canary-kit 0.9.0

package/dist/session.js

@@ -0,0 +1,173 @@
+import { hmacSha256, hexToBytes, concatBytes } from './crypto.js';
+import { MAX_TOLERANCE, deriveToken, verifyToken, deriveDirectionalPair, } from './token.js';
+const encoder = new TextEncoder();
+/**
+ * Generate a cryptographically secure 256-bit seed.
+ * Uses the global `crypto.getRandomValues` (Web Crypto API).
+ *
+ * @returns A 32-byte Uint8Array containing cryptographically secure random bytes.
+ */
+export function generateSeed() {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    return bytes;
+}
+/**
+ * Derive a seed deterministically from a master key and string components.
+ *
+ * Algorithm: HMAC-SHA256(masterKey, utf8(components[0]) || 0x00 || utf8(components[1]) || ...)
+ *
+ * Null-byte separators prevent concatenation ambiguity.
+ *
+ * @param masterKey - Master key (hex string or Uint8Array, minimum 16 bytes).
+ * @param components - One or more string components for domain separation.
+ * @returns A deterministic 32-byte seed derived via HMAC-SHA256.
+ * @throws {RangeError} If master key is shorter than 16 bytes.
+ */
+export function deriveSeed(masterKey, ...components) {
+    const key = typeof masterKey === 'string' ? hexToBytes(masterKey) : masterKey;
+    if (key.length < 16) {
+        throw new RangeError(`Master key must be at least 16 bytes, got ${key.length}`);
+    }
+    const parts = [];
+    for (let i = 0; i < components.length; i++) {
+        if (i > 0)
+            parts.push(new Uint8Array([0x00]));
+        parts.push(encoder.encode(components[i]));
+    }
+    return hmacSha256(key, concatBytes(...parts));
+}
+/**
+ * Built-in session presets for directional verification.
+ *
+ * | Preset    | Words | Rotation   | Tolerance | Use case                     |
+ * |-----------|-------|------------|-----------|------------------------------|
+ * | `call`    | 1     | 30 seconds | 1         | Phone verification           |
+ * | `handoff` | 1     | single-use | 0         | Physical handoff (rideshare) |
+ */
+export const SESSION_PRESETS = Object.freeze({
+    call: Object.freeze({
+        wordCount: 1,
+        rotationSeconds: 30,
+        tolerance: 1,
+        directional: true,
+        description: 'Phone verification for insurance, banking, and call centres. ' +
+            'Single word with 30-second rotation. Deepfake-proof — cloning a voice ' +
+            'does not help derive the current word.',
+    }),
+    handoff: Object.freeze({
+        wordCount: 1,
+        rotationSeconds: 0,
+        tolerance: 0,
+        directional: true,
+        description: 'Physical handoff verification for rideshare, delivery, and task completion. ' +
+            'Single-use token per event. No time dependency — counter is the task/event ID.',
+    }),
+});
+/**
+ * Create a directional verification session.
+ *
+ * Wraps the low-level token API with role awareness, time management,
+ * and optional duress detection.
+ *
+ * @param config - Session configuration including secret, namespace, roles, and optional preset.
+ * @returns A {@link Session} object with `myToken()`, `theirToken()`, `verify()`, `counter()`, and `pair()` methods.
+ * @throws {Error} If namespace is empty or contains null bytes, roles are invalid, or myRole is not in roles.
