usertrust 0.1.0

package/dist/audit/entropy.js

@@ -0,0 +1,229 @@
+/**
+ * Entropy Diagnostics — Governance Health Signal
+ *
+ * Derives 6 entropy signals from audit event data to assess governance
+ * health. Entropy is a diagnostic signal, not a runtime gate.
+ *
+ * Signals:
+ *   1. Policy violations
+ *   2. Budget utilization
+ *   3. Chain integrity
+ *   4. PII detections
+ *   5. Circuit breaker trips
+ *   6. Pattern memory hits
+ *
+ * Returns a composite score 0–100 (0 = healthy, 100 = maximum entropy).
+ *
+ * Adapted from Field Project fermion/neutrino/entropy.ts — signals
+ * remapped to SDK vault structure.
+ */
+// ── Signal extractors ──
+/**
+ * Signal 1: Policy violations
+ *
+ * Events where kind contains "policy" and data indicates a deny/block decision.
+ */
+export function extractPolicyViolations(events) {
+    const policyEvents = events.filter((e) => e.kind.includes("policy"));
+    let hits = 0;
+    for (const e of policyEvents) {
+        const decision = e.data.decision;
+        if (decision === "deny" || decision === "block" || decision === "blocked") {
+            hits++;
+        }
+    }
+    const total = policyEvents.length;
+    return {
+        condition: "policy_violations",
+        label: "Policy violations",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+/**
+ * Signal 2: Budget utilization
+ *
+ * Events with budget data where utilization exceeds 80%.
+ */
+export function extractBudgetUtilization(events) {
+    let hits = 0;
+    let total = 0;
+    for (const e of events) {
+        const budget = e.data.budget;
+        const spent = e.data.spent;
+        const remaining = e.data.budgetRemaining;
+        const budgetTotal = e.data.budgetTotal;
+        if (typeof budget === "number" && typeof spent === "number" && budget > 0) {
+            total++;
+            if (spent / budget > 0.8) {
+                hits++;
+            }
+        }
+        else if (typeof remaining === "number" &&
+            typeof budgetTotal === "number" &&
+            budgetTotal > 0) {
+            total++;
+            if ((budgetTotal - remaining) / budgetTotal > 0.8) {
+                hits++;
+            }
+        }
+    }
+    return {
+        condition: "budget_utilization",
+        label: "Budget utilization (>80%)",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+/**
+ * Signal 3: Chain integrity
+ *
+ * Events indicating hash chain verification failures or audit degradation.
+ */
+export function extractChainIntegrity(events) {
+    let hits = 0;
+    let total = 0;
+    for (const e of events) {
+        if (e.kind.includes("audit") || e.kind.includes("chain") || e.kind.includes("verify")) {
+            total++;
+            const valid = e.data.valid;
+            const degraded = e.data.degraded;
+            const errors = e.data.errors;
+            if (valid === false || degraded === true || (Array.isArray(errors) && errors.length > 0)) {
+                hits++;
+            }
+        }
+    }
+    return {
+        condition: "chain_integrity",
+        label: "Chain integrity failures",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+/**
+ * Signal 4: PII detections
+ *
+ * Events where PII was detected in the data flow.
+ */
+export function extractPiiDetections(events) {
+    let hits = 0;
+    const total = events.length;
+    for (const e of events) {
+        const pii = e.data.piiDetected;
+        const piiCount = e.data.piiCount;
+        const piiAction = e.data.piiAction;
+        if (pii === true ||
+            (typeof piiCount === "number" && piiCount > 0) ||
+            piiAction === "redact" ||
+            piiAction === "block") {
+            hits++;
+        }
+    }
+    return {
+        condition: "pii_detections",
+        label: "PII detections",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+/**
+ * Signal 5: Circuit breaker trips
+ *
+ * Events where circuit breakers were triggered.
