npm - ping-openmls-sdk - Versions diffs - 0.6.8 → 0.6.10 - Mend

ping-openmls-sdk 0.6.8 → 0.6.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/index.cjs +29 -0
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +11 -3
package/dist/index.d.ts +11 -3
package/dist/index.js +29 -0
package/dist/index.js.map +1 -1
package/dist/storage/indexeddb.d.cts +1 -1
package/dist/storage/indexeddb.d.ts +1 -1
package/dist/transport/websocket.d.cts +1 -1
package/dist/transport/websocket.d.ts +1 -1
package/dist/{types-CFo4skJI.d.cts → types-O6uxcX8f.d.cts} +19 -1
package/dist/{types-CFo4skJI.d.ts → types-O6uxcX8f.d.ts} +19 -1
package/dist/worker.cjs +4 -0
package/dist/worker.cjs.map +1 -1
package/dist/worker.js +7 -1
package/dist/worker.js.map +1 -1
package/package.json +1 -1
package/wasm/package.json +1 -1
package/wasm/ping_wasm.d.ts +19 -3
package/wasm/ping_wasm.js +78 -18
package/wasm/ping_wasm_bg.wasm +0 -0
package/wasm/ping_wasm_bg.wasm.d.ts +5 -3

package/dist/index.cjs CHANGED Viewed

@@ -553,6 +553,35 @@ var MessagingClient = class _MessagingClient {
       mnemonicPhrase
     });
   }
+  // ------------------------ Peer-assisted history transfer ------------------------
+  // Authenticated (sign-then-encrypt) device-to-device history used by linking and
+  // post-recovery peer re-add. Confidential to the recipient's ephemeral X25519 key AND
+  // signed by the account identity key, so the receiver proves the sender. Plaintext-only
+  // share — preserves forward secrecy (no MLS keys leave the device).
+  /** Seal+sign a `HistoryBundle` for a recipient device. `recipientPub` (X25519, 32B) is the
+   *  recipient's ephemeral pubkey from the linking QR; `senderIdentitySecret` (Ed25519 seed,
+   *  32B) is this account's identity key. Returns the blob to POST to /v1/history-transfers. */
+  static async sealHistoryBundle(bundle, recipientPub, senderIdentitySecret) {
+    return _MessagingClient.ephemeralWorkerCall({
+      kind: "sealHistoryBundle",
+      id: 1,
+      bundle,
+      recipientPub,
+      senderIdentitySecret
+    });
+  }
+  /** Open+verify a sealed history bundle. `recipientPriv` (X25519, 32B) is this device's
+   *  ephemeral private key; `senderIdentityPub` (Ed25519, 32B) is the account identity pubkey
+   *  from the linking handshake. Throws if the signature doesn't verify. */
+  static async openHistoryBundle(sealed, recipientPriv, senderIdentityPub) {
+    return _MessagingClient.ephemeralWorkerCall({
+      kind: "openHistoryBundle",
+      id: 1,
+      sealed,
+      recipientPriv,
+      senderIdentityPub
+    });
+  }
   /**
    * Admit a freshly-linked device to every chat in `entries` — one MLS
    * Commit + Welcome per chat, with the Welcome's `?recipient=` priming

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/storage/indexeddb.ts","../src/wire-contract.ts","../src/transport/websocket.ts"],"sourcesContent":["// Public entry point. Spawns the dedicated Worker that hosts the WASM instance and exposes a\n// Promise-based, identical-to-native API. Crypto runs off the main thread.\n\nimport type {\n AdmitChatEntry, AdmitChatOutcome,\n CatchupAppEvent, CatchupSnapshotView,\n ConversationId, ConversationMeta, DeviceId, IncomingMessage,\n KeyPackageEntry, LinkingTicket, MessageEnvelope, RecoveryBackup, Storage, Transport, UserId,\n} from \"./types\";\nimport type { Request, Response } from \"./protocol\";\n\nexport type * from \"./types\";\n\n// Re-export the default Storage and Transport implementations from the main entry so consumers\n// whose bundlers don't honor package.json#exports (Metro with strict resolution, some legacy\n// Webpack configs) can still get them with a plain `import { ... } from \"ping-openmls-sdk\"`. Power\n// users who care about tree-shaking can keep using the subpath imports.\nexport { IndexedDbStorage } from \"./storage/indexeddb\";\nexport { WebSocketTransport } from \"./transport/websocket\";\n\n// Ping wire contract — version, content-type constants, and runtime validators. Internal\n// products MUST claim conformance; external consumers MAY adopt or run their own profile.\n// See docs/PING_WIRE_CONTRACT.md.\nexport {\n PING_WIRE_CONTRACT_VERSION,\n PING_WIRE_CONTRACT_HEADER,\n PING_WIRE_CONTRACT_HEADER_VALUE,\n WIRE_VERSION_MIN_ACCEPTED,\n CONTENT_TYPE_CBOR,\n CONTENT_TYPE_JSON,\n CONTENT_TYPE_CBOR_LEGACY_V1,\n CONTENT_TYPE_JSON_LEGACY_V1,\n ValidationError,\n validate,\n verifyApplicationContentHash,\n negotiates,\n} from \"./wire-contract\";\n\nexport interface ClientConfig {\n identityExport: Uint8Array;\n deviceLabel: string;\n storage: Storage;\n transport: Transport;\n /** Override the wall clock (test/sim only). /\n now?: () => number;\n /\n Optional 32-byte Ed25519 secret key. When supplied AND no\n * `LocalDevice` is yet persisted in `storage`, the SDK adopts this\n * as its device signing key — so `deviceId()` returns\n * `SHA-256(public_key_of(secret))`, deterministic from what the\n * caller passed.\n \n Use case: align the SDK's `device_id` (which the SDK stamps into\n * every envelope's `sender_device` field) with an externally-\n * computed device id — typically `SHA-256(device_signing_pubkey)`\n * in the host's auth layer, where the JWT carries that same value\n * as its `device_id` claim. Without this alignment, a server that\n * validates `envelope.sender_device == jwt.device_id` rejects every\n * upload with `sender_device_mismatch`.\n \n Ignored on subsequent inits (when `storage` already holds a\n * persisted `LocalDevice`) — the on-disk identity is authoritative\n * for stability across restarts.\n /\n deviceSigningSecretKey?: Uint8Array;\n}\n\nexport interface Conversation {\n readonly id: ConversationId;\n send(plaintext: Uint8Array): Promise<MessageEnvelope>;\n /* [CR-2] Add members by (device_id, KeyPackage) pair. Hosts typically pull these\n * straight from `transport.discoverDevices(userId)`. /\n addMembers(entries: KeyPackageEntry[]): Promise<void>;\n removeMembers(leafIndexes: number[]): Promise<void>;\n meta(): ConversationMeta;\n}\n\nexport class MessagingClient {\n private worker: Worker;\n private nextId = 1;\n private pending = new Map<number, { resolve: (v: unknown) => void; reject: (e: Error) => void }>();\n private storage: Storage;\n private transport: Transport;\n private now: () => number;\n private messageHandlers = new Set<(m: IncomingMessage) => void>();\n private conversationHandlers = new Set<(id: ConversationId, epoch: number, sender?: DeviceId) => void>();\n private subscription: { unsubscribe(): void } \| null = null;\n private metaCache = new Map<string, ConversationMeta>();\n // Cached at init() so dispatchIncoming can skip envelopes we sent ourselves — the relay\n // broadcasts to all WS subscribers including the sender, and re-applying our own already-\n // merged commits would error with \"epoch differs\".\n private ownDeviceId: Uint8Array \| null = null;\n\n private constructor(cfg: ClientConfig, worker: Worker) {\n this.worker = worker;\n this.storage = cfg.storage;\n this.transport = cfg.transport;\n this.now = cfg.now ?? (() => Date.now());\n this.worker.onmessage = (ev) => this.handleWorker(ev.data as Response);\n }\n\n /* Generate a fresh identity. The returned bytes are a secret — store them encrypted. /\n static async generateIdentity(): Promise<Uint8Array> {\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"generateIdentity\", id: 1,\n });\n }\n\n /\n HPKE-seal a `LinkingTicket` for delivery to a new device ([CR-3]).\n \n Returns CBOR-encoded bytes safe to relay through an untrusted inbox. The new device's\n * X25519 public key (`newDevicePub`) is exchanged out-of-band — typically as part of a\n * QR-encoded handshake on the linking screen. Pure function; runs in an ephemeral\n * worker so no live `MessagingClient` is required on the sender side.\n \n Suite: `DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM` (matches MLS).\n /\n static async sealLinkingTicket(\n ticket: LinkingTicket,\n newDevicePub: Uint8Array,\n ): Promise<Uint8Array> {\n if (newDevicePub.length !== 32) {\n throw new Error(\"sealLinkingTicket: newDevicePub must be 32 bytes\");\n }\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"sealLinkingTicket\", id: 1, ticket, newDevicePub,\n });\n }\n\n /\n HPKE-open a sealed `LinkingTicket` on the new device ([CR-3]).\n \n The receiving device hasn't booted a `MessagingClient` yet — it only has its X25519\n * ephemeral keypair. This static method runs the open in an ephemeral worker, returning\n * the cleartext ticket which the host then feeds to `init()` + `consumeLinkingTicket()`.\n \n On failure the error message is deliberately generic (no discriminator between \"wrong\n * key\" vs \"tampered ciphertext\") so a probing attacker can't tell the new device's key\n * was the issue.\n /\n static async openLinkingTicket(\n sealed: Uint8Array,\n newDevicePriv: Uint8Array,\n ): Promise<LinkingTicket> {\n if (newDevicePriv.length !== 32) {\n throw new Error(\"openLinkingTicket: newDevicePriv must be 32 bytes\");\n }\n return MessagingClient.ephemeralWorkerCall<LinkingTicket>({\n kind: \"openLinkingTicket\", id: 1, sealed, newDevicePriv,\n });\n }\n\n // Spawn-call-terminate helper for stateless WASM functions exposed at module scope (no\n // PingClient required). Each call gets a fresh worker; the cost is acceptable because\n // these are one-shot, off-the-hot-path operations (identity gen, linking ticket seal/open).\n private static ephemeralWorkerCall<T>(req: Request): Promise<T> {\n const w = new Worker(new URL(\"./worker.js\", import.meta.url), { type: \"module\" });\n return new Promise<T>((resolve, reject) => {\n w.onmessage = (ev) => {\n const msg = ev.data as Response;\n if (msg.kind === \"result\" && msg.id === (req as { id: number }).id) {\n w.terminate();\n msg.ok ? resolve(msg.value as T) : reject(new Error(msg.error));\n }\n };\n w.postMessage(req);\n });\n }\n\n static async init(cfg: ClientConfig): Promise<MessagingClient> {\n const worker = new Worker(new URL(\"./worker.js\", import.meta.url), { type: \"module\" });\n const client = new MessagingClient(cfg, worker);\n\n await client.call({\n kind: \"init\",\n id: client.nextId++,\n identityExport: cfg.identityExport,\n deviceLabel: cfg.deviceLabel,\n nowMs: client.now(),\n ...(cfg.deviceSigningSecretKey\n ? { deviceSigningSecretKey: cfg.deviceSigningSecretKey }\n : {}),\n });\n\n // Cache the device id once so we can drop envelopes we sent ourselves on the WS echo.\n client.ownDeviceId = await client.deviceId();\n\n // Start the live subscription. We dispatch each envelope to the right handler:\n // - Welcome envelopes for unknown conversations → joinConversation\n // - Welcomes for already-joined conversations → drop (server may broadcast duplicates)\n // - Welcomes addressed to other devices → drop (we can't decrypt)\n // - Everything else → processEnvelope\n client.subscription = cfg.transport.subscribe((envelope) => {\n void client.dispatchIncoming(envelope);\n });\n return client;\n }\n\n /* Internal: route an inbound envelope to the right handler. /\n private async dispatchIncoming(envelope: MessageEnvelope): Promise<void> {\n // The relay broadcasts every envelope to every WS subscriber, including the sender. For\n // our own sends, the local MLS state has already been advanced in-process — re-applying\n // would either fail with \"epoch differs\" (commits) or be a no-op dedupe (application\n // messages). Skip them here.\n if (this.ownDeviceId && sameBytesU8(envelope.sender_device, this.ownDeviceId)) {\n return;\n }\n if (envelope.kind === \"Welcome\") {\n try {\n const known = await this.listConversations();\n const already = known.some((m) => sameBytesU8(m.id, envelope.conversation_id));\n if (already) return;\n await this.joinConversation(envelope);\n } catch (e) {\n // Welcomes are broadcast to every connected client; only one device's KeyPackage can\n // decrypt each one, so most fail. Log at debug, drop silently.\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] welcome ignored:\", e);\n }\n return;\n }\n try {\n await this.processEnvelope(envelope);\n } catch (e) {\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] envelope drop:\", e);\n }\n }\n\n // ------------------------ Public API ------------------------\n\n async userId(): Promise<UserId> {\n return await this.call({ kind: \"userId\", id: this.nextId++ }) as UserId;\n }\n\n async deviceId(): Promise<DeviceId> {\n return await this.call({ kind: \"deviceId\", id: this.nextId++ }) as DeviceId;\n }\n\n async freshKeyPackage(): Promise<Uint8Array> {\n return await this.call({ kind: \"freshKeyPackage\", id: this.nextId++ }) as Uint8Array;\n }\n\n async createConversation(opts: { name?: string } = {}): Promise<Conversation> {\n const idBytes = await this.call({\n kind: \"createConversation\", id: this.nextId++, name: opts.name ?? null, nowMs: this.now(),\n }) as ConversationId;\n return this.conversationProxy(idBytes);\n }\n\n async joinConversation(welcome: MessageEnvelope): Promise<Conversation> {\n const idBytes = await this.call({\n kind: \"joinConversation\", id: this.nextId++, welcome, nowMs: this.now(),\n }) as ConversationId;\n return this.conversationProxy(idBytes);\n }\n\n /\n Get a `Conversation` proxy for an already-known conversation. Use this when you have a\n * conversation id (e.g., from `listConversations()`) and want to send/addMembers without\n * re-creating it. Throws if the id isn't known to the worker — call `listConversations()`\n * first to verify membership.\n /\n getConversation(id: ConversationId): Conversation {\n return this.conversationProxy(id);\n }\n\n async listConversations(): Promise<ConversationMeta[]> {\n const metas = await this.call({ kind: \"listConversations\", id: this.nextId++ }) as ConversationMeta[];\n this.metaCache.clear();\n for (const m of metas) this.metaCache.set(hex(m.id), m);\n return metas;\n }\n\n async syncConversations(): Promise<IncomingMessage[]> {\n return await this.call({\n kind: \"syncConversations\", id: this.nextId++, nowMs: this.now(),\n }) as IncomingMessage[];\n }\n\n async processEnvelope(envelope: MessageEnvelope): Promise<IncomingMessage \| null> {\n return await this.call({\n kind: \"processEnvelope\", id: this.nextId++, envelope, nowMs: this.now(),\n }) as IncomingMessage \| null;\n }\n\n /\n Build a `LinkingTicket` for a new device.\n \n [CR-13] `lastAppEvents` is host-supplied per-conversation \"what you missed\" data\n * (decrypted AppEvent bytes the new device will render before sync catches up).\n * Pass `[]` to suppress catchup data — the new device will see an empty conversation\n * list until normal sync runs.\n \n Caller is responsible for HPKE-sealing the returned ticket via\n * `MessagingClient.sealLinkingTicket` before transmitting (CR-3).