npm - uxnan-bridge - Versions diffs - 0.0.1-alpha.20260621 - Mend

uxnan-bridge 0.0.1-alpha.20260621

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/README.md +150 -0
package/dist/src/account-status.d.ts +13 -0
package/dist/src/account-status.js +78 -0
package/dist/src/account-status.js.map +1 -0
package/dist/src/adapters/base-adapter.d.ts +18 -0
package/dist/src/adapters/base-adapter.js +15 -0
package/dist/src/adapters/base-adapter.js.map +1 -0
package/dist/src/adapters/claude-adapter.d.ts +102 -0
package/dist/src/adapters/claude-adapter.js +486 -0
package/dist/src/adapters/claude-adapter.js.map +1 -0
package/dist/src/adapters/claude-tools.d.ts +25 -0
package/dist/src/adapters/claude-tools.js +146 -0
package/dist/src/adapters/claude-tools.js.map +1 -0
package/dist/src/adapters/codex-adapter.d.ts +116 -0
package/dist/src/adapters/codex-adapter.js +912 -0
package/dist/src/adapters/codex-adapter.js.map +1 -0
package/dist/src/adapters/codex-app-server.d.ts +74 -0
package/dist/src/adapters/codex-app-server.js +225 -0
package/dist/src/adapters/codex-app-server.js.map +1 -0
package/dist/src/adapters/codex-approval.d.ts +88 -0
package/dist/src/adapters/codex-approval.js +160 -0
package/dist/src/adapters/codex-approval.js.map +1 -0
package/dist/src/adapters/codex-tools.d.ts +18 -0
package/dist/src/adapters/codex-tools.js +106 -0
package/dist/src/adapters/codex-tools.js.map +1 -0
package/dist/src/adapters/content-blocks.d.ts +68 -0
package/dist/src/adapters/content-blocks.js +205 -0
package/dist/src/adapters/content-blocks.js.map +1 -0
package/dist/src/adapters/echo-agent-adapter.d.ts +23 -0
package/dist/src/adapters/echo-agent-adapter.js +72 -0
package/dist/src/adapters/echo-agent-adapter.js.map +1 -0
package/dist/src/adapters/gemini-adapter.d.ts +87 -0
package/dist/src/adapters/gemini-adapter.js +594 -0
package/dist/src/adapters/gemini-adapter.js.map +1 -0
package/dist/src/adapters/gemini-tools.d.ts +4 -0
package/dist/src/adapters/gemini-tools.js +48 -0
package/dist/src/adapters/gemini-tools.js.map +1 -0
package/dist/src/adapters/opencode-adapter.d.ts +74 -0
package/dist/src/adapters/opencode-adapter.js +418 -0
package/dist/src/adapters/opencode-adapter.js.map +1 -0
package/dist/src/adapters/opencode-tools.d.ts +2 -0
package/dist/src/adapters/opencode-tools.js +41 -0
package/dist/src/adapters/opencode-tools.js.map +1 -0
package/dist/src/adapters/pi-adapter.d.ts +92 -0
package/dist/src/adapters/pi-adapter.js +467 -0
package/dist/src/adapters/pi-adapter.js.map +1 -0
package/dist/src/adapters/pi-tools.d.ts +10 -0
package/dist/src/adapters/pi-tools.js +72 -0
package/dist/src/adapters/pi-tools.js.map +1 -0
package/dist/src/adapters/process-agent-adapter.d.ts +24 -0
package/dist/src/adapters/process-agent-adapter.js +111 -0
package/dist/src/adapters/process-agent-adapter.js.map +1 -0
package/dist/src/adapters/resolve-claude.d.ts +13 -0
package/dist/src/adapters/resolve-claude.js +57 -0
package/dist/src/adapters/resolve-claude.js.map +1 -0
package/dist/src/adapters/resolve-codex.d.ts +13 -0
package/dist/src/adapters/resolve-codex.js +48 -0
package/dist/src/adapters/resolve-codex.js.map +1 -0
package/dist/src/adapters/resolve-gemini.d.ts +13 -0
package/dist/src/adapters/resolve-gemini.js +47 -0
package/dist/src/adapters/resolve-gemini.js.map +1 -0
package/dist/src/adapters/resolve-opencode.d.ts +11 -0
package/dist/src/adapters/resolve-opencode.js +49 -0
package/dist/src/adapters/resolve-opencode.js.map +1 -0
package/dist/src/adapters/resolve-pi.d.ts +13 -0
package/dist/src/adapters/resolve-pi.js +46 -0
package/dist/src/adapters/resolve-pi.js.map +1 -0
package/dist/src/adapters/run-options.d.ts +22 -0
package/dist/src/adapters/run-options.js +48 -0
package/dist/src/adapters/run-options.js.map +1 -0
package/dist/src/adapters/spawn.d.ts +20 -0
package/dist/src/adapters/spawn.js +16 -0
package/dist/src/adapters/spawn.js.map +1 -0
package/dist/src/agents/agent-manager.d.ts +98 -0
package/dist/src/agents/agent-manager.js +433 -0
package/dist/src/agents/agent-manager.js.map +1 -0
package/dist/src/agents/attachments.d.ts +28 -0
package/dist/src/agents/attachments.js +121 -0
package/dist/src/agents/attachments.js.map +1 -0
package/dist/src/bridge-context.d.ts +45 -0
package/dist/src/bridge-context.js +2 -0
package/dist/src/bridge-context.js.map +1 -0
package/dist/src/bridge-status.d.ts +12 -0
package/dist/src/bridge-status.js +17 -0
package/dist/src/bridge-status.js.map +1 -0
package/dist/src/bridge.d.ts +37 -0
package/dist/src/bridge.js +446 -0
package/dist/src/bridge.js.map +1 -0
package/dist/src/cli.d.ts +2 -0
package/dist/src/cli.js +194 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/conversation/session-history.d.ts +27 -0
package/dist/src/conversation/session-history.js +1082 -0
package/dist/src/conversation/session-history.js.map +1 -0
package/dist/src/conversation/thread-store.d.ts +74 -0
package/dist/src/conversation/thread-store.js +366 -0
package/dist/src/conversation/thread-store.js.map +1 -0
package/dist/src/daemon-config.d.ts +123 -0
package/dist/src/daemon-config.js +64 -0
package/dist/src/daemon-config.js.map +1 -0
package/dist/src/daemon-state.d.ts +27 -0
package/dist/src/daemon-state.js +76 -0
package/dist/src/daemon-state.js.map +1 -0
package/dist/src/git/git-runner.d.ts +24 -0
package/dist/src/git/git-runner.js +63 -0
package/dist/src/git/git-runner.js.map +1 -0
package/dist/src/git/git-service.d.ts +76 -0
package/dist/src/git/git-service.js +435 -0
package/dist/src/git/git-service.js.map +1 -0
package/dist/src/handler-router.d.ts +34 -0
package/dist/src/handler-router.js +67 -0
package/dist/src/handler-router.js.map +1 -0
package/dist/src/handlers/account-handler.d.ts +4 -0
package/dist/src/handlers/account-handler.js +27 -0
package/dist/src/handlers/account-handler.js.map +1 -0
package/dist/src/handlers/agent-handler.d.ts +2 -0
package/dist/src/handlers/agent-handler.js +8 -0
package/dist/src/handlers/agent-handler.js.map +1 -0
package/dist/src/handlers/bridge-control-handler.d.ts +2 -0
package/dist/src/handlers/bridge-control-handler.js +64 -0
package/dist/src/handlers/bridge-control-handler.js.map +1 -0
package/dist/src/handlers/desktop-handler.d.ts +12 -0
package/dist/src/handlers/desktop-handler.js +5 -0
package/dist/src/handlers/desktop-handler.js.map +1 -0
package/dist/src/handlers/git-handler.d.ts +2 -0
package/dist/src/handlers/git-handler.js +82 -0