+ *
+ * @example
+ * ```ts
+ * const session = createSession({
+ *   secret: sharedSeed,
+ *   namespace: 'aviva',
+ *   roles: ['caller', 'agent'],
+ *   myRole: 'agent',
+ *   preset: 'call',
+ * })
+ * session.myToken()     // word I speak
+ * session.theirToken()  // word I expect to hear
+ * ```
+ */
+export function createSession(config) {
+    const preset = config.preset ? SESSION_PRESETS[config.preset] : undefined;
+    const rotationSeconds = config.rotationSeconds ?? preset?.rotationSeconds ?? 30;
+    const tolerance = config.tolerance ?? preset?.tolerance ?? 0;
+    const wordCount = preset?.wordCount ?? 1;
+    const encoding = config.encoding ?? { format: 'words', count: wordCount };
+    if (!config.namespace) {
+        throw new Error('namespace must be a non-empty string');
+    }
+    if (config.namespace.includes('\0')) {
+        throw new Error('namespace must not contain null bytes');
+    }
+    if (!config.roles[0] || !config.roles[1]) {
+        throw new Error('Both roles must be non-empty strings');
+    }
+    if (config.roles[0].includes('\0') || config.roles[1].includes('\0')) {
+        throw new Error('Roles must not contain null bytes');
+    }
+    if (config.roles[0] === config.roles[1]) {
+        throw new Error(`Roles must be distinct, got ["${config.roles[0]}", "${config.roles[1]}"]`);
+    }
+    if (config.myRole !== config.roles[0] && config.myRole !== config.roles[1]) {
+        throw new Error(`myRole "${config.myRole}" is not one of the configured roles ["${config.roles[0]}", "${config.roles[1]}"]`);
+    }
+    if (!Number.isInteger(rotationSeconds) || rotationSeconds < 0) {
+        throw new RangeError(`rotationSeconds must be a non-negative integer, got ${rotationSeconds}`);
+    }
+    if (!Number.isInteger(tolerance) || tolerance < 0) {
+        throw new RangeError(`tolerance must be a non-negative integer, got ${tolerance}`);
+    }
+    if (tolerance > MAX_TOLERANCE) {
+        throw new RangeError(`tolerance must be <= ${MAX_TOLERANCE}, got ${tolerance}`);
+    }
+    if (rotationSeconds === 0 && config.counter === undefined) {
+        throw new Error('Fixed counter mode (rotationSeconds=0) requires config.counter');
+    }
+    if (rotationSeconds === 0 && config.counter !== undefined) {
+        if (!Number.isInteger(config.counter) || config.counter < 0 || config.counter > 0xFFFFFFFF) {
+            throw new RangeError(`counter must be an integer 0–${0xFFFFFFFF}, got ${config.counter}`);
+        }
+    }
+    if (rotationSeconds > 0 && config.counter !== undefined) {
+        throw new Error('counter must not be set when rotationSeconds > 0 (counter is derived from time)');
+    }
+    const secret = typeof config.secret === 'string' ? hexToBytes(config.secret) : config.secret;
+    const theirRole = config.roles[0] === config.myRole ? config.roles[1] : config.roles[0];
+    // Use null-byte separator to match deriveDirectionalPair and prevent
+    // concatenation ambiguity (e.g. namespace "a:b" + role "c" vs "a" + "b:c")
+    const myContext = `${config.namespace}\0${config.myRole}`;
+    const theirContext = `${config.namespace}\0${theirRole}`;
+    const isFixedCounter = rotationSeconds === 0;
+    function getCounter(nowSec) {
+        if (isFixedCounter) {
+            if (config.counter === undefined) {
+                throw new Error('Fixed counter mode (rotationSeconds=0) requires config.counter');
+            }
+            return config.counter;
+        }
+        const t = nowSec ?? Math.floor(Date.now() / 1000);
+        return Math.floor(t / rotationSeconds);
+    }
+    return {
+        counter: getCounter,
+        myToken(nowSec) {
+            return deriveToken(secret, myContext, getCounter(nowSec), encoding);
+        },
+        theirToken(nowSec) {
+            return deriveToken(secret, theirContext, getCounter(nowSec), encoding);
+        },
+        verify(spoken, nowSec) {
+            const identities = [];
+            if (config.theirIdentity)
+                identities.push(config.theirIdentity);
+            return verifyToken(secret, theirContext, getCounter(nowSec), spoken, identities, {
+                encoding,
+                tolerance,
+            });
+        },
+        pair(nowSec) {
+            return deriveDirectionalPair(secret, config.namespace, config.roles, getCounter(nowSec), encoding);
+        },
+    };
