asgard-tide 0.12.43 → 0.12.45

package/README.md

@@ -1,2 +1,103 @@
-# asgard
-Vendor server-side libraries to validate and test Tide Security
+# Asgard
+Vendor server-side libraries to validate and test Tide Security. 
+
+## Quick overview of Tide specific terminologies
+### Tide Request
+The data object used to communicate with the Tide Network. All information regarding the context of what you want to execute is provided inside this object.
+Fields of is object include request name, id, authorization flow requested, authorized data, informational data etc.
+### Policies and Contracts
+Together, policies and contracts create a rule system designed by you, enforced by the Tide Network. 
+Think of a contract as the function used to validate a request, and a policy as the parameters to that function.
+
+Pseudocode example of policies + contracts:
+```js
+// You create the policy
+your_policy = {
+    max_btc_to_send: 5,
+    time_of_day_allowed: "between 10am and 4pm"
+}
+
+// You upload your own contract, or use one provided by the Network
+function your_contract_validate_func(policy){
+    check current time is in policy.time_of_day_allowed
+    check tx to sign is sending less than policy.max_btc_to_send
+    return success
+}
+
+// The network enforces your policy
+if your_contract_validate_func(your_policy) is success {
+    execute request
+}
+```
+
+## Policies
+A policy is a data object that contains a set of parameters which validate a specific tide request against a contract.
+
+### Policy Structure
+A policy consists of a couple fields:
+- `contractId` : The contract id that your policy is meant to execute against.
+- `modelId` : The model id (request type) your policy/contract will validate the contents of. Could be Cardano Transaction, code signing, token signature etc.
+- `keyId` : Your vendor id
+- `approvalType`: Either set to `explicit` or `implicit`. Set to `explicit` if you require the user(s) to manually approve the use of the policy with a request, or set to `implicit` if you don't require the user to manually approve its use, thus allowing its use without the user of the policy knowing.
+- `executionType`: Either set to `public` or `private`. Set ot `public` if you'd like anyone to be able to execute and retrieve the contents of the request. Or set to `private` if specific conditions for the user executing the request must be met (**logic set in contract**).
+- `params` : A key/value map of the specific values your contract requires to validate the contents of the request. This is what gets enforced by your contract onto the request.
+- `signature` : The signature of the policy from your vendor key. This is required to use a policy on the Tide Network.
+
+Creating a policy:
+```js
+const policyParameters = new Map();
+policyParameters.set("myNumberParam", 1);
+policyParameters.set("myStringParam", "test");
+policyParameters.set("myBigIntParam", BigInt(2));
+policyParameters.set("myBooleanParam", true);
+policyParameters.set("myByteArrayParam", new Uint8Array([0, 2, 1, 3]));
+
+const policy = new Policy({
+    modelId: "<model id to use with this policy>",
+    contractId: "<contract id to use with this policy>",
+    keyId: "<your vendor id>",
+    approvalType: "explicit",
+    executionType: "public",
+    params: policyParameters
+});
+```
+
+### Creating a policy for your organization
+Any policy you create will create a linkage between either a single Tide Request and a single Contract - or any Tide Request and a single Contract. 
+
+The relationship betweent the contract, policy and tide request is as follows:
+1. Contract contains the logic to check policy parameters against a tide request. Contract logic sits on the network's nodes.
+2. The policy contains the actual values the contract will check the tide request against. Policies sit on specific applications using the policy (such as a crypto wallet).
+3. The tide request contains the policy as part of its payload when sent to the network. Aside from that it is simply a data model.
+
+To create a policy, you'll have to create the Policy object then execute a PolicySignRequest to authorize its use. 
+
+Here's the syntax for it:
+```js
+const policySignRequest = PolicySignRequest.New(policy); // PolicySignRequest will return a single signature of the Policy you added to the PolicySignRequest
+const policySignature = // see 7. Executing Tide Requests on tidecloak-js on how to execute a tide request
+policy.signature = policySignature;
+const policyDataToStore = policy.encode(); // You can now store this signed policy for your client application to use when authorizing tide requests you specified in policy.modelId
+```
+
+## Contracts
+### Contract Structure
+All contracts that execute on the Tide Network require the implementation of 3 functions.
+
+1. `validate_request` - Always required for checking policy details against the request's contents.
+2. `validate_approvers` - Required if you intend to use policies with `approvalType` set to **explicit**. This is where the logic that determines if the users that approved this request has the specific roles/conditions to do so.
+3. `validate_executor` - Required if you intend to use policies with `executionType` set to **private**. This is where the logic that determines if the user that executed this request had the correct roles/condition to do so.
+
+Constructing a contract on Tide for now is extraodinarily complex and you probably won't be doing it. TODO
+
+## Other specific niches to know about
+### Custom Requests
+Looking to sign your own kind of custom data with Tide? Look no further. This is where I intend to butcher the explanation of it.
+
+There are 3 types of `CustomRequest` on Tide - each intended to best fit your specific type of request.
+
+1. `BasicCustomRequest` - A basic request. You have all the data your require to be validated at the time of request creation.
+2. `DyanmicPayloadCustomRequest` - A request with the data to be signed in the dynamic part of the request (which can be changed from the time the request was created). 
+3. `DynamicPayloadApprovedCustomRequest` - A request with the data to be signed in the dynamic part of the request that also requires `explicit` approval from the users. This requires the use of a Human Readable object in the authorized payload to ensure the details shown to an approver at approval time can be verified against the signing data added to the request dynamically later.
+
+### Basic Contract Test Validation

