fix(server): 首页文档入口改为 api docs

apps/server/package.json

@@ -37,6 +37,7 @@
     "@tanstack/react-start": "catalog:",
     "drizzle-orm": "catalog:",
     "jszip": "catalog:",
+    "lossless-json": "catalog:",
     "react": "catalog:",
     "react-dom": "catalog:",
     "systeminformation": "catalog:",

apps/server/src/routes/api/$.ts

@@ -16,7 +16,8 @@ const handler = new OpenAPIHandler(router, {
         info: {
           title: name,
           version,
-          description: 'UX 授权服务 OpenAPI 文档：设备授权、任务解密、摘要加密与报告签名打包接口。',
+          description:
+            'UX 授权服务 OpenAPI 文档。该服务用于工具箱侧本地身份初始化与密码学能力调用，覆盖设备授权密文生成、任务二维码解密、摘要信息加密、报告签名打包等流程。\n\n推荐调用顺序：\n1) 写入平台公钥；\n2) 写入已签名 licence JSON；\n3) 写入 OpenPGP 私钥；\n4) 读取本机身份状态进行前置校验；\n5) 执行加密/解密与签名接口。\n\n说明：除文件下载接口外，返回体均为 JSON；字段示例已提供，便于联调和 Mock。',
         },
       },
       docsPath: '/docs',

apps/server/src/routes/index.tsx

@@ -10,9 +10,9 @@ function Home() {
       <div className="text-center space-y-4">
         <h1 className="text-3xl font-bold text-slate-900 tracking-tight">UX Server</h1>
         <p className="text-slate-500">
-          API:&nbsp;
+          API Docs:&nbsp;
-          <a href="/api" className="text-indigo-600 hover:text-indigo-700 underline">
+          <a href="/api/docs" className="text-indigo-600 hover:text-indigo-700 underline">
-            /api
+            /api/docs
           </a>
         </p>
       </div>

apps/server/src/server/api/contracts/config.contract.ts

@@ -1,22 +1,39 @@
 import { oc } from '@orpc/contract'
 import { z } from 'zod'
+import { licenceEnvelopeSchema } from '@/server/licence'
+
+const licenceOutput = z
+  .object({
+    licenceId: z.string().describe('验签通过后的 licence 标识'),
+    expireTime: z.string().describe('授权到期日，格式为 YYYY-MM-DD'),
+    isExpired: z.boolean().describe('当前 licence 是否已过期（按 UTC 自然日计算）'),
+  })
+  .describe('当前已安装 licence 的验证后元数据')
 
 const configOutput = z
   .object({
-    licence: z.string().nullable().describe('当前本地 licence，未设置时为 null'),
+    licence: licenceOutput.nullable().describe('当前本地已验证 licence 的元数据，未设置时为 null'),
     fingerprint: z.string().describe('UX 本机计算得到的设备特征码（SHA-256）'),
+    hasPlatformPublicKey: z.boolean().describe('是否已配置平台公钥'),
     hasPgpPrivateKey: z.boolean().describe('是否已配置 OpenPGP 私钥'),
   })
+  .describe('本地身份配置快照，用于判断设备授权初始化是否完成')
   .meta({
     examples: [
       {
-        licence: 'LIC-8F2A-XXXX',
+        licence: {
+          licenceId: 'LIC-20260319-0025',
+          expireTime: '2027-03-19',
+          isExpired: false,
+        },
         fingerprint: '9a3b7c1d2e4f5a6b8c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b',
+        hasPlatformPublicKey: true,
         hasPgpPrivateKey: true,
       },
       {
         licence: null,
         fingerprint: '9a3b7c1d2e4f5a6b8c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b',
+        hasPlatformPublicKey: false,
         hasPgpPrivateKey: false,
       },
     ],
@@ -29,10 +46,10 @@ export const get = oc
     operationId: 'configGet',
     summary: '读取本机身份配置',
     description:
-      '返回 UX 本地持久化的 licence、本机设备特征码（fingerprint）以及 OpenPGP 私钥配置状态。工具箱端可据此判断是否已完成本地身份初始化。',
+      '查询 UX 当前本地身份配置状态。\n\n典型用途：页面初始化时检测授权状态、验签前检查平台公钥、签名前检查私钥是否就绪。\n\n返回内容：\n- licence：当前已验证 licence 的元数据，未设置时为 null；\n- fingerprint：设备特征码（本机自动计算）；\n- hasPlatformPublicKey：是否已写入平台公钥；\n- hasPgpPrivateKey：是否已写入 OpenPGP 私钥。',
     tags: ['Config'],
   })
-  .input(z.object({}))
+  .input(z.object({}).describe('空请求体，仅触发读取当前配置'))
   .output(configOutput)
 
 export const setLicence = oc
@@ -42,16 +59,18 @@ export const setLicence = oc
     operationId: 'configSetLicence',
     summary: '写入本地 licence',
     description:
-      '写入或更新本机持久化的 licence。设备特征码（fingerprint）始终由 UX 本机自动计算，无需外部传入。此接口应在设备授权流程前调用。',
+      '写入或更新本机持久化 licence。\n\n调用时机：设备首次激活、授权码变更、授权修复。\n\n约束与行为：\n- 接收 `.lic` 文件内容对应的 JSON 信封，而不是文件上传；\n- 使用已配置的平台公钥对 payload 原始字符串做 SHA256withRSA 验签；\n- 仅在验签通过且 expire_time 未过期时持久化；\n- fingerprint 由本机自动计算，不允许外部覆盖；\n- 成功后返回最新配置快照，便于前端立即刷新授权状态。',
     tags: ['Config'],
   })
   .input(
-    z
+    licenceEnvelopeSchema.meta({
-      .object({
+      examples: [
-        licence: z.string().min(1).describe('本地持久化的 licence'),
+        {
-      })
+          payload: 'eyJsaWNlbmNlX2lkIjoiTElDLTIwMjYwMzE5LTAwMjUiLCJleHBpcmVfdGltZSI6IjIwMjctMDMtMTkifQ==',
-      .meta({
+          signature:
-        examples: [{ licence: 'LIC-8F2A-XXXX' }],
+            'aLd+wwpz1W5AS0jgE/IstSNjCAQ5estQYIMqeLXRWMIsnKxjZpCvC8O5q/G5LEBBLJXnbTk8N6IMTUx295nf2HQYlXNtJkWiBeUXQ6/uzs0RbhCeRAWK2Hx4kSsmiEv4AHGLb4ozI2XekTc+40+ApJQYqaWbDu/NU99TmDm3/da1VkKpQxH60BhSQVwBtU67w9Vp3SpWm8y1faQ7ci5WDtJf1JZaS70kPXoGeA5018rPeMFlEzUp10yDlGW6RcrT7Dm+r7zFyrFznLK+evBEvTf9mMGWwZZP3q9vJtC/wFt1t5zNHdkb27cTwc9yyqGMWdelXQAQDnoisn2Jzi06KA==',
+        },
+      ],
     }),
   )
   .output(configOutput)
@@ -63,7 +82,7 @@ export const setPgpPrivateKey = oc
     operationId: 'configSetPgpPrivateKey',
     summary: '写入本地 OpenPGP 私钥',
     description:
-      '写入或更新本机持久化的 OpenPGP 私钥（ASCII armored 格式），用于报告签名。私钥与设备绑定，调用报告签名接口时 UX 自动读取，无需每次传入。',
+      '写入或更新本机持久化 OpenPGP 私钥（ASCII armored）。\n\n调用时机：首次导入签名私钥、私钥轮换。\n\n约束与行为：\n- 仅接收 ASCII armored 私钥文本；\n- 私钥保存在本地，后续报告签名接口会自动读取；\n- 成功后返回最新配置快照，可用于确认 hasPgpPrivateKey 状态。',
     tags: ['Config'],
   })
   .input(
@@ -80,3 +99,29 @@ export const setPgpPrivateKey = oc
       }),
   )
   .output(configOutput)
+
+export const setPlatformPublicKey = oc
+  .route({
+    method: 'POST',
+    path: '/config/set-platform-public-key',
+    operationId: 'configSetPlatformPublicKey',
+    summary: '写入本地平台公钥',
+    description:
+      '写入或更新本机持久化平台公钥（Base64 编码 SPKI DER）。\n\n调用时机：设备授权初始化、平台公钥轮换。\n\n约束与行为：\n- 仅接收可解析的平台 RSA 公钥文本；\n- 公钥保存在本地，设备授权密文接口和 licence 验签都会自动读取，无需每次传参；\n- 若平台公钥发生变化，已安装 licence 会被清空，需要重新安装已签名 licence；\n- 成功后返回最新配置快照，可用于确认 hasPlatformPublicKey 状态。',
+    tags: ['Config'],
+  })
+  .input(
+    z
+      .object({
+        platformPublicKey: z.string().min(1).describe('平台公钥（Base64 编码 SPKI DER）'),
+      })
+      .meta({
+        examples: [
+          {
+            platformPublicKey:
+              'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB',
+          },
+        ],
+      }),
+  )
+  .output(configOutput)

apps/server/src/server/api/contracts/crypto.contract.ts

@@ -8,28 +8,16 @@ export const encryptDeviceInfo = oc
     operationId: 'encryptDeviceInfo',
     summary: '生成设备授权二维码密文',
     description:
-      '将本机 licence 与 fingerprint 组装为 JSON，使用平台 RSA 公钥（RSA-OAEP + SHA-256）加密后返回 Base64 密文，供工具箱生成设备授权二维码。参见《工具箱端 - 设备授权二维码生成指南》。',
+      '生成设备授权流程所需的二维码密文。\n\n处理流程：\n- 读取本机已验证的 licenceId、fingerprint 与本地持久化的平台公钥；\n- 组装为授权载荷 JSON；\n- 使用平台公钥执行 RSA-OAEP(SHA-256) 加密；\n- 返回 Base64 密文供前端生成二维码。\n\n适用场景：设备授权申请、重新授权。\n\n前置条件：需先调用 config.setPlatformPublicKey 写入平台公钥，并通过 config.setLicence 安装已签名 licence。',
     tags: ['Crypto'],
   })
-  .input(
+  .input(z.object({}).describe('空请求体。平台公钥由本地配置自动读取'))
-    z
-      .object({
-        platformPublicKey: z.string().min(1).describe('平台公钥（Base64，SPKI DER）'),
-      })
-      .meta({
-        examples: [
-          {
-            platformPublicKey:
-              'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB',
-          },
-        ],
-      }),
-  )
   .output(
     z
       .object({
-        encrypted: z.string().describe('Base64 密文（用于设备授权二维码）'),
+        encrypted: z.string().describe('Base64 密文（可直接用于设备授权二维码内容）'),
       })
+      .describe('设备授权密文生成结果')
       .meta({
         examples: [
           {
@@ -46,7 +34,7 @@ export const decryptTask = oc
     operationId: 'decryptTask',
     summary: '解密任务二维码数据',
     description:
-      '使用本机 licence 与 fingerprint 派生 AES-256-GCM 密钥（SHA-256），解密 App 任务二维码中的 Base64 密文，返回任务信息明文。参见《工具箱端 - 任务二维码解密指南》。',
+      '解密 App 下发的任务二维码密文。\n\n处理流程：\n- 基于本机已验证的 licenceId + fingerprint 派生 AES-256-GCM 密钥；\n- 对二维码中的 Base64 密文进行解密；\n- 返回任务明文 JSON 字符串。\n\n适用场景：扫码接收任务后解析任务详情。',
     tags: ['Crypto'],
   })
   .input(
@@ -54,6 +42,7 @@ export const decryptTask = oc
       .object({
         encryptedData: z.string().min(1).describe('Base64 编码的 AES-256-GCM 密文（来自任务二维码扫描结果）'),
       })
+      .describe('任务二维码解密请求')
       .meta({
         examples: [
           {
@@ -65,8 +54,9 @@ export const decryptTask = oc
   .output(
     z
       .object({
-        decrypted: z.string().describe('解密后的任务信息 JSON 字符串'),
+        decrypted: z.string().describe('解密后的任务信息 JSON 字符串（可进一步反序列化）'),
       })
+      .describe('任务二维码解密结果')
       .meta({
         examples: [
           {
@@ -84,21 +74,22 @@ export const encryptSummary = oc
     operationId: 'encryptSummary',
     summary: '加密摘要信息',
     description:
-      '使用本机 licence 与 fingerprint 通过 HKDF-SHA256 派生密钥，以 AES-256-GCM 加密检查摘要明文并返回 Base64 密文，供工具箱生成摘要信息二维码。参见《工具箱端 - 摘要信息二维码生成指南》。',
+      '加密检查摘要信息并产出二维码密文。\n\n处理流程：\n- 使用已验证的 licenceId + fingerprint 结合 taskId(salt) 通过 HKDF-SHA256 派生密钥；\n- 使用 AES-256-GCM 加密摘要明文；\n- 返回 Base64 密文用于摘要二维码生成。\n\n适用场景：任务执行后提交摘要信息。',
     tags: ['Crypto'],
   })
   .input(
     z
       .object({
-        salt: z.string().min(1).describe('HKDF salt（即 taskId，从任务二维码中获取）'),
+        salt: z.string().min(1).describe('HKDF salt（通常为 taskId，需与任务上下文一致）'),
-        plaintext: z.string().min(1).describe('待加密的摘要信息 JSON 明文'),
+        plaintext: z.string().min(1).describe('待加密的摘要信息 JSON 明文字符串'),
       })
+      .describe('摘要信息加密请求')
       .meta({
         examples: [
           {
             salt: 'TASK-20260115-4875',
             plaintext:
-              '{"enterpriseId":"1173040813421105152","inspectionId":"702286470691215417","summary":"检查摘要信息：发现3个高危漏洞，5个中危漏洞","timestamp":1734571234567}',
+              '{"enterpriseId":"1173040813421105152","inspectionId":"702286470691215417","summary":{"orgId":"1","orgName":"超艺科技有限公司","checkId":"1","vcheckId":"1","task":{"startTime":"2022-01-01 00:00:00","endTime":"2022-01-01 00:00:00"},"asset":{"count":183},"weakPwd":{"count":5},"vul":{"emergency":13,"high":34,"medium":45,"low":12,"info":3}},"timestamp":1734571234567}',
           },
         ],
       }),
@@ -106,8 +97,9 @@ export const encryptSummary = oc
   .output(
     z
       .object({
-        encrypted: z.string().describe('Base64 密文（用于摘要信息二维码）'),
+        encrypted: z.string().describe('Base64 密文（用于摘要信息二维码内容）'),
       })
+      .describe('摘要信息加密结果')
       .meta({
         examples: [
           {
@@ -124,11 +116,31 @@ export const signAndPackReport = oc
     operationId: 'signAndPackReport',
     summary: '签名并打包检查报告',
     description:
-      '上传包含 summary.json 的原始报告 ZIP，UX 自动从 ZIP 中提取 summary.json，使用本地存储的 licence/fingerprint 计算设备签名（HKDF + HMAC-SHA256），并使用本地 OpenPGP 私钥生成分离式签名。返回包含 summary.json（含 deviceSignature）、META-INF/manifest.json、META-INF/signature.asc 的签名报告 ZIP。参见《工具箱端 - 报告加密与签名生成指南》。',
+      '对原始报告执行设备签名与 OpenPGP 签名并重新打包。\n\n处理流程：\n- 解析上传 ZIP 并提取 summary.json；\n- 用已验证的 licenceId/fingerprint 计算 deviceSignature(HKDF + HMAC-SHA256) 并回写 summary.json；\n- 生成 META-INF/manifest.json；\n- 使用本地 OpenPGP 私钥生成 detached signature(`META-INF/signature.asc`)；\n- 返回签名后 ZIP。\n\n适用场景：检查结果归档、可追溯签名分发。',
-    tags: ['Crypto', 'Report'],
+    tags: ['Report'],
+    spec: (current) => {
+      const multipartContent =
+        current.requestBody && !('$ref' in current.requestBody)
+          ? (current.requestBody.content?.['multipart/form-data'] ?? current.requestBody.content?.['application/json'])
+          : undefined
+
+      return {
+        ...current,
+        requestBody:
+          multipartContent && current.requestBody && !('$ref' in current.requestBody)
+            ? {
+                ...current.requestBody,
+                content: {
+                  'multipart/form-data': multipartContent,
+                },
+              }
+            : current.requestBody,
+      }
+    },
   })
   .input(
-    z.object({
+    z
+      .object({
         rawZip: z
           .file()
           .mime(['application/zip', 'application/x-zip-compressed'])
@@ -141,7 +153,8 @@ export const signAndPackReport = oc
           .optional()
           .describe('返回 ZIP 文件名（可选，默认 signed-report.zip）')
           .meta({ examples: ['signed-report.zip'] }),
-    }),
+      })
+      .describe('报告签名与打包请求'),
   )
   .output(
     z

apps/server/src/server/api/routers/config.router.ts

@@ -1,10 +1,27 @@
-import { ensureUxConfig, setUxLicence, setUxPgpPrivateKey } from '@/server/ux-config'
+import { validatePgpPrivateKey, validateRsaPublicKey } from '@furtherverse/crypto'
+import { ORPCError } from '@orpc/server'
+import { isLicenceExpired, verifyAndDecodeLicenceEnvelope } from '@/server/licence'
+import { ensureUxConfig, setUxLicence, setUxPgpPrivateKey, setUxPlatformPublicKey } from '@/server/ux-config'
 import { db } from '../middlewares'
 import { os } from '../server'
 