+ */
+export function extractCircuitBreakerTrips(events) {
+    let hits = 0;
+    let total = 0;
+    for (const e of events) {
+        if (e.kind.includes("circuit") ||
+            e.kind.includes("breaker") ||
+            e.data.circuitBreaker !== undefined) {
+            total++;
+            const state = e.data.circuitBreakerState ?? e.data.state;
+            const tripped = e.data.circuitBreakerTripped ?? e.data.tripped;
+            if (state === "open" || state === "half-open" || tripped === true) {
+                hits++;
+            }
+        }
+    }
+    return {
+        condition: "circuit_breaker_trips",
+        label: "Circuit breaker trips",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+/**
+ * Signal 6: Pattern memory hits
+ *
+ * Events where pattern memory detected recurring issues or anomalies.
+ */
+export function extractPatternMemoryHits(events) {
+    let hits = 0;
+    let total = 0;
+    for (const e of events) {
+        if (e.kind.includes("pattern") ||
+            e.kind.includes("memory") ||
+            e.data.patternMatch !== undefined) {
+            total++;
+            const match = e.data.patternMatch;
+            const anomaly = e.data.anomalyDetected;
+            const recurring = e.data.recurringIssue;
+            if (match === true || anomaly === true || recurring === true) {
+                hits++;
+            }
+        }
+    }
+    return {
+        condition: "pattern_memory_hits",
+        label: "Pattern memory hits",
+        value: total > 0 ? hits / total : 0,
+        hits,
+        total,
+    };
+}
+// ── Composite ──
+const EXTRACTORS = [
+    extractPolicyViolations,
+    extractBudgetUtilization,
+    extractChainIntegrity,
+    extractPiiDetections,
+    extractCircuitBreakerTrips,
+    extractPatternMemoryHits,
+];
+function classifyLevel(score) {
+    if (score >= 60)
+        return "critical";
+    if (score >= 30)
+        return "elevated";
+    return "low";
+}
+/**
+ * Compute the composite entropy report from audit events.
+ *
+ * Each of the 6 signals contributes equally (weight = 1/6).
+ * The composite score is 0–100.
+ *
+ * @param events - Array of audit events to analyze
+ * @returns Entropy report with composite score and per-signal breakdown
+ */
+export function computeEntropyScore(events) {
+    const signals = EXTRACTORS.map((fn) => fn(events));
+    const sum = signals.reduce((acc, s) => acc + s.value, 0);
+    const rawScore = signals.length > 0 ? sum / signals.length : 0;
+    const score = Math.round(rawScore * 100);
+    return {
+        score,
+        level: classifyLevel(score),
+        signals,
+        computedAt: new Date().toISOString(),
+        eventCount: events.length,
+    };
+}
+//# sourceMappingURL=entropy.js.map

package/dist/audit/entropy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.js","sourceRoot":"","sources":["../../src/audit/entropy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAqCH,0BAA0B;AAE1B;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAA2B;IAClE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrE,IAAI,IAAI,GAAG,CAAC,CAAC;IAEb,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3E,IAAI,EAAE,CAAC;QACR,CAAC;IACF,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC;IAClC,OAAO;QACN,SAAS,EAAE,mBAAmB;QAC9B,KAAK,EAAE,mBAAmB;QAC1B,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAA2B;IACnE,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAC7B,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;QACzC,MAAM,WAAW,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC;QAEvC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3E,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC;gBAC1B,IAAI,EAAE,CAAC;YACR,CAAC;QACF,CAAC;aAAM,IACN,OAAO,SAAS,KAAK,QAAQ;YAC7B,OAAO,WAAW,KAAK,QAAQ;YAC/B,WAAW,GAAG,CAAC,EACd,CAAC;YACF,KAAK,EAAE,CAAC;YACR,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,GAAG,WAAW,GAAG,GAAG,EAAE,CAAC;gBACnD,IAAI,EAAE,CAAC;YACR,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO;QACN,SAAS,EAAE,oBAAoB;QAC/B,KAAK,EAAE,2BAA2B;QAClC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAA2B;IAChE,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvF,KAAK,EAAE,CAAC;YACR,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;YAC3B,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;YACjC,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