burnledger 0.1.0

package/dist/esm/verify.d.ts

@@ -0,0 +1,47 @@
+/** Offline certificate and transparency verification.
+ *
+ * Ports the Go signing payload builders (core/payload.go) and Merkle tree
+ * verification (core/merkle.go) to TypeScript. All crypto is delegated to
+ * a CryptoOps provider (Node or browser).
+ *
+ * Critical encoding details:
+ *   - Go's json.Marshal encodes []byte as base64, [N]byte as number arrays.
+ *   - The payload builders normalize both formats to lowercase hex strings.
+ *   - Timestamps in payloads use second-precision UTC: "YYYY-MM-DDTHH:MM:SSZ".
+ *   - RFC 8785 canonical JSON: sorted keys recursively, no whitespace.
+ *   - Transparency leaf = SHA-256(0x00 || issuanceBytes(cert)), NOT the
+ *     certificate signing payload. issuanceBytes reconstructs json.Marshal
+ *     output at issuance time (transparency_status=PENDING, no transparency).
+ */
+import type { CryptoOps } from "./crypto.js";
+import type { TransparencyResult, VerificationResult } from "./models.js";
+export declare function hexToBytes(hex: string): Uint8Array;
+export declare function bytesToHex(bytes: Uint8Array): string;
+export interface PublicKeyInfo {
+    readonly keyBytes: Uint8Array;
+    readonly keyId: string;
+    readonly revoked: boolean;
+}
+export declare function publicKeyFromHex(crypto: CryptoOps, hexKey: string, opts?: {
+    revoked?: boolean;
+}): Promise<PublicKeyInfo>;
+type Cert = Record<string, unknown>;
+/** Verify all signatures on a deletion certificate offline. */
+export declare function verifyCertificate(crypto: CryptoOps, certificate: Cert, publicKeys: Map<string, PublicKeyInfo>): Promise<VerificationResult>;
+/** Verify the transparency proof embedded in a certificate. */
+export declare function verifyTransparency(crypto: CryptoOps, certificate: Cert, publicKeys: Map<string, PublicKeyInfo>): Promise<TransparencyResult>;
+/** Reconstruct the certificate JSON as it existed at issuance time.
+ *
+ * At issuance: transparency_status = "PENDING", transparency = nil (omitted).
+ * Go uses json.Marshal(cert) which preserves struct field order. JSON.parse
+ * preserves key insertion order from the Go JSON, so JSON.stringify reproduces
+ * the same bytes.
+ */
+export declare function issuanceBytes(certificate: Cert): Uint8Array;
+/** Verify a Merkle consistency proof (RFC 6962 Section 2.1.4).
+ *
+ * Port of Go's VerifyConsistency / Python's _verify_consistency.
+ */
+export declare function verifyConsistency(crypto: CryptoOps, oldSize: number, newSize: number, oldRoot: Uint8Array, newRoot: Uint8Array, proof: Uint8Array[]): Promise<boolean>;
+export {};
+//# sourceMappingURL=verify.d.ts.map

package/dist/esm/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE7C,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAQ1E,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CASlD;AAYD,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAQpD;AAoCD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,aAAa,CAAC,CAKxB;AAMD,KAAK,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEpC,+DAA+D;AAC/D,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,SAAS,EACjB,WAAW,EAAE,IAAI,EACjB,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,GACrC,OAAO,CAAC,kBAAkB,CAAC,CAsC7B;AAED,+DAA+D;AAC/D,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,SAAS,EACjB,WAAW,EAAE,IAAI,EACjB,UAAU,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,GACrC,OAAO,CAAC,kBAAkB,CAAC,CAwC7B;AAMD;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,WAAW,EAAE,IAAI,GAAG,UAAU,CAK3D;AAkSD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,OAAO,EAAE,UAAU,EACnB,KAAK,EAAE,UAAU,EAAE,GAClB,OAAO,CAAC,OAAO,CAAC,CAgDlB"}

package/dist/esm/verify.js

@@ -0,0 +1,462 @@
+/** Offline certificate and transparency verification.
+ *
+ * Ports the Go signing payload builders (core/payload.go) and Merkle tree
+ * verification (core/merkle.go) to TypeScript. All crypto is delegated to
+ * a CryptoOps provider (Node or browser).
+ *
+ * Critical encoding details:
+ *   - Go's json.Marshal encodes []byte as base64, [N]byte as number arrays.
+ *   - The payload builders normalize both formats to lowercase hex strings.
+ *   - Timestamps in payloads use second-precision UTC: "YYYY-MM-DDTHH:MM:SSZ".
+ *   - RFC 8785 canonical JSON: sorted keys recursively, no whitespace.
+ *   - Transparency leaf = SHA-256(0x00 || issuanceBytes(cert)), NOT the
+ *     certificate signing payload. issuanceBytes reconstructs json.Marshal
+ *     output at issuance time (transparency_status=PENDING, no transparency).