-const toConfigOutput = (config: { licence: string | null; fingerprint: string; pgpPrivateKey: string | null }) => ({
+const toConfigOutput = (config: {
-  licence: config.licence,
+  licenceId: string | null
+  licenceExpireTime: string | null
+  fingerprint: string
+  platformPublicKey: string | null
+  pgpPrivateKey: string | null
+}) => ({
+  licence:
+    config.licenceId && config.licenceExpireTime
+      ? {
+          licenceId: config.licenceId,
+          expireTime: config.licenceExpireTime,
+          isExpired: isLicenceExpired(config.licenceExpireTime),
+        }
+      : null,
   fingerprint: config.fingerprint,
+  hasPlatformPublicKey: config.platformPublicKey != null,
   hasPgpPrivateKey: config.pgpPrivateKey != null,
 })
 
@@ -14,11 +31,51 @@ export const get = os.config.get.use(db).handler(async ({ context }) => {
 })
 
 export const setLicence = os.config.setLicence.use(db).handler(async ({ context, input }) => {
-  const config = await setUxLicence(context.db, input.licence)
+  const currentConfig = await ensureUxConfig(context.db)
+
+  if (!currentConfig.platformPublicKey) {
+    throw new ORPCError('PRECONDITION_FAILED', {
+      message: 'Platform public key is not configured. Call config.setPlatformPublicKey first.',
+    })
+  }
+
+  const payload = verifyAndDecodeLicenceEnvelope(input, currentConfig.platformPublicKey)
+  if (isLicenceExpired(payload.expire_time)) {
+    throw new ORPCError('BAD_REQUEST', {
+      message: 'licence has expired',
+    })
+  }
+
+  const config = await setUxLicence(context.db, {
+    payload: input.payload,
+    signature: input.signature,
+    licenceId: payload.licence_id,
+    expireTime: payload.expire_time,
+  })
+
   return toConfigOutput(config)
 })
 
 export const setPgpPrivateKey = os.config.setPgpPrivateKey.use(db).handler(async ({ context, input }) => {
+  await validatePgpPrivateKey(input.pgpPrivateKey).catch((error) => {
+    throw new ORPCError('BAD_REQUEST', {
+      message: `Invalid PGP private key: ${error instanceof Error ? error.message : 'unable to parse'}`,
+    })
+  })
+
   const config = await setUxPgpPrivateKey(context.db, input.pgpPrivateKey)
   return toConfigOutput(config)
 })
+
+export const setPlatformPublicKey = os.config.setPlatformPublicKey.use(db).handler(async ({ context, input }) => {
+  try {
+    validateRsaPublicKey(input.platformPublicKey)
+  } catch (error) {
+    throw new ORPCError('BAD_REQUEST', {
+      message: `Invalid platform public key: ${error instanceof Error ? error.message : 'unable to parse'}`,
+    })
+  }
+
+  const config = await setUxPlatformPublicKey(context.db, input.platformPublicKey)
+  return toConfigOutput(config)
+})

apps/server/src/server/api/routers/crypto.router.ts

@@ -10,46 +10,79 @@ import {
 } from '@furtherverse/crypto'
 import { ORPCError } from '@orpc/server'
 import JSZip from 'jszip'
+import {
+  isInteger,
+  isSafeNumber,
+  LosslessNumber,
+  parse as losslessParse,
+  stringify as losslessStringify,
+} from 'lossless-json'
 import { z } from 'zod'
+import { isLicenceExpired } from '@/server/licence'
 import { extractSafeZipFiles, ZipValidationError } from '@/server/safe-zip'
 import { getUxConfig } from '@/server/ux-config'
 import { db } from '../middlewares'
 import { os } from '../server'
 
+const safeNumberParser = (value: string): number | string => {
+  if (isSafeNumber(value)) return Number(value)
+  if (isInteger(value)) return value
+  return Number(value)
+}
+
+const toLosslessNumber = (value: string): LosslessNumber | string =>
+  value !== '' && /^-?\d+$/.test(value) ? new LosslessNumber(value) : value
+
 const summaryPayloadSchema = z
   .object({
     taskId: z.string().min(1, 'summary.json must contain a non-empty taskId'),
-    checkId: z.string().optional(),
+    checkId: z.union([z.string(), z.number()]).optional(),
-    inspectionId: z.string().optional(),
+    inspectionId: z.union([z.string(), z.number()]).optional(),
+    orgId: z.union([z.string(), z.number()]).optional(),
+    enterpriseId: z.union([z.string(), z.number()]).optional(),
+    summary: z.string().optional(),
   })
   .loose()
 
 const requireIdentity = async (dbInstance: Parameters<typeof getUxConfig>[0]) => {
   const config = await getUxConfig(dbInstance)
-  if (!config || !config.licence) {
+  if (!config || !config.licenceId || !config.licenceExpireTime) {
     throw new ORPCError('PRECONDITION_FAILED', {
       message: 'Local identity is not initialized. Call config.get and then config.setLicence first.',
     })
   }
-  return config as typeof config & { licence: string }
+
+  if (isLicenceExpired(config.licenceExpireTime)) {
+    throw new ORPCError('PRECONDITION_FAILED', {
+      message: 'Local licence has expired. Install a new signed licence before calling crypto APIs.',
+    })
   }
 
-export const encryptDeviceInfo = os.crypto.encryptDeviceInfo.use(db).handler(async ({ context, input }) => {
+  return config as typeof config & { licenceId: string; licenceExpireTime: string }
+}
+
+export const encryptDeviceInfo = os.crypto.encryptDeviceInfo.use(db).handler(async ({ context }) => {
   const config = await requireIdentity(context.db)
 
+  if (!config.platformPublicKey) {
+    throw new ORPCError('PRECONDITION_FAILED', {
+      message: 'Platform public key is not configured. Call config.setPlatformPublicKey first.',
+    })
+  }
+
   const deviceInfoJson = JSON.stringify({
-    licence: config.licence,
+    licence: config.licenceId,
     fingerprint: config.fingerprint,
   })
 
-  const encrypted = rsaOaepEncrypt(deviceInfoJson, input.platformPublicKey)
+  const encrypted = rsaOaepEncrypt(deviceInfoJson, config.platformPublicKey)
   return { encrypted }
 })
 
 export const decryptTask = os.crypto.decryptTask.use(db).handler(async ({ context, input }) => {
   const config = await requireIdentity(context.db)
 
-  const key = sha256(config.licence + config.fingerprint)
+  const key = sha256(config.licenceId + config.fingerprint)
   const decrypted = aesGcmDecrypt(input.encryptedData, key)
   return { decrypted }
 })
@@ -57,7 +90,7 @@ export const decryptTask = os.crypto.decryptTask.use(db).handler(async ({ contex
 export const encryptSummary = os.crypto.encryptSummary.use(db).handler(async ({ context, input }) => {
   const config = await requireIdentity(context.db)
 
-  const ikm = config.licence + config.fingerprint
+  const ikm = config.licenceId + config.fingerprint
   const aesKey = hkdfSha256(ikm, input.salt, 'inspection_report_encryption')
   const encrypted = aesGcmEncrypt(input.plaintext, aesKey)
   return { encrypted }
@@ -91,7 +124,7 @@ export const signAndPackReport = os.crypto.signAndPackReport.use(db).handler(asy
 
   let rawJson: unknown
   try {
-    rawJson = JSON.parse(Buffer.from(summaryFile.bytes).toString('utf-8'))
+    rawJson = losslessParse(Buffer.from(summaryFile.bytes).toString('utf-8'), undefined, safeNumberParser)
   } catch {
     throw new ORPCError('BAD_REQUEST', {
       message: 'summary.json in the ZIP is not valid JSON',
@@ -106,43 +139,58 @@ export const signAndPackReport = os.crypto.signAndPackReport.use(db).handler(asy
   }
 
   const summaryPayload = parsed.data
-  const checkId = summaryPayload.checkId ?? summaryPayload.inspectionId ?? ''
+  const checkId = String(summaryPayload.checkId ?? summaryPayload.inspectionId ?? '')
-  const signingContext = `${summaryPayload.taskId}${checkId}`
+  const orgId = summaryPayload.orgId ?? summaryPayload.enterpriseId ?? ''
+
+  // Helper: find file in ZIP and compute its SHA256 hash
+  const requireFileHash = (name: string): string => {
+    const file = zipFiles.find((f) => f.name === name)
+    if (!file) {
+      throw new ORPCError('BAD_REQUEST', { message: `rawZip must contain ${name}` })
+    }
+    return sha256Hex(Buffer.from(file.bytes))
+  }
+
+  // Compute SHA256 of each content file (fixed order, matching Kotlin reference)
+  const assetsSha256 = requireFileHash('assets.json')
+  const vulnerabilitiesSha256 = requireFileHash('vulnerabilities.json')
+  const weakPasswordsSha256 = requireFileHash('weakPasswords.json')
+  const reportHtmlSha256 = requireFileHash('漏洞评估报告.html')
 
   // Compute device signature
-  const ikm = config.licence + config.fingerprint
+  // signPayload = taskId + inspectionId + assetsSha256 + vulnerabilitiesSha256 + weakPasswordsSha256 + reportHtmlSha256
+  // (plain concatenation, no separators, fixed order — matching Kotlin reference)
+  const ikm = config.licenceId + config.fingerprint
   const signingKey = hkdfSha256(ikm, 'AUTH_V3_SALT', 'device_report_signature')
 
-  const fileHashEntries = zipFiles
+  const signPayload = `${summaryPayload.taskId}${checkId}${assetsSha256}${vulnerabilitiesSha256}${weakPasswordsSha256}${reportHtmlSha256}`
-    .map((item) => ({
-      name: item.name,
-      hash: sha256Hex(Buffer.from(item.bytes)),
-    }))
-    .sort((a, b) => a.name.localeCompare(b.name, 'en'))
-
-  const hashPayload = fileHashEntries.map((item) => `${item.name}:${item.hash}`).join('|')
-  const signPayload = `${signingContext}|${hashPayload}`
   const deviceSignature = hmacSha256Base64(signingKey, signPayload)
 
-  // Build final summary.json with device signature and identity
+  // Build final summary.json with flat structure (matching Kotlin reference)
   const finalSummary = {
-    deviceSignature,
+    orgId: toLosslessNumber(String(orgId)),
-    signingContext,
+    checkId: toLosslessNumber(checkId),
-    licence: config.licence,
+    taskId: summaryPayload.taskId,
+    licence: config.licenceId,
     fingerprint: config.fingerprint,
-    payload: summaryPayload,
+    deviceSignature,
-    timestamp: Date.now(),
+    summary: summaryPayload.summary ?? '',
   }
-  const summaryBytes = Buffer.from(JSON.stringify(finalSummary), 'utf-8')
+  const summaryJson = losslessStringify(finalSummary)
+  if (!summaryJson) {
+    throw new ORPCError('INTERNAL_SERVER_ERROR', {
+      message: 'Failed to serialize summary.json',
+    })
+  }
+  const summaryBytes = Buffer.from(summaryJson, 'utf-8')
 
-  // Build manifest.json
+  // Build manifest.json (fixed file list, matching Kotlin reference)
   const manifestFiles: Record<string, string> = {
     'summary.json': sha256Hex(summaryBytes),
-  }
+    'assets.json': assetsSha256,
-  for (const item of fileHashEntries) {
+    'vulnerabilities.json': vulnerabilitiesSha256,
-    if (item.name !== 'summary.json') {
+    'weakPasswords.json': weakPasswordsSha256,
-      manifestFiles[item.name] = item.hash
+    '漏洞评估报告.html': reportHtmlSha256,
-    }
   }
 
   const manifestBytes = Buffer.from(JSON.stringify({ files: manifestFiles }, null, 2), 'utf-8')

apps/server/src/server/db/schema/ux-config.ts

@@ -4,7 +4,11 @@ import { generatedFields } from '../fields'
 export const uxConfigTable = sqliteTable('ux_config', {
   ...generatedFields,
   singletonKey: text('singleton_key').notNull().unique().default('default'),
-  licence: text('licence'),
+  licencePayload: text('licence_payload'),
+  licenceSignature: text('licence_signature'),
+  licenceId: text('licence_id'),
+  licenceExpireTime: text('licence_expire_time'),
   fingerprint: text('fingerprint').notNull(),
+  platformPublicKey: text('platform_public_key'),
   pgpPrivateKey: text('pgp_private_key'),
 })

apps/server/src/server/licence.test.ts

@@ -0,0 +1,32 @@
+import { describe, expect, it } from 'bun:test'
+import { constants, createSign, generateKeyPairSync } from 'node:crypto'
+import { decodeLicencePayload, isLicenceExpired, verifyAndDecodeLicenceEnvelope } from './licence'
+
+describe('licence helpers', () => {
+  it('verifies payload signatures and decodes payload JSON', () => {
+    const { privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: 2048 })
+    const payloadJson = JSON.stringify({ licence_id: 'LIC-20260319-0025', expire_time: '2027-03-19' })
+    const payload = Buffer.from(payloadJson, 'utf-8').toString('base64')
+
+    const signer = createSign('RSA-SHA256')
+    signer.update(Buffer.from(payload, 'utf-8'))
+    signer.end()
+
+    const signature = signer.sign({ key: privateKey, padding: constants.RSA_PKCS1_PADDING }).toString('base64')
+    const publicKeyBase64 = publicKey.export({ format: 'der', type: 'spki' }).toString('base64')
+
+    expect(verifyAndDecodeLicenceEnvelope({ payload, signature }, publicKeyBase64)).toEqual({
+      licence_id: 'LIC-20260319-0025',
+      expire_time: '2027-03-19',
+    })
+  })
+
+  it('treats expire_time as valid through the end of the UTC day', () => {
+    expect(isLicenceExpired('2027-03-19', new Date('2027-03-19T23:59:59.999Z'))).toBe(false)
+    expect(isLicenceExpired('2027-03-19', new Date('2027-03-20T00:00:00.000Z'))).toBe(true)
+  })
+
+  it('rejects malformed payloads', () => {
+    expect(() => decodeLicencePayload('not-base64')).toThrow('payload must be valid Base64')
+  })
+})

apps/server/src/server/licence.ts

@@ -0,0 +1,94 @@
+import { rsaVerifySignature } from '@furtherverse/crypto'
+import { z } from 'zod'
+
+const BASE64_PATTERN = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/
+const DATE_PATTERN = /^(\d{4})-(\d{2})-(\d{2})$/
+
+export const licenceEnvelopeSchema = z.object({
+  payload: z.string().min(1).max(8192).describe('Base64 编码的 licence payload 原文'),
+  signature: z.string().min(1).max(8192).describe('对 payload 字符串 UTF-8 字节做 SHA256withRSA 后得到的 Base64 签名'),
+})
+
+export const licencePayloadSchema = z
+  .object({
+    licence_id: z.string().min(1).describe('验签通过后的 licence 标识'),
+    expire_time: z
+      .string()
+      .regex(DATE_PATTERN, 'expire_time must use YYYY-MM-DD')
+      .describe('授权到期日，格式为 YYYY-MM-DD（按 UTC 自然日末尾失效）'),
+  })
+  .loose()
+
+export type LicenceEnvelope = z.infer<typeof licenceEnvelopeSchema>
+export type LicencePayload = z.infer<typeof licencePayloadSchema>
+
+const decodeBase64 = (value: string, fieldName: string): Buffer => {
+  if (!BASE64_PATTERN.test(value)) {
+    throw new Error(`${fieldName} must be valid Base64`)
+  }
+
+  return Buffer.from(value, 'base64')
+}
+
+const parseUtcDate = (value: string): Date => {
+  const match = DATE_PATTERN.exec(value)
+  if (!match) {
+    throw new Error('expire_time must use YYYY-MM-DD')
+  }
+
+  const [, yearText, monthText, dayText] = match
+  const year = Number(yearText)
+  const month = Number(monthText)
+  const day = Number(dayText)
+  const parsed = new Date(Date.UTC(year, month - 1, day))
+
+  if (
+    Number.isNaN(parsed.getTime()) ||
+    parsed.getUTCFullYear() !== year ||
+    parsed.getUTCMonth() !== month - 1 ||
+    parsed.getUTCDate() !== day
+  ) {
+    throw new Error('expire_time is not a valid calendar date')
+  }
+
+  return parsed
+}
+
+export const isLicenceExpired = (expireTime: string, now = new Date()): boolean => {
+  const expireDate = parseUtcDate(expireTime)
+  const expiresAt = Date.UTC(expireDate.getUTCFullYear(), expireDate.getUTCMonth(), expireDate.getUTCDate() + 1)
+
+  return now.getTime() >= expiresAt
+}
+
+export const decodeLicencePayload = (payloadBase64: string): LicencePayload => {
+  const decodedJson = decodeBase64(payloadBase64, 'payload').toString('utf-8')
+
+  let rawPayload: unknown
+  try {
+    rawPayload = JSON.parse(decodedJson)
+  } catch {
+    throw new Error('payload must decode to valid JSON')
+  }
+
+  const parsedPayload = licencePayloadSchema.safeParse(rawPayload)
+  if (!parsedPayload.success) {
+    throw new Error(z.prettifyError(parsedPayload.error))
+  }
+
+  return parsedPayload.data
+}
+
+export const verifyLicenceEnvelopeSignature = (envelope: LicenceEnvelope, publicKeyBase64: string): void => {
+  const signatureBytes = decodeBase64(envelope.signature, 'signature')
+  const isValid = rsaVerifySignature(Buffer.from(envelope.payload, 'utf-8'), signatureBytes, publicKeyBase64)
+
+  if (!isValid) {
+    throw new Error('licence signature is invalid')
+  }
+}
+
+export const verifyAndDecodeLicenceEnvelope = (envelope: LicenceEnvelope, publicKeyBase64: string): LicencePayload => {
+  verifyLicenceEnvelopeSignature(envelope, publicKeyBase64)
+  return decodeLicencePayload(envelope.payload)
+}

apps/server/src/server/ux-config.ts

@@ -32,17 +32,37 @@ export const ensureUxConfig = async (db: DB) => {
     .values({
       singletonKey: UX_CONFIG_KEY,
       fingerprint,
-      licence: null,
+      licencePayload: null,
+      licenceSignature: null,
+      licenceId: null,
+      licenceExpireTime: null,
     })
     .returning()
 
   return rows[0] as (typeof rows)[number]
 }
 
-export const setUxLicence = async (db: DB, licence: string) => {
+export const setUxLicence = async (
+  db: DB,
+  licence: {
+    payload: string
+    signature: string
+    licenceId: string
+    expireTime: string
+  },
+) => {
   const config = await ensureUxConfig(db)
 
