+            if (response.status === 404)
+                return [];
+            throw new Error(`Relay receive failed: ${response.status}`);
+        }
+        this.backoff.noteOk();
+        return response.json();
+    }
+    close() {
+        /* nothing to clean up */
+    }
+}
+exports.HttpRelayTransport = HttpRelayTransport;
+// ── Multi-transport (fan-out send, merge receive) ────────────────────
+class MultiTransport {
+    constructor(transports) {
+        this.transports = transports;
+        this.name = transports.map((t) => t.name).join(' + ');
+    }
+    async send(from, to, encryptedBody) {
+        await Promise.allSettled(this.transports.map((t) => t.send(from, to, encryptedBody)));
+    }
+    async receive(myRole) {
+        const settled = await Promise.allSettled(this.transports.map((t) => t.receive(myRole)));
+        const all = [];
+        for (const r of settled)
+            if (r.status === 'fulfilled')
+                all.push(...r.value);
+        return all;
+    }
+    close() {
+        for (const t of this.transports)
+            t.close();
+    }
+}
+exports.MultiTransport = MultiTransport;
+const SIGNAL_POLL_MS = 800;
+const ICE_SERVERS = [
+    { urls: 'stun:stun.l.google.com:19302' },
+    { urls: 'stun:stun1.l.google.com:19302' },
+];
+/**
+ * Direct peer-to-peer transport over an `RTCDataChannel`. The offer/answer/ICE
+ * handshake is signalled through the same WB32COSIGN relay (distinct
+ * `signal-init`/`signal-cosign` roles) so no extra server is needed. `send()`
+ * is fail-fast — it silently drops while the channel isn't open — so this is
+ * safe to combine with {@link HttpRelayTransport} inside a {@link MultiTransport}:
+ * the relay is the always-on fabric, WebRTC opportunistically short-circuits it.
+ *
+ * Ported from WINBIT32's transport with `fetch` injected (Secresea keeps the
+ * module host-portable). Only meaningful in a browser with `RTCPeerConnection`;
+ * callers must guard creation in non-DOM environments.
+ */
+class WebRTCTransport {
+    constructor(sessionId, relayUrl, fetchImpl, myRole, opts) {
+        this.name = 'WebRTC (peer-to-peer)';
+        this.dc = null;
+        this.inbox = new Map();
+        this.closed = false;
+        this.signalPollTimer = null;
+        this.iceCandidateQueue = [];
+        this.remoteDescSet = false;
+        this.signalBackoff = new RateLimitBackoff();
+        this.sessionId = sessionId;
+        this.relayUrl = relayUrl.replace(/\/+$/, '');
+        this.fetchImpl = fetchImpl;
+        this.myRole = myRole;
+        this.peerRole = myRole === 'init' ? 'cosign' : 'init';
+        this.onOpen = opts?.onOpen;
+        this.pc = new RTCPeerConnection({ iceServers: ICE_SERVERS });
+        this.pc.onicecandidate = (ev) => {
+            if (ev.candidate) {
+                void this.postSignal({ type: 'candidate', candidate: ev.candidate.toJSON() });
+            }
+        };
+        if (myRole === 'init') {
+            this.dc = this.pc.createDataChannel('mpc', { ordered: true });
+            this.setupDataChannel(this.dc);
+            void this.startOffer();
+        }
+        else {
+            this.pc.ondatachannel = (ev) => {
+                this.dc = ev.channel;
+                this.setupDataChannel(this.dc);
+            };
+            this.pollSignals();
+        }
+    }
+    setupDataChannel(dc) {
+        dc.onopen = () => {
+            if (this.signalPollTimer) {
+                clearInterval(this.signalPollTimer);
+                this.signalPollTimer = null;
+            }
+            try {
+                this.onOpen?.();
+            }
+            catch { /* listener errors shouldn't break the channel */ }
+        };
+        dc.onmessage = (ev) => {
+            try {
+                const { to, body } = JSON.parse(ev.data) || {};
+                if (to && body) {
+                    const queue = this.inbox.get(to) || [];
+                    queue.push(body);
+                    this.inbox.set(to, queue);
+                }
+            }
+            catch { /* skip malformed */ }
+        };
+        dc.onclose = () => { this.closed = true; };
+        dc.onerror = (err) => { console.warn(`[cosign/webrtc] data channel error (${this.myRole}):`, err); };
+    }
+    async startOffer() {
+        const offer = await this.pc.createOffer();
+        await this.pc.setLocalDescription(offer);
+        await this.postSignal({ type: 'offer', sdp: offer.sdp });
+        this.pollSignals();
+    }
+    async postSignal(envelope) {
+        try {
+            await this.fetchImpl(`${this.relayUrl}/message/${this.sessionId}`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    session_id: this.sessionId,
+                    from: `signal-${this.myRole}`,
+                    to: [`signal-${this.peerRole}`],
+                    body: JSON.stringify(envelope),
+                }),
+            });
+        }
+        catch (err) {
+            console.warn('[cosign/webrtc] signal post failed:', err?.message);
+        }
+    }
+    pollSignals() {
+        if (this.signalPollTimer)
+            return;
+        this.signalPollTimer = setInterval(() => void this.fetchSignals(), SIGNAL_POLL_MS);
+        void this.fetchSignals();
+    }
+    async fetchSignals() {
+        if (this.closed) {
+            if (this.signalPollTimer) {
+                clearInterval(this.signalPollTimer);
+                this.signalPollTimer = null;
+            }
+            return;
+        }
+        // Honour any active 429 cooldown so an un-establishable P2P link can't
+        // hammer the relay's signal endpoint.