\n /\n async buildLinkingTicket(\n newDeviceId: DeviceId,\n newDeviceKp: Uint8Array,\n lastAppEvents: CatchupAppEvent[] = [],\n ): Promise<LinkingTicket> {\n return await this.call({\n kind: \"buildLinkingTicket\", id: this.nextId++,\n newDeviceId, newDeviceKp, lastAppEvents, nowMs: this.now(),\n }) as LinkingTicket;\n }\n\n /\n Decode a `LinkingTicket.catchup_snapshot` blob ([CR-13]).\n \n Pure WASM — runs in an ephemeral worker so the new device can call this before\n * `MessagingClient.init()` completes (just like `openLinkingTicket`). Returns the\n * structured view: per-conversation metas + last-known AppEvent bytes.\n \n Throws on malformed or oversized inputs. Empty bytes return `null` — that's the\n * \"no catchup data\" case (sender passed `[]` to buildLinkingTicket).\n /\n static async decodeCatchupSnapshot(\n snapshotBytes: Uint8Array,\n ): Promise<CatchupSnapshotView \| null> {\n if (snapshotBytes.length === 0) return null;\n return MessagingClient.ephemeralWorkerCall<CatchupSnapshotView>({\n kind: \"decodeCatchupSnapshot\", id: 1, snapshotBytes,\n });\n }\n\n async consumeLinkingTicket(ticket: LinkingTicket): Promise<void> {\n await this.call({\n kind: \"consumeLinkingTicket\", id: this.nextId++, ticket, nowMs: this.now(),\n });\n }\n\n // ------------------------ Recovery (account backup) ------------------------\n // All static + stateless: they run on an ephemeral worker, so the recovery screen can\n // call them before any client is initialised. Same Argon2id/AES-256-GCM IdentityBackup\n // wire format as the iOS/Android FFI bindings — backups are portable across platforms.\n\n /* Generate a fresh 12-word BIP39 mnemonic, returned as its canonical phrase string. /\n static async generateMnemonicPhrase(): Promise<string> {\n return MessagingClient.ephemeralWorkerCall<string>({\n kind: \"generateMnemonicPhrase\", id: 1,\n });\n }\n\n /* Validate + canonicalise a user-entered phrase (BIP39 wordlist + checksum). Rejects\n * malformed input. Use on the recovery screen before calling `decryptBackup`. /\n static async normalizeMnemonicPhrase(phrase: string): Promise<string> {\n return MessagingClient.ephemeralWorkerCall<string>({\n kind: \"normalizeMnemonicPhrase\", id: 1, phrase,\n });\n }\n\n /* Encrypt an IdentityBackup for `POST /v1/recovery/blobs`. `deviceGroupSnapshot` may be\n * empty (Conservative path) or the DeviceGroup's `exportConversationStateSnapshot`. /\n static async encryptBackup(args: {\n mnemonicPhrase: string;\n accountId: Uint8Array;\n identityExport: Uint8Array;\n deviceGroupSnapshot: Uint8Array;\n /* External conversations to embed so recovery restores them offline. Pass\n * `[]` (the default) for identity + DeviceGroup only. Each `groupStateBytes`\n * is `Conversation.exportConversationStateSnapshot` output. Forward-secrecy\n * trade-off — see the SDK recovery docs. /\n conversationSnapshots?: { conversationId: Uint8Array; groupStateBytes: Uint8Array }[];\n createdAtMs: number;\n }): Promise<Uint8Array> {\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"encryptBackup\", id: 1,\n mnemonicPhrase: args.mnemonicPhrase,\n accountId: args.accountId,\n identityExport: args.identityExport,\n deviceGroupSnapshot: args.deviceGroupSnapshot,\n conversationSnapshots: args.conversationSnapshots ?? [],\n createdAtMs: args.createdAtMs,\n });\n }\n\n /* Decrypt a recovery blob from `GET /v1/recovery/blobs`. Throws on wrong mnemonic or a\n * tampered blob. The returned `identity_export` is the secret seed for `init`. /\n static async decryptBackup(\n blob: Uint8Array,\n mnemonicPhrase: string,\n ): Promise<RecoveryBackup> {\n return MessagingClient.ephemeralWorkerCall<RecoveryBackup>({\n kind: \"decryptBackup\", id: 1, blob, mnemonicPhrase,\n });\n }\n\n /\n Admit a freshly-linked device to every chat in `entries` — one MLS\n * Commit + Welcome per chat, with the Welcome's `?recipient=` priming\n * handled inside the SDK. This is the post-link reconciliation step\n * that follows `consumeLinkingTicket`: the new device has the\n * DeviceGroup (from the ticket) and metadata for external chats (from\n * the catchup snapshot), but its leaf is not yet in any external\n * MLS group. The host on the EXISTING device calls this once the\n * new device shows up in `/v1/auth/sessions` and has uploaded its\n * KeyPackage batch, passing one freshly-claimed KP per chat.\n \n Per-chat failures (stale KP, transport error, unknown chat) are\n * captured in the returned outcomes rather than aborting — one bad\n * chat shouldn't lose the user access to all the others.\n /\n async admitDeviceToChats(\n deviceId: DeviceId,\n entries: AdmitChatEntry[],\n ): Promise<AdmitChatOutcome[]> {\n return await this.call({\n kind: \"admitDeviceToChats\", id: this.nextId++,\n deviceId, entries, nowMs: this.now(),\n }) as AdmitChatOutcome[];\n }\n\n /\n Revoke a device ([CR-2]).\n \n Removes `deviceId`'s leaf from every conversation where this client locally\n * tracked the device→leaf mapping (i.e. conversations where this client itself\n * admitted the device via `addMembers`, or where this client is the device being\n * revoked). The SDK has already broadcast each Commit envelope via\n * `transport.send`; the returned array is for any additional host-side handling\n * (audit logs, UI). An empty array is a valid outcome — the device wasn't locally\n * known anywhere.\n \n Scope note. Conversations where a peer admitted the device on this client's\n * behalf are silently skipped — the leaf index isn't locally known. Host can fall\n * back to `transport.discoverDevices` + a manual `remove_members(leafIndex)` for\n * those, or wait for the affected user to revoke from a device that did the admit.\n * See `docs/architecture/multi-device.md §Device removal`.\n /\n async revokeDevice(deviceId: DeviceId): Promise<MessageEnvelope[]> {\n return await this.call({\n kind: \"revokeDevice\", id: this.nextId++, deviceId, nowMs: this.now(),\n }) as MessageEnvelope[];\n }\n\n /\n Export a portable MLS state snapshot for one conversation ([CR-7]).\n \n Returned bytes can be embedded in a recovery blob or shipped through a\n * linking ticket so another device of the same user identity can re-attach to\n * the group via [[importStateSnapshot]]. The bytes contain past epoch secrets;\n * never log, never persist unencrypted, wipe (`.fill(0)`) after use.\n /\n async exportConversationStateSnapshot(conv: ConversationId): Promise<Uint8Array> {\n return await this.call({\n kind: \"exportConversationStateSnapshot\", id: this.nextId++,\n conv, nowMs: this.now(),\n }) as Uint8Array;\n }\n\n /\n Import a `GroupStateSnapshot` from another device of the same user identity\n * ([CR-7]).\n \n On success, the conversation appears in [[listConversations]] and decryption\n * of subsequent peer-originated traffic works against the imported state. For\n * full multi-device participation, the recovered device SHOULD then issue an\n * MLS Update Proposal to rotate onto a fresh leaf (post-v1 follow-up — see\n * `docs/design/CR4_CR7_PERSISTENCE.md` open question #3).\n /\n async importStateSnapshot(snapshotBytes: Uint8Array): Promise<ConversationId> {\n return await this.call({\n kind: \"importStateSnapshot\", id: this.nextId++,\n snapshotBytes, nowMs: this.now(),\n }) as ConversationId;\n }\n\n /\n Export a derived secret from a conversation's MLS exporter ([CR-8]).\n \n Used to seed the ephemeral channel (`ping/ephemeral`), call-media keys\n * (`ping/calls/media/<call_id>`), and call-ephemeral framer keys\n * (`ping/calls/ephemeral/<call_id>`). The returned bytes are a secret — never log,\n * persist only encrypted, and call `bytes.fill(0)` after use to wipe the typed array.\n \n Same `(conversationId, current_epoch, label, context, length)` produces the same\n * bytes across every binding (Rust core, native UniFFI, WASM/JS). Cross-platform\n * byte-equality is enforced by `protocol/conformance/export_secret/`.\n /\n async exportConversationSecret(\n conv: ConversationId,\n label: string,\n context: Uint8Array,\n length: number,\n ): Promise<Uint8Array> {\n if (length <= 0 \|\| length > 1024) {\n throw new Error(\"exportConversationSecret: length must be 1..=1024\");\n }\n return await this.call({\n kind: \"exportConversationSecret\", id: this.nextId++,\n conv, label, context, length,\n }) as Uint8Array;\n }\n\n /* Subscribe to decrypted application messages. /\n onMessage(handler: (m: IncomingMessage) => void): () => void {\n this.messageHandlers.add(handler);\n return () => this.messageHandlers.delete(handler);\n }\n\n /* Fired after every state-changing event for a conversation (Commit, member changes). /\n /\n Fires after every conversation state change — joining via Welcome, processing a Commit,\n * etc. `sender` carries the device id of whoever triggered the event when known (e.g. the\n * inviter's device on auto-join), so the host can label peers in its UI.\n /\n onConversationUpdated(handler: (id: ConversationId, epoch: number, sender?: DeviceId) => void): () => void {\n this.conversationHandlers.add(handler);\n return () => this.conversationHandlers.delete(handler);\n }\n\n async close(): Promise<void> {\n this.subscription?.unsubscribe();\n this.worker.terminate();\n }\n\n // ------------------------ Internals ------------------------\n\n private conversationProxy(id: ConversationId): Conversation {\n const self = this;\n return {\n id,\n async send(plaintext) {\n return await self.call({\n kind: \"send\", id: self.nextId++, conv: id, plaintext, nowMs: self.now(),\n }) as MessageEnvelope;\n },\n async addMembers(entries) {\n await self.call({\n kind: \"addMembers\", id: self.nextId++, conv: id, entries, nowMs: self.now(),\n });\n },\n async removeMembers(leaves) {\n await self.call({\n kind: \"removeMembers\", id: self.nextId++, conv: id, leaves, nowMs: self.now(),\n });\n },\n meta() {\n const cached = self.metaCache.get(hex(id));\n if (!cached) throw new Error(\"conversation meta not loaded; call listConversations() first\");\n return cached;\n },\n };\n }\n\n private call(req: Request): Promise<unknown> {\n return new Promise((resolve, reject) => {\n this.pending.set((req as { id: number }).id, { resolve, reject });\n this.worker.postMessage(req);\n });\n }\n\n private async handleWorker(msg: Response) {\n switch (msg.kind) {\n case \"result\": {\n const slot = this.pending.get(msg.id);\n if (!slot) return;\n this.pending.delete(msg.id);\n msg.ok ? slot.resolve(msg.value) : slot.reject(new Error(msg.error));\n return;\n }\n case \"event.message\": {\n for (const h of this.messageHandlers) h(msg.msg);\n return;\n }\n case \"event.conversation\": {\n for (const h of this.conversationHandlers) h(msg.id, msg.epoch, msg.sender);\n return;\n }\n case \"storage.call\": {\n try {\n const v = await (this.storage as unknown as Record<string, (...a: unknown[]) => unknown>)\n [msg.method]?.(...msg.args);\n this.worker.postMessage({ kind: \"storage.reply\", id: msg.id, ok: true, value: v } as Request);\n } catch (e) {\n this.worker.postMessage({\n kind: \"storage.reply\", id: msg.id, ok: false, error: String(e),\n } as Request);\n }\n return;\n }\n case \"transport.call\": {\n try {\n const v = await (this.transport as unknown as Record<string, (...a: unknown[]) => unknown>)\n [msg.method]?.(...msg.args);\n this.worker.postMessage({ kind: \"transport.reply\", id: msg.id, ok: true, value: v } as Request);\n } catch (e) {\n this.worker.postMessage({\n kind: \"transport.reply\", id: msg.id, ok: false, error: String(e),\n } as Request);\n }\n return;\n }\n }\n }\n}\n\nfunction hex(b: Uint8Array): string {\n let s = \"\";\n for (const v of b) s += v.toString(16).padStart(2, \"0\");\n return s;\n}\n\nfunction sameBytesU8(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;\n return true;\n}\n","// Default IndexedDB-backed Storage implementation. Hosts can supply their own.\n\nimport type { Storage } from \"../types\";\n\nconst DB_NAME = \"ping-sdk\";\nconst DB_VERSION = 1;\nconst STORE = \"kv\";\n\ninterface Row { ns: string; key: string; value: Uint8Array }\n\nfunction open(): Promise<IDBDatabase> {\n return new Promise((resolve, reject) => {\n const req = indexedDB.open(DB_NAME, DB_VERSION);\n req.onupgradeneeded = () => {\n const db = req.result;\n if (!db.objectStoreNames.contains(STORE)) {\n const os = db.createObjectStore(STORE, { keyPath: [\"ns\", \"key\"] });\n os.createIndex(\"ns\", \"ns\", { unique: false });\n }\n };\n req.onsuccess = () => resolve(req.result);\n req.onerror = () => reject(req.error);\n });\n}\n\nexport class IndexedDbStorage implements Storage {\n private dbPromise: Promise<IDBDatabase>;\n\n constructor() { this.dbPromise = open(); }\n\n async get(namespace: string, key: string): Promise<Uint8Array \| null> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readonly\");\n const r = tx.objectStore(STORE).get([namespace, key]);\n r.onsuccess = () => resolve(((r.result as Row \| undefined)?.value) ?? null);\n r.onerror = () => reject(r.error);\n });\n }\n\n async put(namespace: string, key: string, value: Uint8Array): Promise<void> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readwrite\");\n tx.objectStore(STORE).put({ ns: namespace, key, value } as Row);\n tx.oncomplete = () => resolve();\n tx.onerror = () => reject(tx.error);\n });\n }\n\n async del(namespace: string, key: string): Promise<void> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readwrite\");\n tx.objectStore(STORE).delete([namespace, key]);\n tx.oncomplete = () => resolve();\n tx.onerror = () => reject(tx.error);\n });\n }\n\n async listKeys(namespace: string, prefix: string): Promise<string[]> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readonly\");\n const idx = tx.objectStore(STORE).index(\"ns\");\n const req = idx.openCursor(IDBKeyRange.only(namespace));\n const out: string[] = [];\n req.onsuccess = () => {\n const cur = req.result;\n if (!cur) return resolve(out);\n const row = cur.value as Row;\n if (!prefix \|\| row.key.startsWith(prefix)) out.push(row.key);\n cur.continue();\n };\n req.onerror = () => reject(req.error);\n });\n }\n}\n","// Ping wire contract — TypeScript counterpart to the `ping-wire-contract` Rust crate.\n//\n// MUST stay in lockstep with `core/ping-wire-contract/src/lib.rs`. The full normative spec\n// lives in `docs/PING_WIRE_CONTRACT.md`.\n//\n// What this module is for: code paths that cross the network boundary (transports, relays,\n// service workers) that need to advertise or validate ping-wire-contract conformance from\n// JavaScript without round-tripping through WASM.\n\nimport type { MessageEnvelope } from \"./types\";\n\n/\n Ping wire contract version. Bumped on incompatible profile changes.\n \n Currently `2` — CR-6 changes the `content_hash` semantics for `Application` envelopes\n * (now hashed over plaintext, not the MLS ciphertext). Receivers run a 90-day dual-accept\n * window per Q-ARCH-02; see [[validate]] for the per-version routing.