-  const rows = await db.update(uxConfigTable).set({ licence }).where(eq(uxConfigTable.id, config.id)).returning()
+  const rows = await db
+    .update(uxConfigTable)
+    .set({
+      licencePayload: licence.payload,
+      licenceSignature: licence.signature,
+      licenceId: licence.licenceId,
+      licenceExpireTime: licence.expireTime,
+    })
+    .where(eq(uxConfigTable.id, config.id))
+    .returning()
 
   return rows[0] as (typeof rows)[number]
 }
@@ -54,3 +74,26 @@ export const setUxPgpPrivateKey = async (db: DB, pgpPrivateKey: string) => {
 
   return rows[0] as (typeof rows)[number]
 }
+
+export const setUxPlatformPublicKey = async (db: DB, platformPublicKey: string) => {
+  const config = await ensureUxConfig(db)
+  const shouldClearLicence = config.platformPublicKey !== platformPublicKey
+
+  const rows = await db
+    .update(uxConfigTable)
+    .set({
+      platformPublicKey,
+      ...(shouldClearLicence
+        ? {
+            licencePayload: null,
+            licenceSignature: null,
+            licenceId: null,
+            licenceExpireTime: null,
+          }
+        : {}),
+    })
+    .where(eq(uxConfigTable.id, config.id))
+    .returning()
+
+  return rows[0] as (typeof rows)[number]
+}

bun.lock

@@ -5,8 +5,8 @@
     "": {
       "name": "@furtherverse/monorepo",
       "devDependencies": {
-        "@biomejs/biome": "^2.4.5",
+        "@biomejs/biome": "^2.4.7",
-        "turbo": "^2.8.13",
+        "turbo": "^2.8.17",
         "typescript": "^5.9.3",
       },
     },
@@ -49,6 +49,7 @@
         "@tanstack/react-start": "catalog:",
         "drizzle-orm": "catalog:",
         "jszip": "catalog:",
+        "lossless-json": "catalog:",
         "react": "catalog:",
         "react-dom": "catalog:",
         "systeminformation": "catalog:",
@@ -94,25 +95,25 @@
     "@types/node": "catalog:",
   },
   "catalog": {
-    "@orpc/client": "^1.13.6",
+    "@orpc/client": "^1.13.7",
-    "@orpc/contract": "^1.13.6",
+    "@orpc/contract": "^1.13.7",
-    "@orpc/openapi": "^1.13.6",
+    "@orpc/openapi": "^1.13.7",
-    "@orpc/server": "^1.13.6",
+    "@orpc/server": "^1.13.7",
-    "@orpc/tanstack-query": "^1.13.6",
+    "@orpc/tanstack-query": "^1.13.7",
-    "@orpc/zod": "^1.13.6",
+    "@orpc/zod": "^1.13.7",
     "@t3-oss/env-core": "^0.13.10",
     "@tailwindcss/vite": "^4.2.1",
-    "@tanstack/devtools-vite": "^0.5.3",
+    "@tanstack/devtools-vite": "^0.5.5",
-    "@tanstack/react-devtools": "^0.9.9",
+    "@tanstack/react-devtools": "^0.9.13",
     "@tanstack/react-query": "^5.90.21",
     "@tanstack/react-query-devtools": "^5.91.3",
-    "@tanstack/react-router": "^1.166.2",
+    "@tanstack/react-router": "^1.167.3",
-    "@tanstack/react-router-devtools": "^1.166.2",
+    "@tanstack/react-router-devtools": "^1.166.9",
-    "@tanstack/react-router-ssr-query": "^1.166.2",
+    "@tanstack/react-router-ssr-query": "^1.166.9",
-    "@tanstack/react-start": "^1.166.2",
+    "@tanstack/react-start": "^1.166.14",
     "@types/bun": "^1.3.10",
-    "@types/node": "^24.11.0",
+    "@types/node": "^24.12.0",
-    "@vitejs/plugin-react": "^5.1.4",
+    "@vitejs/plugin-react": "^5.2.0",
     "babel-plugin-react-compiler": "^1.0.0",
     "drizzle-kit": "1.0.0-beta.15-859cf75",
     "drizzle-orm": "1.0.0-beta.15-859cf75",
@@ -120,16 +121,17 @@
     "electron-builder": "^26.8.1",
     "electron-vite": "^5.0.0",
     "jszip": "^3.10.1",
-    "motion": "^12.35.0",
+    "lossless-json": "^4.3.0",
-    "nitro": "npm:nitro-nightly@3.0.1-20260227-181935-bfbb207c",
+    "motion": "^12.36.0",
+    "nitro": "npm:nitro-nightly@3.0.1-20260315-195328-c31268c6",
     "openpgp": "^6.0.1",
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
-    "systeminformation": "^5.31.3",
+    "systeminformation": "^5.31.4",
     "tailwindcss": "^4.2.1",
     "tree-kill": "^1.2.2",
     "uuid": "^13.0.0",
-    "vite": "^8.0.0-beta.16",
+    "vite": "^8.0.0",
     "vite-tsconfig-paths": "^6.1.1",
     "zod": "^4.3.6",
   },
@@ -214,23 +216,23 @@
 
     "@babel/types": ["@babel/types@7.29.0", "", { "dependencies": { "@babel/helper-string-parser": "^7.27.1", "@babel/helper-validator-identifier": "^7.28.5" } }, "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A=="],
 
-    "@biomejs/biome": ["@biomejs/biome@2.4.5", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.4.5", "@biomejs/cli-darwin-x64": "2.4.5", "@biomejs/cli-linux-arm64": "2.4.5", "@biomejs/cli-linux-arm64-musl": "2.4.5", "@biomejs/cli-linux-x64": "2.4.5", "@biomejs/cli-linux-x64-musl": "2.4.5", "@biomejs/cli-win32-arm64": "2.4.5", "@biomejs/cli-win32-x64": "2.4.5" }, "bin": { "biome": "bin/biome" } }, "sha512-OWNCyMS0Q011R6YifXNOg6qsOg64IVc7XX6SqGsrGszPbkVCoaO7Sr/lISFnXZ9hjQhDewwZ40789QmrG0GYgQ=="],
+    "@biomejs/biome": ["@biomejs/biome@2.4.7", "", { "optionalDependencies": { "@biomejs/cli-darwin-arm64": "2.4.7", "@biomejs/cli-darwin-x64": "2.4.7", "@biomejs/cli-linux-arm64": "2.4.7", "@biomejs/cli-linux-arm64-musl": "2.4.7", "@biomejs/cli-linux-x64": "2.4.7", "@biomejs/cli-linux-x64-musl": "2.4.7", "@biomejs/cli-win32-arm64": "2.4.7", "@biomejs/cli-win32-x64": "2.4.7" }, "bin": { "biome": "bin/biome" } }, "sha512-vXrgcmNGZ4lpdwZSpMf1hWw1aWS6B+SyeSYKTLrNsiUsAdSRN0J4d/7mF3ogJFbIwFFSOL3wT92Zzxia/d5/ng=="],
 
-    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.4.5", "", { "os": "darwin", "cpu": "arm64" }, "sha512-lGS4Nd5O3KQJ6TeWv10mElnx1phERhBxqGP/IKq0SvZl78kcWDFMaTtVK+w3v3lusRFxJY78n07PbKplirsU5g=="],
+    "@biomejs/cli-darwin-arm64": ["@biomejs/cli-darwin-arm64@2.4.7", "", { "os": "darwin", "cpu": "arm64" }, "sha512-Oo0cF5mHzmvDmTXw8XSjhCia8K6YrZnk7aCS54+/HxyMdZMruMO3nfpDsrlar/EQWe41r1qrwKiCa2QDYHDzWA=="],
 
-    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.4.5", "", { "os": "darwin", "cpu": "x64" }, "sha512-6MoH4tyISIBNkZ2Q5T1R7dLd5BsITb2yhhhrU9jHZxnNSNMWl+s2Mxu7NBF8Y3a7JJcqq9nsk8i637z4gqkJxQ=="],
+    "@biomejs/cli-darwin-x64": ["@biomejs/cli-darwin-x64@2.4.7", "", { "os": "darwin", "cpu": "x64" }, "sha512-I+cOG3sd/7HdFtvDSnF9QQPrWguUH7zrkIMMykM3PtfWU9soTcS2yRb9Myq6MHmzbeCT08D1UmY+BaiMl5CcoQ=="],
 
-    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.4.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-U1GAG6FTjhAO04MyH4xn23wRNBkT6H7NentHh+8UxD6ShXKBm5SY4RedKJzkUThANxb9rUKIPc7B8ew9Xo/cWg=="],
+    "@biomejs/cli-linux-arm64": ["@biomejs/cli-linux-arm64@2.4.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-om6FugwmibzfP/6ALj5WRDVSND4H2G9X0nkI1HZpp2ySf9lW2j0X68oQSaHEnls6666oy4KDsc5RFjT4m0kV0w=="],
 
-    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.4.5", "", { "os": "linux", "cpu": "arm64" }, "sha512-iqLDgpzobG7gpBF0fwEVS/LT8kmN7+S0E2YKFDtqliJfzNLnAiV2Nnyb+ehCDCJgAZBASkYHR2o60VQWikpqIg=="],
+    "@biomejs/cli-linux-arm64-musl": ["@biomejs/cli-linux-arm64-musl@2.4.7", "", { "os": "linux", "cpu": "arm64" }, "sha512-I2NvM9KPb09jWml93O2/5WMfNR7Lee5Latag1JThDRMURVhPX74p9UDnyTw3Ae6cE1DgXfw7sqQgX7rkvpc0vw=="],
 
-    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.4.5", "", { "os": "linux", "cpu": "x64" }, "sha512-NdODlSugMzTlENPTa4z0xB82dTUlCpsrOxc43///aNkTLblIYH4XpYflBbf5ySlQuP8AA4AZd1qXhV07IdrHdQ=="],
+    "@biomejs/cli-linux-x64": ["@biomejs/cli-linux-x64@2.4.7", "", { "os": "linux", "cpu": "x64" }, "sha512-bV8/uo2Tj+gumnk4sUdkerWyCPRabaZdv88IpbmDWARQQoA/Q0YaqPz1a+LSEDIL7OfrnPi9Hq1Llz4ZIGyIQQ=="],
 
-    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.4.5", "", { "os": "linux", "cpu": "x64" }, "sha512-NlKa7GpbQmNhZf9kakQeddqZyT7itN7jjWdakELeXyTU3pg/83fTysRRDPJD0akTfKDl6vZYNT9Zqn4MYZVBOA=="],
+    "@biomejs/cli-linux-x64-musl": ["@biomejs/cli-linux-x64-musl@2.4.7", "", { "os": "linux", "cpu": "x64" }, "sha512-00kx4YrBMU8374zd2wHuRV5wseh0rom5HqRND+vDldJPrWwQw+mzd/d8byI9hPx926CG+vWzq6AeiT7Yi5y59g=="],
 
-    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.4.5", "", { "os": "win32", "cpu": "arm64" }, "sha512-EBfrTqRIWOFSd7CQb/0ttjHMR88zm3hGravnDwUA9wHAaCAYsULKDebWcN5RmrEo1KBtl/gDVJMrFjNR0pdGUw=="],
+    "@biomejs/cli-win32-arm64": ["@biomejs/cli-win32-arm64@2.4.7", "", { "os": "win32", "cpu": "arm64" }, "sha512-hOUHBMlFCvDhu3WCq6vaBoG0dp0LkWxSEnEEsxxXvOa9TfT6ZBnbh72A/xBM7CBYB7WgwqboetzFEVDnMxelyw=="],
 
-    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.4.5", "", { "os": "win32", "cpu": "x64" }, "sha512-Pmhv9zT95YzECfjEHNl3mN9Vhusw9VA5KHY0ZvlGsxsjwS5cb7vpRnHzJIv0vG7jB0JI7xEaMH9ddfZm/RozBw=="],
+    "@biomejs/cli-win32-x64": ["@biomejs/cli-win32-x64@2.4.7", "", { "os": "win32", "cpu": "x64" }, "sha512-qEpGjSkPC3qX4ycbMUthXvi9CkRq7kZpkqMY1OyhmYlYLnANnooDQ7hDerM8+0NJ+DZKVnsIc07h30XOpt7LtQ=="],
 
     "@develar/schema-utils": ["@develar/schema-utils@2.6.5", "", { "dependencies": { "ajv": "^6.12.0", "ajv-keywords": "^3.4.1" } }, "sha512-0cp4PsWQ/9avqTVMCtZ+GirikIA36ikvjtHweU4/j8yLtgObI0+JUPhYFScgwlteveGB1rt3Cm8UhN04XayDig=="],
 
@@ -354,37 +356,37 @@
 
     "@oozcitak/util": ["@oozcitak/util@10.0.0", "", {}, "sha512-hAX0pT/73190NLqBPPWSdBVGtbY6VOhWYK3qqHqtXQ1gK7kS2yz4+ivsN07hpJ6I3aeMtKP6J6npsEKOAzuTLA=="],
 
-    "@orpc/client": ["@orpc/client@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "@orpc/standard-server-fetch": "1.13.6", "@orpc/standard-server-peer": "1.13.6" } }, "sha512-M6lYM6fJUFp9GR+It/qglYTeXwspb6sGj46xXWHqHS6iDVquqju0bdYuLOfHx8CGJcUSzi0aKUcqMXiGJhBG3w=="],
+    "@orpc/client": ["@orpc/client@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "@orpc/standard-server-fetch": "1.13.7", "@orpc/standard-server-peer": "1.13.7" } }, "sha512-qqmS28q0GOo9sfTstAc6cy0NoitYvdwZlgGBLXDgXsHNtSkkSm3nI5M1ohgWYpSL+lfP/jWriTbJJrBYPzyCiQ=="],
 
-    "@orpc/contract": ["@orpc/contract@1.13.6", "", { "dependencies": { "@orpc/client": "1.13.6", "@orpc/shared": "1.13.6", "@standard-schema/spec": "^1.1.0", "openapi-types": "^12.1.3" } }, "sha512-wjnpKMsCBbUE7MxdS+9by1BIDTJ4vnfUk9he4GmxKQ8fvK/MRNHUR5jkNhsBCoLnigBrsAedHrr9AIqNgqquyQ=="],
+    "@orpc/contract": ["@orpc/contract@1.13.7", "", { "dependencies": { "@orpc/client": "1.13.7", "@orpc/shared": "1.13.7", "@standard-schema/spec": "^1.1.0", "openapi-types": "^12.1.3" } }, "sha512-zRm+5tvn8DVM4DHJVxQEiuoM7mGdlgIQzRjTqnJMBRV0+rBNyZniokZCGwfJHKCjtBaAtJWieuJLQ+dFj3gbcw=="],
 
-    "@orpc/interop": ["@orpc/interop@1.13.6", "", {}, "sha512-m28QpydaYIAkP9lRfwX8lRCxbdsqn734F/bSiS0yuakSCv+PP10SXBUkt4w+OkvZxdxRpj0pOJFJP8F5O0nAoA=="],
+    "@orpc/interop": ["@orpc/interop@1.13.7", "", {}, "sha512-mIO/g0el/yJ19Z73MW9au4SmPlZcuM1WSCXpZUBmU2wtJfY32bakUkC+V2J47xDvknMEAEpMHxwCiEhIjbzflg=="],
 
-    "@orpc/json-schema": ["@orpc/json-schema@1.13.6", "", { "dependencies": { "@orpc/contract": "1.13.6", "@orpc/interop": "1.13.6", "@orpc/openapi": "1.13.6", "@orpc/server": "1.13.6", "@orpc/shared": "1.13.6", "json-schema-typed": "^8.0.2" } }, "sha512-kvih/ZN9FzUq18zLpAaU/tngg/OOQW6lQtqX7xza+gq1th8Js3mrI/E+6H+C4Exdx4sWdMpVna2PdA2T8igplw=="],
+    "@orpc/json-schema": ["@orpc/json-schema@1.13.7", "", { "dependencies": { "@orpc/contract": "1.13.7", "@orpc/interop": "1.13.7", "@orpc/openapi": "1.13.7", "@orpc/server": "1.13.7", "@orpc/shared": "1.13.7", "json-schema-typed": "^8.0.2" } }, "sha512-VELNkyne3RLz5l4tEs9FlNubbbfBmPJjHPCchYmeLGoeBH8bST08Hqj9mRzQ4TpplCY+L3tqTVl0s4QUVBB0qw=="],
 