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACjE,OAAO,EACL,aAAa,EACb,WAAW,EACX,WAAW,EACX,qBAAqB,GAGtB,MAAM,YAAY,CAAA;AAGnB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;AAEjC;;;;;GAKG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAChC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAC7B,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CACxB,SAA8B,EAC9B,GAAG,UAAoB;IAEvB,MAAM,GAAG,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAC7E,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpB,MAAM,IAAI,UAAU,CAAC,6CAA6C,GAAG,CAAC,MAAM,EAAE,CAAC,CAAA;IACjF,CAAC;IACD,MAAM,KAAK,GAAiB,EAAE,CAAA;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,IAAI,CAAC,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC7C,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAC3C,CAAC;IACD,OAAO,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAA;AAC/C,CAAC;AAmBD;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,eAAe,GAAiE,MAAM,CAAC,MAAM,CAAC;IACzG,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC;QAClB,SAAS,EAAE,CAAC;QACZ,eAAe,EAAE,EAAE;QACnB,SAAS,EAAE,CAAC;QACZ,WAAW,EAAE,IAAI;QACjB,WAAW,EACT,+DAA+D;YAC/D,wEAAwE;YACxE,wCAAwC;KAC3C,CAAC;IACF,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC;QACrB,SAAS,EAAE,CAAC;QACZ,eAAe,EAAE,CAAC;QAClB,SAAS,EAAE,CAAC;QACZ,WAAW,EAAE,IAAI;QACjB,WAAW,EACT,8EAA8E;YAC9E,gFAAgF;KACnF,CAAC;CACH,CAAC,CAAA;AA+CF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,aAAa,CAAC,MAAqB;IACjD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACzE,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,EAAE,eAAe,IAAI,EAAE,CAAA;IAC/E,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,EAAE,SAAS,IAAI,CAAC,CAAA;IAC5D,MAAM,SAAS,GAAG,MAAM,EAAE,SAAS,IAAI,CAAC,CAAA;IACxC,MAAM,QAAQ,GAAkB,MAAM,CAAC,QAAQ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAExF,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAA;IAC1D,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;IACtD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;IAC7F,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,WAAW,MAAM,CAAC,MAAM,0CAA0C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;IAC9H,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,UAAU,CAAC,uDAAuD,eAAe,EAAE,CAAC,CAAA;IAChG,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,UAAU,CAAC,iDAAiD,SAAS,EAAE,CAAC,CAAA;IACpF,CAAC;IACD,IAAI,SAAS,GAAG,aAAa,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,wBAAwB,aAAa,SAAS,SAAS,EAAE,CAAC,CAAA;IACjF,CAAC;IACD,IAAI,eAAe,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;IACnF,CAAC;IACD,IAAI,eAAe,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1D,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,GAAG,UAAU,EAAE,CAAC;YAC3F,MAAM,IAAI,UAAU,CAAC,gCAAgC,UAAU,SAAS,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;QAC3F,CAAC;IACH,CAAC;IACD,IAAI,eAAe,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAA;IACpG,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAA;IAC5F,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IACvF,qEAAqE;IACrE,2EAA2E;IAC3E,MAAM,SAAS,GAAG,GAAG,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,MAAM,EAAE,CAAA;IACzD,MAAM,YAAY,GAAG,GAAG,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAA;IAExD,MAAM,cAAc,GAAG,eAAe,KAAK,CAAC,CAAA;IAE5C,SAAS,UAAU,CAAC,MAAe;QACjC,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;YACnF,CAAC;YACD,OAAO,MAAM,CAAC,OAAO,CAAA;QACvB,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,eAAe,CAAC,CAAA;IACxC,CAAC;IAED,OAAO;QACL,OAAO,EAAE,UAAU;QAEnB,OAAO,CAAC,MAAe;YACrB,OAAO,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAA;QACrE,CAAC;QAED,UAAU,CAAC,MAAe;YACxB,OAAO,WAAW,CAAC,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,CAAC,MAAc,EAAE,MAAe;YACpC,MAAM,UAAU,GAAa,EAAE,CAAA;YAC/B,IAAI,MAAM,CAAC,aAAa;gBAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;YAC/D,OAAO,WAAW,CAAC,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE;gBAC/E,QAAQ;gBACR,SAAS;aACV,CAAC,CAAA;QACJ,CAAC;QAED,IAAI,CAAC,MAAe;YAClB,OAAO,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAA;QACpG,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/sync-crypto.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Group key derivation and envelope encryption for CANARY sync.
+ *
+ * All functions are zero-dependency and use only the Web Crypto API (crypto.subtle)
+ * together with the pure-JS primitives in ./crypto.ts.
+ */
+/**
+ * Derive a 32-byte symmetric group key from a seed.
+ *
+ * `HMAC-SHA256(hex_to_bytes(seed), utf8("canary:sync:key"))`
+ *
+ * @param seedHex - Group seed as a 64-character lowercase hex string (32 bytes).
+ * @returns 32-byte AES-256 group key for envelope encryption.
+ * @throws {Error} If seedHex is not a valid 64-character hex string.
+ */
+export declare function deriveGroupKey(seedHex: string): Uint8Array;
+/**
+ * Encrypt a plaintext string with AES-256-GCM using the provided group key.