;YAE7B,IAAI,KAAK,KAAK,KAAK,IAAI,QAAQ,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC1F,IAAI,EAAE,CAAC;YACR,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO;QACN,SAAS,EAAE,iBAAiB;QAC5B,KAAK,EAAE,0BAA0B;QACjC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAA2B;IAC/D,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC;QAC/B,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;QACjC,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC;QAEnC,IACC,GAAG,KAAK,IAAI;YACZ,CAAC,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,GAAG,CAAC,CAAC;YAC9C,SAAS,KAAK,QAAQ;YACtB,SAAS,KAAK,OAAO,EACpB,CAAC;YACF,IAAI,EAAE,CAAC;QACR,CAAC;IACF,CAAC;IAED,OAAO;QACN,SAAS,EAAE,gBAAgB;QAC3B,KAAK,EAAE,gBAAgB;QACvB,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAA2B;IACrE,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IACC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC1B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC1B,CAAC,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,EAClC,CAAC;YACF,KAAK,EAAE,CAAC;YACR,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;YACzD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,qBAAqB,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;YAE/D,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,WAAW,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACnE,IAAI,EAAE,CAAC;YACR,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO;QACN,SAAS,EAAE,uBAAuB;QAClC,KAAK,EAAE,uBAAuB;QAC9B,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAA2B;IACnE,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACxB,IACC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC1B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACzB,CAAC,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,EAChC,CAAC;YACF,KAAK,EAAE,CAAC;YACR,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;YAClC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;YACvC,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;YAExC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;gBAC9D,IAAI,EAAE,CAAC;YACR,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO;QACN,SAAS,EAAE,qBAAqB;QAChC,KAAK,EAAE,qBAAqB;QAC5B,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI;QACJ,KAAK;KACL,CAAC;AACH,CAAC;AAED,kBAAkB;AAElB,MAAM,UAAU,GAAG;IAClB,uBAAuB;IACvB,wBAAwB;IACxB,qBAAqB;IACrB,oBAAoB;IACpB,0BAA0B;IAC1B,wBAAwB;CACf,CAAC;AAEX,SAAS,aAAa,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,UAAU,CAAC;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,UAAU,CAAC;IACnC,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAA2B;IAC9D,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEnD,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC;IAEzC,OAAO;QACN,KAAK;QACL,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC;QAC3B,OAAO;QACP,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,UAAU,EAAE,MAAM,CAAC,MAAM;KACzB,CAAC;AACH,CAAC"}

package/dist/audit/merkle.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Merkle Tree — RFC 6962 domain-separated hashing
+ *
+ * Pure functions for building, proving, and verifying Merkle trees.
+ * No I/O, no side effects. All hash fields are hex-encoded strings.
+ *
+ * Domain-separated hashing (RFC 6962 Section 2.1):
+ *   - Leaves:    SHA-256(0x00 || data)
+ *   - Internal:  SHA-256(0x01 || left || right)
+ *
+ * Odd leaves are promoted to the next layer (NOT duplicated),
+ * avoiding CVE-2012-2459.
+ *
+ * Merged from usertools-stealth merkle-tree.ts + merkle-proofs.ts.
+ */
+export interface MerkleSibling {
+    readonly hash: string;
+    readonly position: "left" | "right";
+}
+export interface MerkleInclusionProof {
+    readonly version: 1;
+    readonly leafHash: string;
+    readonly leafIndex: number;
+    readonly treeSize: number;
+    readonly root: string;
+    readonly siblings: readonly MerkleSibling[];
+    readonly segmentId: string;
+}
+export interface MerkleConsistencyProof {
+    readonly firstSize: number;
+    readonly secondSize: number;
+    readonly firstRoot: string;
+    readonly secondRoot: string;
+    readonly proof: readonly string[];
+}
+/**
+ * Hash a leaf node with domain separation.
+ * Input: hex-encoded data string.
+ * Output: hex-encoded SHA-256 hash.
+ */
+export declare function hashLeaf(data: string): string;
+/**
+ * Hash an internal node with domain separation.
+ * Inputs: two hex-encoded child hashes.
