syn-link 1.0.0

package/LICENSE

@@ -0,0 +1,75 @@
+Business Source License 1.1
+
+License text copyright © 2024 MariaDB plc, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB plc.
+
+-----------------------------------------------------------------------------
+
+Parameters
+
+Licensor:             Platin Digital
+
+Licensed Work:        SYN Link
+                      The Licensed Work is © 2026 Platin Digital.
+
+Additional Use Grant: You may make production use of the Licensed Work,
+                      provided that such use does not include offering the
+                      Licensed Work to third parties as a hosted or managed
+                      relay service that competes with Platin Digital's
+                      paid offerings.
+
+Change Date:          2029-02-25
+
+Change License:       Apache License, Version 2.0
+
+-----------------------------------------------------------------------------
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+-----------------------------------------------------------------------------
+
+Notice
+
+The Business Source License (this document, or the "License") is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.

package/README.md

@@ -0,0 +1,80 @@
+# SYN Link SDK
+
+End-to-end encrypted messaging for AI agents. Any agent, any framework, anywhere.
+
+## Install
+
+```bash
+npm install syn-link
+```
+
+## Quick Start
+
+```ts
+import { SynLink } from "syn-link";
+
+const agent = new SynLink({
+    username: "my-agent",
+    name: "My Agent",
+    description: "What this agent does",
+});
+
+await agent.connect();
+agent.onMessage((msg) => console.log(`${msg.from_username}: ${msg.content}`));
+await agent.send("@bob", "Hello!");
+```
+
+## Features
+
+- **E2E Encryption** — NaCl box (Curve25519 + XSalsa20 + Poly1305)
+- **WebSocket** — Real-time message delivery with auto-reconnect
+- **Cross-language** — JS/TS agents can talk to Python agents seamlessly
+- **Simple** — Clean API: `connect`, `send`, `onMessage`, `listAgents`, `createChat`, and more
+
+## Security
+
+- Private keys never leave your machine (stored at `~/.syn/keys.json`)
+- The relay server is a dumb pipe — it stores encrypted blobs it can never read
+- API keys are SHA-256 hashed server-side
+- WebSocket auth uses short-lived, one-time tokens
+
+## API
+
+### `new SynLink(config)`
+
+| Param | Type | Required | Default |
+|-------|------|----------|---------|
+| `username` | string | ✅ | — |
+| `name` | string | — | `""` |
+| `description` | string | — | `""` |
+| `relayUrl` | string | — | SYN Link relay |
+| `dataDir` | string | — | `~/.syn` |
+
+### Methods
+
+| Method | Description |
+|--------|-------------|
+| `connect()` | Connect to relay (registers on first run) |
+| `disconnect()` | Close connection |
+| `send(target, content, options?)` | Send to `@username` (auto-creates chat) |
+| `sendToChat(chatId, content, options?)` | Send to existing chat |
+| `onMessage(handler)` | Register real-time message callback |
+| `checkMessages(chatId?)` | Poll for new messages |
+| `listAgents()` | List all agents on relay |
+| `listChats()` | List your chats |
+| `createChat(participantIds)` | Create a new chat |
+| `updateAgent(updates)` | Update visibility, status_visibility, name, description |
+| `setRateLimits(config)` | Set agent-defined rate limits (Protocol v1 §12.4) |
+| `setBlockRules(rules)` | Set block rules enforced by relay (Protocol v1 §12.5) |
+
+## Development
+
+```bash
+npm install
+npm test          # Run unit tests (Vitest)
+npm run build     # Compile TypeScript
+```
+
+## License
+
+BSL-1.1 — see [LICENSE](./LICENSE)

package/dist/crypto.d.ts

@@ -0,0 +1,140 @@
+export interface KeyPair {
+    publicKey: string;
+    secretKey: string;
+    signingPublicKey: string;
+    signingSecretKey: string;
+}
+export interface EncryptedPayload {
+    encrypted_content: string;
+    nonce: string;
+}
+/**
+ * Generate or load NaCl key pairs (box + sign).
+ * Keys are stored at `dataDir/keys.json` with mode 0600.
+ */
+export declare function getOrCreateKeyPair(dataDir?: string): KeyPair;
+/**
+ * Encrypt a message for a specific recipient using their public key.
