{"version":3,"file":"EddsaRdfc2022.mjs","names":["CONTEXT_CACHE: Record<string, object>","RUNTIME_CONTEXT_CACHE: Record<string, object>","proofOptions: Partial<EddsaRdfc2022Proof>","proof: EddsaRdfc2022Proof","publicKey: Uint8Array"],"sources":["../../src/cryptosuites/EddsaRdfc2022.ts"],"sourcesContent":["/**\n * EdDSA RDFC 2022 Cryptosuite\n *\n * Implements the eddsa-rdfc-2022 cryptosuite for Data Integrity proofs.\n * This is required for OpenBadges 3.0 certification.\n *\n * Spec: https://www.w3.org/TR/vc-di-eddsa/#eddsa-rdfc-2022\n *\n * Key features:\n * - Uses Ed25519 signature algorithm\n * - Uses RDFC-1.0 canonicalization (RDF Dataset Canonicalization)\n * - Produces DataIntegrityProof with cryptosuite: 'eddsa-rdfc-2022'\n */\n\nimport * as ed25519 from '@stablelib/ed25519'\nimport bs58 from 'bs58'\nimport { Hasher, TypedArrayEncoder } from '@credo-ts/core'\n\n// Import jsonld for canonicalization\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore\nimport * as jsonld from '@digitalcredentials/jsonld'\n\nimport {\n  CRYPTOSUITE_EDDSA_RDFC_2022,\n  DATA_INTEGRITY_V2_CONTEXT_URL,\n  PROOF_TYPE_DATA_INTEGRITY,\n  VM_TYPE_MULTIKEY,\n  VM_TYPE_ED25519_2020,\n} from './constants'\n\n// Document loader for JSON-LD contexts\nimport { dataIntegrityV2Context } from './dataIntegrityV2Context'\nimport { createPreprocessingDocumentLoader } from './contextPreprocessor'\n\n// Built-in context cache for internal tests and offline operation\n// These simplified contexts work for internal sign/verify round-trips\n// Note: proof/security terms are handled by Data Integrity context to avoid conflicts\nconst CONTEXT_CACHE: Record<string, object> = {\n  'https://w3id.org/security/data-integrity/v2': dataIntegrityV2Context,\n  'https://www.w3.org/ns/credentials/v2': {\n    '@context': {\n      id: '@id',\n      type: '@type',\n      VerifiableCredential: 'https://www.w3.org/2018/credentials#VerifiableCredential',\n      credentialSubject: { '@id': 'https://www.w3.org/2018/credentials#credentialSubject', '@type': '@id' },\n      issuer: { '@id': 'https://www.w3.org/2018/credentials#issuer', '@type': '@id' },\n      validFrom: { '@id': 'https://www.w3.org/2018/credentials#validFrom', '@type': 'http://www.w3.org/2001/XMLSchema#dateTime' },\n      validUntil: { '@id': 'https://www.w3.org/2018/credentials#validUntil', '@type': 'http://www.w3.org/2001/XMLSchema#dateTime' },\n    },\n  },\n  'https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json': {\n    '@context': {\n      OpenBadgeCredential: 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#OpenBadgeCredential',\n      Achievement: 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#Achievement',\n      AchievementSubject: 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#AchievementSubject',\n      Profile: 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#Profile',\n      achievement: { '@id': 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#achievement', '@type': '@id' },\n      name: 'https://schema.org/name',\n      description: 'https://schema.org/description',\n      criteria: { '@id': 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#criteria', '@type': '@id' },\n      