@wlfi-agent/cli 1.4.17 → 1.4.18

package/packages/cache/dist/chunk-QNK6GOTI.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/service/index.ts"],"sourcesContent":["import { createHash, randomBytes, randomUUID } from 'node:crypto';\nimport type Redis from 'ioredis';\nimport { getCacheClient } from '../client/index.js';\nimport { CacheError, cacheErrorCodes, toCacheError } from '../errors/index.js';\n\nexport const relayApprovalStatuses = [\n  'pending',\n  'approved',\n  'rejected',\n  'completed',\n  'expired',\n] as const;\nexport type RelayApprovalStatus = (typeof relayApprovalStatuses)[number];\n\nexport const relayUpdateStatuses = [\n  'pending',\n  'inflight',\n  'applied',\n  'rejected',\n  'failed',\n] as const;\nexport type RelayUpdateStatus = (typeof relayUpdateStatuses)[number];\n\nexport interface RelayDaemonProfile {\n  daemonId: string;\n  daemonPublicKey: string;\n  ethereumAddress: string;\n  label?: string;\n  lastSeenAt: string;\n  registeredAt: string;\n  relayUrl?: string;\n  signerBackend?: string;\n  status: 'active' | 'paused';\n  updatedAt: string;\n  version?: string;\n}\n\nexport interface RelayPolicyRecord {\n  action: string;\n  amountMaxWei?: string;\n  amountMinWei?: string;\n  chainId?: number;\n  daemonId: string;\n  destination: string;\n  metadata?: Record<string, string>;\n  policyId: string;\n  requiresManualApproval: boolean;\n  scope: 'default' | 'override';\n  tokenAddress?: string;\n  updatedAt: string;\n}\n\nexport interface RelayAgentKeyRecord {\n  agentKeyId: string;\n  createdAt?: string;\n  daemonId: string;\n  label?: string;\n  metadata?: Record<string, string>;\n  status: 'active' | 'revoked';\n  updatedAt: string;\n}\n\nexport interface RelayApprovalRequestRecord {\n  agentKeyId?: string;\n  amountWei?: string;\n  approvalRequestId: string;\n  chainId?: number;\n  daemonId: string;\n  destination: string;\n  metadata?: Record<string, string>;\n  network?: string;\n  reason?: string;\n  requestedAt: string;\n  status: RelayApprovalStatus;\n  tokenAddress?: string;\n  transactionType: string;\n  updatedAt: string;\n}\n\nexport interface RelayEncryptedPayload {\n  aadBase64?: string;\n  algorithm: string;\n  ciphertextBase64: string;\n  contentSha256Hex?: string;\n  encapsulatedKeyBase64: string;\n  nonceBase64: string;\n  schemaVersion: number;\n}\n\nexport interface RelayUpdateFeedbackRecord {\n  daemonId: string;\n  details?: Record<string, string>;\n  feedbackAt: string;\n  message?: string;\n  status: Extract<RelayUpdateStatus, 'applied' | 'failed' | 'rejected'>;\n  updateId: string;\n}\n\nexport interface RelayEncryptedUpdateRecord {\n  claimToken?: string;\n  claimUntil?: string;\n  createdAt: string;\n  daemonId: string;\n  feedback?: RelayUpdateFeedbackRecord;\n  lastDeliveredAt?: string;\n  metadata?: Record<string, string>;\n  payload: RelayEncryptedPayload;\n  status: RelayUpdateStatus;\n  targetApprovalRequestId?: string;\n  type: string;\n  updateId: string;\n  updatedAt: string;\n}\n\nexport interface SyncDaemonRegistrationInput {\n  agentKeys?: RelayAgentKeyRecord[];\n  approvalRequests?: RelayApprovalRequestRecord[];\n  daemon: RelayDaemonProfile;\n  policies?: RelayPolicyRecord[];\n}\n\nexport interface ApprovalRequestFilters {\n  daemonId?: string;\n  destination?: string;\n  limit?: number;\n  status?: RelayApprovalStatus;\n  tokenAddress?: string;\n}\n\nexport interface CreateEncryptedUpdateInput {\n  daemonId: string;\n  metadata?: Record<string, string>;\n  payload: RelayEncryptedPayload;\n  targetApprovalRequestId?: string;\n  type: string;\n  updateId?: string;\n}\n\nexport interface ClaimEncryptedUpdatesInput {\n  daemonId: string;\n  leaseSeconds?: number;\n  limit?: number;\n}\n\nexport interface SubmitUpdateFeedbackInput {\n  claimToken: string;\n  daemonId: string;\n  details?: Record<string, string>;\n  message?: string;\n  status: Extract<RelayUpdateStatus, 'applied' | 'failed' | 'rejected'>;\n  updateId: string;\n}\n\nexport interface ApprovalCapabilityFailureRecord {\n  attempts: number;\n  blockedUntil?: string;\n  firstFailedAt: string;\n  lastFailedAt: string;\n}\n\nexport interface RecordApprovalCapabilityFailureResult {\n  attempts: number;\n  blocked: boolean;\n  blockedUntil: string | null;\n}\n\ninterface JsonCache {\n  del(key: string): Promise<number>;\n  get(key: string): Promise<string | null>;\n  ping(): Promise<string>;\n  quit(): Promise<string>;\n  sadd(key: string, ...members: string[]): Promise<number>;\n  set(key: string, value: string, mode?: 'NX' | 'XX'): Promise<'OK' | null>;\n  smembers(key: string): Promise<string[]>;\n  zadd(key: string, ...args: (string | number)[]): Promise<number>;\n  zrange(key: string, start: number, stop: number, ...args: string[]): Promise<string[]>;\n  zrem(key: string, ...members: string[]): Promise<number>;\n}\n\nconst defaultNamespace = 'wlfi:relay';\nconst approvalCapabilityFailureWindowMs = 5 * 60 * 1000;\nconst approvalCapabilityMaxFailures = 5;\nconst approvalCapabilityBlockWindowMs = 10 * 60 * 1000;\n\nconst toIsoTimestamp = (value = new Date()): string => value.toISOString();\n\nconst dedupe = <T>(values: T[]): T[] => [...new Set(values)];\n\nconst matchesOptionalFilter = (\n  value: string | undefined,\n  expected: string | undefined,\n): boolean => {\n  if (!expected) {\n    return true;\n  }\n\n  return value?.toLowerCase() === expected.toLowerCase();\n};\n\nconst