-    "@orpc/openapi": ["@orpc/openapi@1.13.6", "", { "dependencies": { "@orpc/client": "1.13.6", "@orpc/contract": "1.13.6", "@orpc/interop": "1.13.6", "@orpc/openapi-client": "1.13.6", "@orpc/server": "1.13.6", "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "json-schema-typed": "^8.0.2", "rou3": "^0.7.12" } }, "sha512-biqyRD9nZL+YOZ74k0Dbw6BIoa6liTk/tsGgIt2rfjztyElFwPnHeZ0OMrgaHnUGVYUTRSKL5dQlRmfp5LTeGg=="],
+    "@orpc/openapi": ["@orpc/openapi@1.13.7", "", { "dependencies": { "@orpc/client": "1.13.7", "@orpc/contract": "1.13.7", "@orpc/interop": "1.13.7", "@orpc/openapi-client": "1.13.7", "@orpc/server": "1.13.7", "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "json-schema-typed": "^8.0.2", "rou3": "^0.7.12" } }, "sha512-e7VCHxFZbTjR/+CKZM7TrwqSWDEppwiAOXyEN3uJxOalsrHhpxXrwTxvRc0+xo2HMgjVYlNO1F+mTeNh0YZKvA=="],
 
-    "@orpc/openapi-client": ["@orpc/openapi-client@1.13.6", "", { "dependencies": { "@orpc/client": "1.13.6", "@orpc/contract": "1.13.6", "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6" } }, "sha512-d1bAWpJSoK1HdVBPRmMlYCuqkR2nbdF3kztd7Xz2EsRdl5TRhNLqUJ+5CIfBZHuueicrpdBlwrOuLMmSlcGrew=="],
+    "@orpc/openapi-client": ["@orpc/openapi-client@1.13.7", "", { "dependencies": { "@orpc/client": "1.13.7", "@orpc/contract": "1.13.7", "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7" } }, "sha512-0oWElGEtZ/EbfwOliMI6PccALpi8tp3aOyU746kJQRKTkSAwGohyRvfRA1R7BLbA3xwHTdNYB6ThaeYLvqiA0g=="],
 
-    "@orpc/server": ["@orpc/server@1.13.6", "", { "dependencies": { "@orpc/client": "1.13.6", "@orpc/contract": "1.13.6", "@orpc/interop": "1.13.6", "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "@orpc/standard-server-aws-lambda": "1.13.6", "@orpc/standard-server-fastify": "1.13.6", "@orpc/standard-server-fetch": "1.13.6", "@orpc/standard-server-node": "1.13.6", "@orpc/standard-server-peer": "1.13.6", "cookie": "^1.1.1" }, "peerDependencies": { "crossws": ">=0.3.4", "ws": ">=8.18.1" }, "optionalPeers": ["crossws", "ws"] }, "sha512-58NaUE8sppxxpKDyEYtkR65jOSK9ycwP9TMqkvdHEg33wR17FDHIDws9iNDAo17l4bYGWgPKZtMn6ruRpJjTKQ=="],
+    "@orpc/server": ["@orpc/server@1.13.7", "", { "dependencies": { "@orpc/client": "1.13.7", "@orpc/contract": "1.13.7", "@orpc/interop": "1.13.7", "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "@orpc/standard-server-aws-lambda": "1.13.7", "@orpc/standard-server-fastify": "1.13.7", "@orpc/standard-server-fetch": "1.13.7", "@orpc/standard-server-node": "1.13.7", "@orpc/standard-server-peer": "1.13.7", "cookie": "^1.1.1" }, "peerDependencies": { "crossws": ">=0.3.4", "ws": ">=8.18.1" }, "optionalPeers": ["crossws", "ws"] }, "sha512-M0HimrQ0L/7OBwyVBZddUvKtx+du95QPv+wTxVRibU4P6TwgdmKJrLOwCOhGtMbieSQXHDBacscUWA6QDdUm3Q=="],
 
-    "@orpc/shared": ["@orpc/shared@1.13.6", "", { "dependencies": { "radash": "^12.1.1", "type-fest": "^5.4.4" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0" }, "optionalPeers": ["@opentelemetry/api"] }, "sha512-XqpXPgmtkg2tviDXZC13Y4a3B0D5r1yuG4Q2qPG3gM1dargxob6/aSIeKE6rs1tNXOoI+IpJaGV53EWWB+x+iA=="],
+    "@orpc/shared": ["@orpc/shared@1.13.7", "", { "dependencies": { "radash": "^12.1.1", "type-fest": "^5.4.4" }, "peerDependencies": { "@opentelemetry/api": ">=1.9.0" }, "optionalPeers": ["@opentelemetry/api"] }, "sha512-yP0oDIC98sZHqSTmr4SUXJo4RNw9yias1GYVJTiVTXrRUEdniafkLrSkOrOHgrILP3w93sKiE69V3+/T0TNSOQ=="],
 
-    "@orpc/standard-server": ["@orpc/standard-server@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6" } }, "sha512-GNYZXCWxYLVHsxBWR+bg5F12vDCsQghqxbqoFpMnA4goe58dugNWmuxM+aSDbI0D81YxkKDULSqft5S+GWi5ww=="],
+    "@orpc/standard-server": ["@orpc/standard-server@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7" } }, "sha512-5btxVTRAtgl9lmzg1XTCJYT8qd2QAAwcQ6XRvGXgLz56rSUCMf2vl3WeWPwlwiXXpueNvucPea/CaRGhJ9ZTeQ=="],
 
-    "@orpc/standard-server-aws-lambda": ["@orpc/standard-server-aws-lambda@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "@orpc/standard-server-fetch": "1.13.6", "@orpc/standard-server-node": "1.13.6" } }, "sha512-62/53mepru9yDet1AUxUsQ5NdAGbBsobX8UDHSF0qFUsS6RcYcSV7lHNS8vNozGwxzQ8zyn8x+47RItZDd4Akg=="],
+    "@orpc/standard-server-aws-lambda": ["@orpc/standard-server-aws-lambda@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "@orpc/standard-server-fetch": "1.13.7", "@orpc/standard-server-node": "1.13.7" } }, "sha512-92WfdR2f3RvYarDW0JAGLzq68yOqNimD162/7DEddR8K1NlgWd+l6aAyCODnfXEj1tguS5/8xXbLUlXojXhhxw=="],
 
-    "@orpc/standard-server-fastify": ["@orpc/standard-server-fastify@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "@orpc/standard-server-node": "1.13.6" }, "peerDependencies": { "fastify": ">=5.6.1" }, "optionalPeers": ["fastify"] }, "sha512-1YnVbkriAJLI4SAP8NiDr1kQ3iaDwcYKPHaEk0fq0MKV64HfafL2ftnGwBKRKGp/TLeYTCvwtgwiRJ13Dw4sPw=="],
+    "@orpc/standard-server-fastify": ["@orpc/standard-server-fastify@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "@orpc/standard-server-node": "1.13.7" }, "peerDependencies": { "fastify": ">=5.6.1" }, "optionalPeers": ["fastify"] }, "sha512-2I9yc+OUqf3J9hxys4MiR12eB5uhbEX+eFQ00VQROkMhWjjjj6Gp8eOVS+LlatrWDpD1Rn+VVqyi9yNpaFoviQ=="],
 
-    "@orpc/standard-server-fetch": ["@orpc/standard-server-fetch@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6" } }, "sha512-O0bK4crjEOU9H4LzJ2abMjku3dvEhs8tcLXP/W5NXyH+Wm7qjBjDr6psxZ3YuaWdVbfd/P7CHtvw2rQDHJCNfQ=="],
+    "@orpc/standard-server-fetch": ["@orpc/standard-server-fetch@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7" } }, "sha512-Hj+41HAlao+JXuLffeLrPiADu8mhGqwVB34lf+JSLKGtZhxaX4n4MeZMYhFioExXC+/tanvSrbKKkJimfznIWQ=="],
 
-    "@orpc/standard-server-node": ["@orpc/standard-server-node@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6", "@orpc/standard-server-fetch": "1.13.6" } }, "sha512-Q71ijpi7kLjn222uYKg7ZOr6yxcDoszAtVz7gHmSbNBdhB/7pF7NkJLxlL/MKbpM1YBSm4/lZyi7WDuhDLf1TA=="],
+    "@orpc/standard-server-node": ["@orpc/standard-server-node@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7", "@orpc/standard-server-fetch": "1.13.7" } }, "sha512-ruRSytJhdDnab5rPdyBE6FYZBXdhdkFCEB9okekLUlIJ9BVhkOBe3JNO41iJlGf8JOVdBeO9lJTG/ShauofZQA=="],
 
-    "@orpc/standard-server-peer": ["@orpc/standard-server-peer@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6", "@orpc/standard-server": "1.13.6" } }, "sha512-WTqjNS6A9sxR4HVxWUb9ZoBHeQiesHeANmVBFdM/QjAaPUZYKn6WACYU6Q2eGmsCUeTQFfMssk0BG2EsgRNEYw=="],
+    "@orpc/standard-server-peer": ["@orpc/standard-server-peer@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7", "@orpc/standard-server": "1.13.7" } }, "sha512-mbjmkEVGtsWvGBBEieUuXdX+MAzllQZ0D9Z79kU4Ns9sVaBcvjCYSrL29/iXcYqVGTx23LS9PaYnIurAQejzSQ=="],
 
-    "@orpc/tanstack-query": ["@orpc/tanstack-query@1.13.6", "", { "dependencies": { "@orpc/shared": "1.13.6" }, "peerDependencies": { "@orpc/client": "1.13.6", "@tanstack/query-core": ">=5.80.2" } }, "sha512-OBseuArjkAobKtKLVdzpepiS0fhc0TzW0O0Jixt1gkhkCiWG1xK8z0gZ7daQ85UBXRIoI9SXzwXhl+HVP+j14w=="],
+    "@orpc/tanstack-query": ["@orpc/tanstack-query@1.13.7", "", { "dependencies": { "@orpc/shared": "1.13.7" }, "peerDependencies": { "@orpc/client": "1.13.7", "@tanstack/query-core": ">=5.80.2" } }, "sha512-MBxs86GBMjI5DXemTXn9W5jvgYEafdj33RpK5fXIrX+uEfwnJbmiWZCvFg7EOnDBUGLVnCWKLWow+tVspOFVmA=="],
 
-    "@orpc/zod": ["@orpc/zod@1.13.6", "", { "dependencies": { "@orpc/json-schema": "1.13.6", "@orpc/openapi": "1.13.6", "@orpc/shared": "1.13.6", "escape-string-regexp": "^5.0.0", "wildcard-match": "^5.1.4" }, "peerDependencies": { "@orpc/contract": "1.13.6", "@orpc/server": "1.13.6", "zod": ">=3.25.0" } }, "sha512-Sj3KQbtV1Zuy2QnSs3NrFBnuZfttmWnXb39gLarD3rEKaxE4Mugv2yXIZ7vnBOj5cL24V+ysgharU/Dl7Ro0yA=="],
+    "@orpc/zod": ["@orpc/zod@1.13.7", "", { "dependencies": { "@orpc/json-schema": "1.13.7", "@orpc/openapi": "1.13.7", "@orpc/shared": "1.13.7", "escape-string-regexp": "^5.0.0", "wildcard-match": "^5.1.4" }, "peerDependencies": { "@orpc/contract": "1.13.7", "@orpc/server": "1.13.7", "zod": ">=3.25.0" } }, "sha512-m6nA1fISfBc7E9L0MslIfJvSL5ImEXQnBbD4RbOJGnejT1AFWwH2hqeBTJIs/AFPlOHWSJcVZYJW6N65iuUIcQ=="],
 
     "@oxc-project/runtime": ["@oxc-project/runtime@0.115.0", "", {}, "sha512-Rg8Wlt5dCbXhQnsXPrkOjL1DTSvXLgb2R/KYfnf1/K+R0k6UMLEmbQXPM+kwrWqSmWA2t0B1EtHy2/3zikQpvQ=="],
 
@@ -392,31 +394,35 @@
 
     "@pkgjs/parseargs": ["@pkgjs/parseargs@0.11.0", "", {}, "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg=="],
 
-    "@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.0-rc.6", "", { "os": "android", "cpu": "arm64" }, "sha512-kvjTSWGcrv+BaR2vge57rsKiYdVR8V8CoS0vgKrc570qRBfty4bT+1X0z3j2TaVV+kAYzA0PjeB9+mdZyqUZlg=="],
+    "@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.0-rc.9", "", { "os": "android", "cpu": "arm64" }, "sha512-lcJL0bN5hpgJfSIz/8PIf02irmyL43P+j1pTCfbD1DbLkmGRuFIA4DD3B3ZOvGqG0XiVvRznbKtN0COQVaKUTg=="],
 
-    "@rolldown/binding-darwin-arm64": ["@rolldown/binding-darwin-arm64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "arm64" }, "sha512-+tJhD21KvGNtUrpLXrZQlT+j5HZKiEwR2qtcZb3vNOUpvoT9QjEykr75ZW/Kr0W89gose/HVXU6351uVZD8Qvw=="],
+    "@rolldown/binding-darwin-arm64": ["@rolldown/binding-darwin-arm64@1.0.0-rc.9", "", { "os": "darwin", "cpu": "arm64" }, "sha512-J7Zk3kLYFsLtuH6U+F4pS2sYVzac0qkjcO5QxHS7OS7yZu2LRs+IXo+uvJ/mvpyUljDJ3LROZPoQfgBIpCMhdQ=="],
 
-    "@rolldown/binding-darwin-x64": ["@rolldown/binding-darwin-x64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "x64" }, "sha512-DKNhjMk38FAWaHwUt1dFR3rA/qRAvn2NUvSG2UGvxvlMxSmN/qqww/j4ABAbXhNRXtGQNmrAINMXRuwHl16ZHg=="],
+    "@rolldown/binding-darwin-x64": ["@rolldown/binding-darwin-x64@1.0.0-rc.9", "", { "os": "darwin", "cpu": "x64" }, "sha512-iwtmmghy8nhfRGeNAIltcNXzD0QMNaaA5U/NyZc1Ia4bxrzFByNMDoppoC+hl7cDiUq5/1CnFthpT9n+UtfFyg=="],
 
-    "@rolldown/binding-freebsd-x64": ["@rolldown/binding-freebsd-x64@1.0.0-rc.6", "", { "os": "freebsd", "cpu": "x64" }, "sha512-8TThsRkCPAnfyMBShxrGdtoOE6h36QepqRQI97iFaQSCRbHFWHcDHppcojZnzXoruuhPnjMEygzaykvPVJsMRg=="],
+    "@rolldown/binding-freebsd-x64": ["@rolldown/binding-freebsd-x64@1.0.0-rc.9", "", { "os": "freebsd", "cpu": "x64" }, "sha512-DLFYI78SCiZr5VvdEplsVC2Vx53lnA4/Ga5C65iyldMVaErr86aiqCoNBLl92PXPfDtUYjUh+xFFor40ueNs4Q=="],
 
-    "@rolldown/binding-linux-arm-gnueabihf": ["@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm" }, "sha512-ZfmFoOwPUZCWtGOVC9/qbQzfc0249FrRUOzV2XabSMUV60Crp211OWLQN1zmQAsRIVWRcEwhJ46Z1mXGo/L/nQ=="],
+    "@rolldown/binding-linux-arm-gnueabihf": ["@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.9", "", { "os": "linux", "cpu": "arm" }, "sha512-CsjTmTwd0Hri6iTw/DRMK7kOZ7FwAkrO4h8YWKoX/kcj833e4coqo2wzIFywtch/8Eb5enQ/lwLM7w6JX1W5RQ=="],
 
-    "@rolldown/binding-linux-arm64-gnu": ["@rolldown/binding-linux-arm64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-ZsGzbNETxPodGlLTYHaCSGVhNN/rvkMDCJYHdT7PZr5jFJRmBfmDi2awhF64Dt2vxrJqY6VeeYSgOzEbHRsb7Q=="],
+    "@rolldown/binding-linux-arm64-gnu": ["@rolldown/binding-linux-arm64-gnu@1.0.0-rc.9", "", { "os": "linux", "cpu": "arm64" }, "sha512-2x9O2JbSPxpxMDhP9Z74mahAStibTlrBMW0520+epJH5sac7/LwZW5Bmg/E6CXuEF53JJFW509uP+lSedaUNxg=="],
 
-    "@rolldown/binding-linux-arm64-musl": ["@rolldown/binding-linux-arm64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-elPpdevtCdUOqziemR86C4CSCr/5sUxalzDrf/CJdMT+kZt2C556as++qHikNOz0vuFf52h+GJNXZM08eWgGPQ=="],
+    "@rolldown/binding-linux-arm64-musl": ["@rolldown/binding-linux-arm64-musl@1.0.0-rc.9", "", { "os": "linux", "cpu": "arm64" }, "sha512-JA1QRW31ogheAIRhIg9tjMfsYbglXXYGNPLdPEYrwFxdbkQCAzvpSCSHCDWNl4hTtrol8WeboCSEpjdZK8qrCg=="],
 
-    "@rolldown/binding-linux-x64-gnu": ["@rolldown/binding-linux-x64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-IBwXsf56o3xhzAyaZxdM1CX8UFiBEUFCjiVUgny67Q8vPIqkjzJj0YKhd3TbBHanuxThgBa59f6Pgutg2OGk5A=="],
+    "@rolldown/binding-linux-ppc64-gnu": ["@rolldown/binding-linux-ppc64-gnu@1.0.0-rc.9", "", { "os": "linux", "cpu": "ppc64" }, "sha512-aOKU9dJheda8Kj8Y3w9gnt9QFOO+qKPAl8SWd7JPHP+Cu0EuDAE5wokQubLzIDQWg2myXq2XhTpOVS07qqvT+w=="],
 