+ */
+import { VerificationError } from "./errors.js";
+// ---------------------------------------------------------------------------
+// Pure byte helpers (no Buffer, no node:crypto)
+// ---------------------------------------------------------------------------
+const HEX_CHARS = "0123456789abcdef";
+export function hexToBytes(hex) {
+    const len = hex.length >>> 1;
+    const out = new Uint8Array(len);
+    for (let i = 0; i < len; i++) {
+        const hi = hex.charCodeAt(i * 2);
+        const lo = hex.charCodeAt(i * 2 + 1);
+        out[i] = (unhex(hi) << 4) | unhex(lo);
+    }
+    return out;
+}
+function unhex(c) {
+    // 0-9
+    if (c >= 48 && c <= 57)
+        return c - 48;
+    // a-f
+    if (c >= 97 && c <= 102)
+        return c - 87;
+    // A-F
+    if (c >= 65 && c <= 70)
+        return c - 55;
+    return 0;
+}
+export function bytesToHex(bytes) {
+    let out = "";
+    for (let i = 0; i < bytes.length; i++) {
+        const b = bytes[i];
+        out += HEX_CHARS[b >>> 4];
+        out += HEX_CHARS[b & 0x0f];
+    }
+    return out;
+}
+function concatBytes(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++) {
+        if (a[i] !== b[i])
+            return false;
+    }
+    return true;
+}
+function base64ToBytes(b64) {
+    // Use atob for universal browser+node compatibility.
+    // Node 18+ has atob globally; browsers always have it.
+    const bin = atob(b64);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++) {
+        out[i] = bin.charCodeAt(i);
+    }
+    return out;
+}
+function textToBytes(s) {
+    return new TextEncoder().encode(s);
+}
+export async function publicKeyFromHex(crypto, hexKey, opts) {
+    const raw = hexToBytes(hexKey);
+    const hash = await crypto.sha256(raw);
+    const keyId = "dp_k_" + bytesToHex(hash);
+    return { keyBytes: raw, keyId, revoked: opts?.revoked ?? false };
+}
+/** Verify all signatures on a deletion certificate offline. */
+export async function verifyCertificate(crypto, certificate, publicKeys) {
+    const issuer = certificate.issuer;
+    const keyId = issuer.key_id;
+    const pki = publicKeys.get(keyId);
+    if (pki === undefined)
+        throw new VerificationError(`unknown issuer key: ${keyId}`);
+    if (pki.revoked)
+        throw new VerificationError(`issuer key is revoked: ${keyId}`);
+    // 1. Attestation signature
+    const att = certificate.attestation;
+    const attPayload = buildAttestationPayload(certificate.subject, att);
+    const attSig = decodeSignature(att.attestation_signature);
+    if (!(await crypto.ed25519Verify(pki.keyBytes, attPayload, attSig))) {
+        throw new VerificationError("attestation signature is invalid");
+    }
+    // 2. Verification signature
+    const ver = certificate.verification;
+    const verPayload = buildVerificationPayload(certificate.attestation_id, ver);
+    const verSig = decodeSignature(ver.verification_signature);
+    if (!(await crypto.ed25519Verify(pki.keyBytes, verPayload, verSig))) {
+        throw new VerificationError("verification signature is invalid");
+    }
+    // 3. Certificate signature
+    const certPayload = buildCertificatePayload(certificate);
+    const certSig = decodeSignature(certificate.certificate_signature);
+    if (!(await crypto.ed25519Verify(pki.keyBytes, certPayload, certSig))) {
+        throw new VerificationError("certificate signature is invalid");
+    }
+    return "VALID";
+}
+/** Verify the transparency proof embedded in a certificate. */
+export async function verifyTransparency(crypto, certificate, publicKeys) {
+    const transparency = certificate.transparency;
+    if (transparency == null) {
+        return "NOT_AVAILABLE";
+    }
+    const sth = transparency.signed_tree_head;
+    const issuer = certificate.issuer;
+    const keyId = issuer.key_id;
+    const pki = publicKeys.get(keyId);
+    if (pki === undefined)
+        throw new VerificationError(`unknown issuer key: ${keyId}`);
+    if (pki.revoked)
+        throw new VerificationError(`issuer key is revoked: ${keyId}`);
+    // 1. Tree head signature
+    const headPayload = buildTreeHeadPayload(sth);
+    const headSig = decodeSignature(sth.signature);
+    if (!(await crypto.ed25519Verify(pki.keyBytes, headPayload, headSig))) {
+        throw new VerificationError("tree head signature is invalid");
+    }
+    // 2. Merkle inclusion proof — leaf is hash of issuance-time certificate JSON,
+    // NOT the canonical signing payload. Matches Go's core.IssuanceBytes(cert).
