claim169 0.1.0-alpha

package/README.md

@@ -0,0 +1,392 @@
+# claim169
+
+> **Alpha Software**: This library is under active development. APIs may change without notice. Not recommended for production use without thorough testing.
+
+[![npm](https://img.shields.io/npm/v/claim169.svg)](https://www.npmjs.com/package/claim169)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+A TypeScript/JavaScript library for decoding MOSIP Claim 169 QR codes. Built on Rust/WebAssembly for performance and security.
+
+## Installation
+
+```bash
+npm install claim169
+```
+
+## Overview
+
+MOSIP Claim 169 defines a standard for encoding identity data in QR codes using:
+- CBOR encoding with numeric keys for compactness
+- CWT (CBOR Web Token) for standard claims
+- COSE_Sign1 for digital signatures
+- COSE_Encrypt0 for optional encryption
+- zlib compression + Base45 encoding for QR-friendly output
+
+## Quick Start
+
+### Builder Pattern (Recommended)
+
+```typescript
+import { Decoder } from 'claim169';
+
+// Decode with Ed25519 signature verification (recommended)
+const publicKey = new Uint8Array(32);  // Your 32-byte public key
+const result = new Decoder(qrText)
+  .verifyWithEd25519(publicKey)
+  .decode();
+
+console.log(`ID: ${result.claim169.id}`);
+console.log(`Name: ${result.claim169.fullName}`);
+console.log(`Issuer: ${result.cwtMeta.issuer}`);
+console.log(`Verified: ${result.verificationStatus}`);  // "verified"
+
+// Decode without verification (testing only)
+const result = new Decoder(qrText)
+  .allowUnverified()
+  .decode();
+```
+
+### `decode()` Convenience Function
+
+> **Security note**: `decode()` requires a verification key unless you explicitly set `allowUnverified: true` (testing only). Use the `Decoder` builder API in production.
+
+```typescript
+import { decode, type DecodeOptions } from 'claim169';
+
+// Simple decode (testing only)
+const result = decode(qrText, { allowUnverified: true });
+
+// With options
+const options: DecodeOptions = {
+  maxDecompressedBytes: 32768,  // 32KB limit
+  skipBiometrics: true,         // Skip biometric parsing
+  validateTimestamps: false,    // Disabled by default in WASM
+  allowUnverified: true,        // Explicit opt-out (testing only)
+};
+
+const result = decode(qrText, options);
+```
+
+## Decoder Class
+
+The `Decoder` class provides a fluent builder API:
+
+```typescript
+import { Decoder } from 'claim169';
+
+// Decode with Ed25519 verification
+const result = new Decoder(qrText)
+  .verifyWithEd25519(publicKey)
+  .decode();
+
+// Decode with ECDSA P-256 verification
+const result = new Decoder(qrText)
+  .verifyWithEcdsaP256(publicKey)  // 33 or 65 bytes SEC1 encoded
+  .decode();
+
+// Decrypt then verify (for encrypted credentials)
+const result = new Decoder(qrText)
+  .decryptWithAes256(aesKey)
+  .verifyWithEd25519(publicKey)
+  .decode();
+
+// With additional options
+const result = new Decoder(qrText)
+  .verifyWithEd25519(publicKey)
+  .skipBiometrics()              // Skip biometric data
+  .withTimestampValidation()     // Enable timestamp validation
+  .clockSkewTolerance(60)        // 60 seconds tolerance
+  .maxDecompressedBytes(32768)   // 32KB max size
+  .decode();
+```
+
+### Decoder Methods
+
+| Method | Description |
+|--------|-------------|
+| `verifyWithEd25519(publicKey)` | Verify with Ed25519 (32 bytes) |
+| `verifyWithEcdsaP256(publicKey)` | Verify with ECDSA P-256 (33 or 65 bytes) |
+| `decryptWithAes256(key)` | Decrypt with AES-256-GCM (32 bytes) |
+| `decryptWithAes128(key)` | Decrypt with AES-128-GCM (16 bytes) |
+| `allowUnverified()` | Skip verification (testing only) |
+| `skipBiometrics()` | Skip biometric data parsing |
+| `withTimestampValidation()` | Enable exp/nbf validation |
+| `clockSkewTolerance(seconds)` | Set clock skew tolerance |
+| `maxDecompressedBytes(bytes)` | Set max decompressed size |
+| `decode()` | Execute the decode operation |
+
+## Encoding
+
+The `Encoder` class creates MOSIP Claim 169 QR code data from identity information.