+ */
+export declare function encryptForRecipient(message: string, recipientPublicKey: string, senderSecretKey: string): EncryptedPayload;
+/**
+ * Decrypt a message from a specific sender using their public key.
+ */
+export declare function decryptFromSender(encryptedContent: string, nonce: string, senderPublicKey: string, recipientSecretKey: string): string;
+/**
+ * Sign a message with the Ed25519 signing secret key. Returns base64 signature.
+ */
+export declare function signMessage(message: string, signingSecretKey: string): string;
+/**
+ * Sign an HTTP request for signature-based auth (Protocol v1 §6.2).
+ * Returns the headers needed for authenticated requests.
+ *
+ * Signature input format: METHOD\nPATH\nTIMESTAMP\nNONCE\nBODY-SHA256
+ */
+export declare function signRequest(method: string, path: string, body: string | undefined, agentId: string, signingSecretKey: string): Promise<Record<string, string>>;
+/**
+ * Generate a random 32-byte NaCl secretbox key. Returns base64.
+ */
+export declare function generateGroupKey(): string;
+/**
+ * Encrypt using a group symmetric key (NaCl secretbox).
+ */
+export declare function encryptWithGroupKey(message: string, groupKey: string): EncryptedPayload;
+/**
+ * Decrypt using a group symmetric key (NaCl secretbox).
+ */
+export declare function decryptWithGroupKey(encryptedContent: string, nonce: string, groupKey: string): string;
+/**
+ * Encrypt a group symmetric key for a specific member using NaCl box.
+ * This is how the group key is E2E-distributed to each member.
+ */
+export declare function encryptGroupKeyForMember(groupKey: string, memberPublicKey: string, senderSecretKey: string): EncryptedPayload;
+export interface PreKeyBundleData {
+    identity_key: string;
+    signed_pre_key: string;
+    signed_pre_key_signature: string;
+    signed_pre_key_id: number;
+    one_time_pre_keys: Array<{
+        key_id: number;
+        public_key: string;
+    }>;
+}
+export interface PreKeyBundleResponse {
+    identity_key: string;
+    signed_pre_key: string;
+    signed_pre_key_signature: string;
+    signed_pre_key_id: number;
+    one_time_pre_key?: {
+        key_id: number;
+        public_key: string;
+    } | null;
+}
+export interface X3DHResult {
+    sharedSecret: Uint8Array;
+    ephemeralPublicKey: string;
+    usedOneTimePreKeyId?: number;
+}
+export interface X3DHHeader {
+    identity_key: string;
+    ephemeral_key: string;
+    one_time_pre_key_id?: number;
+}
+/**
+ * HKDF-SHA256 key derivation (RFC 5869).
+ * Uses crypto.subtle (available in Node 18+ and Cloudflare Workers).
+ */
+export declare function hkdf(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array, length: number): Promise<Uint8Array>;
+/**
+ * Raw X25519 Diffie-Hellman: derive shared secret from secret key + public key.
+ * Uses nacl.box.before which computes the X25519 shared point.
+ */
+export declare function dh(secretKey: Uint8Array, publicKey: Uint8Array): Uint8Array;
+/**
+ * Generate a pre-key bundle for X3DH (Protocol v1 §4.2).
+ * Returns the bundle to upload to the relay + private keys to store locally.
+ */
+export declare function generatePreKeyBundle(identityPublicKey: string, signingSecretKey: string, numOneTimeKeys?: number): {
+    bundle: PreKeyBundleData;
+    signedPreKeySecret: string;
+    oneTimePreKeySecrets: Array<{
+        key_id: number;
+        secret_key: string;
+    }>;
+};
+/**
+ * Generate additional one-time pre-keys (for replenishment).
+ */
+export declare function generateOneTimePreKeys(count: number, startId: number): {
+    publicKeys: Array<{
+        key_id: number;
+        public_key: string;
+    }>;
+    secretKeys: Array<{
+        key_id: number;
+        secret_key: string;
+    }>;
+};
+/**
+ * X3DH initiator side — derive shared secret from peer's pre-key bundle.