package/dist/src/handlers/git-handler.js.map +1 -0
package/dist/src/handlers/index.d.ts +8 -0
package/dist/src/handlers/index.js +22 -0
package/dist/src/handlers/index.js.map +1 -0
package/dist/src/handlers/not-implemented.d.ts +10 -0
package/dist/src/handlers/not-implemented.js +21 -0
package/dist/src/handlers/not-implemented.js.map +1 -0
package/dist/src/handlers/notifications-handler.d.ts +2 -0
package/dist/src/handlers/notifications-handler.js +62 -0
package/dist/src/handlers/notifications-handler.js.map +1 -0
package/dist/src/handlers/params.d.ts +11 -0
package/dist/src/handlers/params.js +72 -0
package/dist/src/handlers/params.js.map +1 -0
package/dist/src/handlers/project-handler.d.ts +2 -0
package/dist/src/handlers/project-handler.js +6 -0
package/dist/src/handlers/project-handler.js.map +1 -0
package/dist/src/handlers/thread-context-handler.d.ts +2 -0
package/dist/src/handlers/thread-context-handler.js +211 -0
package/dist/src/handlers/thread-context-handler.js.map +1 -0
package/dist/src/handlers/workspace-handler.d.ts +2 -0
package/dist/src/handlers/workspace-handler.js +101 -0
package/dist/src/handlers/workspace-handler.js.map +1 -0
package/dist/src/hooks/claude-approval-hook.d.ts +7 -0
package/dist/src/hooks/claude-approval-hook.js +95 -0
package/dist/src/hooks/claude-approval-hook.js.map +1 -0
package/dist/src/hooks/gemini-approval-hook.d.ts +7 -0
package/dist/src/hooks/gemini-approval-hook.js +113 -0
package/dist/src/hooks/gemini-approval-hook.js.map +1 -0
package/dist/src/index.d.ts +62 -0
package/dist/src/index.js +65 -0
package/dist/src/index.js.map +1 -0
package/dist/src/keyring-secret-store.d.ts +36 -0
package/dist/src/keyring-secret-store.js +70 -0
package/dist/src/keyring-secret-store.js.map +1 -0
package/dist/src/lock-file.d.ts +18 -0
package/dist/src/lock-file.js +60 -0
package/dist/src/lock-file.js.map +1 -0
package/dist/src/logger.d.ts +28 -0
package/dist/src/logger.js +99 -0
package/dist/src/logger.js.map +1 -0
package/dist/src/pairing/pairing-code-service.d.ts +45 -0
package/dist/src/pairing/pairing-code-service.js +183 -0
package/dist/src/pairing/pairing-code-service.js.map +1 -0
package/dist/src/projects/project-registry.d.ts +14 -0
package/dist/src/projects/project-registry.js +60 -0
package/dist/src/projects/project-registry.js.map +1 -0
package/dist/src/push/push-sender.d.ts +21 -0
package/dist/src/push/push-sender.js +96 -0
package/dist/src/push/push-sender.js.map +1 -0
package/dist/src/push/push-service.d.ts +122 -0
package/dist/src/push/push-service.js +260 -0
package/dist/src/push/push-service.js.map +1 -0
package/dist/src/qr.d.ts +17 -0
package/dist/src/qr.js +31 -0
package/dist/src/qr.js.map +1 -0
package/dist/src/secret-store.d.ts +23 -0
package/dist/src/secret-store.js +27 -0
package/dist/src/secret-store.js.map +1 -0
package/dist/src/secure-device-state.d.ts +16 -0
package/dist/src/secure-device-state.js +63 -0
package/dist/src/secure-device-state.js.map +1 -0
package/dist/src/service-installer.d.ts +57 -0
package/dist/src/service-installer.js +254 -0
package/dist/src/service-installer.js.map +1 -0
package/dist/src/session-state.d.ts +14 -0
package/dist/src/session-state.js +19 -0
package/dist/src/session-state.js.map +1 -0
package/dist/src/transport/crypto.d.ts +43 -0
package/dist/src/transport/crypto.js +78 -0
package/dist/src/transport/crypto.js.map +1 -0
package/dist/src/transport/lan-server.d.ts +33 -0
package/dist/src/transport/lan-server.js +105 -0
package/dist/src/transport/lan-server.js.map +1 -0
package/dist/src/transport/local-hosts.d.ts +17 -0
package/dist/src/transport/local-hosts.js +30 -0
package/dist/src/transport/local-hosts.js.map +1 -0
package/dist/src/transport/mdns-advertiser.d.ts +83 -0
package/dist/src/transport/mdns-advertiser.js +282 -0
package/dist/src/transport/mdns-advertiser.js.map +1 -0
package/dist/src/transport/message-io.d.ts +33 -0
package/dist/src/transport/message-io.js +87 -0
package/dist/src/transport/message-io.js.map +1 -0
package/dist/src/transport/outbound-log.d.ts +24 -0
package/dist/src/transport/outbound-log.js +78 -0
package/dist/src/transport/outbound-log.js.map +1 -0
package/dist/src/transport/relay-client.d.ts +19 -0
package/dist/src/transport/relay-client.js +27 -0
package/dist/src/transport/relay-client.js.map +1 -0
package/dist/src/transport/secure-channel.d.ts +33 -0
package/dist/src/transport/secure-channel.js +81 -0
package/dist/src/transport/secure-channel.js.map +1 -0
package/dist/src/transport/server-handshake.d.ts +49 -0
package/dist/src/transport/server-handshake.js +137 -0
package/dist/src/transport/server-handshake.js.map +1 -0
package/dist/src/transport/session-handler.d.ts +19 -0
package/dist/src/transport/session-handler.js +134 -0
package/dist/src/transport/session-handler.js.map +1 -0
package/dist/src/transport/session-registry.d.ts +58 -0
package/dist/src/transport/session-registry.js +91 -0
package/dist/src/transport/session-registry.js.map +1 -0
package/dist/src/transport/trust-store.d.ts +23 -0
package/dist/src/transport/trust-store.js +33 -0
package/dist/src/transport/trust-store.js.map +1 -0
package/dist/src/transport/ws-adapter.d.ts +7 -0
package/dist/src/transport/ws-adapter.js +16 -0
package/dist/src/transport/ws-adapter.js.map +1 -0
package/dist/src/version.d.ts +1 -0
package/dist/src/version.js +13 -0
package/dist/src/version.js.map +1 -0
package/dist/src/workspace/browse-service.d.ts +10 -0
package/dist/src/workspace/browse-service.js +97 -0
package/dist/src/workspace/browse-service.js.map +1 -0
package/dist/src/workspace/checkpoint-service.d.ts +21 -0
package/dist/src/workspace/checkpoint-service.js +219 -0
package/dist/src/workspace/checkpoint-service.js.map +1 -0
package/dist/src/workspace/path-guard.d.ts +7 -0
package/dist/src/workspace/path-guard.js +51 -0
package/dist/src/workspace/path-guard.js.map +1 -0
package/dist/src/workspace/workspace-service.d.ts +8 -0
package/dist/src/workspace/workspace-service.js +111 -0
package/dist/src/workspace/workspace-service.js.map +1 -0
package/package.json +46 -0
package/scripts/extract-gemini-hook.mjs +16 -0
package/scripts/fake-approval-bridge.mjs +23 -0
package/scripts/install-service-linux.sh +38 -0
package/scripts/install-service-macos.sh +38 -0
package/scripts/install-service-windows.ps1 +26 -0
package/scripts/test-gemini-hook-e2e.mjs +168 -0
package/scripts/write-gemini-settings.mjs +31 -0