+    const issuanceData = issuanceBytes(certificate);
+    const leaf = await hashLeaf(crypto, issuanceData);
+    const proofHashes = (transparency.inclusion_proof ?? []).map((h) => decodeBytes(h));
+    const root = decodeBytes(sth.root_hash);
+    const index = transparency.entry_index;
+    const treeSize = sth.tree_size;
+    if (!(await verifyInclusion(crypto, leaf, index, treeSize, proofHashes, root))) {
+        throw new VerificationError("merkle inclusion proof is invalid");
+    }
+    return "INCLUDED";
+}
+// ---------------------------------------------------------------------------
+// Issuance bytes — matches Go's core.IssuanceBytes(cert)
+// ---------------------------------------------------------------------------
+/** Reconstruct the certificate JSON as it existed at issuance time.
+ *
+ * At issuance: transparency_status = "PENDING", transparency = nil (omitted).
+ * Go uses json.Marshal(cert) which preserves struct field order. JSON.parse
+ * preserves key insertion order from the Go JSON, so JSON.stringify reproduces
+ * the same bytes.
+ */
+export function issuanceBytes(certificate) {
+    const clone = JSON.parse(JSON.stringify(certificate));
+    clone.transparency_status = "PENDING";
+    delete clone.transparency;
+    return textToBytes(JSON.stringify(clone));
+}
+// ---------------------------------------------------------------------------
+// RFC 8785 Canonical JSON
+// ---------------------------------------------------------------------------
+function canonicalJson(obj) {
+    return textToBytes(canonicalStringify(obj));
+}
+function canonicalStringify(val) {
+    if (val === null || val === undefined)
+        return "null";
+    if (typeof val === "boolean")
+        return val ? "true" : "false";
+    if (typeof val === "number")
+        return JSON.stringify(val);
+    if (typeof val === "string")
+        return JSON.stringify(val);
+    if (Array.isArray(val)) {
+        return "[" + val.map(canonicalStringify).join(",") + "]";
+    }
+    if (typeof val === "object") {
+        const obj = val;
+        const keys = Object.keys(obj).sort();
+        const pairs = keys.map((k) => JSON.stringify(k) + ":" + canonicalStringify(obj[k]));
+        return "{" + pairs.join(",") + "}";
+    }
+    return JSON.stringify(val);
+}
+// ---------------------------------------------------------------------------
+// Byte encoding helpers
+// ---------------------------------------------------------------------------
+/** Convert a byte field to lowercase hex. Handles:
+ *  - hex string (from hand-crafted test data)
+ *  - base64 string (from Go's json.Marshal of []byte slices)
+ *  - number[] (from Go's json.Marshal of [N]byte fixed arrays)
+ */
+function toHex(value) {
+    if (Array.isArray(value)) {
+        return bytesToHex(new Uint8Array(value));
+    }
+    const str = value;
+    if (/^[0-9a-fA-F]+$/.test(str) && str.length % 2 === 0) {
+        return str.toLowerCase();
+    }
+    return bytesToHex(base64ToBytes(str));
+}
+/** Decode a signature field to raw bytes. Same format handling as toHex. */
+function decodeSignature(value) {
+    if (Array.isArray(value)) {
+        return new Uint8Array(value);
+    }
+    const str = value;
+    if (/^[0-9a-fA-F]+$/.test(str)) {
+        const raw = hexToBytes(str);
+        if (raw.length === 64)
+            return raw;
+    }
+    return base64ToBytes(str);
+}
+/** Decode a hash/bytes field to raw bytes. Same format handling as toHex. */
+function decodeBytes(value) {
+    if (Array.isArray(value)) {
+        return new Uint8Array(value);
+    }
+    const str = value;
+    if (/^[0-9a-fA-F]+$/.test(str) && str.length % 2 === 0) {
+        return hexToBytes(str);
+    }
+    return base64ToBytes(str);
+}
+function formatTimestamp(ts) {
+    // Strip fractional seconds, normalize to YYYY-MM-DDTHH:MM:SSZ
+    let s = ts;
+    const dotIdx = s.indexOf(".");
+    if (dotIdx !== -1) {
+        // Find the end of fractional seconds (Z, +, or end)
+        let endIdx = s.length;
+        for (let i = dotIdx + 1; i < s.length; i++) {
+            if (s[i] === "Z" || s[i] === "+" || s[i] === "-") {
+                endIdx = i;
+                break;
+            }
+        }
+        s = s.slice(0, dotIdx) + s.slice(endIdx);
+    }
+    if (s.endsWith("Z"))
+        return s;
+    // Strip timezone offset
+    const plusIdx = s.indexOf("+");
+    if (plusIdx !== -1) {
+        s = s.slice(0, plusIdx);
+    }
+    return s + "Z";
+}
+// ---------------------------------------------------------------------------
+// Payload builders — exact ports of core/payload.go
+// ---------------------------------------------------------------------------
+function buildAttestationPayload(subject, att) {
+    const attestedAt = formatTimestamp(att.attested_at);
+    const systems = att.systems.map((s) => ({
+        canonical_version: s.canonical_version ?? null,
+        connector_type: s.connector_type,
+        hash_scope: s.hash_scope,
+        merkle_root: s.merkle_root
+            ? toHex(s.merkle_root)