-    "@rolldown/binding-linux-x64-musl": ["@rolldown/binding-linux-x64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-vOk7G8V9Zm+8a6PL6JTpCea61q491oYlGtO6CvnsbhNLlKdf0bbCPytFzGQhYmCKZDKkEbmnkcIprTEGCURnwg=="],
+    "@rolldown/binding-linux-s390x-gnu": ["@rolldown/binding-linux-s390x-gnu@1.0.0-rc.9", "", { "os": "linux", "cpu": "s390x" }, "sha512-OalO94fqj7IWRn3VdXWty75jC5dk4C197AWEuMhIpvVv2lw9fiPhud0+bW2ctCxb3YoBZor71QHbY+9/WToadA=="],
 
-    "@rolldown/binding-openharmony-arm64": ["@rolldown/binding-openharmony-arm64@1.0.0-rc.6", "", { "os": "none", "cpu": "arm64" }, "sha512-ASjEDI4MRv7XCQb2JVaBzfEYO98JKCGrAgoW6M03fJzH/ilCnC43Mb3ptB9q/lzsaahoJyIBoAGKAYEjUvpyvQ=="],
+    "@rolldown/binding-linux-x64-gnu": ["@rolldown/binding-linux-x64-gnu@1.0.0-rc.9", "", { "os": "linux", "cpu": "x64" }, "sha512-cVEl1vZtBsBZna3YMjGXNvnYYrOJ7RzuWvZU0ffvJUexWkukMaDuGhUXn0rjnV0ptzGVkvc+vW9Yqy6h8YX4pg=="],
 
-    "@rolldown/binding-wasm32-wasi": ["@rolldown/binding-wasm32-wasi@1.0.0-rc.6", "", { "dependencies": { "@napi-rs/wasm-runtime": "^1.1.1" }, "cpu": "none" }, "sha512-mYa1+h2l6Zc0LvmwUh0oXKKYihnw/1WC73vTqw+IgtfEtv47A+rWzzcWwVDkW73+UDr0d/Ie/HRXoaOY22pQDw=="],
+    "@rolldown/binding-linux-x64-musl": ["@rolldown/binding-linux-x64-musl@1.0.0-rc.9", "", { "os": "linux", "cpu": "x64" }, "sha512-UzYnKCIIc4heAKgI4PZ3dfBGUZefGCJ1TPDuLHoCzgrMYPb5Rv6TLFuYtyM4rWyHM7hymNdsg5ik2C+UD9VDbA=="],
 
-    "@rolldown/binding-win32-arm64-msvc": ["@rolldown/binding-win32-arm64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "arm64" }, "sha512-e2ABskbNH3MRUBMjgxaMjYIw11DSwjLJxBII3UgpF6WClGLIh8A20kamc+FKH5vIaFVnYQInmcLYSUVpqMPLow=="],
+    "@rolldown/binding-openharmony-arm64": ["@rolldown/binding-openharmony-arm64@1.0.0-rc.9", "", { "os": "none", "cpu": "arm64" }, "sha512-+6zoiF+RRyf5cdlFQP7nm58mq7+/2PFaY2DNQeD4B87N36JzfF/l9mdBkkmTvSYcYPE8tMh/o3cRlsx1ldLfog=="],
 
-    "@rolldown/binding-win32-x64-msvc": ["@rolldown/binding-win32-x64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "x64" }, "sha512-dJVc3ifhaRXxIEh1xowLohzFrlQXkJ66LepHm+CmSprTWgVrPa8Fx3OL57xwIqDEH9hufcKkDX2v65rS3NZyRA=="],
+    "@rolldown/binding-wasm32-wasi": ["@rolldown/binding-wasm32-wasi@1.0.0-rc.9", "", { "dependencies": { "@napi-rs/wasm-runtime": "^1.1.1" }, "cpu": "none" }, "sha512-rgFN6sA/dyebil3YTlL2evvi/M+ivhfnyxec7AccTpRPccno/rPoNlqybEZQBkcbZu8Hy+eqNJCqfBR8P7Pg8g=="],
+
+    "@rolldown/binding-win32-arm64-msvc": ["@rolldown/binding-win32-arm64-msvc@1.0.0-rc.9", "", { "os": "win32", "cpu": "arm64" }, "sha512-lHVNUG/8nlF1IQk1C0Ci574qKYyty2goMiPlRqkC5R+3LkXDkL5Dhx8ytbxq35m+pkHVIvIxviD+TWLdfeuadA=="],
+
+    "@rolldown/binding-win32-x64-msvc": ["@rolldown/binding-win32-x64-msvc@1.0.0-rc.9", "", { "os": "win32", "cpu": "x64" }, "sha512-G0oA4+w1iY5AGi5HcDTxWsoxF509hrFIPB2rduV5aDqS9FtDg1CAfa7V34qImbjfhIcA8C+RekocJZA96EarwQ=="],
 
     "@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.3", "", {}, "sha512-eybk3TjzzzV97Dlj5c+XrBFW57eTNhzod66y9HrBlzJ6NsCrWCp/2kaPS3K9wJmurBC0Tdw4yPjXKZqlznim3Q=="],
 
@@ -470,7 +476,7 @@
 
     "@tailwindcss/vite": ["@tailwindcss/vite@4.2.1", "", { "dependencies": { "@tailwindcss/node": "4.2.1", "@tailwindcss/oxide": "4.2.1", "tailwindcss": "4.2.1" }, "peerDependencies": { "vite": "^5.2.0 || ^6 || ^7" } }, "sha512-TBf2sJjYeb28jD2U/OhwdW0bbOsxkWPwQ7SrqGf9sVcoYwZj7rkXljroBO9wKBut9XnmQLXanuDUeqQK0lGg/w=="],
 
-    "@tanstack/devtools": ["@tanstack/devtools@0.10.10", "", { "dependencies": { "@solid-primitives/event-listener": "^2.4.3", "@solid-primitives/keyboard": "^1.3.3", "@solid-primitives/resize-observer": "^2.1.3", "@tanstack/devtools-client": "0.0.6", "@tanstack/devtools-event-bus": "0.4.1", "@tanstack/devtools-ui": "0.5.0", "clsx": "^2.1.1", "goober": "^2.1.16", "solid-js": "^1.9.9" } }, "sha512-/SSJcyhZtq1+HB9UViz8e0Y7Io4JPIbyJ0Wns5ENwzSHsNOAheANA8QnEQBVXETY/osCcaGAVOyVfGgn5aBJKA=="],
+    "@tanstack/devtools": ["@tanstack/devtools@0.10.14", "", { "dependencies": { "@solid-primitives/event-listener": "^2.4.3", "@solid-primitives/keyboard": "^1.3.3", "@solid-primitives/resize-observer": "^2.1.3", "@tanstack/devtools-client": "0.0.6", "@tanstack/devtools-event-bus": "0.4.1", "@tanstack/devtools-ui": "0.5.0", "clsx": "^2.1.1", "goober": "^2.1.16", "solid-js": "^1.9.9" }, "bin": { "intent": "bin/intent.js" } }, "sha512-bg1e0PyjmMMsc9VSOGb9etu15CpFdAwlQ5DD2xS6N93iTPgCPWXiZQFZygrEDoKnnx1x7BM6QTaiukizaejgSA=="],
 
     "@tanstack/devtools-client": ["@tanstack/devtools-client@0.0.6", "", { "dependencies": { "@tanstack/devtools-event-client": "^0.4.1" } }, "sha512-f85ZJXJnDIFOoykG/BFIixuAevJovCvJF391LPs6YjBAPhGYC50NWlx1y4iF/UmK5/cCMx+/JqI5SBOz7FanQQ=="],
 
@@ -480,59 +486,59 @@
 
     "@tanstack/devtools-ui": ["@tanstack/devtools-ui@0.5.0", "", { "dependencies": { "clsx": "^2.1.1", "dayjs": "^1.11.19", "goober": "^2.1.16", "solid-js": "^1.9.9" } }, "sha512-nNZ14054n31fWB61jtWhZYLRdQ3yceCE3G/RINoINUB0RqIGZAIm9DnEDwOTAOfqt4/a/D8vNk8pJu6RQUp74g=="],
 
-    "@tanstack/devtools-vite": ["@tanstack/devtools-vite@0.5.3", "", { "dependencies": { "@babel/core": "^7.28.4", "@babel/generator": "^7.28.3", "@babel/parser": "^7.28.4", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@tanstack/devtools-client": "0.0.6", "@tanstack/devtools-event-bus": "0.4.1", "chalk": "^5.6.2", "launch-editor": "^2.11.1", "picomatch": "^4.0.3" }, "peerDependencies": { "vite": "^6.0.0 || ^7.0.0" } }, "sha512-S7VK2GthBrEkto0UVODx31IAvxTFUK0RGH6aZEZixsohYTytTdrwcLmPKEREwFrRN8Qc2mIqfBhENPbRG1RFXA=="],
+    "@tanstack/devtools-vite": ["@tanstack/devtools-vite@0.5.5", "", { "dependencies": { "@babel/core": "^7.28.4", "@babel/generator": "^7.28.3", "@babel/parser": "^7.28.4", "@babel/traverse": "^7.28.4", "@babel/types": "^7.28.4", "@tanstack/devtools-client": "0.0.6", "@tanstack/devtools-event-bus": "0.4.1", "chalk": "^5.6.2", "launch-editor": "^2.11.1", "picomatch": "^4.0.3" }, "peerDependencies": { "vite": "^6.0.0 || ^7.0.0" }, "bin": { "intent": "bin/intent.js" } }, "sha512-vtXZ3LipEknVg0X6yejgWzZXIJSrvlBMWB1lDJKW6GWztEV+uCAoqLAJS+Jk3c2mTXp/u+aI/jfE0gqT4zHTNw=="],
 
-    "@tanstack/history": ["@tanstack/history@1.161.4", "", {}, "sha512-Kp/WSt411ZWYvgXy6uiv5RmhHrz9cAml05AQPrtdAp7eUqvIDbMGPnML25OKbzR3RJ1q4wgENxDTvlGPa9+Mww=="],
+    "@tanstack/history": ["@tanstack/history@1.161.6", "", {}, "sha512-NaOGLRrddszbQj9upGat6HG/4TKvXLvu+osAIgfxPYA+eIvYKv8GKDJOrY2D3/U9MRnKfMWD7bU4jeD4xmqyIg=="],
 
     "@tanstack/query-core": ["@tanstack/query-core@5.90.20", "", {}, "sha512-OMD2HLpNouXEfZJWcKeVKUgQ5n+n3A2JFmBaScpNDUqSrQSjiveC7dKMe53uJUg1nDG16ttFPz2xfilz6i2uVg=="],
 
     "@tanstack/query-devtools": ["@tanstack/query-devtools@5.93.0", "", {}, "sha512-+kpsx1NQnOFTZsw6HAFCW3HkKg0+2cepGtAWXjiiSOJJ1CtQpt72EE2nyZb+AjAbLRPoeRmPJ8MtQd8r8gsPdg=="],
 
-    "@tanstack/react-devtools": ["@tanstack/react-devtools@0.9.9", "", { "dependencies": { "@tanstack/devtools": "0.10.10" }, "peerDependencies": { "@types/react": ">=16.8", "@types/react-dom": ">=16.8", "react": ">=16.8", "react-dom": ">=16.8" } }, "sha512-w5J5n3tPLfGVRSwV5S05Fg1awa7SJssdyNh/3KPDHU72DPUvH9v5mPGRrbTxsoFWvh3djFTtF9tCX1tCnyoOuQ=="],
+    "@tanstack/react-devtools": ["@tanstack/react-devtools@0.9.13", "", { "dependencies": { "@tanstack/devtools": "0.10.14" }, "peerDependencies": { "@types/react": ">=16.8", "@types/react-dom": ">=16.8", "react": ">=16.8", "react-dom": ">=16.8" } }, "sha512-O9YXTEe2dlnw2pPNKFZ4Wk7zC4qrDvc0SAALKfMVedeZ2Dyd0LEJUabYS6GPm+DmnrBhc7nJx6Zqc9aDjFrj4g=="],
 
     "@tanstack/react-query": ["@tanstack/react-query@5.90.21", "", { "dependencies": { "@tanstack/query-core": "5.90.20" }, "peerDependencies": { "react": "^18 || ^19" } }, "sha512-0Lu6y5t+tvlTJMTO7oh5NSpJfpg/5D41LlThfepTixPYkJ0sE2Jj0m0f6yYqujBwIXlId87e234+MxG3D3g7kg=="],
 
     "@tanstack/react-query-devtools": ["@tanstack/react-query-devtools@5.91.3", "", { "dependencies": { "@tanstack/query-devtools": "5.93.0" }, "peerDependencies": { "@tanstack/react-query": "^5.90.20", "react": "^18 || ^19" } }, "sha512-nlahjMtd/J1h7IzOOfqeyDh5LNfG0eULwlltPEonYy0QL+nqrBB+nyzJfULV+moL7sZyxc2sHdNJki+vLA9BSA=="],
 
-    "@tanstack/react-router": ["@tanstack/react-router@1.166.2", "", { "dependencies": { "@tanstack/history": "1.161.4", "@tanstack/react-store": "^0.9.1", "@tanstack/router-core": "1.166.2", "isbot": "^5.1.22", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-pKhUtrvVLlhjWhsHkJSuIzh1J4LcP+8ErbIqRLORX9Js8dUFMKoT0+8oFpi+P8QRpuhm/7rzjYiWfcyTsqQZtA=="],
+    "@tanstack/react-router": ["@tanstack/react-router@1.167.3", "", { "dependencies": { "@tanstack/history": "1.161.6", "@tanstack/react-store": "^0.9.1", "@tanstack/router-core": "1.167.3", "isbot": "^5.1.22", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-1qbSy4r+O7IBdmPLlcKsjB041Gq2MMnIEAYSGIjaMZIL4duUIQnOWLw4jTfjKil/IJz/9rO5JcvrbxOG5UTSdg=="],
 
-    "@tanstack/react-router-devtools": ["@tanstack/react-router-devtools@1.166.2", "", { "dependencies": { "@tanstack/router-devtools-core": "1.166.2" }, "peerDependencies": { "@tanstack/react-router": "^1.166.2", "@tanstack/router-core": "^1.166.2", "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" }, "optionalPeers": ["@tanstack/router-core"] }, "sha512-EQhFQRArwxS0OjIWWGD5wfNboJq7rIYCbioHvepgbxgblKtNLWnRr3LFj34QhXTP1aQsPYb9t8+VTi3VbFuAfA=="],
+    "@tanstack/react-router-devtools": ["@tanstack/react-router-devtools@1.166.9", "", { "dependencies": { "@tanstack/router-devtools-core": "1.166.9" }, "peerDependencies": { "@tanstack/react-router": "^1.167.2", "@tanstack/router-core": "^1.167.2", "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" }, "optionalPeers": ["@tanstack/router-core"] }, "sha512-O49eZmaeEKB5YnKH/qd61AbxV/lW8ICm4stfZ4GNQNpzQQ6rhPIB0p3PMZDIgX+6DoMivdNvLRmXAOOpzpIpDg=="],
 
-    "@tanstack/react-router-ssr-query": ["@tanstack/react-router-ssr-query@1.166.2", "", { "dependencies": { "@tanstack/router-ssr-query-core": "1.166.2" }, "peerDependencies": { "@tanstack/query-core": ">=5.90.0", "@tanstack/react-query": ">=5.90.0", "@tanstack/react-router": ">=1.127.0", "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-ERtz62+94ZF5kY35wlTN0pLL8hY2Enqn/AjauHaeHkvGh8WsN3dQdvPrPqI6urUWwzEjJjkC3fBDsim88HF8rQ=="],
+    "@tanstack/react-router-ssr-query": ["@tanstack/react-router-ssr-query@1.166.9", "", { "dependencies": { "@tanstack/router-ssr-query-core": "1.166.9" }, "peerDependencies": { "@tanstack/query-core": ">=5.90.0", "@tanstack/react-query": ">=5.90.0", "@tanstack/react-router": ">=1.127.0", "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-FCszWUvQlJXBkINBmwalD6i25VBPWvzv/dzSgWdFP4JPYf5GHm23rz/PmCDoWevnKJSDjv0rF8EOY2tpCxOIgg=="],
 
-    "@tanstack/react-start": ["@tanstack/react-start@1.166.2", "", { "dependencies": { "@tanstack/react-router": "1.166.2", "@tanstack/react-start-client": "1.166.2", "@tanstack/react-start-server": "1.166.2", "@tanstack/router-utils": "^1.161.4", "@tanstack/start-client-core": "1.166.2", "@tanstack/start-plugin-core": "1.166.2", "@tanstack/start-server-core": "1.166.2", "pathe": "^2.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0", "vite": ">=7.0.0" } }, "sha512-ryeDIITTVmGmOkTrdg4dL4Sl+LXK5w8BZtzLtsr3YxNhQaPwxqX4r69iuBt5M8jyXEsWwbJJdToN3xLr7CO5XQ=="],
+    "@tanstack/react-start": ["@tanstack/react-start@1.166.14", "", { "dependencies": { "@tanstack/react-router": "1.167.3", "@tanstack/react-start-client": "1.166.12", "@tanstack/react-start-server": "1.166.12", "@tanstack/router-utils": "^1.161.6", "@tanstack/start-client-core": "1.166.11", "@tanstack/start-plugin-core": "1.166.14", "@tanstack/start-server-core": "1.166.11", "pathe": "^2.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0", "vite": ">=7.0.0" } }, "sha512-S2y39G/cap0eIVDAjjcTG57+khIx8VDTOaZvIwb4Rr0aluH0hCVkmBbTXB9Th71a65aYlOSU1XP3Nj37pqysVw=="],
 
