wyrm-mcp 3.2.0

package/dist/cloud-backup.js

@@ -0,0 +1,545 @@
+/**
+ * Wyrm Cloud Backup — Encrypted backup/restore to Cloudflare R2
+ *
+ * @copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * @license Proprietary - See LICENSE file for details.
+ * @module cloud-backup
+ * @version 3.2.0
+ */
+import { createReadStream, createWriteStream, statSync, existsSync, copyFileSync, unlinkSync, readFileSync, writeFileSync, renameSync } from 'fs';
+import { createGzip, gunzipSync } from 'zlib';
+import { pipeline } from 'stream/promises';
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync, createHash, createHmac } from 'crypto';
+import { join } from 'path';
+import { hostname, platform, arch, cpus } from 'os';
+// ==================== CONSTANTS ====================
+const WYRM_VERSION = '3.2.0';
+const BACKUP_FORMAT_VERSION = 1;
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+const TAG_LENGTH = 16;
+const KEY_LENGTH = 32;
+const DEFAULT_KEEP_COUNT = 10;
+// ==================== BUFFER ENCRYPTION ====================
+/**
+ * Encrypt a buffer with AES-256-GCM using a password.
+ * Output format: [16-byte IV][32-byte salt][16-byte auth tag][encrypted data]
+ */
+function encryptBuffer(data, password) {
+    const iv = randomBytes(IV_LENGTH);
+    const salt = randomBytes(SALT_LENGTH);
+    const key = scryptSync(password, salt, KEY_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    // Header: IV + salt + auth tag + ciphertext
+    return Buffer.concat([iv, salt, tag, encrypted]);
+}
+/**
+ * Decrypt a buffer encrypted by encryptBuffer.
+ * Parses the [IV][salt][tag][data] header, derives key, decrypts.
+ */
+function decryptBuffer(encrypted, password) {
+    const headerSize = IV_LENGTH + SALT_LENGTH + TAG_LENGTH;
+    if (encrypted.length < headerSize) {
+        throw new Error('Encrypted data too short — corrupted or not a Wyrm backup');
+    }
+    let offset = 0;
+    const iv = encrypted.subarray(offset, offset += IV_LENGTH);
+    const salt = encrypted.subarray(offset, offset += SALT_LENGTH);
+    const tag = encrypted.subarray(offset, offset += TAG_LENGTH);
+    const data = encrypted.subarray(offset);
+    const key = scryptSync(password, salt, KEY_LENGTH);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(tag);
+    try {
+        return Buffer.concat([decipher.update(data), decipher.final()]);
+    }
+    catch {
+        throw new Error('Decryption failed — wrong password or corrupted backup');
+    }
+}
+// ==================== MINIMAL S3-COMPATIBLE CLIENT ====================
+/**
+ * Minimal S3-compatible client for Cloudflare R2.
+ * Uses AWS Signature V4 signing with Node.js built-ins only — zero dependencies.
+ */
+class S3Client {
+    accessKeyId;
+    secretAccessKey;
+    region;
+    endpoint;
+    bucket;
+    host;
+    constructor(config) {
+        this.accessKeyId = config.accessKeyId;
+        this.secretAccessKey = config.secretAccessKey;
+        this.region = config.region ?? 'auto';
+        this.endpoint = config.endpoint.replace(/\/$/, '');
+        this.bucket = config.bucket;
+        // Extract host from endpoint
+        const url = new URL(this.endpoint);
+        this.host = url.host;
+    }
+    /** PUT an object to the bucket */
+    async putObject(key, body, contentType = 'application/octet-stream') {
+        const path = `/${this.bucket}/${encodeS3Key(key)}`;
+        const headers = {
+            'Content-Type': contentType,
+            'Content-Length': body.length.toString(),
+        };
+        const signed = this.signRequest('PUT', path, headers, body);
+        const res = await fetch(`${this.endpoint}${path}`, {
+            method: 'PUT',
+            headers: signed,
+            body: body,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`S3 PUT failed (${res.status}): ${text}`);
+        }
+    }
+    /** GET an object from the bucket */
+    async getObject(key) {
+        const path = `/${this.bucket}/${encodeS3Key(key)}`;
+        const headers = {};
+        const signed = this.signRequest('GET', path, headers);
+        const res = await fetch(`${this.endpoint}${path}`, {
+            method: 'GET',
+            headers: signed,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`S3 GET failed (${res.status}): ${text}`);
+        }
+        const arrayBuf = await res.arrayBuffer();
+        return Buffer.from(arrayBuf);
+    }
+    /** LIST objects with a given prefix */
+    async listObjects(prefix) {
+        const results = [];
+        let continuationToken;
+        do {
+            const params = new URLSearchParams({
+                'list-type': '2',
+                prefix,
+            });
+            if (continuationToken) {
+                params.set('continuation-token', continuationToken);