+            : null,
+        observed_at: attestedAt,
+        record_count: s.record_count,
+        system_id: s.system_name,
+    }));
+    const payload = {
+        attested_at: attestedAt,
+        proof_mode: att.proof_mode,
+        subject_hash: toHex(subject.identifier_hash),
+        systems,
+    };
+    return canonicalJson(payload);
+}
+function buildVerificationPayload(attestationId, ver) {
+    const verifiedAt = formatTimestamp(ver.verified_at);
+    const systems = ver.systems.map((s) => ({
+        observed_at: verifiedAt,
+        record_count: s.record_count,
+        system_id: s.system_name,
+    }));
+    const payload = {
+        attestation_id: attestationId,
+        systems,
+        verified_at: verifiedAt,
+    };
+    return canonicalJson(payload);
+}
+function buildCertificatePayload(cert) {
+    const att = cert.attestation;
+    const ver = cert.verification;
+    const issuer = cert.issuer;
+    const subject = cert.subject;
+    // Attestation systems — uses "system_name" field name
+    const attSystems = att.systems.map((s) => ({
+        canonical_version: s.canonical_version ?? null,
+        connector_type: s.connector_type,
+        hash_scope: s.hash_scope,
+        merkle_root: s.merkle_root
+            ? toHex(s.merkle_root)
+            : null,
+        record_count: s.record_count,
+        system_name: s.system_name,
+    }));
+    const attObj = {
+        attestation_signature: toHex(att.attestation_signature),
+        attested_at: formatTimestamp(att.attested_at),
+        proof_mode: att.proof_mode,
+        systems: attSystems,
+    };
+    // Verification systems
+    const verSystems = ver.systems.map((s) => ({
+        connector_type: s.connector_type,
+        record_count: s.record_count,
+        system_name: s.system_name,
+    }));
+    const verObj = {
+        systems: verSystems,
+        verification_signature: toHex(ver.verification_signature),
+        verified_at: formatTimestamp(ver.verified_at),
+    };
+    const issuerObj = {
+        key_id: issuer.key_id,
+        name: issuer.name,
+        public_key: toHex(issuer.public_key),
+    };
+    const subjectObj = {
+        identifier_hash: toHex(subject.identifier_hash),
+        identifier_type_hint: subject.identifier_type_hint,
+    };
+    // Revocation
+    let revocation = null;
+    const rev = cert.revocation;
+    if (rev != null) {
+        revocation = {
+            reason: rev.reason,
+            replacement_certificate_id: rev.replacement_certificate_id ?? null,
+            revoked_at: formatTimestamp(rev.revoked_at),
+        };
+    }
+    const payload = {
+        attestation: attObj,
+        attestation_id: cert.attestation_id,
+        certificate_format_version: cert.certificate_format_version,
+        certificate_id: cert.certificate_id,
+        issued_at: formatTimestamp(cert.issued_at),
+        issuer: issuerObj,
+        revocation,
+        status: cert.status,
+        subject: subjectObj,
+        verification: verObj,
+    };
+    return canonicalJson(payload);
+}
+function buildTreeHeadPayload(head) {
+    const payload = {
+        root_hash: toHex(head.root_hash),
+        timestamp: formatTimestamp(head.timestamp),
+        tree_size: head.tree_size,
+    };
+    return canonicalJson(payload);
+}
+// ---------------------------------------------------------------------------
+// Merkle tree (RFC 6962) — ports of core/merkle.go
+// ---------------------------------------------------------------------------
+async function hashLeaf(crypto, data) {
+    return crypto.sha256(concatBytes(new Uint8Array([0x00]), data));
+}
+async function hashNode(crypto, left, right) {
+    const prefix = new Uint8Array([0x01]);
+    return crypto.sha256(concatBytes(prefix, concatBytes(left, right)));
+}
+function splitPoint(n) {
+    let k = 1;
+    while (k * 2 < n) {
+        k *= 2;
+    }
+    return k;
+}
+async function verifyInclusion(crypto, leaf, index, size, proof, root) {
+    if (size === 0 || index >= size)
+        return false;
+    if (size === 1)
+        return proof.length === 0 && bytesEqual(leaf, root);
+    const [computed, consumed] = await chainInclusion(crypto, leaf, index, size, proof);
+    return consumed === proof.length && bytesEqual(computed, root);
+}
+async function chainInclusion(crypto, leaf, index, n, proof) {
+    if (n === 1)
+        return [leaf, 0];
+    const k = splitPoint(n);
+    if (index < k) {
+        const [inner, used] = await chainInclusion(crypto, leaf, index, k, proof);
+        if (used >= proof.length)
+            return [inner, used + 1];
+        return [await hashNode(crypto, inner, proof[used]), used + 1];
+    }
+    const [inner, used] = await chainInclusion(crypto, leaf, index - k, n - k, proof);
+    if (used >= proof.length)
+        return [inner, used + 1];
+    return [await hashNode(crypto, proof[used], inner), used + 1];
+}
+function isPow2(n) {
+    return n > 0 && (n & (n - 1)) === 0;
+}
+/** Verify a Merkle consistency proof (RFC 6962 Section 2.1.4).
