keri 0.0.0-dev.8b0703e → 0.0.0-dev.9090ca4

package/dist/controller/controller.js

@@ -0,0 +1,549 @@
+import { cesr, Matter, parse } from "../cesr/__main__.js";
+import { Attachments, KeyEventLog, keri, MailboxClient, Message, resolveEndRole, resolveLocation, sign, submitToWitnesses, } from "../core/main.js";
+import { decodeBase64Url, encodeBase64Url } from "../encoding/base64.js";
+import { PassphraseEncrypter } from "./encrypt.js";
+export class Controller {
+    #storage;
+    #encrypter;
+    #fetch;
+    constructor(deps) {
+        this.#storage = deps.storage;
+        this.#encrypter = deps.encrypter ?? new PassphraseEncrypter(deps.passphrase ?? "default-passphrase");
+        this.#fetch = deps.fetch ?? globalThis.fetch;
+    }
+    async generateKey() {
+        const key = keri.utils.generateKeyPair();
+        if (!key.privateKey || !key.publicKey || !key.publicKeyDigest) {
+            throw new Error("Failed to generate key pair");
+        }
+        const encrypted = await this.#encrypter.encrypt(key.privateKey);
+        this.#storage.saveKey(key.publicKey, key.publicKeyDigest, encodeBase64Url(encrypted));
+        return key.publicKey;
+    }
+    async signWithKey(publicKey, raw) {
+        const encoded = this.#storage.getEncryptedPrivateKey(publicKey);
+        const encrypted = decodeBase64Url(encoded);
+        const privateKey = await this.#encrypter.decrypt(encrypted);
+        return sign(raw, { key: privateKey });
+    }
+    async introduce(oobi) {
+        const response = await this.#fetch(oobi);
+        if (!response.ok) {
+            throw new Error(`Failed to fetch oobi: ${response.status} ${response.statusText}`);
+        }
+        if (!response.body) {
+            throw new Error(`No body in response`);
+        }
+        let log = KeyEventLog.empty();
+        for await (const message of parse(response.body)) {
+            switch (message.body.t) {
+                case "dip":
+                case "icp":
+                case "rot":
+                case "ixn": {
+                    log = log.append(message);
+                    await this.processMessage(message);
+                    break;
+                }
+                case "rpy": {
+                    await this.processMessage(new Message(message.body));
+                    break;
+                }
+            }
+        }
+        return log.state;
+    }
+    async loadEventLog(id) {
+        const log = KeyEventLog.from(this.#storage.getKeyEvents(id));
+        if (log.events.length === 0) {
+            throw new Error(`State for id ${id} not found`);
+        }
+        return log;
+    }
+    resolveEndpoint(aid, role = "controller") {
+        const endRole = resolveEndRole(this.#storage.getReplies({ cid: aid, route: "/end/role/add" }), aid, role);
+        if (!endRole) {
+            throw new Error(`Could not find end role '${role}' for aid '${aid}'`);
+        }
+        const location = resolveLocation(this.#storage.getReplies({ eid: endRole.eid, route: "/loc/scheme" }), endRole.eid);
+        if (!location) {
+            throw new Error(`No valid location found for aid ${aid}`);
+        }
+        return {
+            aid,
+            url: location.url,
+            scheme: location.scheme,
+            role: endRole.role,
+        };
+    }
+    async sign(raw, keys) {
+        return Promise.all(keys.map(async (key, idx) => {
+            const sig = await this.signWithKey(key, raw);
+            return cesr.index(Matter.parse(sig), idx).text();
+        }));
+    }
+    async incept(args = {}) {
+        const publicKey = await this.generateKey();
+        const nextPublicKey = await this.generateKey();
+        const nextPublicKeyDigest = keri.utils.digest(nextPublicKey);
+        const event = keri.incept({
+            signingKeys: [publicKey],
+            nextKeys: [nextPublicKeyDigest],
+            wits: args.wits ?? [],
+            toad: args.toad,
+        });
+        await this.commit(KeyEventLog.empty(), event);
+        return {
+            id: event.body.i,
+            event: event.body,
+        };
+    }
+    async processMessage(message) {
+        if (message.version.protocol === "ACDC") {
+            // TODO: verify ACDC credential SAID and anchors in TEL or KEL
+            this.#storage.saveMessage(message);
+            return;
+        }
+        switch (message.body.t) {
+            case "icp":
+            case "rot":
+            case "ixn": {
+                const body = message.body;
+                const log = KeyEventLog.from(this.#storage.getKeyEvents(body.i));
+                // TODO: Detect duplicituous key events
+                if (!log.events.find((event) => event.body.d === message.body.d)) {