package/dist/src/qr.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"qr.js","sourceRoot":"","sources":["../../src/qr.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,eAAe,GAEhB,MAAM,eAAe,CAAC;AAgBvB,MAAM,UAAU,sBAAsB,CAAC,OAA+B;IACpE,MAAM,OAAO,GAAmB;QAC9B,CAAC,EAAE,kBAAkB;QACrB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,UAAU,EAAE;QAC5C,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;QAClD,SAAS,EAAE,oBAAoB,CAAC,OAAO,CAAC,GAAG,CAAC;QAC5C,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;IACF,IAAI,OAAO,CAAC,QAAQ;QAAE,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC;IACvD,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC7E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,eAAe,CAAC,OAAuB;IACrD,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,MAAc,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/src/secret-store.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Abstraction over secret storage. The bridge's Ed25519 private identity is a
+ * secret and (per AGENTS.md) must never be written to disk in plaintext.
+ *
+ * This module ships an in-memory implementation only. A persistent, OS-keychain
+ * backed implementation is required before real pairing.
+ *
+ * FOR-DEV: implement an OS-keychain-backed SecretStore (Windows Credential
+ * Manager / macOS Keychain / libsecret) so the bridge identity survives restarts
+ * (src/secret-store.ts). Unblocks: real pairing & trusted reconnect.
+ */
+export interface SecretStore {
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<void>;
+}
+/** Process-lifetime secret store. Secrets are lost when the process exits. */
+export declare class InMemorySecretStore implements SecretStore {
+    #private;
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+    delete(key: string): Promise<void>;
+}

package/dist/src/secret-store.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Abstraction over secret storage. The bridge's Ed25519 private identity is a
+ * secret and (per AGENTS.md) must never be written to disk in plaintext.
+ *
+ * This module ships an in-memory implementation only. A persistent, OS-keychain
+ * backed implementation is required before real pairing.
+ *
+ * FOR-DEV: implement an OS-keychain-backed SecretStore (Windows Credential
+ * Manager / macOS Keychain / libsecret) so the bridge identity survives restarts
+ * (src/secret-store.ts). Unblocks: real pairing & trusted reconnect.
+ */
+/** Process-lifetime secret store. Secrets are lost when the process exits. */
+export class InMemorySecretStore {
+    #secrets = new Map();
+    get(key) {
+        return Promise.resolve(this.#secrets.get(key) ?? null);
+    }
+    set(key, value) {
+        this.#secrets.set(key, value);
+        return Promise.resolve();
+    }
+    delete(key) {
+        this.#secrets.delete(key);
+        return Promise.resolve();
+    }
+}
+//# sourceMappingURL=secret-store.js.map

package/dist/src/secret-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secret-store.js","sourceRoot":"","sources":["../../src/secret-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,8EAA8E;AAC9E,MAAM,OAAO,mBAAmB;IACrB,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,GAAG,CAAC,GAAW;QACb,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;IACzD,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAa;QAC5B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,GAAW;QAChB,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF"}