+            }
+            const path = `/${this.bucket}?${params.toString()}`;
+            const headers = {};
+            const signed = this.signRequest('GET', path, headers);
+            const res = await fetch(`${this.endpoint}${path}`, {
+                method: 'GET',
+                headers: signed,
+            });
+            if (!res.ok) {
+                const text = await res.text();
+                throw new Error(`S3 LIST failed (${res.status}): ${text}`);
+            }
+            const xml = await res.text();
+            results.push(...parseListXml(xml));
+            // Check for truncation / pagination
+            const truncatedMatch = xml.match(/<IsTruncated>(.*?)<\/IsTruncated>/);
+            const isTruncated = truncatedMatch?.[1] === 'true';
+            if (isTruncated) {
+                const tokenMatch = xml.match(/<NextContinuationToken>(.*?)<\/NextContinuationToken>/);
+                continuationToken = tokenMatch?.[1];
+            }
+            else {
+                continuationToken = undefined;
+            }
+        } while (continuationToken);
+        return results;
+    }
+    /** DELETE an object from the bucket */
+    async deleteObject(key) {
+        const path = `/${this.bucket}/${encodeS3Key(key)}`;
+        const headers = {};
+        const signed = this.signRequest('DELETE', path, headers);
+        const res = await fetch(`${this.endpoint}${path}`, {
+            method: 'DELETE',
+            headers: signed,
+        });
+        if (!res.ok) {
+            const text = await res.text();
+            throw new Error(`S3 DELETE failed (${res.status}): ${text}`);
+        }
+    }
+    /**
+     * Generate AWS Signature V4 headers.
+     * Implements the full signing flow:
+     *   1. Canonical request
+     *   2. String to sign
+     *   3. Signing key derivation
+     *   4. Authorization header
+     */
+    signRequest(method, path, headers, body) {
+        const now = new Date();
+        const dateStamp = toDateStamp(now); // YYYYMMDD
+        const amzDate = toAmzDate(now); // YYYYMMDD'T'HHMMSS'Z'
+        // Split path and query string
+        const [canonicalUri, queryString] = splitPathQuery(path);
+        // Required headers
+        headers['host'] = this.host;
+        headers['x-amz-date'] = amzDate;
+        headers['x-amz-content-sha256'] = sha256Hex(body ?? Buffer.alloc(0));
+        // 1. Canonical request
+        const signedHeaderKeys = Object.keys(headers)
+            .map(k => k.toLowerCase())
+            .sort();
+        const canonicalHeaders = signedHeaderKeys
+            .map(k => `${k}:${headers[Object.keys(headers).find(h => h.toLowerCase() === k)].trim()}`)
+            .join('\n') + '\n';
+        const signedHeaders = signedHeaderKeys.join(';');
+        const canonicalRequest = [
+            method,
+            canonicalUri,
+            normalizeQueryString(queryString),
+            canonicalHeaders,
+            signedHeaders,
+            headers['x-amz-content-sha256'],
+        ].join('\n');
+        // 2. String to sign
+        const credentialScope = `${dateStamp}/${this.region}/s3/aws4_request`;
+        const stringToSign = [
+            'AWS4-HMAC-SHA256',
+            amzDate,
+            credentialScope,
+            sha256Hex(Buffer.from(canonicalRequest, 'utf-8')),
+        ].join('\n');
+        // 3. Signing key
+        const signingKey = deriveSigningKey(this.secretAccessKey, dateStamp, this.region, 's3');
+        // 4. Signature
+        const signature = hmacHex(signingKey, stringToSign);
+        // 5. Authorization header
+        headers['Authorization'] =
+            `AWS4-HMAC-SHA256 Credential=${this.accessKeyId}/${credentialScope}, ` +
+                `SignedHeaders=${signedHeaders}, Signature=${signature}`;
+        return headers;
+    }
+}
+// ==================== S3 SIGNING HELPERS ====================
+function toDateStamp(date) {
+    return date.toISOString().replace(/[-:T]/g, '').slice(0, 8);
+}
+function toAmzDate(date) {
+    return date.toISOString().replace(/[-:]/g, '').replace(/\.\d{3}/, '');
+}
+function sha256Hex(data) {
+    return createHash('sha256').update(data).digest('hex');
+}
+function hmac(key, data) {
+    return createHmac('sha256', key).update(data, 'utf-8').digest();
+}
+function hmacHex(key, data) {
+    return createHmac('sha256', key).update(data, 'utf-8').digest('hex');
+}
+function deriveSigningKey(secret, dateStamp, region, service) {
+    let key = hmac(`AWS4${secret}`, dateStamp);
+    key = hmac(key, region);
+    key = hmac(key, service);
+    key = hmac(key, 'aws4_request');
+    return key;
+}
+/**
+ * Encode an S3 key — URI-encode each path segment individually,
+ * preserving `/` separators.
