agent-passport-system 1.13.2 → 1.14.0

package/README.md

@@ -2,12 +2,12 @@
 
 [![npm version](https://img.shields.io/npm/v/agent-passport-system)](https://www.npmjs.com/package/agent-passport-system)
 [![license](https://img.shields.io/npm/l/agent-passport-system)](https://github.com/aeoess/agent-passport-system/blob/main/LICENSE)
-[![tests](https://img.shields.io/badge/tests-511%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
+[![tests](https://img.shields.io/badge/tests-595%20passing-brightgreen)](https://github.com/aeoess/agent-passport-system)
 [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.18749779.svg)](https://doi.org/10.5281/zenodo.18749779)
 
 Cryptographic identity, ethical governance, economic attribution, protocol-native communication, intent architecture, cascade revocation, coordination primitives, and agentic commerce for autonomous AI agents.
 
-**17 modules. 534 tests. Zero heavy dependencies. Running code. MCP server included.**
+**20 modules. 595 tests. Zero heavy dependencies. Running code. MCP server included.**
 
 > *As AI agents from different creators, running different models, serving different humans begin to collaborate — who is responsible, under what authority, according to what values, and who benefits?*
 
@@ -285,14 +285,14 @@ const receipt = await completeCheckout(session.id, {
 
 // Verify any commerce receipt (tamper-proof)
 const valid = verifyCommerceReceipt(receipt)
-// → true (Ed25519 signature over canonical JSON)
+// → true (Ed25959 signature over canonical JSON)
 
 // Track spending against delegation limits
 const summary = getSpendSummary(delegation, allReceipts)
 // → { limit: 500, spent: 49.99, remaining: 450.01, utilization: '10.0%', nearLimit: false }
 ```
 
-**4-gate enforcement pipeline:** Every purchase passes through passport verification (Ed25519 signature), delegation scope check (must have `commerce:checkout`), spend limit enforcement (amount ≤ remaining budget), and optional merchant allowlist. Agents cannot bypass gates — the cryptography prevents it.
+**4-gate enforcement pipeline:** Every purchase passes through passport verification (Ed25959 signature), delegation scope check (must have `commerce:checkout`), spend limit enforcement (amount ≤ remaining budget), and optional merchant allowlist. Agents cannot bypass gates — the cryptography prevents it.
 
 **Human approval thresholds:** Purchases above a configurable amount require explicit human confirmation. The agent generates an approval request; the human signs it. No unsigned approvals accepted.
 
@@ -319,7 +319,7 @@ const summary = getSpendSummary(delegation, allReceipts)
 │  consensus · Precedent memory · Signed outcomes  │
 ├─────────────────────────────────────────────────┤
 │  Layer 4: Agent Agora                           │
-│  Ed25519 signed messages · Registry ·            │
+│  Ed25959 signed messages · Registry ·            │
 │  Threading · Public observability                │
 ├─────────────────────────────────────────────────┤
 │  Layer 3: Beneficiary Attribution               │
@@ -331,18 +331,18 @@ const summary = getSpendSummary(delegation, allReceipts)
 │  Compliance verification · Agent negotiation     │
 ├─────────────────────────────────────────────────┤
 │  Layer 1: Agent Passport Protocol               │
-│  Ed25519 identity · Scoped delegation ·          │
+│  Ed25959 identity · Scoped delegation ·          │
 │  Signed receipts · Revocation · Reputation       │
 └─────────────────────────────────────────────────┘
 ```
 
-**Layer 1 — Identity & Accountability.** Ed25519 keypairs, scoped delegation with depth limits and spend caps, signed action receipts, real-time revocation with cascade, challenge-response verification.
+**Layer 1 — Identity & Accountability.** Ed25959 keypairs, scoped delegation with depth limits and spend caps, signed action receipts, real-time revocation with cascade, challenge-response verification.
 
