claim169 0.1.0-alpha.2 → 0.2.0-alpha

package/README.md

@@ -60,7 +60,8 @@ const result = decode(qrText, { allowUnverified: true });
 const options: DecodeOptions = {
   maxDecompressedBytes: 32768,  // 32KB limit
   skipBiometrics: true,         // Skip biometric parsing
-  validateTimestamps: false,    // Disabled by default in WASM
+  // Timestamp validation is enabled by default (host-side). Set to false to disable:
+  validateTimestamps: false,
   allowUnverified: true,        // Explicit opt-out (testing only)
 };
 
@@ -94,7 +95,6 @@ const result = new Decoder(qrText)
 const result = new Decoder(qrText)
   .verifyWithEd25519(publicKey)
   .skipBiometrics()              // Skip biometric data
-  .withTimestampValidation()     // Enable timestamp validation
   .clockSkewTolerance(60)        // 60 seconds tolerance
   .maxDecompressedBytes(32768)   // 32KB max size
   .decode();
@@ -106,11 +106,14 @@ const result = new Decoder(qrText)
 |--------|-------------|
 | `verifyWithEd25519(publicKey)` | Verify with Ed25519 (32 bytes) |
 | `verifyWithEcdsaP256(publicKey)` | Verify with ECDSA P-256 (33 or 65 bytes) |
+| `verifyWith(callback)` | Verify with custom callback (HSM, cloud KMS, etc.) |
 | `decryptWithAes256(key)` | Decrypt with AES-256-GCM (32 bytes) |
 | `decryptWithAes128(key)` | Decrypt with AES-128-GCM (16 bytes) |
+| `decryptWith(callback)` | Decrypt with custom callback (HSM, cloud KMS, etc.) |
 | `allowUnverified()` | Skip verification (testing only) |
 | `skipBiometrics()` | Skip biometric data parsing |
-| `withTimestampValidation()` | Enable exp/nbf validation |
+| `withTimestampValidation()` | Enable timestamp validation (host-side) |
+| `withoutTimestampValidation()` | Disable timestamp validation |
 | `clockSkewTolerance(seconds)` | Set clock skew tolerance |
 | `maxDecompressedBytes(bytes)` | Set max decompressed size |
 | `decode()` | Execute the decode operation |
@@ -162,8 +165,10 @@ const qrData = new Encoder(claim169, cwtMeta)
 |--------|-------------|
 | `signWithEd25519(privateKey)` | Sign with Ed25519 |
 | `signWithEcdsaP256(privateKey)` | Sign with ECDSA P-256 |
+| `signWith(callback, algorithm, keyId?)` | Sign with custom callback (HSM, cloud KMS, etc.) |
 | `encryptWithAes256(key)` | Encrypt with AES-256-GCM |
 | `encryptWithAes128(key)` | Encrypt with AES-128-GCM |
+| `encryptWith(callback, algorithm)` | Encrypt with custom callback (HSM, cloud KMS, etc.) |
 | `allowUnsigned()` | Allow unsigned (testing only) |
 | `skipBiometrics()` | Skip biometric fields |
 | `encode()` | Produce the QR string |
@@ -178,6 +183,130 @@ import { generateNonce } from 'claim169';
 const nonce = generateNonce();  // Returns 12-byte Uint8Array
 ```
 
+## Custom Crypto Providers
+
+For integrating with external key management systems like HSMs, cloud KMS (AWS KMS, Google Cloud KMS, Azure Key Vault), smart cards, TPMs, or remote signing services, use the custom callback methods.