+ */
+function encodeS3Key(key) {
+    return key
+        .split('/')
+        .map(segment => encodeURIComponent(segment))
+        .join('/');
+}
+/**
+ * Split a path into canonical URI and query string.
+ * e.g. "/bucket?list-type=2&prefix=x" → ["/bucket", "list-type=2&prefix=x"]
+ */
+function splitPathQuery(path) {
+    const idx = path.indexOf('?');
+    if (idx === -1)
+        return [path, ''];
+    return [path.slice(0, idx), path.slice(idx + 1)];
+}
+/**
+ * Normalize a query string for canonical request:
+ * sort by parameter name, then by value.
+ */
+function normalizeQueryString(qs) {
+    if (!qs)
+        return '';
+    return qs
+        .split('&')
+        .map(pair => {
+        const [k, v] = pair.split('=');
+        return `${encodeURIComponent(decodeURIComponent(k))}=${encodeURIComponent(decodeURIComponent(v ?? ''))}`;
+    })
+        .sort()
+        .join('&');
+}
+/**
+ * Parse the XML response from S3 ListObjectsV2.
+ * Extracts <Key>, <Size>, <LastModified> from each <Contents> block.
+ */
+function parseListXml(xml) {
+    const results = [];
+    const contentsRegex = /<Contents>([\s\S]*?)<\/Contents>/g;
+    let match;
+    while ((match = contentsRegex.exec(xml)) !== null) {
+        const block = match[1];
+        const key = block.match(/<Key>(.*?)<\/Key>/)?.[1] ?? '';
+        const size = parseInt(block.match(/<Size>(.*?)<\/Size>/)?.[1] ?? '0', 10);
+        const lastModified = block.match(/<LastModified>(.*?)<\/LastModified>/)?.[1] ?? '';
+        results.push({ key, size, lastModified });
+    }
+    return results;
+}
+// ==================== WYRM CLOUD BACKUP ====================
+export class WyrmCloudBackup {
+    config = null;
+    encryptionKey = null;
+    s3 = null;
+    constructor() { }
+    /** Configure cloud storage credentials and optional encryption key */
+    configure(config, encryptionKey) {
+        if (!config.endpoint || !config.bucket || !config.accessKeyId || !config.secretAccessKey) {
+            throw new Error('Cloud config requires endpoint, bucket, accessKeyId, and secretAccessKey');
+        }
+        this.config = {
+            ...config,
+            region: config.region ?? 'auto',
+        };
+        this.encryptionKey = encryptionKey ?? null;
+        this.s3 = new S3Client(this.config);
+    }
+    /** Check if cloud backup is configured */
+    isConfigured() {
+        return this.config !== null && this.s3 !== null;
+    }
+    /**
+     * Backup: SQLite DB → gzip → AES-256-GCM encrypt → upload to R2
+     *
+     * Pipeline:
+     *   1. Copy SQLite file to a temp snapshot (safe point-in-time copy)
+     *   2. Gzip compress
+     *   3. If encryption key set: AES-256-GCM encrypt the gzipped blob
+     *   4. Upload encrypted/compressed blob to R2
+     *   5. Upload metadata JSON alongside
+     *   6. Clean up temp files
+     *
+     * Key format: backups/{machine_id}/{YYYY-MM-DD_HHmmss}.wyrm.bak
+     */
+    async backup(dbPath) {
+        this.assertConfigured();
+        if (!existsSync(dbPath)) {
+            throw new Error(`Database not found: ${dbPath}`);
+        }
+        const dbStat = statSync(dbPath);
+        const machineId = this.getMachineId();
+        const now = new Date();
+        const timestamp = formatTimestamp(now);
+        const backupKey = `backups/${machineId}/${timestamp}.wyrm.bak`;
+        const metadataKey = `backups/${machineId}/${timestamp}.wyrm.meta.json`;
+        // Temp files in the same directory as the DB to avoid cross-device issues