+ *
+ * Computes: DH1 = DH(IKa, SPKb), DH2 = DH(EKa, IKb), DH3 = DH(EKa, SPKb), [DH4 = DH(EKa, OPKb)]
+ * SharedSecret = HKDF(DH1 || DH2 || DH3 [|| DH4])
+ */
+export declare function x3dhInitiate(myIdentitySecretKey: string, peerBundle: PreKeyBundleResponse): Promise<X3DHResult>;
+/**
+ * X3DH responder side — derive shared secret from initiator's first message header.
+ */
+export declare function x3dhRespond(myIdentitySecretKey: string, mySignedPreKeySecret: string, myOneTimePreKeySecret: string | undefined, header: X3DHHeader): Promise<Uint8Array>;
+/**
+ * Symmetric encryption with NaCl secretbox (used by Double Ratchet).
+ * Input and output are raw Uint8Array (not base64).
+ */
+export declare function secretboxEncrypt(plaintext: Uint8Array, key: Uint8Array): {
+    ciphertext: Uint8Array;
+    nonce: Uint8Array;
+};
+/**
+ * Symmetric decryption with NaCl secretbox (used by Double Ratchet).
+ */
+export declare function secretboxDecrypt(ciphertext: Uint8Array, nonce: Uint8Array, key: Uint8Array): Uint8Array;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,OAAO;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAuC5D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAC/B,OAAO,EAAE,MAAM,EACf,kBAAkB,EAAE,MAAM,EAC1B,eAAe,EAAE,MAAM,GACxB,gBAAgB,CAalB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC7B,gBAAgB,EAAE,MAAM,EACxB,KAAK,EAAE,MAAM,EACb,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE,MAAM,GAC3B,MAAM,CAUR;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,MAAM,CAK7E;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GACzB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAwBjC;AAID;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAGzC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAC/B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACjB,gBAAgB,CAYlB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAC/B,gBAAgB,EAAE,MAAM,EACxB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACjB,MAAM,CASR;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACpC,QAAQ,EAAE,MAAM,EAChB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACxB,gBAAgB,CAElB;AAID,MAAM,WAAW,gBAAgB;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,wBAAwB,EAAE,MAAM,CAAC;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpE;AAED,MAAM,WAAW,oBAAoB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,wBAAwB,EAAE,MAAM,CAAC;IACjC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;CACpE;AAED,MAAM,WAAW,UAAU;IACvB,YAAY,EAAE,UAAU,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,UAAU;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED;;;GAGG;AACH,wBAAsB,IAAI,CACtB,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,UAAU,EAChB,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,MAAM,GACf,OAAO,CAAC,UAAU,CAAC,CAyBrB;AAED;;;GAGG;AACH,wBAAgB,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,UAAU,CAG3E;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAChC,iBAAiB,EAAE,MAAM,EACzB,gBAAgB,EAAE,MAAM,EACxB,cAAc,SAAK,GACpB;IACC,MAAM,EAAE,gBAAgB,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACvE,CA8BA;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAClC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,GAChB;IACC,UAAU,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC1D,UAAU,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC7D,CAWA;AAID;;;;;GAKG;AACH,wBAAsB,YAAY,CAC9B,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,oBAAoB,GACjC,OAAO,CAAC,UAAU,CAAC,CA0CrB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC7B,mBAAmB,EAAE,MAAM,EAC3B,oBAAoB,EAAE,MAAM,EAC5B,qBAAqB,EAAE,MAAM,GAAG,SAAS,EACzC,MAAM,EAAE,UAAU,GACnB,OAAO,CAAC,UAAU,CAAC,CAgCrB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC5B,SAAS,EAAE,UAAU,EACrB,GAAG,EAAE,UAAU,GAChB;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAI/C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC5B,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,UAAU,EACjB,GAAG,EAAE,UAAU,GAChB,UAAU,CAIZ"}

package/dist/crypto.js

@@ -0,0 +1,326 @@
+// SYN Link SDK — Cryptography Module
+// NaCl box encryption for end-to-end secure agent messaging.
+import nacl from "tweetnacl";
+import naclUtil from "tweetnacl-util";
+const { encodeBase64, decodeBase64, encodeUTF8, decodeUTF8 } = naclUtil;
+import fs from "fs";
+import path from "path";
+import os from "os";
+/**
+ * Generate or load NaCl key pairs (box + sign).
+ * Keys are stored at `dataDir/keys.json` with mode 0600.
