meshsig 0.5.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 AgentMesh Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,276 @@
+<p align="center">
+  <img src="assets/logo.svg" width="280" alt="MeshSig Logo">
+</p>
+
+<p align="center">
+  <img src="https://img.shields.io/badge/Ed25519-Cryptographic_Identity-00d4ff?style=for-the-badge" />
+  <img src="https://img.shields.io/badge/W3C-DID_Standard-8b5cf6?style=for-the-badge" />
+  <img src="https://img.shields.io/badge/License-MIT-green?style=for-the-badge" />
+  <img src="https://img.shields.io/badge/npm-meshsig-f0b429?style=for-the-badge" />
+</p>
+
+<h1 align="center">MeshSig</h1>
+
+<p align="center">
+  <strong>Cryptographic security layer for AI agents.</strong><br>
+  <em>Identity · Signed Messages · Verified Handshakes · Trust Scoring</em>
+</p>
+
+<p align="center">
+  <a href="https://meshsig.ai">meshsig.ai</a> ·
+  <a href="#cli">CLI</a> ·
+  <a href="#dashboard">Dashboard</a> ·
+  <a href="#openclaw-integration">OpenClaw</a> ·
+  <a href="#api-reference">API</a> ·
+  <a href="#audit--compliance">Audit</a>
+</p>
+
+---
+
+## What is MeshSig?
+
+MeshSig gives every AI agent a **cryptographic identity** and secures every agent-to-agent communication with **Ed25519 digital signatures**.
+
+When Agent A sends a task to Agent B, MeshSig:
+- Signs the message with Agent A's private key
+- Verifies the signature mathematically before delivery
+- Logs the interaction with tamper-proof audit trail
+- Updates trust scores based on verified history
+
+No one can impersonate an agent. No one can tamper with a message. Every interaction has cryptographic proof.
+
+## Quick Start
+
+```bash
+git clone https://github.com/carlostroy/meshsig.git
+cd meshsig
+npm install && npm run build
+node dist/main.js start
+```
+
+Open `http://localhost:4888` — live security operations dashboard.
+
+## CLI
+
+MeshSig works as a standalone command-line tool. No server required for signing and verifying.
+
+```bash
+# Generate your Ed25519 identity
+meshsig init
+# ✓ Identity generated
+#   DID: did:msig:3icqQkmJWby4S5rpaSRoCcKvjKWdTvqViyPrCEC7Tek2
+
+# Sign a message
+meshsig sign "Deploy the new model to production"
+# ✓ Message signed
+#   SIGNATURE: HkyrXOPOXF7v422A4iOcg/qkg...
+
+# Verify a signature (with DID or public key)
+meshsig verify "Deploy the new model" "HkyrXO..." "did:msig:3icq..."
+# ✓ SIGNATURE VALID
+
+# Show your identity
+meshsig identity
+
+# List agents on the mesh
+meshsig agents
+
+# Server statistics
+meshsig stats
+
+# Export audit log
+meshsig audit --json > report.json
+
+# Start the server
+meshsig start --port 4888
+```
+
+All commands support `--json` for piping and automation.
+
+## Dashboard
+
+Real-time security operations center showing agents, connections, trust scores, and signed messages flowing through the network.
+
+```bash
+meshsig start --port 4888
+# Open http://localhost:4888
+```
+
+Features:
+- Live network graph with D3.js force simulation
+- Flowing particles on connections between agents
+- Sound notifications on message signing
+- Agent stats: trust scores, interactions, capabilities
+- Local and remote agent distinction
+- Event feed with signature verification status
+
+## Audit & Compliance
+
+Every signed message is logged with cryptographic proof. Export the complete audit trail for compliance.
+
+**API endpoint:**
+```bash
+curl http://localhost:4888/audit/export
+```
+
+Returns JSON with:
+- Summary (total agents, messages, verified/failed counts, average trust)
+- All agents with DIDs, public keys, trust scores
+- All connections with handshake proof
+- All messages with signatures and verification status
+
+**CLI:**
+```bash
+meshsig audit --json > audit-2026-03.json
+```
+
+## Public Signature Verifier
+
+Anyone can verify a signature in the browser — no account, no install needed.
+
+Open `http://localhost:4888/verify`, paste a message, signature, and public key or DID. One click verification.