+        if (this.signalBackoff.delayBeforeNext() > 0)
+            return;
+        try {
+            const resp = await this.fetchImpl(`${this.relayUrl}/message/${this.sessionId}/signal-${this.myRole}`, { method: 'GET' });
+            if (resp.status === 429) {
+                this.signalBackoff.noteRateLimited(parseRetryAfterSeconds(resp.headers.get('Retry-After')));
+                return;
+            }
+            if (!resp.ok)
+                return;
+            this.signalBackoff.noteOk();
+            const messages = await resp.json();
+            for (const raw of messages) {
+                await this.handleSignal(JSON.parse(raw));
+            }
+        }
+        catch { /* network error — retry next tick */ }
+    }
+    async handleSignal(sig) {
+        if (sig.type === 'offer' && this.myRole !== 'init') {
+            await this.pc.setRemoteDescription({ type: 'offer', sdp: sig.sdp });
+            this.remoteDescSet = true;
+            for (const c of this.iceCandidateQueue)
+                await this.pc.addIceCandidate(c);
+            this.iceCandidateQueue = [];
+            const answer = await this.pc.createAnswer();
+            await this.pc.setLocalDescription(answer);
+            await this.postSignal({ type: 'answer', sdp: answer.sdp });
+        }
+        else if (sig.type === 'answer' && this.myRole === 'init') {
+            await this.pc.setRemoteDescription({ type: 'answer', sdp: sig.sdp });
+            this.remoteDescSet = true;
+            for (const c of this.iceCandidateQueue)
+                await this.pc.addIceCandidate(c);
+            this.iceCandidateQueue = [];
+        }
+        else if (sig.type === 'candidate' && sig.candidate) {
+            if (this.remoteDescSet)
+                await this.pc.addIceCandidate(sig.candidate);
+            else
+                this.iceCandidateQueue.push(sig.candidate);
+        }
+    }
+    /** True once the data channel has reached 'open'. */
+    isOpen() {
+        return !!this.dc && this.dc.readyState === 'open';
+    }
+    async send(from, to, encryptedBody) {
+        // Fail-fast: never block on channel readiness so this is safe to fan out
+        // alongside the HTTP relay; the relay (or a resend) delivers if P2P isn't up.
+        if (!this.dc || this.dc.readyState !== 'open')
+            return;
+        try {
+            this.dc.send(JSON.stringify({ from, to, body: encryptedBody }));
+        }
+        catch (err) {
+            console.warn('[cosign/webrtc] send failed:', err?.message);
+        }
+    }
+    async receive(myRole) {
+        const queue = this.inbox.get(myRole) || [];
+        if (queue.length === 0)
+            return [];
+        this.inbox.set(myRole, []);
+        return queue;
+    }
+    close() {
+        this.closed = true;
+        if (this.signalPollTimer) {
+            clearInterval(this.signalPollTimer);
+            this.signalPollTimer = null;
+        }
+        if (this.dc) {
+            try {
+                this.dc.close();
+            }
+            catch { /* */ }
+        }
+        try {
+            this.pc.close();
+        }
+        catch { /* */ }
+    }
+}
+exports.WebRTCTransport = WebRTCTransport;
+/** WebRTC is only usable where the browser exposes `RTCPeerConnection`. */
+const isWebRtcSupported = () => typeof RTCPeerConnection !== 'undefined';
+exports.isWebRtcSupported = isWebRtcSupported;
+/**
+ * Build the standard transport stack: BroadcastChannel (same device), an
+ * opportunistic WebRTC peer-to-peer leg (low latency once open) and an HTTP
+ * relay leg (always-on fallback) when a relay URL is supplied. BroadcastChannel
+ * short-circuits when both parties share an origin; WebRTC is skipped silently
+ * where `RTCPeerConnection` is unavailable (SSR/tests) or `myRole` is unknown.