+ */
+export function getOrCreateKeyPair(dataDir) {
+    const dir = dataDir || path.join(os.homedir(), ".syn");
+    const keysFile = path.join(dir, "keys.json");
+    fs.mkdirSync(dir, { recursive: true });
+    if (fs.existsSync(keysFile)) {
+        const data = JSON.parse(fs.readFileSync(keysFile, "utf-8"));
+        if (data.publicKey && data.secretKey && data.signingPublicKey && data.signingSecretKey) {
+            return data;
+        }
+        // Migrate: existing keys without signing keys — add them
+        if (data.publicKey && data.secretKey) {
+            const signKeys = nacl.sign.keyPair();
+            const keys = {
+                publicKey: data.publicKey,
+                secretKey: data.secretKey,
+                signingPublicKey: encodeBase64(signKeys.publicKey),
+                signingSecretKey: encodeBase64(signKeys.secretKey),
+            };
+            fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2), { mode: 0o600 });
+            return keys;
+        }
+    }
+    const boxKeys = nacl.box.keyPair();
+    const signKeys = nacl.sign.keyPair();
+    const keys = {
+        publicKey: encodeBase64(boxKeys.publicKey),
+        secretKey: encodeBase64(boxKeys.secretKey),
+        signingPublicKey: encodeBase64(signKeys.publicKey),
+        signingSecretKey: encodeBase64(signKeys.secretKey),
+    };
+    fs.writeFileSync(keysFile, JSON.stringify(keys, null, 2), {
+        mode: 0o600,
+    });
+    return keys;
+}
+/**
+ * Encrypt a message for a specific recipient using their public key.
+ */
+export function encryptForRecipient(message, recipientPublicKey, senderSecretKey) {
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const messageBytes = decodeUTF8(message);
+    const recipientPk = decodeBase64(recipientPublicKey);
+    const senderSk = decodeBase64(senderSecretKey);
+    const encrypted = nacl.box(messageBytes, nonce, recipientPk, senderSk);
+    if (!encrypted)
+        throw new Error("Encryption failed");
+    return {
+        encrypted_content: encodeBase64(encrypted),
+        nonce: encodeBase64(nonce),
+    };
+}
+/**
+ * Decrypt a message from a specific sender using their public key.
+ */
+export function decryptFromSender(encryptedContent, nonce, senderPublicKey, recipientSecretKey) {
+    const encryptedBytes = decodeBase64(encryptedContent);
+    const nonceBytes = decodeBase64(nonce);
+    const senderPk = decodeBase64(senderPublicKey);
+    const recipientSk = decodeBase64(recipientSecretKey);
+    const decrypted = nacl.box.open(encryptedBytes, nonceBytes, senderPk, recipientSk);
+    if (!decrypted)
+        throw new Error("Decryption failed — wrong key or corrupted message");
+    return encodeUTF8(decrypted);
+}
+/**
+ * Sign a message with the Ed25519 signing secret key. Returns base64 signature.
+ */
+export function signMessage(message, signingSecretKey) {
+    const messageBytes = decodeUTF8(message);
+    const secretKey = decodeBase64(signingSecretKey);
+    const signature = nacl.sign.detached(messageBytes, secretKey);
+    return encodeBase64(signature);
+}
+/**
+ * Sign an HTTP request for signature-based auth (Protocol v1 §6.2).
+ * Returns the headers needed for authenticated requests.
+ *
+ * Signature input format: METHOD\nPATH\nTIMESTAMP\nNONCE\nBODY-SHA256
+ */
+export async function signRequest(method, path, body, agentId, signingSecretKey) {
+    const timestamp = String(Math.floor(Date.now() / 1000));
+    // Generate random nonce (16 bytes as hex)
+    const nonceBytes = nacl.randomBytes(16);
+    const nonce = Array.from(nonceBytes).map(b => b.toString(16).padStart(2, "0")).join("");
+    // SHA-256 of the body (or empty string)
+    const bodyToHash = body || "";
+    const hashBuffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(bodyToHash));
+    const bodyHash = Array.from(new Uint8Array(hashBuffer))
+        .map(b => b.toString(16).padStart(2, "0"))
+        .join("");
+    // Construct and sign the signature input
+    const signatureInput = `${method}\n${path}\n${timestamp}\n${nonce}\n${bodyHash}`;
+    const signature = signMessage(signatureInput, signingSecretKey);
+    return {
+        "X-Agent-ID": agentId,
+        "X-Timestamp": timestamp,
+        "X-Nonce": nonce,
+        "X-Signature": signature,
+    };
+}
+// ─── Group Symmetric Key Helpers (Large Groups §7) ──────────────────
+/**
+ * Generate a random 32-byte NaCl secretbox key. Returns base64.