package/dist/{contracts → cjs/contracts}/BaseContract.d.ts

@@ -8,25 +8,37 @@ interface PolicyRunResult {
 export declare abstract class BaseContract {
     abstract id: string;
     private tideRequest;
-    protected dokens: Doken[];
+    private dokens;
     protected authorizedRequestPayload: TideMemory;
     protected informationalRequestPayload: TideMemory;
     /**
      * Inheritors must implement this
      * @param policy Policy object
      */
-    protected abstract test(policy: Policy): Promise<void>;
+    protected abstract validateData(policy: Policy): Promise<void>;
+    /**
+     * Inheritors must implement this if the policy has set it's approvalType to EXPLICIT
+     * @param policy Policy object
+     * @param approverDokens Approver Dokens
+     */
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
+    /**
+     * Inheritors must implement this if the policy has set it's executionType to PRIVATE
+     * @param policy Policy object
+     * @param executorDoken Executor Doken
+     */
+    protected validateExecutor(policy: Policy, executorDoken: Doken): Promise<void>;
     /**
      * To help with clients testing if their Tide Request will pass their contract's specified contract
      * @param policy Serialized policy from Tide
      * @returns
      */
-    testPolicy(policy: Uint8Array | Policy): Promise<PolicyRunResult>;
+    testPolicy(policy: Uint8Array | Policy, executorDoken?: string | undefined): Promise<PolicyRunResult>;
     constructor(tideRequest: Uint8Array | BaseTideRequest);
 }
 export declare class Doken {
     private payload;
-    constructor(d: Uint8Array);
+    constructor(d: Uint8Array | string);
     hasResourceAccessRole(role: string, client: string): boolean;
     hasRealmAccessRole(role: string): boolean;
     hasVuid(vuid: string): boolean;

package/dist/cjs/contracts/BaseContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/BaseContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAA+B,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,eAAe,MAAM,uBAAuB,CAAC;AAEpD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,UAAU,eAAe;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,OAAO,CAAA;CACnB;AAED,8BAAsB,YAAY;IAC9B,SAAgB,EAAE,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,WAAW,CAAkB;IACrC,OAAO,CAAC,MAAM,CAAe;IAC7B,SAAS,CAAC,wBAAwB,EAAE,UAAU,CAAC;IAC/C,SAAS,CAAC,2BAA2B,EAAE,UAAU,CAAC;IAElD;;;OAGG;IACH,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAE9D;;;;OAIG;IACH,SAAS,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAInF;;;;OAIG;IACH,SAAS,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/E;;;;OAIG;IACG,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,aAAa,GAAG,MAAM,GAAG,SAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;gBAsBtG,WAAW,EAAE,UAAU,GAAG,eAAe;CAaxD;AAKD,qBAAa,KAAK;IACd,OAAO,CAAC,OAAO,CAAM;gBACT,CAAC,EAAE,UAAU,GAAG,MAAM;IAuBlC,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAkB5D,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAazC,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAKjC"}