+In production, keys should be provisioned and managed externally (HSM/KMS or secure key management). The examples below assume you already have key material.
+
+```typescript
+import { Encoder, Decoder, Claim169Input, CwtMetaInput, generateNonce } from 'claim169';
+
+// Create identity data
+const claim169: Claim169Input = {
+  id: "123456789",
+  fullName: "John Doe",
+  dateOfBirth: "1990-01-15",
+  gender: 1,  // Male
+};
+
+// Create CWT metadata
+const cwtMeta: CwtMetaInput = {
+  issuer: "https://issuer.example.com",
+  expiresAt: 1800000000,
+};
+
+// Encode with Ed25519 signature
+const privateKey = new Uint8Array(32);  // Your 32-byte private key
+const qrData = new Encoder(claim169, cwtMeta)
+  .signWithEd25519(privateKey)
+  .encode();
+
+// Encode with signature and AES-256 encryption
+const aesKey = new Uint8Array(32);  // Your 32-byte AES key
+const qrData = new Encoder(claim169, cwtMeta)
+  .signWithEd25519(privateKey)
+  .encryptWithAes256(aesKey)
+  .encode();
+
+// Unsigned (testing only)
+const qrData = new Encoder(claim169, cwtMeta)
+  .allowUnsigned()
+  .encode();
+```
+
+### Encoder Methods
+
+| Method | Description |
+|--------|-------------|
+| `signWithEd25519(privateKey)` | Sign with Ed25519 |
+| `signWithEcdsaP256(privateKey)` | Sign with ECDSA P-256 |
+| `encryptWithAes256(key)` | Encrypt with AES-256-GCM |
+| `encryptWithAes128(key)` | Encrypt with AES-128-GCM |
+| `allowUnsigned()` | Allow unsigned (testing only) |
+| `skipBiometrics()` | Skip biometric fields |
+| `encode()` | Produce the QR string |
+
+### generateNonce()
+
+Generate a cryptographically secure random nonce for encryption:
+
+```typescript
+import { generateNonce } from 'claim169';
+
+const nonce = generateNonce();  // Returns 12-byte Uint8Array
+```
+
+## Data Model
+
+### DecodeResult
+
+```typescript
+interface DecodeResult {
+  claim169: Claim169;                    // Identity data
+  cwtMeta: CwtMeta;                      // Token metadata
+  verificationStatus: VerificationStatus; // "verified" | "skipped" | "failed"
+}
+```
+
+### Claim169
+
+```typescript
+interface Claim169 {
+  // Demographics
+  id?: string;                  // Unique identifier
+  fullName?: string;            // Full name
+  firstName?: string;           // First name
+  middleName?: string;          // Middle name
+  lastName?: string;            // Last name
+  dateOfBirth?: string;         // ISO 8601 format
+  gender?: number;              // 1=Male, 2=Female, 3=Other
+  address?: string;             // Address
+  email?: string;               // Email address
+  phone?: string;               // Phone number
+  nationality?: string;         // Nationality code
+  maritalStatus?: number;       // Marital status code
+  guardian?: string;            // Guardian name
+
+  // Additional fields
+  version?: string;             // Claim version
+  language?: string;            // Primary language code
+  secondaryFullName?: string;   // Secondary full name
+  secondaryLanguage?: string;   // Secondary language code
+  locationCode?: string;        // Location code
+  legalStatus?: string;         // Legal status
+  countryOfIssuance?: string;   // Country of issuance
+
+  // Photo
+  photo?: Uint8Array;           // Photo data
+  photoFormat?: number;         // Photo format code
+
+  // Biometrics (when present)
+  face?: Biometric[];           // Face biometrics
+  rightThumb?: Biometric[];     // Right thumb fingerprint
+  // ... (all finger/iris/palm biometrics)
+}
+```
+
+### CwtMeta
+
+```typescript
+interface CwtMeta {