\n /\nexport const PING_WIRE_CONTRACT_VERSION = 2;\n\n/* Lowest envelope version accepted by [[validate]] during the dual-accept window. /\nexport const WIRE_VERSION_MIN_ACCEPTED = 1;\n\n/* Canonical CBOR content type. Production transports SHOULD use this. /\nexport const CONTENT_TYPE_CBOR = \"application/vnd.ping.wire.v2+cbor\";\n\n/* JSON projection — development and tooling only. Production MUST NOT use this. /\nexport const CONTENT_TYPE_JSON = \"application/vnd.ping.wire.v2+json\";\n\n/* Legacy v1 CBOR type, accepted during the CR-6 dual-accept window. /\nexport const CONTENT_TYPE_CBOR_LEGACY_V1 = \"application/vnd.ping.wire.v1+cbor\";\n\n/* Legacy v1 JSON type, accepted during the CR-6 dual-accept window. /\nexport const CONTENT_TYPE_JSON_LEGACY_V1 = \"application/vnd.ping.wire.v1+json\";\n\n/* Header used over transports that don't surface a content type (e.g. WebSocket). /\nexport const PING_WIRE_CONTRACT_HEADER = \"X-Ping-Wire-Contract\";\n\n/* Header value: `ping/<VERSION>`. /\nexport const PING_WIRE_CONTRACT_HEADER_VALUE = `ping/${PING_WIRE_CONTRACT_VERSION}`;\n\nexport type ValidationErrorKind =\n \| \"UnsupportedVersion\"\n \| \"BadConversationIdLen\"\n \| \"BadSenderDeviceLen\"\n \| \"ContentHashMismatch\";\n\nexport class ValidationError extends Error {\n constructor(public readonly kind: ValidationErrorKind, message: string) {\n super(message);\n this.name = \"PingWireContractValidationError\";\n }\n}\n\nconst KIND_DISCRIMINANT: Record<MessageEnvelope[\"kind\"], number> = {\n Application: 1,\n Commit: 2,\n Welcome: 3,\n Proposal: 4,\n KeyPackage: 5,\n};\n\nasync function sha256(bytes: Uint8Array): Promise<Uint8Array> {\n // `crypto.subtle` is available in browsers, Node 20+, and Workers. `bytes.buffer`\n // is typed as `ArrayBufferLike` which TS won't accept as `BufferSource` (the union\n // includes `SharedArrayBuffer`); pass an explicit ArrayBuffer slice instead.\n const ab = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength) as ArrayBuffer;\n const hash = await crypto.subtle.digest(\"SHA-256\", ab);\n return new Uint8Array(hash);\n}\n\nfunction bytesEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;\n return true;\n}\n\n/\n Validate an envelope against the ping-wire-contract.\n \n Receivers claiming contract conformance MUST call this before applying any envelope.\n * External consumers using the raw envelope under their own profile are not bound by\n * these rules.\n \n CR-6 dual-accept window: `v ∈ [WIRE_VERSION_MIN_ACCEPTED, PING_WIRE_CONTRACT_VERSION]`\n * passes the version gate. For v=2 `Application` envelopes the content_hash is over\n * plaintext, so this function skips that check — callers MUST run\n * [[verifyApplicationContentHash]] after MLS decrypt to close the loop.\n /\nexport async function validate(env: MessageEnvelope): Promise<void> {\n if (env.v < WIRE_VERSION_MIN_ACCEPTED \|\| env.v > PING_WIRE_CONTRACT_VERSION) {\n throw new ValidationError(\n \"UnsupportedVersion\",\n `unsupported wire-contract version: envelope says v=${env.v}, expected v∈[${WIRE_VERSION_MIN_ACCEPTED}, ${PING_WIRE_CONTRACT_VERSION}]`,\n );\n }\n if (env.conversation_id.length !== 16) {\n throw new ValidationError(\n \"BadConversationIdLen\",\n `conversation_id must be 16 bytes (ULID), got ${env.conversation_id.length}`,\n );\n }\n if (env.sender_device.length !== 32) {\n throw new ValidationError(\n \"BadSenderDeviceLen\",\n `sender_device must be 32 bytes, got ${env.sender_device.length}`,\n );\n }\n // CR-6 routing: skip the hash check for v=2 application envelopes.\n if (env.v >= 2 && env.kind === \"Application\") {\n return;\n }\n const buf = new Uint8Array(1 + env.payload.length);\n buf[0] = KIND_DISCRIMINANT[env.kind];\n buf.set(env.payload, 1);\n const computed = await sha256(buf);\n if (!bytesEqual(computed, env.content_hash)) {\n throw new ValidationError(\n \"ContentHashMismatch\",\n \"content_hash mismatch: envelope is forged, corrupted, or built by a non-conformant sender\",\n );\n }\n}\n\n/\n Verify a v=2 `Application` envelope's content_hash against the decrypted plaintext.\n \n Caller MUST run this after MLS decrypt for application envelopes whose `v >= 2`. For\n * v=1 envelopes or handshake kinds this is a no-op (those are covered by [[validate]]).\n /\nexport async function verifyApplicationContentHash(\n env: MessageEnvelope,\n plaintext: Uint8Array,\n): Promise<void> {\n if (env.v < 2 \|\| env.kind !== \"Application\") return;\n const computed = await sha256(plaintext);\n if (!bytesEqual(computed, env.content_hash)) {\n throw new ValidationError(\n \"ContentHashMismatch\",\n \"v=2 application content_hash mismatch against decrypted plaintext\",\n );\n }\n}\n\n/\n True if the supplied content type negotiates the ping-wire-contract.\n \n Accepts the v2 canonical types AND the v1 legacy types during the CR-6 dual-accept\n * window. Tolerates whitespace and parameters (e.g. `; charset=utf-8`).\n */\nexport function negotiates(contentType: string \| null \| undefined): boolean {\n if (!contentType) return false;\n const primary = contentType.split(\";\")[0]?.trim().toLowerCase() ?? \"\";\n return (\n primary === CONTENT_TYPE_CBOR\n \|\| primary === CONTENT_TYPE_JSON\n \|\| primary === CONTENT_TYPE_CBOR_LEGACY_V1\n \|\| primary === CONTENT_TYPE_JSON_LEGACY_V1\n );\n}\n","// Reference WebSocket transport. Treats the server as an opaque relay that:\n// - accepts a CBOR-encoded MessageEnvelope on `send`\n// - returns events newer than a cursor on `fetchSince`\n// - streams new events on the WS itself for `subscribe`\n// - exposes a directory endpoint for `discoverDevices`\n//\n// This is a sample. Real deployments will tune framing / auth.\n\nimport type { ConversationId, DiscoveredDevice, MessageEnvelope, Transport, UserId } from \"../types\";\nimport {\n CONTENT_TYPE_JSON,\n PING_WIRE_CONTRACT_HEADER,\n PING_WIRE_CONTRACT_HEADER_VALUE,\n} from \"../wire-contract\";\n\nexport interface WsTransportConfig {\n baseUrl: string; // ws[s]://...\n authHeader?: string; // optional bearer token\n fetchImpl?: typeof fetch; // override for SSR / tests\n}\n\nexport class WebSocketTransport implements Transport {\n private ws: WebSocket \| null = null;\n private liveHandlers = new Set<(env: MessageEnvelope) => void>();\n private fetchImpl: typeof fetch;\n\n constructor(private cfg: WsTransportConfig) {\n this.fetchImpl = cfg.fetchImpl ?? globalThis.fetch.bind(globalThis);\n this.openSocket();\n }\n\n private openSocket() {\n if (typeof WebSocket === \"undefined\") return;\n const url = `${this.cfg.baseUrl.replace(/^http/, \"ws\")}/stream`;\n this.ws = new WebSocket(url);\n this.ws.onmessage = (ev) => {\n // Server sends one JSON envelope per text frame.\n const text = typeof ev.data === \"string\" ? ev.data : new TextDecoder().decode(ev.data as ArrayBuffer);\n try {\n const env = JSON.parse(text, reviver) as MessageEnvelope;\n for (const h of this.liveHandlers) h(env);\n } catch (e) {\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] WS frame parse error:\", e);\n }\n };\n this.ws.onclose = () => setTimeout(() => this.openSocket(), 1000);\n }\n\n async send(envelope: MessageEnvelope): Promise<void> {\n // We're emitting the JSON projection of the ping-wire-contract. Production transports\n // would use CONTENT_TYPE_CBOR with a real CBOR codec; for the demo path the JSON shape\n // is the documented development projection.\n const res = await this.fetchImpl(`${this.cfg.baseUrl}/send`, {\n method: \"POST\",\n headers: {\n \"content-type\": CONTENT_TYPE_JSON,\n [PING_WIRE_CONTRACT_HEADER]: PING_WIRE_CONTRACT_HEADER_VALUE,\n ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}),\n },\n body: JSON.stringify(envelope, replacer),\n });\n if (res.status === 409) throw new Error(\"EpochOccupied\");\n if (!res.ok) throw new Error(`transport send failed: ${res.status}`);\n }\n\n async fetchSince(conversationId: ConversationId, cursor: Uint8Array, limit: number): Promise<MessageEnvelope[]> {\n const url = new URL(`${this.cfg.baseUrl}/sync`);\n url.searchParams.set(\"conv\", toHex(conversationId));\n url.searchParams.set(\"cursor\", btoaUrl(cursor));\n url.searchParams.set(\"limit\", String(limit));\n const res = await this.fetchImpl(url.toString(), {\n headers: { ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}) },\n });\n if (!res.ok) throw new Error(`transport fetch failed: ${res.status}`);\n const text = await res.text();\n return JSON.parse(text, reviver) as MessageEnvelope[];\n }\n\n subscribe(onEvent: (env: MessageEnvelope) => void): { unsubscribe(): void } {\n this.liveHandlers.add(onEvent);\n return { unsubscribe: () => this.liveHandlers.delete(onEvent) };\n }\n\n async discoverDevices(userId: UserId): Promise<DiscoveredDevice[]> {\n const res = await this.fetchImpl(`${this.cfg.baseUrl}/devices/${toHex(userId)}`, {\n headers: { ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}) },\n });\n if (!res.ok) throw new Error(`device discovery failed: ${res.status}`);\n const text = await res.text();\n return JSON.parse(text, reviver) as DiscoveredDevice[];\n }\n}\n\n// ---- Wire codec ----\n//\n// Demo wire format: JSON with byte fields wrapped as `{ _bytes: number[] }`. The relay's\n// `envFromJson`/`envToJson` use the same shape. The spec calls for CBOR; v0.2 swaps in a\n// real CBOR codec, but the JSON form is much friendlier to debug.\n//\n// (decodeEnvelope helpers used to live here; collapsed into inline JSON.parse calls above.)\n\nfunction replacer(_k: string, v: unknown): unknown {\n if (v instanceof Uint8Array) return { _bytes: Array.from(v) };\n return v;\n}\nfunction reviver(_k: string, v: unknown): unknown {\n if (v && typeof v === \"object\" && Array.isArray((v as { _bytes?: number[] })._bytes)) {\n return new Uint8Array((v as { _bytes: number[] })._bytes);\n }\n return v;\n}\n\nfunction toHex(b: Uint8Array): string {\n let s = \"\"; for (const v of b) s += v.toString(16).padStart(2, \"0\"); return s;\n}\nfunction btoaUrl(b: Uint8Array): string {\n let s = \"\"; for (const v of b) s += String.fromCharCode(v);\n return btoa(s).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIA,IAAM,UAAU;AAChB,IAAM,aAAa;AACnB,IAAM,QAAQ;AAId,SAAS,OAA6B;AACpC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,MAAM,UAAU,KAAK,SAAS,UAAU;AAC9C,QAAI,kBAAkB,MAAM;AAC1B,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAG,iBAAiB,SAAS,KAAK,GAAG;AACxC,cAAM,KAAK,GAAG,kBAAkB,OAAO,EAAE,SAAS,CAAC,MAAM,KAAK,EAAE,CAAC;AACjE,WAAG,YAAY,MAAM,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,MAC9C;AAAA,IACF;AACA,QAAI,YAAY,MAAM,QAAQ,IAAI,MAAM;AACxC,QAAI,UAAU,MAAM,OAAO,IAAI,KAAK;AAAA,EACtC,CAAC;AACH;AAEO,IAAM,mBAAN,MAA0C;AAAA,EACvC;AAAA,EAER,cAAc;AAAE,SAAK,YAAY,KAAK;AAAA,EAAG;AAAA,EAEzC,MAAM,IAAI,WAAmB,KAAyC;AACpE,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,UAAU;AAC3C,YAAM,IAAI,GAAG,YAAY,KAAK,EAAE,IAAI,CAAC,WAAW,GAAG,CAAC;AACpD,QAAE,YAAY,MAAM,QAAU,EAAE,QAA4B,SAAU,IAAI;AAC1E,QAAE,UAAU,MAAM,OAAO,EAAE,KAAK;AAAA,IAClC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,WAAmB,KAAa,OAAkC;AAC1E,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,WAAW;AAC5C,SAAG,YAAY,KAAK,EAAE,IAAI,EAAE,IAAI,WAAW,KAAK,MAAM,CAAQ;AAC9D,SAAG,aAAa,MAAM,QAAQ;AAC9B,SAAG,UAAU,MAAM,OAAO,GAAG,KAAK;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,WAAmB,KAA4B;AACvD,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,WAAW;AAC5C,SAAG,YAAY,KAAK,EAAE,OAAO,CAAC,WAAW,GAAG,CAAC;AAC7C,SAAG,aAAa,MAAM,QAAQ;AAC9B,SAAG,UAAU,MAAM,OAAO,GAAG,KAAK;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,SAAS,WAAmB,QAAmC;AACnE,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,UAAU;AAC3C,YAAM,MAAM,GAAG,YAAY,KAAK,EAAE,MAAM,IAAI;AAC5C,YAAM,MAAM,IAAI,WAAW,YAAY,KAAK,SAAS,CAAC;AACtD,YAAM,MAAgB,CAAC;AACvB,UAAI,YAAY,MAAM;AACpB,cAAM,MAAM,IAAI;AAChB,YAAI,CAAC,IAAK,QAAO,QAAQ,GAAG;AAC5B,cAAM,MAAM,IAAI;AAChB,YAAI,CAAC,UAAU,IAAI,IAAI,WAAW,MAAM,EAAG,KAAI,KAAK,IAAI,GAAG;AAC3D,YAAI,SAAS;AAAA,MACf;AACA,UAAI,UAAU,MAAM,OAAO,IAAI,KAAK;AAAA,IACtC,CAAC;AAAA,EACH;AACF;;;AC3DO,IAAM,6BAA6B;AAGnC,IAAM,4BAA4B;AAGlC,IAAM,oBAAoB;AAG1B,IAAM,oBAAoB;AAG1B,IAAM,8BAA8B;AAGpC,IAAM,8BAA8B;AAGpC,IAAM,4BAA4B;AAGlC,IAAM,kCAAkC,QAAQ,0BAA0B;AAQ1E,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YAA4B,MAA2B,SAAiB;AACtE,UAAM,OAAO;AADa;AAE1B,SAAK,OAAO;AAAA,EACd;AAAA,EAH4B;AAI9B;AAEA,IAAM,oBAA6D;AAAA,EACjE,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,UAAU;AAAA,EACV,YAAY;AACd;AAEA,eAAe,OAAO,OAAwC;AAI5D,QAAM,KAAK,MAAM,OAAO,MAAM,MAAM,YAAY,MAAM,aAAa,MAAM,UAAU;AACnF,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,EAAE;AACrD,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,SAAS,WAAW,GAAe,GAAwB;AACzD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,KAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAC7D,SAAO;AACT;AAcA,eAAsB,SAAS,KAAqC;AAClE,MAAI,IAAI,IAAI,6BAA6B,IAAI,IAAI,4BAA4B;AAC3E,UAAM,IAAI;AAAA,MACR;AAAA,MACA,sDAAsD,IAAI,CAAC,sBAAiB,yBAAyB,KAAK,0BAA0B;AAAA,IACtI;AAAA,EACF;AACA,MAAI,IAAI,gBAAgB,WAAW,IAAI;AACrC,UAAM,IAAI;AAAA,MACR;AAAA,MACA,gDAAgD,IAAI,gBAAgB,MAAM;AAAA,IAC5E;AAAA,EACF;AACA,MAAI,IAAI,cAAc,WAAW,IAAI;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,MACA,uCAAuC,IAAI,cAAc,MAAM;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,IAAI,KAAK,KAAK,IAAI,SAAS,eAAe;AAC5C;AAAA,EACF;AACA,QAAM,MAAM,IAAI,WAAW,IAAI,IAAI,QAAQ,MAAM;AACjD,MAAI,CAAC,IAAI,kBAAkB,IAAI,IAAI;AACnC,MAAI,IAAI,IAAI,SAAS,CAAC;AACtB,QAAM,WAAW,MAAM,OAAO,GAAG;AACjC,MAAI,CAAC,WAAW,UAAU,IAAI,YAAY,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAQA,eAAsB,6BACpB,KACA,WACe;AACf,MAAI,IAAI,IAAI,KAAK,IAAI,SAAS,cAAe;AAC7C,QAAM,WAAW,MAAM,OAAO,SAAS;AACvC,MAAI,CAAC,WAAW,UAAU,IAAI,YAAY,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAQO,SAAS,WAAW,aAAiD;AAC1E,MAAI,CAAC,YAAa,QAAO;AACzB,QAAM,UAAU,YAAY,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,EAAE,YAAY,KAAK;AACnE,SACE,YAAY,qBACT,YAAY,qBACZ,YAAY,+BACZ,YAAY;AAEnB;;;AC1IO,IAAM,qBAAN,MAA8C;AAAA,EAKnD,YAAoB,KAAwB;AAAxB;AAClB,SAAK,YAAY,IAAI,aAAa,WAAW,MAAM,KAAK,UAAU;AAClE,SAAK,WAAW;AAAA,EAClB;AAAA,EAHoB;AAAA,EAJZ,KAAuB;AAAA,EACvB,eAAe,oBAAI,IAAoC;AAAA,EACvD;AAAA,EAOA,aAAa;AACnB,QAAI,OAAO,cAAc,YAAa;AACtC,UAAM,MAAM,GAAG,KAAK,IAAI,QAAQ,QAAQ,SAAS,IAAI,CAAC;AACtD,SAAK,KAAK,IAAI,UAAU,GAAG;AAC3B,SAAK,GAAG,YAAY,CAAC,OAAO;AAE1B,YAAM,OAAO,OAAO,GAAG,SAAS,WAAW,GAAG,OAAO,IAAI,YAAY,EAAE,OAAO,GAAG,IAAmB;AACpG,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,MAAM,OAAO;AACpC,mBAAW,KAAK,KAAK,aAAc,GAAE,GAAG;AAAA,MAC1C,SAAS,GAAG;AACV,YAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,oCAAoC,CAAC;AAAA,MACzF;AAAA,IACF;AACA,SAAK,GAAG,UAAU,MAAM,WAAW,MAAM,KAAK,WAAW,GAAG,GAAI;AAAA,EAClE;AAAA,EAEA,MAAM,KAAK,UAA0C;AAInD,UAAM,MAAM,MAAM,KAAK,UAAU,GAAG,KAAK,IAAI,OAAO,SAAS;AAAA,MAC3D,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,CAAC,yBAAyB,GAAG;AAAA,QAC7B,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC;AAAA,MACtE;AAAA,MACA,MAAM,KAAK,UAAU,UAAU,QAAQ;AAAA,IACzC,CAAC;AACD,QAAI,IAAI,WAAW,IAAK,OAAM,IAAI,MAAM,eAAe;AACvD