+ *
+ * Port of Go's VerifyConsistency / Python's _verify_consistency.
+ */
+export async function verifyConsistency(crypto, oldSize, newSize, oldRoot, newRoot, proof) {
+    if (oldSize === 0 || newSize === 0 || oldSize > newSize)
+        return false;
+    if (oldSize === newSize) {
+        return proof.length === 0 && bytesEqual(oldRoot, newRoot);
+    }
+    let pIdx = 0;
+    let fr;
+    let sr;
+    if (isPow2(oldSize)) {
+        fr = oldRoot;
+        sr = oldRoot;
+    }
+    else {
+        if (pIdx >= proof.length)
+            return false;
+        fr = proof[pIdx];
+        sr = proof[pIdx];
+        pIdx++;
+    }
+    let fn = oldSize - 1;
+    let sn = newSize - 1;
+    while ((fn & 1) === 1) {
+        fn >>= 1;
+        sn >>= 1;
+    }
+    while (pIdx < proof.length) {
+        const c = proof[pIdx];
+        pIdx++;
+        if ((fn & 1) === 1 || fn === sn) {
+            fr = await hashNode(crypto, c, fr);
+            sr = await hashNode(crypto, c, sr);
+            while (fn !== 0 && (fn & 1) === 0) {
+                fn >>= 1;
+                sn >>= 1;
+            }
+        }
+        else {
+            sr = await hashNode(crypto, sr, c);
+        }
+        fn >>= 1;
+        sn >>= 1;
+    }
+    return sn === 0 && bytesEqual(fr, oldRoot) && bytesEqual(sr, newRoot);
+}
+//# sourceMappingURL=verify.js.map

package/dist/esm/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,MAAM,SAAS,GAAG,kBAAkB,CAAC;AAErC,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACrC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,KAAK,CAAC,CAAS;IACtB,MAAM;IACN,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM;IACN,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACvC,MAAM;IACN,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAAiB;IAC1C,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,GAAG,IAAI,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QAC1B,GAAG,IAAI,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,CAAa,EAAE,CAAa;IAC/C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAChD,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAa,EAAE,CAAa;IAC9C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,qDAAqD;IACrD,uDAAuD;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAYD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAiB,EACjB,MAAc,EACd,IAA4B;IAE5B,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,KAAK,EAAE,CAAC;AACnE,CAAC;AAQD,+DAA+D;AAC/D,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAiB,EACjB,WAAiB,EACjB,UAAsC;IAEtC,MAAM,MAAM,GAAG,WAAW,CAAC,MAAiC,CAAC;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,MAAgB,CAAC;IAEtC,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,KAAK,SAAS;QAAE,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;IACnF,IAAI,GAAG,CAAC,OAAO;QAAE,MAAM,IAAI,iBAAiB,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;IAEhF,2BAA2B;IAC3B,MAAM,GAAG,GAAG,WAAW,CAAC,WAAsC,CAAC;IAC/D,MAAM,UAAU,GAAG,uBAAuB,CACxC,WAAW,CAAC,OAAkC,EAC9C,GAAG,CACJ,CAAC;IACF,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,qBAA+B,CAAC,CAAC;IACpE,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,iBAAiB,CAAC,kCAAkC,CAAC,CAAC;IAClE,CAAC;IAED,4BAA4B;IAC5B,MAAM,GAAG,GAAG,WAAW,CAAC,YAAuC,CAAC;IAChE,MAAM,UAAU,GAAG,wBAAwB,CACzC,WAAW,CAAC,cAAwB,EACpC,GAAG,CACJ,CAAC;IACF,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,sBAAgC,CAAC,CAAC;IACrE,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,2BAA2B;IAC3B,MAAM,WAAW,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;IACzD,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,CAAC,qBAA+B,CAAC,CAAC;IAC7E,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,iBAAiB,CAAC,kCAAkC,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,OAA6B,CAAC;AACvC,CAAC;AAED,+DAA+D;AAC/D,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAiB,EACjB,WAAiB,EACjB,UAAsC;IAEtC,MAAM,YAAY,GAAG,WAAW,CAAC,YAEpB,CAAC;IACd,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,OAAO,eAAqC,CAAC;IAC/C,CAAC;IAED,MAAM,GAAG,GAAG,YAAY,CAAC,gBAA2C,CAAC;IACrE,MAAM,MAAM,GAAG,WAAW,CAAC,MAAiC,CAAC;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,MAAgB,CAAC;IAEtC,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,KAAK,SAAS;QAAE,MAAM,IAAI,iBAAiB,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;IACnF,IAAI,GAAG,CAAC,OAAO;QAAE,MAAM,IAAI,iBAAiB,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;IAEhF,yBAAyB;IACzB,MAAM,WAAW,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,SAAmB,CAAC,CAAC;IACzD,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,4EAA4E;IAC5E,MAAM,YAAY,GAAG,aAAa,CAAC,WAAW,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAElD,MAAM,WAAW,GAAG,CACjB,YAAY,CAAC,eAAyC,IAAI,EAAE,CAC9D,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,YAAY,CAAC,WAAqB,CAAC;IACjD,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAmB,CAAC;IAEzC,IAAI,CAAC,CAAC,MAAM,eAAe,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC;QAC/E,MAAM,IAAI,iBAAiB,CAAC,mCAAmC,CAAC,CAAC;IACnE,CAAC;IAED,OAAO,UAAgC,CAAC;AAC1C,CAAC;AAED,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,WAAiB;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAA4B,CAAC;IACjF,KAAK,CAAC,mBAAmB,GAAG,SAAS,CAAC;IACtC,OAAO,KAAK,CAAC,YAAY,CAAC;IAC1B,OAAO,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,SAAS,aAAa,CAAC,GAAY;IACjC,OAAO,WAAW,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IACrD,IAAI,OAAO,GAAG,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAC5D,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACxD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAC3D,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,GAA8B,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAC5D,CAAC;QACF,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,KAAK,CAAC,KAAc;IAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,UAAU,CAAC,IAAI,UAAU,CAAC,KAAiB,CAAC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,GAAG,GAAG,KAAe,CAAC;IAC5B,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO,UAAU,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,4EAA4E;AAC5E,SAAS,eAAe,CAAC,KAAc;IACrC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,UAAU,CAAC,KAAiB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,GAAG,GAAG,KAAe,CAAC;IAC5B,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,GAAG,CAAC;IACpC,CAAC;IACD,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED,6EAA6E;AAC7E,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,UAAU,CAAC,KAAiB,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,GAAG,GAAG,KAAe,CAAC;IAC5B,IAAI,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,eAAe,CAAC,EAAU;IACjC,8DAA8D;IAC9D,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAClB,oDAAoD;QACpD,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACjD,MAAM,GAAG,CAAC,CAAC;gBACX,MAAM;YACR,CAAC;QACH,CAAC;QACD,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IAC9B,wBAAwB;IACxB,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,SAAS,uBAAuB,CAC9B,OAAgC,EAChC,GAA4B;IAE5B,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,WAAqB,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAI,GAAG,CAAC,OAAqC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,iBAAiB,EAAG,CAAC,CAAC,iBAAmC,IAAI,IAAI;QACjE,cAAc,EAAE,CAAC,CAAC,cAAwB;QAC1C,UAAU,EAAE,CAAC,CAAC,UAAoB;QAClC,WAAW,EAAE,CAAC,CAAC,WAAW;YACxB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;YAChC,CAAC,CAAC,IAAI;QACR,WAAW,EAAE,UAAU;QACvB,YAAY,EAAE,CAAC,CAAC,YAAsB;QACtC,SAAS,EAAE,CAAC,CAAC,WAAqB;KACnC,CAAC,CAAC,CAAC;IAEJ,MAAM,OAAO,GAAG;QACd,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,GAAG,CAAC,UAAoB;QACpC,YAAY,EAAE,KAAK,CAAC,OAAO,CAAC,eAAyB,CAAC;QACtD,OAAO;KACR,CAAC;IACF,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,wBAAwB,CAC/B,aAAqB,EACrB,GAA4B;IAE5B,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,WAAqB,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAI,GAAG,CAAC,OAAqC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,WAAW,EAAE,UAAU;QACvB,YAAY,EAAE,CAAC,CAAC,YAAsB;QACtC,SAAS,EAAE,CAAC,CAAC,WAAqB;KACnC,CAAC,CAAC,CAAC;IAEJ,MAAM,OAAO,GAAG;QACd,cAAc,EAAE,aAAa;QAC7B,OAAO;QACP,WAAW,EAAE,UAAU;KACxB,CAAC;IACF,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,uBAAuB,CAAC,IAA6B;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,WAAsC,CAAC;IACxD,MAAM,GAAG,GAAG,IAAI,CAAC,YAAuC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAiC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAkC,CAAC;IAExD,sDAAsD;IACtD,MAAM,UAAU,GAAI,GAAG,CAAC,OAAqC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxE,iBAAiB,EAAG,CAAC,CAAC,iBAAmC,IAAI,IAAI;QACjE,cAAc,EAAE,CAAC,CAAC,cAAwB;QAC1C,UAAU,EAAE,CAAC,CAAC,UAAoB;QAClC,WAAW,EAAE,CAAC,CAAC,WAAW;YACxB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;YAChC,CAAC,CAAC,IAAI;QACR,YAAY,EAAE,CAAC,CAAC,YAAsB;QACtC,WAAW,EAAE,CAAC,CAAC,WAAqB;KACrC,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG;QACb,qBAAqB,EAAE,KAAK,CAAC,GAAG,CAAC,qBAA+B,CAAC;QACjE,WAAW,EAAE,eAAe,CAAC,GAAG,CAAC,WAAqB,CAAC;QACvD,UAAU,EAAE,GAAG