+  issuer?: string;              // Token issuer
+  subject?: string;             // Token subject
+  expiresAt?: number;           // Expiration timestamp (Unix seconds)
+  notBefore?: number;           // Not-before timestamp
+  issuedAt?: number;            // Issued-at timestamp
+}
+```
+
+### Biometric
+
+```typescript
+interface Biometric {
+  data: Uint8Array;             // Raw biometric data
+  format: number;               // Biometric format code
+  subFormat?: number;           // Sub-format code
+  issuer?: string;              // Issuer identifier
+}
+```
+
+## Error Handling
+
+```typescript
+import { decode, Claim169Error } from 'claim169';
+
+try {
+  const result = decode(qrText, { allowUnverified: true });
+} catch (error) {
+  if (error instanceof Claim169Error) {
+    // Handle decode error
+    console.error("Decode failed:", error.message);
+  }
+}
+```
+
+Error messages indicate the specific failure:
+- `Base45Decode`: Invalid Base45 encoding
+- `Decompress`: zlib decompression failed
+- `CoseParse`: Invalid COSE structure
+- `CwtParse`: Invalid CWT structure
+- `Claim169NotFound`: Missing claim 169
+- `SignatureError`: Signature verification failed
+- `DecryptionError`: Decryption failed
+
+## Notes
+
+### Timestamp Validation
+
+Timestamp validation is disabled by default because WebAssembly does not have reliable access to system time. Enable it explicitly if your environment provides accurate time:
+
+```typescript
+const result = new Decoder(qrText)
+  .verifyWithEd25519(publicKey)
+  .withTimestampValidation()
+  .clockSkewTolerance(60)  // Allow 60 seconds clock drift
+  .decode();
+```
+
+### Secure by Default
+
+The decoder requires explicit verification configuration. You must call one of:
+- `verifyWithEd25519(publicKey)` - Verify with Ed25519
+- `verifyWithEcdsaP256(publicKey)` - Verify with ECDSA P-256
+- `allowUnverified()` - Explicitly skip verification (testing only)
+
+This prevents accidentally processing unverified credentials.
+
+## Browser Usage
+
+```html
+<script type="module">
+  import { Decoder } from './node_modules/claim169/dist/index.js';
+
+  // Your issuer's public key (32 bytes for Ed25519)
+  const publicKey = new Uint8Array([/* ... */]);
+
+  const qrText = "6BF5YZB2...";
+  const result = new Decoder(qrText)
+    .verifyWithEd25519(publicKey)
+    .decode();
+
+  if (result.verificationStatus === "verified") {
+    console.log("Verified:", result.claim169.fullName);
+  }
+</script>
+```
+
+## Bundler Configuration
+
+### Vite
+
+```typescript
+// vite.config.ts
+import { defineConfig } from 'vite';
+import wasm from 'vite-plugin-wasm';
+import topLevelAwait from 'vite-plugin-top-level-await';
+
+export default defineConfig({
+  plugins: [wasm(), topLevelAwait()],
+});
+```
+
+### Webpack
+
+```javascript
+// webpack.config.js
+module.exports = {
+  experiments: {
+    asyncWebAssembly: true,
+  },
+};
+```
+
+## Utility Functions
+
+```typescript
+import { version, isLoaded } from 'claim169';
+
+// Get library version
+console.log(version());  // "0.1.0"
+
+// Check if WASM module is loaded
+console.log(isLoaded());  // true
+```
+
+## Development
+
+### Building from Source
+
+```bash
+# Install dependencies
+npm install
+
+# Build WASM (requires Rust and wasm-pack)
+npm run build:wasm
+
+# Build TypeScript
+npm run build:ts
+
+# Or build everything
+npm run build
+```
+
+### Running Tests
+
+```bash
+npm test
+```
+
+### Prerequisites
+
+- Node.js 18+
+- Rust toolchain (for building WASM)
+- wasm-pack (`cargo install wasm-pack`)
+
+## License
+
+MIT License - See LICENSE file for details.