+
+### Custom Signer
+
+```typescript
+import { Encoder, SignerCallback, Claim169Input, CwtMetaInput } from 'claim169';
+
+// Example: Sign with a cloud KMS
+const mySigner: SignerCallback = (algorithm, keyId, data) => {
+  // Call your crypto provider
+  // algorithm: "EdDSA" or "ES256"
+  // keyId: optional key identifier (Uint8Array or null)
+  // data: the COSE Sig_structure to sign (Uint8Array)
+  const signature = myKms.sign({ keyId, data, algorithm });
+  return signature;  // Uint8Array: 64 bytes for EdDSA, 64 bytes for ES256
+};
+
+const claim: Claim169Input = { id: "123", fullName: "John Doe" };
+const meta: CwtMetaInput = { issuer: "https://issuer.example" };
+
+const qrData = new Encoder(claim, meta)
+  .signWith(mySigner, "EdDSA", new Uint8Array([1, 2, 3])) // optional keyId
+  .encode();
+```
+
+### Custom Verifier
+
+```typescript
+import { Decoder, VerifierCallback } from 'claim169';
+
+// Example: Verify with an HSM
+const myVerifier: VerifierCallback = (algorithm, keyId, data, signature) => {
+  // Call your crypto provider
+  // Throw an error if verification fails
+  const result = myHsm.verify({ keyId, data, signature, algorithm });
+  if (!result.valid) {
+    throw new Error("Signature verification failed");
+  }
+};
+
+const result = new Decoder(qrText)
+  .verifyWith(myVerifier)
+  .decode();
+```
+
+### Custom Encryptor
+
+```typescript
+import { Encoder, EncryptorCallback } from 'claim169';
+
+// Example: Encrypt with cloud KMS
+const myEncryptor: EncryptorCallback = (algorithm, keyId, nonce, aad, plaintext) => {
+  // algorithm: "A256GCM" or "A128GCM"
+  // nonce: 12-byte IV
+  // aad: additional authenticated data
+  // plaintext: data to encrypt
+  const ciphertext = myKms.encrypt({ keyId, nonce, aad, plaintext });
+  return ciphertext;  // Uint8Array: plaintext + 16-byte auth tag
+};
+
+const qrData = new Encoder(claim, meta)
+  .signWithEd25519(signingKey)
+  .encryptWith(myEncryptor, "A256GCM")
+  .encode();
+```
+
+### Custom Decryptor
+
+```typescript
+import { Decoder, DecryptorCallback } from 'claim169';
+
+// Example: Decrypt with cloud KMS
+const myDecryptor: DecryptorCallback = (algorithm, keyId, nonce, aad, ciphertext) => {
+  // algorithm: "A256GCM" or "A128GCM"
+  // ciphertext includes the auth tag
+  const plaintext = myKms.decrypt({ keyId, nonce, aad, ciphertext });
+  return plaintext;  // Uint8Array
+};
+
+const result = new Decoder(qrText)
+  .decryptWith(myDecryptor)
+  .verifyWithEd25519(publicKey)
+  .decode();
+```
+
+### Callback Type Definitions
+
+```typescript
+// Signer: (algorithm, keyId, data) => signature
+type SignerCallback = (
+  algorithm: string,
+  keyId: Uint8Array | null,
+  data: Uint8Array
+) => Uint8Array;
+
+// Verifier: (algorithm, keyId, data, signature) => void (throw on failure)
+type VerifierCallback = (
+  algorithm: string,
+  keyId: Uint8Array | null,
+  data: Uint8Array,
+  signature: Uint8Array
+) => void;
+
+// Encryptor: (algorithm, keyId, nonce, aad, plaintext) => ciphertext
+type EncryptorCallback = (
+  algorithm: string,
+  keyId: Uint8Array | null,
+  nonce: Uint8Array,
+  aad: Uint8Array,
+  plaintext: Uint8Array
+) => Uint8Array;
+
+// Decryptor: (algorithm, keyId, nonce, aad, ciphertext) => plaintext
+type DecryptorCallback = (
+  algorithm: string,
+  keyId: Uint8Array | null,
+  nonce: Uint8Array,
+  aad: Uint8Array,
+  ciphertext: Uint8Array
+) => Uint8Array;
+```
+
 ## Data Model
 
 ### DecodeResult
@@ -280,12 +409,12 @@ Error messages indicate the specific failure:
 
 ### Timestamp Validation
 
-Timestamp validation is disabled by default because WebAssembly does not have reliable access to system time. Enable it explicitly if your environment provides accurate time:
+Timestamp validation is performed in the host (JavaScript) and is enabled by default. Disable it explicitly if you intentionally want to skip time checks:
 
 ```typescript
 const result = new Decoder(qrText)
   .verifyWithEd25519(publicKey)
-  .withTimestampValidation()
+  .withoutTimestampValidation()
   .clockSkewTolerance(60)  // Allow 60 seconds clock drift
   .decode();
 ```

package/dist/index.d.ts

@@ -78,14 +78,14 @@
  *
  * ## Notes
  *
- * - **Timestamp validation**: Disabled by default because WASM doesn't have
- *   reliable access to system time. Enable with `.withTimestampValidation()`.