package/dist/{contracts → cjs/contracts}/BaseContract.js

@@ -8,19 +8,42 @@ const Policy_1 = require("../models/Policy");
 const TideRequest_1 = __importDefault(require("../models/TideRequest"));
 const Serialization_1 = require("../utils/Serialization");
 class BaseContract {
+    /**
+     * Inheritors must implement this if the policy has set it's approvalType to EXPLICIT
+     * @param policy Policy object
+     * @param approverDokens Approver Dokens
+     */
+    validateApprovers(policy, approverDokens) {
+        throw `validateApprovers not implemented`;
+    }
+    /**
+     * Inheritors must implement this if the policy has set it's executionType to PRIVATE
+     * @param policy Policy object
+     * @param executorDoken Executor Doken
+     */
+    validateExecutor(policy, executorDoken) {
+        throw `validateExecutor not implemented`;
+    }
     /**
      * To help with clients testing if their Tide Request will pass their contract's specified contract
      * @param policy Serialized policy from Tide
      * @returns
      */
-    async testPolicy(policy) {
-        const p = policy instanceof Uint8Array ? new Policy_1.Policy(policy) : policy;
+    async testPolicy(policy, executorDoken = null) {
+        const p = policy instanceof Uint8Array ? Policy_1.Policy.from(policy) : policy;
         if (p.contractId !== this.id)
             throw `Mismatch between policy provided's contract (${p.contractId}) and this contract's id (${this.id})`;
         if (p.modelId !== this.tideRequest.id() && p.modelId !== "any")
             throw `Mismatch between policy provided model id (${p.modelId}) and tide request id (${this.tideRequest.id()})`;
         try {
-            await this.test(p);
+            await this.validateData(p);
+            if (p.approvalType == Policy_1.ApprovalType.EXPLICIT)
+                await this.validateApprovers(p, this.dokens);
+            if (p.executionType == Policy_1.ExecutionType.PRIVATE) {
+                if (!executorDoken)
+                    throw `Policy as set it's execution type to PRIVATE. You must test this with the doken of the executor`;
+                await this.validateExecutor(p, new Doken(executorDoken));
+            }
             return {
                 success: true
             };
@@ -52,7 +75,7 @@ class Doken {
         if (!d || d.length === 0) {
             throw new Error('Doken constructor: received empty or null Uint8Array');
         }
-        const tokenString = (0, Serialization_1.StringFromUint8Array)(d);
+        const tokenString = typeof d === "string" ? d : (0, Serialization_1.StringFromUint8Array)(d);
         const s = tokenString.split(".");
         if (s.length !== 3) {
             throw new Error(`Doken constructor: invalid token format. Expected 3 parts (header.payload.signature) but got ${s.length} parts in: "${tokenString.substring(0, 50)}..."`);
@@ -74,13 +97,13 @@ class Doken {
         if (!client)
             throw new Error('hasResourceAccessRole: client parameter is empty or undefined');
         if (!this.payload.resource_access) {
-            throw new Error(`hasResourceAccessRole: token payload does not contain 'resource_access' field. Available fields: ${Object.keys(this.payload).join(', ')}`);
+            return false;
         }
         if (!this.payload.resource_access[client]) {
-            throw new Error(`hasResourceAccessRole: client '${client}' not found in resource_access. Available clients: ${Object.keys(this.payload.resource_access).join(', ')}`);
+            return false;
         }
         if (!Array.isArray(this.payload.resource_access[client].roles)) {
-            throw new Error(`hasResourceAccessRole: 'roles' field for client '${client}' is not an array. Got type: ${typeof this.payload.resource_access[client].roles}`);
+            return false;
         }
         return this.payload.resource_access[client].roles.includes(role);
     }
@@ -88,10 +111,10 @@ class Doken {
         if (!role)
             throw new Error('hasRealmAccessRole: role parameter is empty or undefined');
         if (!this.payload.realm_access) {
-            throw new Error(`hasRealmAccessRole: token payload does not contain 'realm_access' field. Available fields: ${Object.keys(this.payload).join(', ')}`);
+            return false;
         }
         if (!Array.isArray(this.payload.realm_access.roles)) {
-            throw new Error(`hasRealmAccessRole: 'roles' field in realm_access is not an array. Got type: ${typeof this.payload.realm_access.roles}`);
+            return false;
         }
         return this.payload.realm_access.roles.includes(role);
     }