-    "@tanstack/react-start-client": ["@tanstack/react-start-client@1.166.2", "", { "dependencies": { "@tanstack/react-router": "1.166.2", "@tanstack/router-core": "1.166.2", "@tanstack/start-client-core": "1.166.2", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-Dlup62M5WV3LrLzLSiK8QTsYcSFKUlBffwP8evBzBAN/A4lDaTJat+EBqUxOYwR8gDVm1GR/H4O+7tg6ur2MBA=="],
+    "@tanstack/react-start-client": ["@tanstack/react-start-client@1.166.12", "", { "dependencies": { "@tanstack/react-router": "1.167.3", "@tanstack/router-core": "1.167.3", "@tanstack/start-client-core": "1.166.11", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-TbO2AUN9yUqPD98491GwzGrcpNVAq8lw6E6MG7Oz5X59PHO73TGh94f7A0esDhrE4A85uNaglBTER3FHqrs3HA=="],
 
-    "@tanstack/react-start-server": ["@tanstack/react-start-server@1.166.2", "", { "dependencies": { "@tanstack/history": "1.161.4", "@tanstack/react-router": "1.166.2", "@tanstack/router-core": "1.166.2", "@tanstack/start-client-core": "1.166.2", "@tanstack/start-server-core": "1.166.2" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-0E7gp/8YFeCa3y65xI0ubyI8IzQjSiWn9D2Uo0r0Izi4/jQkv4Ee+niE4NqPAohY5oyxmcoLhnDqEyo0MqHIpQ=="],
+    "@tanstack/react-start-server": ["@tanstack/react-start-server@1.166.12", "", { "dependencies": { "@tanstack/history": "1.161.6", "@tanstack/react-router": "1.167.3", "@tanstack/router-core": "1.167.3", "@tanstack/start-client-core": "1.166.11", "@tanstack/start-server-core": "1.166.11" }, "peerDependencies": { "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0" } }, "sha512-5BorsX550/2IabMFbh5r5w7Y/4cPbjKJUzwKBBmIp9gNfamxjUtqAxAmQAKdcba7kWSQcvcZ/AXuCYWMunulLQ=="],
 
     "@tanstack/react-store": ["@tanstack/react-store@0.9.1", "", { "dependencies": { "@tanstack/store": "0.9.1", "use-sync-external-store": "^1.6.0" }, "peerDependencies": { "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" } }, "sha512-YzJLnRvy5lIEFTLWBAZmcOjK3+2AepnBv/sr6NZmiqJvq7zTQggyK99Gw8fqYdMdHPQWXjz0epFKJXC+9V2xDA=="],
 
-    "@tanstack/router-core": ["@tanstack/router-core@1.166.2", "", { "dependencies": { "@tanstack/history": "1.161.4", "@tanstack/store": "^0.9.1", "cookie-es": "^2.0.0", "seroval": "^1.4.2", "seroval-plugins": "^1.4.2", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" } }, "sha512-zn3NhENOAX9ToQiX077UV2OH3aJKOvV2ZMNZZxZ3gDG3i3WqL8NfWfEgetEAfMN37/Mnt90PpotYgf7IyuoKqQ=="],
+    "@tanstack/router-core": ["@tanstack/router-core@1.167.3", "", { "dependencies": { "@tanstack/history": "1.161.6", "@tanstack/store": "^0.9.1", "cookie-es": "^2.0.0", "seroval": "^1.4.2", "seroval-plugins": "^1.4.2", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" } }, "sha512-M/CxrTGKk1fsySJjd+Pzpbi3YLDz+cJSutDjSTMy12owWlOgHV/I6kzR0UxyaBlHraM6XgMHNA0XdgsS1fa4Nw=="],
 
-    "@tanstack/router-devtools-core": ["@tanstack/router-devtools-core@1.166.2", "", { "dependencies": { "clsx": "^2.1.1", "goober": "^2.1.16", "tiny-invariant": "^1.3.3" }, "peerDependencies": { "@tanstack/router-core": "^1.166.2", "csstype": "^3.0.10" }, "optionalPeers": ["csstype"] }, "sha512-Ke8HquuwMhLYpo/6nxNgrzi9Ns2lsK9uwDba6WKA8I0K7fyYZoAUu+7AD6gdEcVU4NF6LjtMPfUCHmVtYYRTDw=="],
+    "@tanstack/router-devtools-core": ["@tanstack/router-devtools-core@1.166.9", "", { "dependencies": { "clsx": "^2.1.1", "goober": "^2.1.16", "tiny-invariant": "^1.3.3" }, "peerDependencies": { "@tanstack/router-core": "^1.167.2", "csstype": "^3.0.10" }, "optionalPeers": ["csstype"] }, "sha512-PNlA7GmOUX9wY7LUG709Pk3Lg33dfHBztQwzjzrOiOsuf4ggp2R6bwarF8nYGNjG79z/MaB5PN+5yvkCVk8jGw=="],
 
-    "@tanstack/router-generator": ["@tanstack/router-generator@1.166.2", "", { "dependencies": { "@tanstack/router-core": "1.166.2", "@tanstack/router-utils": "1.161.4", "@tanstack/virtual-file-routes": "1.161.4", "prettier": "^3.5.0", "recast": "^0.23.11", "source-map": "^0.7.4", "tsx": "^4.19.2", "zod": "^3.24.2" } }, "sha512-wbvdyP1PKKQKk4aVlGeK9S5uDy8zodTr3tEZ2gRKNavJLusXbEWqtoo42JxHFFNB6dtguehFMt8PyZPAtkgWwQ=="],
+    "@tanstack/router-generator": ["@tanstack/router-generator@1.166.11", "", { "dependencies": { "@tanstack/router-core": "1.167.3", "@tanstack/router-utils": "1.161.6", "@tanstack/virtual-file-routes": "1.161.6", "prettier": "^3.5.0", "recast": "^0.23.11", "source-map": "^0.7.4", "tsx": "^4.19.2", "zod": "^3.24.2" } }, "sha512-Q/49wxURbft1oNOvo/eVAWZq/lNLK3nBGlavqhLToAYXY6LCzfMtRlE/y3XPHzYC9pZc09u5jvBR1k1E4hyGDQ=="],
 
-    "@tanstack/router-plugin": ["@tanstack/router-plugin@1.166.2", "", { "dependencies": { "@babel/core": "^7.28.5", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/plugin-syntax-typescript": "^7.27.1", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.5", "@babel/types": "^7.28.5", "@tanstack/router-core": "1.166.2", "@tanstack/router-generator": "1.166.2", "@tanstack/router-utils": "1.161.4", "@tanstack/virtual-file-routes": "1.161.4", "chokidar": "^3.6.0", "unplugin": "^2.1.2", "zod": "^3.24.2" }, "peerDependencies": { "@rsbuild/core": ">=1.0.2", "@tanstack/react-router": "^1.166.2", "vite": ">=5.0.0 || >=6.0.0 || >=7.0.0", "vite-plugin-solid": "^2.11.10", "webpack": ">=5.92.0" }, "optionalPeers": ["@rsbuild/core", "@tanstack/react-router", "vite", "vite-plugin-solid", "webpack"] }, "sha512-TnyV/7//Vp5fR49mmNbOWHGz9IJTm1lqVxzPdtpzg7D5PjkW2HFmLFLtWwpJgz2R7AJJWR4Ge5kIPmC+fVZ6eQ=="],
+    "@tanstack/router-plugin": ["@tanstack/router-plugin@1.166.12", "", { "dependencies": { "@babel/core": "^7.28.5", "@babel/plugin-syntax-jsx": "^7.27.1", "@babel/plugin-syntax-typescript": "^7.27.1", "@babel/template": "^7.27.2", "@babel/traverse": "^7.28.5", "@babel/types": "^7.28.5", "@tanstack/router-core": "1.167.3", "@tanstack/router-generator": "1.166.11", "@tanstack/router-utils": "1.161.6", "@tanstack/virtual-file-routes": "1.161.6", "chokidar": "^3.6.0", "unplugin": "^2.1.2", "zod": "^3.24.2" }, "peerDependencies": { "@rsbuild/core": ">=1.0.2", "@tanstack/react-router": "^1.167.3", "vite": ">=5.0.0 || >=6.0.0 || >=7.0.0", "vite-plugin-solid": "^2.11.10", "webpack": ">=5.92.0" }, "optionalPeers": ["@rsbuild/core", "@tanstack/react-router", "vite", "vite-plugin-solid", "webpack"] }, "sha512-PYsnN6goK6zBaVo63UVKjofv69+HHMKRQXymwN55JYKguNnNR8OZ6E12icPb0Olc5uIpPiGz1YI2+rbpmNKGHA=="],
 
-    "@tanstack/router-ssr-query-core": ["@tanstack/router-ssr-query-core@1.166.2", "", { "peerDependencies": { "@tanstack/query-core": ">=5.90.0", "@tanstack/router-core": ">=1.127.0" } }, "sha512-syzrtCFtCX/TFK0sy/VqwPtRamg3TL/vr8KTbmksERnHzgRYNm+XynEc0BF9u0LZ/m3gkmY+4n2F4//PUjMG2w=="],
+    "@tanstack/router-ssr-query-core": ["@tanstack/router-ssr-query-core@1.166.9", "", { "peerDependencies": { "@tanstack/query-core": ">=5.90.0", "@tanstack/router-core": ">=1.127.0" } }, "sha512-7L9Wly0PYMHhCdiGmlSZPOVz0O0OQhmIrE0VH3+ZP4RFfDtOZZSk0TywssLrOWDbkNfLY/MBqlhXi9t50KTGAw=="],
 
-    "@tanstack/router-utils": ["@tanstack/router-utils@1.161.4", "", { "dependencies": { "@babel/core": "^7.28.5", "@babel/generator": "^7.28.5", "@babel/parser": "^7.28.5", "@babel/types": "^7.28.5", "ansis": "^4.1.0", "babel-dead-code-elimination": "^1.0.12", "diff": "^8.0.2", "pathe": "^2.0.3", "tinyglobby": "^0.2.15" } }, "sha512-r8TpjyIZoqrXXaf2DDyjd44gjGBoyE+/oEaaH68yLI9ySPO1gUWmQENZ1MZnmBnpUGN24NOZxdjDLc8npK0SAw=="],
+    "@tanstack/router-utils": ["@tanstack/router-utils@1.161.6", "", { "dependencies": { "@babel/core": "^7.28.5", "@babel/generator": "^7.28.5", "@babel/parser": "^7.28.5", "@babel/types": "^7.28.5", "ansis": "^4.1.0", "babel-dead-code-elimination": "^1.0.12", "diff": "^8.0.2", "pathe": "^2.0.3", "tinyglobby": "^0.2.15" } }, "sha512-nRcYw+w2OEgK6VfjirYvGyPLOK+tZQz1jkYcmH5AjMamQ9PycnlxZF2aEZtPpNoUsaceX2bHptn6Ub5hGXqNvw=="],
 
-    "@tanstack/start-client-core": ["@tanstack/start-client-core@1.166.2", "", { "dependencies": { "@tanstack/router-core": "1.166.2", "@tanstack/start-fn-stubs": "1.161.4", "@tanstack/start-storage-context": "1.166.2", "seroval": "^1.4.2", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" } }, "sha512-weADfq6bBWgib7Tf7J+P5zF7LHfUm8UuMhijwTfYjaDQ5za04N4PQk5msw2+VchUnSL44aQUA0WeOmoEkG1KMQ=="],
+    "@tanstack/start-client-core": ["@tanstack/start-client-core@1.166.11", "", { "dependencies": { "@tanstack/router-core": "1.167.3", "@tanstack/start-fn-stubs": "1.161.6", "@tanstack/start-storage-context": "1.166.11", "seroval": "^1.4.2", "tiny-invariant": "^1.3.3", "tiny-warning": "^1.0.3" } }, "sha512-G5mYnNHMAlVtcKjEqbd1L8dqdXmsIl0fGztgV6XdcwjohdV0ctx7/JTCt0R0bEIOzSMW1uFiP7ag2rZ3rP43Ug=="],
 
-    "@tanstack/start-fn-stubs": ["@tanstack/start-fn-stubs@1.161.4", "", {}, "sha512-b8s6iSQ+ny0P4lGK0n3DKaL6EI7SECG0/89svDeYieVw2+MaFOJVcQo3rU3BUvmuOcIkgkE5IhdzkmzPXH6yfA=="],
+    "@tanstack/start-fn-stubs": ["@tanstack/start-fn-stubs@1.161.6", "", {}, "sha512-Y6QSlGiLga8cHfvxGGaonXIlt2bIUTVdH6AMjmpMp7+ANNCp+N96GQbjjhLye3JkaxDfP68x5iZA8NK4imgRig=="],
 
-    "@tanstack/start-plugin-core": ["@tanstack/start-plugin-core@1.166.2", "", { "dependencies": { "@babel/code-frame": "7.27.1", "@babel/core": "^7.28.5", "@babel/types": "^7.28.5", "@rolldown/pluginutils": "1.0.0-beta.40", "@tanstack/router-core": "1.166.2", "@tanstack/router-generator": "1.166.2", "@tanstack/router-plugin": "1.166.2", "@tanstack/router-utils": "1.161.4", "@tanstack/start-client-core": "1.166.2", "@tanstack/start-server-core": "1.166.2", "cheerio": "^1.0.0", "exsolve": "^1.0.7", "pathe": "^2.0.3", "picomatch": "^4.0.3", "source-map": "^0.7.6", "srvx": "^0.11.7", "tinyglobby": "^0.2.15", "ufo": "^1.5.4", "vitefu": "^1.1.1", "xmlbuilder2": "^4.0.3", "zod": "^3.24.2" }, "peerDependencies": { "vite": ">=7.0.0" } }, "sha512-geJE4Y/IQ3ZDRB/AahCoUuLliK4bYREcWVF1ViJfD1qCjsQlXMhDSruvswiMWMTxKfMuzX/XuIJWhmtndxymjQ=="],
+    "@tanstack/start-plugin-core": ["@tanstack/start-plugin-core@1.166.14", "", { "dependencies": { "@babel/code-frame": "7.27.1", "@babel/core": "^7.28.5", "@babel/types": "^7.28.5", "@rolldown/pluginutils": "1.0.0-beta.40", "@tanstack/router-core": "1.167.3", "@tanstack/router-generator": "1.166.11", "@tanstack/router-plugin": "1.166.12", "@tanstack/router-utils": "1.161.6", "@tanstack/start-client-core": "1.166.11", "@tanstack/start-server-core": "1.166.11", "cheerio": "^1.0.0", "exsolve": "^1.0.7", "pathe": "^2.0.3", "picomatch": "^4.0.3", "source-map": "^0.7.6", "srvx": "^0.11.9", "tinyglobby": "^0.2.15", "ufo": "^1.5.4", "vitefu": "^1.1.1", "xmlbuilder2": "^4.0.3", "zod": "^3.24.2" }, "peerDependencies": { "vite": ">=7.0.0" } }, "sha512-4jb14aAtt4IfLlLValwr0CMUlRc7IfaQQBZ/zSaMgdEK9P66j3XPqmnICHVC/DQW7MLWkIXFXN3tNQaV0jY1pQ=="],
 
-    "@tanstack/start-server-core": ["@tanstack/start-server-core@1.166.2", "", { "dependencies": { "@tanstack/history": "1.161.4", "@tanstack/router-core": "1.166.2", "@tanstack/start-client-core": "1.166.2", "@tanstack/start-storage-context": "1.166.2", "h3-v2": "npm:h3@2.0.1-rc.14", "seroval": "^1.4.2", "tiny-invariant": "^1.3.3" } }, "sha512-9BDZsaLyHVux5tJRRBRYa2xW2jUaKr4PbJkTCSSOnAByOGUVJy7N+790/Q1Kq/LVud+0h42vZHWSRDDywfnedQ=="],
+    "@tanstack/start-server-core": ["@tanstack/start-server-core@1.166.11", "", { "dependencies": { "@tanstack/history": "1.161.6", "@tanstack/router-core": "1.167.3", "@tanstack/start-client-core": "1.166.11", "@tanstack/start-storage-context": "1.166.11", "h3-v2": "npm:h3@2.0.1-rc.16", "seroval": "^1.4.2", "tiny-invariant": "^1.3.3" } }, "sha512-szWUc7scEP/XVu4xl+nz7hDpuBWq/KzIUidAPG+3mL9hyouRbK9FBApT31fw3LFsNYMeGO0eo7/hYooyS7PruA=="],
 
-    "@tanstack/start-storage-context": ["@tanstack/start-storage-context@1.166.2", "", { "dependencies": { "@tanstack/router-core": "1.166.2" } }, "sha512-c3QPApFAhiDXDZ/zLvop5InErqCrawWuO751FpItGnelOlpOAPMw5/h//1u/RnIcOv2l/ffDBCbp+N09eFPhaA=="],
+    "@tanstack/start-storage-context": ["@tanstack/start-storage-context@1.166.11", "", { "dependencies": { "@tanstack/router-core": "1.167.3" } }, "sha512-NgAdUR78dgeLb7xAPfwZORqJOcd46PO0ocF6XNgEZNDWJ1MVgOiWRLDstszwkOTO/g7VyFc4cyHmB1HlePxvSQ=="],
 
     "@tanstack/store": ["@tanstack/store@0.9.1", "", {}, "sha512-+qcNkOy0N1qSGsP7omVCW0SDrXtaDcycPqBDE726yryiA5eTDFpjBReaYjghVJwNf1pcPMyzIwTGlYjCSQR0Fg=="],
 
-    "@tanstack/virtual-file-routes": ["@tanstack/virtual-file-routes@1.161.4", "", {}, "sha512-42WoRePf8v690qG8yGRe/YOh+oHni9vUaUUfoqlS91U2scd3a5rkLtVsc6b7z60w3RogH0I00vdrC5AaeiZ18w=="],
+    "@tanstack/virtual-file-routes": ["@tanstack/virtual-file-routes@1.161.6", "", {}, "sha512-EGWs9yvJA821pUkwkiZLQW89CzUumHyJy8NKq229BubyoWXfDw1oWnTJYSS/hhbLiwP9+KpopjeF5wWwnCCyeQ=="],
 