clampLimit = (limit: number | undefined, fallback: number, max: number): number => {\n  if (!limit || Number.isNaN(limit)) {\n    return fallback;\n  }\n\n  return Math.max(1, Math.min(limit, max));\n};\n\nconst createApprovalCapabilityToken = (): string => randomBytes(32).toString('hex');\n\nconst approvalCapabilityHash = (token: string): string =>\n  createHash('sha256').update(token, 'utf8').digest('hex');\n\nconst isActiveApprovalUpdateRecord = (\n  record: RelayEncryptedUpdateRecord | null | undefined,\n  approvalRequestId: string,\n): record is RelayEncryptedUpdateRecord =>\n  Boolean(\n    record &&\n      record.type === 'manual_approval_decision' &&\n      record.targetApprovalRequestId === approvalRequestId &&\n      (record.status === 'pending' || record.status === 'inflight'),\n  );\n\nconst preserveRotatedApprovalCapability = (\n  incoming: RelayApprovalRequestRecord,\n  existing: RelayApprovalRequestRecord | null,\n): RelayApprovalRequestRecord => {\n  const existingMetadata = existing?.metadata;\n  const incomingMetadata = incoming.metadata;\n  const preservedCapabilityToken = existingMetadata?.approvalCapabilityToken?.trim();\n  const preservedCapabilityHash = existingMetadata?.approvalCapabilityHash?.trim();\n\n  if (!preservedCapabilityToken && !preservedCapabilityHash) {\n    return incoming;\n  }\n\n  return {\n    ...incoming,\n    metadata: {\n      ...(incomingMetadata ?? {}),\n      ...(preservedCapabilityToken\n        ? { approvalCapabilityToken: preservedCapabilityToken }\n        : {}),\n      ...(preservedCapabilityHash ? { approvalCapabilityHash: preservedCapabilityHash } : {}),\n    },\n  };\n};\n\nexport class RelayCacheService {\n  private readonly client: JsonCache;\n  private readonly namespace: string;\n\n  constructor(options: { client?: Redis; namespace?: string } = {}) {\n    this.client = (options.client ?? getCacheClient()) as unknown as JsonCache;\n    this.namespace = options.namespace ?? defaultNamespace;\n  }\n\n  async ping(): Promise<string> {\n    try {\n      return await this.client.ping();\n    } catch (error) {\n      throw toCacheError(error, { operation: 'ping' });\n    }\n  }\n\n  async syncDaemonRegistration(input: SyncDaemonRegistrationInput): Promise<{\n    agentKeyCount: number;\n    approvalRequestCount: number;\n    policyCount: number;\n  }> {\n    const profile = {\n      ...input.daemon,\n      lastSeenAt: input.daemon.lastSeenAt || toIsoTimestamp(),\n      updatedAt: input.daemon.updatedAt || toIsoTimestamp(),\n    } satisfies RelayDaemonProfile;\n\n    try {\n      await this.writeJson(this.daemonProfileKey(profile.daemonId), profile);\n      await this.client.sadd(this.daemonIndexKey(), profile.daemonId);\n\n      if (input.policies) {\n        const policies = input.policies.map((policy) => ({\n          ...policy,\n          daemonId: profile.daemonId,\n        }));\n        await this.writeJson(this.daemonPoliciesKey(profile.daemonId), policies);\n      }\n\n      if (input.agentKeys) {\n        const agentKeys = input.agentKeys.map((agentKey) => ({\n          ...agentKey,\n          daemonId: profile.daemonId,\n        }));\n        await this.writeJson(this.daemonAgentKeysKey(profile.daemonId), agentKeys);\n      }\n\n      if (input.approvalRequests) {\n        for (const approvalRequest of input.approvalRequests) {\n          const existing = await this.readJson<RelayApprovalRequestRecord>(\n            this.approvalKey(approvalRequest.approvalRequestId),\n          );\n          const normalized = preserveRotatedApprovalCapability(\n            { ...approvalRequest, daemonId: profile.daemonId },\n            existing,\n          );\n          await this.writeJson(this.approvalKey(normalized.approvalRequestId), normalized);\n          await this.client.zadd(\n            this.daemonApprovalsKey(profile.daemonId),\n            Date.parse(normalized.requestedAt),\n            normalized.approvalRequestId,\n          );\n        }\n      }\n\n      return {\n        agentKeyCount: input.agentKeys?.length ?? 0,\n        approvalRequestCount: input.approvalRequests?.length ?? 0,\n        policyCount: input.policies?.length ?? 0,\n      };\n    } catch (error) {\n      throw toCacheError(error, {\n        key: this.daemonProfileKey(profile.daemonId),\n        operation: 'syncDaemonRegistration',\n      });\n    }\n  }\n\n  async listDaemons(): Promise<RelayDaemonProfile[]> {\n    const daemonIds = await this.client.smembers(this.daemonIndexKey());\n    const profiles = await Promise.all(\n      daemonIds.map((daemonId) =>\n        this.readJson<RelayDaemonProfile>(this.daemonProfileKey(daemonId)),\n      ),\n    );\n\n    return profiles.filter((profile): profile is RelayDaemonProfile => Boolean(profile));\n  }\n\n  async getDaemonProfile(daemonId: string): Promise<RelayDaemonProfile | null> {\n    return await this.readJson<RelayDaemonProfile>(this.daemonProfileKey(daemonId));\n  }\n\n  async getDaemonPolicies(daemonId: string): Promise<RelayPolicyRecord[]> {\n    return (await this.readJson<RelayPolicyRecord[]>(this.daemonPoliciesKey(daemonId))) ?? [];\n  }\n\n  async getDaemonAgentKeys(daemonId: string): Promise<RelayAgentKeyRecord[]> {\n    return (await this.readJson<RelayAgentKeyRecord[]>(this.daemonAgentKeysKey(daemonId))) ?? [];\n  }\n\n  async getApprovalRequest(approvalRequestId: string): Promise<RelayApprovalRequestRecord | null> {\n    return await this.readJson<RelayApprovalRequestRecord>(this.approvalKey(approvalRequestId));\n  }\n\n  async listApprovalRequests(\n    filters: ApprovalRequestFilters = {},\n  ): Promise<RelayApprovalRequestRecord[]> {\n    const limit = clampLimit(filters.limit, 100, 500);\n    const daemonIds = filters.daemonId\n      ? [filters.daemonId]\n      : await this.client.smembers(this.daemonIndexKey());\n    const requestIdsByDaemon = await Promise.all(\n      daemonIds.map((daemonId) =>\n        this.client.zrange(this.daemonApprovalsKey(daemonId), 0, limit * 2, 'REV'),\n      ),\n    );\n    const requestIds = dedupe(requestIdsByDaemon.flat()).slice(0, limit * 3);\n    const requests = await Promise.all(\n      requestIds.map((requestId) =>\n        this.readJson<RelayApprovalRequestRecord>(this.approvalKey(requestId)),\n      ),\n    );\n\n    return requests\n      .filter((request): request is RelayApprovalRequestRecord => Boolean(request))\n      .filter((request) => (filters.daemonId ? request.daemonId === filters.daemonId : true))\n      .filter((request) => (filters.status ? request.status === filters.status : true))\n      .filter((request) => matchesOptionalFilter(request.destination, filters.destination))\n      .filter((request) => matchesOptionalFilter(request.tokenAddress, filters.tokenAddress))\n      .sort((left, right) => Date.parse(right.requestedAt) - Date.parse(left.requestedAt))\n      .slice(0, limit);\n  }\n\n  async createEncryptedUpdate(\n    input: CreateEncryptedUpdateInput,\n  ): Promise<RelayEncryptedUpdateRecord> {\n    if (input.type === 'manual_approval_decision') {\n      if (!input.targetApprovalRequestId) {\n        throw new CacheError({\n          code: cacheErrorCodes.invalidPayload,\n          message: 'Manual approval updates require a target approval request id',\n          operation: 'createEncryptedUpdate',\n        });\n      }\n\n      const approvalKey = this.approvalKey(input.targetApprovalRequestId);\n      const approval = await this.readJson<RelayApprovalRequestRecord>(approvalKey);\n      if (!approval) {\n        throw new CacheError({\n          code: cacheErrorCodes.notFound,\n          key: approvalKey,\n          message: `Unknown approval '${input.targetApprovalRequestId}'`,\n          operation: 'createEncryptedUpdate',\n        });\n      }\n\n      if (approval.daemonId !== input.daemonId) {\n        throw new CacheError({\n          code: cacheErrorCodes.invalidPayload,\n          key: approvalKey,\n          message: `Approval '${input.targetApprovalRequestId}' belongs to daemon '${approval.daemonId}', not '${input.daemonId}'`,\n          operation: 'createEncryptedUpdate',\n        });\n      }\n\n      if (approval.status !== 'pending') {\n        throw new CacheError({\n          code: cacheErrorCodes.invalidPayload,\n          key: approvalKey,\n          message: `Approval '${input.targetApprovalRequestId}' is '${approval.status}' and cannot accept new updates`,\n          operation: 'createEncryptedUpdate',\n        });\n      }\n    }\n\n    const updateId = input.updateId ?? randomUUID();\n    const now = toIsoTimestamp();\n    const record: RelayEncryptedUpdateRecord = {\n      createdAt: now,\n      daemonId: input.daemonId,\n      metadata: input.metadata,\n      payload: input.payload,\n      status: 'pending',\n      targetApprovalRequestId: input.targetApprovalRequestId,\n      type: input.type,\n      updateId,\n      updatedAt: now,\n    };\n\n    const activeApprovalKey =\n      input.type === 'manual_approval_decision' && input.targetApprovalRequestId\n        ? this.activeApprovalUpdateKey(input.targetApprovalRequestId)\n        : null;\n    const updateKey = this.updateKey(updateId);\n    let ownsActiveApprovalSlot = false;\n\n    await this.writeJson(updateKey, record);\n\n    try {\n      if (activeApprovalKey) {\n        const reserved = await this.client.set(activeApprovalKey, updateId, 'NX');\n        if (reserved !== 'OK') {\n          const existingUpdateId = await this.client.get(activeApprovalKey);\n          const existingRecord = existingUpdateId\n            ? await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(existingUpdateId))\n            : null;\n\n          if (isActiveApprovalUpdateRecord(existingRecord, input.targetApprovalRequestId!)) {\n            throw new CacheError({\n              code: cacheErrorCodes.invalidPayload,\n              key: activeApprovalKey,\n              message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,\n              operation: 'createEncryptedUpdate',\n            });\n          }\n\n          await this.client.del(activeApprovalKey);\n          const retriedReservation = await this.client.set(activeApprovalKey, updateId, 'NX');\n          if (retriedReservation !