narrative: 'https://purl.imsglobal.org/spec/vc/ob/vocab.html#narrative',\n    },\n  },\n  // Extensions context for Credly credentials\n  'https://purl.imsglobal.org/spec/ob/v3p0/extensions.json': {\n    '@context': {\n      '1EdTechJsonSchemaValidator2019': 'https://purl.imsglobal.org/spec/vccs/v1p0/context.json#1EdTechJsonSchemaValidator2019',\n      '1EdTechRevocationList': 'https://purl.imsglobal.org/spec/vcrl/v1p0/context.json#1EdTechRevocationList',\n      '1EdTechCredentialRefresh': 'https://purl.imsglobal.org/spec/vccr/v1p0/context.json#1EdTechCredentialRefresh',\n    },\n  },\n}\n\n// Runtime cache for network-fetched contexts\nconst RUNTIME_CONTEXT_CACHE: Record<string, object> = {}\n\n// Multicodec prefixes\nconst ED25519_PUB_MULTICODEC = new Uint8Array([0xed, 0x01])\nconst ED25519_PRIV_MULTICODEC = new Uint8Array([0x80, 0x26])\n\nexport interface EddsaRdfc2022KeyPair {\n  id: string\n  controller: string\n  publicKeyMultibase: string\n  privateKeyMultibase?: string\n}\n\nexport interface EddsaRdfc2022Proof {\n  type: typeof PROOF_TYPE_DATA_INTEGRITY\n  cryptosuite: typeof CRYPTOSUITE_EDDSA_RDFC_2022\n  created: string\n  verificationMethod: string\n  proofPurpose: string\n  proofValue: string\n}\n\nexport interface SignOptions {\n  document: Record<string, unknown>\n  keyPair: EddsaRdfc2022KeyPair\n  purpose?: string\n  date?: Date | string\n  challenge?: string\n  domain?: string\n}\n\nexport interface VerifyOptions {\n  document: Record<string, unknown>\n  proof: EddsaRdfc2022Proof\n  publicKeyMultibase: string\n  /**\n   * If true, fetch contexts from the network with @protected stripped.\n   * This is needed for verifying external credentials that use full network contexts.\n   */\n  useNetworkContexts?: boolean\n}\n\n/**\n * EdDSA RDFC 2022 Cryptosuite implementation\n */\nexport class EddsaRdfc2022Cryptosuite {\n  public static readonly proofType = PROOF_TYPE_DATA_INTEGRITY\n  public static readonly cryptosuite = CRYPTOSUITE_EDDSA_RDFC_2022\n  public static readonly contextUrl = DATA_INTEGRITY_V2_CONTEXT_URL\n  public static readonly verificationMethodTypes = [VM_TYPE_MULTIKEY, VM_TYPE_ED25519_2020]\n\n  /**\n   * Sign a document using eddsa-rdfc-2022 cryptosuite\n   */\n  public async sign(options: SignOptions): Promise<Record<string, unknown>> {\n    const { document, keyPair, purpose = 'assertionMethod', date, challenge, domain } = options\n\n    // Decode private key\n    const { secretKey } = this.decodeKeyPair(keyPair)\n\n    // Create proof options (Credly-compatible order)\n    const proofOptions: Partial<EddsaRdfc2022Proof> = {\n      type: PROOF_TYPE_DATA_INTEGRITY,\n      created: date ? new Date(date).toISOString() : new Date().toISOString(),\n      verificationMethod: keyPair.id,\n      cryptosuite: CRYPTOSUITE_EDDSA_RDFC_2022,\n      proofPurpose: purpose,\n    }\n\n    if (challenge) {\n      ;(proofOptions as Record<string, unknown>).challenge = challenge\n    }\n    if (domain) {\n      ;(proofOptions as Record<string, unknown>).domain = domain\n    }\n\n    // Create hash to sign\n    // Note: Full implementation should use RDFC-1.0 canonicalization\n    // For now, we use