+        const dbDir = join(dbPath, '..');
+        const tempCopy = join(dbDir, `.wyrm-backup-${Date.now()}.tmp`);
+        const tempGz = join(dbDir, `.wyrm-backup-${Date.now()}.gz.tmp`);
+        try {
+            // 1. Safe snapshot — copy the database file
+            copyFileSync(dbPath, tempCopy);
+            // Also copy WAL/SHM if they exist (for consistency)
+            const walPath = `${dbPath}-wal`;
+            const shmPath = `${dbPath}-shm`;
+            if (existsSync(walPath))
+                copyFileSync(walPath, `${tempCopy}-wal`);
+            if (existsSync(shmPath))
+                copyFileSync(shmPath, `${tempCopy}-shm`);
+            // 2. Gzip compress
+            await pipeline(createReadStream(tempCopy), createGzip({ level: 9 }), createWriteStream(tempGz));
+            let uploadPayload = Buffer.from(readFileSync(tempGz));
+            const compressedSize = uploadPayload.length;
+            // 3. Encrypt if key is set
+            const isEncrypted = this.encryptionKey !== null;
+            if (isEncrypted) {
+                uploadPayload = encryptBuffer(uploadPayload, this.encryptionKey);
+            }
+            // Compute checksum of final payload
+            const checksum = sha256Hex(uploadPayload);
+            // 4. Upload blob
+            await this.s3.putObject(backupKey, uploadPayload, 'application/x-wyrm-backup');
+            // 5. Build and upload metadata
+            const metadata = {
+                version: BACKUP_FORMAT_VERSION,
+                wyrm_version: WYRM_VERSION,
+                timestamp: now.toISOString(),
+                db_size: dbStat.size,
+                compressed_size: compressedSize,
+                encrypted: isEncrypted,
+                machine_id: machineId,
+                checksum,
+            };
+            await this.s3.putObject(metadataKey, Buffer.from(JSON.stringify(metadata, null, 2), 'utf-8'), 'application/json');
+            return { key: backupKey, metadata };
+        }
+        finally {
+            // 6. Clean up temp files
+            safeUnlink(tempCopy);
+            safeUnlink(tempGz);
+            safeUnlink(`${tempCopy}-wal`);
+            safeUnlink(`${tempCopy}-shm`);
+        }
+    }
+    /**
+     * List available backups for this machine, sorted newest-first.
+     * Fetches metadata JSON for each backup.
+     */
+    async listBackups() {
+        this.assertConfigured();
+        const machineId = this.getMachineId();
+        const prefix = `backups/${machineId}/`;
+        const objects = await this.s3.listObjects(prefix);
+        // Find metadata files
+        const metaObjects = objects.filter(o => o.key.endsWith('.wyrm.meta.json'));
+        const metadataList = [];
+        for (const obj of metaObjects) {
+            try {
+                const buf = await this.s3.getObject(obj.key);
+                const meta = JSON.parse(buf.toString('utf-8'));
+                metadataList.push(meta);
+            }
+            catch {
+                // Skip unreadable metadata
+            }
+        }
+        // Sort newest first
+        metadataList.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+        return metadataList;
+    }
+    /**
+     * Restore: Download from R2 → decrypt → gunzip → write to target path.
+     *
+     * If the target file already exists, it is renamed to `{target}.bak` before overwriting.
+     * Verifies checksum of the downloaded blob against metadata.