+                    log.append(message); // throws if verification fails
+                    this.#storage.saveMessage(message);
+                }
+                break;
+            }
+            case "vcp":
+            case "iss":
+            case "rev":
+                // TODO: verify is anchored to a valid ixn in the issuer's KEL
+                this.#storage.saveMessage(message);
+                break;
+            case "rpy":
+                // TODO: Verify that is signed by the controller
+                this.#storage.saveMessage(message);
+                break;
+            default:
+                // TODO: Handle other message types
+                // this.#storage.saveMessage(message);
+                break;
+        }
+    }
+    async commit(log, event) {
+        const signingKeys = event.body.t === "icp" ? event.body.k : log.state.signingKeys;
+        const backers = event.body.t === "icp" ? (event.body.b ?? []) : (log.state.backers ?? []);
+        const sigs = await this.sign(event.raw, signingKeys);
+        event.attachments.ControllerIdxSigs.push(...sigs);
+        const endpoints = await Promise.all(backers.map((wit) => this.resolveEndpoint(wit)));
+        const wigs = await submitToWitnesses(event, endpoints, this.#fetch);
+        event.attachments.WitnessIdxSigs.push(...wigs);
+        await this.processMessage(event);
+    }
+    async anchor(id, anchor) {
+        const log = await this.loadEventLog(id);
+        const event = keri.interact(log.state, { data: anchor.data });
+        await this.commit(log, event);
+        return {
+            id: event.body.i,
+            event: event.body,
+        };
+    }
+    async rotate(id, args) {
+        const log = await this.loadEventLog(id);
+        const state = log.state;
+        const publicKeys = await Promise.all(state.nextKeyDigests.map((digest) => this.#storage.getPublicKeyByDigest(digest)));
+        const nextPublicKey = await this.generateKey();
+        const nextPublicKeyDigest = keri.utils.digest(nextPublicKey);
+        const event = keri.rotate(state, {
+            signingKeys: publicKeys,
+            nextKeyDigests: [nextPublicKeyDigest],
+            data: args.data,
+        });
+        await this.commit(log, event);
+        return {
+            id: event.body.i,
+            event: event.body,
+        };
+    }
+    /**
+     * Creates and stores a signed reply message and submits to all witnesses.
+     */
+    async reply(args) {
+        const log = await this.loadEventLog(args.id);
+        const state = log.state;
+        const rpy = keri.reply({
+            r: args.route,
+            a: args.record,
+        });
+        const sigs = await this.sign(rpy.raw, state.signingKeys);
+        rpy.attachments.TransIdxSigGroups.push({
+            snu: state.lastEstablishment.s,
+            digest: state.lastEstablishment.d,
+            prefix: state.identifier,
+            ControllerIdxSigs: sigs,
+        });
+        await this.processMessage(rpy);
+        for (const wit of state.backers) {
+            const endpoint = this.resolveEndpoint(wit, "controller");
+            const client = new MailboxClient({
+                id: wit,
+                url: endpoint.url,
+            });
+            await client.sendMessage(rpy);
+        }
+    }
+    async forward(args) {
+        const endpoint = this.resolveEndpoint(args.recipient, "mailbox");
+        const client = new MailboxClient({
+            id: endpoint.aid,
+            url: endpoint.url,
+            fetch: this.#fetch,
+        });
+        const log = await this.loadEventLog(args.sender);
+        const state = log.state;
+        const hasAttachments = args.message.attachments.frames().length > 1;
+        if (!hasAttachments) {
+            args.message.attachments.TransIdxSigGroups.push({
+                snu: state.lastEstablishment.s,
+                digest: state.lastEstablishment.d,
+                prefix: args.sender,
+                ControllerIdxSigs: await this.sign(args.message.raw, state.signingKeys),
+            });
+        }
+        const fwd = keri.exchange({
+            sender: args.sender,
+            route: "/fwd",
+            timestamp: args.timestamp,
+            // rp: args.recipient,
+            query: { pre: args.recipient, topic: args.topic },
+            anchor: {},
+            embeds: {
+                evt: args.message,
+            },
+        });
+        const fwdsigs = await this.sign(fwd.raw, state.signingKeys);
+        fwd.attachments = {
+            TransIdxSigGroups: [
+                {
+                    prefix: args.sender,
+                    ControllerIdxSigs: fwdsigs,