+ */
+const createDefaultTransports = (opts) => {
+    // Validate before allocating any transport so a config error can't leak
+    // an open BroadcastChannel (which would hold a Node process alive).
+    if (opts.relayBaseUrl && !opts.fetchImpl) {
+        throw new Error('createDefaultTransports: fetchImpl is required when relayBaseUrl is set');
+    }
+    const bc = new BroadcastChannelTransport(opts.sessionId);
+    if (!opts.relayBaseUrl || !opts.fetchImpl)
+        return bc;
+    const fetchImpl = opts.fetchImpl;
+    const relay = new HttpRelayTransport(opts.relayBaseUrl, opts.sessionId, fetchImpl);
+    const legs = [bc];
+    if (opts.myRole && (0, exports.isWebRtcSupported)()) {
+        legs.push(new WebRTCTransport(opts.sessionId, opts.relayBaseUrl, fetchImpl, opts.myRole, { onOpen: opts.onWebRtcOpen }));
+    }
+    legs.push(relay);
+    return new MultiTransport(legs);
+};
+exports.createDefaultTransports = createDefaultTransports;
+//# sourceMappingURL=transports.js.map

package/dist/cosign/transports.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transports.js","sourceRoot":"","sources":["../../src/cosign/transports.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AAWH,wEAAwE;AAExE,MAAa,yBAAyB;IAKrC,YAAY,SAAiB;QAJpB,SAAI,GAAG,0BAA0B,CAAC;QAEnC,UAAK,GAA0B,IAAI,GAAG,EAAE,CAAC;QAGhD,IAAI,CAAC,OAAO,GAAG,IAAI,gBAAgB,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;QAC/D,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,EAAgB,EAAE,EAAE;YAC7C,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC;YACnC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI;gBAAE,OAAO;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC,CAAC;QACF,qEAAqE;QACrE,oEAAoE;QACpE,4CAA4C;QAC3C,IAAI,CAAC,OAA6C,CAAC,KAAK,EAAE,EAAE,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,EAAU,EAAE,aAAqB;QACzD,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,KAAK;QACJ,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;CACD;AAlCD,8DAkCC;AAED,wEAAwE;AAExE,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAC9B,MAAM,2BAA2B,GAAG,IAAK,CAAC;AAC1C,MAAM,uBAAuB,GAAG,KAAM,CAAC;AAEvC,wFAAwF;AACxF,MAAM,sBAAsB,GAAG,CAAC,MAAqB,EAAiB,EAAE;IACvE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,GAAG,IAAI,CAAC,CAAC;AACpD,CAAC,CAAC;AAEF,8EAA8E;AAC9E,MAAM,gBAAgB;IAAtB;QACS,gBAAW,GAAG,CAAC,CAAC;QAChB,gBAAW,GAAG,2BAA2B,CAAC;IAiBnD,CAAC;IAfA,eAAe;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAChD,OAAO,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IAED,eAAe,CAAC,iBAAgC;QAC/C,MAAM,UAAU,GAAG,iBAAiB,KAAK,IAAI,CAAC,CAAC,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC;QAC5F,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,GAAG,CAAC,EAAE,uBAAuB,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM;QACL,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,2BAA2B,CAAC;IAChD,CAAC;CACD;AAED,MAAM,eAAe,GAAG,KAAK,EAAE,OAAyB,EAAiB,EAAE;IAC1E,MAAM,IAAI,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACvC,IAAI,IAAI,GAAG,CAAC;QAAE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC7D,CAAC,CAAC;AAEF,MAAa,kBAAkB;IAQ9B,YAAY,QAAgB,EAAE,SAAiB,EAAE,SAAuB;QAHhE,YAAO,GAAG,KAAK,CAAC;QAChB,YAAO,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAGxC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,IAAI,GAAG,eAAe,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,aAAa,GAAG,CAAC;IACxG,CAAC;IAEO,KAAK,CAAC,aAAa;QAC1B,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,mBAAmB,EAAE,OAAO,EAAE,EAAE;YAChE,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,EAAE;oBACvE,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;iBACxB,CAAC,CAAC;gBACH,IAAI,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,EAAE;oBAC1D,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;oBACpB,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACtB,OAAO;iBACP;gBACD,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,EAAE;oBACxB,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;oBACtF,SAAS;iBACT;aACD;YAAC,OAAO,GAAG,EAAE;gBACb,OAAO,CAAC,IAAI,CAAC,wCAAwC,OAAO,GAAG,EAAG,GAAa,EAAE,OAAO,CAAC,CAAC;aAC1F;SACD;QACD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,EAAU,EAAE,aAAqB;QACzD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,SAAS,EAAE,EAAE;YACnF,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;SACzF,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC5B,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,sBAAsB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YAC1F,OAAO,CAAC,0DAA0D;SAClE;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;SACjE;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC3B,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CACpC,GAAG,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAC1E,EAAE,MAAM,EAAE,KAAK,EAAE,CACjB,CAAC;QACF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;YAC5B,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,sBAAsB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YAC1F,OAAO,EAAE,CAAC;SACV;QACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;SAC5D;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,KAAK;QACJ,yBAAyB;IAC1B,CAAC;CACD;AAlFD,gDAkFC;AAED,wEAAwE;AAExE,MAAa,cAAc;IAI1B,YAAY,UAA6B;QACxC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,EAAU,EAAE,aAAqB;QACzD,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACvF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACxF,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAC5E,OAAO,GAAG,CAAC;IACZ,CAAC;IAED,KAAK;QACJ,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU;YAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IAC5C,CAAC;CACD;AAvBD,wCAuBC;AAMD,MAAM,cAAc,GAAG,GAAG,CAAC;AAC3B,MAAM,WAAW,GAAmB;IACnC,EAAE,IAAI,EAAE,8BAA8B,EAAE;IACxC,EAAE,IAAI,EAAE,+BAA+B,EAAE;CACzC,CAAC;AAQF;;;;;;;;;;;GAWG;AACH,MAAa,eAAe;IAiB3B,YACC,SAAiB,EACjB,QAAgB,EAChB,SAAuB,EACvB,MAAkB,EAClB,IAA8B;QArBtB,SAAI,GAAG,uBAAuB,CAAC;QAEhC,OAAE,GAA0B,IAAI,CAAC;QACjC,UAAK,GAA0B,IAAI,GAAG,EAAE,CAAC;QAMzC,WAAM,GAAG,KAAK,CAAC;QACf,oBAAe,GAA0C,IAAI,CAAC;QAC9D,sBAAiB,GAA0B,EAAE,CAAC;QAC9C,kBAAa,GAAG,KAAK,CAAC;QACtB,kBAAa,GAAG,IAAI,gBAAgB,EAAE,CAAC;QAU9C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC;QAE3B,IAAI,CAAC,EAAE,GAAG,IAAI,iBAAiB,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC;QAE7D,IAAI,CAAC,EAAE,CAAC,cAAc,GAAG,CAAC,EAAE,EAAE,EAAE;YAC/B,IAAI,EAAE,CAAC,SAAS,EAAE;gBACjB,KAAK,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;aAC9E;QACF,CAAC,CAAC;QAEF,IAAI,MAAM,KAAK,MAAM,EAAE;YACtB,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9D,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/B,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;SACvB;aAAM;YACN,IAAI,CAAC,EAAE,CAAC,aAAa,GAAG,CAAC,EAAE,EAAE,EAAE;gBAC9B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC;gBACrB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChC,CAAC,CAAC;YACF,IAAI,CAAC,WAAW,EAAE,CAAC;SACnB;IACF,CAAC;IAEO,gBAAgB,CAAC,EAAkB;QAC1C,EAAE,CAAC,MAAM,GAAG,GAAG,EAAE;YAChB,IAAI,IAAI,CAAC,eAAe,EAAE;gBAAE,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;aAAE;YAC/F,IAAI;gBAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;aAAE;YAAC,MAAM,EAAE,iDAAiD,EAAE;QACrF,CAAC,CAAC;QACF,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,EAAE,EAAE;YACrB,IAAI;gBACH,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/C,IAAI,EAAE,IAAI,IAAI,EAAE;oBACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;oBACvC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACjB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;iBAC1B;aACD;YAAC,MAAM,EAAE,oBAAoB,EAAE;QACjC,CAAC,CAAC;QACF,EAAE,CAAC,OAAO,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAC3C,EAAE,CAAC,OAAO,GAAG,CAAC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,uCAAuC,IAAI,CAAC,MAAM,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtG,CAAC;IAEO,KAAK,CAAC,UAAU;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC,WAAW,EAAE,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,QAAwB;QAChD,IAAI;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,SAAS,EAAE,EAAE;gBAClE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACpB,UAAU,EAAE,IAAI,CAAC,SAAS;oBAC1B,IAAI,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;oBAC7B,EAAE,EAAE,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;iBAC9B,CAAC;aACF,CAAC,CAAC;SACH;QAAC,OAAO,GAAG,EAAE;YACb,OAAO,CAAC,IAAI,CAAC,qCAAqC,EAAG,GAAa,EAAE,OAAO,CAAC,CAAC;SAC7E;IACF,CAAC;IAEO,WAAW;QAClB,IAAI,IAAI,CAAC,eAAe;YAAE,OAAO;QACjC,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,IAAI,CAAC,YAAY,EAAE,EAAE,cAAc,CAAC,CAAC;QACnF,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,YAAY;QACzB,IAAI,IAAI,CAAC,MAAM,EAAE;YAChB,IAAI,IAAI,CAAC,eAAe,EAAE;gBAAE,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;aAAE;YAC/F,OAAO;SACP;QACD,uEAAuE;QACvE,sCAAsC;QACtC,IAAI,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,GAAG,CAAC;YAAE,OAAO;QACrD,IAAI;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,SAAS,WAAW,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YACzH,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,EAAE;gBACxB,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;gBAC5F,OAAO;aACP;YACD,IAAI,CAAC,IAAI,CAAC,EAAE;gBAAE,OAAO;YACrB,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAa,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAC7C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE;gBAC3B,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC,CAAC;aAC3D;SACD;QAAC,MAAM,EAAE,qCAAqC,EAAE;IAClD,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAAmB;QAC7C,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE;YACnD,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzE,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;YAC5C,MAAM,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;SAC3D;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE;YAC3D,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,iBAAiB;gBAAE,MAAM,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACzE,IAAI,CAAC,iBAAiB,GAAG,EAAE,CAAC;SAC5B;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,SAAS,EAAE;YACrD,IAAI,IAAI,CAAC,aAAa;gBAAE,MAAM,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;;gBAChE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;SAChD;IACF,CAAC;IAED,qDAAqD;IACrD,MAAM;QACL,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,MAAM,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,EAAU,EAAE,aAAqB;QACzD,yEAAyE;QACzE,8EAA8E;QAC9E,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,MAAM;YAAE,OAAO;QACtD,IAAI;YACH,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;SAChE;QAAC,OAAO,GAAG,EAAE;YACb,OAAO,CAAC,IAAI,CAAC,8BAA8B,EAAG,GAAa,EAAE,OAAO,CAAC,CAAC;SACtE;IACF,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAClC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,KAAK;QACJ,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,IAAI,CAAC,eAAe,EAAE;YAAE,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAAC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;SAAE;QAC/F,IAAI,IAAI,CAAC,EAAE,EAAE;YAAE,IAAI;gBAAE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;aAAE;YAAC,MAAM,EAAE,KAAK,EAAE;SAAE;QACzD,IAAI;YAAE,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;SAAE;QAAC,MAAM,EAAE,KAAK,EAAE;IACzC,CAAC;CACD;AA7KD,0CA6KC;AAED,2EAA2E;AACpE,MAAM,iBAAiB,GAAG,GAAY,EAAE,CAC9C,OAAO,iBAAiB,KAAK,WAAW,CAAC;AAD7B,QAAA,iBAAiB,qBACY;AAmB1C;;;;;;GAMG;AACI,MAAM,uBAAuB,GAAG,CAAC,IAA6B,EAAmB,EAAE;IACzF,wEAAwE;IACxE,oEAAoE;IACpE,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC3F;IACD,MAAM,EAAE,GAAG,IAAI,yBAAyB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzD,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAEnF,MAAM,IAAI,GAAsB,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,IAAI,CAAC,MAAM,IAAI,IAAA,yBAAiB,GAAE,EAAE;QACvC,IAAI,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;KACzH;IACD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjB,OAAO,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC,CAAC;AAjBW,QAAA,uBAAuB,2BAiBlC"}

package/dist/cosign/vaultShare.d.ts

@@ -0,0 +1,65 @@
+/**
+ * @fileoverview Loader for a single WINBIT32 vault co-signing share (`.wult`).