+     */
+    async restore(backupKey, targetPath) {
+        this.assertConfigured();
+        // Derive metadata key from backup key
+        const metadataKey = backupKey.replace(/\.wyrm\.bak$/, '.wyrm.meta.json');
+        // Download metadata
+        let metadata;
+        try {
+            const metaBuf = await this.s3.getObject(metadataKey);
+            metadata = JSON.parse(metaBuf.toString('utf-8'));
+        }
+        catch {
+            throw new Error(`Backup metadata not found for key: ${backupKey}`);
+        }
+        // 1. Download encrypted blob
+        let blob = await this.s3.getObject(backupKey);
+        // 5. Verify checksum
+        const actualChecksum = sha256Hex(blob);
+        if (actualChecksum !== metadata.checksum) {
+            throw new Error(`Checksum mismatch — backup may be corrupted. ` +
+                `Expected: ${metadata.checksum}, Got: ${actualChecksum}`);
+        }
+        // 2. Decrypt if encrypted
+        if (metadata.encrypted) {
+            if (!this.encryptionKey) {
+                throw new Error('Backup is encrypted but no encryption key is configured');
+            }
+            blob = decryptBuffer(blob, this.encryptionKey);
+        }
+        // 3. Gunzip decompress
+        const decompressed = gunzipSync(blob);
+        // 4. Write to targetPath (back up existing file first)
+        if (existsSync(targetPath)) {
+            const bakPath = `${targetPath}.bak`;
+            renameSync(targetPath, bakPath);
+        }
+        writeFileSync(targetPath, decompressed);
+        return { restored: true, size: decompressed.length };
+    }
+    /**
+     * Delete old backups, keeping the most recent `keepCount`.
+     * Deletes both the .wyrm.bak blob and its .wyrm.meta.json sidecar.
+     */
+    async pruneBackups(keepCount = DEFAULT_KEEP_COUNT) {
+        this.assertConfigured();
+        const machineId = this.getMachineId();
+        const prefix = `backups/${machineId}/`;
+        const objects = await this.s3.listObjects(prefix);
+        // Pair backup blobs with their metadata by timestamp stem
+        const backupBlobs = objects
+            .filter(o => o.key.endsWith('.wyrm.bak'))
+            .sort((a, b) => b.lastModified.localeCompare(a.lastModified)); // newest first
+        if (backupBlobs.length <= keepCount) {
+            return { deleted: 0 };
+        }
+        const toDelete = backupBlobs.slice(keepCount);
+        let deleted = 0;
+        for (const obj of toDelete) {
+            const metaKey = obj.key.replace(/\.wyrm\.bak$/, '.wyrm.meta.json');
+            try {
+                await this.s3.deleteObject(obj.key);
+                deleted++;
+            }
+            catch {
+                // Best-effort deletion
+            }
+            try {
+                await this.s3.deleteObject(metaKey);
+            }
+            catch {
+                // Metadata may not exist
+            }
+        }
+        return { deleted };
+    }
+    /**
+     * Get a deterministic machine fingerprint for device tracking.
+     * Hash of: hostname + platform + arch + first CPU model.
+     * Stable across reboots, unique per machine.
+     */
+    getMachineId() {
+        const parts = [
+            hostname(),
+            platform(),
+            arch(),
+            cpus()[0]?.model ?? 'unknown-cpu',
+        ].join('|');
+        return createHash('sha256').update(parts).digest('hex').slice(0, 16);
+    }
+    /** Throw if not configured */
+    assertConfigured() {
+        if (!this.isConfigured()) {
+            throw new Error('Cloud backup not configured. Call configure() with R2 credentials first.');
+        }
+    }
+}
+// ==================== HELPERS ====================
+/** Format a Date as YYYY-MM-DD_HHmmss */
+function formatTimestamp(date) {
+    const y = date.getUTCFullYear();
+    const mo = String(date.getUTCMonth() + 1).padStart(2, '0');
+    const d = String(date.getUTCDate()).padStart(2, '0');
+    const h = String(date.getUTCHours()).padStart(2, '0');
+    const mi = String(date.getUTCMinutes()).padStart(2, '0');
+    const s = String(date.getUTCSeconds()).padStart(2, '0');
+    return `${y}-${mo}-${d}_${h}${mi}${s}`;
+}
+/** Unlink a file if it exists, swallowing errors */
+function safeUnlink(path) {
+    try {
+        if (existsSync(path))
+            unlinkSync(path);
+    }
+    catch {
+        // best-effort cleanup
+    }
+}
+// ==================== EXPORTS ====================
+export { encryptBuffer, decryptBuffer };
+//# sourceMappingURL=cloud-backup.js.map