+ *
+ * Returns `base64(IV || ciphertext || auth_tag)` where IV is a random 12-byte nonce.
+ *
+ * @param groupKey - 32-byte AES-256 key from {@link deriveGroupKey}.
+ * @param plaintext - UTF-8 string to encrypt.
+ * @returns Base64-encoded ciphertext (12-byte IV prepended to AES-GCM output).
+ * @throws {Error} If groupKey is not 32 bytes.
+ */
+export declare function encryptEnvelope(groupKey: Uint8Array, plaintext: string): Promise<string>;
+/**
+ * Decrypt an envelope produced by `encryptEnvelope`.
+ *
+ * Expects `base64(IV || ciphertext || auth_tag)`.
+ * Throws on authentication failure (wrong key or tampered data).
+ *
+ * @param groupKey - 32-byte AES-256 key from {@link deriveGroupKey}.
+ * @param encoded - Base64-encoded ciphertext from {@link encryptEnvelope}.
+ * @returns Decrypted plaintext string.
+ * @throws {Error} If groupKey is not 32 bytes, data is too short, or decryption fails.
+ */
+export declare function decryptEnvelope(groupKey: Uint8Array, encoded: string): Promise<string>;
+/**
+ * Derive a 32-byte signing key for a participant within a group.
+ *
+ * `HMAC-SHA256(hex_to_bytes(seed), utf8("canary:sync:sign:") || hex_to_bytes(personalPrivkey))`
+ *
+ * Binding the personal private key ensures that each participant's signing
+ * identity is unique within the group, even across reseed events.
+ *
+ * @param seedHex - Group seed as a 64-character lowercase hex string (32 bytes).
+ * @param personalPrivkeyHex - Participant's private key as a 64-character lowercase hex string.
+ * @returns 32-byte signing key unique to this participant within this group epoch.
+ * @throws {Error} If seedHex or personalPrivkeyHex are not valid 64-character hex strings.
+ */
+export declare function deriveGroupSigningKey(seedHex: string, personalPrivkeyHex: string): Uint8Array;
+/**
+ * Hash a group ID to produce a privacy-preserving public tag.
+ *
+ * `hex(SHA256(utf8(groupId)))` — returns a 64-character lowercase hex string.
+ *
+ * Publishing the hash rather than the group ID prevents observers from
+ * correlating events to a known group name.
+ *
+ * @param groupId - The group identifier string.
+ * @returns 64-character lowercase hex string (SHA-256 hash of the group ID).
+ */
+export declare function hashGroupTag(groupId: string): string;
+//# sourceMappingURL=sync-crypto.d.ts.map

package/dist/sync-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync-crypto.d.ts","sourceRoot":"","sources":["../src/sync-crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAmCH;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,CAG1D;AAID;;;;;;;;;GASG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAqB9F;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgC5F;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,GAAG,UAAU,CAO7F;AAID;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEpD"}

package/dist/sync-crypto.js

@@ -0,0 +1,125 @@
+/**
+ * Group key derivation and envelope encryption for CANARY sync.
+ *
+ * All functions are zero-dependency and use only the Web Crypto API (crypto.subtle)
+ * together with the pure-JS primitives in ./crypto.ts.
+ */
+import { hmacSha256, sha256, hexToBytes, bytesToBase64, base64ToBytes, bytesToHex, concatBytes, } from './crypto.js';
+// ── Helpers ───────────────────────────────────────────────────────────────────
+/** Encode a UTF-8 string as a Uint8Array. */
+function utf8(str) {
+    return new TextEncoder().encode(str);
+}
+const HEX_64_RE = /^[0-9a-f]{64}$/;
+function validateSeedHex(seedHex) {
+    if (!HEX_64_RE.test(seedHex)) {
+        throw new Error('seedHex must be a 64-character lowercase hex string (32 bytes)');
+    }
+}
+function validateAesKey(key) {
+    if (key.length !== 32) {
+        throw new Error('AES-256-GCM requires a 32-byte key');
+    }
+}
+// ── Task 1: Group key derivation ──────────────────────────────────────────────
+/**
+ * Derive a 32-byte symmetric group key from a seed.
+ *
+ * `HMAC-SHA256(hex_to_bytes(seed), utf8("canary:sync:key"))`
+ *
+ * @param seedHex - Group seed as a 64-character lowercase hex string (32 bytes).