a simplified canonicalization for compatibility\n    const documentCopy = { ...document }\n    delete (documentCopy as Record<string, unknown>).proof\n\n    const hashData = await this.createHashData(documentCopy, proofOptions)\n\n    // Sign the hash\n    const signature = ed25519.sign(secretKey, hashData)\n\n    // Encode signature as multibase base58btc\n    const proofValue = 'z' + bs58.encode(signature)\n\n    // Create final proof\n    const proof: EddsaRdfc2022Proof = {\n      ...proofOptions,\n      proofValue,\n    } as EddsaRdfc2022Proof\n\n    // Return document with proof as array (Credly-compatible)\n    return {\n      ...document,\n      proof: [proof],\n    }\n  }\n\n  /**\n   * Sign a document using an external signer function (e.g., wallet.sign)\n   * This allows integration with KMS-backed keys where private key material is not directly accessible\n   */\n  public async signWithSigner(options: {\n    document: Record<string, unknown>\n    verificationMethodId: string\n    signer: (data: Uint8Array) => Promise<Uint8Array>\n    purpose?: string\n    date?: Date | string\n    challenge?: string\n    domain?: string\n    useNetworkContexts?: boolean\n  }): Promise<Record<string, unknown>> {\n    const { document, verificationMethodId, signer, purpose = 'assertionMethod', date, challenge, domain, useNetworkContexts = true } = options\n\n    // Create proof options (Credly-compatible order)\n    const proofOptions: Partial<EddsaRdfc2022Proof> = {\n      type: PROOF_TYPE_DATA_INTEGRITY,\n      created: date ? new Date(date).toISOString() : new Date().toISOString(),\n      verificationMethod: verificationMethodId,\n      cryptosuite: CRYPTOSUITE_EDDSA_RDFC_2022,\n      proofPurpose: purpose,\n    }\n\n    if (challenge) {\n      ;(proofOptions as Record<string, unknown>).challenge = challenge\n    }\n    if (domain) {\n      ;(proofOptions as Record<string, unknown>).domain = domain\n    }\n\n    // Create hash to sign\n    const documentCopy = { ...document }\n    delete (documentCopy as Record<string, unknown>).proof\n\n    const hashData = await this.createHashData(documentCopy, proofOptions, useNetworkContexts)\n\n    // Sign using the external signer\n    const signature = await signer(hashData)\n\n    // Encode signature as multibase base58btc\n    const proofValue = 'z' + bs58.encode(signature)\n\n    // Create final proof\n    const proof: EddsaRdfc2022Proof = {\n      ...proofOptions,\n      proofValue,\n    } as EddsaRdfc2022Proof\n\n    // Return document with proof as array (Credly-compatible)\n    return {\n      ...document,\n      proof: [proof],\n    }\n  }\n\n  /**\n   * Verify a document with eddsa-rdfc-2022 proof\n   *\n   * @param options - Verification options including document, proof, public key, and context settings\n   */\n  public async verify(options: VerifyOptions): Promise<{ verified: boolean; error?: string }> {\n    const { document, proof, publicKeyMultibase, useNetworkContexts = false } = options\n\n    try {\n      // Validate proof structure\n      if (proof.type !== PROOF_TYPE_DATA_INTEGRITY) {\n        return { verified: false, error: `Invalid proof type: ${proof.type}` }\n      }\n      if (proof.cryptosuite !