,CAAC,UAAoB;QACpC,OAAO,EAAE,UAAU;KACpB,CAAC;IAEF,uBAAuB;IACvB,MAAM,UAAU,GAAI,GAAG,CAAC,OAAqC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxE,cAAc,EAAE,CAAC,CAAC,cAAwB;QAC1C,YAAY,EAAE,CAAC,CAAC,YAAsB;QACtC,WAAW,EAAE,CAAC,CAAC,WAAqB;KACrC,CAAC,CAAC,CAAC;IAEJ,MAAM,MAAM,GAAG;QACb,OAAO,EAAE,UAAU;QACnB,sBAAsB,EAAE,KAAK,CAAC,GAAG,CAAC,sBAAgC,CAAC;QACnE,WAAW,EAAE,eAAe,CAAC,GAAG,CAAC,WAAqB,CAAC;KACxD,CAAC;IAEF,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,MAAM,CAAC,MAAgB;QAC/B,IAAI,EAAE,MAAM,CAAC,IAAc;QAC3B,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,UAAoB,CAAC;KAC/C,CAAC;IAEF,MAAM,UAAU,GAAG;QACjB,eAAe,EAAE,KAAK,CAAC,OAAO,CAAC,eAAyB,CAAC;QACzD,oBAAoB,EAAE,OAAO,CAAC,oBAA8B;KAC7D,CAAC;IAEF,aAAa;IACb,IAAI,UAAU,GAAmC,IAAI,CAAC;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAwD,CAAC;IAC1E,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAChB,UAAU,GAAG;YACX,MAAM,EAAE,GAAG,CAAC,MAAgB;YAC5B,0BAA0B,EACvB,GAAG,CAAC,0BAA4C,IAAI,IAAI;YAC3D,UAAU,EAAE,eAAe,CAAC,GAAG,CAAC,UAAoB,CAAC;SACtD,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG;QACd,WAAW,EAAE,MAAM;QACnB,cAAc,EAAE,IAAI,CAAC,cAAwB;QAC7C,0BAA0B,EAAE,IAAI,CAAC,0BAAoC;QACrE,cAAc,EAAE,IAAI,CAAC,cAAwB;QAC7C,SAAS,EAAE,eAAe,CAAC,IAAI,CAAC,SAAmB,CAAC;QACpD,MAAM,EAAE,SAAS;QACjB,UAAU;QACV,MAAM,EAAE,IAAI,CAAC,MAAgB;QAC7B,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,MAAM;KACrB,CAAC;IACF,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,oBAAoB,CAAC,IAA6B;IACzD,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,SAAmB,CAAC;QAC1C,SAAS,EAAE,eAAe,CAAC,IAAI,CAAC,SAAmB,CAAC;QACpD,SAAS,EAAE,IAAI,CAAC,SAAmB;KACpC,CAAC;IACF,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,KAAK,UAAU,QAAQ,CAAC,MAAiB,EAAE,IAAgB;IACzD,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,MAAiB,EAAE,IAAgB,EAAE,KAAiB;IAC5E,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACjB,CAAC,IAAI,CAAC,CAAC;IACT,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,MAAiB,EACjB,IAAgB,EAChB,KAAa,EACb,IAAY,EACZ,KAAmB,EACnB,IAAgB;IAEhB,IAAI,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9C,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACpE,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACpF,OAAO,QAAQ,KAAK,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACjE,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,MAAiB,EACjB,IAAgB,EAChB,KAAa,EACb,CAAS,EACT,KAAmB;IAEnB,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IACxB,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1E,IAAI,IAAI,IAAI,KAAK,CAAC,MAAM;YAAE,OAAO,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;QACnD,OAAO,CAAC,MAAM,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAE,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;IAClF,IAAI,IAAI,IAAI,KAAK,CAAC,MAAM;QAAE,OAAO,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;IACnD,OAAO,CAAC,MAAM,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAE,EAAE,KAAK,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAiB,EACjB,OAAe,EACf,OAAe,EACf,OAAmB,EACnB,OAAmB,EACnB,KAAmB;IAEnB,IAAI,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,IAAI,OAAO,GAAG,OAAO;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,EAAc,CAAC;IACnB,IAAI,EAAc,CAAC;IAEnB,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACpB,EAAE,GAAG,OAAO,CAAC;QACb,EAAE,GAAG,OAAO,CAAC;IACf,CAAC;SAAM,CAAC;QACN,IAAI,IAAI,IAAI,KAAK,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACvC,EAAE,GAAG,KAAK,CAAC,IAAI,CAAE,CAAC;QAClB,EAAE,GAAG,KAAK,CAAC,IAAI,CAAE,CAAC;QAClB,IAAI,EAAE,CAAC;IACT,CAAC;IAED,IAAI,EAAE,GAAG,OAAO,GAAG,CAAC,CAAC;IACrB,IAAI,EAAE,GAAG,OAAO,GAAG,CAAC,CAAC;IAErB,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACtB,EAAE,KAAK,CAAC,CAAC;QACT,EAAE,KAAK,CAAC,CAAC;IACX,CAAC;IAED,OAAO,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAE,CAAC;QACvB,IAAI,EAAE,CAAC;QAEP,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAChC,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACnC,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACnC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;gBAClC,EAAE,KAAK,CAAC,CAAC;gBACT,EAAE,KAAK,CAAC,CAAC;YACX,CAAC;QACH,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,EAAE,KAAK,CAAC,CAAC;QACT,EAAE,KAAK,CAAC,CAAC;IACX,CAAC;IAED,OAAO,EAAE,KAAK,CAAC,IAAI,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,UAAU,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;AACxE,CAAC"}

package/dist/esm/webhooks.d.ts

@@ -0,0 +1,17 @@
+/** Webhook signature verification for incoming BurnLedger events.