+ * - **Timestamp validation**: Enabled by default in JS (host-side). Disable with
+ *   `.withoutTimestampValidation()` if you intentionally want to skip time checks.
  *
  * @module claim169
  */
-export type { Biometric, Claim169, Claim169Input, CwtMeta, CwtMetaInput, DecodeResult, IDecoder, IEncoder, VerificationStatus, } from "./types.js";
+export type { Algorithm, AlgorithmName, Biometric, CertificateHash, Claim169, Claim169Input, CwtMeta, CwtMetaInput, DecodeResult, DecryptorCallback, EncryptorCallback, IDecoder, IEncoder, SignerCallback, VerificationStatus, VerifierCallback, X509Headers, } from "./types.js";
 export { Claim169Error } from "./types.js";
-import type { Claim169Input, CwtMetaInput, DecodeResult, IDecoder, IEncoder } from "./types.js";
+import type { Claim169Input, CwtMetaInput, DecodeResult, DecryptorCallback, EncryptorCallback, IDecoder, IEncoder, SignerCallback, VerifierCallback } from "./types.js";
 /**
  * Get the library version
  */
@@ -135,6 +135,8 @@ export declare function bytesToHex(bytes: Uint8Array): string;
  */
 export declare class Decoder implements IDecoder {
     private wasmDecoder;
+    private validateTimestamps;
+    private clockSkewToleranceSeconds;
     /**
      * Create a new Decoder instance.
      * @param qrText - The QR code text content (Base45 encoded)
@@ -154,9 +156,26 @@ export declare class Decoder implements IDecoder {
      * @throws {Claim169Error} If the public key is invalid
      */
     verifyWithEcdsaP256(publicKey: Uint8Array): Decoder;
+    /**
+     * Verify signature with Ed25519 public key in PEM format.
+     * Supports SPKI format with "BEGIN PUBLIC KEY" headers.
+     * @param pem - PEM-encoded Ed25519 public key
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the PEM is invalid
+     */
+    verifyWithEd25519Pem(pem: string): Decoder;
+    /**
+     * Verify signature with ECDSA P-256 public key in PEM format.
+     * Supports SPKI format with "BEGIN PUBLIC KEY" headers.
+     * @param pem - PEM-encoded P-256 public key
+     * @returns The decoder instance for chaining
+     * @throws {Claim169Error} If the PEM is invalid
+     */
+    verifyWithEcdsaP256Pem(pem: string): Decoder;
     /**
      * Allow decoding without signature verification.
-     * WARNING: Unverified credentials cannot be trusted. Use for testing only.
+     * WARNING: Credentials decoded with verification skipped (`verificationStatus === "skipped"`)
+     * cannot be trusted. Use for testing only.
      * @returns The decoder instance for chaining
      */
     allowUnverified(): Decoder;
@@ -183,14 +202,19 @@ export declare class Decoder implements IDecoder {
     /**
      * Enable timestamp validation.
      * When enabled, expired or not-yet-valid credentials will throw an error.
-     * Disabled by default because WASM doesn't have reliable access to system time.
+     * Implemented in the host (JavaScript) to avoid WASM runtime time limitations.
      * @returns The decoder instance for chaining
      */
     withTimestampValidation(): Decoder;
+    /**
+     * Disable timestamp validation.
+     * @returns The decoder instance for chaining
+     */
+    withoutTimestampValidation(): Decoder;
     /**
      * Set clock skew tolerance in seconds.