+
+**API:**
+```bash
+curl -X POST http://localhost:4888/verify \
+  -H 'Content-Type: application/json' \
+  -d '{"message":"hello","signature":"base64...","did":"did:msig:..."}'
+# {"valid": true, "verifiedAt": "2026-03-13T..."}
+```
+
+## OpenClaw Integration
+
+MeshSig integrates natively with [OpenClaw](https://openclaw.com). One install secures all agent-to-agent delegations with cryptographic signatures.
+
+```bash
+# With MeshSig running on the same server as OpenClaw:
+bash scripts/install.sh
+```
+
+The install script automatically:
+1. Discovers all OpenClaw agents on the machine
+2. Generates Ed25519 identity (`did:msig:...`) for each agent
+3. Creates verified connections via cryptographic handshake
+4. Replaces `invoke.sh` with a signed version (original backed up)
+
+```
+Before:  Agent A → invoke.sh → Agent B  (no proof)
+After:   Agent A → invoke.sh → [SIGN] → MeshSig → [VERIFY] → Agent B
+```
+
+### Auto-register new agents
+
+```bash
+# When a new agent is provisioned:
+bash scripts/register-agent.sh agent-name-here
+
+# When an agent is removed:
+bash scripts/unregister-agent.sh agent-name-here
+```
+
+## How It Works
+
+### Identity
+
+Every agent receives an Ed25519 keypair and a W3C Decentralized Identifier:
+
+```
+did:msig:6QoiRtfC29pfDoDA4um3TMrBpaCq6kr...
+```
+
+The DID is derived from the public key. Impossible to forge. Universally verifiable.
+
+### Signed Messages
+
+Every message carries a digital signature:
+
+```json
+{
+  "from": "did:msig:6Qoi...",
+  "to": "did:msig:8GkC...",
+  "message": "Analyze the Q1 sales report",
+  "signature": "LsBbF/FRgaacn1jIMBwK6hxr22jCT...",
+  "verified": true
+}
+```
+
+### Trust Scoring
+
+Trust is earned, not declared:
+- Every verified message: trust increases
+- Every failed verification: trust decreases
+- Based on real interactions, not self-assessment
+
+### Multi-Server Networking
+
+Connect MeshSig instances across servers:
+
+```bash
+# Server 1
+meshsig start --port 4888
+
+# Server 2 — connects to Server 1, agents sync automatically
+meshsig start --port 4888 --peer ws://server1:4888
+```
+
+Remote agents appear on the dashboard with origin labels.
+
+## API Reference
+
+```
+GET  /                  Live dashboard (Security Operations Center)
+GET  /health            Server status
+GET  /stats             Network statistics
+GET  /snapshot          Full network state
+GET  /verify            Public signature verifier (browser)
+POST /verify            Verify a signature (API)
+GET  /audit/export      Compliance audit report (JSON)
+
+POST /agents/register   Register agent → returns Ed25519 keypair + DID
+GET  /agents            List all agents with trust scores
+GET  /agents/:did       Get specific agent
+
+POST /discover          Find agents by capability
+POST /discover/network  Find across connected peers
+
+POST /messages/send     Sign + verify + log a message
+POST /messages/verify   Verify a message signature
+
+POST /handshake         Cryptographic handshake between agents
+GET  /connections       List verified connections
+GET  /messages          Recent signed messages
+
+GET  /peers             Connected MeshSig instances
+POST /peers/connect     Connect to another instance
+
+WS   ws://host:port     Live event stream
+```
+
+## Security
+
+| Layer | Implementation |
+|-------|---------------|
+| Signatures | Ed25519 — same as SSH, Signal, WireGuard, TLS 1.3 |
+| Identity | W3C DID standard (`did:msig:`) |
+| Handshake | Mutual challenge-response with nonce and timestamp |
+| Storage | Local SQLite — no cloud dependency |
+| Audit | Tamper-evident log with cryptographic hashes |
+
+See [docs/SECURITY.md](docs/SECURITY.md) for the full security whitepaper.
+
+## Requirements
+
+- Node.js ≥ 18
+
+No database to configure. No cloud services. No API keys. Install, start, secure.