+                    snu: state.lastEstablishment.s,
+                    digest: state.lastEstablishment.d,
+                },
+            ],
+            PathedMaterialCouples: fwd.attachments.PathedMaterialCouples.map((couple) => ({
+                ...couple,
+                grouped: false,
+            })),
+        };
+        await client.sendMessage(fwd);
+    }
+    async createRegistry(owner) {
+        const log = await this.loadEventLog(owner);
+        const vcp = keri.registry({
+            ii: owner,
+        });
+        const anchor = await this.anchor(owner, {
+            data: {
+                d: vcp.body.d,
+                s: vcp.body.s,
+                i: vcp.body.i,
+            },
+        });
+        const seal = { digest: anchor.event.d, snu: anchor.event.s };
+        vcp.attachments.SealSourceCouples.push(seal);
+        const state = log.state;
+        for (const wit of state.backers) {
+            const endpoint = this.resolveEndpoint(wit, "controller");
+            const client = new MailboxClient({
+                id: wit,
+                url: endpoint.url,
+                fetch: this.#fetch,
+            });
+            await client.sendMessage(vcp);
+        }
+        await this.processMessage(vcp);
+        return vcp.body;
+    }
+    async listRegistries(owner) {
+        return Array.from(this.#storage.getRegistriesByOwner(owner)).map((message) => message.body);
+    }
+    async createCredential(args) {
+        const registry = this.#storage.getRegistry(args.registryId);
+        if (!registry) {
+            throw new Error(`Registry ${args.registryId} not found`);
+        }
+        const log = await this.loadEventLog(registry.body.ii);
+        const state = log.state;
+        const credential = keri.credential({
+            i: state.identifier,
+            ri: registry.body.i,
+            s: args.schemaId,
+            u: args.salt,
+            a: {
+                i: args.holder,
+                dt: keri.utils.formatDate(args.timestamp ?? new Date()),
+                ...args.data,
+            },
+            r: args.rules,
+            e: args.edges,
+        });
+        await this.processMessage(credential);
+        return credential.body;
+    }
+    async getCredential(id) {
+        return this.#storage.getCredential(id);
+    }
+    async listCredentials(registryId) {
+        return this.#storage.getCredentialsByRegistry(registryId);
+    }
+    async issueCredential(credential) {
+        const log = await this.loadEventLog(credential.i);
+        const iss = keri.issue({
+            i: credential.d,
+            ri: credential.ri,
+            dt: credential.a.dt,
+        });
+        const anchor = await this.anchor(credential.i, {
+            data: {
+                d: iss.body.d,
+                s: iss.body.s,
+                i: iss.body.i,
+            },
+        });
+        const seal = { digest: anchor.event.d, snu: anchor.event.s };
+        iss.attachments.SealSourceCouples.push(seal);
+        const state = log.state;
+        for (const wit of state.backers) {
+            const endpoint = this.resolveEndpoint(wit, "controller");
+            const client = new MailboxClient({
+                id: wit,
+                url: endpoint.url,
+            });
+            await client.sendMessage(iss);
+        }
+        await this.processMessage(iss);
+    }
+    getIssueEvent(credentialSaid) {
+        const [iss] = [...this.#storage.getCredentialEvents(credentialSaid)];
+        if (!iss) {
+            throw new Error(`No issuance found for said ${credentialSaid}`);
+        }
+        return iss;
+    }
+    getAnchorFromSeal(aid, digest) {
+        const log = KeyEventLog.from(this.#storage.getKeyEvents(aid));
+        const anchor = log.events.find((message) => message.body.d === digest);
+        if (!anchor) {
+            throw new Error(`No anchor found for digest ${digest}`);
+        }
+        return anchor;
+    }
+    buildCredentialMessage(credential) {
+        const [iss] = [...this.#storage.getCredentialEvents(credential.d)];
+        if (!iss) {
+            return null;
+        }
+        return new Message(credential, {
+            SealSourceTriples: [
+                {
+                    prefix: iss.body.i,
+                    snu: iss.body.s,
+                    digest: iss.body.d,
+                },
+            ],
+        });
+    }
+    async sendCredentialArtifacts(credential, recipient) {
+        const log = await this.loadEventLog(credential.i);
+        const state = log.state;
+        if (credential.e) {
+            for (const [, edge] of Object.entries(credential.e)) {