package/dist/index.d.ts

@@ -0,0 +1,319 @@
+/**
+ * MOSIP Claim 169 QR Code library for TypeScript/JavaScript.
+ *
+ * This library provides classes to encode and decode MOSIP Claim 169 identity
+ * credentials from QR codes. It uses WebAssembly for high-performance binary
+ * parsing and cryptographic operations.
+ *
+ * ## Installation
+ *
+ * ```bash
+ * npm install claim169
+ * ```
+ *
+ * ## Decoding with Verification (Recommended)
+ *
+ * ```typescript
+ * import { Decoder } from 'claim169';
+ *
+ * // Decode with Ed25519 signature verification
+ * const result = new Decoder(qrText)
+ *   .verifyWithEd25519(publicKey)
+ *   .decode();
+ *
+ * // Access identity data
+ * console.log(result.claim169.fullName);
+ * console.log(result.claim169.dateOfBirth);
+ *
+ * // Access metadata
+ * console.log(result.cwtMeta.issuer);
+ * console.log(result.cwtMeta.expiresAt);
+ *
+ * // Check verification status
+ * console.log(result.verificationStatus); // "verified"
+ * ```
+ *
+ * ## Decoding without Verification (Testing Only)
+ *
+ * ```typescript
+ * const result = new Decoder(qrText)
+ *   .allowUnverified()  // Explicit opt-out required
+ *   .decode();
+ * ```
+ *
+ * ## Decoding Encrypted Credentials
+ *
+ * ```typescript
+ * const result = new Decoder(qrText)
+ *   .decryptWithAes256(aesKey)
+ *   .verifyWithEd25519(publicKey)
+ *   .decode();
+ * ```
+ *
+ * ## Encoding Credentials
+ *
+ * ```typescript
+ * import { Encoder } from 'claim169';
+ *
+ * const qrData = new Encoder(claim169, cwtMeta)
+ *   .signWithEd25519(privateKey)
+ *   .encode();
+ * ```
+ *
+ * ## Error Handling
+ *
+ * ```typescript
+ * import { Decoder, Claim169Error } from 'claim169';
+ *
+ * try {
+ *   const result = new Decoder(qrText)
+ *     .verifyWithEd25519(publicKey)
+ *     .decode();
+ * } catch (error) {
+ *   if (error instanceof Claim169Error) {
+ *     console.error('Decoding failed:', error.message);
+ *   }
+ * }
+ * ```
+ *
+ * ## Notes
+ *
+ * - **Timestamp validation**: Disabled by default because WASM doesn't have
+ *   reliable access to system time. Enable with `.withTimestampValidation()`.
+ *
+ * @module claim169
+ */
+export type { Biometric, Claim169, Claim169Input, CwtMeta, CwtMetaInput, DecodeResult, IDecoder, IEncoder, VerificationStatus, } from "./types.js";
+export { Claim169Error } from "./types.js";
+import type { Claim169Input, CwtMetaInput, DecodeResult, IDecoder, IEncoder } from "./types.js";
+/**
+ * Get the library version
+ */
+export declare function version(): string;
+/**
+ * Check if the WASM module is loaded correctly
+ */
+export declare function isLoaded(): boolean;
+/**
+ * Convert a hex string to bytes.
+ *
+ * Accepts optional `0x` prefix and ignores whitespace.
+ *
+ * @throws {Claim169Error} If the input is not valid hex
+ */
+export declare function hexToBytes(hex: string): Uint8Array;
+/**
+ * Convert bytes to a lowercase hex string.
+ */
+export declare function bytesToHex(bytes: Uint8Array): string;
+/**
+ * Builder-pattern decoder for Claim 169 QR codes.
+ *
+ * Provides a fluent API for configuring decoding options and executing the decode.
+ * Supports signature verification with Ed25519 and ECDSA P-256, as well as
+ * AES-GCM decryption for encrypted credentials.