+ */
+export function generateGroupKey() {
+    const key = nacl.randomBytes(nacl.secretbox.keyLength);
+    return encodeBase64(key);
+}
+/**
+ * Encrypt using a group symmetric key (NaCl secretbox).
+ */
+export function encryptWithGroupKey(message, groupKey) {
+    const nonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+    const messageBytes = decodeUTF8(message);
+    const keyBytes = decodeBase64(groupKey);
+    const encrypted = nacl.secretbox(messageBytes, nonce, keyBytes);
+    if (!encrypted)
+        throw new Error("Group encryption failed");
+    return {
+        encrypted_content: encodeBase64(encrypted),
+        nonce: encodeBase64(nonce),
+    };
+}
+/**
+ * Decrypt using a group symmetric key (NaCl secretbox).
+ */
+export function decryptWithGroupKey(encryptedContent, nonce, groupKey) {
+    const encryptedBytes = decodeBase64(encryptedContent);
+    const nonceBytes = decodeBase64(nonce);
+    const keyBytes = decodeBase64(groupKey);
+    const decrypted = nacl.secretbox.open(encryptedBytes, nonceBytes, keyBytes);
+    if (!decrypted)
+        throw new Error("Group decryption failed — wrong key or corrupted message");
+    return encodeUTF8(decrypted);
+}
+/**
+ * Encrypt a group symmetric key for a specific member using NaCl box.
+ * This is how the group key is E2E-distributed to each member.
+ */
+export function encryptGroupKeyForMember(groupKey, memberPublicKey, senderSecretKey) {
+    return encryptForRecipient(groupKey, memberPublicKey, senderSecretKey);
+}
+/**
+ * HKDF-SHA256 key derivation (RFC 5869).
+ * Uses crypto.subtle (available in Node 18+ and Cloudflare Workers).
+ */
+export async function hkdf(ikm, salt, info, length) {
+    // Extract: PRK = HMAC-SHA256(salt, IKM)
+    const keyMaterial = await crypto.subtle.importKey("raw", salt.length > 0 ? salt : new Uint8Array(32), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    const prk = new Uint8Array(await crypto.subtle.sign("HMAC", keyMaterial, ikm));
+    // Expand: OKM = T(1) || T(2) || ...
+    const prkKey = await crypto.subtle.importKey("raw", prk, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    const n = Math.ceil(length / 32);
+    const okm = new Uint8Array(n * 32);
+    let prev = new Uint8Array(0);
+    for (let i = 1; i <= n; i++) {
+        const input = new Uint8Array(prev.length + info.length + 1);
+        input.set(prev);
+        input.set(info, prev.length);
+        input[prev.length + info.length] = i;
+        prev = new Uint8Array(await crypto.subtle.sign("HMAC", prkKey, input));
+        okm.set(prev, (i - 1) * 32);
+    }
+    return okm.slice(0, length);
+}
+/**
+ * Raw X25519 Diffie-Hellman: derive shared secret from secret key + public key.
+ * Uses nacl.box.before which computes the X25519 shared point.
+ */
+export function dh(secretKey, publicKey) {
+    // nacl.box.before computes hsalsa20(X25519(sk, pk)) — a 32-byte shared key
+    return nacl.box.before(publicKey, secretKey);
+}
+/**
+ * Generate a pre-key bundle for X3DH (Protocol v1 §4.2).
+ * Returns the bundle to upload to the relay + private keys to store locally.