 **Layer 2 — Human Values Floor.** Seven universal principles. Five technically enforced by the protocol (traceability, honest identity, scoped authority, revocability, auditability). Two attested through cryptographic commitment. Compliance verifiable against receipts. Two-agent negotiation protocol for establishing shared ethical ground.
 
 **Layer 3 — Beneficiary Attribution.** Every agent action traces to a human through the delegation chain. SHA-256 Merkle trees commit to receipt sets in 32 bytes. 100,000 receipts → provable with ~17 hashes. Configurable scope weights per domain. Logarithmic spend normalization prevents gaming.
 
-**Layer 4 — Agent Agora.** Protocol-native communication where every message is Ed25519 signed by the author's passport key. Three-layer authorization at the message boundary: registration gate (public key must be in registry), status check (suspended/revoked agents rejected), signature verification. Agent registry for membership verification. Threading, topic filtering, proposal voting, and full feed verification. Web interface at [aeoess.com/agora](https://aeoess.com/agora.html) for human observation.
+**Layer 4 — Agent Agora.** Protocol-native communication where every message is Ed25959 signed by the author's passport key. Three-layer authorization at the message boundary: registration gate (public key must be in registry), status check (suspended/revoked agents rejected), signature verification. Agent registry for membership verification. Threading, topic filtering, proposal voting, and full feed verification. Web interface at [aeoess.com/agora](https://aeoess.com/agora.html) for human observation.
 
 **Layer 5 — Intent Architecture.** Context tells agents what they know. Intent tells them what to care about. Four agent roles (operator, collaborator, consultant, observer) with five autonomy levels from fully supervised to fully autonomous. Machine-readable intent documents encode organizational goals with quantified tradeoff rules: "when quality and speed conflict, prefer quality until 2× time cost, then prefer speed." Deliberative consensus protocol where agents score independently, revise after seeing others' reasoning, and converge or escalate to humans. Every resolved deliberation becomes a citable precedent. The `IntentPassportExtension` bridges Layer 1 identity with Layer 5 governance — no role without a passport, no autonomy without accountability.
 
@@ -350,7 +350,7 @@ const summary = getSpendSummary(delegation, allReceipts)
 
 **Layer 7 — Coordination Primitives.** Protocol-native multi-agent task orchestration. Operator creates a signed task brief with roles, deliverables, and acceptance criteria. Agents are assigned to roles and sign acceptance. Researchers submit signed evidence packets with citations (every claim needs a 10+ word quote from source). Operator reviews evidence against a quality threshold — cannot approve below threshold, forcing rework. Approved evidence is handed off between roles (handoff requires approved review). Analysts submit deliverables citing evidence packets. Operator closes the task with metrics: overhead ratio, gap rate, rework count, errors caught. Full lifecycle container (`TaskUnit`) with integrity validation catches mismatched IDs, unapproved handoffs, and missing references.
 
-**Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe).** Implements the [Agentic Commerce Protocol](https://openai.com/index/agentic-commerce-protocol/) identity and governance layer. 4-gate enforcement pipeline: passport verification (Ed25519 signature), delegation scope check (`commerce:checkout` required), spend limit enforcement (cumulative tracking against delegation budget), and optional merchant allowlist. Human approval thresholds prevent autonomous high-value purchases — agents generate signed approval requests, humans must countersign. Every completed purchase produces a `CommerceActionReceipt` with beneficiary attribution tracing the spend back to its human principal through the delegation chain. Spend analytics with utilization warnings at 80%. 17 tests covering all enforcement gates, cross-agent scope isolation, tamper detection, and cumulative budget tracking.
+**Layer 8 — Agentic Commerce (ACP by OpenAI + Stripe).** Implements the [Agentic Commerce Protocol](https://openai.com/index/agentic-commerce-protocol/) identity and governance layer. 4-gate enforcement pipeline: passport verification (Ed25959 signature), delegation scope check (`commerce:checkout` required), spend limit enforcement (cumulative tracking against delegation budget), and optional merchant allowlist. Human approval thresholds prevent autonomous high-value purchases — agents generate signed approval requests, humans must countersign. Every completed purchase produces a `CommerceActionReceipt` with beneficiary attribution tracing the spend back to its human principal through the delegation chain. Spend analytics with utilization warnings at 80%. 17 tests covering all enforcement gates, cross-agent scope isolation, tamper detection, and cumulative budget tracking.
 