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,0BAA0B,IAAI,MAAM,EAAE;AAAA,EACrE;AAAA,EAEA,MAAM,WAAW,gBAAgC,QAAoB,OAA2C;AAC9G,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,OAAO,OAAO;AAC9C,QAAI,aAAa,IAAI,QAAQ,MAAM,cAAc,CAAC;AAClD,QAAI,aAAa,IAAI,UAAU,QAAQ,MAAM,CAAC;AAC9C,QAAI,aAAa,IAAI,SAAS,OAAO,KAAK,CAAC;AAC3C,UAAM,MAAM,MAAM,KAAK,UAAU,IAAI,SAAS,GAAG;AAAA,MAC/C,SAAS,EAAE,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC,EAAG;AAAA,IACpF,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,2BAA2B,IAAI,MAAM,EAAE;AACpE,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,MAAM,OAAO;AAAA,EACjC;AAAA,EAEA,UAAU,SAAkE;AAC1E,SAAK,aAAa,IAAI,OAAO;AAC7B,WAAO,EAAE,aAAa,MAAM,KAAK,aAAa,OAAO,OAAO,EAAE;AAAA,EAChE;AAAA,EAEA,MAAM,gBAAgB,QAA6C;AACjE,UAAM,MAAM,MAAM,KAAK,UAAU,GAAG,KAAK,IAAI,OAAO,YAAY,MAAM,MAAM,CAAC,IAAI;AAAA,MAC/E,SAAS,EAAE,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC,EAAG;AAAA,IACpF,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,4BAA4B,IAAI,MAAM,EAAE;AACrE,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,MAAM,OAAO;AAAA,EACjC;AACF;AAUA,SAAS,SAAS,IAAY,GAAqB;AACjD,MAAI,aAAa,WAAY,QAAO,EAAE,QAAQ,MAAM,KAAK,CAAC,EAAE;AAC5D,SAAO;AACT;AACA,SAAS,QAAQ,IAAY,GAAqB;AAChD,MAAI,KAAK,OAAO,MAAM,YAAY,MAAM,QAAS,EAA4B,MAAM,GAAG;AACpF,WAAO,IAAI,WAAY,EAA2B,MAAM;AAAA,EAC1D;AACA,SAAO;AACT;AAEA,SAAS,MAAM,GAAuB;AACpC,MAAI,IAAI;AAAI,aAAW,KAAK,EAAG,MAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAG,SAAO;AAC9E;AACA,SAAS,QAAQ,GAAuB;AACtC,MAAI,IAAI;AAAI,aAAW,KAAK,EAAG,MAAK,OAAO,aAAa,CAAC;AACzD,SAAO,KAAK,CAAC,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC1E;;;AHtHA;AA6EO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,EACT,UAAU,oBAAI,IAA2E;AAAA,EACzF;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAkB,oBAAI,IAAkC;AAAA,EACxD,uBAAuB,oBAAI,IAAoE;AAAA,EAC/F,eAA+C;AAAA,EAC/C,YAAY,oBAAI,IAA8B;AAAA;AAAA;AAAA;AAAA,EAI9C,cAAiC;AAAA,EAEjC,YAAY,KAAmB,QAAgB;AACrD,SAAK,SAAS;AACd,SAAK,UAAU,IAAI;AACnB,SAAK,YAAY,IAAI;AACrB,SAAK,MAAM,IAAI,QAAQ,MAAM,KAAK,IAAI;AACtC,SAAK,OAAO,YAAY,CAAC,OAAO,KAAK,aAAa,GAAG,IAAgB;AAAA,EACvE;AAAA;AAAA,EAGA,aAAa,mBAAwC;AACnD,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAoB,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAa,kBACX,QACA,cACqB;AACrB,QAAI,aAAa,WAAW,IAAI;AAC9B,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACpE;AACA,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,aAAa,kBACX,QACA,eACwB;AACxB,QAAI,cAAc,WAAW,IAAI;AAC/B,YAAM,IAAI,MAAM,mDAAmD;AAAA,IACrE;AACA,WAAO,iBAAgB,oBAAmC;AAAA,MACxD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe,oBAAuB,KAA0B;AAC9D,UAAM,IAAI,IAAI,OAAO,IAAI,IAAI,eAAe,YAAY,GAAG,GAAG,EAAE,MAAM,SAAS,CAAC;AAChF,WAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,QAAE,YAAY,CAAC,OAAO;AACpB,cAAM,MAAM,GAAG;AACf,YAAI,IAAI,SAAS,YAAY,IAAI,OAAQ,IAAuB,IAAI;AAClE,YAAE,UAAU;AACZ,cAAI,KAAK,QAAQ,IAAI,KAAU,IAAI,OAAO,IAAI,MAAM,IAAI,KAAK,CAAC;AAAA,QAChE;AAAA,MACF;AACA,QAAE,YAAY,GAAG;AAAA,IACnB,CAAC;AAAA,EACH;AAAA,EAEA,aAAa,KAAK,KAA6C;AAC7D,UAAM,SAAS,IAAI,OAAO,IAAI,IAAI,eAAe,YAAY,GAAG,GAAG,EAAE,MAAM,SAAS,CAAC;AACrF,UAAM,SAAS,IAAI,iBAAgB,KAAK,MAAM;AAE9C,UAAM,OAAO,KAAK;AAAA,MAChB,MAAM;AAAA,MACN,IAAI,OAAO;AAAA,MACX,gBAAgB,IAAI;AAAA,MACpB,aAAa,IAAI;AAAA,MACjB,OAAO,OAAO,IAAI;AAAA,MAClB,GAAI,IAAI,yBACJ,EAAE,wBAAwB,IAAI,uBAAuB,IACrD,CAAC;AAAA,IACP,CAAC;AAGD,WAAO,cAAc,MAAM,OAAO,SAAS;AAO3C,WAAO,eAAe,IAAI,UAAU,UAAU,CAAC,aAAa;AAC1D,WAAK,OAAO,iBAAiB,QAAQ;AAAA,IACvC,CAAC;AACD,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,MAAc,iBAAiB,UAA0C;AAKvE,QAAI,KAAK,eAAe,YAAY,SAAS,eAAe,KAAK,WAAW,GAAG;AAC7E;AAAA,IACF;AACA,QAAI,SAAS,SAAS,WAAW;AAC/B,UAAI;AACF,cAAM,QAAQ,MAAM,KAAK,kBAAkB;AAC3C,cAAM,UAAU,MAAM,KAAK,CAAC,MAAM,YAAY,EAAE,IAAI,SAAS,eAAe,CAAC;AAC7E,YAAI,QAAS;AACb,cAAM,KAAK,iBAAiB,QAAQ;AAAA,MACtC,SAAS,GAAG;AAGV,YAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,+BAA+B,CAAC;AAAA,MACpF;AACA;AAAA,IACF;AACA,QAAI;AACF,YAAM,KAAK,gBAAgB,QAAQ;AAAA,IACrC,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,6BAA6B,CAAC;AAAA,IAClF;AAAA,EACF;AAAA;AAAA,EAIA,MAAM,SAA0B;AAC9B,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,UAAU,IAAI,KAAK,SAAS,CAAC;AAAA,EAC9D;AAAA,EAEA,MAAM,WAA8B;AAClC,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,YAAY,IAAI,KAAK,SAAS,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,kBAAuC;AAC3C,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,mBAAmB,IAAI,KAAK,SAAS,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,mBAAmB,OAA0B,CAAC,GAA0B;AAC5E,UAAM,UAAU,MAAM,KAAK,KAAK;AAAA,MAC9B,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MAAU,MAAM,KAAK,QAAQ;AAAA,MAAM,OAAO,KAAK,IAAI;AAAA,IAC1F,CAAC;AACD,WAAO,KAAK,kBAAkB,OAAO;AAAA,EACvC;AAAA,EAEA,MAAM,iBAAiB,SAAiD;AACtE,UAAM,UAAU,MAAM,KAAK,KAAK;AAAA,MAC9B,MAAM;AAAA,MAAoB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAS,OAAO,KAAK,IAAI;AAAA,IACxE,CAAC;AACD,WAAO,KAAK,kBAAkB,OAAO;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,gBAAgB,IAAkC;AAChD,WAAO,KAAK,kBAAkB,EAAE;AAAA,EAClC;AAAA,EAEA,MAAM,oBAAiD;AACrD,UAAM,QAAQ,MAAM,KAAK,KAAK,EAAE,MAAM,qBAAqB,IAAI,KAAK,SAAS,CAAC;AAC9E,SAAK,UAAU,MAAM;AACrB,eAAW,KAAK,MAAO,MAAK,UAAU,IAAI,IAAI,EAAE,EAAE,GAAG,CAAC;AACtD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAgD;AACpD,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAqB,IAAI,KAAK;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IAChE,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,gBAAgB,UAA4D;AAChF,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAmB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IACxE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,mBACJ,aACA,aACA,gBAAmC,CAAC,GACZ;AACxB,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MACrC;AAAA,MAAa;AAAA,MAAa;AAAA,MAAe,OAAO,KAAK,IAAI;AAAA,IAC3D,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAa,sBACX,eACqC;AACrC,QAAI,cAAc,WAAW,EAAG,QAAO;AACvC,WAAO,iBAAgB,oBAAyC;AAAA,MAC9D,MAAM;AAAA,MAAyB,IAAI;AAAA,MAAG;AAAA,IACxC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB,QAAsC;AAC/D,UAAM,KAAK,KAAK;AAAA,MACd,MAAM;AAAA,MAAwB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAQ,OAAO,KAAK,IAAI;AAAA,IAC3E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,yBAA0C;AACrD,WAAO,iBAAgB,oBAA4B;AAAA,MACjD,MAAM;AAAA,MAA0B,IAAI;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,wBAAwB,QAAiC;AACpE,WAAO,iBAAgB,oBAA4B;AAAA,MACjD,MAAM;AAAA,MAA2B,IAAI;AAAA,MAAG;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,cAAc,MAWH;AACtB,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAiB,IAAI;AAAA,MAC3B,gBAAgB,KAAK;AAAA,MACrB,WAAW,KAAK;AAAA,MAChB,gBAAgB,KAAK;AAAA,MACrB,qBAAqB,KAAK;AAAA,MAC1B,uBAAuB,KAAK,yBAAyB,CAAC;AAAA,MACtD,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,cACX,MACA,gBACyB;AACzB,WAAO,iBAAgB,oBAAoC;AAAA,MACzD,MAAM;AAAA,MAAiB,IAAI;AAAA,MAAG;AAAA,MAAM;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,mBACJ,UACA,SAC6B;AAC7B,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MACrC;AAAA,MAAU;AAAA,MAAS,OAAO,KAAK,IAAI;AAAA,IACrC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,aAAa,UAAgD;AACjE,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAgB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IACrE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,gCAAgC,MAA2C;AAC/E,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAmC,IAAI,KAAK;AAAA,MAClD;AAAA,MAAM,OAAO,KAAK,IAAI;AAAA,IACxB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,oBAAoB,eAAoD;AAC5E,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAuB,IAAI,KAAK;AAAA,MACtC;AAAA,MAAe,OAAO,KAAK,IAAI;AAAA,IACjC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,yBACJ,MACA,OACA,SACA,QACqB;AACrB,QAAI,UAAU,KAAK,SAAS,MAAM;AAChC,YAAM,IAAI,MAAM,mDAAmD;AAAA,IACrE;AACA,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAA4B,IAAI,KAAK;AAAA,MAC3C;AAAA,MAAM;AAAA,MAAO;AAAA,MAAS;AAAA,IACxB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,UAAU,SAAmD;AAC3D,SAAK,gBAAgB,IAAI,OAAO;AAChC,WAAO,MAAM,KAAK,gBAAgB,OAAO,OAAO;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,sBAAsB,SAAqF;AACzG,SAAK,qBAAqB,IAAI,OAAO;AACrC,WAAO,MAAM,KAAK,qBAAqB,OAAO,OAAO;AAAA,EACvD;AAAA,EAEA,MAAM,QAAuB;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,OAAO,UAAU;AAAA,EACxB;AAAA;AAAA,EAIQ,kBAAkB,IAAkC;AAC1D,UAAM,OAAO;AACb,WAAO;AAAA,MACL;AAAA,MACA,MAAM,KAAK,WAAW;AACpB,eAAO,MAAM,KAAK,KAAK;AAAA,UACrB,MAAM;AAAA,UAAQ,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAW,OAAO,KAAK,IAAI;AAAA,QACxE,CAAC;AAAA,MACH;AAAA,MACA,MAAM,WAAW,SAAS;AACxB,cAAM,KAAK,KAAK;AAAA,UACd,MAAM;AAAA,UAAc,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAS,OAAO,KAAK,IAAI;AAAA,QAC5E,CAAC;AAAA,MACH;AAAA,MACA,MAAM,cAAc,QAAQ;AAC1B,cAAM,KAAK,KAAK;AAAA,UACd,MAAM;AAAA,UAAiB,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAQ,OAAO,KAAK,IAAI;AAAA,QAC9E,CAAC;AAAA,MACH;AAAA,MACA,OAAO;AACL,cAAM,SAAS,KAAK,UAAU,IAAI,IAAI,EAAE,CAAC;AACzC,YAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,8DAA8D;AAC3F,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,KAAK,KAAgC;AAC3C,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,QAAQ,IAAK,IAAuB,IAAI,EAAE,SAAS,OAAO,CAAC;AAChE,WAAK,OAAO,YAAY,GAAG;AAAA,IAC7B,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAa,KAAe;AACxC,YAAQ,IAAI,MAAM;AAAA,MAChB,KAAK,UAAU;AACb,cAAM,OAAO,KAAK,QAAQ,IAAI,IAAI,EAAE;AACpC,YAAI,CAAC,KAAM;AACX,aAAK,QAAQ,OAAO,IAAI,EAAE;AAC1B,YAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,KAAK,OAAO,IAAI,MAAM,IAAI,KAAK,CAAC;AACnE;AAAA,MACF;AAAA,MACA,KAAK,iBAAiB;AACpB,mBAAW,KAAK,KAAK,gBAAiB,GAAE,IAAI,GAAG;AAC/C;AAAA,MACF;AAAA,MACA,KAAK,sBAAsB;AACzB,mBAAW,KAAK,KAAK,qBAAsB,GAAE,IAAI,IAAI,IAAI,OAAO,IAAI,MAAM;AAC1E;AAAA,MACF;AAAA,MACA,KAAK,gBAAgB;AACnB,YAAI;AACF,gBAAM,IAAI,MAAO,KAAK,QACnB,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI;AAC5B,eAAK,OAAO,YAAY,EAAE,MAAM,iBAAiB,IAAI,IAAI,IAAI,IAAI,MAAM,OAAO,EAAE,CAAY;AAAA,QAC9F,SAAS,GAAG;AACV,eAAK,OAAO,YAAY;AAAA,YACtB,MAAM;AAAA,YAAiB,IAAI,IAAI;AAAA,YAAI,IAAI;AAAA,YAAO,OAAO,OAAO,CAAC;AAAA,UAC/D,CAAY;AAAA,QACd;AACA;AAAA,MACF;AAAA,MACA,KAAK,kBAAkB;AACrB,YAAI;AACF,gBAAM,IAAI,MAAO,KAAK,UACnB,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI;AAC5B,eAAK,OAAO,YAAY,EAAE,MAAM,mBAAmB,IAAI,IAAI,IAAI,IAAI,MAAM,OAAO,EAAE,CAAY;AAAA,QAChG,SAAS,GAAG;AACV,eAAK,OAAO,YAAY;AAAA,YACtB,MAAM;AAAA,YAAmB,IAAI,IAAI;AAAA,YAAI,IAAI;AAAA,YAAO,OAAO,OAAO,CAAC;AAAA,UACjE,CAAY;AAAA,QACd;AACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,IAAI,GAAuB;AAClC,MAAI,IAAI;AACR,aAAW,KAAK,EAAG,MAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AACtD,SAAO;AACT;AAEA,SAAS,YAAY,GAAe,GAAwB;AAC1D,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,KAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAC7D,SAAO;AACT;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts","../src/storage/indexeddb.ts","../src/wire-contract.ts","../src/transport/websocket.ts"],"sourcesContent":["// Public entry point. Spawns the dedicated Worker that hosts the WASM instance and exposes a\n// Promise-based, identical-to-native API. Crypto runs off the main thread.\n\nimport type {\n AdmitChatEntry, AdmitChatOutcome,\n CatchupAppEvent, CatchupSnapshotView,\n ConversationId, ConversationMeta, DeviceId, IncomingMessage,\n HistoryBundle,\n KeyPackageEntry, LinkingTicket, MessageEnvelope, RecoveryBackup, Storage, Transport, UserId,\n} from \"./types\";\nimport type { Request, Response } from \"./protocol\";\n\nexport type * from \"./types\";\n\n// Re-export the default Storage and Transport implementations from the main entry so consumers\n// whose bundlers don't honor package.json#exports (Metro with strict resolution, some legacy\n// Webpack configs) can still get them with a plain `import { ... } from \"ping-openmls-sdk\"`. Power\n// users who care about tree-shaking can keep using the subpath imports.\nexport { IndexedDbStorage } from \"./storage/indexeddb\";\nexport { WebSocketTransport } from \"./transport/websocket\";\n\n// Ping wire contract — version, content-type constants, and runtime validators. Internal\n// products MUST claim conformance; external consumers MAY adopt or run their own profile.\n// See docs/PING_WIRE_CONTRACT.md.\nexport {\n PING_WIRE_CONTRACT_VERSION,\n PING_WIRE_CONTRACT_HEADER,\n PING_WIRE_CONTRACT_HEADER_VALUE,\n WIRE_VERSION_MIN_ACCEPTED,\n CONTENT_TYPE_CBOR,\n CONTENT_TYPE_JSON,\n CONTENT_TYPE_CBOR_LEGACY_V1,\n CONTENT_TYPE_JSON_LEGACY_V1,\n ValidationError,\n validate,\n verifyApplicationContentHash,\n negotiates,\n} from \"./wire-contract\";\n\nexport interface ClientConfig {\n identityExport: Uint8Array;\n deviceLabel: string;\n storage: Storage;\n transport: Transport;\n /** Override the wall clock (test/sim only). /\n now?: () => number;\n /\n Optional 32-byte Ed25519 secret key. When supplied AND no\n * `LocalDevice` is yet persisted in `storage`, the SDK adopts this\n * as its device signing key — so `deviceId()` returns\n * `SHA-256(public_key_of(secret))`, deterministic from what the\n * caller passed.\n \n Use case: align the SDK's `device_id` (which the SDK stamps into\n * every envelope's `sender_device` field) with an externally-\n * computed device id — typically `SHA-256(device_signing_pubkey)`\n * in the host's auth layer, where the JWT carries that same value\n * as its `device_id` claim. Without this alignment, a server that\n * validates `envelope.sender_device == jwt.device_id` rejects every\n * upload with `sender_device_mismatch`.\n \n Ignored on subsequent inits (when `storage` already holds a\n * persisted `LocalDevice`) — the on-disk identity is authoritative\n * for stability across restarts.\n /\n deviceSigningSecretKey?: Uint8Array;\n}\n\nexport interface Conversation {\n readonly id: ConversationId;\n send(plaintext: Uint8Array): Promise<MessageEnvelope>;\n /* [CR-2] Add members by (device_id, KeyPackage) pair. Hosts typically pull these\n * straight from `transport.discoverDevices(userId)`. /\n addMembers(entries: KeyPackageEntry[]): Promise<void>;\n removeMembers(leafIndexes: number[]): Promise<void>;\n meta(): ConversationMeta;\n}\n\nexport class MessagingClient {\n private worker: Worker;\n private nextId = 1;\n private pending = new Map<number, { resolve: (v: unknown) => void; reject: (e: Error) => void }>();\n private storage: Storage;\n private transport: Transport;\n private now: () => number;\n private messageHandlers = new Set<(m: IncomingMessage) => void>();\n private conversationHandlers = new Set<(id: ConversationId, epoch: number, sender?: DeviceId) => void>();\n private subscription: { unsubscribe(): void } \| null = null;\n private metaCache = new Map<string, ConversationMeta>();\n // Cached at init() so dispatchIncoming can skip envelopes we sent ourselves — the relay\n // broadcasts to all WS subscribers including the sender, and re-applying our own already-\n // merged commits would error with \"epoch differs\".