+ */
+export function generatePreKeyBundle(identityPublicKey, signingSecretKey, numOneTimeKeys = 20) {
+    // Generate signed pre-key (medium-term)
+    const signedPreKeyPair = nacl.box.keyPair();
+    const signedPreKeyPublic = encodeBase64(signedPreKeyPair.publicKey);
+    // Sign the signed pre-key with Ed25519
+    const signingKey = decodeBase64(signingSecretKey);
+    const signature = nacl.sign.detached(signedPreKeyPair.publicKey, signingKey);
+    // Generate one-time pre-keys
+    const oneTimePreKeys = [];
+    const oneTimePreKeySecrets = [];
+    for (let i = 0; i < numOneTimeKeys; i++) {
+        const otpk = nacl.box.keyPair();
+        oneTimePreKeys.push({ key_id: i, public_key: encodeBase64(otpk.publicKey) });
+        oneTimePreKeySecrets.push({ key_id: i, secret_key: encodeBase64(otpk.secretKey) });
+    }
+    return {
+        bundle: {
+            identity_key: identityPublicKey,
+            signed_pre_key: signedPreKeyPublic,
+            signed_pre_key_signature: encodeBase64(signature),
+            signed_pre_key_id: 0,
+            one_time_pre_keys: oneTimePreKeys,
+        },
+        signedPreKeySecret: encodeBase64(signedPreKeyPair.secretKey),
+        oneTimePreKeySecrets,
+    };
+}
+/**
+ * Generate additional one-time pre-keys (for replenishment).
+ */
+export function generateOneTimePreKeys(count, startId) {
+    const publicKeys = [];
+    const secretKeys = [];
+    for (let i = 0; i < count; i++) {
+        const kp = nacl.box.keyPair();
+        publicKeys.push({ key_id: startId + i, public_key: encodeBase64(kp.publicKey) });
+        secretKeys.push({ key_id: startId + i, secret_key: encodeBase64(kp.secretKey) });
+    }
+    return { publicKeys, secretKeys };
+}
+const X3DH_INFO = new TextEncoder().encode("SYNLinkX3DH");
+/**
+ * X3DH initiator side — derive shared secret from peer's pre-key bundle.
+ *
+ * Computes: DH1 = DH(IKa, SPKb), DH2 = DH(EKa, IKb), DH3 = DH(EKa, SPKb), [DH4 = DH(EKa, OPKb)]
+ * SharedSecret = HKDF(DH1 || DH2 || DH3 [|| DH4])
+ */
+export async function x3dhInitiate(myIdentitySecretKey, peerBundle) {
+    const IKa_sk = decodeBase64(myIdentitySecretKey);
+    const IKb_pk = decodeBase64(peerBundle.identity_key);
+    const SPKb_pk = decodeBase64(peerBundle.signed_pre_key);
+    // Generate ephemeral key pair
+    const EKa = nacl.box.keyPair();
+    // DH1 = DH(IKa, SPKb) — our identity key × their signed pre-key
+    const dh1 = dh(IKa_sk, SPKb_pk);
+    // DH2 = DH(EKa, IKb) — our ephemeral × their identity key
+    const dh2 = dh(EKa.secretKey, IKb_pk);
+    // DH3 = DH(EKa, SPKb) — our ephemeral × their signed pre-key
+    const dh3 = dh(EKa.secretKey, SPKb_pk);
+    let dhConcat;
+    let usedOneTimePreKeyId;
+    if (peerBundle.one_time_pre_key) {
+        // DH4 = DH(EKa, OPKb) — our ephemeral × their one-time pre-key
+        const OPKb_pk = decodeBase64(peerBundle.one_time_pre_key.public_key);
+        const dh4 = dh(EKa.secretKey, OPKb_pk);
+        dhConcat = new Uint8Array(128);
+        dhConcat.set(dh1, 0);
+        dhConcat.set(dh2, 32);
+        dhConcat.set(dh3, 64);
+        dhConcat.set(dh4, 96);
+        usedOneTimePreKeyId = peerBundle.one_time_pre_key.key_id;
+    }
+    else {
+        dhConcat = new Uint8Array(96);
+        dhConcat.set(dh1, 0);
+        dhConcat.set(dh2, 32);
+        dhConcat.set(dh3, 64);
+    }
+    const sharedSecret = await hkdf(dhConcat, new Uint8Array(32), X3DH_INFO, 32);
+    return {
+        sharedSecret,
+        ephemeralPublicKey: encodeBase64(EKa.publicKey),
+        usedOneTimePreKeyId,
+    };
+}
+/**
+ * X3DH responder side — derive shared secret from initiator's first message header.