+ *
+ * @example
+ * ```typescript
+ * // With verification (recommended for production)
+ * const result = new Decoder(qrText)
+ *   .verifyWithEd25519(publicKey)
+ *   .decode();
+ *
+ * // Without verification (testing only)
+ * const result = new Decoder(qrText)
+ *   .allowUnverified()
+ *   .skipBiometrics()
+ *   .decode();
+ *
+ * // With decryption and verification
+ * const result = new Decoder(qrText)
+ *   .decryptWithAes256(aesKey)
+ *   .verifyWithEd25519(publicKey)
+ *   .decode();
+ * ```
+ */
+export declare class Decoder implements IDecoder {
+    private wasmDecoder;
+    /**
+     * Create a new Decoder instance.
+     * @param qrText - The QR code text content (Base45 encoded)
+     */
+    constructor(qrText: string);
+    /**
+     * Verify signature with Ed25519 public key.
+     * @param publicKey - 32-byte Ed25519 public key
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the public key is invalid
+     */
+    verifyWithEd25519(publicKey: Uint8Array): Decoder;
+    /**
+     * Verify signature with ECDSA P-256 public key.
+     * @param publicKey - SEC1-encoded P-256 public key (33 or 65 bytes)
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the public key is invalid
+     */
+    verifyWithEcdsaP256(publicKey: Uint8Array): Decoder;
+    /**
+     * Allow decoding without signature verification.
+     * WARNING: Unverified credentials cannot be trusted. Use for testing only.
+     * @returns The decoder instance for chaining
+     */
+    allowUnverified(): Decoder;
+    /**
+     * Decrypt with AES-256-GCM.
+     * @param key - 32-byte AES-256 key
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the key is invalid
+     */
+    decryptWithAes256(key: Uint8Array): Decoder;
+    /**
+     * Decrypt with AES-128-GCM.
+     * @param key - 16-byte AES-128 key
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the key is invalid
+     */
+    decryptWithAes128(key: Uint8Array): Decoder;
+    /**
+     * Skip biometric data during decoding.
+     * Useful when only demographic data is needed for faster parsing.
+     * @returns The decoder instance for chaining
+     */
+    skipBiometrics(): Decoder;
+    /**
+     * Enable timestamp validation.
+     * When enabled, expired or not-yet-valid credentials will throw an error.
+     * Disabled by default because WASM doesn't have reliable access to system time.
+     * @returns The decoder instance for chaining
+     */
+    withTimestampValidation(): Decoder;
+    /**
+     * Set clock skew tolerance in seconds.
+     * Allows credentials to be accepted when clocks are slightly out of sync.
+     * Only applies when timestamp validation is enabled.
+     * @param seconds - The tolerance in seconds
+     * @returns The decoder instance for chaining
+     */
+    clockSkewTolerance(seconds: number): Decoder;
+    /**
+     * Set maximum decompressed size in bytes.
+     * Protects against decompression bomb attacks.
+     * @param bytes - The maximum size in bytes (default: 65536)
+     * @returns The decoder instance for chaining
+     */
+    maxDecompressedBytes(bytes: number): Decoder;
+    /**
+     * Decode the QR code with the configured options.
+     * Requires either a verifier (verifyWithEd25519/verifyWithEcdsaP256) or
+     * explicit allowUnverified() to be called first.
+     * @returns The decoded result
+     * @throws {Claim169Error} If decoding fails or no verification method specified
+     */
+    decode(): DecodeResult;
+}
+/**
+ * Options for the `decode()` convenience function.
+ *
+ * Notes:
+ * - If you don't provide a verification key, you must explicitly set `allowUnverified: true` (testing only).
+ * - Timestamp validation is disabled by default in WASM; set `validateTimestamps: true` to enable it.
+ */
+export interface DecodeOptions {
+    verifyWithEd25519?: Uint8Array;
+    verifyWithEcdsaP256?: Uint8Array;
+    decryptWithAes256?: Uint8Array;
+    decryptWithAes128?: Uint8Array;
+    allowUnverified?: boolean;
+    skipBiometrics?: boolean;
+    validateTimestamps?: boolean;
+    clockSkewToleranceSeconds?: number;
+    maxDecompressedBytes?: number;
+}
+/**
+ * Decode a Claim 169 QR string.