== 'OK') {\n            throw new CacheError({\n              code: cacheErrorCodes.invalidPayload,\n              key: activeApprovalKey,\n              message: `Approval '${input.targetApprovalRequestId}' already has a queued operator update`,\n              operation: 'createEncryptedUpdate',\n            });\n          }\n        }\n\n        ownsActiveApprovalSlot = true;\n      }\n\n      await this.client.zadd(this.daemonUpdatesKey(input.daemonId), Date.now(), updateId);\n    } catch (error) {\n      await this.client.del(updateKey);\n      if (activeApprovalKey && ownsActiveApprovalSlot) {\n        await this.client.del(activeApprovalKey);\n      }\n      throw error;\n    }\n\n    return record;\n  }\n\n  async hasActiveApprovalUpdate(daemonId: string, approvalRequestId: string): Promise<boolean> {\n    const indexedUpdateId = await this.client.get(this.activeApprovalUpdateKey(approvalRequestId));\n    if (indexedUpdateId) {\n      const indexedRecord = await this.readJson<RelayEncryptedUpdateRecord>(\n        this.updateKey(indexedUpdateId),\n      );\n      if (isActiveApprovalUpdateRecord(indexedRecord, approvalRequestId)) {\n        return true;\n      }\n\n      await this.client.del(this.activeApprovalUpdateKey(approvalRequestId));\n    }\n\n    const updateIds = await this.client.zrange(this.daemonUpdatesKey(daemonId), 0, -1, 'REV');\n\n    for (const updateId of updateIds) {\n      const record = await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n      if (isActiveApprovalUpdateRecord(record, approvalRequestId)) {\n        await this.client.set(this.activeApprovalUpdateKey(approvalRequestId), updateId, 'NX');\n        return true;\n      }\n    }\n\n    return false;\n  }\n\n  async consumeApprovalCapability(\n    approvalRequestId: string,\n    capabilityHash: string,\n  ): Promise<boolean> {\n    try {\n      const result = await this.client.set(\n        this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n        toIsoTimestamp(),\n        'NX',\n      );\n      return result === 'OK';\n    } catch (error) {\n      throw toCacheError(error, {\n        key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n        operation: 'consumeApprovalCapability',\n      });\n    }\n  }\n\n  async releaseApprovalCapabilityConsumption(\n    approvalRequestId: string,\n    capabilityHash: string,\n  ): Promise<void> {\n    try {\n      await this.client.del(this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash));\n    } catch (error) {\n      throw toCacheError(error, {\n        key: this.approvalCapabilityConsumedKey(approvalRequestId, capabilityHash),\n        operation: 'releaseApprovalCapabilityConsumption',\n      });\n    }\n  }\n\n  async clearApprovalCapabilityFailures(approvalRequestId: string): Promise<void> {\n    try {\n      await this.client.del(this.approvalCapabilityFailuresKey(approvalRequestId));\n    } catch (error) {\n      throw toCacheError(error, {\n        key: this.approvalCapabilityFailuresKey(approvalRequestId),\n        operation: 'clearApprovalCapabilityFailures',\n      });\n    }\n  }\n\n  async recordApprovalCapabilityFailure(\n    approvalRequestId: string,\n  ): Promise<RecordApprovalCapabilityFailureResult> {\n    const key = this.approvalCapabilityFailuresKey(approvalRequestId);\n    const now = new Date();\n    const nowMs = now.getTime();\n    const existing = await this.readJson<ApprovalCapabilityFailureRecord>(key);\n\n    if (existing?.blockedUntil && Date.parse(existing.blockedUntil) > nowMs) {\n      return {\n        attempts: existing.attempts,\n        blocked: true,\n        blockedUntil: existing.blockedUntil,\n      };\n    }\n\n    const firstFailedAtMs = existing?.firstFailedAt\n      ? Date.parse(existing.firstFailedAt)\n      : Number.NaN;\n    const withinWindow =\n      Number.isFinite(firstFailedAtMs) &&\n      nowMs - firstFailedAtMs <= approvalCapabilityFailureWindowMs;\n    const attempts = withinWindow && existing ? existing.attempts + 1 : 1;\n    const firstFailedAt = withinWindow && existing ? existing.firstFailedAt : now.toISOString();\n    const blockedUntil =\n      attempts >= approvalCapabilityMaxFailures\n        ? new Date(nowMs + approvalCapabilityBlockWindowMs).toISOString()\n        : undefined;\n\n    await this.writeJson(key, {\n      attempts,\n      blockedUntil,\n      firstFailedAt,\n      lastFailedAt: now.toISOString(),\n    } satisfies ApprovalCapabilityFailureRecord);\n\n    return {\n      attempts,\n      blocked: blockedUntil !== undefined,\n      blockedUntil: blockedUntil ?? null,\n    };\n  }\n\n  async rotateApprovalCapability(approvalRequestId: string): Promise<RelayApprovalRequestRecord> {\n    const key = this.approvalKey(approvalRequestId);\n    const approval = await this.readJson<RelayApprovalRequestRecord>(key);\n\n    if (!approval) {\n      throw new CacheError({\n        code: cacheErrorCodes.notFound,\n        key,\n        message: `Unknown approval '${approvalRequestId}'`,\n        operation: 'rotateApprovalCapability',\n      });\n    }\n\n    if (approval.status !== 'pending') {\n      throw new CacheError({\n        code: cacheErrorCodes.invalidPayload,\n        key,\n        message: `Approval '${approvalRequestId}' is '${approval.status}' and cannot accept a new secure approval link`,\n        operation: 'rotateApprovalCapability',\n      });\n    }\n\n    const capabilityToken = createApprovalCapabilityToken();\n    const nextRecord: RelayApprovalRequestRecord = {\n      ...approval,\n      metadata: {\n        ...