package/dist/cjs/contracts/BaseContract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BaseContract.js","sourceRoot":"","sources":["../../../src/contracts/BaseContract.ts"],"names":[],"mappings":";;;;;;AAAA,6CAAuE;AACvE,wEAAoD;AACpD,0DAA8D;AAQ9D,MAAsB,YAAY;IAa9B;;;;OAIG;IACO,iBAAiB,CAAC,MAAc,EAAE,cAAuB;QAC/D,MAAM,mCAAmC,CAAC;IAC9C,CAAC;IAED;;;;OAIG;IACO,gBAAgB,CAAC,MAAc,EAAE,aAAoB;QAC3D,MAAM,kCAAkC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,MAA2B,EAAE,gBAAqC,IAAI;QACnF,MAAM,CAAC,GAAG,MAAM,YAAY,UAAU,CAAC,CAAC,CAAC,eAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACtE,IAAG,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,EAAE;YAAE,MAAM,gDAAgD,CAAC,CAAC,UAAU,6BAA6B,IAAI,CAAC,EAAE,GAAG,CAAC;QACvI,IAAG,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK;YAAE,MAAM,8CAA8C,CAAC,CAAC,OAAO,0BAA0B,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,GAAG,CAAA;QAC9K,IAAG,CAAC;YACA,MAAM,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAG,CAAC,CAAC,YAAY,IAAI,qBAAY,CAAC,QAAQ;gBAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACzF,IAAG,CAAC,CAAC,aAAa,IAAI,sBAAa,CAAC,OAAO,EAAC,CAAC;gBACzC,IAAG,CAAC,aAAa;oBAAE,MAAM,iGAAiG,CAAC;gBAC3H,MAAM,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO;gBACH,OAAO,EAAE,IAAI;aAChB,CAAC;QACN,CAAC;QAAA,OAAM,EAAE,EAAC,CAAC;YACP,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;aACb,CAAC;QACN,CAAC;IACL,CAAC;IAED,YAAY,WAAyC;QAvD7C,WAAM,GAAY,EAAE,CAAC,CAAC,uBAAuB;QAwDjD,IAAI,CAAC,WAAW,GAAG,WAAW,YAAY,UAAU,CAAC,CAAC,CAAC,qBAAe,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;QACzG,IAAI,CAAC,wBAAwB,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;QACvD,IAAI,CAAC,2BAA2B,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;QAEhE,qBAAqB;QACrB,IAAI,GAAG,GAAG,EAAC,MAAM,EAAE,IAAI,UAAU,EAAE,EAAC,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,EAAC,CAAC;YACnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YACxC,CAAC,EAAE,CAAC;QACR,CAAC;IACL,CAAC;CACJ;AAvED,oCAuEC;AAKD,MAAa,KAAK;IAEd,YAAY,CAAsB;QAC9B,IAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAA,oCAAoB,EAAC,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjC,IAAG,CAAC,CAAC,MAAM,KAAK,CAAC,EAAC,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,gGAAgG,CAAC,CAAC,MAAM,eAAe,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QAC/K,CAAC;QAED,IAAG,CAAC;YACA,MAAM,cAAc,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAM,KAAK,EAAC,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,qDAAqD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;QACpL,CAAC;QAED,IAAG,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAC,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sEAAsE,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACjH,CAAC;IACL,CAAC;IACD,qBAAqB,CAAC,IAAY,EAAE,MAAc;QAC9C,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACzF,IAAG,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QAE7F,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAC,CAAC;YAC9B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,EAAC,CAAC;YACtC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,EAAC,CAAC;YAC3D,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrE,CAAC;IACD,kBAAkB,CAAC,IAAY;QAC3B,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAEtF,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAC,CAAC;YAC3B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,EAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,CAAC,IAAY;QAChB,IAAG,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC1D,IAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,IAAI,CAAC;IACtC,CAAC;CACJ;AA7DD,sBA6DC;AAGD,SAAS,eAAe,CAAC,KAAa;IAClC,IAAI,MAAM,GAAG,KAAK;SACb,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC;SACpB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAE1B,QAAQ,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC;YACF,MAAM;QACV,KAAK,CAAC;YACF,MAAM,IAAI,IAAI,CAAC;YACf,MAAM;QACV,KAAK,CAAC;YACF,MAAM,IAAI,GAAG,CAAC;YACd,MAAM;QACV;YACI,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACD,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;AACL,CAAC;AACD,SAAS,gBAAgB,CAAC,KAAa;IACnC,OAAO,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAEtD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClB,IAAI,GAAG,GAAG,GAAG,IAAI,CAAC;QACtB,CAAC;QAED,OAAO,GAAG,GAAG,IAAI,CAAC;IACtB,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}

package/dist/{contracts → cjs/contracts}/GenericRealmAccessThresholdRoleContract.d.ts

@@ -1,7 +1,8 @@
 import { Policy } from "../models/Policy";
-import { BaseContract } from "./BaseContract";
+import { BaseContract, Doken } from "./BaseContract";
 export declare class GenericRealmAccessThresholdRoleContract extends BaseContract {
+    protected validateData(policy: Policy): Promise<void>;
     id: string;
-    protected test(policy: Policy): Promise<void>;
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
 }
 //# sourceMappingURL=GenericRealmAccessThresholdRoleContract.d.ts.map

package/dist/cjs/contracts/GenericRealmAccessThresholdRoleContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericRealmAccessThresholdRoleContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/GenericRealmAccessThresholdRoleContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAErD,qBAAa,uCAAwC,SAAQ,YAAY;IACrE,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9C,EAAE,EAAE,MAAM,CAAuC;cACxC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ5F"}

package/dist/{contracts → cjs/contracts}/GenericRealmAccessThresholdRoleContract.js