package/dist/src/secure-device-state.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { SecretStore } from './secret-store.js';
+/** Non-secret identity safe to share (e.g. inside the pairing QR). */
+export interface PublicIdentity {
+    macDeviceId: string;
+    /** Ed25519 identity public key as lowercase hex (32 bytes). */
+    macIdentityPublicKey: string;
+}
+export declare class SecureDeviceState {
+    #private;
+    constructor(store: SecretStore);
+    /** Load the persisted identity, or generate and persist a new one. */
+    loadOrCreate(): Promise<PublicIdentity>;
+    get identity(): PublicIdentity;
+    /** Sign a message with the Ed25519 identity key; returns lowercase hex. */
+    sign(message: Buffer | string): string;
+}

package/dist/src/secure-device-state.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Bridge cryptographic identity (Ed25519) — generation, persistence (via a
+ * {@link SecretStore}) and signing.
+ *
+ * Source: architecture/02a-system-architecture.md §5.8.3 (secure-device-state)
+ * and §5.9.1 (handshake signatures).
+ */
+import { createPrivateKey, createPublicKey, generateKeyPairSync, randomUUID, sign as edSign, } from 'node:crypto';
+const STORE_KEY = 'secure-device-state';
+function publicKeyHexFromPrivate(privateKey) {
+    const publicJwk = createPublicKey(privateKey).export({ format: 'jwk' });
+    if (typeof publicJwk.x !== 'string') {
+        throw new Error('failed to derive Ed25519 public key');
+    }
+    return Buffer.from(publicJwk.x, 'base64url').toString('hex');
+}
+export class SecureDeviceState {
+    #store;
+    #privateKey;
+    #identity;
+    constructor(store) {
+        this.#store = store;
+    }
+    /** Load the persisted identity, or generate and persist a new one. */
+    async loadOrCreate() {
+        const raw = await this.#store.get(STORE_KEY);
+        if (raw) {
+            const stored = JSON.parse(raw);
+            this.#privateKey = createPrivateKey({ key: stored.privateKeyJwk, format: 'jwk' });
+            this.#identity = {
+                macDeviceId: stored.macDeviceId,
+                macIdentityPublicKey: publicKeyHexFromPrivate(this.#privateKey),
+            };
+            return this.#identity;
+        }
+        const { privateKey } = generateKeyPairSync('ed25519');
+        const macDeviceId = randomUUID();
+        const privateKeyJwk = privateKey.export({ format: 'jwk' });
+        const stored = { macDeviceId, privateKeyJwk };
+        await this.#store.set(STORE_KEY, JSON.stringify(stored));
+        this.#privateKey = privateKey;
+        this.#identity = {
+            macDeviceId,
+            macIdentityPublicKey: publicKeyHexFromPrivate(privateKey),
+        };
+        return this.#identity;
+    }
+    get identity() {
+        if (!this.#identity) {
+            throw new Error('SecureDeviceState.loadOrCreate() must be called first');
+        }
+        return this.#identity;
+    }
+    /** Sign a message with the Ed25519 identity key; returns lowercase hex. */
+    sign(message) {
+        if (!this.#privateKey) {
+            throw new Error('SecureDeviceState.loadOrCreate() must be called first');
+        }
+        const data = typeof message === 'string' ? Buffer.from(message, 'utf-8') : message;
+        return edSign(null, data, this.#privateKey).toString('hex');
+    }
+}
+//# sourceMappingURL=secure-device-state.js.map

package/dist/src/secure-device-state.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secure-device-state.js","sourceRoot":"","sources":["../../src/secure-device-state.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,mBAAmB,EACnB,UAAU,EACV,IAAI,IAAI,MAAM,GAEf,MAAM,aAAa,CAAC;AAGrB,MAAM,SAAS,GAAG,qBAAqB,CAAC;AAexC,SAAS,uBAAuB,CAAC,UAAqB;IACpD,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAmB,CAAC;IAC1F,IAAI,OAAO,SAAS,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,OAAO,iBAAiB;IACnB,MAAM,CAAc;IAC7B,WAAW,CAAwB;IACnC,SAAS,CAA6B;IAEtC,YAAY,KAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,sEAAsE;IACtE,KAAK,CAAC,YAAY;QAChB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;YACjD,IAAI,CAAC,WAAW,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;YAClF,IAAI,CAAC,SAAS,GAAG;gBACf,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,oBAAoB,EAAE,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC;aAChE,CAAC;YACF,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,MAAM,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,WAAW,GAAG,UAAU,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAA4B,CAAC;QACtF,MAAM,MAAM,GAAmB,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;QAC9D,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzD,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG;YACf,WAAW;YACX,oBAAoB,EAAE,uBAAuB,CAAC,UAAU,CAAC;SAC1D,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAI,QAAQ;QACV,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,2EAA2E;IAC3E,IAAI,CAAC,OAAwB;QAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QACnF,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;CACF"}

package/dist/src/service-installer.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+export type ServicePlatform = 'win32' | 'darwin' | 'linux';
+export interface ServiceEnv {
+    platform: ServicePlatform;
+    /** Absolute node executable (e.g. `process.execPath`). */
+    execPath: string;
+    /** Absolute path to the bridge CLI entry (`cli.js`). */
+    cliPath: string;
+    /** User home directory. */
+    home: string;
+    /** `XDG_CONFIG_HOME` when set (Linux only). */
+    xdgConfigHome?: string;
+    /** `%APPDATA%` (Windows only) — used for the Startup-folder fallback. */
+    appData?: string;
+}
+export interface ServiceCommand {
+    argv: string[];
+    /** When true, a non-zero exit is tolerated (e.g. unloading a not-loaded agent). */
+    ignoreFailure?: boolean;
+}
+export interface ServicePlan {
+    platform: ServicePlatform;
+    /** Human-facing task/agent/unit identifier. */
+    label: string;
+    /** Directories to ensure before writing the file / running commands. */
+    dirs: string[];
+    /** A config file to write (plist / unit), if any. */
+    file?: {
+        path: string;
+        content: string;
+    };
+    install: ServiceCommand[];
+    uninstall: ServiceCommand[];
+    /** File removed on uninstall. */
+    removeFile?: string;
+    note: string;
+    uninstallNote: string;
+}
+/** Build the platform-specific autostart plan. Pure — no side effects. */
+export declare function buildServicePlan(env: ServiceEnv): ServicePlan;
+/**
+ * Windows fallback when Task Scheduler is unavailable (e.g. policy/restricted
+ * accounts return "Access denied" on `schtasks /Create`): a hidden launcher in the
+ * user's Startup folder. Writing there needs no special permission, and the `.vbs`
+ * launches the bridge with no console window. Pure — no side effects.
+ */
+export declare function buildWindowsStartupPlan(env: ServiceEnv): ServicePlan;
+/** Resolve the autostart environment for the current process. */
+export declare function currentServiceEnv(cliPath: string): ServiceEnv;
+/** True for platforms with a supported autostart mechanism. */
+export declare function isServicePlatformSupported(platform: NodeJS.Platform): platform is ServicePlatform;
+/**
+ * Execute the install plan: ensure dirs, write the config file, run the commands.
+ * On Windows, falls back to the Startup-folder launcher if Task Scheduler fails.
+ */
+export declare function installService(env: ServiceEnv): Promise<ServicePlan>;
+/** Execute the uninstall plan: run the commands, then remove the file(s). */
+export declare function uninstallService(env: ServiceEnv): Promise<ServicePlan>;