     "@tediousjs/connection-string": ["@tediousjs/connection-string@0.5.0", "", {}, "sha512-7qSgZbincDDDFyRweCIEvZULFAw5iz/DeunhvuxpL31nfntX3P4Yd4HkHBRg9H8CdqY1e5WFN1PZIz/REL9MVQ=="],
 
@@ -562,7 +568,7 @@
 
     "@types/mssql": ["@types/mssql@9.1.9", "", { "dependencies": { "@types/node": "*", "tarn": "^3.0.1", "tedious": "*" } }, "sha512-P0nCgw6vzY23UxZMnbI4N7fnLGANt4LI4yvxze1paPj+LuN28cFv5EI+QidP8udnId/BKhkcRhm/BleNsjK65A=="],
 
-    "@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+    "@types/node": ["@types/node@24.12.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-GYDxsZi3ChgmckRT9HPU0WEhKLP08ev/Yfcq2AstjrDASOYCSXeyjDsHg4v5t4jOj7cyDX3vmprafKlWIG9MXQ=="],
 
     "@types/node-forge": ["@types/node-forge@1.3.14", "", { "dependencies": { "@types/node": "*" } }, "sha512-mhVF2BnD4BO+jtOp7z1CdzaK4mbuK0LLQYAvdOLqHTavxFNq4zA1EmYkpnFjP8HOUzedfQkRnp0E2ulSAYSzAw=="],
 
@@ -582,7 +588,7 @@
 
     "@typespec/ts-http-runtime": ["@typespec/ts-http-runtime@0.3.3", "", { "dependencies": { "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.0", "tslib": "^2.6.2" } }, "sha512-91fp6CAAJSRtH5ja95T1FHSKa8aPW9/Zw6cta81jlZTUw/+Vq8jM/AfF/14h2b71wwR84JUTW/3Y8QPhDAawFA=="],
 
-    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.1.4", "", { "dependencies": { "@babel/core": "^7.29.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-rc.3", "@types/babel__core": "^7.20.5", "react-refresh": "^0.18.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, "sha512-VIcFLdRi/VYRU8OL/puL7QXMYafHmqOnwTZY50U1JPlCNj30PxCMx65c494b1K9be9hX83KVt0+gTEwTWLqToA=="],
+    "@vitejs/plugin-react": ["@vitejs/plugin-react@5.2.0", "", { "dependencies": { "@babel/core": "^7.29.0", "@babel/plugin-transform-react-jsx-self": "^7.27.1", "@babel/plugin-transform-react-jsx-source": "^7.27.1", "@rolldown/pluginutils": "1.0.0-rc.3", "@types/babel__core": "^7.20.5", "react-refresh": "^0.18.0" }, "peerDependencies": { "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0" } }, "sha512-YmKkfhOAi3wsB1PhJq5Scj3GXMn3WvtQ/JC0xoopuHoXSdmtdStOpFrYaT1kie2YgFBcIe64ROzMYRjCrYOdYw=="],
 
     "@xmldom/xmldom": ["@xmldom/xmldom@0.8.11", "", {}, "sha512-cQzWCtO6C8TQiYl1ruKNn2U6Ao4o4WBBcbL61yJl84x+j5sOWWFU9X7DpND8XZG3daDppSsigMdfAIl2upQBRw=="],
 
@@ -830,6 +836,8 @@
 
     "env-paths": ["env-paths@2.2.1", "", {}, "sha512-+h1lkLKhZMTYjog1VEpJNG7NZJWcuc2DDk/qsqSTRRCOXiLjeQ1d1/udrUGhqMxUgAlwKNZ0cf2uqan5GLuS2A=="],
 
+    "env-runner": ["env-runner@0.1.6", "", { "dependencies": { "crossws": "^0.4.4", "httpxy": "^0.3.1", "srvx": "^0.11.9" }, "peerDependencies": { "miniflare": "^4.0.0" }, "optionalPeers": ["miniflare"], "bin": { "env-runner": "dist/cli.mjs" } }, "sha512-fSb7X1zdda8k6611a6/SdSQpDe7a/bqMz2UWdbHjk9YWzpUR4/fn9YtE/hqgGQ2nhvVN0zUtcL1SRMKwIsDbAA=="],
+
     "err-code": ["err-code@2.0.3", "", {}, "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA=="],
 
     "es-define-property": ["es-define-property@1.0.1", "", {}, "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g=="],
@@ -878,7 +886,7 @@
 
     "form-data": ["form-data@4.0.5", "", { "dependencies": { "asynckit": "^0.4.0", "combined-stream": "^1.0.8", "es-set-tostringtag": "^2.1.0", "hasown": "^2.0.2", "mime-types": "^2.1.12" } }, "sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w=="],
 
-    "framer-motion": ["framer-motion@12.35.0", "", { "dependencies": { "motion-dom": "^12.35.0", "motion-utils": "^12.29.2", "tslib": "^2.4.0" }, "peerDependencies": { "@emotion/is-prop-valid": "*", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@emotion/is-prop-valid", "react", "react-dom"] }, "sha512-w8hghCMQ4oq10j6aZh3U2yeEQv5K69O/seDI/41PK4HtgkLrcBovUNc0ayBC3UyyU7V1mrY2yLzvYdWJX9pGZQ=="],
+    "framer-motion": ["framer-motion@12.36.0", "", { "dependencies": { "motion-dom": "^12.36.0", "motion-utils": "^12.36.0", "tslib": "^2.4.0" }, "peerDependencies": { "@emotion/is-prop-valid": "*", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@emotion/is-prop-valid", "react", "react-dom"] }, "sha512-4PqYHAT7gev0ke0wos+PyrcFxI0HScjm3asgU8nSYa8YzJFuwgIvdj3/s3ZaxLq0bUSboIn19A2WS/MHwLCvfw=="],
 
     "fs-extra": ["fs-extra@10.1.0", "", { "dependencies": { "graceful-fs": "^4.2.0", "jsonfile": "^6.0.1", "universalify": "^2.0.0" } }, "sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ=="],
 
@@ -920,9 +928,9 @@
 
     "graceful-fs": ["graceful-fs@4.2.11", "", {}, "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="],
 
-    "h3": ["h3@2.0.1-rc.14", "", { "dependencies": { "rou3": "^0.7.12", "srvx": "^0.11.2" }, "peerDependencies": { "crossws": "^0.4.1" }, "optionalPeers": ["crossws"], "bin": { "h3": "bin/h3.mjs" } }, "sha512-163qbGmTr/9rqQRNuqMqtgXnOUAkE4KTdauiC9y0E5iG1I65kte9NyfWvZw5RTDMt6eY+DtyoNzrQ9wA2BfvGQ=="],
+    "h3": ["h3@2.0.1-rc.16", "", { "dependencies": { "rou3": "^0.8.0", "srvx": "^0.11.9" }, "peerDependencies": { "crossws": "^0.4.1" }, "optionalPeers": ["crossws"], "bin": { "h3": "bin/h3.mjs" } }, "sha512-h+pjvyujdo9way8qj6FUbhaQcHlR8FEq65EhTX9ViT5pK8aLj68uFl4hBkF+hsTJAH+H1END2Yv6hTIsabGfag=="],
 
-    "h3-v2": ["h3@2.0.1-rc.14", "", { "dependencies": { "rou3": "^0.7.12", "srvx": "^0.11.2" }, "peerDependencies": { "crossws": "^0.4.1" }, "optionalPeers": ["crossws"], "bin": { "h3": "bin/h3.mjs" } }, "sha512-163qbGmTr/9rqQRNuqMqtgXnOUAkE4KTdauiC9y0E5iG1I65kte9NyfWvZw5RTDMt6eY+DtyoNzrQ9wA2BfvGQ=="],
+    "h3-v2": ["h3@2.0.1-rc.16", "", { "dependencies": { "rou3": "^0.8.0", "srvx": "^0.11.9" }, "peerDependencies": { "crossws": "^0.4.1" }, "optionalPeers": ["crossws"], "bin": { "h3": "bin/h3.mjs" } }, "sha512-h+pjvyujdo9way8qj6FUbhaQcHlR8FEq65EhTX9ViT5pK8aLj68uFl4hBkF+hsTJAH+H1END2Yv6hTIsabGfag=="],
 
     "has-flag": ["has-flag@4.0.0", "", {}, "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="],
 
@@ -948,6 +956,8 @@
 
     "https-proxy-agent": ["https-proxy-agent@7.0.6", "", { "dependencies": { "agent-base": "^7.1.2", "debug": "4" } }, "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw=="],
 
+    "httpxy": ["httpxy@0.3.1", "", {}, "sha512-XjG/CEoofEisMrnFr0D6U6xOZ4mRfnwcYQ9qvvnT4lvnX8BoeA3x3WofB75D+vZwpaobFVkBIHrZzoK40w8XSw=="],
+
     "iconv-corefoundation": ["iconv-corefoundation@1.1.7", "", { "dependencies": { "cli-truncate": "^2.1.0", "node-addon-api": "^1.6.3" }, "os": "darwin" }, "sha512-T10qvkw0zz4wnm560lOEg0PovVqUXuOFhhHAkixw8/sycy7TJt7v/RrkEKEQnAw2viPSJu6iAkErxnzR0g8PpQ=="],
 
     "iconv-lite": ["iconv-lite@0.6.3", "", { "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" } }, "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw=="],
@@ -1036,29 +1046,29 @@
 
     "lie": ["lie@3.3.0", "", { "dependencies": { "immediate": "~3.0.5" } }, "sha512-UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ=="],
 
-    "lightningcss": ["lightningcss@1.31.1", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.31.1", "lightningcss-darwin-arm64": "1.31.1", "lightningcss-darwin-x64": "1.31.1", "lightningcss-freebsd-x64": "1.31.1", "lightningcss-linux-arm-gnueabihf": "1.31.1", "lightningcss-linux-arm64-gnu": "1.31.1", "lightningcss-linux-arm64-musl": "1.31.1", "lightningcss-linux-x64-gnu": "1.31.1", "lightningcss-linux-x64-musl": "1.31.1", "lightningcss-win32-arm64-msvc": "1.31.1", "lightningcss-win32-x64-msvc": "1.31.1" } }, "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ=="],
+    "lightningcss": ["lightningcss@1.32.0", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.32.0", "lightningcss-darwin-arm64": "1.32.0", "lightningcss-darwin-x64": "1.32.0", "lightningcss-freebsd-x64": "1.32.0", "lightningcss-linux-arm-gnueabihf": "1.32.0", "lightningcss-linux-arm64-gnu": "1.32.0", "lightningcss-linux-arm64-musl": "1.32.0", "lightningcss-linux-x64-gnu": "1.32.0", "lightningcss-linux-x64-musl": "1.32.0", "lightningcss-win32-arm64-msvc": "1.32.0", "lightningcss-win32-x64-msvc": "1.32.0" } }, "sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ=="],
 
-    "lightningcss-android-arm64": ["lightningcss-android-arm64@1.31.1", "", { "os": "android", "cpu": "arm64" }, "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg=="],
+    "lightningcss-android-arm64": ["lightningcss-android-arm64@1.32.0", "", { "os": "android", "cpu": "arm64" }, "sha512-YK7/ClTt4kAK0vo6w3X+Pnm0D2cf2vPHbhOXdoNti1Ga0al1P4TBZhwjATvjNwLEBCnKvjJc2jQgHXH0NEwlAg=="],
 
-    "lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.31.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg=="],
+    "lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.32.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-RzeG9Ju5bag2Bv1/lwlVJvBE3q6TtXskdZLLCyfg5pt+HLz9BqlICO7LZM7VHNTTn/5PRhHFBSjk5lc4cmscPQ=="],
 
-    "lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.31.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA=="],
+    "lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.32.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-U+QsBp2m/s2wqpUYT/6wnlagdZbtZdndSmut/NJqlCcMLTWp5muCrID+K5UJ6jqD2BFshejCYXniPDbNh73V8w=="],
 
-    "lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.31.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A=="],
+    "lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.32.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-JCTigedEksZk3tHTTthnMdVfGf61Fky8Ji2E4YjUTEQX14xiy/lTzXnu1vwiZe3bYe0q+SpsSH/CTeDXK6WHig=="],
 
-    "lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.31.1", "", { "os": "linux", "cpu": "arm" }, "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g=="],
+    "lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.32.0", "", { "os": "linux", "cpu": "arm" }, "sha512-x6rnnpRa2GL0zQOkt6rts3YDPzduLpWvwAF6EMhXFVZXD4tPrBkEFqzGowzCsIWsPjqSK+tyNEODUBXeeVHSkw=="],
 
-    "lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg=="],
+    "lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.32.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ=="],
 
-    "lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg=="],
+    "lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.32.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg=="],
 
-    "lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA=="],
+    "lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.32.0", "", { "os": "linux", "cpu": "x64" }, "sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA=="],
 
-    "lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA=="],
+    "lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.32.0", "", { "os": "linux", "cpu": "x64" }, "sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg=="],
 
-    "lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.31.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w=="],
+    "lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.32.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw=="],
 
-    "lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.31.1", "", { "os": "win32", "cpu": "x64" }, "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw=="],
+    "lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.32.0", "", { "os": "win32", "cpu": "x64" }, "sha512-Amq9B/SoZYdDi1kFrojnoqPLxYhQ4Wo5XiL8EVJrVsB8ARoC1PWW6VGtT0WKCemjy8aC+louJnjS7U18x3b06Q=="],
 
     "lodash": ["lodash@4.17.23", "", {}, "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w=="],
 
@@ -1078,6 +1088,8 @@
 
     "log-symbols": ["log-symbols@4.1.0", "", { "dependencies": { "chalk": "^4.1.0", "is-unicode-supported": "^0.1.0" } }, "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg=="],
 
+    "lossless-json": ["lossless-json@4.3.0", "", {}, "sha512-ToxOC+SsduRmdSuoLZLYAr5zy1Qu7l5XhmPWM3zefCZ5IcrzW/h108qbJUKfOlDlhvhjUK84+8PSVX0kxnit0g=="],
+
     "lowercase-keys": ["lowercase-keys@2.0.0", "", {}, "sha512-tqNXrS78oMOE73NMxK4EMLQsQowWf8jKooH9g7xPavRT706R6bkQJ6DY2Te7QukaZsulxa30wQ7bk0pm4XiHmA=="],
 
     "lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
@@ -1120,11 +1132,11 @@
 
     "mkdirp": ["mkdirp@0.5.6", "", { "dependencies": { "minimist": "^1.2.6" }, "bin": { "mkdirp": "bin/cmd.js" } }, "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw=="],
 
-    "motion": ["motion@12.35.0", "", { "dependencies": { "framer-motion": "^12.35.0", "tslib": "^2.4.0" }, "peerDependencies": { "@emotion/is-prop-valid": "*", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@emotion/is-prop-valid", "react", "react-dom"] }, "sha512-BQUhNUIGvUcwXCzwmnT1JpjUqab34lIwxHnXUyWRht1WC1vAyp7/4qgMiUXxN3K6hgUhyoR+HNnLeQMwUZjVjw=="],
+    "motion": ["motion@12.36.0", "", { "dependencies": { "framer-motion": "^12.36.0", "tslib": "^2.4.0" }, "peerDependencies": { "@emotion/is-prop-valid": "*", "react": "^18.0.0 || ^19.0.0", "react-dom": "^18.0.0 || ^19.0.0" }, "optionalPeers": ["@emotion/is-prop-valid", "react", "react-dom"] }, "sha512-5BMQuktYUX8aEByKWYx5tR4X3G08H2OMgp46wTxZ4o7CDDstyy4A0fe9RLNMjZiwvntCWGDvs16sC87/emz4Yw=="],
 
-    "motion-dom": ["motion-dom@12.35.0", "", { "dependencies": { "motion-utils": "^12.29.2" } }, "sha512-FFMLEnIejK/zDABn+vqGVAUN4T0+3fw+cVAY8MMT65yR+j5uMuvWdd4npACWhh94OVWQs79CrBBuwOwGRZAQiA=="],
+    "motion-dom": ["motion-dom@12.36.0", "", { "dependencies": { "motion-utils": "^12.36.0" } }, "sha512-Ep1pq8P88rGJ75om8lTCA13zqd7ywPGwCqwuWwin6BKc0hMLkVfcS6qKlRqEo2+t0DwoUcgGJfXwaiFn4AOcQA=="],
 
-    "motion-utils": ["motion-utils@12.29.2", "", {}, "sha512-G3kc34H2cX2gI63RqU+cZq+zWRRPSsNIOjpdl9TN4AQwC4sgwYPl/Q/Obf/d53nOm569T0fYK+tcoSV50BWx8A=="],
+    "motion-utils": ["motion-utils@12.36.0", "", {}, "sha512-eHWisygbiwVvf6PZ1vhaHCLamvkSbPIeAYxWUuL3a2PD/TROgE7FvfHWTIH4vMl798QLfMw15nRqIaRDXTlYRg=="],
 
     "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
 
@@ -1136,9 +1148,9 @@
 
     "negotiator": ["negotiator@1.0.0", "", {}, "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg=="],
 