(approval.metadata ?? {}),\n        approvalCapabilityHash: approvalCapabilityHash(capabilityToken),\n        approvalCapabilityToken: capabilityToken,\n      },\n      updatedAt: toIsoTimestamp(),\n    };\n\n    await this.writeJson(key, nextRecord);\n    await this.clearApprovalCapabilityFailures(approvalRequestId);\n\n    return nextRecord;\n  }\n\n  async claimEncryptedUpdates(\n    input: ClaimEncryptedUpdatesInput,\n  ): Promise<RelayEncryptedUpdateRecord[]> {\n    const limit = clampLimit(input.limit, 25, 100);\n    const leaseSeconds = clampLimit(input.leaseSeconds, 30, 300);\n    const now = new Date();\n    const nowMs = now.getTime();\n    const claimUntil = new Date(nowMs + leaseSeconds * 1000).toISOString();\n    const updateIds = await this.client.zrange(\n      this.daemonUpdatesKey(input.daemonId),\n      0,\n      limit * 4,\n      'REV',\n    );\n    const claimed: RelayEncryptedUpdateRecord[] = [];\n\n    for (const updateId of updateIds) {\n      if (claimed.length >= limit) {\n        break;\n      }\n\n      const claimLockKey = this.updateClaimLockKey(updateId);\n      let ownsClaimLock = false;\n\n      try {\n        const reserved = await this.client.set(claimLockKey, claimUntil, 'NX');\n        if (reserved !== 'OK') {\n          const existingClaimLockUntil = await this.client.get(claimLockKey);\n          if (\n            existingClaimLockUntil &&\n            Number.isFinite(Date.parse(existingClaimLockUntil)) &&\n            Date.parse(existingClaimLockUntil) > nowMs\n          ) {\n            continue;\n          }\n\n          await this.client.del(claimLockKey);\n          const retriedReservation = await this.client.set(claimLockKey, claimUntil, 'NX');\n          if (retriedReservation !== 'OK') {\n            continue;\n          }\n        }\n\n        ownsClaimLock = true;\n\n        const record = await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n        if (!record) {\n          continue;\n        }\n\n        if (\n          record.status === 'applied' ||\n          record.status === 'failed' ||\n          record.status === 'rejected'\n        ) {\n          continue;\n        }\n\n        if (\n          record.status === 'inflight' &&\n          record.claimUntil &&\n          Date.parse(record.claimUntil) > nowMs\n        ) {\n          continue;\n        }\n\n        const nextRecord: RelayEncryptedUpdateRecord = {\n          ...record,\n          claimToken: randomUUID(),\n          claimUntil,\n          lastDeliveredAt: now.toISOString(),\n          status: 'inflight',\n          updatedAt: now.toISOString(),\n        };\n        await this.writeJson(this.updateKey(updateId), nextRecord);\n        claimed.push(nextRecord);\n      } finally {\n        if (ownsClaimLock) {\n          await this.client.del(claimLockKey);\n        }\n      }\n    }\n\n    return claimed;\n  }\n\n  async submitUpdateFeedback(\n    input: SubmitUpdateFeedbackInput,\n  ): Promise<RelayEncryptedUpdateRecord> {\n    const key = this.updateKey(input.updateId);\n    const record = await this.readJson<RelayEncryptedUpdateRecord>(key);\n\n    if (!record || record.daemonId !== input.daemonId) {\n      throw new CacheError({\n        code: cacheErrorCodes.notFound,\n        key,\n        message: `Unknown update '${input.updateId}' for daemon '${input.daemonId}'`,\n        operation: 'submitUpdateFeedback',\n      });\n    }\n\n    if (!record.claimToken || record.claimToken !== input.claimToken) {\n      throw new CacheError({\n        code: cacheErrorCodes.invalidPayload,\n        key,\n        message: `Claim token mismatch for update '${input.updateId}'`,\n        operation: 'submitUpdateFeedback',\n      });\n    }\n\n    const feedback: RelayUpdateFeedbackRecord = {\n      daemonId: input.daemonId,\n      details: input.details,\n      feedbackAt: toIsoTimestamp(),\n      message: input.message,\n      status: input.status,\n      updateId: input.updateId,\n    };\n    const nextRecord: RelayEncryptedUpdateRecord = {\n      ...record,\n      claimToken: undefined,\n      claimUntil: undefined,\n      feedback,\n      status: input.status,\n      updatedAt: toIsoTimestamp(),\n    };\n\n    await this.writeJson(key, nextRecord);\n    if (record.targetApprovalRequestId && record.type === 'manual_approval_decision') {\n      const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);\n      const indexedUpdateId = await this.client.get(activeApprovalKey);\n      if (indexedUpdateId === input.updateId) {\n        await this.client.del(activeApprovalKey);\n      }\n    }\n    return nextRecord;\n  }\n\n  async getEncryptedUpdate(updateId: string): Promise<RelayEncryptedUpdateRecord | null> {\n    return await this.readJson<RelayEncryptedUpdateRecord>(this.updateKey(updateId));\n  }\n\n  async removeEncryptedUpdate(daemonId: string, updateId: string): Promise<void> {\n    const key = this.updateKey(updateId);\n    const record = await this.readJson<RelayEncryptedUpdateRecord>(key);\n    if (!record || record.daemonId !