package/dist/cloud-backup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-backup.js","sourceRoot":"","sources":["../src/cloud-backup.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAClJ,OAAO,EAAE,UAAU,EAA0B,UAAU,EAAE,MAAM,MAAM,CAAC;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC3G,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AA6BpD,sDAAsD;AAEtD,MAAM,YAAY,GAAG,OAAO,CAAC;AAC7B,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAChC,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAE9B,8DAA8D;AAE9D;;;GAGG;AACH,SAAS,aAAa,CAAC,IAAY,EAAE,QAAgB;IACnD,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,4CAA4C;IAC5C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAiB,EAAE,QAAgB;IACxD,MAAM,UAAU,GAAG,SAAS,GAAG,WAAW,GAAG,UAAU,CAAC;IACxD,IAAI,SAAS,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,IAAI,WAAW,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,IAAI,UAAU,CAAC,CAAC;IAC7D,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IAEnD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE;;;GAGG;AACH,MAAM,QAAQ;IACJ,WAAW,CAAS;IACpB,eAAe,CAAS;IACxB,MAAM,CAAS;IACf,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,IAAI,CAAS;IAErB,YAAY,MAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC;QACtC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAE5B,6BAA6B;QAC7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,kCAAkC;IAClC,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,IAAY,EAAE,WAAW,GAAG,0BAA0B;QACjF,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,WAAW;YAC3B,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;SACzC,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;YACjD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,MAAM;YACf,IAAI,EAAE,IAAa;SACpB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,kBAAkB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;YACjD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,kBAAkB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,IAAI,iBAAqC,CAAC;QAE1C,GAAG,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;gBACjC,WAAW,EAAE,GAAG;gBAChB,MAAM;aACP,CAAC,CAAC;YACH,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,iBAAiB,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;YACpD,MAAM,OAAO,GAA2B,EAAE,CAAC;YAE3C,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;gBACjD,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,MAAM;aAChB,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;YAEnC,oCAAoC;YACpC,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACtE,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC;YAEnD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;gBACtF,iBAAiB,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,iBAAiB,GAAG,SAAS,CAAC;YAChC,CAAC;QACH,CAAC,QAAQ,iBAAiB,EAAE;QAE5B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,YAAY,CAAC,GAAW;QAC5B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;YACjD,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,MAAM;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,WAAW,CACjB,MAAc,EACd,IAAY,EACZ,OAA+B,EAC/B,IAAa;QAEb,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAG,WAAW;QACjD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAO,uBAAuB;QAE7D,8BAA8B;QAC9B,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAEzD,mBAAmB;QACnB,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC;QAC5B,OAAO,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC;QAChC,OAAO,CAAC,sBAAsB,CAAC,GAAG,SAAS,CAAC,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAErE,uBAAuB;QACvB,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;aAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aACzB,IAAI,EAAE,CAAC;QAEV,MAAM,gBAAgB,GAAG,gBAAgB;aACtC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,CAAC,CAAE,CAAE,CAAC,IAAI,EAAE,EAAE,CAAC;aAC3F,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;QAErB,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEjD,MAAM,gBAAgB,GAAG;YACvB,MAAM;YACN,YAAY;YACZ,oBAAoB,CAAC,WAAW,CAAC;YACjC,gBAAgB;YAChB,aAAa;YACb,OAAO,CAAC,sBAAsB,CAAC;SAChC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,oBAAoB;QACpB,MAAM,eAAe,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,MAAM,kBAAkB,CAAC;QACtE,MAAM,YAAY,GAAG;YACnB,kBAAkB;YAClB,OAAO;YACP,eAAe;YACf,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;SAClD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,iBAAiB;QACjB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAExF,eAAe;QACf,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEpD,0BAA0B;QAC1B,OAAO,CAAC,eAAe,CAAC;YACtB,+BAA+B,IAAI,CAAC,WAAW,IAAI,eAAe,IAAI;gBACtE,iBAAiB,aAAa,eAAe,SAAS,EAAE,CAAC;QAE3D,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,+DAA+D;AAE/D,SAAS,WAAW,CAAC,IAAU;IAC7B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,SAAS,CAAC,IAAU;IAC3B,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,SAAS,CAAC,IAAqB;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,IAAI,CAAC,GAAoB,EAAE,IAAY;IAC9C,OAAO,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;AAClE,CAAC;AAED,SAAS,OAAO,CAAC,