      * Allows credentials to be accepted when clocks are slightly out of sync.
-     * Only applies when timestamp validation is enabled.
+     * Applies when timestamp validation is enabled.
      * @param seconds - The tolerance in seconds
      * @returns The decoder instance for chaining
      */
@@ -202,6 +226,42 @@ export declare class Decoder implements IDecoder {
      * @returns The decoder instance for chaining
      */
     maxDecompressedBytes(bytes: number): Decoder;
+    /**
+     * Verify signature with a custom verifier callback.
+     * Use for external crypto providers (HSM, cloud KMS, remote signing, etc.)
+     *
+     * @param verifier - Function that verifies signatures
+     * @returns The decoder instance for chaining
+     *
+     * @example
+     * ```typescript
+     * const result = new Decoder(qrText)
+     *   .verifyWith((algorithm, keyId, data, signature) => {
+     *     // Call your crypto provider here
+     *     myKms.verify(keyId, data, signature);
+     *   })
+     *   .decode();
+     * ```
+     */
+    verifyWith(verifier: VerifierCallback): Decoder;
+    /**
+     * Decrypt with a custom decryptor callback.
+     * Use for external crypto providers (HSM, cloud KMS, etc.)
+     *
+     * @param decryptor - Function that decrypts ciphertext
+     * @returns The decoder instance for chaining
+     *
+     * @example
+     * ```typescript
+     * const result = new Decoder(qrText)
+     *   .decryptWith((algorithm, keyId, nonce, aad, ciphertext) => {
+     *     // Call your crypto provider here
+     *     return myKms.decrypt(keyId, ciphertext, { nonce, aad });
+     *   })
+     *   .decode();
+     * ```
+     */
+    decryptWith(decryptor: DecryptorCallback): Decoder;
     /**
      * Decode the QR code with the configured options.
      * Requires either a verifier (verifyWithEd25519/verifyWithEcdsaP256) or
@@ -216,7 +276,7 @@ export declare class Decoder implements IDecoder {
  *
  * Notes:
  * - If you don't provide a verification key, you must explicitly set `allowUnverified: true` (testing only).
- * - Timestamp validation is disabled by default in WASM; set `validateTimestamps: true` to enable it.
+ * - Timestamp validation is enabled by default in JS (host-side). Set `validateTimestamps: false` to disable.
  */
 export interface DecodeOptions {
     verifyWithEd25519?: Uint8Array;
@@ -304,6 +364,44 @@ export declare class Encoder implements IEncoder {
      * @returns The encoder instance for chaining
      */
     skipBiometrics(): Encoder;
+    /**
+     * Sign with a custom signer callback.
+     * Use for external crypto providers (HSM, cloud KMS, remote signing, etc.)
+     *
+     * @param signer - Function that signs data
+     * @param algorithm - Signature algorithm: "EdDSA" or "ES256"
+     * @param keyId - Optional key identifier passed to the signer callback
+     * @returns The encoder instance for chaining
+     *
+     * @example
+     * ```typescript
+     * const qrData = new Encoder(claim169, cwtMeta)
+     *   .signWith((algorithm, keyId, data) => {
+     *     return myKms.sign({ keyId, data });
+     *   }, "EdDSA")
+     *   .encode();
+     * ```
+     */
+    signWith(signer: SignerCallback, algorithm: "EdDSA" | "ES256", keyId?: Uint8Array | null): Encoder;
+    /**
+     * Encrypt with a custom encryptor callback.
+     * Use for external crypto providers (HSM, cloud KMS, etc.)
+     *
+     * @param encryptor - Function that encrypts data
+     * @param algorithm - Encryption algorithm: "A256GCM" or "A128GCM"
+     * @returns The encoder instance for chaining
+     *
+     * @example
+     * ```typescript
+     * const qrData = new Encoder(claim169, cwtMeta)
+     *   .signWithEd25519(signKey)
+     *   .encryptWith((algorithm, keyId, nonce, aad, plaintext) => {
+     *     return myKms.encrypt({ keyId, nonce, aad, plaintext });
+     *   }, "A256GCM")
+     *   .encode();
+     * ```
+     */
+    encryptWith(encryptor: EncryptorCallback, algorithm: "A256GCM" | "A128GCM"): Encoder;
     /**
      * Encode the credential to a Base45 QR string.