== daemonId) {\n      throw new CacheError({\n        code: cacheErrorCodes.notFound,\n        key,\n        message: `Unknown update '${updateId}' for daemon '${daemonId}'`,\n        operation: 'removeEncryptedUpdate',\n      });\n    }\n\n    await this.client.zrem(this.daemonUpdatesKey(daemonId), updateId);\n    await this.client.del(key);\n    if (record.targetApprovalRequestId && record.type === 'manual_approval_decision') {\n      const activeApprovalKey = this.activeApprovalUpdateKey(record.targetApprovalRequestId);\n      const indexedUpdateId = await this.client.get(activeApprovalKey);\n      if (indexedUpdateId === updateId) {\n        await this.client.del(activeApprovalKey);\n      }\n    }\n  }\n\n  private readonly daemonIndexKey = (): string => `${this.namespace}:daemons`;\n  private readonly daemonProfileKey = (daemonId: string): string =>\n    `${this.namespace}:daemon:${daemonId}:profile`;\n  private readonly daemonPoliciesKey = (daemonId: string): string =>\n    `${this.namespace}:daemon:${daemonId}:policies`;\n  private readonly daemonAgentKeysKey = (daemonId: string): string =>\n    `${this.namespace}:daemon:${daemonId}:agent-keys`;\n  private readonly daemonApprovalsKey = (daemonId: string): string =>\n    `${this.namespace}:daemon:${daemonId}:approvals`;\n  private readonly daemonUpdatesKey = (daemonId: string): string =>\n    `${this.namespace}:daemon:${daemonId}:updates`;\n  private readonly approvalKey = (approvalRequestId: string): string =>\n    `${this.namespace}:approval:${approvalRequestId}`;\n  private readonly approvalCapabilityConsumedKey = (\n    approvalRequestId: string,\n    capabilityHash: string,\n  ): string =>\n    `${this.namespace}:approval:${approvalRequestId}:capability:${capabilityHash}:consumed`;\n  private readonly approvalCapabilityFailuresKey = (approvalRequestId: string): string =>\n    `${this.namespace}:approval:${approvalRequestId}:capability-failures`;\n  private readonly activeApprovalUpdateKey = (approvalRequestId: string): string =>\n    `${this.namespace}:approval:${approvalRequestId}:active-update`;\n  private readonly updateClaimLockKey = (updateId: string): string =>\n    `${this.namespace}:update:${updateId}:claim-lock`;\n  private readonly updateKey = (updateId: string): string => `${this.namespace}:update:${updateId}`;\n\n  private async readJson<T>(key: string): Promise<T | null> {\n    try {\n      const payload = await this.client.get(key);\n      if (payload === null) {\n        return null;\n      }\n\n      return JSON.parse(payload) as T;\n    } catch (error) {\n      throw toCacheError(error, { key, operation: 'readJson' });\n    }\n  }\n\n  private async writeJson(key: string, value: unknown): Promise<void> {\n    try {\n      await this.client.set(key, JSON.stringify(value));\n    } catch (error) {\n      throw toCacheError(error, { key, operation: 'writeJson' });\n    }\n  }\n}\n\nexport const createRelayCacheService = (options: { client?: Redis; namespace?: string } = {}) => {\n  return new RelayCacheService(options);\n};\n"],"mappings":";;;;;;;;;;AAAA,SAAS,YAAY,aAAa,kBAAkB;AAK7C,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,sBAAsB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AA+JA,IAAM,mBAAmB;AACzB,IAAM,oCAAoC,IAAI,KAAK;AACnD,IAAM,gCAAgC;AACtC,IAAM,kCAAkC,KAAK,KAAK;AAElD,IAAM,iBAAiB,CAAC,QAAQ,oBAAI,KAAK,MAAc,MAAM,YAAY;AAEzE,IAAM,SAAS,CAAI,WAAqB,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC;AAE3D,IAAM,wBAAwB,CAC5B,OACA,aACY;AACZ,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,SAAO,OAAO,YAAY,MAAM,SAAS,YAAY;AACvD;AAEA,IAAM,aAAa,CAAC,OAA2B,UAAkB,QAAwB;AACvF,MAAI,CAAC,SAAS,OAAO,MAAM,KAAK,GAAG;AACjC,WAAO;AAAA,EACT;AAEA,SAAO,KAAK,IAAI,GAAG,KAAK,IAAI,OAAO,GAAG,CAAC;AACzC;AAEA,IAAM,gCAAgC,MAAc,YAAY,EAAE,EAAE,SAAS,KAAK;AAElF,IAAM,yBAAyB,CAAC,UAC9B,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAEzD,IAAM,+BAA+B,CACnC,QACA,sBAEA;AAAA,EACE,UACE,OAAO,SAAS,8BAChB,OAAO,4BAA4B,sBAClC,OAAO,WAAW,aAAa,OAAO,WAAW;AACtD;AAEF,IAAM,oCAAoC,CACxC,UACA,aAC+B;AAC/B,QAAM,mBAAmB,UAAU;AACnC,QAAM,mBAAmB,SAAS;AAClC,QAAM,2BAA2B,kBAAkB,yBAAyB,KAAK;AACjF,QAAM,0BAA0B,kBAAkB,wBAAwB,KAAK;AAE/E,MAAI,CAAC,4BAA4B,CAAC,yBAAyB;AACzD,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU;AAAA,MACR,GAAI,oBAAoB,CAAC;AAAA,MACzB,GAAI,2BACA,EAAE,yBAAyB,yBAAyB,IACpD,CAAC;AAAA,MACL,GAAI,0BAA0B,EAAE,wBAAwB,wBAAwB,IAAI,CAAC;AAAA,IACvF;AAAA,EACF;AACF;AAEO,IAAM,oBAAN,MAAwB;AAAA,EACZ;AAAA,EACA;AAAA,EAEjB,YAAY,UAAkD,CAAC,GAAG;AAChE,SAAK,SAAU,QAAQ,UAAU,eAAe;AAChD,SAAK,YAAY,QAAQ,aAAa;AAAA,EACxC;AAAA,EAEA,MAAM,OAAwB;AAC5B,QAAI;AACF,aAAO,MAAM,KAAK,OAAO,KAAK;AAAA,IAChC,SAAS,OAAO;AACd,YAAM,aAAa,OAAO,EAAE,WAAW,OAAO,CAAC;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,MAAM,uBAAuB,OAI1B;AACD,UAAM,UAAU;AAAA,MACd,GAAG,MAAM;AAAA,MACT,YAAY,MAAM,OAAO,cAAc,eAAe;AAAA,MACtD,WAAW,MAAM,OAAO,aAAa,eAAe;AAAA,IACtD;AAEA,QAAI;AACF,YAAM,KAAK,UAAU,KAAK,iBAAiB,QAAQ,QAAQ,GAAG,OAAO;AACrE,YAAM,KAAK,OAAO,KAAK,KAAK,eAAe,GAAG,QAAQ,QAAQ;AAE9D,UAAI,MAAM,UAAU;AAClB,cAAM,WAAW,MAAM,SAAS,IAAI,CAAC,YAAY;AAAA,UAC/C,GAAG;AAAA,UACH,UAAU,QAAQ;AAAA,QACpB,EAAE;AACF,cAAM,KAAK,UAAU,KAAK,kBAAkB,QAAQ,QAAQ,GAAG,QAAQ;AAAA,MACzE;AAEA,UAAI,MAAM,WAAW;AACnB,cAAM,YAAY,MAAM,UAAU,IAAI,CAAC,cAAc;AAAA,UACnD,GAAG;AAAA,UACH,UAAU,QAAQ;AAAA,QACpB,EAAE;AACF,cAAM,KAAK,UAAU,KAAK,mBAAmB,QAAQ,QAAQ,GAAG,SAAS;AAAA,MAC3E;AAEA,UAAI,MAAM,kBAAkB;AAC1B,mBAAW,mBAAmB,MAAM,kBAAkB;AACpD,gBAAM,WAAW,MAAM,KAAK;AAAA,YAC1B,KAAK,YAAY,gBAAgB,iBAAiB;AAAA,UACpD;AACA,gBAAM,aAAa;AAAA,YACjB,EAAE,GAAG,iBAAiB,UAAU,QAAQ,SAAS;AAAA,YACjD;AAAA,UACF;AACA,gBAAM,KAAK,UAAU,KAAK,YAAY,WAAW,iBAAiB,GAAG,UAAU;AAC/E,gBAAM,KAAK,OAAO;AAAA,YAChB,KAAK,mBAAmB,QAAQ,QAAQ;AAAA,YACxC,KAAK,MAAM,WAAW,WAAW;AAAA,YACjC,WAAW;AAAA,UACb;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,eAAe,MAAM,WAAW,UAAU;AAAA,QAC1C,sBAAsB,MAAM,kBAAkB,UAAU;AAAA,QACxD,aAAa,MAAM,UAAU,UAAU;AAAA,MACzC;AAAA,IACF,SAAS,OAAO;AACd,YAAM,aAAa,OAAO;AAAA,QACxB,KAAK,KAAK,iBAAiB,QAAQ,QAAQ;AAAA,QAC3C,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,cAA6C;AACjD,UAAM,YAAY,MAAM,KAAK,OAAO,SAAS,KAAK,eAAe,CAAC;AAClE,UAAM,WAAW,MAAM,QAAQ;AAAA,MAC7B,UAAU;AAAA,QAAI,CAAC,aACb,KAAK,SAA6B,