+ * @returns 32-byte AES-256 group key for envelope encryption.
+ * @throws {Error} If seedHex is not a valid 64-character hex string.
+ */
+export function deriveGroupKey(seedHex) {
+    validateSeedHex(seedHex);
+    return hmacSha256(hexToBytes(seedHex), utf8('canary:sync:key'));
+}
+// ── Task 1: Envelope encryption ───────────────────────────────────────────────
+/**
+ * Encrypt a plaintext string with AES-256-GCM using the provided group key.
+ *
+ * Returns `base64(IV || ciphertext || auth_tag)` where IV is a random 12-byte nonce.
+ *
+ * @param groupKey - 32-byte AES-256 key from {@link deriveGroupKey}.
+ * @param plaintext - UTF-8 string to encrypt.
+ * @returns Base64-encoded ciphertext (12-byte IV prepended to AES-GCM output).
+ * @throws {Error} If groupKey is not 32 bytes.
+ */
+export async function encryptEnvelope(groupKey, plaintext) {
+    validateAesKey(groupKey);
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const cryptoKey = await crypto.subtle.importKey('raw', groupKey, { name: 'AES-GCM' }, false, ['encrypt']);
+    const ciphertextBuf = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, cryptoKey, utf8(plaintext));
+    // Web Crypto returns ciphertext || auth_tag concatenated; prepend IV.
+    const combined = concatBytes(iv, new Uint8Array(ciphertextBuf));
+    return bytesToBase64(combined);
+}
+/**
+ * Decrypt an envelope produced by `encryptEnvelope`.
+ *
+ * Expects `base64(IV || ciphertext || auth_tag)`.
+ * Throws on authentication failure (wrong key or tampered data).
+ *
+ * @param groupKey - 32-byte AES-256 key from {@link deriveGroupKey}.
+ * @param encoded - Base64-encoded ciphertext from {@link encryptEnvelope}.
+ * @returns Decrypted plaintext string.
+ * @throws {Error} If groupKey is not 32 bytes, data is too short, or decryption fails.
+ */
+export async function decryptEnvelope(groupKey, encoded) {
+    validateAesKey(groupKey);
+    const combined = base64ToBytes(encoded);
+    // 12-byte IV + 16-byte GCM auth tag = 28 bytes minimum (matching beacon.ts)
+    if (combined.length < 28) {
+        throw new Error('decryptEnvelope: encoded data too short (minimum 28 bytes: 12-byte IV + 16-byte GCM tag)');
+    }
+    const iv = combined.slice(0, 12);
+    const ciphertextWithTag = combined.slice(12);
+    const cryptoKey = await crypto.subtle.importKey('raw', groupKey, { name: 'AES-GCM' }, false, ['decrypt']);
+    let plaintextBuf;
+    try {
+        plaintextBuf = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, cryptoKey, ciphertextWithTag);
+    }
+    catch {
+        throw new Error('decryptEnvelope: decryption failed — wrong key or tampered data');
+    }
+    return new TextDecoder().decode(plaintextBuf);
+}
+// ── Task 2: Per-group derived signing identity ────────────────────────────────
+/**
+ * Derive a 32-byte signing key for a participant within a group.
+ *
+ * `HMAC-SHA256(hex_to_bytes(seed), utf8("canary:sync:sign:") || hex_to_bytes(personalPrivkey))`
+ *
+ * Binding the personal private key ensures that each participant's signing
+ * identity is unique within the group, even across reseed events.
+ *
+ * @param seedHex - Group seed as a 64-character lowercase hex string (32 bytes).
+ * @param personalPrivkeyHex - Participant's private key as a 64-character lowercase hex string.
+ * @returns 32-byte signing key unique to this participant within this group epoch.
+ * @throws {Error} If seedHex or personalPrivkeyHex are not valid 64-character hex strings.
+ */
+export function deriveGroupSigningKey(seedHex, personalPrivkeyHex) {
+    validateSeedHex(seedHex);
+    if (!/^[0-9a-f]{64}$/.test(personalPrivkeyHex)) {
+        throw new Error('personalPrivkeyHex must be a 64-character lowercase hex string (32 bytes)');
+    }
+    const data = concatBytes(utf8('canary:sync:sign:'), hexToBytes(personalPrivkeyHex));
+    return hmacSha256(hexToBytes(seedHex), data);
+}
+// ── Task 2: Hashed group tag ──────────────────────────────────────────────────
+/**
+ * Hash a group ID to produce a privacy-preserving public tag.