== CRYPTOSUITE_EDDSA_RDFC_2022) {\n        return { verified: false, error: `Invalid cryptosuite: ${proof.cryptosuite}` }\n      }\n      if (!proof.proofValue?.startsWith('z')) {\n        return { verified: false, error: 'Invalid proofValue: must be multibase base58btc encoded' }\n      }\n\n      // Decode public key\n      const publicKey = this.decodePublicKey(publicKeyMultibase)\n\n      // Decode signature\n      const signature = bs58.decode(proof.proofValue.slice(1))\n\n      // Recreate hash data\n      const documentCopy = { ...document }\n      delete (documentCopy as Record<string, unknown>).proof\n\n      const proofOptions = {\n        type: proof.type,\n        cryptosuite: proof.cryptosuite,\n        created: proof.created,\n        verificationMethod: proof.verificationMethod,\n        proofPurpose: proof.proofPurpose,\n      }\n\n      // Use network contexts if specified (for external credential verification)\n      const hashData = await this.createHashData(documentCopy, proofOptions, useNetworkContexts)\n\n      // Verify signature\n      const verified = ed25519.verify(publicKey, hashData, signature)\n\n      return { verified }\n    } catch (error) {\n      const err = error as Error\n      return { verified: false, error: err.message }\n    }\n  }\n\n  /**\n   * Check if this suite matches a given proof\n   */\n  public matchProof(proof: Record<string, unknown>): boolean {\n    return (\n      proof.type === PROOF_TYPE_DATA_INTEGRITY && proof.cryptosuite === CRYPTOSUITE_EDDSA_RDFC_2022\n    )\n  }\n\n  /**\n   * Create a document loader for JSON-LD operations\n   * Uses cached contexts for internal operations, preprocessed network contexts for external verification\n   */\n  private createDocumentLoader(useNetworkContexts = false) {\n    // For external credential verification, use preprocessing loader that strips @protected\n    if (useNetworkContexts) {\n      return createPreprocessingDocumentLoader()\n    }\n\n    // For internal operations, use cached contexts for stability\n    return async (url: string) => {\n      // Check static cache first\n      if (CONTEXT_CACHE[url]) {\n        return {\n          contextUrl: null,\n          document: CONTEXT_CACHE[url],\n          documentUrl: url,\n        }\n      }\n\n      // Check runtime cache\n      if (RUNTIME_CONTEXT_CACHE[url]) {\n        return {\n          contextUrl: null,\n          document: RUNTIME_CONTEXT_CACHE[url],\n          documentUrl: url,\n        }\n      }\n\n      // For unknown contexts, return minimal context\n      return {\n        contextUrl: null,\n        document: { '@context': {} },\n        documentUrl: url,\n      }\n    }\n  }\n\n  /**\n   * Canonicalize a document using RDFC-1.0 (URDNA2015)\n   * This is the standard algorithm for RDF Dataset Canonicalization.