      * @returns Base45-encoded string suitable for QR code generation

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoFG;AAEH,YAAY,EACV,SAAS,EACT,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,QAAQ,EACT,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAqBlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AA+FD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;OAGG;gBACS,MAAM,EAAE,MAAM;IAI1B;;;;;OAKG;IACH,iBAAiB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYjD;;;;;OAKG;IACH,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYnD;;;;OAIG;IACH,eAAe,IAAI,OAAO;IAK1B;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;OAKG;IACH,uBAAuB,IAAI,OAAO;IAKlC;;;;;;OAMG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;OAKG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;;OAMG;IACH,MAAM,IAAI,YAAY;CAWvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,aAAkB,GAAG,YAAY,CAuChF;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;;OAIG;gBACS,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAW1D;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYhD;;;;OAIG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYlD;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,aAAa,IAAI,OAAO;IAKxB;;;OAGG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;OAIG;IACH,MAAM,IAAI,MAAM;CAUjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAE1C"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoFG;AAEH,YAAY,EACV,SAAS,EACT,aAAa,EACb,SAAS,EACT,eAAe,EACf,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,gBAAgB,EAEjB,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAgB,OAAO,IAAI,MAAM,CAEhC;AAED;;GAEG;AACH,wBAAgB,QAAQ,IAAI,OAAO,CAElC;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAqBlD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAMpD;AA4PD;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IACtC,OAAO,CAAC,kBAAkB,CAAQ;IAClC,OAAO,CAAC,yBAAyB,CAAK;IAEtC;;;OAGG;gBACS,MAAM,EAAE,MAAM;IAI1B;;;;;OAKG;IACH,iBAAiB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYjD;;;;;OAKG;IACH,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,OAAO;IAYnD;;;;;;OAMG;IACH,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAY1C;;;;;;OAMG;IACH,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAY5C;;;;;OAKG;IACH,eAAe,IAAI,OAAO;IAK1B;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;;OAKG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;OAKG;IACH,uBAAuB,IAAI,OAAO;IAKlC;;;OAGG;IACH,0BAA0B,IAAI,OAAO;IAKrC;;;;;;OAMG;IACH,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;OAKG;IACH,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAK5C;;;;;;;;;;;;;;;;OAgBG;IACH,UAAU,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO;IAY/C;;;;;;;;;;;;;;;;OAgBG;IACH,WAAW,CAAC,SAAS,EAAE,iBAAiB,GAAG,OAAO;IAYlD;;;;;;OAMG;IACH,MAAM,IAAI,YAAY;CAsBvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,iBAAiB,CAAC,EAAE,UAAU,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,MAAM,CACpB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,YAAY,CAuCd;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,OAAQ,YAAW,QAAQ;IACtC,OAAO,CAAC,WAAW,CAAmB;IAEtC;;;;OAIG;gBACS,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,YAAY;IAW1D;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYhD;;;;OAIG;IACH,iBAAiB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO;IAYlD;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,iBAAiB,CAAC,GAAG,EAAE,UAAU,GAAG,OAAO;IAY3C;;;;OAIG;IACH,aAAa,IAAI,OAAO;IAKxB;;;OAGG;IACH,cAAc,IAAI,OAAO;IAKzB;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CACN,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,OAAO,GAAG,OAAO,EAC5B,KAAK,CAAC,EAAE,UAAU,GAAG,IAAI,GACxB,OAAO;IAiBV;;;;;;;;;;;;;;;;;OAiBG;IACH,WAAW,CACT,SAAS,EAAE,iBAAiB,EAC5B,SAAS,EAAE,SAAS,GAAG,SAAS,GAC/B,OAAO;IAYV;;;;OAIG;IACH,MAAM,IAAI,MAAM;CAUjB;AAED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,UAAU,CAE1C"}