package/dist/src/service-installer.js ADDED Viewed

@@ -0,0 +1,254 @@
+/**
+ * Autostart installer: registers the bridge to start at user logon, **as the
+ * logged-in user and never elevated** (the Ed25519 identity already lives in the
+ * per-user OS keychain, so no root/SYSTEM is needed).
+ *
+ *   - Windows: a Task Scheduler task `At log on` with run level LIMITED.
+ *   - macOS:   a per-user LaunchAgent (`RunAtLoad` + `KeepAlive`).
+ *   - Linux:   a systemd `--user` unit (pair with `loginctl enable-linger`).
+ *
+ * The bridge is launched as `<node> <cli.js> start`, which works both for a global
+ * npm install and a dev checkout. {@link buildServicePlan} is pure (no side
+ * effects) so it can be unit-tested; {@link installService}/{@link uninstallService}
+ * execute the plan with `execFile` (no shell).
+ *
+ * This supersedes the manual `scripts/install-service-*` files (kept as reference).
+ */
+import { execFile } from 'node:child_process';
+import { mkdir, writeFile, rm } from 'node:fs/promises';
+import { dirname } from 'node:path';
+import { promisify } from 'node:util';
+import { join } from 'node:path';
+const run = promisify(execFile);
+const TASK_NAME = 'UxnanBridge';
+const LAUNCH_LABEL = 'dev.luisgamas.bridge';
+const UNIT_NAME = 'uxnan-bridge.service';
+/** Build the platform-specific autostart plan. Pure — no side effects. */
+export function buildServicePlan(env) {
+    const { platform, execPath, cliPath, home } = env;
+    if (platform === 'win32') {
+        // schtasks `/TR` takes the whole command as ONE string; quote each path.
+        const tr = `"${execPath}" "${cliPath}" start`;
+        return {
+            platform,
+            label: TASK_NAME,
+            dirs: [],
+            install: [
+                {
+                    argv: [
+                        'schtasks',
+                        '/Create',
+                        '/TN',
+                        TASK_NAME,
+                        '/TR',
+                        tr,
+                        '/SC',
+                        'ONLOGON',
+                        '/RL',
+                        'LIMITED',
+                        '/F',
+                    ],
+                },
+            ],
+            uninstall: [{ argv: ['schtasks', '/Delete', '/TN', TASK_NAME, '/F'] }],
+            note: `Registered scheduled task '${TASK_NAME}' (starts at logon). Start now: schtasks /Run /TN ${TASK_NAME}`,
+            uninstallNote: `Removed scheduled task '${TASK_NAME}'.`,
+        };
+    }
+    if (platform === 'darwin') {
+        const plistPath = join(home, 'Library', 'LaunchAgents', `${LAUNCH_LABEL}.plist`);
+        const logDir = join(home, '.uxnan', 'logs');
+        return {
+            platform,
+            label: LAUNCH_LABEL,
+            dirs: [dirname(plistPath), logDir],
+            file: { path: plistPath, content: plistContent([execPath, cliPath, 'start'], logDir) },
+            install: [
+                { argv: ['launchctl', 'unload', plistPath], ignoreFailure: true },
+                { argv: ['launchctl', 'load', plistPath] },
+            ],
+            uninstall: [{ argv: ['launchctl', 'unload', plistPath], ignoreFailure: true }],
+            removeFile: plistPath,
+            note: `Loaded LaunchAgent ${LAUNCH_LABEL} (starts at login).`,
+            uninstallNote: `Unloaded and removed LaunchAgent ${LAUNCH_LABEL}.`,
+        };
+    }
+    // linux — systemd --user
+    const unitDir = join(env.xdgConfigHome ?? join(home, '.config'), 'systemd', 'user');
+    const unitPath = join(unitDir, UNIT_NAME);
+    return {
+        platform,
+        label: UNIT_NAME,
+        dirs: [unitDir],
+        file: { path: unitPath, content: systemdUnit(`${execPath} ${cliPath} start`) },
+        install: [
+            { argv: ['systemctl', '--user', 'daemon-reload'] },
+            { argv: ['systemctl', '--user', 'enable', '--now', UNIT_NAME] },
+        ],
+        uninstall: [
+            { argv: ['systemctl', '--user', 'disable', '--now', UNIT_NAME], ignoreFailure: true },
+        ],
+        removeFile: unitPath,
+        note: `Enabled systemd user unit ${UNIT_NAME}. Tip: 'loginctl enable-linger $USER' keeps it running after logout.`,
+        uninstallNote: `Disabled and removed systemd user unit ${UNIT_NAME}.`,
+    };
+}
+/**
+ * Windows fallback when Task Scheduler is unavailable (e.g. policy/restricted
+ * accounts return "Access denied" on `schtasks /Create`): a hidden launcher in the
+ * user's Startup folder. Writing there needs no special permission, and the `.vbs`
+ * launches the bridge with no console window. Pure — no side effects.
+ */
+export function buildWindowsStartupPlan(env) {
+    const appData = env.appData ?? join(env.home, 'AppData', 'Roaming');
+    const startupDir = join(appData, 'Microsoft', 'Windows', 'Start Menu', 'Programs', 'Startup');
+    const vbsPath = join(startupDir, 'uxnan-bridge.vbs');
+    return {