+ *
+ * `hex(SHA256(utf8(groupId)))` — returns a 64-character lowercase hex string.
+ *
+ * Publishing the hash rather than the group ID prevents observers from
+ * correlating events to a known group name.
+ *
+ * @param groupId - The group identifier string.
+ * @returns 64-character lowercase hex string (SHA-256 hash of the group ID).
+ */
+export function hashGroupTag(groupId) {
+    return bytesToHex(sha256(utf8(groupId)));
+}
+//# sourceMappingURL=sync-crypto.js.map

package/dist/sync-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync-crypto.js","sourceRoot":"","sources":["../src/sync-crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,UAAU,EACV,MAAM,EACN,UAAU,EACV,aAAa,EACb,aAAa,EACb,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAA;AAEpB,iFAAiF;AAEjF,6CAA6C;AAC7C,SAAS,IAAI,CAAC,GAAW;IACvB,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;AACtC,CAAC;AAED,MAAM,SAAS,GAAG,gBAAgB,CAAA;AAElC,SAAS,eAAe,CAAC,OAAe;IACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;IACnF,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAe;IACrC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,eAAe,CAAC,OAAO,CAAC,CAAA;IACxB,OAAO,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAA;AACjE,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,QAAoB,EAAE,SAAiB;IAC3E,cAAc,CAAC,QAAQ,CAAC,CAAA;IACxB,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAErD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,QAAwB,EACxB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAA;IAED,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC/C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,SAAS,EACT,IAAI,CAAC,SAAS,CAAiB,CAChC,CAAA;IAED,sEAAsE;IACtE,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,EAAE,IAAI,UAAU,CAAC,aAAa,CAAC,CAAC,CAAA;IAC/D,OAAO,aAAa,CAAC,QAAQ,CAAC,CAAA;AAChC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,QAAoB,EAAE,OAAe;IACzE,cAAc,CAAC,QAAQ,CAAC,CAAA;IACxB,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;IAEvC,4EAA4E;IAC5E,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAA;IAC7G,CAAC;IAED,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAChC,MAAM,iBAAiB,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAA;IAE5C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,QAAwB,EACxB,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAA;IAED,IAAI,YAAyB,CAAA;IAC7B,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CACxC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EACvB,SAAS,EACT,iBAAiC,CAClC,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAA;IACpF,CAAC;IAED,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;AAC/C,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe,EAAE,kBAA0B;IAC/E,eAAe,CAAC,OAAO,CAAC,CAAA;IACxB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAA;IAC9F,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,EAAE,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAA;IACnF,OAAO,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,CAAA;AAC9C,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;AAC1C,CAAC"}

package/dist/sync.d.ts

@@ -0,0 +1,191 @@
+export { deriveGroupKey, deriveGroupSigningKey, hashGroupTag, encryptEnvelope, decryptEnvelope } from './sync-crypto.js';
+import type { GroupState } from './group.js';
+/** A typed, serialisable description of a group state change. */
+export type SyncMessage = {
+    type: 'member-join';
+    pubkey: string;
+    displayName?: string;
+    timestamp: number;
+    epoch: number;
+    opId: string;
+    protocolVersion?: number;
+} | {
+    type: 'member-leave';
+    pubkey: string;
+    timestamp: number;
+    epoch: number;
+    opId: string;
+    protocolVersion?: number;
+} | {
+    type: 'counter-advance';
+    counter: number;
+    usageOffset: number;
+    timestamp: number;
+    protocolVersion?: number;
+} | {
+    type: 'reseed';
+    seed: Uint8Array;
+    counter: number;
+    timestamp: number;
+    epoch: number;
+    opId: string;
+    admins: string[];
+    members: string[];
+    protocolVersion?: number;
+} | {
+    type: 'beacon';
+    lat: number;
+    lon: number;
+    accuracy: number;
+    timestamp: number;
+    opId: string;
+    protocolVersion?: number;
+} | {
+    type: 'duress-alert';
+    lat: number;
+    lon: number;
+    timestamp: number;
+    opId: string;
+    subject?: string;
+    protocolVersion?: number;
+} | {
+    type: 'duress-clear';
+    subject: string;
+    timestamp: number;
+    opId: string;
+    protocolVersion?: number;
+} | {
+    type: 'liveness-checkin';
+    pubkey: string;
+    timestamp: number;
+    opId: string;
+    protocolVersion?: number;
+}
+/** WARNING: seed is a plaintext hex string. This message type MUST be sent inside an encrypted
+ *  envelope (NIP-44 or AES-GCM via sync-crypto). Callers MUST NOT log SyncMessage objects
+ *  containing state-snapshot data, as the seed field would be exposed in plaintext. */
+ | {
+    type: 'state-snapshot';
+    seed: string;
+    counter: number;
+    usageOffset: number;
+    members: string[];
+    admins: string[];
+    epoch: number;
+    opId: string;
+    timestamp: number;
+    prevEpochSeed?: string;
+    protocolVersion?: number;
+};
+/**
+ * Message types that mutate group state or are safety-critical.