@@ -7,9 +7,13 @@ class GenericRealmAccessThresholdRoleContract extends BaseContract_1.BaseContrac
         super(...arguments);
         this.id = "GenericRealmAccessThresholdRole:1";
     }
-    async test(policy) {
+    validateData(policy) {
+        console.warn("Validate Data not implemented!");
+        return;
+    }
+    async validateApprovers(policy, approverDokens) {
         let successfulDokens = 0;
-        this.dokens.forEach(d => {
+        approverDokens.forEach(d => {
             if (d.hasRealmAccessRole(policy.params.getParameter("role")))
                 successfulDokens++;
         });

package/dist/cjs/contracts/GenericRealmAccessThresholdRoleContract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericRealmAccessThresholdRoleContract.js","sourceRoot":"","sources":["../../../src/contracts/GenericRealmAccessThresholdRoleContract.ts"],"names":[],"mappings":";;;AACA,iDAAqD;AAErD,MAAa,uCAAwC,SAAQ,2BAAY;IAAzE;;QAKW,OAAE,GAAW,mCAAmC,CAAC;IAS5D,CAAC;IAba,YAAY,CAAC,MAAc;QACjC,OAAO,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC/C,OAAO;IACX,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,cAAuB;QACrE,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACvB,IAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,MAAM,CAAC,CAAC;gBAAE,gBAAgB,EAAE,CAAC;QAC5F,CAAC,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,WAAW,CAAC,CAAC;QAClE,IAAG,gBAAgB,GAAG,SAAS;YAAE,MAAM,0DAA0D,CAAC;IACtG,CAAC;CACJ;AAdD,0FAcC"}

package/dist/{contracts → cjs/contracts}/GenericResourceAccessThresholdRoleContract.d.ts

@@ -1,7 +1,8 @@
 import { Policy } from "../models/Policy";
-import { BaseContract } from "./BaseContract";
+import { BaseContract, Doken } from "./BaseContract";
 export declare class GenericResourceAccessThresholdRoleContract extends BaseContract {
     id: string;
-    protected test(policy: Policy): Promise<void>;
+    protected validateData(policy: Policy): Promise<void>;
+    protected validateApprovers(policy: Policy, approverDokens: Doken[]): Promise<void>;
 }
 //# sourceMappingURL=GenericResourceAccessThresholdRoleContract.d.ts.map

package/dist/cjs/contracts/GenericResourceAccessThresholdRoleContract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericResourceAccessThresholdRoleContract.d.ts","sourceRoot":"","sources":["../../../src/contracts/GenericResourceAccessThresholdRoleContract.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAErD,qBAAa,0CAA2C,SAAQ,YAAY;IACjE,EAAE,EAAE,MAAM,CAA0C;IAC3D,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;cAIrC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAQ5F"}

package/dist/{contracts → cjs/contracts}/GenericResourceAccessThresholdRoleContract.js

@@ -7,9 +7,13 @@ class GenericResourceAccessThresholdRoleContract extends BaseContract_1.BaseCont
         super(...arguments);
         this.id = "GenericResourceAccessThresholdRole:1";
     }
-    async test(policy) {
+    validateData(policy) {
+        console.warn("Validate Data not implemented!");
+        return;
+    }
+    async validateApprovers(policy, approverDokens) {
         let successfulDokens = 0;
-        this.dokens.forEach(d => {
+        approverDokens.forEach(d => {
             if (d.hasResourceAccessRole(policy.params.getParameter("role"), policy.params.getParameter("resource")))
                 successfulDokens++;
         });

package/dist/cjs/contracts/GenericResourceAccessThresholdRoleContract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GenericResourceAccessThresholdRoleContract.js","sourceRoot":"","sources":["../../../src/contracts/GenericResourceAccessThresholdRoleContract.ts"],"names":[],"mappings":";;;AACA,iDAAqD;AAErD,MAAa,0CAA2C,SAAQ,2BAAY;IAA5E;;QACW,OAAE,GAAW,sCAAsC,CAAC;IAa/D,CAAC;IAZa,YAAY,CAAC,MAAc;QACjC,OAAO,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;QAC/C,OAAO;IACX,CAAC;IACS,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,cAAuB;QACrE,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACvB,IAAG,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,UAAU,CAAC,CAAC;gBAAE,gBAAgB,EAAE,CAAC;QAC/I,CAAC,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAS,WAAW,CAAC,CAAC;QAClE,IAAG,gBAAgB,GAAG,SAAS;YAAE,MAAM,0DAA0D,CAAC;IACtG,CAAC;CACJ;AAdD,gGAcC"}