KAAK,iBAAiB,QAAQ,CAAC;AAAA,MACnE;AAAA,IACF;AAEA,WAAO,SAAS,OAAO,CAAC,YAA2C,QAAQ,OAAO,CAAC;AAAA,EACrF;AAAA,EAEA,MAAM,iBAAiB,UAAsD;AAC3E,WAAO,MAAM,KAAK,SAA6B,KAAK,iBAAiB,QAAQ,CAAC;AAAA,EAChF;AAAA,EAEA,MAAM,kBAAkB,UAAgD;AACtE,WAAQ,MAAM,KAAK,SAA8B,KAAK,kBAAkB,QAAQ,CAAC,KAAM,CAAC;AAAA,EAC1F;AAAA,EAEA,MAAM,mBAAmB,UAAkD;AACzE,WAAQ,MAAM,KAAK,SAAgC,KAAK,mBAAmB,QAAQ,CAAC,KAAM,CAAC;AAAA,EAC7F;AAAA,EAEA,MAAM,mBAAmB,mBAAuE;AAC9F,WAAO,MAAM,KAAK,SAAqC,KAAK,YAAY,iBAAiB,CAAC;AAAA,EAC5F;AAAA,EAEA,MAAM,qBACJ,UAAkC,CAAC,GACI;AACvC,UAAM,QAAQ,WAAW,QAAQ,OAAO,KAAK,GAAG;AAChD,UAAM,YAAY,QAAQ,WACtB,CAAC,QAAQ,QAAQ,IACjB,MAAM,KAAK,OAAO,SAAS,KAAK,eAAe,CAAC;AACpD,UAAM,qBAAqB,MAAM,QAAQ;AAAA,MACvC,UAAU;AAAA,QAAI,CAAC,aACb,KAAK,OAAO,OAAO,KAAK,mBAAmB,QAAQ,GAAG,GAAG,QAAQ,GAAG,KAAK;AAAA,MAC3E;AAAA,IACF;AACA,UAAM,aAAa,OAAO,mBAAmB,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;AACvE,UAAM,WAAW,MAAM,QAAQ;AAAA,MAC7B,WAAW;AAAA,QAAI,CAAC,cACd,KAAK,SAAqC,KAAK,YAAY,SAAS,CAAC;AAAA,MACvE;AAAA,IACF;AAEA,WAAO,SACJ,OAAO,CAAC,YAAmD,QAAQ,OAAO,CAAC,EAC3E,OAAO,CAAC,YAAa,QAAQ,WAAW,QAAQ,aAAa,QAAQ,WAAW,IAAK,EACrF,OAAO,CAAC,YAAa,QAAQ,SAAS,QAAQ,WAAW,QAAQ,SAAS,IAAK,EAC/E,OAAO,CAAC,YAAY,sBAAsB,QAAQ,aAAa,QAAQ,WAAW,CAAC,EACnF,OAAO,CAAC,YAAY,sBAAsB,QAAQ,cAAc,QAAQ,YAAY,CAAC,EACrF,KAAK,CAAC,MAAM,UAAU,KAAK,MAAM,MAAM,WAAW,IAAI,KAAK,MAAM,KAAK,WAAW,CAAC,EAClF,MAAM,GAAG,KAAK;AAAA,EACnB;AAAA,EAEA,MAAM,sBACJ,OACqC;AACrC,QAAI,MAAM,SAAS,4BAA4B;AAC7C,UAAI,CAAC,MAAM,yBAAyB;AAClC,cAAM,IAAI,WAAW;AAAA,UACnB,MAAM,gBAAgB;AAAA,UACtB,SAAS;AAAA,UACT,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAEA,YAAM,cAAc,KAAK,YAAY,MAAM,uBAAuB;AAClE,YAAM,WAAW,MAAM,KAAK,SAAqC,WAAW;AAC5E,UAAI,CAAC,UAAU;AACb,cAAM,IAAI,WAAW;AAAA,UACnB,MAAM,gBAAgB;AAAA,UACtB,KAAK;AAAA,UACL,SAAS,qBAAqB,MAAM,uBAAuB;AAAA,UAC3D,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,aAAa,MAAM,UAAU;AACxC,cAAM,IAAI,WAAW;AAAA,UACnB,MAAM,gBAAgB;AAAA,UACtB,KAAK;AAAA,UACL,SAAS,aAAa,MAAM,uBAAuB,wBAAwB,SAAS,QAAQ,WAAW,MAAM,QAAQ;AAAA,UACrH,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,WAAW;AACjC,cAAM,IAAI,WAAW;AAAA,UACnB,MAAM,gBAAgB;AAAA,UACtB,KAAK;AAAA,UACL,SAAS,aAAa,MAAM,uBAAuB,SAAS,SAAS,MAAM;AAAA,UAC3E,WAAW;AAAA,QACb,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,YAAY,WAAW;AAC9C,UAAM,MAAM,eAAe;AAC3B,UAAM,SAAqC;AAAA,MACzC,WAAW;AAAA,MACX,UAAU,MAAM;AAAA,MAChB,UAAU,MAAM;AAAA,MAChB,SAAS,MAAM;AAAA,MACf,QAAQ;AAAA,MACR,yBAAyB,MAAM;AAAA,MAC/B,MAAM,MAAM;AAAA,MACZ;AAAA,MACA,WAAW;AAAA,IACb;AAEA,UAAM,oBACJ,MAAM,SAAS,8BAA8B,MAAM,0BAC/C,KAAK,wBAAwB,MAAM,uBAAuB,IAC1D;AACN,UAAM,YAAY,KAAK,UAAU,QAAQ;AACzC,QAAI,yBAAyB;AAE7B,UAAM,KAAK,UAAU,WAAW,MAAM;AAEtC,QAAI;AACF,UAAI,mBAAmB;AACrB,cAAM,WAAW,MAAM,KAAK,OAAO,IAAI,mBAAmB,UAAU,IAAI;AACxE,YAAI,aAAa,MAAM;AACrB,gBAAM,mBAAmB,MAAM,KAAK,OAAO,IAAI,iBAAiB;AAChE,gBAAM,iBAAiB,mBACnB,MAAM,KAAK,SAAqC,KAAK,UAAU,gBAAgB,CAAC,IAChF;AAEJ,cAAI,6BAA6B,gBAAgB,MAAM,uBAAwB,GAAG;AAChF,kBAAM,IAAI,WAAW;AAAA,cACnB,MAAM,gBAAgB;AAAA,cACtB,KAAK;AAAA,cACL,SAAS,aAAa,MAAM,uBAAuB;AAAA,cACnD,WAAW;AAAA,YACb,CAAC;AAAA,UACH;AAEA,gBAAM,KAAK,OAAO,IAAI,iBAAiB;AACvC,gBAAM,qBAAqB,MAAM,KAAK,OAAO,IAAI,mBAAmB,UAAU,IAAI;AAClF,cAAI,uBAAuB,MAAM;AAC/B,kBAAM,IAAI,WAAW;AAAA,cACnB,MAAM,gBAAgB;AAAA,cACtB,KAAK;AAAA,cACL,SAAS,aAAa,MAAM,uBAAuB;AAAA,cACnD,WAAW;AAAA,YACb,CAAC;AAAA,UACH;AAAA,QACF;AAEA,iCAAyB;AAAA,MAC3B;AAEA,YAAM,KAAK,OAAO,KAAK,KAAK,iBAAiB,MAAM,QAAQ,GAAG,KAAK,IAAI,GAAG,QAAQ;AAAA,IACpF,SAAS,OAAO;AACd,YAAM,KAAK,OAAO,IAAI,SAAS;AAC/B,UAAI,qBAAqB,wBAAwB;AAC/C,cAAM,KAAK,OAAO,IAAI,iBAAiB;AAAA,MACzC;AACA,YAAM;AAAA,IACR;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,wBAAwB,UAAkB,mBAA6C;AAC3F,UAAM,kBAAkB,MAAM,KAAK,OAAO,IAAI,KAAK,wBAAwB,iBAAiB,CAAC;AAC7F,QAAI,iBAAiB;AACnB,YAAM,gBAAgB,MAAM,KAAK;AAAA,QAC/B,KAAK,UAAU,eAAe;AAAA,MAChC;AACA,UAAI,6BAA6B,eAAe,iBAAiB,GAAG;AAClE,eAAO;AAAA,MACT;AAEA,YAAM,KAAK,OAAO,IAAI,KAAK,wBAAwB,iBAAiB,CAAC;AAAA,IACvE;AAEA,UAAM,YAAY,MAAM,KAAK,OAAO,OAAO,KAAK,iBAAiB,QAAQ,GAAG,GAAG,IAAI,KAAK;AAExF,eAAW,YAAY,WAAW;AAChC,YAAM,SAAS,MAAM,KAAK,SAAqC,KAAK,UAAU,QAAQ,CAAC;AACvF,UAAI,6BAA6B,QAAQ,iBAAiB,GAAG;AAC3D,cAAM,KAAK,OAAO,IAAI,KAAK,wBAAwB,iBAAiB,GAAG,UAAU,IAAI;AACrF,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,0BACJ,mBACA,gBACkB;AAClB,QAAI;AACF,YAAM,SAAS,MAAM,KAAK,OAAO;AAAA,QAC/B,KAAK,8BAA8B,mBAAmB,cAAc;AAAA,QACpE,eAAe;AAAA,QACf;AAAA,MACF;AACA,aAAO,WAAW;AAAA,IACpB,SAAS,OAAO;AACd,YAAM,aAAa,OAAO;AAAA,QACxB,KAAK,KAAK,8BAA8B,mBAAmB,cAAc;AAAA,QACzE,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,qCACJ,mBACA,gBACe;AACf,QAAI;AACF,YAAM,KAAK,OAAO,IAAI,KAAK,8BAA8B,mBAAmB,cAAc,CAAC;AAAA,IAC7F,SAAS,OAAO;AACd,YAAM,aAAa,OAAO;AAAA,QACxB,KAAK,KAAK,8BAA8B,mBAAmB,cAAc;AAAA,QACzE,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,gCAAgC,mBAA0C;AAC9E,QAAI;AACF,YAAM,KAAK,OAAO,IAAI,KAAK,8BAA8B,iBAAiB,CAAC;AAAA,IAC7E,SAAS,OAAO;AACd,YAAM,aAAa,OAAO;AAAA,QACxB,KAAK,KAAK,8BAA8B,iBAAiB;AAAA,QACzD,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAAA,EACF;AAAA,EAEA,MAAM,gCACJ,mBACgD;AAChD,UAAM,MAAM,KAAK,8BAA8B,iBAAiB;AAChE,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,QAAQ,IAAI,QAAQ;AAC1B,UAAM,WAAW,MAAM,KAAK,SAA0C,GAAG;AAEzE,QAAI,UAAU,gBAAgB,KAAK,MAAM,SAAS,YAAY,IAAI,OAAO;AACvE,aAAO;AAAA,QACL,UAAU,SAAS;AAAA,QACnB,SAAS;AAAA,QACT,cAAc,SAAS;AAAA,MACzB;AAAA,IACF;AAEA,UAAM,kBAAkB,UAAU,gBAC9B,KAAK,MAAM,SAAS,aAAa,IACjC,OAAO;AACX,UAAM,eACJ,OAAO,SAAS,eAAe,KAC/B,QAAQ,mBAAmB;AAC7B,UAAM,WAAW,gBAAgB,WAAW,SAAS,WAAW,IAAI;AACpE,UAAM,gBAAgB,gBAAgB,WAAW,SAAS,gBAAgB,IAAI,YAAY;AAC1F,UAAM,eACJ,YAAY,gCACR,IAAI,KAAK