+ * Output: hex-encoded SHA-256 hash.
+ */
+export declare function hashInternal(left: string, right: string): string;
+/**
+ * Build a complete Merkle tree from an array of leaf hashes.
+ *
+ * Returns all layers (layer 0 = hashed leaves, last layer = [root]).
+ * Empty input returns { root: undefined, layers: [[]] }.
+ *
+ * Odd-count layers: the last node is promoted (not duplicated).
+ */
+export declare function buildMerkleTree(leaves: string[]): {
+    root: string | undefined;
+    layers: string[][];
+};
+/**
+ * Generate an inclusion proof for a specific leaf in a Merkle tree.
+ *
+ * Builds the tree from the provided leaves, then walks from the target leaf
+ * up to the root, collecting sibling hashes at each level.
+ */
+export declare function generateInclusionProof(leafIndex: number, leaves: string[], segmentId: string): MerkleInclusionProof;
+/**
+ * Verify an inclusion proof against a published root and tree size.
+ *
+ * Pure function — no I/O, only crypto.createHash.
+ */
+export declare function verifyInclusionProof(proof: MerkleInclusionProof, publishedRoot: string, publishedTreeSize: number): boolean;
+/**
+ * Generate a consistency proof between two tree sizes.
+ *
+ * Proves that tree(firstSize) is a prefix of tree(secondSize) — i.e.,
+ * the tree is append-only.
+ */
+export declare function generateConsistencyProof(firstSize: number, secondSize: number, leaves: string[]): MerkleConsistencyProof;
+/**
+ * Verify a consistency proof.
+ *
+ * Recomputes the second root from the first root and proof nodes,
+ * verifying that tree(firstSize) is a prefix of tree(secondSize).
+ */
+export declare function verifyConsistencyProof(proof: MerkleConsistencyProof): boolean;
+//# sourceMappingURL=merkle.d.ts.map

package/dist/audit/merkle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../../src/audit/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAWH,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,oBAAoB;IACpC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,SAAS,aAAa,EAAE,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,sBAAsB;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAID;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAG7C;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAQhE;AAID;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG;IAClD,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC;CACnB,CAwBA;AAID;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACrC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EAAE,EAChB,SAAS,EAAE,MAAM,GACf,oBAAoB,CAiDtB;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CACnC,KAAK,EAAE,oBAAoB,EAC3B,aAAa,EAAE,MAAM,EACrB,iBAAiB,EAAE,MAAM,GACvB,OAAO,CAoBT;AA4DD;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACvC,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EAAE,GACd,sBAAsB,CAgCxB;AAgFD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAqB7E"}

package/dist/audit/merkle.js

@@ -0,0 +1,315 @@
+/**
+ * Merkle Tree — RFC 6962 domain-separated hashing
+ *
+ * Pure functions for building, proving, and verifying Merkle trees.
+ * No I/O, no side effects. All hash fields are hex-encoded strings.
+ *
+ * Domain-separated hashing (RFC 6962 Section 2.1):
+ *   - Leaves:    SHA-256(0x00 || data)
+ *   - Internal:  SHA-256(0x01 || left || right)
+ *
+ * Odd leaves are promoted to the next layer (NOT duplicated),
+ * avoiding CVE-2012-2459.
+ *
+ * Merged from usertools-stealth merkle-tree.ts + merkle-proofs.ts.
+ */
+import { createHash } from "node:crypto";
+// ── Constants ──
+const LEAF_PREFIX = Buffer.from([0x00]);
+const INTERNAL_PREFIX = Buffer.from([0x01]);
+// ── Core hash functions ──
+/**
+ * Hash a leaf node with domain separation.
+ * Input: hex-encoded data string.
+ * Output: hex-encoded SHA-256 hash.
+ */
+export function hashLeaf(data) {
+    const dataBuffer = Buffer.from(data, "hex");
+    return createHash("sha256").update(LEAF_PREFIX).update(dataBuffer).digest("hex");
+}
+/**
+ * Hash an internal node with domain separation.
+ * Inputs: two hex-encoded child hashes.