package/dist/cjs/index.d.ts

@@ -0,0 +1,15 @@
+import { BaseContract } from "./contracts/BaseContract";
+import { GenericResourceAccessThresholdRoleContract } from "./contracts/GenericResourceAccessThresholdRoleContract";
+import { GenericRealmAccessThresholdRoleContract } from "./contracts/GenericRealmAccessThresholdRoleContract";
+import { TideMemory } from "./utils/TideMemory";
+import BaseTideRequest from "./models/TideRequest";
+import { Policy, PolicyParameters, ApprovalType, ExecutionType } from "./models/Policy";
+import { BasicCustomRequest, DynamicPayloadCustomRequest, DynamicPayloadApprovedCustomRequest } from "./models/CustomTideRequest";
+export { GenericResourceAccessThresholdRoleContract };
+export { BaseContract };
+export { TideMemory };
+export { BaseTideRequest };
+export { Policy, PolicyParameters, ApprovalType, ExecutionType };
+export { GenericRealmAccessThresholdRoleContract };
+export { BasicCustomRequest, DynamicPayloadCustomRequest, DynamicPayloadApprovedCustomRequest };
+//# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,0CAA0C,EAAE,MAAM,wDAAwD,CAAC;AACpH,OAAO,EAAE,uCAAuC,EAAE,MAAM,qDAAqD,CAAC;AAC9G,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,eAAe,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAExF,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,mCAAmC,EAAE,MAAM,4BAA4B,CAAC;AAElI,OAAO,EAAE,0CAA0C,EAAE,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,CAAA;AACrB,OAAO,EAAE,eAAe,EAAE,CAAA;AAC1B,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,aAAa,EAAE,CAAA;AAChE,OAAO,EAAE,uCAAuC,EAAE,CAAA;AAClD,OAAO,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,mCAAmC,EAAE,CAAA"}

package/dist/{index.js → cjs/index.js}

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CustomTideRequest = exports.GenericRealmAccessThresholdRoleContract = exports.PolicyParameters = exports.Policy = exports.BaseTideRequest = exports.TideMemory = exports.BaseContract = exports.GenericResourceAccessThresholdRoleContract = void 0;
+exports.DynamicPayloadApprovedCustomRequest = exports.DynamicPayloadCustomRequest = exports.BasicCustomRequest = exports.GenericRealmAccessThresholdRoleContract = exports.ExecutionType = exports.ApprovalType = exports.PolicyParameters = exports.Policy = exports.BaseTideRequest = exports.TideMemory = exports.BaseContract = exports.GenericResourceAccessThresholdRoleContract = void 0;
 const BaseContract_1 = require("./contracts/BaseContract");
 Object.defineProperty(exports, "BaseContract", { enumerable: true, get: function () { return BaseContract_1.BaseContract; } });
 const GenericResourceAccessThresholdRoleContract_1 = require("./contracts/GenericResourceAccessThresholdRoleContract");
@@ -17,6 +17,10 @@ exports.BaseTideRequest = TideRequest_1.default;
 const Policy_1 = require("./models/Policy");
 Object.defineProperty(exports, "Policy", { enumerable: true, get: function () { return Policy_1.Policy; } });
 Object.defineProperty(exports, "PolicyParameters", { enumerable: true, get: function () { return Policy_1.PolicyParameters; } });
-const CustomTideRequest_1 = __importDefault(require("./models/CustomTideRequest"));
-exports.CustomTideRequest = CustomTideRequest_1.default;
+Object.defineProperty(exports, "ApprovalType", { enumerable: true, get: function () { return Policy_1.ApprovalType; } });
+Object.defineProperty(exports, "ExecutionType", { enumerable: true, get: function () { return Policy_1.ExecutionType; } });
+const CustomTideRequest_1 = require("./models/CustomTideRequest");
+Object.defineProperty(exports, "BasicCustomRequest", { enumerable: true, get: function () { return CustomTideRequest_1.BasicCustomRequest; } });
+Object.defineProperty(exports, "DynamicPayloadCustomRequest", { enumerable: true, get: function () { return CustomTideRequest_1.DynamicPayloadCustomRequest; } });
+Object.defineProperty(exports, "DynamicPayloadApprovedCustomRequest", { enumerable: true, get: function () { return CustomTideRequest_1.DynamicPayloadApprovedCustomRequest; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;AAAA,2DAAwD;AAU/C,6FAVA,2BAAY,OAUA;AATrB,uHAAoH;AAQ3G,2HARA,uFAA0C,OAQA;AAPnD,iHAA8G;AAYrG,wHAZA,iFAAuC,OAYA;AAXhD,mDAAgD;AAQvC,2FARA,uBAAU,OAQA;AAPnB,uEAAmD;AAQ1C,0BARF,qBAAe,CAQE;AAPxB,4CAAwF;AAQ/E,uFARA,eAAM,OAQA;AAAE,iGARA,yBAAgB,OAQA;AAAE,6FARA,qBAAY,OAQA;AAAE,8FARA,sBAAa,OAQA;AAN9D,kEAAkI;AAQzH,mGARA,sCAAkB,OAQA;AAAE,4GARA,+CAA2B,OAQA;AAAE,oHARA,uDAAmC,OAQA"}