+                if (typeof edge === "object" && edge !== null && "n" in edge && typeof edge.n === "string") {
+                    const source = this.#storage.getCredential(edge.n);
+                    if (!source) {
+                        throw new Error(`No source found for edge ${edge.n}`);
+                    }
+                    await this.sendCredentialArtifacts(source, recipient);
+                    const sourceMessage = this.buildCredentialMessage(source);
+                    if (sourceMessage) {
+                        await this.forward({
+                            message: sourceMessage,
+                            recipient: recipient,
+                            sender: source.i,
+                            topic: "credential",
+                        });
+                    }
+                }
+            }
+        }
+        const endpoint = this.resolveEndpoint(recipient, "mailbox");
+        const mailbox = new MailboxClient({
+            id: endpoint.aid,
+            url: endpoint.url,
+        });
+        for (const event of log.events) {
+            await mailbox.sendMessage(event);
+        }
+        for (const event of log.events) {
+            await this.forward({
+                message: event,
+                recipient,
+                sender: state.identifier,
+                topic: "credential",
+            });
+        }
+        const registryMessage = this.#storage.getRegistry(credential.ri);
+        if (!registryMessage) {
+            throw new Error(`Registry with id ${credential.ri} not found`);
+        }
+        if (!registryMessage.attachments.SealSourceCouples.length &&
+            !registryMessage.attachments.SealSourceTriples.length) {
+            throw new Error("No seal found for registry");
+        }
+        await this.forward({
+            message: registryMessage,
+            recipient,
+            sender: state.identifier,
+            topic: "credential",
+        });
+        for (const message of this.#storage.getCredentialEvents(credential.d)) {
+            if (!message.attachments.SealSourceCouples.length && !message.attachments.SealSourceTriples.length) {
+                throw new Error("No seal found for issuance");
+            }
+            await this.forward({
+                message,
+                recipient,
+                sender: state.identifier,
+                topic: "credential",
+            });
+        }
+    }
+    async grant(args) {
+        const log = await this.loadEventLog(args.credential.i);
+        const state = log.state;
+        const registry = this.#storage.getRegistry(args.credential.ri);
+        if (!registry) {
+            throw new Error(`Registry not found for said ${args.credential.ri}`);
+        }
+        const issuee = args.credential.a.i;
+        const recipient = args.recipient || (typeof issuee === "string" && issuee ? issuee : undefined);
+        if (!recipient) {
+            throw new Error("No recipient specified and the credential has no issuee");
+        }
+        const iss = this.getIssueEvent(args.credential.d);
+        const anchorSeal = iss.attachments.SealSourceCouples[0] || iss.attachments.SealSourceTriples[0];
+        if (!anchorSeal) {
+            throw new Error(`No seal found for issuance ${iss.body.d}`);
+        }
+        const anchor = this.getAnchorFromSeal(args.credential.i, anchorSeal.digest);
+        const grant = keri.exchange({
+            sender: state.identifier,
+            route: "/ipex/grant",
+            timestamp: args.timestamp,
+            query: {},
+            anchor: {
+                m: "",
+                i: recipient,
+            },
+            embeds: {
+                acdc: new Message(args.credential, {
+                    SealSourceTriples: [
+                        {
+                            prefix: iss.body.i,
+                            snu: iss.body.s,
+                            digest: iss.body.d,
+                        },
+                    ],
+                }),
+                iss: new Message(iss.body, {
+                    SealSourceCouples: [
+                        {
+                            digest: anchor.body.d,
+                            snu: anchor.body.s,
+                        },
+                    ],
+                }),
+                anc: new Message(anchor.body, {
+                    ControllerIdxSigs: anchor.attachments.ControllerIdxSigs,
+                    WitnessIdxSigs: anchor.attachments.WitnessIdxSigs,
+                }),
+            },
+        });
+        const grantsigs = await this.sign(grant.raw, state.signingKeys);
+        grant.attachments.TransIdxSigGroups.push({
+            snu: state.lastEstablishment.s,