+ * These MUST be delivered to offline devices — use a stored event kind.
+ * Fire-and-forget messages (beacons, liveness) use ephemeral kinds.
+ */
+export declare const STORED_MESSAGE_TYPES: Set<string>;
+/** Maximum age (in seconds) for fire-and-forget messages before they are dropped. */
+export declare const FIRE_AND_FORGET_FRESHNESS_SEC = 300;
+/** Maximum allowed future skew (in seconds) for fire-and-forget timestamps. */
+export declare const MAX_FUTURE_SKEW_SEC = 60;
+/** Current protocol version. Bump on any breaking wire format change. */
+export declare const PROTOCOL_VERSION = 2;
+/**
+ * Encode a sync message as a JSON string for transport.
+ * Binary fields (seed) are hex-encoded for safe JSON round-tripping.
+ *
+ * @param msg - The sync message to serialise.
+ * @returns JSON string with protocolVersion injected and binary fields hex-encoded.
+ */
+export declare function encodeSyncMessage(msg: SyncMessage): string;
+/**
+ * Recursively produce a JSON string with sorted keys and no whitespace.
+ * Handles nested objects, arrays (elements stringified recursively), and
+ * all JSON-safe primitives. Used for deterministic signing (H2).
+ *
+ * @param value - Any JSON-serialisable value (null, boolean, number, string, array, or plain object).
+ * @returns Deterministic JSON string with sorted keys and no whitespace.
+ * @throws {Error} If value contains a Uint8Array (must be hex-encoded first) or unsupported type.
+ */
+export declare function stableStringify(value: unknown): string;
+/**
+ * Return the canonical string representation of a sync message for signing.
+ * Keys are sorted recursively, no whitespace. Binary fields are hex-encoded.
+ * The message's protocolVersion field is preserved as-is — the send side
+ * (encodeSyncMessage) is responsible for injecting PROTOCOL_VERSION before
+ * both encode and sign, so the canonical bytes always reflect the actual
+ * wire value. This is the format that inner signatures are computed over (H2).
+ *
+ * @param msg - The sync message to canonicalise.
+ * @returns Deterministic JSON string with sorted keys and no whitespace.
+ */
+export declare function canonicaliseSyncMessage(msg: SyncMessage): string;
+/**
+ * Decode a sync message from a JSON string.
+ * Throws on invalid or unrecognised messages.
+ *
+ * @param payload - JSON string to decode.
+ * @returns Validated {@link SyncMessage} with correct types (e.g. reseed.seed as Uint8Array).
+ * @throws {Error} If JSON is invalid, message type is unrecognised, required fields are missing, or protocolVersion does not match.
+ */
+export declare function decodeSyncMessage(payload: string): SyncMessage;
+/**
+ * Apply a sync message to group state.
+ * Returns a new GroupState with the change applied.
+ * Beacons and duress alerts don't modify group state (fire-and-forget).
+ *
+ * Authority invariants (I1-I6) are enforced for privileged actions.
+ * Privileged actions without a sender are rejected (fail-closed).
+ *
+ * @param group - Current group state.
+ * @param msg - The sync message to apply.
+ * @param nowSec - Current unix timestamp in seconds (default: `Date.now() / 1000`).
+ * @param sender - Hex pubkey of the message sender (required for privileged actions).
+ * @returns New group state with the change applied, or unchanged state if rejected.
+ */
+export declare function applySyncMessage(group: GroupState, msg: SyncMessage, nowSec?: number, sender?: string): GroupState;
+/** Result of applying a sync message, including whether it was accepted or rejected. */
+export interface SyncApplyResult {
+    /** The resulting group state (unchanged if rejected). */
+    state: GroupState;
+    /** Whether the message was applied to the group state. */
+    applied: boolean;
+}
+/**
+ * Apply a sync message and return a result indicating whether it was accepted.