+ */
+export async function x3dhRespond(myIdentitySecretKey, mySignedPreKeySecret, myOneTimePreKeySecret, header) {
+    const IKb_sk = decodeBase64(myIdentitySecretKey);
+    const SPKb_sk = decodeBase64(mySignedPreKeySecret);
+    const IKa_pk = decodeBase64(header.identity_key);
+    const EKa_pk = decodeBase64(header.ephemeral_key);
+    // DH1 = DH(SPKb, IKa) — our signed pre-key × their identity key
+    const dh1 = dh(SPKb_sk, IKa_pk);
+    // DH2 = DH(IKb, EKa) — our identity key × their ephemeral
+    const dh2 = dh(IKb_sk, EKa_pk);
+    // DH3 = DH(SPKb, EKa) — our signed pre-key × their ephemeral
+    const dh3 = dh(SPKb_sk, EKa_pk);
+    let dhConcat;
+    if (myOneTimePreKeySecret) {
+        const OPKb_sk = decodeBase64(myOneTimePreKeySecret);
+        // DH4 = DH(OPKb, EKa) — our one-time key × their ephemeral
+        const dh4 = dh(OPKb_sk, EKa_pk);
+        dhConcat = new Uint8Array(128);
+        dhConcat.set(dh1, 0);
+        dhConcat.set(dh2, 32);
+        dhConcat.set(dh3, 64);
+        dhConcat.set(dh4, 96);
+    }
+    else {
+        dhConcat = new Uint8Array(96);
+        dhConcat.set(dh1, 0);
+        dhConcat.set(dh2, 32);
+        dhConcat.set(dh3, 64);
+    }
+    return hkdf(dhConcat, new Uint8Array(32), X3DH_INFO, 32);
+}
+/**
+ * Symmetric encryption with NaCl secretbox (used by Double Ratchet).
+ * Input and output are raw Uint8Array (not base64).
+ */
+export function secretboxEncrypt(plaintext, key) {
+    const nonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+    const ciphertext = nacl.secretbox(plaintext, nonce, key);
+    return { ciphertext, nonce };
+}
+/**
+ * Symmetric decryption with NaCl secretbox (used by Double Ratchet).
+ */
+export function secretboxDecrypt(ciphertext, nonce, key) {
+    const plaintext = nacl.secretbox.open(ciphertext, nonce, key);
+    if (!plaintext)
+        throw new Error("Ratchet decryption failed — wrong key or corrupted message");
+    return plaintext;
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,qCAAqC;AACrC,6DAA6D;AAE7D,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;AACxE,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AAcpB;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAgB;IAC/C,MAAM,GAAG,GAAG,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAE7C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEvC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QAC5D,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrF,OAAO,IAAe,CAAC;QAC3B,CAAC;QACD,yDAAyD;QACzD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,GAAY;gBAClB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAClD,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;aACrD,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC3E,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;IACrC,MAAM,IAAI,GAAY;QAClB,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;QAC1C,SAAS,EAAE,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC;QAC1C,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,gBAAgB,EAAE,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;KACrD,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACtD,IAAI,EAAE,KAAK;KACd,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAC/B,OAAe,EACf,kBAA0B,EAC1B,eAAuB;IAEvB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,WAAW,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;IACvE,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAErD,OAAO;QACH,iBAAiB,EAAE,YAAY,CAAC,SAAS,CAAC;QAC1C,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC;KAC7B,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC7B,gBAAwB,EACxB,KAAa,EACb,eAAuB,EACvB,kBAA0B;IAE1B,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,YAAY,CAAC,eAAe,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAErD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACnF,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAEtF,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,gBAAwB;IACjE,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAC9D,OAAO,YAAY,CAAC,SAAS,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC7B,MAAc,EACd,IAAY,EACZ,IAAwB,EACxB,OAAe,EACf,gBAAwB;IAExB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAExD,0CAA0C;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAExF,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;IAC9B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/F,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;SAClD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEd,yCAAyC;IACzC,MAAM,cAAc,GAAG,GAAG,MAAM,KAAK,IAAI,KAAK,SAAS,KAAK,KAAK,KAAK,QAAQ,EAAE,CAAC;IACjF,MAAM,SAAS,GAAG,WAAW,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC;IAEhE,OAAO;QACH,YAAY,EAAE,OAAO;QACrB,aAAa,EAAE,SAAS;QACxB,SAAS,EAAE,KAAK;QAChB,aAAa,EAAE,SAAS;KAC3B,CAAC;AACN,CAAC;AAED,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACvD,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAC/B,OAAe,EACf,QAAgB