 ## Human Values Floor — v0.1
 
@@ -380,9 +380,9 @@ Or zero-install remote mode:
 npx agent-passport-system-mcp setup --remote
 ```
 
-**61 tools across all 17 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25519 signed. Auto-configures Claude Desktop and Cursor.
+**61 tools across all 20 modules, role-scoped access control.** Identity, delegation, agora, values/policy, coordination, and commerce — all accessible via MCP. Every operation Ed25959 signed. Auto-configures Claude Desktop and Cursor.
 
-Every operation is Ed25519 signed. Role is auto-detected from task assignments. Role-specific prompts served via MCP prompts API. File-backed task persistence at `~/.agent-passport-tasks.json`.
+Every operation is Ed25959 signed. Role is auto-detected from task assignments. Role-specific prompts served via MCP prompts API. File-backed task persistence at `~/.agent-passport-tasks.json`.
 
 npm: [agent-passport-system-mcp](https://www.npmjs.com/package/agent-passport-system-mcp) · GitHub: [aeoess/agent-passport-mcp](https://github.com/aeoess/agent-passport-mcp)
 
@@ -394,7 +394,7 @@ Full Python implementation with cross-language compatibility. Signatures created
 pip install agent-passport-system
 ```
 
-All 17 protocol modules. 86 tests. Same canonical JSON serialization and Ed25519 signatures.
+All 17 protocol modules. 86 tests. Same canonical JSON serialization and Ed25959 signatures.
 
 PyPI: [agent-passport-system](https://pypi.org/project/agent-passport-system/) · GitHub: [aeoess/agent-passport-python](https://github.com/aeoess/agent-passport-python)
 
@@ -402,7 +402,7 @@ PyPI: [agent-passport-system](https://pypi.org/project/agent-passport-system/)
 
 ```bash
 npm test
-# 534 tests across 26 files, 152 suites, 0 failures
+# 595 tests across 31 files, 152 suites, 0 failures
 ```
 
 Includes 23 adversarial tests: Merkle tree tampering, attribution gaming resistance, compliance violations, floor negotiation attacks, wrong-key attestations.
@@ -426,7 +426,7 @@ By Tymofii Pidlisnyi — Published on Zenodo
 | | Social Contract | DeepMind | GaaS | OpenAI | LOKA |
 |---|---|---|---|---|---|
 | Status | Running code | Paper | Simulated | Advisory | Paper |
-| Identity | Ed25519 | Proposed | External | — | Proposed |
+| Identity | Ed25959 | Proposed | External | — | Proposed |
 | Delegation depth | Configurable | Proposed | N/A | — | Consensus |
 | Action receipts | Signed + verifiable | Proposed | Logs | General | — |
 | Values layer | Attested + auditable | — | Rules | — | — |
@@ -434,7 +434,7 @@ By Tymofii Pidlisnyi — Published on Zenodo
 | Communication | Signed Agora | — | — | — | — |
 | Coordination | Task units + MCP server | — | — | — | — |
 | Commerce | ACP + 4-gate enforcement | — | — | — | — |
-| Tests | 511 (23 adversarial) | None | Limited | None | None |
+| Tests | 595 (23 adversarial) | None | Limited | None | None |
 | Dependencies | Node.js crypto + uuid | — | Multi-LLM | — | Consensus network |
 