+            digest: state.lastEstablishment.d,
+            prefix: state.identifier,
+            ControllerIdxSigs: grantsigs,
+        });
+        await this.forward({
+            message: grant,
+            recipient,
+            sender: state.identifier,
+            topic: "credential",
+            timestamp: args.timestamp,
+        });
+    }
+    async query(id, topic) {
+        const log = await this.loadEventLog(id);
+        const state = log.state;
+        const endpoint = this.resolveEndpoint(id, "mailbox");
+        const client = new MailboxClient({ id: endpoint.aid, url: endpoint.url });
+        const offset = this.#storage.getMailboxOffset(id, topic);
+        const queryMessage = keri.query({
+            r: "mbx",
+            q: {
+                src: endpoint.aid,
+                i: id,
+                topics: { [`/${topic}`]: offset },
+            },
+        });
+        queryMessage.attachments = {
+            TransLastIdxSigGroups: [
+                {
+                    prefix: id,
+                    ControllerIdxSigs: await this.sign(queryMessage.raw, state.signingKeys),
+                },
+            ],
+        };
+        const result = await client.sendMessage(queryMessage, AbortSignal.timeout(10000));
+        for (const incoming of result) {
+            this.#storage.saveMessage(incoming);
+        }
+        this.#storage.saveMailboxOffset(id, topic, offset + result.length);
+        return result;
+    }
+    async receiveGrants(holderId) {
+        const messages = await this.query(holderId, "credential");
+        const credentials = [];
+        for (const message of messages) {
+            const body = message.body;
+            if (body.t !== "exn" || body.r !== "/ipex/grant") {
+                continue;
+            }
+            const acdcBody = body.e?.acdc;
+            const issBody = body.e?.iss;
+            if (!acdcBody || !issBody) {
+                throw new Error("Invalid grant message: missing acdc or iss embed");
+            }
+            const acdcCouple = message.attachments.PathedMaterialCouples.find((c) => c.path === "-e-acdc");
+            const issCouple = message.attachments.PathedMaterialCouples.find((c) => c.path === "-e-iss");
+            this.#storage.saveMessage(new Message(acdcBody, acdcCouple?.attachments ?? new Attachments()));
+            if (issBody) {
+                this.#storage.saveMessage(new Message(issBody, issCouple?.attachments ?? new Attachments()));
+            }
+            credentials.push(acdcBody);
+        }
+        return credentials;
+    }
+    async export(id) {
+        const log = await this.loadEventLog(id);
+        return log.events;
+    }
+}
+//# sourceMappingURL=controller.js.map

package/dist/controller/controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"controller.js","sourceRoot":"","sources":["../../src/controller/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EACL,WAAW,EASX,WAAW,EAEX,IAAI,EACJ,aAAa,EACb,OAAO,EAIP,cAAc,EACd,eAAe,EACf,IAAI,EACJ,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAKzE,OAAO,EAAkB,mBAAmB,EAAE,MAAM,cAAc,CAAC;AA4EnE,MAAM,OAAO,UAAU;IACrB,QAAQ,CAAoB;IAC5B,UAAU,CAAY;IACtB,MAAM,CAA0B;IAEhC,YAAY,IAAoB;QAC9B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,mBAAmB,CAAC,IAAI,CAAC,UAAU,IAAI,oBAAoB,CAAC,CAAC;QACrG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QACzC,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC;QACtF,OAAO,GAAG,CAAC,SAAS,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,SAAiB,EAAE,GAAe;QAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAChE,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,GAAG,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC;QAE9B,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,QAAQ,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBACvB,KAAK,KAAK,CAAC;gBACX,KAAK,KAAK,CAAC;gBACX,KAAK,KAAK,CAAC;gBACX,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,OAAgC,CAAC,CAAC;oBACnD,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;oBACnC,MAAM;gBACR,CAAC;gBACD,KAAK,KAAK,CAAC,CAAC,CAAC;oBACX,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,IAAsB,CAAC,CAAC,CAAC;oBACvE,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC,KAAK,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,EAAU;QAC3B,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;QAE7D,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;QAClD,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,eAAe,CAAC,GAAW,EAAE,IAAI,GAAG,YAAY;QAC9C,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1G,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,cAAc,GAAG,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAEpH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO;YACL,GAAG;YACH,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,GAAe,EAAE,IAAc;QACxC,OAAO,OAAO,CAAC,GAAG,CAChB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAA6B,EAAE;QAC1C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE7D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC;YACxB,WAAW,EAAE,CAAC,SAAS,CAAC;YACxB,QAAQ,EAAE,CAAC,mBAAmB,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;QAE9C,OAAO;YACL,EAAE,EAAG,KAAK,CAAC,IAAwB,CAAC,CAAC;YACrC,KAAK,EAAE,KAAK,CAAC,IAAuB;SACrC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAgB;QACnC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxC,8DAA8D;YAC9D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,QAAQ,OAAO,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACvB,KAAK,KAAK,CAAC;YACX,KAAK,KAAK,CAAC;YACX,KAAK,KAAK,CAAC,CAAC,CAAC;gBACX,MAAM,IAAI,GAAG,OAAO,CAAC,IAAoB,CAAC;gBAC1C,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;gBAEjE,uCAAuC;gBACvC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBACjE,GAAG,CAAC,MAAM,CAAC,OAAgC,CAAC,CAAC,CAAC,+BAA+B;oBAC7E,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACrC,CAAC;gBACD,MAAM;YACR,CAAC;YACD,KAAK,KAAK,CAAC;YACX,KAAK,KAAK,CAAC;YACX,KAAK,KAAK;gBACR,8DAA8D;gBAC9D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACnC,MAAM;YACR,KAAK,KAAK;gBACR,gDAAgD;gBAChD,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACnC,MAAM;YACR;gBACE,mCAAmC;gBACnC,sCAAsC;gBACtC,MAAM;QACV,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAgB,EAAE,KAAe;QAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAE,KAAK,CAAC,IAAwB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC;QACvG,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,CAAE,KAAK,CAAC,IAAwB,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC/G,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QACrD,KAAK,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACrF,MAAM,IAAI,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACpE,KAAK,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC/C,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,MAAkB;QACzC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAE9D,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAE9B,OAAO;YACL,EAAE,EAAG,KAAK,CAAC,IAA0B,CAAC,CAAC;YACvC,KAAK,EAAE,KAAK,CAAC,IAAyB;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,IAA0B;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAClC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CACjF,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC/C,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE7D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YAC/B,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,CAAC,mBAAmB,CAAC;YACrC,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAE9B,OAAO;YACL,EAAE,EAAG,KAAK,CAAC,IAAwB,CAAC,CAAC;YACrC,KAAK,EAAE,KAAK,CAAC,IAAuB;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACrB,CAAC,EAAE,IAAI,CAAC,KAAK;YACb,CAAC,EAAE,IAAI,CAAC,MAAM;SACf,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACzD,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC;YACrC,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACjC,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,iBAAiB,EAAE,IAAI;SACxB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAE/B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;gBAC/B,EAAE,EAAE,GAAG;gBACP,GAAG,EAAE,QAAQ,CAAC,GAAG;aAClB,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAiB;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;YAC/B,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,KAAK,EAAE,IAAI,CAAC,MAAM;SACnB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QAExB,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;QACpE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC;gBAC9C,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAC9B,MAAM,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBACjC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,iBAAiB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,CAAC;aACxE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YACxB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,MAAM;YACb,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,sBAAsB;YACtB,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;YACjD,MAAM,EAAE,EAAE;YACV,MAAM,EAAE;gBACN,GAAG,EAAE,IAAI,CAAC,OAAO;aAClB;SACF,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAC5D,GAAG,CAAC,WAAW,GAAG;YAChB,iBAAiB,EAAE;gBACjB;oBACE,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,iBAAiB,EAAE,OAAO;oBAC1B,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;oBAC9B,MAAM,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;iBAClC;aACF;YACD,qBAAqB,EAAE,GAAG,CAAC,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAC5E,GAAG,MAAM;gBACT,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;SACJ,CAAC;QAEF,MAAM,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAE3C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;YACxB,EAAE,EAAE,KAAK;SACV,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACtC,IAAI,EAAE;gBACJ,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACb,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACb,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;aACd;SACF,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;gBAC/B,EAAE,EAAE,GAAG;gBACP,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM;aACnB,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAE/B,OAAO,GAAG,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9F,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAA0B;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,UAAU,YAAY,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QAExB,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;YACjC,CAAC,EAAE,KAAK,CAAC,UAAU;YACnB,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC,EAAE,IAAI,CAAC,QAAQ;YAChB,CAAC,EAAE,IAAI,CAAC,IAAI;YACZ,CAAC,EAAE;gBACD,CAAC,EAAE,IAAI,CAAC,MAAM;gBACd,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC;gBACvD,GAAG,IAAI,CAAC,IAAI;aACb;YACD,CAAC,EAAE,IAAI,CAAC,KAAK;YACb,CAAC,EAAE,IAAI,CAAC,KAAK;SACd,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAEtC,OAAO,UAAU,CAAC,IAAI,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,UAAkB;QACtC,OAAO,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,UAA0B;QAC9C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAElD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACrB,CAAC,EAAE,UAAU,CAAC,CAAC;YACf,EAAE,EAAE,UAAU,CAAC,EAAE;YACjB,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE;SACpB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE;YAC7C,IAAI,EAAE;gBACJ,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACb,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACb,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;aACd;SACF,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC;gBAC/B,EAAE,EAAE,GAAG;gBACP,GAAG,EAAE,QAAQ,CAAC,GAAG;aAClB,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAEO,aAAa,CAAC,cAAsB;QAC1C,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,cAAc,CAAC,CAA0B,CAAC;QAE9F,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,iBAAiB,CAAC,GAAW,EAAE,MAAc;QACnD,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAoC,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;QAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,sBAAsB,CAAC,UAA0B;QACvD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,CAA0B,CAAC;QAE5F,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,UAAU,EAAE;YAC7B,iBAAiB,EAAE;gBACjB;oBACE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;oBAClB,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;oBACf,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;iBACnB;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,UAA0B,EAAE,SAAiB;QACzE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QAExB,IAAI,UAAU,CAAC,CAAC,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAC3F,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAEnD,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;oBACxD,CAAC;oBAED,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;oBAEtD,MAAM,aAAa,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC;oBAE1D,IAAI,aAAa,EAAE,CAAC;wBAClB,MAAM,IAAI,CAAC,OAAO,CAAC;4BACjB,OAAO,EAAE,aAAa;4BACtB,SAAS,EAAE,SAAS;4BACpB,MAAM,EAAE,MAAM,CAAC,CAAC;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC;YAChC,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAC,CAAC;QAEH,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,IAAI,CAAC,OAAO,CAAC;gBACjB,OAAO,EAAE,KAAK;gBACd,SAAS;gBACT,MAAM,EAAE,KAAK,CAAC,UAAU;gBACxB,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oBAAoB,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;QACjE,CAAC;QAED,IACE,CAAC,eAAe,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM;YACrD,CAAC,eAAe,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,EACrD,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,OAAO,EAAE,eAAe;YACxB,SAAS;YACT,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,KAAK,EAAE,YAAY;SACpB,CAAC,CAAC;QAEH,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC;gBACnG,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,IAAI,CAAC,OAAO,CAAC;gBACjB,OAAO;gBACP,SAAS;gBACT,MAAM,EAAE,KAAK,CAAC,UAAU;gBACxB,KAAK,EAAE,YAAY;aACpB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAmB;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAEhG,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;QAEhG,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QAE5E,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC1B,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,KAAK,EAAE,aAAa;YACpB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,KAAK,EAAE,EAAE;YACT,MAAM,EAAE;gBACN,CAAC,EAAE,EAAE;gBACL,CAAC,EAAE,SAAS;aACb;YACD,MAAM,EAAE;gBACN,IAAI,EAAE,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE;oBACjC,iBAAiB,EAAE;wBACjB;4BACE,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;4BAClB,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;4BACf,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;yBACnB;qBACF;iBACF,CAAC;gBACF,GAAG,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE;oBACzB,iBAAiB,EAAE;wBACjB;4BACE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;4BACrB,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAW;yBAC7B;qBACF;iBACF,CAAC;gBACF,GAAG,EAAE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE;oBAC5B,iBAAiB,EAAE,MAAM,CAAC,WAAW,CAAC,iBAAiB;oBACvD,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,cAAc;iBAClD,CAAC;aACH;SACF,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QAChE,KAAK,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC;YACvC,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAC;YACjC,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,iBAAiB,EAAE,SAAS;SAC7B,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,OAAO,EAAE,KAAK;YACd,SAAS;YACT,MAAM,EAAE,KAAK,CAAC,UAAU;YACxB,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,EAAU,EAAE,KAAa;QACnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,EAAE,EAAE,EAAE,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;QAE1E,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAEzD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;YAC9B,CAAC,EAAE,KAAK;YACR,CAAC,EAAE;gBACD,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,CAAC,EAAE,EAAE;gBACL,MAAM,EAAE,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE;aAClC;SACF,CAAC,CAAC;QAEH,YAAY,CAAC,WAAW,GAAG;YACzB,qBAAqB,EAAE;gBACrB;oBACE,MAAM,EAAE,EAAE;oBACV,iBAAiB,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,WAAW,CAAC;iBACxE;aACF;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAElF,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAEnE,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAAgB;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,WAAW,GAAqB,EAAE,CAAC;QAEzC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAyB,CAAC;YAC/C,IAAI,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;gBACjD,SAAS;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,EAAE,IAAkC,CAAC;YAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,EAAE,GAA6B,CAAC;YAEtD,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACtE,CAAC;YAED,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;YAC/F,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;YAE7F,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC;YAC/F,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,WAAW,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC;YAC/F,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC,MAAM,CAAC;IACpB,CAAC;CACF"}

package/dist/controller/encrypt.d.ts

@@ -0,0 +1,45 @@
+export interface Encrypter {
+    encrypt(data: Uint8Array): Promise<Uint8Array>;
+    decrypt(data: Uint8Array): Promise<Uint8Array>;
+}
+/**
+ * TODO
+ *
+ * This implementation is intentionally minimal for MVP.
+ * It uses PBKDF2 (SHA-256, 310k iterations) + AES-256-GCM with
+ * random salt and IV. This is secure by modern standards, but
+ * not fully hardened.
+ *
+ * Planned improvements for next format version (e.g. "KJS2"):
+ *
+ * 1. KDF Upgrade
+ *    - Replace PBKDF2 with Argon2id (memory-hard).
+ *    - Alternatively support multiple KDFs via encoded KDF identifier.
+ *
+ * 2. Encode KDF Parameters
+ *    - Store iteration count (and memory parameters if Argon2)
+ *      inside ciphertext header for forward compatibility.
+ *
+ * 3. Header Authentication (AAD)
+ *    - Include prefix + salt + IV as AES-GCM additional authenticated data
+ *      to cryptographically bind structure.
+ *
+ * 4. Passphrase Handling
+ *    - Avoid long-term caching of passphrase strings in memory.
+ *    - Prefer short-lived Uint8Array or derived CryptoKey storage.
+ *
+ * 5. Key Separation (if expanded usage)
+ *    - Derive distinct keys for encryption / MAC / wrapping
+ *      using HKDF if additional primitives are added.
+ *
+ * IMPORTANT:
+ * Never change behavior under the "KJS1" prefix.
+ * All security upgrades must use a new version prefix
+ * to preserve backward compatibility.
+ */
+export declare class PassphraseEncrypter implements Encrypter {
+    #private;
+    constructor(passphrase: string);
+    encrypt(data: Uint8Array): Promise<Uint8Array>;
+    decrypt(ciphertext: Uint8Array): Promise<Uint8Array>;
+}