+ * Output: hex-encoded SHA-256 hash.
+ */
+export function hashInternal(left, right) {
+    const leftBuffer = Buffer.from(left, "hex");
+    const rightBuffer = Buffer.from(right, "hex");
+    return createHash("sha256")
+        .update(INTERNAL_PREFIX)
+        .update(leftBuffer)
+        .update(rightBuffer)
+        .digest("hex");
+}
+// ── Tree building ──
+/**
+ * Build a complete Merkle tree from an array of leaf hashes.
+ *
+ * Returns all layers (layer 0 = hashed leaves, last layer = [root]).
+ * Empty input returns { root: undefined, layers: [[]] }.
+ *
+ * Odd-count layers: the last node is promoted (not duplicated).
+ */
+export function buildMerkleTree(leaves) {
+    if (leaves.length === 0) {
+        return { root: undefined, layers: [[]] };
+    }
+    let currentLayer = leaves.map((leaf) => hashLeaf(leaf));
+    const layers = [currentLayer];
+    while (currentLayer.length > 1) {
+        const nextLayer = [];
+        for (let i = 0; i < currentLayer.length; i += 2) {
+            const left = currentLayer[i];
+            if (i + 1 < currentLayer.length) {
+                const right = currentLayer[i + 1];
+                nextLayer.push(hashInternal(left, right));
+            }
+            else {
+                nextLayer.push(left);
+            }
+        }
+        currentLayer = nextLayer;
+        layers.push(currentLayer);
+    }
+    return { root: currentLayer[0], layers };
+}
+// ── Inclusion proofs ──
+/**
+ * Generate an inclusion proof for a specific leaf in a Merkle tree.
+ *
+ * Builds the tree from the provided leaves, then walks from the target leaf
+ * up to the root, collecting sibling hashes at each level.
+ */
+export function generateInclusionProof(leafIndex, leaves, segmentId) {
+    if (leafIndex < 0 || leafIndex >= leaves.length) {
+        throw new RangeError(`leafIndex ${leafIndex} out of bounds for ${leaves.length} leaves`);
+    }
+    const { root, layers } = buildMerkleTree(leaves);
+    if (root === undefined) {
+        throw new Error("Cannot generate proof for empty tree");
+    }
+    const siblings = [];
+    let currentIndex = leafIndex;
+    for (let level = 0; level < layers.length - 1; level++) {
+        const layer = layers[level];
+        const layerSize = layer.length;
+        if (currentIndex === layerSize - 1 && layerSize % 2 === 1) {
+            currentIndex = Math.floor(currentIndex / 2);
+            continue;
+        }
+        if (currentIndex % 2 === 0) {
+            siblings.push({
+                hash: layer[currentIndex + 1],
+                position: "right",
+            });
+        }
+        else {
+            siblings.push({
+                hash: layer[currentIndex - 1],
+                position: "left",
+            });
+        }
+        currentIndex = Math.floor(currentIndex / 2);
+    }
+    const leafHash = leaves[leafIndex];
+    return {
+        version: 1,
+        leafHash,
+        leafIndex,
+        treeSize: leaves.length,
+        root,
+        segmentId,
+        siblings,
+    };
+}
+/**
+ * Verify an inclusion proof against a published root and tree size.
+ *
+ * Pure function — no I/O, only crypto.createHash.
+ */
+export function verifyInclusionProof(proof, publishedRoot, publishedTreeSize) {
+    if (proof.treeSize !== publishedTreeSize) {
+        return false;
+    }
+    if (proof.root !== publishedRoot) {
+        return false;
+    }
+    let currentHash = hashLeaf(proof.leafHash);
+    for (const sibling of proof.siblings) {
+        if (sibling.position === "left") {
+            currentHash = hashInternal(sibling.hash, currentHash);
+        }
+        else {
+            currentHash = hashInternal(currentHash, sibling.hash);
+        }
+    }
+    return currentHash === proof.root;
+}
+// ── Consistency proofs ──
+/**
+ * Find the largest power of 2 strictly less than n.