\n private ownDeviceId: Uint8Array \| null = null;\n\n private constructor(cfg: ClientConfig, worker: Worker) {\n this.worker = worker;\n this.storage = cfg.storage;\n this.transport = cfg.transport;\n this.now = cfg.now ?? (() => Date.now());\n this.worker.onmessage = (ev) => this.handleWorker(ev.data as Response);\n }\n\n /* Generate a fresh identity. The returned bytes are a secret — store them encrypted. /\n static async generateIdentity(): Promise<Uint8Array> {\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"generateIdentity\", id: 1,\n });\n }\n\n /\n HPKE-seal a `LinkingTicket` for delivery to a new device ([CR-3]).\n \n Returns CBOR-encoded bytes safe to relay through an untrusted inbox. The new device's\n * X25519 public key (`newDevicePub`) is exchanged out-of-band — typically as part of a\n * QR-encoded handshake on the linking screen. Pure function; runs in an ephemeral\n * worker so no live `MessagingClient` is required on the sender side.\n \n Suite: `DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, AES-128-GCM` (matches MLS).\n /\n static async sealLinkingTicket(\n ticket: LinkingTicket,\n newDevicePub: Uint8Array,\n ): Promise<Uint8Array> {\n if (newDevicePub.length !== 32) {\n throw new Error(\"sealLinkingTicket: newDevicePub must be 32 bytes\");\n }\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"sealLinkingTicket\", id: 1, ticket, newDevicePub,\n });\n }\n\n /\n HPKE-open a sealed `LinkingTicket` on the new device ([CR-3]).\n \n The receiving device hasn't booted a `MessagingClient` yet — it only has its X25519\n * ephemeral keypair. This static method runs the open in an ephemeral worker, returning\n * the cleartext ticket which the host then feeds to `init()` + `consumeLinkingTicket()`.\n \n On failure the error message is deliberately generic (no discriminator between \"wrong\n * key\" vs \"tampered ciphertext\") so a probing attacker can't tell the new device's key\n * was the issue.\n /\n static async openLinkingTicket(\n sealed: Uint8Array,\n newDevicePriv: Uint8Array,\n ): Promise<LinkingTicket> {\n if (newDevicePriv.length !== 32) {\n throw new Error(\"openLinkingTicket: newDevicePriv must be 32 bytes\");\n }\n return MessagingClient.ephemeralWorkerCall<LinkingTicket>({\n kind: \"openLinkingTicket\", id: 1, sealed, newDevicePriv,\n });\n }\n\n // Spawn-call-terminate helper for stateless WASM functions exposed at module scope (no\n // PingClient required). Each call gets a fresh worker; the cost is acceptable because\n // these are one-shot, off-the-hot-path operations (identity gen, linking ticket seal/open).\n private static ephemeralWorkerCall<T>(req: Request): Promise<T> {\n const w = new Worker(new URL(\"./worker.js\", import.meta.url), { type: \"module\" });\n return new Promise<T>((resolve, reject) => {\n w.onmessage = (ev) => {\n const msg = ev.data as Response;\n if (msg.kind === \"result\" && msg.id === (req as { id: number }).id) {\n w.terminate();\n msg.ok ? resolve(msg.value as T) : reject(new Error(msg.error));\n }\n };\n w.postMessage(req);\n });\n }\n\n static async init(cfg: ClientConfig): Promise<MessagingClient> {\n const worker = new Worker(new URL(\"./worker.js\", import.meta.url), { type: \"module\" });\n const client = new MessagingClient(cfg, worker);\n\n await client.call({\n kind: \"init\",\n id: client.nextId++,\n identityExport: cfg.identityExport,\n deviceLabel: cfg.deviceLabel,\n nowMs: client.now(),\n ...(cfg.deviceSigningSecretKey\n ? { deviceSigningSecretKey: cfg.deviceSigningSecretKey }\n : {}),\n });\n\n // Cache the device id once so we can drop envelopes we sent ourselves on the WS echo.\n client.ownDeviceId = await client.deviceId();\n\n // Start the live subscription. We dispatch each envelope to the right handler:\n // - Welcome envelopes for unknown conversations → joinConversation\n // - Welcomes for already-joined conversations → drop (server may broadcast duplicates)\n // - Welcomes addressed to other devices → drop (we can't decrypt)\n // - Everything else → processEnvelope\n client.subscription = cfg.transport.subscribe((envelope) => {\n void client.dispatchIncoming(envelope);\n });\n return client;\n }\n\n /* Internal: route an inbound envelope to the right handler. /\n private async dispatchIncoming(envelope: MessageEnvelope): Promise<void> {\n // The relay broadcasts every envelope to every WS subscriber, including the sender. For\n // our own sends, the local MLS state has already been advanced in-process — re-applying\n // would either fail with \"epoch differs\" (commits) or be a no-op dedupe (application\n // messages). Skip them here.\n if (this.ownDeviceId && sameBytesU8(envelope.sender_device, this.ownDeviceId)) {\n return;\n }\n if (envelope.kind === \"Welcome\") {\n try {\n const known = await this.listConversations();\n const already = known.some((m) => sameBytesU8(m.id, envelope.conversation_id));\n if (already) return;\n await this.joinConversation(envelope);\n } catch (e) {\n // Welcomes are broadcast to every connected client; only one device's KeyPackage can\n // decrypt each one, so most fail. Log at debug, drop silently.\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] welcome ignored:\", e);\n }\n return;\n }\n try {\n await this.processEnvelope(envelope);\n } catch (e) {\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] envelope drop:\", e);\n }\n }\n\n // ------------------------ Public API ------------------------\n\n async userId(): Promise<UserId> {\n return await this.call({ kind: \"userId\", id: this.nextId++ }) as UserId;\n }\n\n async deviceId(): Promise<DeviceId> {\n return await this.call({ kind: \"deviceId\", id: this.nextId++ }) as DeviceId;\n }\n\n async freshKeyPackage(): Promise<Uint8Array> {\n return await this.call({ kind: \"freshKeyPackage\", id: this.nextId++ }) as Uint8Array;\n }\n\n async createConversation(opts: { name?: string } = {}): Promise<Conversation> {\n const idBytes = await this.call({\n kind: \"createConversation\", id: this.nextId++, name: opts.name ?? null, nowMs: this.now(),\n }) as ConversationId;\n return this.conversationProxy(idBytes);\n }\n\n async joinConversation(welcome: MessageEnvelope): Promise<Conversation> {\n const idBytes = await this.call({\n kind: \"joinConversation\", id: this.nextId++, welcome, nowMs: this.now(),\n }) as ConversationId;\n return this.conversationProxy(idBytes);\n }\n\n /\n Get a `Conversation` proxy for an already-known conversation. Use this when you have a\n * conversation id (e.g., from `listConversations()`) and want to send/addMembers without\n * re-creating it. Throws if the id isn't known to the worker — call `listConversations()`\n * first to verify membership.\n /\n getConversation(id: ConversationId): Conversation {\n return this.conversationProxy(id);\n }\n\n async listConversations(): Promise<ConversationMeta[]> {\n const metas = await this.call({ kind: \"listConversations\", id: this.nextId++ }) as ConversationMeta[];\n this.metaCache.clear();\n for (const m of metas) this.metaCache.set(hex(m.id), m);\n return metas;\n }\n\n async syncConversations(): Promise<IncomingMessage[]> {\n return await this.call({\n kind: \"syncConversations\", id: this.nextId++, nowMs: this.now(),\n }) as IncomingMessage[];\n }\n\n async processEnvelope(envelope: MessageEnvelope): Promise<IncomingMessage \| null> {\n return await this.call({\n kind: \"processEnvelope\", id: this.nextId++, envelope, nowMs: this.now(),\n }) as IncomingMessage \| null;\n }\n\n /\n Build a `LinkingTicket` for a new device.\n \n [CR-13] `lastAppEvents` is host-supplied per-conversation \"what you missed\" data\n * (decrypted AppEvent bytes the new device will render before sync catches up).\n * Pass `[]` to suppress catchup data — the new device will see an empty conversation\n * list until normal sync runs.\n \n Caller is responsible for HPKE-sealing the returned ticket via\n * `MessagingClient.sealLinkingTicket` before transmitting (CR-3).\n /\n async buildLinkingTicket(\n newDeviceId: DeviceId,\n newDeviceKp: Uint8Array,\n lastAppEvents: CatchupAppEvent[] = [],\n ): Promise<LinkingTicket> {\n return await this.call({\n kind: \"buildLinkingTicket\", id: this.nextId++,\n newDeviceId, newDeviceKp, lastAppEvents, nowMs: this.now(),\n }) as LinkingTicket;\n }\n\n /\n Decode a `LinkingTicket.catchup_snapshot` blob ([CR-13]).\n \n Pure WASM — runs in an ephemeral worker so the new device can call this before\n * `MessagingClient.init()` completes (just like `openLinkingTicket`). Returns the\n * structured view: per-conversation metas + last-known AppEvent bytes.\n \n Throws on malformed or oversized inputs. Empty bytes return `null` — that's the\n * \"no catchup data\" case (sender passed `[]` to buildLinkingTicket).\n /\n static async decodeCatchupSnapshot(\n snapshotBytes: Uint8Array,\n ): Promise<CatchupSnapshotView \| null> {\n if (snapshotBytes.length === 0) return null;\n return MessagingClient.ephemeralWorkerCall<CatchupSnapshotView>({\n kind: \"decodeCatchupSnapshot\", id: 1, snapshotBytes,\n });\n }\n\n async consumeLinkingTicket(ticket: LinkingTicket): Promise<void> {\n await this.call({\n kind: \"consumeLinkingTicket\", id: this.nextId++, ticket, nowMs: this.now(),\n });\n }\n\n // ------------------------ Recovery (account backup) ------------------------\n // All static + stateless: they run on an ephemeral worker, so the recovery screen can\n // call them before any client is initialised. Same Argon2id/AES-256-GCM IdentityBackup\n // wire format as the iOS/Android FFI bindings — backups are portable across platforms.\n\n /* Generate a fresh 12-word BIP39 mnemonic, returned as its canonical phrase string. /\n static async generateMnemonicPhrase(): Promise<string> {\n return MessagingClient.ephemeralWorkerCall<string>({\n kind: \"generateMnemonicPhrase\", id: 1,\n });\n }\n\n /* Validate + canonicalise a user-entered phrase (BIP39 wordlist + checksum). Rejects\n * malformed input. Use on the recovery screen before calling `decryptBackup`. /\n static async normalizeMnemonicPhrase(phrase: string): Promise<string> {\n return MessagingClient.ephemeralWorkerCall<string>({\n kind: \"normalizeMnemonicPhrase\", id: 1, phrase,\n });\n }\n\n /* Encrypt an IdentityBackup for `POST /v1/recovery/blobs`. `deviceGroupSnapshot` may be\n * empty (Conservative path) or the DeviceGroup's `exportConversationStateSnapshot`. /\n static async encryptBackup(args: {\n mnemonicPhrase: string;\n accountId: Uint8Array;\n identityExport: Uint8Array;\n deviceGroupSnapshot: Uint8Array;\n /* External conversations to embed so recovery restores them offline. Pass\n * `[]` (the default) for identity + DeviceGroup only. Each `groupStateBytes`\n * is `Conversation.exportConversationStateSnapshot` output. Forward-secrecy\n * trade-off — see the SDK recovery docs. /\n conversationSnapshots?: { conversationId: Uint8Array; groupStateBytes: Uint8Array }[];\n createdAtMs: number;\n }): Promise<Uint8Array> {\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"encryptBackup\", id: 1,\n mnemonicPhrase: args.mnemonicPhrase,\n accountId: args.accountId,\n identityExport: args.identityExport,\n deviceGroupSnapshot: args.deviceGroupSnapshot,\n conversationSnapshots: args.conversationSnapshots ?? [],\n createdAtMs: args.createdAtMs,\n });\n }\n\n /* Decrypt a recovery blob from `GET /v1/recovery/blobs`. Throws on wrong mnemonic or a\n * tampered blob. The returned `identity_export` is the secret seed for `init`. /\n static async decryptBackup(\n blob: Uint8Array,\n mnemonicPhrase: string,\n ): Promise<RecoveryBackup> {\n return MessagingClient.ephemeralWorkerCall<RecoveryBackup>({\n kind: \"decryptBackup\", id: 1, blob, mnemonicPhrase,\n });\n }\n\n // ------------------------ Peer-assisted history transfer ------------------------\n // Authenticated (sign-then-encrypt) device-to-device history used by linking and\n // post-recovery peer re-add. Confidential to the recipient's ephemeral X25519 key AND\n // signed by the account identity key, so the receiver proves the sender. Plaintext-only\n // share — preserves forward secrecy (no MLS keys leave the device).\n\n /* Seal+sign a `HistoryBundle` for a recipient device. `recipientPub` (X25519, 32B) is the\n * recipient's ephemeral pubkey from the linking QR; `senderIdentitySecret` (Ed25519 seed,\n * 32B) is this account's identity key. Returns the blob to POST to /v1/history-transfers. /\n static async sealHistoryBundle(\n bundle: HistoryBundle,\n recipientPub: Uint8Array,\n senderIdentitySecret: Uint8Array,\n ): Promise<Uint8Array> {\n return MessagingClient.ephemeralWorkerCall<Uint8Array>({\n kind: \"sealHistoryBundle\", id: 1, bundle, recipientPub, senderIdentitySecret,\n });\n }\n\n /* Open+verify a sealed history bundle. `recipientPriv` (X25519, 32B) is this device's\n * ephemeral private key; `senderIdentityPub` (Ed25519, 32B) is the account identity pubkey\n * from the linking handshake. Throws if the signature doesn't verify. /\n static async openHistoryBundle(\n sealed: Uint8Array,\n recipientPriv: Uint8Array,\n senderIdentityPub: Uint8Array,\n ): Promise<HistoryBundle> {\n return MessagingClient.ephemeralWorkerCall<HistoryBundle>({\n kind: \"openHistoryBundle\", id: 1, sealed, recipientPriv, senderIdentityPub,\n });\n }\n\n /\n Admit a freshly-linked device to every chat in `entries` — one MLS\n * Commit + Welcome per chat, with the Welcome's `?recipient=` priming\n * handled inside the SDK. This is the post-link reconciliation step\n * that follows `consumeLinkingTicket`: the new device has the\n * DeviceGroup (from the ticket) and metadata for external chats (from\n * the catchup snapshot), but its leaf is not yet in any external\n * MLS group. The host on the EXISTING device calls this once the\n * new device shows up in `/v1/auth/sessions` and has uploaded its\n * KeyPackage batch, passing one freshly-claimed KP per chat.\n \n Per-chat failures (stale KP, transport error, unknown chat) are\n * captured in the returned outcomes rather than aborting — one bad\n * chat shouldn't lose the user access to all the others.\n /\n async admitDeviceToChats(\n deviceId: DeviceId,\n entries: AdmitChatEntry[],\n ): Promise<AdmitChatOutcome[]> {\n return await this.call({\n kind: \"admitDeviceToChats\", id: this.nextId++,\n deviceId, entries, nowMs: this.now(),\n }) as AdmitChatOutcome[];\n }\n\n /\n Revoke a device ([CR-2]).\n \n Removes `deviceId`'s leaf from every conversation where this client locally\n * tracked the device→leaf mapping (i.e. conversations where this client itself\n * admitted the device via `addMembers`, or where this client is the device being\n * revoked). The SDK has already broadcast each Commit envelope via\n * `transport.send`; the returned array is for any additional host-side handling\n * (audit logs, UI). An empty array is a valid outcome — the device wasn't locally\n * known anywhere.\n \n Scope note. Conversations where a peer admitted the device on this client's\n * behalf are silently skipped — the leaf index isn't locally known. Host can fall\n * back to `transport.discoverDevices` + a manual `remove_members(leafIndex)` for\n * those, or wait for the affected user to revoke from a device that did the admit.