+        platform: 'win32',
+        label: 'uxnan-bridge.vbs',
+        dirs: [startupDir],
+        file: { path: vbsPath, content: vbsLauncher(env.execPath, env.cliPath) },
+        install: [],
+        uninstall: [],
+        removeFile: vbsPath,
+        note: `Added a hidden Startup launcher (${vbsPath}); starts at next logon.`,
+        uninstallNote: `Removed the Startup launcher ${vbsPath}.`,
+    };
+}
+/** Resolve the autostart environment for the current process. */
+export function currentServiceEnv(cliPath) {
+    const env = {
+        platform: process.platform,
+        execPath: process.execPath,
+        cliPath,
+        home: requireHome(),
+    };
+    const xdg = process.env['XDG_CONFIG_HOME'];
+    if (xdg)
+        env.xdgConfigHome = xdg;
+    const appData = process.env['APPDATA'];
+    if (appData)
+        env.appData = appData;
+    return env;
+}
+/** True for platforms with a supported autostart mechanism. */
+export function isServicePlatformSupported(platform) {
+    return platform === 'win32' || platform === 'darwin' || platform === 'linux';
+}
+/**
+ * Execute the install plan: ensure dirs, write the config file, run the commands.
+ * On Windows, falls back to the Startup-folder launcher if Task Scheduler fails.
+ */
+export async function installService(env) {
+    if (env.platform === 'win32') {
+        const taskPlan = buildServicePlan(env);
+        try {
+            await runCommands(taskPlan.install);
+            return taskPlan;
+        }
+        catch {
+            return applyFilePlan(buildWindowsStartupPlan(env));
+        }
+    }
+    const plan = buildServicePlan(env);
+    for (const dir of plan.dirs)
+        await mkdir(dir, { recursive: true });
+    if (plan.file)
+        await writeFile(plan.file.path, plan.file.content, 'utf-8');
+    await runCommands(plan.install);
+    return plan;
+}
+/** Execute the uninstall plan: run the commands, then remove the file(s). */
+export async function uninstallService(env) {
+    if (env.platform === 'win32') {
+        // Remove whichever method was used: the scheduled task and/or the Startup launcher.
+        await runCommands(buildServicePlan(env).uninstall.map((c) => ({ ...c, ignoreFailure: true })));
+        const startup = buildWindowsStartupPlan(env);
+        if (startup.removeFile)
+            await rm(startup.removeFile, { force: true });
+        return {
+            ...startup,
+            uninstallNote: 'Removed the autostart entry (scheduled task and/or Startup launcher).',
+        };
+    }
+    const plan = buildServicePlan(env);
+    await runCommands(plan.uninstall);
+    if (plan.removeFile)
+        await rm(plan.removeFile, { force: true });
+    return plan;
+}
+async function applyFilePlan(plan) {
+    for (const dir of plan.dirs)
+        await mkdir(dir, { recursive: true });
+    if (plan.file)
+        await writeFile(plan.file.path, plan.file.content, 'utf-8');
+    await runCommands(plan.install);
+    return plan;
+}
+async function runCommands(commands) {
+    for (const { argv, ignoreFailure } of commands) {
+        try {
+            await run(argv[0], argv.slice(1), { windowsHide: true });
+        }
+        catch (err) {
+            if (!ignoreFailure)
+                throw err;
+        }
+    }
+}
+function requireHome() {
+    const home = process.env['HOME'] ?? process.env['USERPROFILE'];
+    if (!home)
+        throw new Error('cannot resolve the user home directory');
+    return home;
+}
+function plistContent(programArgs, logDir) {
+    const args = programArgs.map((a) => `    <string>${xmlEscape(a)}</string>`).join('\n');
+    return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key><string>${LAUNCH_LABEL}</string>
+  <key>ProgramArguments</key>
+  <array>
+${args}
+  </array>
+  <key>RunAtLoad</key><true/>
+  <key>KeepAlive</key><true/>
+  <key>StandardOutPath</key><string>${xmlEscape(join(logDir, 'launchd.out.log'))}</string>
+  <key>StandardErrorPath</key><string>${xmlEscape(join(logDir, 'launchd.err.log'))}</string>
+</dict>
+</plist>
+`;
+}
+function systemdUnit(execStart) {
+    return `[Unit]
+Description=Uxnan Bridge daemon
+After=network-online.target
+Wants=network-online.target
+[Service]
+ExecStart=${execStart}
+Restart=on-failure
+RestartSec=5
+[Install]
+WantedBy=default.target
+`;
+}
+/** A `.vbs` that launches the bridge with NO console window (`WScript.Shell.Run`). */
+function vbsLauncher(execPath, cliPath) {
+    const runtimeCmd = `"${execPath}" "${cliPath}" start`;
+    // VBScript string literal: each `"` is doubled.
+    const literal = `"${runtimeCmd.replace(/"/g, '""')}"`;
+    // window style 0 = hidden, waitOnReturn = False (don't block).
+    return `Set sh = CreateObject("WScript.Shell")\r\nsh.Run ${literal}, 0, False\r\n`;
+}
+function xmlEscape(value) {
+    return value
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}
+//# sourceMappingURL=service-installer.js.map