+ */
+function largestPowerOf2LessThan(n) {
+    if (n <= 1)
+        return 0;
+    let k = 1;
+    while (k * 2 < n) {
+        k *= 2;
+    }
+    return k;
+}
+/**
+ * Check if n is a power of 2.
+ */
+function isPowerOf2(n) {
+    return n > 0 && (n & (n - 1)) === 0;
+}
+/**
+ * Recursive consistency proof generation.
+ */
+function subproof(m, n, leaves, proof, startFromOld) {
+    if (m === n) {
+        if (!startFromOld) {
+            const { root } = buildMerkleTree(leaves.slice(0, n));
+            if (root !== undefined) {
+                proof.push(root);
+            }
+        }
+        return;
+    }
+    const k = largestPowerOf2LessThan(n);
+    if (m <= k) {
+        subproof(m, k, leaves, proof, startFromOld);
+        const { root } = buildMerkleTree(leaves.slice(k, n));
+        if (root !== undefined) {
+            proof.push(root);
+        }
+    }
+    else {
+        subproof(m - k, n - k, leaves.slice(k), proof, false);
+        const { root } = buildMerkleTree(leaves.slice(0, k));
+        if (root !== undefined) {
+            proof.push(root);
+        }
+    }
+}
+/**
+ * Generate a consistency proof between two tree sizes.
+ *
+ * Proves that tree(firstSize) is a prefix of tree(secondSize) — i.e.,
+ * the tree is append-only.
+ */
+export function generateConsistencyProof(firstSize, secondSize, leaves) {
+    if (firstSize < 1 || firstSize > secondSize) {
+        throw new RangeError(`Invalid sizes: firstSize=${firstSize}, secondSize=${secondSize}`);
+    }
+    if (secondSize > leaves.length) {
+        throw new RangeError(`secondSize ${secondSize} exceeds available leaves ${leaves.length}`);
+    }
+    const firstTree = buildMerkleTree(leaves.slice(0, firstSize));
+    const secondTree = buildMerkleTree(leaves.slice(0, secondSize));
+    if (firstSize === secondSize) {
+        return {
+            firstSize,
+            secondSize,
+            firstRoot: firstTree.root,
+            secondRoot: secondTree.root,
+            proof: [],
+        };
+    }
+    const proof = [];
+    const secondLeaves = leaves.slice(0, secondSize);
+    subproof(firstSize, secondSize, secondLeaves, proof, true);
+    return {
+        firstSize,
+        secondSize,
+        firstRoot: firstTree.root,
+        secondRoot: secondTree.root,
+        proof,
+    };
+}
+/**
+ * Recompute both roots from the consistency proof path.
+ */
+function recomputeRoots(firstSize, secondSize, proofNodes, claimedFirstRoot) {
+    let idx = 0;
+    function consume() {
+        if (idx >= proofNodes.length)
+            return undefined;
+        return proofNodes[idx++];
+    }
+    const stack = [];
+    function collect(m, n, isOld) {
+        if (m === n) {
+            if (!isOld) {
+                const node = consume();
+                if (node !== undefined) {
+                    stack.push({ hash: node, side: "both" });
+                }
+            }
+            return;
+        }
+        const k = largestPowerOf2LessThan(n);
+        if (m <= k) {
+            collect(m, k, isOld);
+            const node = consume();
+            if (node !== undefined) {
+                stack.push({ hash: node, side: "right" });
+            }
+        }
+        else {
+            collect(m - k, n - k, false);
+            const node = consume();
+            if (node !== undefined) {
+                stack.push({ hash: node, side: "left" });
+            }
+        }
+    }
+    collect(firstSize, secondSize, true);
+    if (stack.length === 0)
+        return { firstRoot: "", secondRoot: "" };
+    let fr;
+    let sr;
+    let startIdx;
+    if (isPowerOf2(firstSize)) {
+        fr = claimedFirstRoot;
+        sr = claimedFirstRoot;
+        startIdx = 0;
+    }
+    else {
+        fr = stack[0].hash;
+        sr = stack[0].hash;
+        startIdx = 1;
+    }
+    for (let i = startIdx; i < stack.length; i++) {
+        const entry = stack[i];
+        if (entry.side === "right") {
+            sr = hashInternal(sr, entry.hash);
+        }
+        else {
+            fr = hashInternal(entry.hash, fr);
+            sr = hashInternal(entry.hash, sr);
+        }
+    }
+    return { firstRoot: fr, secondRoot: sr };
+}
+/**
+ * Verify a consistency proof.