+ *
+ * The server signs webhook payloads with HMAC-SHA256 using the webhook secret.
+ * The signature is sent in the X-BurnLedger-Signature header as a hex string.
+ *
+ * Node-only — webhooks are received server-side.
+ */
+/**
+ * Verify that a webhook payload was signed by the expected secret.
+ *
+ * @param secret  The webhook secret (raw UTF-8, as returned by the API)
+ * @param body    The raw request body bytes
+ * @param signature The hex-encoded HMAC-SHA256 signature from the X-BurnLedger-Signature header
+ * @returns true if the signature is valid
+ */
+export declare function verifyWebhookSignature(secret: string, body: Uint8Array | string, signature: string): boolean;
+//# sourceMappingURL=webhooks.d.ts.map

package/dist/esm/webhooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../src/webhooks.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,UAAU,GAAG,MAAM,EACzB,SAAS,EAAE,MAAM,GAChB,OAAO,CAkBT"}

package/dist/esm/webhooks.js

@@ -0,0 +1,36 @@
+/** Webhook signature verification for incoming BurnLedger events.
+ *
+ * The server signs webhook payloads with HMAC-SHA256 using the webhook secret.
+ * The signature is sent in the X-BurnLedger-Signature header as a hex string.
+ *
+ * Node-only — webhooks are received server-side.
+ */
+import { createHmac, timingSafeEqual } from "node:crypto";
+/**
+ * Verify that a webhook payload was signed by the expected secret.
+ *
+ * @param secret  The webhook secret (raw UTF-8, as returned by the API)
+ * @param body    The raw request body bytes
+ * @param signature The hex-encoded HMAC-SHA256 signature from the X-BurnLedger-Signature header
+ * @returns true if the signature is valid
+ */
+export function verifyWebhookSignature(secret, body, signature) {
+    if (secret.length === 0)
+        return false;
+    if (signature.length === 0)
+        return false;
+    const expected = createHmac("sha256", secret)
+        .update(typeof body === "string" ? Buffer.from(body, "utf-8") : body)
+        .digest();
+    let received;
+    try {
+        received = Buffer.from(signature, "hex");
+    }
+    catch {
+        return false;
+    }
+    if (received.length !== expected.length)
+        return false;
+    return timingSafeEqual(expected, received);
+}
+//# sourceMappingURL=webhooks.js.map

package/dist/esm/webhooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../src/webhooks.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAc,EACd,IAAyB,EACzB,SAAiB;IAEjB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC1C,MAAM,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;SACpE,MAAM,EAAE,CAAC;IAEZ,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAEtD,OAAO,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC"}

package/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "burnledger",
+  "version": "0.1.0",
+  "description": "TypeScript SDK for the BurnLedger API — cryptographic deletion certificates",
+  "type": "module",
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
+  "types": "./dist/esm/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/esm/index.d.ts",
+        "default": "./dist/esm/index.js"
+      },
+      "require": {
+        "types": "./dist/cjs/index.d.ts",
+        "default": "./dist/cjs/index.js"
+      }
+    },
+    "./browser": {
+      "import": {
+        "types": "./dist/esm/index.browser.d.ts",
+        "default": "./dist/esm/index.browser.js"
+      }
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.esm.json && tsc -p tsconfig.cjs.json && echo '{\"type\":\"commonjs\"}' > dist/cjs/package.json",
+    "check": "tsc -p tsconfig.esm.json --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run check && npm test && npm run build"
+  },
+  "keywords": [
+    "burnledger",
+    "deletion",
+    "certificate",
+    "compliance",
+    "gdpr",
+    "privacy",
+    "attestation",
+    "verification"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/fdfretes/burnledger.git",
+    "directory": "sdk/typescript"
+  },
+  "homepage": "https://github.com/fdfretes/burnledger/tree/main/sdk/typescript",
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  }
+}