,QAAQ,+BAA+B,EAAE,YAAY,IAC9D;AAEN,UAAM,KAAK,UAAU,KAAK;AAAA,MACxB;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,IAAI,YAAY;AAAA,IAChC,CAA2C;AAE3C,WAAO;AAAA,MACL;AAAA,MACA,SAAS,iBAAiB;AAAA,MAC1B,cAAc,gBAAgB;AAAA,IAChC;AAAA,EACF;AAAA,EAEA,MAAM,yBAAyB,mBAAgE;AAC7F,UAAM,MAAM,KAAK,YAAY,iBAAiB;AAC9C,UAAM,WAAW,MAAM,KAAK,SAAqC,GAAG;AAEpE,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,WAAW;AAAA,QACnB,MAAM,gBAAgB;AAAA,QACtB;AAAA,QACA,SAAS,qBAAqB,iBAAiB;AAAA,QAC/C,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,QAAI,SAAS,WAAW,WAAW;AACjC,YAAM,IAAI,WAAW;AAAA,QACnB,MAAM,gBAAgB;AAAA,QACtB;AAAA,QACA,SAAS,aAAa,iBAAiB,SAAS,SAAS,MAAM;AAAA,QAC/D,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,UAAM,kBAAkB,8BAA8B;AACtD,UAAM,aAAyC;AAAA,MAC7C,GAAG;AAAA,MACH,UAAU;AAAA,QACR,GAAI,SAAS,YAAY,CAAC;AAAA,QAC1B,wBAAwB,uBAAuB,eAAe;AAAA,QAC9D,yBAAyB;AAAA,MAC3B;AAAA,MACA,WAAW,eAAe;AAAA,IAC5B;AAEA,UAAM,KAAK,UAAU,KAAK,UAAU;AACpC,UAAM,KAAK,gCAAgC,iBAAiB;AAE5D,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,sBACJ,OACuC;AACvC,UAAM,QAAQ,WAAW,MAAM,OAAO,IAAI,GAAG;AAC7C,UAAM,eAAe,WAAW,MAAM,cAAc,IAAI,GAAG;AAC3D,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,QAAQ,IAAI,QAAQ;AAC1B,UAAM,aAAa,IAAI,KAAK,QAAQ,eAAe,GAAI,EAAE,YAAY;AACrE,UAAM,YAAY,MAAM,KAAK,OAAO;AAAA,MAClC,KAAK,iBAAiB,MAAM,QAAQ;AAAA,MACpC;AAAA,MACA,QAAQ;AAAA,MACR;AAAA,IACF;AACA,UAAM,UAAwC,CAAC;AAE/C,eAAW,YAAY,WAAW;AAChC,UAAI,QAAQ,UAAU,OAAO;AAC3B;AAAA,MACF;AAEA,YAAM,eAAe,KAAK,mBAAmB,QAAQ;AACrD,UAAI,gBAAgB;AAEpB,UAAI;AACF,cAAM,WAAW,MAAM,KAAK,OAAO,IAAI,cAAc,YAAY,IAAI;AACrE,YAAI,aAAa,MAAM;AACrB,gBAAM,yBAAyB,MAAM,KAAK,OAAO,IAAI,YAAY;AACjE,cACE,0BACA,OAAO,SAAS,KAAK,MAAM,sBAAsB,CAAC,KAClD,KAAK,MAAM,sBAAsB,IAAI,OACrC;AACA;AAAA,UACF;AAEA,gBAAM,KAAK,OAAO,IAAI,YAAY;AAClC,gBAAM,qBAAqB,MAAM,KAAK,OAAO,IAAI,cAAc,YAAY,IAAI;AAC/E,cAAI,uBAAuB,MAAM;AAC/B;AAAA,UACF;AAAA,QACF;AAEA,wBAAgB;AAEhB,cAAM,SAAS,MAAM,KAAK,SAAqC,KAAK,UAAU,QAAQ,CAAC;AACvF,YAAI,CAAC,QAAQ;AACX;AAAA,QACF;AAEA,YACE,OAAO,WAAW,aAClB,OAAO,WAAW,YAClB,OAAO,WAAW,YAClB;AACA;AAAA,QACF;AAEA,YACE,OAAO,WAAW,cAClB,OAAO,cACP,KAAK,MAAM,OAAO,UAAU,IAAI,OAChC;AACA;AAAA,QACF;AAEA,cAAM,aAAyC;AAAA,UAC7C,GAAG;AAAA,UACH,YAAY,WAAW;AAAA,UACvB;AAAA,UACA,iBAAiB,IAAI,YAAY;AAAA,UACjC,QAAQ;AAAA,UACR,WAAW,IAAI,YAAY;AAAA,QAC7B;AACA,cAAM,KAAK,UAAU,KAAK,UAAU,QAAQ,GAAG,UAAU;AACzD,gBAAQ,KAAK,UAAU;AAAA,MACzB,UAAE;AACA,YAAI,eAAe;AACjB,gBAAM,KAAK,OAAO,IAAI,YAAY;AAAA,QACpC;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,qBACJ,OACqC;AACrC,UAAM,MAAM,KAAK,UAAU,MAAM,QAAQ;AACzC,UAAM,SAAS,MAAM,KAAK,SAAqC,GAAG;AAElE,QAAI,CAAC,UAAU,OAAO,aAAa,MAAM,UAAU;AACjD,YAAM,IAAI,WAAW;AAAA,QACnB,MAAM,gBAAgB;AAAA,QACtB;AAAA,QACA,SAAS,mBAAmB,MAAM,QAAQ,iBAAiB,MAAM,QAAQ;AAAA,QACzE,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,QAAI,CAAC,OAAO,cAAc,OAAO,eAAe,MAAM,YAAY;AAChE,YAAM,IAAI,WAAW;AAAA,QACnB,MAAM,gBAAgB;AAAA,QACtB;AAAA,QACA,SAAS,oCAAoC,MAAM,QAAQ;AAAA,QAC3D,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,UAAM,WAAsC;AAAA,MAC1C,UAAU,MAAM;AAAA,MAChB,SAAS,MAAM;AAAA,MACf,YAAY,eAAe;AAAA,MAC3B,SAAS,MAAM;AAAA,MACf,QAAQ,MAAM;AAAA,MACd,UAAU,MAAM;AAAA,IAClB;AACA,UAAM,aAAyC;AAAA,MAC7C,GAAG;AAAA,MACH,YAAY;AAAA,MACZ,YAAY;AAAA,MACZ;AAAA,MACA,QAAQ,MAAM;AAAA,MACd,WAAW,eAAe;AAAA,IAC5B;AAEA,UAAM,KAAK,UAAU,KAAK,UAAU;AACpC,QAAI,OAAO,2BAA2B,OAAO,SAAS,4BAA4B;AAChF,YAAM,oBAAoB,KAAK,wBAAwB,OAAO,uBAAuB;AACrF,YAAM,kBAAkB,MAAM,KAAK,OAAO,IAAI,iBAAiB;AAC/D,UAAI,oBAAoB,MAAM,UAAU;AACtC,cAAM,KAAK,OAAO,IAAI,iBAAiB;AAAA,MACzC;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,UAA8D;AACrF,WAAO,MAAM,KAAK,SAAqC,KAAK,UAAU,QAAQ,CAAC;AAAA,EACjF;AAAA,EAEA,MAAM,sBAAsB,UAAkB,UAAiC;AAC7E,UAAM,MAAM,KAAK,UAAU,QAAQ;AACnC,UAAM,SAAS,MAAM,KAAK,SAAqC,GAAG;AAClE,QAAI,CAAC,UAAU,OAAO,aAAa,UAAU;AAC3C,YAAM,IAAI,WAAW;AAAA,QACnB,MAAM,gBAAgB;AAAA,QACtB;AAAA,QACA,SAAS,mBAAmB,QAAQ,iBAAiB,QAAQ;AAAA,QAC7D,WAAW;AAAA,MACb,CAAC;AAAA,IACH;AAEA,UAAM,KAAK,OAAO,KAAK,KAAK,iBAAiB,QAAQ,GAAG,QAAQ;AAChE,UAAM,KAAK,OAAO,IAAI,GAAG;AACzB,QAAI,OAAO,2BAA2B,OAAO,SAAS,4BAA4B;AAChF,YAAM,oBAAoB,KAAK,wBAAwB,OAAO,uBAAuB;AACrF,YAAM,kBAAkB,MAAM,KAAK,OAAO,IAAI,iBAAiB;AAC/D,UAAI,oBAAoB,UAAU;AAChC,cAAM,KAAK,OAAO,IAAI,iBAAiB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AAAA,EAEiB,iBAAiB,MAAc,GAAG,KAAK,SAAS;AAAA,EAChD,mBAAmB,CAAC,aACnC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,oBAAoB,CAAC,aACpC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,qBAAqB,CAAC,aACrC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,qBAAqB,CAAC,aACrC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,mBAAmB,CAAC,aACnC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,cAAc,CAAC,sBAC9B,GAAG,KAAK,SAAS,aAAa,iBAAiB;AAAA,EAChC,gCAAgC,CAC/C,mBACA,mBAEA,GAAG,KAAK,SAAS,aAAa,iBAAiB,eAAe,cAAc;AAAA,EAC7D,gCAAgC,CAAC,sBAChD,GAAG,KAAK,SAAS,aAAa,iBAAiB;AAAA,EAChC,0BAA0B,CAAC,sBAC1C,GAAG,KAAK,SAAS,aAAa,iBAAiB;AAAA,EAChC,qBAAqB,CAAC,aACrC,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EACrB,YAAY,CAAC,aAA6B,GAAG,KAAK,SAAS,WAAW,QAAQ;AAAA,EAE/F,MAAc,SAAY,KAAgC;AACxD,QAAI;AACF,YAAM,UAAU,MAAM,KAAK,OAAO,IAAI,GAAG;AACzC,UAAI,YAAY,MAAM;AACpB,eAAO;AAAA,MACT;AAEA,aAAO,KAAK,MAAM,OAAO;AAAA,IAC3B,SAAS,OAAO;AACd,YAAM,aAAa,OAAO,EAAE,KAAK,WAAW,WAAW,CAAC;AAAA,IAC1D;AAAA,EACF;AAAA,EAEA,MAAc,UAAU,KAAa,OAA+B;AAClE,QAAI;AACF,YAAM,KAAK,OAAO,IAAI,KAAK,KAAK,UAAU,KAAK,CAAC;AAAA,IAClD,SAAS,OAAO;AACd,YAAM,aAAa,OAAO,EAAE,KAAK,WAAW,YAAY,CAAC;AAAA,IAC3D;AAAA,EACF;AACF;AAEO,IAAM,0BAA0B,CAAC,UAAkD,CAAC,MAAM;AAC/F,SAAO,IAAI,kBAAkB,OAAO;AACtC;","names":[]}