package/dist/cjs/models/CustomTideRequest.d.ts

@@ -0,0 +1,19 @@
+import BaseTideRequest from "./TideRequest";
+export declare class BasicCustomRequest extends BaseTideRequest {
+    id(): string;
+}
+export declare class DynamicPayloadCustomRequest extends BaseTideRequest {
+    id(): string;
+}
+export declare class DynamicPayloadApprovedCustomRequest extends BaseTideRequest {
+    customInfo: CustomInfo | undefined;
+    constructor(name: string, version: string, authFlow: string, humanReadableName: string, additionalInfo: any, dyanmicData: Uint8Array);
+    id(): string;
+    getAdditionalInfoSupplied(): any;
+}
+interface CustomInfo {
+    humanReadableName: string;
+    additionalInfo: any;
+}
+export {};
+//# sourceMappingURL=CustomTideRequest.d.ts.map

package/dist/cjs/models/CustomTideRequest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CustomTideRequest.d.ts","sourceRoot":"","sources":["../../../src/models/CustomTideRequest.ts"],"names":[],"mappings":"AAEA,OAAO,eAAe,MAAM,eAAe,CAAC;AAE5C,qBAAa,kBAAmB,SAAQ,eAAe;IACnD,EAAE,IAAI,MAAM;CAGf;AAED,qBAAa,2BAA4B,SAAQ,eAAe;IAC5D,EAAE,IAAI,MAAM;CAGf;AAED,qBAAa,mCAAoC,SAAQ,eAAe;IACpE,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;gBAEvB,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,WAAW,EAAE,UAAU;IAQpI,EAAE,IAAI,MAAM;IAIZ,yBAAyB,IAAI,GAAG;CAInC;AACD,UAAU,UAAU;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,GAAG,CAAC;CACvB"}

package/dist/cjs/models/CustomTideRequest.js

@@ -0,0 +1,40 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DynamicPayloadApprovedCustomRequest = exports.DynamicPayloadCustomRequest = exports.BasicCustomRequest = void 0;
+const Serialization_1 = require("../utils/Serialization");
+const TideRequest_1 = __importDefault(require("./TideRequest"));
+class BasicCustomRequest extends TideRequest_1.default {
+    id() {
+        return `BasicCustom<${this.name}>:BasicCustom<${this.version}>`;
+    }
+}
+exports.BasicCustomRequest = BasicCustomRequest;
+class DynamicPayloadCustomRequest extends TideRequest_1.default {
+    id() {
+        return `DynamicCustom<${this.name}>:DynamicCustom<${this.version}>`;
+    }
+}
+exports.DynamicPayloadCustomRequest = DynamicPayloadCustomRequest;
+class DynamicPayloadApprovedCustomRequest extends TideRequest_1.default {
+    constructor(name, version, authFlow, humanReadableName, additionalInfo, dyanmicData) {
+        const customInfo = {
+            humanReadableName: humanReadableName,
+            additionalInfo: additionalInfo
+        };
+        super(name, version, authFlow, (0, Serialization_1.StringToUint8Array)(JSON.stringify(customInfo)), dyanmicData);
+    }
+    id() {
+        return `DynamicApprovedCustom<${this.name}>:DynamicApprovedCustom<${this.version}>`;
+    }
+    getAdditionalInfoSupplied() {
+        if (this.draft.length > 0)
+            return JSON.parse((0, Serialization_1.StringFromUint8Array)(this.draft))["additionalInfo"];
+        else
+            return null;
+    }
+}
+exports.DynamicPayloadApprovedCustomRequest = DynamicPayloadApprovedCustomRequest;
+//# sourceMappingURL=CustomTideRequest.js.map