+
+## License
+
+MIT
+
+---
+
+<p align="center">
+  <strong>MeshSig</strong> — Cryptographic security layer for AI agents.<br>
+  <a href="https://meshsig.ai">meshsig.ai</a> · <a href="https://github.com/carlostroy/meshsig">GitHub</a>
+</p>

package/dist/crypto.d.ts

@@ -0,0 +1,43 @@
+export interface AgentIdentity {
+    did: string;
+    publicKey: string;
+    privateKey: string;
+    createdAt: string;
+}
+export interface Capability {
+    type: string;
+    confidence?: number;
+}
+export type PermissionScope = 'read:capabilities' | 'send:request' | 'send:broadcast' | 'execute:task' | 'read:status' | 'write:shared_state';
+export interface HandshakeRequest {
+    fromDid: string;
+    toDid: string;
+    nonce: string;
+    timestamp: string;
+    signature: string;
+    requestedPermissions: PermissionScope[];
+}
+export interface HandshakeResponse {
+    accepted: boolean;
+    nonce: string;
+    signature: string;
+    grantedPermissions: PermissionScope[];
+    channelId: string;
+}
+export declare class MeshError extends Error {
+    code: string;
+    statusCode: number;
+    constructor(message: string, code: string, statusCode?: number);
+}
+export declare function generateIdentity(): Promise<AgentIdentity>;
+export declare function didToPublicKey(did: string): Uint8Array;
+export declare function isValidDid(did: string): boolean;
+export declare function sign(message: string, privateKeyBase64: string): Promise<string>;
+export declare function verify(message: string, signature: string, publicKeyBase64: string): Promise<boolean>;
+export declare function verifyWithDid(message: string, signature: string, did: string): Promise<boolean>;
+export declare function hashPayload(payload: unknown): string;
+export declare function generateNonce(): string;
+export declare function createHandshakeRequest(fromDid: string, toDid: string, privateKey: string, permissions: PermissionScope[]): Promise<HandshakeRequest>;
+export declare function verifyHandshakeRequest(req: HandshakeRequest, publicKey: string): Promise<boolean>;
+export declare function createHandshakeResponse(req: HandshakeRequest, responderDid: string, privateKey: string, accepted: boolean, permissions: PermissionScope[], channelId: string): Promise<HandshakeResponse>;
+export declare function verifyHandshakeResponse(res: HandshakeResponse, req: HandshakeRequest, publicKey: string): Promise<boolean>;

package/dist/crypto.js

@@ -0,0 +1,108 @@
+// ============================================================================
+// MeshSig — Crypto Layer
+// Ed25519 identity, signing, verification, hashing.
+// ============================================================================
+import * as ed from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+import { sha256 } from '@noble/hashes/sha256';
+import bs58 from 'bs58';
+ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
+const DID_PREFIX = 'did:msig:';
+export class MeshError extends Error {
+    code;
+    statusCode;
+    constructor(message, code, statusCode = 500) {
+        super(message);
+        this.code = code;
+        this.statusCode = statusCode;
+        this.name = 'MeshError';
+    }
+}
+// -- Identity ----------------------------------------------------------------
+export async function generateIdentity() {
+    const priv = ed.utils.randomPrivateKey();
+    const pub = await ed.getPublicKeyAsync(priv);
+    return {
+        did: `${DID_PREFIX}${bs58.encode(pub)}`,
+        publicKey: Buffer.from(pub).toString('base64'),
+        privateKey: Buffer.from(priv).toString('base64'),
+        createdAt: new Date().toISOString(),
+    };
+}
+export function didToPublicKey(did) {
+    if (!did.startsWith(DID_PREFIX))
+        throw new MeshError(`Invalid DID: ${did}`, 'INVALID_DID', 400);
+    const bytes = bs58.decode(did.slice(DID_PREFIX.length));
+    if (bytes.length !== 32)
+        throw new MeshError('Invalid DID key length', 'INVALID_DID', 400);
+    return bytes;
+}
+export function isValidDid(did) {
+    try {
+        didToPublicKey(did);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// -- Signing -----------------------------------------------------------------
+export async function sign(message, privateKeyBase64) {
+    const sig = await ed.signAsync(new TextEncoder().encode(message), Buffer.from(privateKeyBase64, 'base64'));
+    return Buffer.from(sig).toString('base64');
+}
+export async function verify(message, signature, publicKeyBase64) {
+    try {
+        return await ed.verifyAsync(Buffer.from(signature, 'base64'), new TextEncoder().encode(message), Buffer.from(publicKeyBase64, 'base64'));
+    }
+    catch {
+        return false;
+    }
+}
+export async function verifyWithDid(message, signature, did) {
+    return verify(message, signature, Buffer.from(didToPublicKey(did)).toString('base64'));
+}
+export function hashPayload(payload) {
+    return Buffer.from(sha256(new TextEncoder().encode(JSON.stringify(payload)))).toString('hex');