\n * See `docs/architecture/multi-device.md §Device removal`.\n /\n async revokeDevice(deviceId: DeviceId): Promise<MessageEnvelope[]> {\n return await this.call({\n kind: \"revokeDevice\", id: this.nextId++, deviceId, nowMs: this.now(),\n }) as MessageEnvelope[];\n }\n\n /\n Export a portable MLS state snapshot for one conversation ([CR-7]).\n \n Returned bytes can be embedded in a recovery blob or shipped through a\n * linking ticket so another device of the same user identity can re-attach to\n * the group via [[importStateSnapshot]]. The bytes contain past epoch secrets;\n * never log, never persist unencrypted, wipe (`.fill(0)`) after use.\n /\n async exportConversationStateSnapshot(conv: ConversationId): Promise<Uint8Array> {\n return await this.call({\n kind: \"exportConversationStateSnapshot\", id: this.nextId++,\n conv, nowMs: this.now(),\n }) as Uint8Array;\n }\n\n /\n Import a `GroupStateSnapshot` from another device of the same user identity\n * ([CR-7]).\n \n On success, the conversation appears in [[listConversations]] and decryption\n * of subsequent peer-originated traffic works against the imported state. For\n * full multi-device participation, the recovered device SHOULD then issue an\n * MLS Update Proposal to rotate onto a fresh leaf (post-v1 follow-up — see\n * `docs/design/CR4_CR7_PERSISTENCE.md` open question #3).\n /\n async importStateSnapshot(snapshotBytes: Uint8Array): Promise<ConversationId> {\n return await this.call({\n kind: \"importStateSnapshot\", id: this.nextId++,\n snapshotBytes, nowMs: this.now(),\n }) as ConversationId;\n }\n\n /\n Export a derived secret from a conversation's MLS exporter ([CR-8]).\n \n Used to seed the ephemeral channel (`ping/ephemeral`), call-media keys\n * (`ping/calls/media/<call_id>`), and call-ephemeral framer keys\n * (`ping/calls/ephemeral/<call_id>`). The returned bytes are a secret — never log,\n * persist only encrypted, and call `bytes.fill(0)` after use to wipe the typed array.\n \n Same `(conversationId, current_epoch, label, context, length)` produces the same\n * bytes across every binding (Rust core, native UniFFI, WASM/JS). Cross-platform\n * byte-equality is enforced by `protocol/conformance/export_secret/`.\n /\n async exportConversationSecret(\n conv: ConversationId,\n label: string,\n context: Uint8Array,\n length: number,\n ): Promise<Uint8Array> {\n if (length <= 0 \|\| length > 1024) {\n throw new Error(\"exportConversationSecret: length must be 1..=1024\");\n }\n return await this.call({\n kind: \"exportConversationSecret\", id: this.nextId++,\n conv, label, context, length,\n }) as Uint8Array;\n }\n\n /* Subscribe to decrypted application messages. /\n onMessage(handler: (m: IncomingMessage) => void): () => void {\n this.messageHandlers.add(handler);\n return () => this.messageHandlers.delete(handler);\n }\n\n /* Fired after every state-changing event for a conversation (Commit, member changes). /\n /\n Fires after every conversation state change — joining via Welcome, processing a Commit,\n * etc. `sender` carries the device id of whoever triggered the event when known (e.g. the\n * inviter's device on auto-join), so the host can label peers in its UI.\n /\n onConversationUpdated(handler: (id: ConversationId, epoch: number, sender?: DeviceId) => void): () => void {\n this.conversationHandlers.add(handler);\n return () => this.conversationHandlers.delete(handler);\n }\n\n async close(): Promise<void> {\n this.subscription?.unsubscribe();\n this.worker.terminate();\n }\n\n // ------------------------ Internals ------------------------\n\n private conversationProxy(id: ConversationId): Conversation {\n const self = this;\n return {\n id,\n async send(plaintext) {\n return await self.call({\n kind: \"send\", id: self.nextId++, conv: id, plaintext, nowMs: self.now(),\n }) as MessageEnvelope;\n },\n async addMembers(entries) {\n await self.call({\n kind: \"addMembers\", id: self.nextId++, conv: id, entries, nowMs: self.now(),\n });\n },\n async removeMembers(leaves) {\n await self.call({\n kind: \"removeMembers\", id: self.nextId++, conv: id, leaves, nowMs: self.now(),\n });\n },\n meta() {\n const cached = self.metaCache.get(hex(id));\n if (!cached) throw new Error(\"conversation meta not loaded; call listConversations() first\");\n return cached;\n },\n };\n }\n\n private call(req: Request): Promise<unknown> {\n return new Promise((resolve, reject) => {\n this.pending.set((req as { id: number }).id, { resolve, reject });\n this.worker.postMessage(req);\n });\n }\n\n private async handleWorker(msg: Response) {\n switch (msg.kind) {\n case \"result\": {\n const slot = this.pending.get(msg.id);\n if (!slot) return;\n this.pending.delete(msg.id);\n msg.ok ? slot.resolve(msg.value) : slot.reject(new Error(msg.error));\n return;\n }\n case \"event.message\": {\n for (const h of this.messageHandlers) h(msg.msg);\n return;\n }\n case \"event.conversation\": {\n for (const h of this.conversationHandlers) h(msg.id, msg.epoch, msg.sender);\n return;\n }\n case \"storage.call\": {\n try {\n const v = await (this.storage as unknown as Record<string, (...a: unknown[]) => unknown>)\n [msg.method]?.(...msg.args);\n this.worker.postMessage({ kind: \"storage.reply\", id: msg.id, ok: true, value: v } as Request);\n } catch (e) {\n this.worker.postMessage({\n kind: \"storage.reply\", id: msg.id, ok: false, error: String(e),\n } as Request);\n }\n return;\n }\n case \"transport.call\": {\n try {\n const v = await (this.transport as unknown as Record<string, (...a: unknown[]) => unknown>)\n [msg.method]?.(...msg.args);\n this.worker.postMessage({ kind: \"transport.reply\", id: msg.id, ok: true, value: v } as Request);\n } catch (e) {\n this.worker.postMessage({\n kind: \"transport.reply\", id: msg.id, ok: false, error: String(e),\n } as Request);\n }\n return;\n }\n }\n }\n}\n\nfunction hex(b: Uint8Array): string {\n let s = \"\";\n for (const v of b) s += v.toString(16).padStart(2, \"0\");\n return s;\n}\n\nfunction sameBytesU8(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;\n return true;\n}\n","// Default IndexedDB-backed Storage implementation. Hosts can supply their own.\n\nimport type { Storage } from \"../types\";\n\nconst DB_NAME = \"ping-sdk\";\nconst DB_VERSION = 1;\nconst STORE = \"kv\";\n\ninterface Row { ns: string; key: string; value: Uint8Array }\n\nfunction open(): Promise<IDBDatabase> {\n return new Promise((resolve, reject) => {\n const req = indexedDB.open(DB_NAME, DB_VERSION);\n req.onupgradeneeded = () => {\n const db = req.result;\n if (!db.objectStoreNames.contains(STORE)) {\n const os = db.createObjectStore(STORE, { keyPath: [\"ns\", \"key\"] });\n os.createIndex(\"ns\", \"ns\", { unique: false });\n }\n };\n req.onsuccess = () => resolve(req.result);\n req.onerror = () => reject(req.error);\n });\n}\n\nexport class IndexedDbStorage implements Storage {\n private dbPromise: Promise<IDBDatabase>;\n\n constructor() { this.dbPromise = open(); }\n\n async get(namespace: string, key: string): Promise<Uint8Array \| null> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readonly\");\n const r = tx.objectStore(STORE).get([namespace, key]);\n r.onsuccess = () => resolve(((r.result as Row \| undefined)?.value) ?? null);\n r.onerror = () => reject(r.error);\n });\n }\n\n async put(namespace: string, key: string, value: Uint8Array): Promise<void> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readwrite\");\n tx.objectStore(STORE).put({ ns: namespace, key, value } as Row);\n tx.oncomplete = () => resolve();\n tx.onerror = () => reject(tx.error);\n });\n }\n\n async del(namespace: string, key: string): Promise<void> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readwrite\");\n tx.objectStore(STORE).delete([namespace, key]);\n tx.oncomplete = () => resolve();\n tx.onerror = () => reject(tx.error);\n });\n }\n\n async listKeys(namespace: string, prefix: string): Promise<string[]> {\n const db = await this.dbPromise;\n return new Promise((resolve, reject) => {\n const tx = db.transaction(STORE, \"readonly\");\n const idx = tx.objectStore(STORE).index(\"ns\");\n const req = idx.openCursor(IDBKeyRange.only(namespace));\n const out: string[] = [];\n req.onsuccess = () => {\n const cur = req.result;\n if (!cur) return resolve(out);\n const row = cur.value as Row;\n if (!prefix \|\| row.key.startsWith(prefix)) out.push(row.key);\n cur.continue();\n };\n req.onerror = () => reject(req.error);\n });\n }\n}\n","// Ping wire contract — TypeScript counterpart to the `ping-wire-contract` Rust crate.\n//\n// MUST stay in lockstep with `core/ping-wire-contract/src/lib.rs`. The full normative spec\n// lives in `docs/PING_WIRE_CONTRACT.md`.\n//\n// What this module is for: code paths that cross the network boundary (transports, relays,\n// service workers) that need to advertise or validate ping-wire-contract conformance from\n// JavaScript without round-tripping through WASM.\n\nimport type { MessageEnvelope } from \"./types\";\n\n/\n Ping wire contract version. Bumped on incompatible profile changes.\n \n Currently `2` — CR-6 changes the `content_hash` semantics for `Application` envelopes\n * (now hashed over plaintext, not the MLS ciphertext). Receivers run a 90-day dual-accept\n * window per Q-ARCH-02; see [[validate]] for the per-version routing.\n /\nexport const PING_WIRE_CONTRACT_VERSION = 2;\n\n/* Lowest envelope version accepted by [[validate]] during the dual-accept window. /\nexport const WIRE_VERSION_MIN_ACCEPTED = 1;\n\n/* Canonical CBOR content type. Production transports SHOULD use this. /\nexport const CONTENT_TYPE_CBOR = \"application/vnd.ping.wire.v2+cbor\";\n\n/* JSON projection — development and tooling only. Production MUST NOT use this. /\nexport const CONTENT_TYPE_JSON = \"application/vnd.ping.wire.v2+json\";\n\n/* Legacy v1 CBOR type, accepted during the CR-6 dual-accept window. /\nexport const CONTENT_TYPE_CBOR_LEGACY_V1 = \"application/vnd.ping.wire.v1+cbor\";\n\n/* Legacy v1 JSON type, accepted during the CR-6 dual-accept window. /\nexport const CONTENT_TYPE_JSON_LEGACY_V1 = \"application/vnd.ping.wire.v1+json\";\n\n/* Header used over transports that don't surface a content type (e.g. WebSocket). /\nexport const PING_WIRE_CONTRACT_HEADER = \"X-Ping-Wire-Contract\";\n\n/* Header value: `ping/<VERSION>`. /\nexport const PING_WIRE_CONTRACT_HEADER_VALUE = `ping/${PING_WIRE_CONTRACT_VERSION}`;\n\nexport type ValidationErrorKind =\n \| \"UnsupportedVersion\"\n \| \"BadConversationIdLen\"\n \| \"BadSenderDeviceLen\"\n \| \"ContentHashMismatch\";\n\nexport class ValidationError extends Error {\n constructor(public readonly kind: ValidationErrorKind, message: string) {\n super(message);\n this.name = \"PingWireContractValidationError\";\n }\n}\n\nconst KIND_DISCRIMINANT: Record<MessageEnvelope[\"kind\"], number> = {\n Application: 1,\n Commit: 2,\n Welcome: 3,\n Proposal: 4,\n KeyPackage: 5,\n};\n\nasync function sha256(bytes: Uint8Array): Promise<Uint8Array> {\n // `crypto.subtle` is available in browsers, Node 20+, and Workers. `bytes.buffer`\n // is typed as `ArrayBufferLike` which TS won't accept as `BufferSource` (the union\n // includes `SharedArrayBuffer`); pass an explicit ArrayBuffer slice instead.\n const ab = bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength) as ArrayBuffer;\n const hash = await crypto.subtle.digest(\"SHA-256\", ab);\n return new Uint8Array(hash);\n}\n\nfunction bytesEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;\n return true;\n}\n\n/\n Validate an envelope against the ping-wire-contract.\n \n Receivers claiming contract conformance MUST call this before applying any envelope.\n * External consumers using the raw envelope under their own profile are not bound by\n * these rules.\n \n CR-6 dual-accept window: `v ∈ [WIRE_VERSION_MIN_ACCEPTED, PING_WIRE_CONTRACT_VERSION]`\n * passes the version gate. For v=2 `Application` envelopes the content_hash is over\n * plaintext, so this function skips that check — callers MUST run\n * [[verifyApplicationContentHash]] after MLS decrypt to close the loop.\n /\nexport async function validate(env: MessageEnvelope): Promise<void> {\n if (env.v < WIRE_VERSION_MIN_ACCEPTED \|\| env.v > PING_WIRE_CONTRACT_VERSION) {\n throw new ValidationError(\n \"UnsupportedVersion\",\n `unsupported wire-contract version: envelope says v=${env.v}, expected v∈[${WIRE_VERSION_MIN_ACCEPTED}, ${PING_WIRE_CONTRACT_VERSION}]`,\n );\n }\n if (env.conversation_id.length !== 16) {\n throw new ValidationError(\n \"BadConversationIdLen\",\n `conversation_id must be 16 bytes (ULID), got ${env.conversation_id.length}`,\n );\n }\n if (env.sender_device.length !== 32) {\n throw new ValidationError(\n \"BadSenderDeviceLen\",\n `sender_device must be 32 bytes, got ${env.sender_device.length}`,\n );\n }\n // CR-6 routing: skip the hash check for v=2 application envelopes.\n if (env.v >= 2 && env.kind === \"Application\") {\n return;\n }\n const buf = new Uint8Array(1 + env.payload.length);\n buf[0] = KIND_DISCRIMINANT[env.kind];\n buf.set(env.payload, 1);\n const computed = await sha256(buf);\n if (!bytesEqual(computed, env.content_hash)) {\n throw new ValidationError(\n \"ContentHashMismatch\",\n \"content_hash mismatch: envelope is forged, corrupted, or built by a non-conformant sender\",\n );\n }\n}\n\n/\n Verify a v=2 `Application` envelope's content_hash against the decrypted plaintext.\n \n Caller MUST run this after MLS decrypt for application envelopes whose `v >= 2`. For\n * v=1 envelopes or handshake kinds this is a no-op (those are covered by [[validate]]).\n /\nexport async function verifyApplicationContentHash(\n env: MessageEnvelope,\n plaintext: Uint8Array,\n): Promise<void> {\n if (env.v < 2 \|\| env.kind !== \"Application\") return;\n const computed = await sha256(plaintext);\n if (!bytesEqual(computed, env.content_hash)) {\n throw new ValidationError(\n \"ContentHashMismatch\",\n \"v=2 application content_hash mismatch against decrypted plaintext\",\n );\n }\n}\n\n/\n True if the supplied content type negotiates the ping-wire-contract.\n \n Accepts the v2 canonical types AND the v1 legacy types during the CR-6 dual-accept\n * window. Tolerates whitespace and parameters (e.g. `; charset=utf-8`).\n */\nexport function negotiates(contentType: string \| null \| undefined): boolean {\n if (!contentType) return false;\n const primary = contentType.split(\";\")[0]?.trim().toLowerCase() ?? \"\";\n return (\n primary === CONTENT_TYPE_CBOR\n \|\| primary === CONTENT_TYPE_JSON\n \|\| primary === CONTENT_TYPE_CBOR_LEGACY_V1\n \|\| primary === CONTENT_TYPE_JSON_LEGACY_V1\n );\n}\n","// Reference WebSocket transport. Treats the server as an opaque relay that:\n// - accepts a CBOR-encoded MessageEnvelope on `send`\n// - returns events newer than a cursor on `fetchSince`\n// - streams new events on the WS itself for `subscribe`\n// - exposes a directory endpoint for `discoverDevices`\n//\n// This is a sample. Real deployments will tune framing / auth.