+ *
+ * Unlike `applySyncMessage` which silently returns unchanged state on rejection,
+ * this function tells the caller whether the message was actually applied —
+ * enabling logging, alerting, and debugging of rejected messages.
+ *
+ * Fire-and-forget messages (beacon, duress-alert, liveness-checkin) always
+ * return `applied: true` when they pass freshness checks, even though they
+ * don't modify group state.
+ *
+ * @param group - Current group state.
+ * @param msg - The sync message to apply.
+ * @param nowSec - Current unix timestamp in seconds (default: `Date.now() / 1000`).
+ * @param sender - Hex pubkey of the message sender (required for privileged actions).
+ * @returns `{ state, applied }` where `applied` indicates whether the message was accepted.
+ */
+export declare function applySyncMessageWithResult(group: GroupState, msg: SyncMessage, nowSec?: number, sender?: string): SyncApplyResult;
+/** Minimal interface any sync transport must implement. */
+export interface SyncTransport {
+    /** Send a sync message to all group members. */
+    send(groupId: string, message: SyncMessage, recipients?: string[]): Promise<void>;
+    /** Subscribe to incoming messages for a group. Returns an unsubscribe function. */
+    subscribe(groupId: string, onMessage: (msg: SyncMessage, sender: string) => void): () => void;
+    /** Clean up all connections. */
+    disconnect(): void;
+}
+/** Abstracts event signing and NIP-44 encryption for any transport that needs it. */
+export interface EventSigner {
+    /** The signer's public key (hex). */
+    pubkey: string;
+    /** Sign an unsigned event. Parameter and return are `unknown` to avoid coupling to any specific event library's types. */
+    sign(event: unknown): Promise<unknown>;
+    /** NIP-44 encrypt plaintext for a recipient. */
+    encrypt(plaintext: string, recipientPubkey: string): Promise<string>;
+    /** NIP-44 decrypt ciphertext from a sender. */
+    decrypt(ciphertext: string, senderPubkey: string): Promise<string>;
+}
+//# sourceMappingURL=sync.d.ts.map

package/dist/sync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../src/sync.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAGxH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAK5C,iEAAiE;AACjE,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GACvI;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAClH;IAAE,IAAI,EAAE,iBAAiB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9G;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GACpK;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GACzH;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAC/H;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GACpG;IAAE,IAAI,EAAE,kBAAkB,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE;AACzG;;uFAEuF;GACrF;IAAE,IAAI,EAAE,gBAAgB,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,CAAA;AAOzN;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,aAG/B,CAAA;AASF,qFAAqF;AACrF,eAAO,MAAM,6BAA6B,MAAM,CAAA;AAEhD,+EAA+E;AAC/E,eAAO,MAAM,mBAAmB,KAAK,CAAA;AAqBrC,yEAAyE;AACzE,eAAO,MAAM,gBAAgB,IAAI,CAAA;AAYjC;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,WAAW,GAAG,MAAM,CAO1D;AAED;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAmBtD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,WAAW,GAAG,MAAM,CAMhE;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CA6L9D;AAoBD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,WAAW,EAChB,MAAM,GAAE,MAAsC,EAC9C,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAuMZ;AAED,wFAAwF;AACxF,MAAM,WAAW,eAAe;IAC9B,yDAAyD;IACzD,KAAK,EAAE,UAAU,CAAA;IACjB,0DAA0D;IAC1D,OAAO,EAAE,OAAO,CAAA;CACjB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,WAAW,EAChB,MAAM,GAAE,MAAsC,EAC9C,MAAM,CAAC,EAAE,MAAM,GACd,eAAe,CAYjB;AAID,2DAA2D;AAC3D,MAAM,WAAW,aAAa;IAC5B,gDAAgD;IAChD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjF,mFAAmF;IACnF,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,CAAA;IAC7F,gCAAgC;IAChC,UAAU,IAAI,IAAI,CAAA;CACnB;AAID,qFAAqF;AACrF,MAAM,WAAW,WAAW;IAC1B,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAA;IACd,0HAA0H;IAC1H,IAAI,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACtC,gDAAgD;IAChD,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpE,+CAA+C;IAC/C,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;CACnE"}