GAAoB,EAAE,IAAY;IACjD,OAAO,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc,EAAE,SAAiB,EAAE,MAAc,EAAE,OAAe;IAC1F,IAAI,GAAG,GAAW,IAAI,CAAC,OAAO,MAAM,EAAE,EAAE,SAAS,CAAC,CAAC;IACnD,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACxB,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACzB,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAChC,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG;SACP,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;SAC3C,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAClC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,EAAU;IACtC,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IACnB,OAAO,EAAE;SACN,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,IAAI,CAAC,EAAE;QACV,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,OAAO,GAAG,kBAAkB,CAAC,kBAAkB,CAAC,CAAE,CAAC,CAAC,IAAI,kBAAkB,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IAC5G,CAAC,CAAC;SACD,IAAI,EAAE;SACN,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,OAAO,GAAmB,EAAE,CAAC;IACnC,MAAM,aAAa,GAAG,mCAAmC,CAAC;IAC1D,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACxB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1E,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8DAA8D;AAE9D,MAAM,OAAO,eAAe;IAClB,MAAM,GAAuB,IAAI,CAAC;IAClC,aAAa,GAAkB,IAAI,CAAC;IACpC,EAAE,GAAoB,IAAI,CAAC;IAEnC,gBAAe,CAAC;IAEhB,sEAAsE;IACtE,SAAS,CAAC,MAAmB,EAAE,aAAsB;QACnD,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACzF,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACZ,GAAG,MAAM;YACT,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM;SAChC,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,EAAE,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IAED,0CAA0C;IAC1C,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC;IAClD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,MAAM,CAAC,MAAc;QACzB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,WAAW,SAAS,IAAI,SAAS,WAAW,CAAC;QAC/D,MAAM,WAAW,GAAG,WAAW,SAAS,IAAI,SAAS,iBAAiB,CAAC;QAEvE,0EAA0E;QAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,EAAE,gBAAgB,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAEhE,IAAI,CAAC;YACH,4CAA4C;YAC5C,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE/B,oDAAoD;YACpD,MAAM,OAAO,GAAG,GAAG,MAAM,MAAM,CAAC;YAChC,MAAM,OAAO,GAAG,GAAG,MAAM,MAAM,CAAC;YAChC,IAAI,UAAU,CAAC,OAAO,CAAC;gBAAE,YAAY,CAAC,OAAO,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAClE,IAAI,UAAU,CAAC,OAAO,CAAC;gBAAE,YAAY,CAAC,OAAO,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAElE,mBAAmB;YACnB,MAAM,QAAQ,CACZ,gBAAgB,CAAC,QAAQ,CAAC,EAC1B,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EACxB,iBAAiB,CAAC,MAAM,CAAC,CAC1B,CAAC;YAEF,IAAI,aAAa,GAAW,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;YAC9D,MAAM,cAAc,GAAG,aAAa,CAAC,MAAM,CAAC;YAE5C,2BAA2B;YAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,KAAK,IAAI,CAAC;YAChD,IAAI,WAAW,EAAE,CAAC;gBAChB,aAAa,GAAG,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,aAAc,CAAC,CAAC;YACpE,CAAC;YAED,oCAAoC;YACpC,MAAM,QAAQ,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;YAE1C,iBAAiB;YACjB,MAAM,IAAI,CAAC,EAAG,CAAC,SAAS,CAAC,SAAS,EAAE,aAAa,EAAE,2BAA2B,CAAC,CAAC;YAEhF,+BAA+B;YAC/B,MAAM,QAAQ,GAAmB;gBAC/B,OAAO,EAAE,qBAAqB;gBAC9B,YAAY,EAAE,YAAY;gBAC1B,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;gBAC5B,OAAO,EAAE,MAAM,CAAC,IAAI;gBACpB,eAAe,EAAE,cAAc;gBAC/B,SAAS,EAAE,WAAW;gBACtB,UAAU,EAAE,SAAS;gBACrB,QAAQ;aACT,CAAC;YAEF,MAAM,IAAI,CAAC,EAAG,CAAC,SAAS,CACtB,WAAW,EACX,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,EACvD,kBAAkB,CACnB,CAAC;YAEF,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACtC,CAAC;gBAAS,CAAC;YACT,yBAAyB;YACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;YACrB,UAAU,CAAC,MAAM,CAAC,CAAC;YACnB,UAAU,CAAC,GAAG,QAAQ,MAAM,CAAC,CAAC;YAC9B,UAAU,CAAC,GAAG,QAAQ,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,WAAW,SAAS,GAAG,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAEnD,sBAAsB;QACtB,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;QAE3E,MAAM,YAAY,GAAqB,EAAE,CAAC;QAC1C,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAmB,CAAC;gBACjE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;YAC7B,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/F,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,UAAkB;QACjD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,sCAAsC;QACtC,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;QAEzE,oBAAoB;QACpB,IAAI,QAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACtD,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAmB,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAC;QACrE,CAAC;QAED,6BAA6B;QAC7B,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,EAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAE/C,qBAAqB;QACrB,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