+ *
+ * Recomputes the second root from the first root and proof nodes,
+ * verifying that tree(firstSize) is a prefix of tree(secondSize).
+ */
+export function verifyConsistencyProof(proof) {
+    if (proof.firstSize < 1 || proof.firstSize > proof.secondSize) {
+        return false;
+    }
+    if (proof.firstSize === proof.secondSize) {
+        return proof.proof.length === 0 && proof.firstRoot === proof.secondRoot;
+    }
+    if (proof.proof.length === 0) {
+        return false;
+    }
+    const { firstRoot, secondRoot } = recomputeRoots(proof.firstSize, proof.secondSize, proof.proof, proof.firstRoot);
+    return firstRoot === proof.firstRoot && secondRoot === proof.secondRoot;
+}
+//# sourceMappingURL=merkle.js.map

package/dist/audit/merkle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.js","sourceRoot":"","sources":["../../src/audit/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,kBAAkB;AAElB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AA2B5C,4BAA4B;AAE5B;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,KAAa;IACvD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC9C,OAAO,UAAU,CAAC,QAAQ,CAAC;SACzB,MAAM,CAAC,eAAe,CAAC;SACvB,MAAM,CAAC,UAAU,CAAC;SAClB,MAAM,CAAC,WAAW,CAAC;SACnB,MAAM,CAAC,KAAK,CAAC,CAAC;AACjB,CAAC;AAED,sBAAsB;AAEtB;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,MAAgB;IAI/C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IAC1C,CAAC;IAED,IAAI,YAAY,GAAa,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAClE,MAAM,MAAM,GAAe,CAAC,YAAY,CAAC,CAAC;IAE1C,OAAO,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,SAAS,GAAa,EAAE,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,CAAW,CAAC;YACvC,IAAI,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC;gBACjC,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAW,CAAC;gBAC5C,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;iBAAM,CAAC;gBACP,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;QACF,CAAC;QACD,YAAY,GAAG,SAAS,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;AAC1C,CAAC;AAED,yBAAyB;AAEzB;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACrC,SAAiB,EACjB,MAAgB,EAChB,SAAiB;IAEjB,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACjD,MAAM,IAAI,UAAU,CAAC,aAAa,SAAS,sBAAsB,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IAC1F,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAEjD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAI,YAAY,GAAG,SAAS,CAAC;IAE7B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;QACxD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAa,CAAC;QACxC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;QAE/B,IAAI,YAAY,KAAK,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3D,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;YAC5C,SAAS;QACV,CAAC;QAED,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,KAAK,CAAC,YAAY,GAAG,CAAC,CAAW;gBACvC,QAAQ,EAAE,OAAO;aACjB,CAAC,CAAC;QACJ,CAAC;aAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC;gBACb,IAAI,EAAE,KAAK,CAAC,YAAY,GAAG,CAAC,CAAW;gBACvC,QAAQ,EAAE,MAAM;aAChB,CAAC,CAAC;QACJ,CAAC;QAED,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAW,CAAC;IAE7C,OAAO;QACN,OAAO,EAAE,CAAC;QACV,QAAQ;QACR,SAAS;QACT,QAAQ,EAAE,MAAM,CAAC,MAAM;QACvB,IAAI;QACJ,SAAS;QACT,QAAQ;KACR,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CACnC,KAA2B,EAC3B,aAAqB,EACrB,iBAAyB;IAEzB,IAAI,KAAK,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,WAAW,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAE3C,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YACjC,WAAW,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACP,WAAW,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC;IACF,CAAC;IAED,OAAO,WAAW,KAAK,KAAK,CAAC,IAAI,CAAC;AACnC,CAAC;AAED,2BAA2B;AAE3B;;GAEG;AACH,SAAS,uBAAuB,CAAC,CAAS;IACzC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,CAAC,IAAI,CAAC,CAAC;IACR,CAAC;IACD,OAAO,CAAC,CAAC;AACV,