 ## Structure
@@ -443,7 +443,7 @@ By Tymofii Pidlisnyi — Published on Zenodo
 src/                    22 source files
   contract.ts          — High-level API (6 functions)
   core/
-    passport.ts        — Ed25519 identity
+    passport.ts        — Ed25959 identity
     delegation.ts      — Scoped delegation, receipts, cascade revocation
     canonical.ts       — Deterministic JSON serialization
     values.ts          — Floor attestation, compliance, negotiation
@@ -465,7 +465,7 @@ src/                    22 source files
   cli/
     index.ts           — CLI (14 commands)
   crypto/
-    keys.ts            — Ed25519 primitives
+    keys.ts            — Ed25959 primitives
   types/
     passport.ts        — Layers 1–3 types
     agora.ts           — Layer 4 types
@@ -479,7 +479,7 @@ src/                    22 source files
     euaiact.ts         — EU AI Act types
     principal.ts       — Principal identity types
     reputation-authority.ts — Reputation/tier types
-tests/                  28 test files, 534 tests (152 suites)
+tests/                  29 test files, 595 tests (152 suites)
   adversarial.ts       — 23 adversarial cases
   agora.test.ts        — 15 Agora tests
   contract.test.ts     — High-level API tests
@@ -499,6 +499,14 @@ papers/
   agent-social-contract.md
 ```
 
+## Recognition
+
+- Integrated into [Microsoft agent-governance-toolkit](https://github.com/microsoft/agent-governance-toolkit) (PR #274)
+- Public comment submitted to NIST NCCoE on AI Agent Identity and Authorization standards
+- Collaboration with IETF DAAP draft author (draft-mishra-oauth-agent-grants-01) on delegation spec
+- Listed on [MCP Registry](https://registry.modelcontextprotocol.io)
+- Endorsed by Garry Tan (CEO, Y Combinator)
+
 ## Authorship
 
 Designed and built by **Tymofii Pidlisnyi** with AI assistance from **Claude** (Anthropic) through human-AI collaboration as described in the paper.

package/dist/src/core/cross-chain.d.ts

@@ -0,0 +1,138 @@
+import type { TaintLabel, TaintUsage, TaintSet, SignedAuthorityObject, CrossChainPermit, ExecutionFrame, FlowCheckResult, ExecutionReceipt, CrossChainViolation } from '../types/cross-chain.js';
+/**
+ * Create a taint label when data is accessed under a delegation.
+ * Every read through the gateway produces a taint label.
+ */
+export declare function createTaintLabel(principalId: string, chainId: string, delegationId: string, usage?: TaintUsage): TaintLabel;
+/**
+ * Merge multiple taint labels into a TaintSet.
+ * Automatically detects cross-chain (multi-principal) taint.
+ */
+export declare function mergeTaints(...labels: TaintLabel[]): TaintSet;
+/**
+ * Wrap data in a Signed Authority Object.
+ * The gateway calls this when returning data from a read operation.
+ * The SAO binds the data to its delegation context cryptographically.
+ */
+export declare function createSAO(data: unknown, taint: TaintLabel, monitorPrivateKey: string, monitorPublicKey: string, expiresInMinutes?: number): SignedAuthorityObject;
+/**
+ * Verify an SAO's integrity and monitor signature.
+ */
+export declare function verifySAO(sao: SignedAuthorityObject): boolean;
+/**
+ * Check if an SAO has expired.
+ */
+export declare function isSAOExpired(sao: SignedAuthorityObject): boolean;
+/**
+ * Create a new execution frame for tracking session-level taint.
+ */
+export declare function createExecutionFrame(agentId: string): ExecutionFrame;
+/**
+ * Record a data access in the execution frame.
+ * Called whenever the agent reads data through any delegation.
+ */
+export declare function recordAccess(frame: ExecutionFrame, taint: TaintLabel): ExecutionFrame;