package/dist/src/service-installer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"service-installer.js","sourceRoot":"","sources":["../../src/service-installer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAEhC,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,YAAY,GAAG,sBAAsB,CAAC;AAC5C,MAAM,SAAS,GAAG,sBAAsB,CAAC;AAwCzC,0EAA0E;AAC1E,MAAM,UAAU,gBAAgB,CAAC,GAAe;IAC9C,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAElD,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,yEAAyE;QACzE,MAAM,EAAE,GAAG,IAAI,QAAQ,MAAM,OAAO,SAAS,CAAC;QAC9C,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,SAAS;YAChB,IAAI,EAAE,EAAE;YACR,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE;wBACJ,UAAU;wBACV,SAAS;wBACT,KAAK;wBACL,SAAS;wBACT,KAAK;wBACL,EAAE;wBACF,KAAK;wBACL,SAAS;wBACT,KAAK;wBACL,SAAS;wBACT,IAAI;qBACL;iBACF;aACF;YACD,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC;YACtE,IAAI,EAAE,8BAA8B,SAAS,qDAAqD,SAAS,EAAE;YAC7G,aAAa,EAAE,2BAA2B,SAAS,IAAI;SACxD,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,YAAY,QAAQ,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC5C,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;YAClC,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE;YACtF,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE;gBACjE,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE;aAC3C;YACD,SAAS,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;YAC9E,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,sBAAsB,YAAY,qBAAqB;YAC7D,aAAa,EAAE,oCAAoC,YAAY,GAAG;SACnE,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC1C,OAAO;QACL,QAAQ;QACR,KAAK,EAAE,SAAS;QAChB,IAAI,EAAE,CAAC,OAAO,CAAC;QACf,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,QAAQ,IAAI,OAAO,QAAQ,CAAC,EAAE;QAC9E,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC,EAAE;YAClD,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE;SAChE;QACD,SAAS,EAAE;YACT,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE;SACtF;QACD,UAAU,EAAE,QAAQ;QACpB,IAAI,EAAE,6BAA6B,SAAS,sEAAsE;QAClH,aAAa,EAAE,0CAA0C,SAAS,GAAG;KACtE,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAe;IACrD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;IAC9F,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IACrD,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,kBAAkB;QACzB,IAAI,EAAE,CAAC,UAAU,CAAC;QAClB,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE;QACxE,OAAO,EAAE,EAAE;QACX,SAAS,EAAE,EAAE;QACb,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,oCAAoC,OAAO,0BAA0B;QAC3E,aAAa,EAAE,gCAAgC,OAAO,GAAG;KAC1D,CAAC;AACJ,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,GAAG,GAAe;QACtB,QAAQ,EAAE,OAAO,CAAC,QAA2B;QAC7C,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO;QACP,IAAI,EAAE,WAAW,EAAE;KACpB,CAAC;IACF,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC3C,IAAI,GAAG;QAAE,GAAG,CAAC,aAAa,GAAG,GAAG,CAAC;IACjC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,OAAO;QAAE,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IACnC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,0BAA0B,CAAC,QAAyB;IAClE,OAAO,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,OAAO,CAAC;AAC/E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAe;IAClD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,aAAa,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IACD,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACnC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3E,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,6EAA6E;AAC7E,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAe;IACpD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QAC7B,oFAAoF;QACpF,MAAM,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC/F,MAAM,OAAO,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,UAAU;YAAE,MAAM,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,OAAO;YACL,GAAG,OAAO;YACV,aAAa,EAAE,uEAAuE;SACvF,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,IAAI,CAAC,UAAU;QAAE,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,IAAiB;IAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,IAAI,IAAI,CAAC,IAAI;QAAE,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3E,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAA0B;IACnD,KAAK,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,aAAa;gBAAE,MAAM,GAAG,CAAC;QAChC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,WAAW;IAClB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC/D,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,WAAqB,EAAE,MAAc;IACzD,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvF,OAAO;;;;4BAImB,YAAY;;;EAGtC,IAAI;;;;sCAIgC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;wCACxC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;;;CAGjF,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,SAAiB;IACpC,OAAO;;;;;;YAMG,SAAS;;;;;;CAMpB,CAAC;AACF,CAAC;AAED,sFAAsF;AACtF,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAe;IACpD,MAAM,UAAU,GAAG,IAAI,QAAQ,MAAM,OAAO,SAAS,CAAC;IACtD,gDAAgD;IAChD,MAAM,OAAO,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC;IACtD,+DAA+D;IAC/D,OAAO,oDAAoD,OAAO,gBAAgB,CAAC;AACrF,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC"}

package/dist/src/session-state.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * In-memory registry of active mobile sessions.
+ *
+ * Source: architecture/02a-system-architecture.md §5.8.2 (session-state).
+ */
+import type { ConnectedPhone } from '@uxnan/shared';
+export declare class SessionState {
+    #private;
+    add(phone: ConnectedPhone): void;
+    remove(deviceId: string): boolean;
+    get(deviceId: string): ConnectedPhone | undefined;
+    list(): ConnectedPhone[];
+    get count(): number;
+}

package/dist/src/session-state.js ADDED Viewed

@@ -0,0 +1,19 @@
+export class SessionState {
+    #sessions = new Map();
+    add(phone) {
+        this.#sessions.set(phone.deviceId, phone);
+    }
+    remove(deviceId) {
+        return this.#sessions.delete(deviceId);
+    }
+    get(deviceId) {
+        return this.#sessions.get(deviceId);
+    }
+    list() {
+        return [...this.#sessions.values()];
+    }
+    get count() {
+        return this.#sessions.size;
+    }
+}
+//# sourceMappingURL=session-state.js.map

package/dist/src/session-state.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-state.js","sourceRoot":"","sources":["../../src/session-state.ts"],"names":[],"mappings":"AAOA,MAAM,OAAO,YAAY;IACd,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEvD,GAAG,CAAC,KAAqB;QACvB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,CAAC,QAAgB;QACrB,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,QAAgB;QAClB,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC7B,CAAC;CACF"}