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAChB,CAAS,EACT,CAAS,EACT,MAAgB,EAChB,KAAe,EACf,YAAqB;IAErB,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACb,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,MAAM,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACrD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,CAAC;QACF,CAAC;QACD,OAAO;IACR,CAAC;IAED,MAAM,CAAC,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;IAErC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACZ,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAC5C,MAAM,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;IACF,CAAC;SAAM,CAAC;QACP,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QACtD,MAAM,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACvC,SAAiB,EACjB,UAAkB,EAClB,MAAgB;IAEhB,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,UAAU,CAAC,4BAA4B,SAAS,gBAAgB,UAAU,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,IAAI,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,IAAI,UAAU,CAAC,cAAc,UAAU,6BAA6B,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;IAEhE,IAAI,SAAS,KAAK,UAAU,EAAE,CAAC;QAC9B,OAAO;YACN,SAAS;YACT,UAAU;YACV,SAAS,EAAE,SAAS,CAAC,IAAc;YACnC,UAAU,EAAE,UAAU,CAAC,IAAc;YACrC,KAAK,EAAE,EAAE;SACT,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACjD,QAAQ,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IAE3D,OAAO;QACN,SAAS;QACT,UAAU;QACV,SAAS,EAAE,SAAS,CAAC,IAAc;QACnC,UAAU,EAAE,UAAU,CAAC,IAAc;QACrC,KAAK;KACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACtB,SAAiB,EACjB,UAAkB,EAClB,UAA6B,EAC7B,gBAAwB;IAExB,IAAI,GAAG,GAAG,CAAC,CAAC;IAEZ,SAAS,OAAO;QACf,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAC/C,OAAO,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC;IAC1B,CAAC;IAGD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,SAAS,OAAO,CAAC,CAAS,EAAE,CAAS,EAAE,KAAc;QACpD,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;gBACvB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBACxB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC1C,CAAC;YACF,CAAC;YACD,OAAO;QACR,CAAC;QAED,MAAM,CAAC,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAErC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YACrB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;YACvB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC3C,CAAC;QACF,CAAC;aAAM,CAAC;YACP,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;YACvB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1C,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,CAAC,SAAS,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;IAErC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAEjE,IAAI,EAAU,CAAC;IACf,IAAI,EAAU,CAAC;IACf,IAAI,QAAgB,CAAC;IAErB,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,EAAE,GAAG,gBAAgB,CAAC;QACtB,EAAE,GAAG,gBAAgB,CAAC;QACtB,QAAQ,GAAG,CAAC,CAAC;IACd,CAAC;SAAM,CAAC;QACP,EAAE,GAAI,KAAK,CAAC,CAAC,CAAgB,CAAC,IAAI,CAAC;QACnC,EAAE,GAAI,KAAK,CAAC,CAAC,CAAgB,CAAC,IAAI,CAAC;QACnC,QAAQ,GAAG,CAAC,CAAC;IACd,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAe,CAAC;QACrC,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5B,EAAE,GAAG,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACP,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAClC,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;IACF,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAA6B;IACnE,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,UAAU,EAAE,CAAC;QAC/D,OAAO,KAAK,CAAC;IACd,CAAC;IAED,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,UAAU,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,UAAU,CAAC;IACzE,CAAC;IAED,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACd,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,cAAc,CAC/C,KAAK,CAAC,SAAS,EACf,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,KAAK,EACX,KAAK,CAAC,SAAS,CACf,CAAC;IAEF,OAAO,SAAS,KAAK,KAAK,CAAC,SAAS,IAAI,UAAU,KAAK,KAAK,CAAC,UAAU,CAAC;AACzE,CAAC"}