\n\nimport type { ConversationId, DiscoveredDevice, MessageEnvelope, Transport, UserId } from \"../types\";\nimport {\n CONTENT_TYPE_JSON,\n PING_WIRE_CONTRACT_HEADER,\n PING_WIRE_CONTRACT_HEADER_VALUE,\n} from \"../wire-contract\";\n\nexport interface WsTransportConfig {\n baseUrl: string; // ws[s]://...\n authHeader?: string; // optional bearer token\n fetchImpl?: typeof fetch; // override for SSR / tests\n}\n\nexport class WebSocketTransport implements Transport {\n private ws: WebSocket \| null = null;\n private liveHandlers = new Set<(env: MessageEnvelope) => void>();\n private fetchImpl: typeof fetch;\n\n constructor(private cfg: WsTransportConfig) {\n this.fetchImpl = cfg.fetchImpl ?? globalThis.fetch.bind(globalThis);\n this.openSocket();\n }\n\n private openSocket() {\n if (typeof WebSocket === \"undefined\") return;\n const url = `${this.cfg.baseUrl.replace(/^http/, \"ws\")}/stream`;\n this.ws = new WebSocket(url);\n this.ws.onmessage = (ev) => {\n // Server sends one JSON envelope per text frame.\n const text = typeof ev.data === \"string\" ? ev.data : new TextDecoder().decode(ev.data as ArrayBuffer);\n try {\n const env = JSON.parse(text, reviver) as MessageEnvelope;\n for (const h of this.liveHandlers) h(env);\n } catch (e) {\n if (typeof console !== \"undefined\") console.debug(\"[ping-sdk] WS frame parse error:\", e);\n }\n };\n this.ws.onclose = () => setTimeout(() => this.openSocket(), 1000);\n }\n\n async send(envelope: MessageEnvelope): Promise<void> {\n // We're emitting the JSON projection of the ping-wire-contract. Production transports\n // would use CONTENT_TYPE_CBOR with a real CBOR codec; for the demo path the JSON shape\n // is the documented development projection.\n const res = await this.fetchImpl(`${this.cfg.baseUrl}/send`, {\n method: \"POST\",\n headers: {\n \"content-type\": CONTENT_TYPE_JSON,\n [PING_WIRE_CONTRACT_HEADER]: PING_WIRE_CONTRACT_HEADER_VALUE,\n ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}),\n },\n body: JSON.stringify(envelope, replacer),\n });\n if (res.status === 409) throw new Error(\"EpochOccupied\");\n if (!res.ok) throw new Error(`transport send failed: ${res.status}`);\n }\n\n async fetchSince(conversationId: ConversationId, cursor: Uint8Array, limit: number): Promise<MessageEnvelope[]> {\n const url = new URL(`${this.cfg.baseUrl}/sync`);\n url.searchParams.set(\"conv\", toHex(conversationId));\n url.searchParams.set(\"cursor\", btoaUrl(cursor));\n url.searchParams.set(\"limit\", String(limit));\n const res = await this.fetchImpl(url.toString(), {\n headers: { ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}) },\n });\n if (!res.ok) throw new Error(`transport fetch failed: ${res.status}`);\n const text = await res.text();\n return JSON.parse(text, reviver) as MessageEnvelope[];\n }\n\n subscribe(onEvent: (env: MessageEnvelope) => void): { unsubscribe(): void } {\n this.liveHandlers.add(onEvent);\n return { unsubscribe: () => this.liveHandlers.delete(onEvent) };\n }\n\n async discoverDevices(userId: UserId): Promise<DiscoveredDevice[]> {\n const res = await this.fetchImpl(`${this.cfg.baseUrl}/devices/${toHex(userId)}`, {\n headers: { ...(this.cfg.authHeader ? { authorization: this.cfg.authHeader } : {}) },\n });\n if (!res.ok) throw new Error(`device discovery failed: ${res.status}`);\n const text = await res.text();\n return JSON.parse(text, reviver) as DiscoveredDevice[];\n }\n}\n\n// ---- Wire codec ----\n//\n// Demo wire format: JSON with byte fields wrapped as `{ _bytes: number[] }`. The relay's\n// `envFromJson`/`envToJson` use the same shape. The spec calls for CBOR; v0.2 swaps in a\n// real CBOR codec, but the JSON form is much friendlier to debug.\n//\n// (decodeEnvelope helpers used to live here; collapsed into inline JSON.parse calls above.)\n\nfunction replacer(_k: string, v: unknown): unknown {\n if (v instanceof Uint8Array) return { _bytes: Array.from(v) };\n return v;\n}\nfunction reviver(_k: string, v: unknown): unknown {\n if (v && typeof v === \"object\" && Array.isArray((v as { _bytes?: number[] })._bytes)) {\n return new Uint8Array((v as { _bytes: number[] })._bytes);\n }\n return v;\n}\n\nfunction toHex(b: Uint8Array): string {\n let s = \"\"; for (const v of b) s += v.toString(16).padStart(2, \"0\"); return s;\n}\nfunction btoaUrl(b: Uint8Array): string {\n let s = \"\"; for (const v of b) s += String.fromCharCode(v);\n return btoa(s).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIA,IAAM,UAAU;AAChB,IAAM,aAAa;AACnB,IAAM,QAAQ;AAId,SAAS,OAA6B;AACpC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,MAAM,UAAU,KAAK,SAAS,UAAU;AAC9C,QAAI,kBAAkB,MAAM;AAC1B,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAG,iBAAiB,SAAS,KAAK,GAAG;AACxC,cAAM,KAAK,GAAG,kBAAkB,OAAO,EAAE,SAAS,CAAC,MAAM,KAAK,EAAE,CAAC;AACjE,WAAG,YAAY,MAAM,MAAM,EAAE,QAAQ,MAAM,CAAC;AAAA,MAC9C;AAAA,IACF;AACA,QAAI,YAAY,MAAM,QAAQ,IAAI,MAAM;AACxC,QAAI,UAAU,MAAM,OAAO,IAAI,KAAK;AAAA,EACtC,CAAC;AACH;AAEO,IAAM,mBAAN,MAA0C;AAAA,EACvC;AAAA,EAER,cAAc;AAAE,SAAK,YAAY,KAAK;AAAA,EAAG;AAAA,EAEzC,MAAM,IAAI,WAAmB,KAAyC;AACpE,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,UAAU;AAC3C,YAAM,IAAI,GAAG,YAAY,KAAK,EAAE,IAAI,CAAC,WAAW,GAAG,CAAC;AACpD,QAAE,YAAY,MAAM,QAAU,EAAE,QAA4B,SAAU,IAAI;AAC1E,QAAE,UAAU,MAAM,OAAO,EAAE,KAAK;AAAA,IAClC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,WAAmB,KAAa,OAAkC;AAC1E,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,WAAW;AAC5C,SAAG,YAAY,KAAK,EAAE,IAAI,EAAE,IAAI,WAAW,KAAK,MAAM,CAAQ;AAC9D,SAAG,aAAa,MAAM,QAAQ;AAC9B,SAAG,UAAU,MAAM,OAAO,GAAG,KAAK;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,IAAI,WAAmB,KAA4B;AACvD,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,WAAW;AAC5C,SAAG,YAAY,KAAK,EAAE,OAAO,CAAC,WAAW,GAAG,CAAC;AAC7C,SAAG,aAAa,MAAM,QAAQ;AAC9B,SAAG,UAAU,MAAM,OAAO,GAAG,KAAK;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,SAAS,WAAmB,QAAmC;AACnE,UAAM,KAAK,MAAM,KAAK;AACtB,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,YAAM,KAAK,GAAG,YAAY,OAAO,UAAU;AAC3C,YAAM,MAAM,GAAG,YAAY,KAAK,EAAE,MAAM,IAAI;AAC5C,YAAM,MAAM,IAAI,WAAW,YAAY,KAAK,SAAS,CAAC;AACtD,YAAM,MAAgB,CAAC;AACvB,UAAI,YAAY,MAAM;AACpB,cAAM,MAAM,IAAI;AAChB,YAAI,CAAC,IAAK,QAAO,QAAQ,GAAG;AAC5B,cAAM,MAAM,IAAI;AAChB,YAAI,CAAC,UAAU,IAAI,IAAI,WAAW,MAAM,EAAG,KAAI,KAAK,IAAI,GAAG;AAC3D,YAAI,SAAS;AAAA,MACf;AACA,UAAI,UAAU,MAAM,OAAO,IAAI,KAAK;AAAA,IACtC,CAAC;AAAA,EACH;AACF;;;AC3DO,IAAM,6BAA6B;AAGnC,IAAM,4BAA4B;AAGlC,IAAM,oBAAoB;AAG1B,IAAM,oBAAoB;AAG1B,IAAM,8BAA8B;AAGpC,IAAM,8BAA8B;AAGpC,IAAM,4BAA4B;AAGlC,IAAM,kCAAkC,QAAQ,0BAA0B;AAQ1E,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YAA4B,MAA2B,SAAiB;AACtE,UAAM,OAAO;AADa;AAE1B,SAAK,OAAO;AAAA,EACd;AAAA,EAH4B;AAI9B;AAEA,IAAM,oBAA6D;AAAA,EACjE,aAAa;AAAA,EACb,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,UAAU;AAAA,EACV,YAAY;AACd;AAEA,eAAe,OAAO,OAAwC;AAI5D,QAAM,KAAK,MAAM,OAAO,MAAM,MAAM,YAAY,MAAM,aAAa,MAAM,UAAU;AACnF,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,EAAE;AACrD,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,SAAS,WAAW,GAAe,GAAwB;AACzD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,KAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAC7D,SAAO;AACT;AAcA,eAAsB,SAAS,KAAqC;AAClE,MAAI,IAAI,IAAI,6BAA6B,IAAI,IAAI,4BAA4B;AAC3E,UAAM,IAAI;AAAA,MACR;AAAA,MACA,sDAAsD,IAAI,CAAC,sBAAiB,yBAAyB,KAAK,0BAA0B;AAAA,IACtI;AAAA,EACF;AACA,MAAI,IAAI,gBAAgB,WAAW,IAAI;AACrC,UAAM,IAAI;AAAA,MACR;AAAA,MACA,gDAAgD,IAAI,gBAAgB,MAAM;AAAA,IAC5E;AAAA,EACF;AACA,MAAI,IAAI,cAAc,WAAW,IAAI;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,MACA,uCAAuC,IAAI,cAAc,MAAM;AAAA,IACjE;AAAA,EACF;AAEA,MAAI,IAAI,KAAK,KAAK,IAAI,SAAS,eAAe;AAC5C;AAAA,EACF;AACA,QAAM,MAAM,IAAI,WAAW,IAAI,IAAI,QAAQ,MAAM;AACjD,MAAI,CAAC,IAAI,kBAAkB,IAAI,IAAI;AACnC,MAAI,IAAI,IAAI,SAAS,CAAC;AACtB,QAAM,WAAW,MAAM,OAAO,GAAG;AACjC,MAAI,CAAC,WAAW,UAAU,IAAI,YAAY,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAQA,eAAsB,6BACpB,KACA,WACe;AACf,MAAI,IAAI,IAAI,KAAK,IAAI,SAAS,cAAe;AAC7C,QAAM,WAAW,MAAM,OAAO,SAAS;AACvC,MAAI,CAAC,WAAW,UAAU,IAAI,YAAY,GAAG;AAC3C,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAQO,SAAS,WAAW,aAAiD;AAC1E,MAAI,CAAC,YAAa,QAAO;AACzB,QAAM,UAAU,YAAY,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,EAAE,YAAY,KAAK;AACnE,SACE,YAAY,qBACT,YAAY,qBACZ,YAAY,+BACZ,YAAY;AAEnB;;;AC1IO,IAAM,qBAAN,MAA8C;AAAA,EAKnD,YAAoB,KAAwB;AAAxB;AAClB,SAAK,YAAY,IAAI,aAAa,WAAW,MAAM,KAAK,UAAU;AAClE,SAAK,WAAW;AAAA,EAClB;AAAA,EAHoB;AAAA,EAJZ,KAAuB;AAAA,EACvB,eAAe,oBAAI,IAAoC;AAAA,EACvD;AAAA,EAOA,aAAa;AACnB,QAAI,OAAO,cAAc,YAAa;AACtC,UAAM,MAAM,GAAG,KAAK,IAAI,QAAQ,QAAQ,SAAS,IAAI,CAAC;AACtD,SAAK,KAAK,IAAI,UAAU,GAAG;AAC3B,SAAK,GAAG,YAAY,CAAC,OAAO;AAE1B,YAAM,OAAO,OAAO,GAAG,SAAS,WAAW,GAAG,OAAO,IAAI,YAAY,EAAE,OAAO,GAAG,IAAmB;AACpG,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,MAAM,OAAO;AACpC,mBAAW,KAAK,KAAK,aAAc,GAAE,GAAG;AAAA,MAC1C,SAAS,GAAG;AACV,YAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,oCAAoC,CAAC;AAAA,MACzF;AAAA,IACF;AACA,SAAK,GAAG,UAAU,MAAM,WAAW,MAAM,KAAK,WAAW,GAAG,GAAI;AAAA,EAClE;AAAA,EAEA,MAAM,KAAK,UAA0C;AAInD,UAAM,MAAM,MAAM,KAAK,UAAU,GAAG,KAAK,IAAI,OAAO,SAAS;AAAA,MAC3D,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,CAAC,yBAAyB,GAAG;AAAA,QAC7B,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC;AAAA,MACtE;AAAA,MACA,MAAM,KAAK,UAAU,UAAU,QAAQ;AAAA,IACzC,CAAC;AACD,QAAI,IAAI,WAAW,IAAK,OAAM,IAAI,MAAM,eAAe;AACvD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,0BAA0B,IAAI,MAAM,EAAE;AAAA,EACrE;AAAA,EAEA,MAAM,WAAW,gBAAgC,QAAoB,OAA2C;AAC9G,UAAM,MAAM,IAAI,IAAI,GAAG,KAAK,IAAI,OAAO,OAAO;AAC9C,QAAI,aAAa,IAAI,QAAQ,MAAM,cAAc,CAAC;AAClD,QAAI,aAAa,IAAI,UAAU,QAAQ,MAAM,CAAC;AAC9C,QAAI,aAAa,IAAI,SAAS,OAAO,KAAK,CAAC;AAC3C,UAAM,MAAM,MAAM,KAAK,UAAU,IAAI,SAAS,GAAG;AAAA,MAC/C,SAAS,EAAE,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC,EAAG;AAAA,IACpF,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,2BAA2B,IAAI,MAAM,EAAE;AACpE,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,MAAM,OAAO;AAAA,EACjC;AAAA,EAEA,UAAU,SAAkE;AAC1E,SAAK,aAAa,IAAI,OAAO;AAC7B,WAAO,EAAE,aAAa,MAAM,KAAK,aAAa,OAAO,OAAO,EAAE;AAAA,EAChE;AAAA,EAEA,MAAM,gBAAgB,QAA6C;AACjE,UAAM,MAAM,MAAM,KAAK,UAAU,GAAG,KAAK,IAAI,OAAO,YAAY,MAAM,MAAM,CAAC,IAAI;AAAA,MAC/E,SAAS,EAAE,GAAI,KAAK,IAAI,aAAa,EAAE,eAAe,KAAK,IAAI,WAAW,IAAI,CAAC,EAAG;AAAA,IACpF,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,4BAA4B,IAAI,MAAM,EAAE;AACrE,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,MAAM,OAAO;AAAA,EACjC;AACF;AAUA,SAAS,SAAS,IAAY,GAAqB;AACjD,MAAI,aAAa,WAAY,QAAO,EAAE,QAAQ,MAAM,KAAK,CAAC,EAAE;AAC5D,SAAO;AACT;AACA,SAAS,QAAQ,IAAY,GAAqB;AAChD,MAAI,KAAK,OAAO,MAAM,YAAY,MAAM,QAAS,EAA4B,MAAM,GAAG;AACpF,WAAO,IAAI,WAAY,EAA2B,MAAM;AAAA,EAC1D;AACA,SAAO;AACT;AAEA,SAAS,MAAM,GAAuB;AACpC,MAAI,IAAI;AAAI,aAAW,KAAK,EAAG,MAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAG,SAAO;AAC9E;AACA,SAAS,QAAQ,GAAuB;AACtC,MAAI,IAAI;AAAI,aAAW,KAAK,EAAG,MAAK,OAAO,aAAa,CAAC;AACzD,SAAO,KAAK,CAAC,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,EAAE;AAC1E;;;AHtHA;AA8EO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,EACT,UAAU,oBAAI,IAA2E;AAAA,EACzF;AAAA,EACA;AAAA,EACA;AAAA,EACA,kBAAkB,oBAAI,IAAkC;AAAA,EACxD,uBAAuB,oBAAI,IAAoE;AAAA,EAC/F,eAA+C;AAAA,EAC/C,YAAY,oBAAI,IAA8B;AAAA;AAAA;AAAA;AAAA,EAI9C,cAAiC;AAAA,EAEjC,YAAY,KAAmB,QAAgB;AACrD,SAAK,SAAS;AACd,SAAK,UAAU,IAAI;AACnB,SAAK,YAAY,IAAI;AACrB,SAAK,MAAM,IAAI,QAAQ,MAAM,KAAK,IAAI;AACtC,SAAK,OAAO,YAAY,CAAC,OAAO,KAAK,aAAa,GAAG,IAAgB;AAAA,EACvE;AAAA;AAAA,EAGA,aAAa,mBAAwC;AACnD,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAoB,IAAI;AAAA,IAChC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAa,kBACX,QACA,cACqB;AACrB,QAAI,aAAa,WAAW,IAAI;AAC9B,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACpE;AACA,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,aAAa,kBACX,QACA,eACwB;AACxB,QAAI,cAAc,WAAW,IAAI;AAC/B,YAAM,IAAI,MAAM,mDAAmD;AAAA,IACrE;AACA,WAAO,iBAAgB,oBAAmC;AAAA,MACxD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,IAC5C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe,oBAAuB,KAA0B;AAC9D,UAAM,IAAI,IAAI,OAAO,IAAI,IAAI,eAAe,YAAY,GAAG,GAAG,EAAE,MAAM,SAAS,CAAC;AAChF,WAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,QAAE,YAAY,CAAC,OAAO;AACpB,cAAM,MAAM,GAAG;AACf,YAAI,IAAI,SAAS,YAAY,IAAI,OAAQ,IAAuB,IAAI;AAClE,YAAE,UAAU;AACZ,cAAI,KAAK,QAAQ,IAAI,KAAU,IAAI,OAAO,IAAI,MAAM,IAAI,KAAK,CAAC;AAAA,QAChE;AAAA,MACF;AACA,QAAE,YAAY,GAAG;AAAA,IACnB,CAAC;AAAA,EACH;AAAA,EAEA,aAAa,KAAK,KAA6C;AAC7D,UAAM,SAAS,IAAI,OAAO,IAAI,IAAI,eAAe,YAAY,GAAG,GAAG,EAAE,MAAM,SAAS,CAAC;AACrF,UAAM,SAAS,IAAI,iBAAgB,KAAK,MAAM;AAE9C,UAAM,OAAO,KAAK;AAAA,MAChB,MAAM;AAAA,MACN,IAAI,OAAO;AAAA,MACX,gBAAgB,IAAI;AAAA,MACpB,aAAa,IAAI;AAAA,MACjB,OAAO,OAAO,IAAI;AAAA,MAClB,GAAI,IAAI,yBACJ,EAAE,wBAAwB,IAAI,uBAAuB,IACrD,CAAC;AAAA,IACP,CAAC;AAGD,WAAO,cAAc,MAAM,OAAO,SAAS;AAO3C,WAAO,eAAe,IAAI,UAAU,UAAU,CAAC,aAAa;AAC1D,WAAK,OAAO,iBAAiB,QAAQ;AAAA,IACvC,CAAC;AACD,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,MAAc,iBAAiB,UAA0C;AAKvE,QAAI,KAAK,eAAe,YAAY,SAAS,eAAe,KAAK,WAAW,GAAG;AAC7E;AAAA,IACF;AACA,QAAI,SAAS,SAAS,WAAW;AAC/B,UAAI;AACF,cAAM,QAAQ,MAAM,KAAK,kBAAkB;AAC3C,cAAM,UAAU,MAAM,KAAK,CAAC,MAAM,YAAY,EAAE,IAAI,SAAS,eAAe,CAAC;AAC7E,YAAI,QAAS;AACb,cAAM,KAAK,iBAAiB,QAAQ;AAAA,MACtC,SAAS,GAAG;AAGV,YAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,+BAA+B,CAAC;AAAA,MACpF;AACA;AAAA,IACF;AACA,QAAI;AACF,YAAM,KAAK,gBAAgB,QAAQ;AAAA,IACrC,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,YAAa,SAAQ,MAAM,6BAA6B,CAAC;AAAA,IAClF;AAAA,EACF;AAAA;AAAA,EAIA,MAAM,SAA0B;AAC9B,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,UAAU,IAAI,KAAK,SAAS,CAAC;AAAA,EAC9D;AAAA,EAEA,MAAM,WAA8B;AAClC,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,YAAY,IAAI,KAAK,SAAS,CAAC;AAAA,EAChE;AAAA,EAEA,MAAM,kBAAuC;AAC3C,WAAO,MAAM,KAAK,KAAK,EAAE,MAAM,mBAAmB,IAAI,KAAK,SAAS,CAAC;AAAA,EACvE;AAAA,EAEA,MAAM,mBAAmB,OAA0B,CAAC,GAA0B;AAC5E,UAAM,UAAU,MAAM,KAAK,KAAK;AAAA,MAC9B,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MAAU,MAAM,KAAK,QAAQ;AAAA,MAAM,OAAO,KAAK,IAAI;AAAA,IAC1F,CAAC;AACD,WAAO,KAAK,kBAAkB,OAAO;AAAA,EACvC;AAAA,EAEA,MAAM,iBAAiB,SAAiD;AACtE,UAAM,UAAU,MAAM,KAAK,KAAK;AAAA,MAC9B,MAAM;AAAA,MAAoB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAS,OAAO,KAAK,IAAI;AAAA,IACxE,CAAC;AACD,WAAO,KAAK,kBAAkB,OAAO;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,gBAAgB,IAAkC;AAChD,WAAO,KAAK,kBAAkB,EAAE;AAAA,EAClC;AAAA,EAEA,MAAM,oBAAiD;AACrD,UAAM,QAAQ,MAAM,KAAK,KAAK,EAAE,MAAM,qBAAqB,IAAI,KAAK,SAAS,CAAC;AAC9E,SAAK,UAAU,MAAM;AACrB,eAAW,KAAK,MAAO,MAAK,UAAU,IAAI,IAAI,EAAE,EAAE,GAAG,CAAC;AACtD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,oBAAgD;AACpD,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAqB,IAAI,KAAK;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IAChE,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,gBAAgB,UAA4D;AAChF,