package/dist/cjs/models/CustomTideRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CustomTideRequest.js","sourceRoot":"","sources":["../../../src/models/CustomTideRequest.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkF;AAElF,gEAA4C;AAE5C,MAAa,kBAAmB,SAAQ,qBAAe;IACnD,EAAE;QACE,OAAO,eAAe,IAAI,CAAC,IAAI,iBAAiB,IAAI,CAAC,OAAO,GAAG,CAAC;IACpE,CAAC;CACJ;AAJD,gDAIC;AAED,MAAa,2BAA4B,SAAQ,qBAAe;IAC5D,EAAE;QACE,OAAO,iBAAiB,IAAI,CAAC,IAAI,mBAAmB,IAAI,CAAC,OAAO,GAAG,CAAC;IACxE,CAAC;CACJ;AAJD,kEAIC;AAED,MAAa,mCAAoC,SAAQ,qBAAe;IAGpE,YAAY,IAAY,EAAE,OAAe,EAAE,QAAgB,EAAE,iBAAyB,EAAE,cAAmB,EAAE,WAAuB;QAChI,MAAM,UAAU,GAAG;YACf,iBAAiB,EAAE,iBAAiB;YACpC,cAAc,EAAE,cAAc;SACjC,CAAA;QACD,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAA,kCAAkB,EAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAChG,CAAC;IAED,EAAE;QACE,OAAO,yBAAyB,IAAI,CAAC,IAAI,2BAA2B,IAAI,CAAC,OAAO,GAAG,CAAC;IACxF,CAAC;IAED,yBAAyB;QACrB,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAA,oCAAoB,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC;;YAC5F,OAAO,IAAI,CAAC;IACrB,CAAC;CACJ;AAnBD,kFAmBC"}

package/dist/{models → cjs/models}/Policy.d.ts

@@ -1,9 +1,20 @@
 import { TideMemory } from "../utils/TideMemory";
+export declare enum ApprovalType {
+    EXPLICIT = 0,
+    IMPLICIT = 1
+}
+export declare enum ExecutionType {
+    PRIVATE = 0,
+    PUBLIC = 1
+}
 export declare class Policy {
+    static latestVersion: string;
     version: string;
     contractId: string;
     modelId: string;
     keyId: string;
+    approvalType: ApprovalType;
+    executionType: ExecutionType;
     params: PolicyParameters;
     dataToVerify: TideMemory | undefined;
     signature: Uint8Array | undefined;
@@ -12,14 +23,18 @@ export declare class Policy {
         contractId: string;
         modelId: string;
         keyId: string;
-        params: Map<string, any>;
-    } | TideMemory | Uint8Array);
+        approvalType: ApprovalType;
+        executionType: ExecutionType;
+        params: Map<string, any> | PolicyParameters;
+    });
+    static from(data: Uint8Array): Policy;
     toBytes(): TideMemory;
 }
 export declare class PolicyParameters {
     entries: Map<string, any>;
     constructor(data: Map<string, any> | Uint8Array);
     private static fromBytes;
+    tryGetParameter<T extends string | number | bigint | boolean | Uint8Array>(key: string): [boolean, T];
     getParameter<T extends string | number | bigint | boolean | Uint8Array>(key: string): T;
     toBytes(): Uint8Array;
 }

package/dist/cjs/models/Policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Policy.d.ts","sourceRoot":"","sources":["../../../src/models/Policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,oBAAY,YAAY;IACpB,QAAQ,IAAA;IACR,QAAQ,IAAA;CACX;AACD,oBAAY,aAAa;IACrB,OAAO,IAAA;IACP,MAAM,IAAA;CACT;AACD,qBAAa,MAAM;IACf,MAAM,CAAC,aAAa,EAAE,MAAM,CAAO;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,MAAM,EAAE,gBAAgB,CAAC;IAEzB,YAAY,EAAE,UAAU,GAAG,SAAS,CAAC;IACrC,SAAS,EAAE,UAAU,GAAG,SAAS,CAAC;gBAEtB,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,YAAY,CAAC;QAAC,aAAa,EAAE,aAAa,CAAC;QAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,gBAAgB,CAAA;KAAE;IA0BhM,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM;IAyCrC,OAAO;CAgBV;AAED,qBAAa,gBAAgB;IACzB,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBACd,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,UAAU;IAQ/C,OAAO,CAAC,MAAM,CAAC,SAAS;IAgDxB,eAAe,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAQrG,YAAY,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC;IAkCvF,OAAO,IAAI,UAAU;CAsCxB"}