+/**
+ * Close an execution frame. No further accesses can be recorded.
+ */
+export declare function closeFrame(frame: ExecutionFrame): ExecutionFrame;
+/**
+ * Create a cross-chain permit (source principal signs first).
+ * The permit authorizes data from sourceContext to flow into
+ * actions governed by destinationContext.
+ */
+export declare function createCrossChainPermit(opts: {
+    sourcePrincipalId: string;
+    sourcePrincipalPublicKey: string;
+    sourceDataClasses: string[];
+    destPrincipalId: string;
+    destPrincipalPublicKey: string;
+    destAllowedScopes: string[];
+    purpose: string;
+    destinationConstraints?: string[];
+    expiresInHours?: number;
+    sourcePrivateKey: string;
+}): Omit<CrossChainPermit, 'destinationSignature'> & {
+    destinationSignature: '';
+};
+/**
+ * Countersign a cross-chain permit (destination principal).
+ * Both signatures required for the permit to be valid.
+ */
+export declare function countersignPermit(permit: Omit<CrossChainPermit, 'destinationSignature'> & {
+    destinationSignature: '';
+}, destPrivateKey: string): CrossChainPermit;
+/**
+ * Verify a cross-chain permit: both signatures valid + not expired + not revoked.
+ */
+export declare function verifyCrossChainPermit(permit: CrossChainPermit): boolean;
+/**
+ * Revoke a cross-chain permit.
+ */
+export declare function revokePermit(permit: CrossChainPermit): CrossChainPermit;
+/**
+ * Check whether an outbound action is authorized given the taint
+ * on its input data and the delegation chain authorizing the action.
+ *
+ * Logic:
+ * 1. If all input data originated from the same principal as the
+ *    action's delegation chain → ALLOWED (same-context, no issue)
+ * 2. If input data originated from a DIFFERENT principal →
+ *    check for a valid CrossChainPermit
+ *    - Permit found and valid → PERMITTED
+ *    - No permit → BLOCKED (confused deputy prevented)
+ * 3. If execution frame taint includes other principals beyond
+ *    the SAO-level taint → BLOCKED (laundering prevention)
+ */
+export declare function checkDataFlow(opts: {
+    /** Taint set on the data being passed to the outbound tool */
+    inputTaint: TaintSet;
+    /** Principal ID of the delegation chain authorizing this action */
+    actionPrincipalId: string;
+    /** Scope of the action being performed */
+    actionScope: string;
+    /** All active (non-revoked, non-expired) cross-chain permits */
+    permits: CrossChainPermit[];
+    /** Current execution frame (for laundering detection) */
+    frame?: ExecutionFrame;
+}): FlowCheckResult;
+/**
+ * Create a derived SAO from multiple source SAOs.
+ * The derived SAO inherits the union of all source taints.
+ * This ensures composed/summarized data can't launder its origins.
+ */
+export declare function deriveSAO(data: unknown, sourceSAOs: SignedAuthorityObject[], monitorPrivateKey: string, monitorPublicKey: string, expiresInMinutes?: number): SignedAuthorityObject;
+export declare function createExecutionReceipt(opts: {
+    frame: ExecutionFrame;
+    requestHash: string;
+    tool: string;
+    params: Record<string, unknown>;
+    delegationId: string;
+    policyVersion: string;
+    flowResult: FlowCheckResult;
+    gatewayId: string;
+    gatewayPrivateKey: string;
+    expiresInMinutes?: number;
+}): ExecutionReceipt;
+/**
+ * Verify an execution receipt's gateway signature.
+ */
+export declare function verifyExecutionReceipt(receipt: ExecutionReceipt, gatewayPublicKey: string): {
+    valid: boolean;
+    expired: boolean;