,cAAc,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC/C,aAAa,QAAQ,CAAC,QAAQ,UAAU,cAAc,EAAE,CACzD,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;YAC7E,CAAC;YACD,IAAI,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACjD,CAAC;QAED,uBAAuB;QACvB,MAAM,YAAY,GAAG,UAAU,CAAC,IAAmD,CAAC,CAAC;QAErF,uDAAuD;QACvD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,GAAG,UAAU,MAAM,CAAC;YACpC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAClC,CAAC;QACD,aAAa,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAExC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,SAAS,GAAG,kBAAkB;QAC/C,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,MAAM,GAAG,WAAW,SAAS,GAAG,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAEnD,0DAA0D;QAC1D,MAAM,WAAW,GAAG,OAAO;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;aACxC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,eAAe;QAEhF,IAAI,WAAW,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;YACnE,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,EAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO,EAAE,CAAC;YACZ,CAAC;YAAC,MAAM,CAAC;gBACP,uBAAuB;YACzB,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,EAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;IAED;;;;OAIG;IACK,YAAY;QAClB,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAE;YACV,QAAQ,EAAE;YACV,IAAI,EAAE;YACN,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,aAAa;SAClC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,8BAA8B;IACtB,gBAAgB;QACtB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAED,oDAAoD;AAEpD,yCAAyC;AACzC,SAAS,eAAe,CAAC,IAAU;IACjC,MAAM,CAAC,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3D,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACxD,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AACzC,CAAC;AAED,oDAAoD;AACpD,SAAS,UAAU,CAAC,IAAY;IAC9B,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;AACH,CAAC;AAED,oDAAoD;AAEpD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC"}

package/dist/crypto.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Wyrm Encryption Module
+ * AES-256-GCM encryption for sensitive memory data
+ *
+ * @copyright 2026 Ghost Protocol (Pvt) Ltd. All Rights Reserved.
+ * @license Proprietary - See LICENSE file for details.
+ * @module crypto
+ * @version 3.0.0
+ */
+export interface EncryptedData {
+    iv: string;
+    salt: string;
+    tag: string;
+    data: string;
+    version: number;
+}
+export interface CryptoConfig {
+    enabled: boolean;
+    keyDerivation: 'scrypt' | 'pbkdf2';
+    iterations?: number;
+}
+/**
+ * Wyrm Crypto - Handles encryption/decryption of sensitive data
+ */
+export declare class WyrmCrypto {
+    private masterKey;
+    private config;
+    constructor(config?: Partial<CryptoConfig>);
+    /**
+     * Initialize crypto with a master password
+     */
+    initialize(password: string): void;
+    /**
+     * Check if encryption is enabled and configured
+     */
+    isEnabled(): boolean;
+    /**
+     * Derive a unique key for each piece of data
+     */
+    private deriveKey;
+    /**
+     * Encrypt a string value
+     */
+    encrypt(plaintext: string): EncryptedData;
+    /**
+     * Decrypt an encrypted value
+     */
+    decrypt(encrypted: EncryptedData): string;
+    /**
+     * Encrypt if enabled, otherwise return plaintext
+     */
+    maybeEncrypt(value: string): string;
+    /**
+     * Decrypt if encrypted, otherwise return as-is
+     */
+    maybeDecrypt(value: string): string;
+    /**
+     * Generate a secure random key for API tokens, etc.
+     */
+    static generateSecureToken(length?: number): string;
+    /**
+     * Hash a value for comparison (one-way)
+     */
+    static hash(value: string, algorithm?: string): string;
+    /**
+     * Verify a hash
+     */
+    static verifyHash(value: string, hash: string, algorithm?: string): boolean;
+}
+export declare function getCrypto(): WyrmCrypto;
+export declare function initializeCrypto(password: string): WyrmCrypto;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC;IAQ1C;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAWlC;;OAEG;IACH,SAAS,IAAI,OAAO;IAIpB;;OAEG;IACH,OAAO,CAAC,SAAS;IAOjB;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa;IAwBzC;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,aAAa,GAAG,MAAM;IAmBzC;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAQnC;;OAEG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAgBnC;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,MAAM,SAAK,GAAG,MAAM;IAI/C;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,SAAW,GAAG,MAAM;IAIxD;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,SAAW,GAAG,OAAO;CAU9E;AAKD,wBAAgB,SAAS,IAAI,UAAU,CAKtC;AAED,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,CAI7D"}