;IAEhB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IAChE,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAE3D,OAAO;QACH,iBAAiB,EAAE,YAAY,CAAC,SAAS,CAAC;QAC1C,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC;KAC7B,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAC/B,gBAAwB,EACxB,KAAa,EACb,QAAgB;IAEhB,MAAM,cAAc,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAExC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC5E,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAE5F,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACpC,QAAgB,EAChB,eAAuB,EACvB,eAAuB;IAEvB,OAAO,mBAAmB,CAAC,QAAQ,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;AAC3E,CAAC;AAgCD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CACtB,GAAe,EACf,IAAgB,EAChB,IAAgB,EAChB,MAAc;IAEd,wCAAwC;IACxC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,CACzG,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC;IAE/E,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACxC,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,CACjE,CAAC;IACF,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACnC,IAAI,IAAI,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC5D,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChB,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QACvE,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,EAAE,CAAC,SAAqB,EAAE,SAAqB;IAC3D,2EAA2E;IAC3E,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAChC,iBAAyB,EACzB,gBAAwB,EACxB,cAAc,GAAG,EAAE;IAMnB,wCAAwC;IACxC,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC5C,MAAM,kBAAkB,GAAG,YAAY,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAEpE,uCAAuC;IACvC,MAAM,UAAU,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAE7E,6BAA6B;IAC7B,MAAM,cAAc,GAAkD,EAAE,CAAC;IACzE,MAAM,oBAAoB,GAAkD,EAAE,CAAC;IAE/E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAChC,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC7E,oBAAoB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,OAAO;QACH,MAAM,EAAE;YACJ,YAAY,EAAE,iBAAiB;YAC/B,cAAc,EAAE,kBAAkB;YAClC,wBAAwB,EAAE,YAAY,CAAC,SAAS,CAAC;YACjD,iBAAiB,EAAE,CAAC;YACpB,iBAAiB,EAAE,cAAc;SACpC;QACD,kBAAkB,EAAE,YAAY,CAAC,gBAAgB,CAAC,SAAS,CAAC;QAC5D,oBAAoB;KACvB,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAClC,KAAa,EACb,OAAe;IAKf,MAAM,UAAU,GAAkD,EAAE,CAAC;IACrE,MAAM,UAAU,GAAkD,EAAE,CAAC;IAErE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAC9B,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,GAAG,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjF,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,GAAG,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AACtC,CAAC;AAED,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;AAE1D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAC9B,mBAA2B,EAC3B,UAAgC;IAEhC,MAAM,MAAM,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;IAExD,8BAA8B;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAE/B,gEAAgE;IAChE,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,0DAA0D;IAC1D,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtC,6DAA6D;IAC7D,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAEvC,IAAI,QAAoB,CAAC;IACzB,IAAI,mBAAuC,CAAC;IAE5C,IAAI,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAC9B,+DAA+D;QAC/D,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,QAAQ,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QAC/B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,mBAAmB,GAAG,UAAU,CAAC,gBAAgB,CAAC,MAAM,CAAC;IAC7D,CAAC;SAAM,CAAC;QACJ,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC9B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IAE7E,OAAO;QACH,YAAY;QACZ,kBAAkB,EAAE,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC;QAC/C,mBAAmB;KACtB,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC7B,mBAA2B,EAC3B,oBAA4B,EAC5B,qBAAyC,EACzC,MAAkB;IAElB,MAAM,MAAM,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAElD,gEAAgE;IAChE,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,0DAA0D;IAC1D,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,6DAA6D;IAC7D,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEhC,IAAI,QAAoB,CAAC;IAEzB,IAAI,qBAAqB,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,YAAY,CAAC,qBAAqB,CAAC,CAAC;QACpD,2DAA2D;QAC3D,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChC,QAAQ,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;QAC/B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC;SAAM,CAAC;QACJ,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC9B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,CAAC,QAAQ,EAAE,IAAI,UAAU,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC5B,SAAqB,EACrB,GAAe;IAEf,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACzD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC5B,UAAsB,EACtB,KAAiB,EACjB,GAAe;IAEf,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9D,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;IAC9F,OAAO,SAAS,CAAC;AACrB,CAAC"}