+}
+export function generateNonce() {
+    return Buffer.from(ed.utils.randomPrivateKey()).toString('base64');
+}
+// -- Handshake ---------------------------------------------------------------
+export async function createHandshakeRequest(fromDid, toDid, privateKey, permissions) {
+    const nonce = generateNonce();
+    const timestamp = new Date().toISOString();
+    return {
+        fromDid, toDid, nonce, timestamp,
+        signature: await sign(`${nonce}${toDid}${timestamp}`, privateKey),
+        requestedPermissions: permissions,
+    };
+}
+export async function verifyHandshakeRequest(req, publicKey) {
+    const age = Date.now() - new Date(req.timestamp).getTime();
+    if (age > 60_000)
+        throw new MeshError('Handshake expired', 'HANDSHAKE_EXPIRED', 400);
+    if (age < -5_000)
+        throw new MeshError('Handshake from future', 'HANDSHAKE_EXPIRED', 400);
+    const valid = await verify(`${req.nonce}${req.toDid}${req.timestamp}`, req.signature, publicKey);
+    if (!valid)
+        throw new MeshError('Invalid signature', 'INVALID_SIGNATURE', 401);
+    return true;
+}
+export async function createHandshakeResponse(req, responderDid, privateKey, accepted, permissions, channelId) {
+    const nonce = generateNonce();
+    return {
+        accepted, nonce, channelId: accepted ? channelId : '',
+        signature: await sign(`${req.nonce}${req.fromDid}${nonce}`, privateKey),
+        grantedPermissions: accepted ? permissions : [],
+    };
+}
+export async function verifyHandshakeResponse(res, req, publicKey) {
+    if (!res.accepted)
+        return true;
+    const valid = await verify(`${req.nonce}${req.fromDid}${res.nonce}`, res.signature, publicKey);
+    if (!valid)
+        throw new MeshError('Invalid response signature', 'INVALID_SIGNATURE', 401);
+    return true;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,yBAAyB;AACzB,oDAAoD;AACpD,+EAA+E;AAE/E,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AAE/D,MAAM,UAAU,GAAG,WAAW,CAAC;AAmC/B,MAAM,OAAO,SAAU,SAAQ,KAAK;IACE;IAAqB;IAAzD,YAAY,OAAe,EAAS,IAAY,EAAS,aAAa,GAAG;QACvE,KAAK,CAAC,OAAO,CAAC,CAAC;QADmB,SAAI,GAAJ,IAAI,CAAQ;QAAS,eAAU,GAAV,UAAU,CAAM;QAEvE,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC7C,OAAO;QACL,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;QACvC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC9C,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAChD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,GAAG,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;IAChG,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,SAAS,CAAC,wBAAwB,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;IAC3F,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC;QAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAAC,OAAO,IAAI,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AACnE,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAe,EAAE,gBAAwB;IAClE,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3G,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,OAAe,EAAE,SAAiB,EAAE,eAAuB;IACtF,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC,WAAW,CACzB,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAChC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EACjC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CACvC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,KAAK,CAAC;IAAC,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe,EAAE,SAAiB,EAAE,GAAW;IACjF,OAAO,MAAM,CAAC,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzF,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,OAAgB;IAC1C,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAe,EAAE,KAAa,EAAE,UAAkB,EAAE,WAA8B;IAElF,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS;QAChC,SAAS,EAAE,MAAM,IAAI,CAAC,GAAG,KAAK,GAAG,KAAK,GAAG,SAAS,EAAE,EAAE,UAAU,CAAC;QACjE,oBAAoB,EAAE,WAAW;KAClC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,GAAqB,EAAE,SAAiB;IACnF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IAC3D,IAAI,GAAG,GAAG,MAAM;QAAE,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACrF,IAAI,GAAG,GAAG,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACzF,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,SAAS,EAAE,EAAE,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IACjG,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAC/E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAqB,EAAE,YAAoB,EAAE,UAAkB,EAC/D,QAAiB,EAAE,WAA8B,EAAE,SAAiB;IAEpE,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACrD,SAAS,EAAE,MAAM,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,KAAK,EAAE,EAAE,UAAU,CAAC;QACvE,kBAAkB,EAAE,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;KAChD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAsB,EAAE,GAAqB,EAAE,SAAiB;IAEhE,IAAI,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC/F,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,4BAA4B,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACxF,OAAO,IAAI,CAAC;AACd,CAAC"}