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAmB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IACxE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,mBACJ,aACA,aACA,gBAAmC,CAAC,GACZ;AACxB,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MACrC;AAAA,MAAa;AAAA,MAAa;AAAA,MAAe,OAAO,KAAK,IAAI;AAAA,IAC3D,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAa,sBACX,eACqC;AACrC,QAAI,cAAc,WAAW,EAAG,QAAO;AACvC,WAAO,iBAAgB,oBAAyC;AAAA,MAC9D,MAAM;AAAA,MAAyB,IAAI;AAAA,MAAG;AAAA,IACxC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,qBAAqB,QAAsC;AAC/D,UAAM,KAAK,KAAK;AAAA,MACd,MAAM;AAAA,MAAwB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAQ,OAAO,KAAK,IAAI;AAAA,IAC3E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,yBAA0C;AACrD,WAAO,iBAAgB,oBAA4B;AAAA,MACjD,MAAM;AAAA,MAA0B,IAAI;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,wBAAwB,QAAiC;AACpE,WAAO,iBAAgB,oBAA4B;AAAA,MACjD,MAAM;AAAA,MAA2B,IAAI;AAAA,MAAG;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,cAAc,MAWH;AACtB,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAiB,IAAI;AAAA,MAC3B,gBAAgB,KAAK;AAAA,MACrB,WAAW,KAAK;AAAA,MAChB,gBAAgB,KAAK;AAAA,MACrB,qBAAqB,KAAK;AAAA,MAC1B,uBAAuB,KAAK,yBAAyB,CAAC;AAAA,MACtD,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA,EAIA,aAAa,cACX,MACA,gBACyB;AACzB,WAAO,iBAAgB,oBAAoC;AAAA,MACzD,MAAM;AAAA,MAAiB,IAAI;AAAA,MAAG;AAAA,MAAM;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,aAAa,kBACX,QACA,cACA,sBACqB;AACrB,WAAO,iBAAgB,oBAAgC;AAAA,MACrD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,MAAc;AAAA,IAC1D,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,aAAa,kBACX,QACA,eACA,mBACwB;AACxB,WAAO,iBAAgB,oBAAmC;AAAA,MACxD,MAAM;AAAA,MAAqB,IAAI;AAAA,MAAG;AAAA,MAAQ;AAAA,MAAe;AAAA,IAC3D,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiBA,MAAM,mBACJ,UACA,SAC6B;AAC7B,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAsB,IAAI,KAAK;AAAA,MACrC;AAAA,MAAU;AAAA,MAAS,OAAO,KAAK,IAAI;AAAA,IACrC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,aAAa,UAAgD;AACjE,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAgB,IAAI,KAAK;AAAA,MAAU;AAAA,MAAU,OAAO,KAAK,IAAI;AAAA,IACrE,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,gCAAgC,MAA2C;AAC/E,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAmC,IAAI,KAAK;AAAA,MAClD;AAAA,MAAM,OAAO,KAAK,IAAI;AAAA,IACxB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,oBAAoB,eAAoD;AAC5E,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAAuB,IAAI,KAAK;AAAA,MACtC;AAAA,MAAe,OAAO,KAAK,IAAI;AAAA,IACjC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,yBACJ,MACA,OACA,SACA,QACqB;AACrB,QAAI,UAAU,KAAK,SAAS,MAAM;AAChC,YAAM,IAAI,MAAM,mDAAmD;AAAA,IACrE;AACA,WAAO,MAAM,KAAK,KAAK;AAAA,MACrB,MAAM;AAAA,MAA4B,IAAI,KAAK;AAAA,MAC3C;AAAA,MAAM;AAAA,MAAO;AAAA,MAAS;AAAA,IACxB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,UAAU,SAAmD;AAC3D,SAAK,gBAAgB,IAAI,OAAO;AAChC,WAAO,MAAM,KAAK,gBAAgB,OAAO,OAAO;AAAA,EAClD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,sBAAsB,SAAqF;AACzG,SAAK,qBAAqB,IAAI,OAAO;AACrC,WAAO,MAAM,KAAK,qBAAqB,OAAO,OAAO;AAAA,EACvD;AAAA,EAEA,MAAM,QAAuB;AAC3B,SAAK,cAAc,YAAY;AAC/B,SAAK,OAAO,UAAU;AAAA,EACxB;AAAA;AAAA,EAIQ,kBAAkB,IAAkC;AAC1D,UAAM,OAAO;AACb,WAAO;AAAA,MACL;AAAA,MACA,MAAM,KAAK,WAAW;AACpB,eAAO,MAAM,KAAK,KAAK;AAAA,UACrB,MAAM;AAAA,UAAQ,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAW,OAAO,KAAK,IAAI;AAAA,QACxE,CAAC;AAAA,MACH;AAAA,MACA,MAAM,WAAW,SAAS;AACxB,cAAM,KAAK,KAAK;AAAA,UACd,MAAM;AAAA,UAAc,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAS,OAAO,KAAK,IAAI;AAAA,QAC5E,CAAC;AAAA,MACH;AAAA,MACA,MAAM,cAAc,QAAQ;AAC1B,cAAM,KAAK,KAAK;AAAA,UACd,MAAM;AAAA,UAAiB,IAAI,KAAK;AAAA,UAAU,MAAM;AAAA,UAAI;AAAA,UAAQ,OAAO,KAAK,IAAI;AAAA,QAC9E,CAAC;AAAA,MACH;AAAA,MACA,OAAO;AACL,cAAM,SAAS,KAAK,UAAU,IAAI,IAAI,EAAE,CAAC;AACzC,YAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,8DAA8D;AAC3F,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,KAAK,KAAgC;AAC3C,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAK,QAAQ,IAAK,IAAuB,IAAI,EAAE,SAAS,OAAO,CAAC;AAChE,WAAK,OAAO,YAAY,GAAG;AAAA,IAC7B,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,aAAa,KAAe;AACxC,YAAQ,IAAI,MAAM;AAAA,MAChB,KAAK,UAAU;AACb,cAAM,OAAO,KAAK,QAAQ,IAAI,IAAI,EAAE;AACpC,YAAI,CAAC,KAAM;AACX,aAAK,QAAQ,OAAO,IAAI,EAAE;AAC1B,YAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,KAAK,OAAO,IAAI,MAAM,IAAI,KAAK,CAAC;AACnE;AAAA,MACF;AAAA,MACA,KAAK,iBAAiB;AACpB,mBAAW,KAAK,KAAK,gBAAiB,GAAE,IAAI,GAAG;AAC/C;AAAA,MACF;AAAA,MACA,KAAK,sBAAsB;AACzB,mBAAW,KAAK,KAAK,qBAAsB,GAAE,IAAI,IAAI,IAAI,OAAO,IAAI,MAAM;AAC1E;AAAA,MACF;AAAA,MACA,KAAK,gBAAgB;AACnB,YAAI;AACF,gBAAM,IAAI,MAAO,KAAK,QACnB,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI;AAC5B,eAAK,OAAO,YAAY,EAAE,MAAM,iBAAiB,IAAI,IAAI,IAAI,IAAI,MAAM,OAAO,EAAE,CAAY;AAAA,QAC9F,SAAS,GAAG;AACV,eAAK,OAAO,YAAY;AAAA,YACtB,MAAM;AAAA,YAAiB,IAAI,IAAI;AAAA,YAAI,IAAI;AAAA,YAAO,OAAO,OAAO,CAAC;AAAA,UAC/D,CAAY;AAAA,QACd;AACA;AAAA,MACF;AAAA,MACA,KAAK,kBAAkB;AACrB,YAAI;AACF,gBAAM,IAAI,MAAO,KAAK,UACnB,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI;AAC5B,eAAK,OAAO,YAAY,EAAE,MAAM,mBAAmB,IAAI,IAAI,IAAI,IAAI,MAAM,OAAO,EAAE,CAAY;AAAA,QAChG,SAAS,GAAG;AACV,eAAK,OAAO,YAAY;AAAA,YACtB,MAAM;AAAA,YAAmB,IAAI,IAAI;AAAA,YAAI,IAAI;AAAA,YAAO,OAAO,OAAO,CAAC;AAAA,UACjE,CAAY;AAAA,QACd;AACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,IAAI,GAAuB;AAClC,MAAI,IAAI;AACR,aAAW,KAAK,EAAG,MAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AACtD,SAAO;AACT;AAEA,SAAS,YAAY,GAAe,GAAwB;AAC1D,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,IAAK,KAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAC7D,SAAO;AACT;","names":[]}

package/dist/index.d.cts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { M as MessageEnvelope, S as Storage, T as Transport, C as ConversationId, K as KeyPackageEntry, a as ConversationMeta, L as LinkingTicket, U as UserId, b as DeviceId, I as IncomingMessage, c as CatchupAppEvent, d as CatchupSnapshotView, R as RecoveryBackup, A as AdmitChatEntry, e as AdmitChatOutcome } from './types-CFo4skJI.cjs';
-export { B as Bytes, f as CatchupSnapshotEntry, g as DeviceInfo, D as DiscoveredDevice, H as Hlc, h as MessageKind } from './types-CFo4skJI.cjs';
+import { M as MessageEnvelope, S as Storage, T as Transport, C as ConversationId, K as KeyPackageEntry, a as ConversationMeta, L as LinkingTicket, U as UserId, b as DeviceId, I as IncomingMessage, c as CatchupAppEvent, d as CatchupSnapshotView, R as RecoveryBackup, H as HistoryBundle, A as AdmitChatEntry, e as AdmitChatOutcome } from './types-O6uxcX8f.cjs';
+export { B as Bytes, f as CatchupSnapshotEntry, g as DeviceInfo, D as DiscoveredDevice, h as HistoryAppEvent, i as Hlc, j as MessageKind } from './types-O6uxcX8f.cjs';
 export { IndexedDbStorage } from './storage/indexeddb.cjs';
 export { WebSocketTransport } from './transport/websocket.cjs';
@@ -203,6 +203,14 @@ declare class MessagingClient {
     /** Decrypt a recovery blob from `GET /v1/recovery/blobs`. Throws on wrong mnemonic or a
      *  tampered blob. The returned `identity_export` is the secret seed for `init`. */
     static decryptBackup(blob: Uint8Array, mnemonicPhrase: string): Promise<RecoveryBackup>;
+    /** Seal+sign a `HistoryBundle` for a recipient device. `recipientPub` (X25519, 32B) is the
+     *  recipient's ephemeral pubkey from the linking QR; `senderIdentitySecret` (Ed25519 seed,
+     *  32B) is this account's identity key. Returns the blob to POST to /v1/history-transfers. */
+    static sealHistoryBundle(bundle: HistoryBundle, recipientPub: Uint8Array, senderIdentitySecret: Uint8Array): Promise<Uint8Array>;
+    /** Open+verify a sealed history bundle. `recipientPriv` (X25519, 32B) is this device's
+     *  ephemeral private key; `senderIdentityPub` (Ed25519, 32B) is the account identity pubkey
+     *  from the linking handshake. Throws if the signature doesn't verify. */
+    static openHistoryBundle(sealed: Uint8Array, recipientPriv: Uint8Array, senderIdentityPub: Uint8Array): Promise<HistoryBundle>;
     /**
      * Admit a freshly-linked device to every chat in `entries` — one MLS
      * Commit + Welcome per chat, with the Welcome's `?recipient=` priming
@@ -285,4 +293,4 @@ declare class MessagingClient {
     private handleWorker;
 }
-export { AdmitChatEntry, AdmitChatOutcome, CONTENT_TYPE_CBOR, CONTENT_TYPE_CBOR_LEGACY_V1, CONTENT_TYPE_JSON, CONTENT_TYPE_JSON_LEGACY_V1, CatchupAppEvent, CatchupSnapshotView, type ClientConfig, type Conversation, ConversationId, ConversationMeta, DeviceId, IncomingMessage, KeyPackageEntry, LinkingTicket, MessageEnvelope, MessagingClient, PING_WIRE_CONTRACT_HEADER, PING_WIRE_CONTRACT_HEADER_VALUE, PING_WIRE_CONTRACT_VERSION, RecoveryBackup, Storage, Transport, UserId, ValidationError, WIRE_VERSION_MIN_ACCEPTED, negotiates, validate, verifyApplicationContentHash };
+export { AdmitChatEntry, AdmitChatOutcome, CONTENT_TYPE_CBOR, CONTENT_TYPE_CBOR_LEGACY_V1, CONTENT_TYPE_JSON, CONTENT_TYPE_JSON_LEGACY_V1, CatchupAppEvent, CatchupSnapshotView, type ClientConfig, type Conversation, ConversationId, ConversationMeta, DeviceId, HistoryBundle, IncomingMessage, KeyPackageEntry, LinkingTicket, MessageEnvelope, MessagingClient, PING_WIRE_CONTRACT_HEADER, PING_WIRE_CONTRACT_HEADER_VALUE, PING_WIRE_CONTRACT_VERSION, RecoveryBackup, Storage, Transport, UserId, ValidationError, WIRE_VERSION_MIN_ACCEPTED, negotiates, validate, verifyApplicationContentHash };

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { M as MessageEnvelope, S as Storage, T as Transport, C as ConversationId, K as KeyPackageEntry, a as ConversationMeta, L as LinkingTicket, U as UserId, b as DeviceId, I as IncomingMessage, c as CatchupAppEvent, d as CatchupSnapshotView, R as RecoveryBackup, A as AdmitChatEntry, e as AdmitChatOutcome } from './types-CFo4skJI.js';
-export { B as Bytes, f as CatchupSnapshotEntry, g as DeviceInfo, D as DiscoveredDevice, H as Hlc, h as MessageKind } from './types-CFo4skJI.js';
+import { M as MessageEnvelope, S as Storage, T as Transport, C as ConversationId, K as KeyPackageEntry, a as ConversationMeta, L as LinkingTicket, U as UserId, b as DeviceId, I as IncomingMessage, c as CatchupAppEvent, d as CatchupSnapshotView, R as RecoveryBackup, H as HistoryBundle, A as AdmitChatEntry, e as AdmitChatOutcome } from './types-O6uxcX8f.js';
+export { B as Bytes, f as CatchupSnapshotEntry, g as DeviceInfo, D as DiscoveredDevice, h as HistoryAppEvent, i as Hlc, j as MessageKind } from './types-O6uxcX8f.js';
 export { IndexedDbStorage } from './storage/indexeddb.js';
 export { WebSocketTransport } from './transport/websocket.js';
@@ -203,6 +203,14 @@ declare class MessagingClient {
     /** Decrypt a recovery blob from `GET /v1/recovery/blobs`. Throws on wrong mnemonic or a
      *  tampered blob. The returned `identity_export` is the secret seed for `init`. */
     static decryptBackup(blob: Uint8Array, mnemonicPhrase: string): Promise<RecoveryBackup>;
+    /** Seal+sign a `HistoryBundle` for a recipient device. `recipientPub` (X25519, 32B) is the
+     *  recipient's ephemeral pubkey from the linking QR; `senderIdentitySecret` (Ed25519 seed,
+     *  32B) is this account's identity key. Returns the blob to POST to /v1/history-transfers. */
+    static sealHistoryBundle(bundle: HistoryBundle, recipientPub: Uint8Array, senderIdentitySecret: Uint8Array): Promise<Uint8Array>;
+    /** Open+verify a sealed history bundle. `recipientPriv` (X25519, 32B) is this device's
+     *  ephemeral private key; `senderIdentityPub` (Ed25519, 32B) is the account identity pubkey
+     *  from the linking handshake. Throws if the signature doesn't verify. */
+    static openHistoryBundle(sealed: Uint8Array, recipientPriv: Uint8Array, senderIdentityPub: Uint8Array): Promise<HistoryBundle>;
     /**
      * Admit a freshly-linked device to every chat in `entries` — one MLS
      * Commit + Welcome per chat, with the Welcome's `?recipient=` priming
@@ -285,4 +293,4 @@ declare class MessagingClient {
     private handleWorker;
 }
-export { AdmitChatEntry, AdmitChatOutcome, CONTENT_TYPE_CBOR, CONTENT_TYPE_CBOR_LEGACY_V1, CONTENT_TYPE_JSON, CONTENT_TYPE_JSON_LEGACY_V1, CatchupAppEvent, CatchupSnapshotView, type ClientConfig, type Conversation, ConversationId, ConversationMeta, DeviceId, IncomingMessage, KeyPackageEntry, LinkingTicket, MessageEnvelope, MessagingClient, PING_WIRE_CONTRACT_HEADER, PING_WIRE_CONTRACT_HEADER_VALUE, PING_WIRE_CONTRACT_VERSION, RecoveryBackup, Storage, Transport, UserId, ValidationError, WIRE_VERSION_MIN_ACCEPTED, negotiates, validate, verifyApplicationContentHash };
+export { AdmitChatEntry, AdmitChatOutcome, CONTENT_TYPE_CBOR, CONTENT_TYPE_CBOR_LEGACY_V1, CONTENT_TYPE_JSON, CONTENT_TYPE_JSON_LEGACY_V1, CatchupAppEvent, CatchupSnapshotView, type ClientConfig, type Conversation, ConversationId, ConversationMeta, DeviceId, HistoryBundle, IncomingMessage, KeyPackageEntry, LinkingTicket, MessageEnvelope, MessagingClient, PING_WIRE_CONTRACT_HEADER, PING_WIRE_CONTRACT_HEADER_VALUE, PING_WIRE_CONTRACT_VERSION, RecoveryBackup, Storage, Transport, UserId, ValidationError, WIRE_VERSION_MIN_ACCEPTED, negotiates, validate, verifyApplicationContentHash };

package/dist/index.js CHANGED Viewed

@@ -512,6 +512,35 @@ var MessagingClient = class _MessagingClient {
       mnemonicPhrase
     });
   }
+  // ------------------------ Peer-assisted history transfer ------------------------
+  // Authenticated (sign-then-encrypt) device-to-device history used by linking and
+  // post-recovery peer re-add. Confidential to the recipient's ephemeral X25519 key AND
+  // signed by the account identity key, so the receiver proves the sender. Plaintext-only
+  // share — preserves forward secrecy (no MLS keys leave the device).
+  /** Seal+sign a `HistoryBundle` for a recipient device. `recipientPub` (X25519, 32B) is the
+   *  recipient's ephemeral pubkey from the linking QR; `senderIdentitySecret` (Ed25519 seed,
+   *  32B) is this account's identity key. Returns the blob to POST to /v1/history-transfers. */
+  static async sealHistoryBundle(bundle, recipientPub, senderIdentitySecret) {
+    return _MessagingClient.ephemeralWorkerCall({
+      kind: "sealHistoryBundle",
+      id: 1,
+      bundle,
+      recipientPub,
+      senderIdentitySecret
+    });
+  }
+  /** Open+verify a sealed history bundle. `recipientPriv` (X25519, 32B) is this device's
+   *  ephemeral private key; `senderIdentityPub` (Ed25519, 32B) is the account identity pubkey
+   *  from the linking handshake. Throws if the signature doesn't verify. */
+  static async openHistoryBundle(sealed, recipientPriv, senderIdentityPub) {
+    return _MessagingClient.ephemeralWorkerCall({
+      kind: "openHistoryBundle",
+      id: 1,
+      sealed,
+      recipientPriv,
+      senderIdentityPub
+    });
+  }
   /**
    * Admit a freshly-linked device to every chat in `entries` — one MLS
    * Commit + Welcome per chat, with the Welcome's `?recipient=` priming