+ *
+ * This is a convenience wrapper around the `Decoder` builder.
+ * Security:
+ * - If you do not pass a verification key, you must set `allowUnverified: true` (testing only).
+ */
+export declare function decode(qrText: string, options?: DecodeOptions): DecodeResult;
+/**
+ * Builder-pattern encoder for Claim 169 QR codes.
+ *
+ * Provides a fluent API for configuring encoding options and generating QR data.
+ *
+ * @example
+ * ```typescript
+ * // Signed credential (recommended)
+ * const qrData = new Encoder(claim169, cwtMeta)
+ *   .signWithEd25519(privateKey)
+ *   .encode();
+ *
+ * // Signed and encrypted
+ * const qrData = new Encoder(claim169, cwtMeta)
+ *   .signWithEd25519(privateKey)
+ *   .encryptWithAes256(aesKey)
+ *   .encode();
+ *
+ * // Unsigned (testing only)
+ * const qrData = new Encoder(claim169, cwtMeta)
+ *   .allowUnsigned()
+ *   .encode();
+ * ```
+ */
+export declare class Encoder implements IEncoder {
+    private wasmEncoder;
+    /**
+     * Create a new Encoder instance.
+     * @param claim169 - The identity claim data to encode
+     * @param cwtMeta - CWT metadata including issuer, expiration, etc.
+     */
+    constructor(claim169: Claim169Input, cwtMeta: CwtMetaInput);
+    /**
+     * Sign with Ed25519 private key.
+     * @param privateKey - 32-byte Ed25519 private key
+     * @returns The encoder instance for chaining
+     */
+    signWithEd25519(privateKey: Uint8Array): Encoder;
+    /**
+     * Sign with ECDSA P-256 private key.
+     * @param privateKey - 32-byte ECDSA P-256 private key (scalar)
+     * @returns The encoder instance for chaining
+     */
+    signWithEcdsaP256(privateKey: Uint8Array): Encoder;
+    /**
+     * Encrypt with AES-256-GCM.
+     * @param key - 32-byte AES-256 key
+     * @returns The encoder instance for chaining
+     */
+    encryptWithAes256(key: Uint8Array): Encoder;
+    /**
+     * Encrypt with AES-128-GCM.
+     * @param key - 16-byte AES-128 key
+     * @returns The encoder instance for chaining
+     */
+    encryptWithAes128(key: Uint8Array): Encoder;
+    /**
+     * Allow encoding without a signature.
+     * WARNING: Unsigned credentials cannot be verified. Use for testing only.
+     * @returns The encoder instance for chaining
+     */
+    allowUnsigned(): Encoder;
+    /**
+     * Skip biometric fields during encoding.
+     * @returns The encoder instance for chaining
+     */
+    skipBiometrics(): Encoder;
+    /**
+     * Encode the credential to a Base45 QR string.
+     * @returns Base45-encoded string suitable for QR code generation
+     * @throws {Claim169Error} If encoding fails
+     */
+    encode(): string;
+}
+/**
+ * Generate a random 12-byte nonce for AES-GCM encryption.
+ * @returns A 12-byte Uint8Array suitable for use as a nonce
+ */
+export declare function generateNonce(): Uint8Array;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoFG;AAEH,YAAY,EACV,SAAS,EACT,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,QAAQ,EACT,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAqBlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AA+FD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;OAGG;gBACS,MAAM,EAAE,MAAM;IAI1B;;;;;OAKG;IACH,iBAAiB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYjD;;;;;OAKG;IACH,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYnD;;;;OAIG;IACH,eAAe,IAAI,OAAO;IAK1B;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;OAKG;IACH,uBAAuB,IAAI,OAAO;IAKlC;;;;;;OAMG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;OAKG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;;OAMG;IACH,MAAM,IAAI,YAAY;CAWvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,aAAkB,GAAG,YAAY,CAuChF;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;;OAIG;gBACS,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAW1D;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYhD;;;;OAIG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYlD;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,aAAa,IAAI,OAAO;IAKxB;;;OAGG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;OAIG;IACH,MAAM,IAAI,MAAM;CAUjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAE1C"}