+ *
+ * Load ONE Orchard FROST share, then co-sign a shielded transaction with a
+ * WINBIT32 cosigner ("cosign.exe") on another device over the WB32COSIGN
+ * relay the NFPT API hosts at `/api/cosign`. Works in browsers and Node ≥ 18
+ * (atob/btoa + WebCrypto are global in both).
+ *
+ * The on-disk `.wult` format is owned by WINBIT32's `vaultWrapperFormat.js`.
+ * This module is a faithful, byte-compatible port of the *load* path so a
+ * share exported from WINBIT32 opens here unchanged:
+ *
+ *   {
+ *     "type": "winbit32-vault-v2",
+ *     "version": 2,
+ *     "vaultData": "<base64 Vultisig SDK protobuf export>",
+ *     "encrypted": <bool>,
+ *     "crossChainIdentity"?: { "hexChainCode", "publicKeyEcdsa" },
+ *     "frost": { "orchard"?: <JSON | "salt.iv.ct">, "sapling"?: ... }
+ *   }
+ *
+ * When `encrypted` is true each FROST payload is PBKDF2-SHA-256 (600k iters) →
+ * AES-GCM-256, packed as `base64(salt).base64(iv).base64(ciphertext)`. These
+ * parameters MUST match WINBIT32 exactly, hence the constants below are not
+ * configurable.
+ *
+ * Scope note: native Vultisig `.vult` files (Orchard via the SDK's
+ * `chainKeyShares`) need the Vultisig SDK + frozto WASM to unpack and are
+ * handled in a later phase; this loader covers the `.wult` wrapper only.
+ */
+export declare const VAULT_V2_TYPE = "winbit32-vault-v2";
+/** Opaque Orchard FROST key bundle (shape owned by the orchard FROST WASM). */
+export type OrchardFrostBundle = Record<string, unknown>;
+export interface CrossChainIdentity {
+    hexChainCode: string;
+    publicKeyEcdsa: string;
+}
+export interface LoadedVaultShare {
+    /** base64 Vultisig SDK protobuf export (transparent/EVM shares). */
+    sdkVaultString: string;
+    /** Decrypted Orchard FROST bundle, or null if the file carries none. */
+    orchardFrost: OrchardFrostBundle | null;
+    /** Opaque base64 Sapling FROST bundle, or null. */
+    saplingBundleBase64: string | null;
+    /** Chain code + ECDSA pubkey for deterministic Zcash/UA derivation. */
+    crossChainIdentity: CrossChainIdentity | null;
+    /** Whether the file required (and was opened with) a password. */
+    encrypted: boolean;
+}
+/** Cheap structural sniff for a `.wult` v2 wrapper (never throws). */
+export declare const isWrappedVault: (content: unknown) => boolean;
+/**
+ * Load a `.wult` share, decrypting its FROST payloads when a password is set.
+ * Throws if the content isn't a v2 wrapper or the password is wrong.
+ *
+ * Individual payload decryption failures (e.g. a corrupt Sapling blob) leave
+ * that field null rather than aborting the whole load — matching WINBIT32 — so
+ * a usable Orchard share still opens.
+ */
+export declare const unwrapVaultShare: (content: string, password?: string) => Promise<LoadedVaultShare>;
+export declare const __test_internals: {
+    frostEncrypt: (jsonStr: string, password: string) => Promise<string>;
+    frostDecrypt: (encoded: string, password: string) => Promise<string>;
+};
+//# sourceMappingURL=vaultShare.d.ts.map

package/dist/cosign/vaultShare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vaultShare.d.ts","sourceRoot":"","sources":["../../src/cosign/vaultShare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAGH,eAAO,MAAM,aAAa,sBAAsB,CAAC;AAGjD,+EAA+E;AAC/E,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEzD,MAAM,WAAW,kBAAkB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAChC,oEAAoE;IACpE,cAAc,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,YAAY,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACxC,mDAAmD;IACnD,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,uEAAuE;IACvE,kBAAkB,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAC9C,kEAAkE;IAClE,SAAS,EAAE,OAAO,CAAC;CACnB;AAyED,sEAAsE;AACtE,eAAO,MAAM,cAAc,YAAa,OAAO,KAAG,OAOjD,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,YAAmB,MAAM,aAAa,MAAM,KAAG,QAAQ,gBAAgB,CA8CnG,CAAC;AAGF,eAAO,MAAM,gBAAgB;4BA3GQ,MAAM,YAAY,MAAM,KAAG,QAAQ,MAAM,CAAC;4BAiB1C,MAAM,YAAY,MAAM,KAAG,QAAQ,MAAM,CAAC;CA0FjB,CAAC"}