package/dist/src/transport/crypto.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Bridge-side E2EE primitives, mirroring the mobile app's audited
+ * `infrastructure/crypto/` exactly (architecture/02a §5.9.1). No cryptographic
+ * variants: X25519 + HKDF-SHA256 → AES-256-GCM; Ed25519 transcript signatures.
+ *
+ * All byte fields cross the wire as lowercase hex, except AES ciphertext/tag
+ * which are base64 (see {@link SecureEnvelope}).
+ */
+import { type KeyObject } from 'node:crypto';
+export interface EphemeralKeyPair {
+    /** X25519 public key as lowercase hex (32 bytes). */
+    publicKeyHex: string;
+    privateKey: KeyObject;
+}
+/** Generate a fresh X25519 ephemeral key pair for a single handshake. */
+export declare function generateEphemeralKeyPair(): EphemeralKeyPair;
+export interface DeriveSessionKeyOptions {
+    /** Our X25519 ephemeral private key. */
+    privateKey: KeyObject;
+    /** Peer X25519 ephemeral public key (hex). */
+    peerPublicHex: string;
+    clientNonceHex: string;
+    serverNonceHex: string;
+}
+/**
+ * Derive the 32-byte AES-256 session key.
+ * `salt = clientNonce || serverNonce` (raw bytes), `info = "uxnan-e2ee-v1"`.
+ */
+export declare function deriveSessionKey(options: DeriveSessionKeyOptions): Buffer;
+/** Cryptographically secure random bytes as lowercase hex. */
+export declare function randomHex(byteLength: number): string;
+/** Verify an Ed25519 signature (hex) over `message` against a public key (hex). */
+export declare function verifyEd25519(message: Buffer, signatureHex: string, publicKeyHex: string): boolean;
+export interface AesGcmParts {
+    /** Per-message nonce (hex, 12 bytes). */
+    nonceHex: string;
+    /** Ciphertext (base64). */
+    ciphertextB64: string;
+    /** GCM auth tag (base64, 16 bytes). */
+    tagB64: string;
+}
+export declare function aesGcmEncrypt(key: Buffer, plaintext: Buffer): AesGcmParts;
+export declare function aesGcmDecrypt(key: Buffer, parts: AesGcmParts): Buffer;

package/dist/src/transport/crypto.js ADDED Viewed

@@ -0,0 +1,78 @@
+/**
+ * Bridge-side E2EE primitives, mirroring the mobile app's audited
+ * `infrastructure/crypto/` exactly (architecture/02a §5.9.1). No cryptographic
+ * variants: X25519 + HKDF-SHA256 → AES-256-GCM; Ed25519 transcript signatures.
+ *
+ * All byte fields cross the wire as lowercase hex, except AES ciphertext/tag
+ * which are base64 (see {@link SecureEnvelope}).
+ */
+import { createCipheriv, createDecipheriv, createPublicKey, diffieHellman, generateKeyPairSync, hkdfSync, randomBytes, verify, } from 'node:crypto';
+import { HKDF_INFO_TAG } from '@uxnan/shared';
+/** Generate a fresh X25519 ephemeral key pair for a single handshake. */
+export function generateEphemeralKeyPair() {
+    const { publicKey, privateKey } = generateKeyPairSync('x25519');
+    const jwk = publicKey.export({ format: 'jwk' });
+    if (typeof jwk.x !== 'string')
+        throw new Error('failed to export X25519 public key');
+    return { publicKeyHex: Buffer.from(jwk.x, 'base64url').toString('hex'), privateKey };
+}
+/**
+ * Derive the 32-byte AES-256 session key.
+ * `salt = clientNonce || serverNonce` (raw bytes), `info = "uxnan-e2ee-v1"`.
+ */
+export function deriveSessionKey(options) {
+    const peerPublic = createPublicKey({
+        key: {
+            kty: 'OKP',
+            crv: 'X25519',
+            x: Buffer.from(options.peerPublicHex, 'hex').toString('base64url'),
+        },
+        format: 'jwk',
+    });
+    const shared = diffieHellman({ privateKey: options.privateKey, publicKey: peerPublic });
+    const salt = Buffer.concat([
+        Buffer.from(options.clientNonceHex, 'hex'),
+        Buffer.from(options.serverNonceHex, 'hex'),
+    ]);
+    return Buffer.from(hkdfSync('sha256', shared, salt, Buffer.from(HKDF_INFO_TAG, 'utf-8'), 32));
+}
+/** Cryptographically secure random bytes as lowercase hex. */
+export function randomHex(byteLength) {
+    return randomBytes(byteLength).toString('hex');
+}
+/** Verify an Ed25519 signature (hex) over `message` against a public key (hex). */
+export function verifyEd25519(message, signatureHex, publicKeyHex) {
+    try {
+        const publicKey = createPublicKey({
+            key: {
+                kty: 'OKP',
+                crv: 'Ed25519',
+                x: Buffer.from(publicKeyHex, 'hex').toString('base64url'),
+            },
+            format: 'jwk',
+        });
+        return verify(null, message, publicKey, Buffer.from(signatureHex, 'hex'));
+    }
+    catch {
+        return false;
+    }
+}
+export function aesGcmEncrypt(key, plaintext) {
+    const nonce = randomBytes(12);
+    const cipher = createCipheriv('aes-256-gcm', key, nonce);
+    const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    return {
+        nonceHex: nonce.toString('hex'),
+        ciphertextB64: ciphertext.toString('base64'),
+        tagB64: cipher.getAuthTag().toString('base64'),
+    };
+}
+export function aesGcmDecrypt(key, parts) {
+    const decipher = createDecipheriv('aes-256-gcm', key, Buffer.from(parts.nonceHex, 'hex'));
+    decipher.setAuthTag(Buffer.from(parts.tagB64, 'base64'));
+    return Buffer.concat([
+        decipher.update(Buffer.from(parts.ciphertextB64, 'base64')),
+        decipher.final(),
+    ]);
+}
+//# sourceMappingURL=crypto.js.map

package/dist/src/transport/crypto.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/transport/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,QAAQ,EACR,WAAW,EACX,MAAM,GAEP,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAQ9C,yEAAyE;AACzE,MAAM,UAAU,wBAAwB;IACtC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAChE,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAmB,CAAC;IAClE,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACrF,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,CAAC;AACvF,CAAC;AAWD;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAgC;IAC/D,MAAM,UAAU,GAAG,eAAe,CAAC;QACjC,GAAG,EAAE;YACH,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,QAAQ;YACb,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;SACnE;QACD,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,CAAC;IACxF,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC;QACzB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC;KAC3C,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAChG,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,SAAS,CAAC,UAAkB;IAC1C,OAAO,WAAW,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACjD,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,aAAa,CAC3B,OAAe,EACf,YAAoB,EACpB,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,eAAe,CAAC;YAChC,GAAG,EAAE;gBACH,GAAG,EAAE,KAAK;gBACV,GAAG,EAAE,SAAS;gBACd,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;aAC1D;YACD,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAWD,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,SAAiB;IAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC/B,aAAa,EAAE,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC5C,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW,EAAE,KAAkB;IAC3D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAC1F,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC3D,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;AACL,CAAC"}