\n   *\n   * @param document - The document to canonicalize\n   * @param useNetworkContexts - If true, fetch contexts from network with @protected stripped\n   */\n  private async canonicalize(\n    document: Record<string, unknown>,\n    useNetworkContexts = false\n  ): Promise<string> {\n    const jld = jsonld.default ?? jsonld\n    const documentLoader = this.createDocumentLoader(useNetworkContexts)\n\n    // Use URDNA2015 algorithm (RDFC-1.0)\n    const canonicalized = await jld.canonize(document, {\n      algorithm: 'URDNA2015',\n      format: 'application/n-quads',\n      documentLoader,\n    })\n    return canonicalized\n  }\n\n  /**\n   * Create hash data for signing/verification using RDFC-1.0 algorithm\n   *\n   * Per the spec (https://www.w3.org/TR/vc-di-eddsa/#create-verify-data-eddsa-rdfc-2022):\n   * 1. Canonicalize the document using RDFC-1.0\n   * 2. Hash the canonical document using SHA-256\n   * 3. Canonicalize the proof options (without proofValue)\n   * 4. Hash the canonical proof options using SHA-256\n   * 5. Concatenate: proofOptionsHash || documentHash\n   *\n   * @param document - The document to hash\n   * @param proofOptions - The proof options to hash\n   * @param useNetworkContexts - If true, fetch contexts from network with @protected stripped\n   */\n  private async createHashData(\n    document: Record<string, unknown>,\n    proofOptions: Record<string, unknown>,\n    useNetworkContexts = false\n  ): Promise<Uint8Array> {\n    // Canonicalize the document\n    const canonicalDocument = await this.canonicalize(document, useNetworkContexts)\n\n    // Hash the canonical document with SHA-256 (using cross-platform Hasher)\n    const documentHash = Hasher.hash(TypedArrayEncoder.fromString(canonicalDocument), 'sha-256')\n\n    // Create proof configuration document for canonicalization\n    // Use the Data Integrity context for proof options (per spec section 3.3.1)\n    const proofConfigDocument = {\n      '@context': DATA_INTEGRITY_V2_CONTEXT_URL,\n      ...proofOptions,\n    }\n\n    // Canonicalize the proof configuration\n    const canonicalProofConfig = await this.canonicalize(proofConfigDocument, useNetworkContexts)\n\n    // Hash the canonical proof configuration with SHA-256 (using cross-platform Hasher)\n    const proofConfigHash = Hasher.hash(TypedArrayEncoder.fromString(canonicalProofConfig), 'sha-256')\n\n    // Concatenate: proofConfigHash || documentHash (per spec)\n    const combined = new Uint8Array(proofConfigHash.length + documentHash.length)\n    combined.set(proofConfigHash, 0)\n    combined.set(documentHash, proofConfigHash.length)\n\n    return combined\n  }\n\n  /**\n   * Decode a key pair from multibase format\n   */\n  private decodeKeyPair(keyPair: EddsaRdfc2022KeyPair): {\n    publicKey: Uint8Array\n    secretKey: Uint8Array\n  } {\n    if (!keyPair.privateKeyMultibase) {\n      throw new Error('Private key is required for signing')\n    }\n\n    // Decode private key\n    const privBytes = bs58.decode(keyPair.privateKeyMultibase.slice(1))\n\n    // Validate multicodec prefix\n    if (privBytes[0] !== ED25519_PRIV_MULTICODEC[0] || privBytes[1] !== ED25519_PRIV_MULTICODEC[1]) {\n      throw new Error('Invalid private key multicodec prefix')\n    }\n\n    const secretKey = privBytes.slice(2)\n\n    // Decode or derive public key\n    let publicKey: Uint8Array\n    if (keyPair.publicKeyMultibase) {\n      publicKey = this.decodePublicKey(keyPair.publicKeyMultibase)\n    } else {\n      // Derive public key from secret key (last 32 bytes or generate)\n      if (secretKey.length === 64) {\n        publicKey = secretKey.slice(32)\n      } else {\n        const kp = ed25519.generateKeyPairFromSeed(secretKey.slice(0, 32))\n        publicKey = kp.publicKey\n      }\n    }\n\n    return { publicKey, secretKey }\n  }\n\n  /**\n   * Decode a public key from multibase format\n   */\n  private decodePublicKey(publicKeyMultibase: string): Uint8Array {\n    if (!publicKeyMultibase.startsWith('z')) {\n      throw new Error('Invalid multibase prefix: expected base58btc (z)')\n    }\n\n    const pubBytes = bs58.decode(publicKeyMultibase.slice(1))\n\n    // Validate multicodec prefix\n    if (pubBytes[0] !== ED25519_PUB_MULTICODEC[0] || pubBytes[1] !== ED25519_PUB_MULTICODEC[1]) {\n      throw new Error('Invalid public key multicodec prefix')\n    }\n\n    return pubBytes.slice(2)\n  }\n\n  /**\n   * Generate a new Ed25519 key pair with multibase encoding\n   */\n  public static generateKeyPair(controller: string, keyId?: string): EddsaRdfc2022KeyPair {\n    const kp = ed25519.generateKeyPair()\n\n    // Encode public key with multicodec prefix\n    const pubWithHeader = new Uint8Array(2 + kp.publicKey.length)\n    pubWithHeader.set(ED25519_PUB_MULTICODEC, 0)\n    pubWithHeader.set(kp.publicKey, 2)\n    const publicKeyMultibase = 'z' + bs58.encode(pubWithHeader)\n\n    // Encode private key with multicodec prefix\n    const privWithHeader = new Uint8Array(2 + kp.secretKey.length)\n    privWithHeader.set(ED25519_PRIV_MULTICODEC, 0)\n    privWithHeader.set(kp.secretKey, 2)\n    const privateKeyMultibase = 'z' + bs58.encode(privWithHeader)\n\n    const id = keyId || `${controller}#key-1`\n\n    return {\n      id,\n      controller,\n      publicKeyMultibase,\n      privateKeyMultibase,\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAsCA,MAAMA,gBAAwC;CAC5C,+CAA+C;CAC/C,wCAAwC,EACtC,YAAY;EACV,IAAI;EACJ,MAAM;EACN,sBAAsB;EACtB,mBAAmB;GAAE,OAAO;GAAyD,SAAS;GAAO;EACrG,QAAQ;GAAE,OAAO;GAA8C,SAAS;GAAO;EAC/E,WAAW;GAAE,OAAO;GAAiD,SAAS;GAA6C;EAC3H,YAAY;GAAE,OAAO;GAAkD,SAAS;GAA6C;EAC9H,EACF;CACD,8DAA8D,EAC5D,YAAY;EACV,qBAAqB;EACrB,aAAa;EACb,oBAAoB;EACpB,SAAS;EACT,aAAa;GAAE,OAAO;GAAgE,SAAS;GAAO;EACtG,MAAM;EACN,aAAa;EACb,UAAU;GAAE,OAAO;GAA6D,SAAS;GAAO;EAChG,WAAW;EACZ,EACF;CAED,2DAA2D,EACzD,YAAY;EACV,kCAAkC;EAClC,yBAAyB;EACzB,4BAA4B;EAC7B,EACF;CACF;AAGD,MAAMC,wBAAgD,EAAE;AAGxD,MAAM,yBAAyB,IAAI,WAAW,CAAC,KAAM,EAAK,CAAC;AAC3D,MAAM,0BAA0B,IAAI,WAAW,CAAC,KAAM,GAAK,CAAC;;;;AAyC5D,IAAa,2BAAb,MAAsC;;;;CASpC,MAAa,KAAK,SAAwD;EACxE,MAAM,EAAE,UAAU,SAAS,UAAU,mBAAmB,MAAM,WAAW,WAAW;EAGpF,MAAM,EAAE,cAAc,KAAK,cAAc,QAAQ;EAGjD,MAAMC,eAA4C;GAChD,MAAM;GACN,SAAS,OAAO,IAAI,KAAK,KAAK,CAAC,aAAa,oBAAG,IAAI,MAAM,EAAC,aAAa;GACvE,oBAAoB,QAAQ;GAC5B,aAAa;GACb,cAAc;GACf;AAED,MAAI,UACD,CAAC,aAAyC,YAAY;AAEzD,MAAI,OACD,CAAC,aAAyC,SAAS;EAMtD,MAAM,eAAe,EAAE,GAAG,UAAU;AACpC,SAAQ,aAAyC;EAEjD,MAAM,WAAW,MAAM,KAAK,eAAe,cAAc,aAAa;EAGtE,MAAM,YAAY,QAAQ,KAAK,WAAW,SAAS;EAGnD,MAAM,aAAa,MAAM,KAAK,OAAO,UAAU;EAG/C,MAAMC,QAA4B;GAChC,GAAG;GACH;GACD;AAGD,SAAO;GACL,GAAG;GACH,OAAO,CAAC,MAAM;GACf;;;;;;CAOH,MAAa,eAAe,SASS;EACnC,MAAM,EAAE,UAAU,sBAAsB,QAAQ,UAAU,mBAAmB,MAAM,WAAW,QAAQ,qBAAqB,SAAS;EAGpI,MAAMD,eAA4C;GAChD,MAAM;GACN,SAAS,OAAO,IAAI,KAAK,KAAK,CAAC,aAAa,oBAAG,IAAI,MAAM,EAAC,aAAa;GACvE,oBAAoB;GACpB,aAAa;GACb,cAAc;GACf;AAED,MAAI,UACD,CAAC,aAAyC,YAAY;AAEzD,MAAI,OACD,CAAC,aAAyC,SAAS;EAItD,MAAM,eAAe,EAAE,GAAG,UAAU;AACpC,SAAQ,aAAyC;EAKjD,MAAM,YAAY,MAAM,OAHP,MAAM,KAAK,eAAe,cAAc,cAAc,mBAAmB,CAGlD;EAGxC,MAAM,aAAa,MAAM,KAAK,OAAO,UAAU;EAG/C,MAAMC,QAA4B;GAChC,GAAG;GACH;GACD;AAGD,SAAO;GACL,GAAG;GACH,OAAO,CAAC,MAAM;GACf;;;;;;;CAQH,MAAa,OAAO,SAAwE;EAC1F,MAAM,EAAE,UAAU,OAAO,oBAAoB,qBAAqB,UAAU;AAE5E,MAAI;AAEF,OAAI,MAAM,SAAS,0BACjB,QAAO;IAAE,UAAU;IAAO,OAAO,uBAAuB,MAAM;IAAQ;AAExE,OAAI,MAAM,gBAAgB,4BACxB,QAAO;IAAE,UAAU;IAAO,OAAO,wBAAwB,MAAM;IAAe;AAEhF,OAAI,CAAC,MAAM,YAAY,WAAW,IAAI,CACpC,QAAO;IAAE,UAAU;IAAO,OAAO;IAA2D;GAI9F,MAAM,YAAY,KAAK,gBAAgB,mBAAmB;GAG1D,MAAM,YAAY,KAAK,OAAO,MAAM,WAAW,MAAM,EAAE,CAAC;GAGxD,MAAM,eAAe,EAAE,GAAG,UAAU;AACpC,UAAQ,aAAyC;GAEjD,MAAM,eAAe;IACnB,MAAM,MAAM;IACZ,aAAa,MAAM;IACnB,SAAS,MAAM;IACf,oBAAoB,MAAM;IAC1B,cAAc,MAAM;IACrB;GAGD,MAAM,WAAW,MAAM,KAAK,eAAe,cAAc,cAAc,mBAAmB;AAK1F,UAAO,EAAE,UAFQ,QAAQ,OAAO,WAAW,UAAU,UAAU,EAE5C;WACZ,OAAO;AAEd,UAAO;IAAE,UAAU;IAAO,OADd,MACyB;IAAS;;;;;;CAOlD,AAAO,WAAW,OAAyC;AACzD,SACE,MAAM,SAAS,6BAA6B,MAAM,gBAAgB;;;;;;CAQtE,AAAQ,qBAAqB,qBAAqB,OAAO;AAEvD,MAAI,mBACF,QAAO,mCAAmC;AAI5C,SAAO,OAAO,QAAgB;AAE5B,OAAI,cAAc,KAChB,QAAO;IACL,YAAY;IACZ,UAAU,cAAc;IACxB,aAAa;IACd;AAIH,OAAI,sBAAsB,KACxB,QAAO;IACL,YAAY;IACZ,UAAU,sBAAsB;IAChC,aAAa;IACd;AAIH,UAAO;IACL,YAAY;IACZ,UAAU,EAAE,YAAY,EAAE,EAAE;IAC5B,aAAa;IACd;;;;;;;;;;CAWL,MAAc,aACZ,UACA,qBAAqB,OACJ;EACjB,MAAM,MAAM,OAAO,WAAW;EAC9B,MAAM,iBAAiB,KAAK,qBAAqB,mBAAmB;AAQpE,SALsB,MAAM,IAAI,SAAS,UAAU;GACjD,WAAW;GACX,QAAQ;GACR;GACD,CAAC;;;;;;;;;;;;;;;;CAkBJ,MAAc,eACZ,UACA,cACA,qBAAqB,OACA;EAErB,MAAM,oBAAoB,MAAM,KAAK,aAAa,UAAU,mBAAmB;EAG/E,MAAM,eAAe,OAAO,KAAK,kBAAkB,WAAW,kBAAkB,EAAE,UAAU;EAI5F,MAAM,sBAAsB;GAC1B,YAAY;GACZ,GAAG;GACJ;EAGD,MAAM,uBAAuB,MAAM,KAAK,aAAa,qBAAqB,mBAAmB;EAG7F,MAAM,kBAAkB,OAAO,KAAK,kBAAkB,WAAW,qBAAqB,EAAE,UAAU;EAGlG,MAAM,WAAW,IAAI,WAAW,gBAAgB,SAAS,aAAa,OAAO;AAC7E,WAAS,IAAI,iBAAiB,EAAE;AAChC,WAAS,IAAI,cAAc,gBAAgB,OAAO;AAElD,SAAO;;;;;CAMT,AAAQ,cAAc,SAGpB;AACA,MAAI,CAAC,QAAQ,oBACX,OAAM,IAAI,MAAM,sCAAsC;EAIxD,MAAM,YAAY,KAAK,OAAO,QAAQ,oBAAoB,MAAM,EAAE,CAAC;AAGnE,MAAI,UAAU,OAAO,wBAAwB,MAAM,UAAU,OAAO,wBAAwB,GAC1F,OAAM,IAAI,MAAM,wCAAwC;EAG1D,MAAM,YAAY,UAAU,MAAM,EAAE;EAGpC,IAAIC;AACJ,MAAI,QAAQ,mBACV,aAAY,KAAK,gBAAgB,QAAQ,mBAAmB;WAGxD,UAAU,WAAW,GACvB,aAAY,UAAU,MAAM,GAAG;MAG/B,aADW,QAAQ,wBAAwB,UAAU,MAAM,GAAG,GAAG,CAAC,CACnD;AAInB,SAAO;GAAE;GAAW;GAAW;;;;;CAMjC,AAAQ,gBAAgB,oBAAwC;AAC9D,MAAI,CAAC,mBAAmB,WAAW,IAAI,CACrC,OAAM,IAAI,MAAM,mDAAmD;EAGrE,MAAM,WAAW,KAAK,OAAO,mBAAmB,MAAM,EAAE,CAAC;AAGzD,MAAI,SAAS,OAAO,uBAAuB,MAAM,SAAS,OAAO,uBAAuB,GACtF,OAAM,IAAI,MAAM,uCAAuC;AAGzD,SAAO,SAAS,MAAM,EAAE;;;;;CAM1B,OAAc,gBAAgB,YAAoB,OAAsC;EACtF,MAAM,KAAK,QAAQ,iBAAiB;EAGpC,MAAM,gBAAgB,IAAI,WAAW,IAAI,GAAG,UAAU,OAAO;AAC7D,gBAAc,IAAI,wBAAwB,EAAE;AAC5C,gBAAc,IAAI,GAAG,WAAW,EAAE;EAClC,MAAM,qBAAqB,MAAM,KAAK,OAAO,cAAc;EAG3D,MAAM,iBAAiB,IAAI,WAAW,IAAI,GAAG,UAAU,OAAO;AAC9D,iBAAe,IAAI,yBAAyB,EAAE;AAC9C,iBAAe,IAAI,GAAG,WAAW,EAAE;EACnC,MAAM,sBAAsB,MAAM,KAAK,OAAO,eAAe;AAI7D,SAAO;GACL,IAHS,SAAS,GAAG,WAAW;GAIhC;GACA;GACA;GACD;;;yBA3WoB,YAAY;yBACZ,cAAc;yBACd,aAAa;yBACb,0BAA0B,CAAC,kBAAkB,qBAAqB"}