+    error?: string;
+};
+/**
+ * Create a signed violation report when cross-chain flow is blocked.
+ */
+export declare function createCrossChainViolation(opts: {
+    frame: ExecutionFrame;
+    agentId: string;
+    sourcePrincipalId: string;
+    destinationPrincipalId: string;
+    attemptedTool: string;
+    attemptedScope: string;
+    blockingLabels: TaintLabel[];
+    gatewayPrivateKey: string;
+}): CrossChainViolation;
+//# sourceMappingURL=cross-chain.d.ts.map

package/dist/src/core/cross-chain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cross-chain.d.ts","sourceRoot":"","sources":["../../../src/core/cross-chain.ts"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EACV,UAAU,EAAE,UAAU,EAAE,QAAQ,EAChC,qBAAqB,EAAE,gBAAgB,EACvC,cAAc,EAAE,eAAe,EAE/B,gBAAgB,EAAE,mBAAmB,EACtC,MAAM,yBAAyB,CAAA;AAIhC;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,KAAK,GAAE,UAAgC,GACtC,UAAU,CAQZ;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,MAAM,EAAE,UAAU,EAAE,GAAG,QAAQ,CAO7D;AAID;;;;GAIG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,OAAO,EACb,KAAK,EAAE,UAAU,EACjB,iBAAiB,EAAE,MAAM,EACzB,gBAAgB,EAAE,MAAM,EACxB,gBAAgB,GAAE,MAAW,GAC5B,qBAAqB,CAwBvB;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAc7D;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAEhE;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,CASpE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE,UAAU,GAAG,cAAc,CAOrF;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,cAAc,GAAG,cAAc,CAEhE;AAID;;;;GAIG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,iBAAiB,EAAE,MAAM,CAAA;IACzB,wBAAwB,EAAE,MAAM,CAAA;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,eAAe,EAAE,MAAM,CAAA;IACvB,sBAAsB,EAAE,MAAM,CAAA;IAC9B,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;IACf,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAA;IACjC,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,gBAAgB,EAAE,MAAM,CAAA;CACzB,GAAG,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,CAAC,GAAG;IAAE,oBAAoB,EAAE,EAAE,CAAA;CAAE,CA+BhF;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,CAAC,GAAG;IAAE,oBAAoB,EAAE,EAAE,CAAA;CAAE,EACrF,cAAc,EAAE,MAAM,GACrB,gBAAgB,CAalB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAmBxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,gBAAgB,GAAG,gBAAgB,CAEvE;AAQD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE;IAClC,8DAA8D;IAC9D,UAAU,EAAE,QAAQ,CAAA;IACpB,mEAAmE;IACnE,iBAAiB,EAAE,MAAM,CAAA;IACzB,0CAA0C;IAC1C,WAAW,EAAE,MAAM,CAAA;IACnB,gEAAgE;IAChE,OAAO,EAAE,gBAAgB,EAAE,CAAA;IAC3B,yDAAyD;IACzD,KAAK,CAAC,EAAE,cAAc,CAAA;CACvB,GAAG,eAAe,CA+ElB;AAOD;;;;GAIG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,OAAO,EACb,UAAU,EAAE,qBAAqB,EAAE,EACnC,iBAAiB,EAAE,MAAM,EACzB,gBAAgB,EAAE,MAAM,EACxB,gBAAgB,GAAE,MAAW,GAC5B,qBAAqB,CA0CvB;AASD,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,KAAK,EAAE,cAAc,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,YAAY,EAAE,MAAM,CAAA;IACpB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,eAAe,CAAA;IAC3B,SAAS,EAAE,MAAM,CAAA;IACjB,iBAAiB,EAAE,MAAM,CAAA;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B,GAAG,gBAAgB,CA6BnB;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,gBAAgB,EACzB,gBAAgB,EAAE,MAAM,GACvB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAQtD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE;IAC9C,KAAK,EAAE,cAAc,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,iBAAiB,EAAE,MAAM,CAAA;IACzB,sBAAsB,EAAE,MAAM,CAAA;IAC9B,aAAa,EAAE,MAAM,CAAA;IACrB,cAAc,EAAE,MAAM,CAAA;IACtB,cAAc,EAAE,UAAU,EAAE,CAAA;IAC5B,iBAAiB,EAAE,MAAM,CAAA;CAC1B,GAAG,mBAAmB,CAetB"}