-    "nf3": ["nf3@0.3.10", "", {}, "sha512-UlqmHkZiHGgSkRj17yrOXEsSu5ECvtlJ3Xm1W5WsWrTKgu9m7OjrMZh9H/ME2LcWrTlMD0/vmmNVpyBG4yRdGg=="],
+    "nf3": ["nf3@0.3.11", "", {}, "sha512-ObKp/SA3f1g1f/OMeDlRWaZmqGgk7A0NnDIbeO7c/MV4r/quMlpP/BsqMGuTi3lUlXbC1On8YH7ICM2u2bIAOw=="],
 
-    "nitro": ["nitro-nightly@3.0.1-20260227-181935-bfbb207c", "", { "dependencies": { "consola": "^3.4.2", "crossws": "^0.4.4", "db0": "^0.3.4", "h3": "^2.0.1-rc.14", "hookable": "^6.0.1", "nf3": "^0.3.10", "ofetch": "^2.0.0-alpha.3", "ohash": "^2.0.11", "rolldown": "^1.0.0-rc.5", "srvx": "^0.11.7", "unenv": "^2.0.0-rc.24", "unstorage": "^2.0.0-alpha.5" }, "peerDependencies": { "dotenv": "*", "giget": "*", "jiti": "^2.6.1", "rollup": "^4.59.0", "vite": "^7 || ^8 || >=8.0.0-0", "xml2js": "^0.6.2" }, "optionalPeers": ["dotenv", "giget", "jiti", "rollup", "vite", "xml2js"], "bin": { "nitro": "dist/cli/index.mjs" } }, "sha512-J9dNAHHuZqzDra4Zr9N6+4hkRPgfrUVw++9I32BHDmwo6MkyRdvmqucWTB5T+J8G3xAMc4+XskExmUEEqxpbZw=="],
+    "nitro": ["nitro-nightly@3.0.1-20260315-195328-c31268c6", "", { "dependencies": { "consola": "^3.4.2", "crossws": "^0.4.4", "db0": "^0.3.4", "env-runner": "^0.1.6", "h3": "^2.0.1-rc.16", "hookable": "^6.0.1", "nf3": "^0.3.11", "ocache": "^0.1.2", "ofetch": "^2.0.0-alpha.3", "ohash": "^2.0.11", "rolldown": "^1.0.0-rc.9", "srvx": "^0.11.9", "unenv": "^2.0.0-rc.24", "unstorage": "^2.0.0-alpha.6" }, "peerDependencies": { "dotenv": "*", "giget": "*", "jiti": "^2.6.1", "rollup": "^4.59.0", "vite": "^7 || ^8 || >=8.0.0-0", "xml2js": "^0.6.2", "zephyr-agent": "^0.1.15" }, "optionalPeers": ["dotenv", "giget", "jiti", "rollup", "vite", "xml2js", "zephyr-agent"], "bin": { "nitro": "dist/cli/index.mjs" } }, "sha512-fe92y8PQ3RdQt+4cBl2tV+IRzFjXFYTKjkylGmiGjqz/X2gvqZhK/Z062qiT/CNFXTQis9xj9hiKW66LDMGjpQ=="],
 
     "node-abi": ["node-abi@4.26.0", "", { "dependencies": { "semver": "^7.6.3" } }, "sha512-8QwIZqikRvDIkXS2S93LjzhsSPJuIbfaMETWH+Bx8oOT9Sa9UsUtBFQlc3gBNd1+QINjaTloitXr1W3dQLi9Iw=="],
 
@@ -1162,6 +1174,8 @@
 
     "object-keys": ["object-keys@1.1.1", "", {}, "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA=="],
 
+    "ocache": ["ocache@0.1.2", "", { "dependencies": { "ohash": "^2.0.11" } }, "sha512-lI34wjM7cahEdrq2I5obbF7MEdE97vULf6vNj6ZCzwEadzyXO1w7QOl2qzzG4IL8cyO7wDtXPj9CqW/aG3mn7g=="],
+
     "ofetch": ["ofetch@2.0.0-alpha.3", "", {}, "sha512-zpYTCs2byOuft65vI3z43Dd6iSdFbOZZLb9/d21aCpx2rGastVU9dOCv0lu4ykc1Ur1anAYjDi3SUvR0vq50JA=="],
 
     "ohash": ["ohash@2.0.11", "", {}, "sha512-RdR9FQrFwNBNXAr4GixM8YaRZRJ5PUWbKYbE5eOsrwAjJW0q2REGcf79oYPsLyskQCZG1PLN+S/K1V00joZAoQ=="],
@@ -1274,7 +1288,7 @@
 
     "roarr": ["roarr@2.15.4", "", { "dependencies": { "boolean": "^3.0.1", "detect-node": "^2.0.4", "globalthis": "^1.0.1", "json-stringify-safe": "^5.0.1", "semver-compare": "^1.0.0", "sprintf-js": "^1.1.2" } }, "sha512-CHhPh+UNHD2GTXNYhPWLnU8ONHdI+5DI+4EYIAOaiD63rHeYlZvyh8P+in5999TTSFgUYuKUAjzRI4mdh/p+2A=="],
 
-    "rolldown": ["rolldown@1.0.0-rc.6", "", { "dependencies": { "@oxc-project/types": "=0.115.0", "@rolldown/pluginutils": "1.0.0-rc.6" }, "optionalDependencies": { "@rolldown/binding-android-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-x64": "1.0.0-rc.6", "@rolldown/binding-freebsd-x64": "1.0.0-rc.6", "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.6", "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-x64-musl": "1.0.0-rc.6", "@rolldown/binding-openharmony-arm64": "1.0.0-rc.6", "@rolldown/binding-wasm32-wasi": "1.0.0-rc.6", "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.6", "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.6" }, "bin": { "rolldown": "bin/cli.mjs" } }, "sha512-B8vFPV1ADyegoYfhg+E7RAucYKv0xdVlwYYsIJgfPNeiSxZGWNxts9RqhyGzC11ULK/VaeXyKezGCwpMiH8Ktw=="],
+    "rolldown": ["rolldown@1.0.0-rc.9", "", { "dependencies": { "@oxc-project/types": "=0.115.0", "@rolldown/pluginutils": "1.0.0-rc.9" }, "optionalDependencies": { "@rolldown/binding-android-arm64": "1.0.0-rc.9", "@rolldown/binding-darwin-arm64": "1.0.0-rc.9", "@rolldown/binding-darwin-x64": "1.0.0-rc.9", "@rolldown/binding-freebsd-x64": "1.0.0-rc.9", "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.9", "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.9", "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.9", "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.9", "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.9", "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.9", "@rolldown/binding-linux-x64-musl": "1.0.0-rc.9", "@rolldown/binding-openharmony-arm64": "1.0.0-rc.9", "@rolldown/binding-wasm32-wasi": "1.0.0-rc.9", "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.9", "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.9" }, "bin": { "rolldown": "bin/cli.mjs" } }, "sha512-9EbgWge7ZH+yqb4d2EnELAntgPTWbfL8ajiTW+SyhJEC4qhBbkCKbqFV4Ge4zmu5ziQuVbWxb/XwLZ+RIO7E8Q=="],
 
     "rou3": ["rou3@0.7.12", "", {}, "sha512-iFE4hLDuloSWcD7mjdCDhx2bKcIsYbtOTpfH5MHHLSKMOUyjqQXTeZVa289uuwEGEKFoE/BAPbhaU4B774nceg=="],
 
@@ -1330,7 +1344,7 @@
 
     "sprintf-js": ["sprintf-js@1.1.3", "", {}, "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA=="],
 
-    "srvx": ["srvx@0.11.8", "", { "bin": { "srvx": "bin/srvx.mjs" } }, "sha512-2n9t0YnAXPJjinytvxccNgs7rOA5gmE7Wowt/8Dy2dx2fDC6sBhfBpbrCvjYKALlVukPS/Uq3QwkolKNa7P/2Q=="],
+    "srvx": ["srvx@0.11.12", "", { "bin": { "srvx": "bin/srvx.mjs" } }, "sha512-AQfrGqntqVPXgP03pvBDN1KyevHC+KmYVqb8vVf4N+aomQqdhaZxjvoVp+AOm4u6x+GgNQY3MVzAUIn+TqwkOA=="],
 
     "ssri": ["ssri@12.0.0", "", { "dependencies": { "minipass": "^7.0.3" } }, "sha512-S7iGNosepx9RadX82oimUkvr0Ct7IjJbEbs4mJcTxst8um95J3sDYU1RBEOvdu6oL1Wek2ODI5i4MAw+dZ6cAQ=="],
 
@@ -1350,7 +1364,7 @@
 
     "supports-color": ["supports-color@7.2.0", "", { "dependencies": { "has-flag": "^4.0.0" } }, "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw=="],
 
-    "systeminformation": ["systeminformation@5.31.3", "", { "os": "!aix", "bin": { "systeminformation": "lib/cli.js" } }, "sha512-vX0eeI7oGIr79NLiJRWnK8SyxDjyiNOEanaQnHRNyb5ep8QcpD8QMDvrukdrxV4pV4AKjwUDfaypXnWHMC/65A=="],
+    "systeminformation": ["systeminformation@5.31.4", "", { "os": "!aix", "bin": { "systeminformation": "lib/cli.js" } }, "sha512-lZppDyQx91VdS5zJvAyGkmwe+Mq6xY978BDUG2wRkWE+jkmUF5ti8cvOovFQoN5bvSFKCXVkyKEaU5ec3SJiRg=="],
 
     "tagged-tag": ["tagged-tag@1.0.0", "", {}, "sha512-yEFYrVhod+hdNyx7g5Bnkkb0G6si8HJurOoOEgC8B/O0uXLHlaey/65KRv6cuWBNhBgHKAROVpc7QyYqE5gFng=="],
 
@@ -1392,19 +1406,19 @@
 
     "tsx": ["tsx@4.21.0", "", { "dependencies": { "esbuild": "~0.27.0", "get-tsconfig": "^4.7.5" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "bin": { "tsx": "dist/cli.mjs" } }, "sha512-5C1sg4USs1lfG0GFb2RLXsdpXqBSEhAaA/0kPL01wxzpMqLILNxIxIOKiILz+cdg/pLnOUxFYOR5yhHU666wbw=="],
 
-    "turbo": ["turbo@2.8.13", "", { "optionalDependencies": { "turbo-darwin-64": "2.8.13", "turbo-darwin-arm64": "2.8.13", "turbo-linux-64": "2.8.13", "turbo-linux-arm64": "2.8.13", "turbo-windows-64": "2.8.13", "turbo-windows-arm64": "2.8.13" }, "bin": { "turbo": "bin/turbo" } }, "sha512-nyM99hwFB9/DHaFyKEqatdayGjsMNYsQ/XBNO6MITc7roncZetKb97MpHxWf3uiU+LB9c9HUlU3Jp2Ixei2k1A=="],
+    "turbo": ["turbo@2.8.17", "", { "optionalDependencies": { "turbo-darwin-64": "2.8.17", "turbo-darwin-arm64": "2.8.17", "turbo-linux-64": "2.8.17", "turbo-linux-arm64": "2.8.17", "turbo-windows-64": "2.8.17", "turbo-windows-arm64": "2.8.17" }, "bin": { "turbo": "bin/turbo" } }, "sha512-YwPsNSqU2f/RXU/+Kcb7cPkPZARxom4+me7LKEdN5jsvy2tpfze3zDZ4EiGrJnvOm9Avu9rK0aaYsP7qZ3iz7A=="],
 
-    "turbo-darwin-64": ["turbo-darwin-64@2.8.13", "", { "os": "darwin", "cpu": "x64" }, "sha512-PmOvodQNiOj77+Zwoqku70vwVjKzL34RTNxxoARjp5RU5FOj/CGiC6vcDQhNtFPUOWSAaogHF5qIka9TBhX4XA=="],
+    "turbo-darwin-64": ["turbo-darwin-64@2.8.17", "", { "os": "darwin", "cpu": "x64" }, "sha512-ZFkv2hv7zHpAPEXBF6ouRRXshllOavYc+jjcrYyVHvxVTTwJWsBZwJ/gpPzmOKGvkSjsEyDO5V6aqqtZzwVF+Q=="],
 
-    "turbo-darwin-arm64": ["turbo-darwin-arm64@2.8.13", "", { "os": "darwin", "cpu": "arm64" }, "sha512-kI+anKcLIM4L8h+NsM7mtAUpElkCOxv5LgiQVQR8BASyDFfc8Efj5kCk3cqxuxOvIqx0sLfCX7atrHQ2kwuNJQ=="],
+    "turbo-darwin-arm64": ["turbo-darwin-arm64@2.8.17", "", { "os": "darwin", "cpu": "arm64" }, "sha512-5DXqhQUt24ycEryXDfMNKEkW5TBHs+QmU23a2qxXwwFDaJsWcPo2obEhBxxdEPOv7qmotjad+09RGeWCcJ9JDw=="],
 
-    "turbo-linux-64": ["turbo-linux-64@2.8.13", "", { "os": "linux", "cpu": "x64" }, "sha512-j29KnQhHyzdzgCykBFeBqUPS4Wj7lWMnZ8CHqytlYDap4Jy70l4RNG46pOL9+lGu6DepK2s1rE86zQfo0IOdPw=="],
+    "turbo-linux-64": ["turbo-linux-64@2.8.17", "", { "os": "linux", "cpu": "x64" }, "sha512-KLUbz6w7F73D/Ihh51hVagrKR0/CTsPEbRkvXLXvoND014XJ4BCrQUqSxlQ4/hu+nqp1v5WlM85/h3ldeyujuA=="],
 
-    "turbo-linux-arm64": ["turbo-linux-arm64@2.8.13", "", { "os": "linux", "cpu": "arm64" }, "sha512-OEl1YocXGZDRDh28doOUn49QwNe82kXljO1HXApjU0LapkDiGpfl3jkAlPKxEkGDSYWc8MH5Ll8S16Rf5tEBYg=="],
+    "turbo-linux-arm64": ["turbo-linux-arm64@2.8.17", "", { "os": "linux", "cpu": "arm64" }, "sha512-pJK67XcNJH40lTAjFu7s/rUlobgVXyB3A3lDoq+/JccB3hf+SysmkpR4Itlc93s8LEaFAI4mamhFuTV17Z6wOg=="],
 
-    "turbo-windows-64": ["turbo-windows-64@2.8.13", "", { "os": "win32", "cpu": "x64" }, "sha512-717bVk1+Pn2Jody7OmWludhEirEe0okoj1NpRbSm5kVZz/yNN/jfjbxWC6ilimXMz7xoMT3IDfQFJsFR3PMANA=="],
+    "turbo-windows-64": ["turbo-windows-64@2.8.17", "", { "os": "win32", "cpu": "x64" }, "sha512-EijeQ6zszDMmGZLP2vT2RXTs/GVi9rM0zv2/G4rNu2SSRSGFapgZdxgW4b5zUYLVaSkzmkpWlGfPfj76SW9yUg=="],
 
-    "turbo-windows-arm64": ["turbo-windows-arm64@2.8.13", "", { "os": "win32", "cpu": "arm64" }, "sha512-R819HShLIT0Wj6zWVnIsYvSNtRNj1q9VIyaUz0P24SMcLCbQZIm1sV09F4SDbg+KCCumqD2lcaR2UViQ8SnUJA=="],
+    "turbo-windows-arm64": ["turbo-windows-arm64@2.8.17", "", { "os": "win32", "cpu": "arm64" }, "sha512-crpfeMPkfECd4V1PQ/hMoiyVcOy04+bWedu/if89S15WhOalHZ2BYUi6DOJhZrszY+mTT99OwpOsj4wNfb/GHQ=="],
 
     "type-fest": ["type-fest@5.4.4", "", { "dependencies": { "tagged-tag": "^1.0.0" } }, "sha512-JnTrzGu+zPV3aXIUhnyWJj4z/wigMsdYajGLIYakqyOW1nPllzXEJee0QQbHj+CTIQtXGlAjuK0UY+2xTyjVAw=="],
 
@@ -1442,7 +1456,7 @@
 
     "verror": ["verror@1.10.1", "", { "dependencies": { "assert-plus": "^1.0.0", "core-util-is": "1.0.2", "extsprintf": "^1.2.0" } }, "sha512-veufcmxri4e3XSrT0xwfUR7kguIkaxBeosDg00yDWhk49wdwkSUrvvsm7nc75e1PUyvIeZj6nS8VQRYz2/S4Xg=="],
 
-    "vite": ["vite@8.0.0-beta.16", "", { "dependencies": { "@oxc-project/runtime": "0.115.0", "lightningcss": "^1.31.1", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rolldown": "1.0.0-rc.6", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.0.0-alpha.31", "esbuild": "^0.27.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-c0t7hYkxsjws89HH+BUFh/sL3BpPNhNsL9CJrTpMxBmwKQBRSa5OJ5w4o9O0bQVI/H/vx7UpUUIevvXa37NS/Q=="],
+    "vite": ["vite@8.0.0", "", { "dependencies": { "@oxc-project/runtime": "0.115.0", "lightningcss": "^1.32.0", "picomatch": "^4.0.3", "postcss": "^8.5.8", "rolldown": "1.0.0-rc.9", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.0.0-alpha.31", "esbuild": "^0.27.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-fPGaRNj9Zytaf8LEiBhY7Z6ijnFKdzU/+mL8EFBaKr7Vw1/FWcTBAMW0wLPJAGMPX38ZPVCVgLceWiEqeoqL2Q=="],
 
     "vite-tsconfig-paths": ["vite-tsconfig-paths@6.1.1", "", { "dependencies": { "debug": "^4.1.1", "globrex": "^0.1.2", "tsconfck": "^3.0.3" }, "peerDependencies": { "vite": "*" } }, "sha512-2cihq7zliibCCZ8P9cKJrQBkfgdvcFkOOc3Y02o3GWUDLgqjWsZudaoiuOwO/gzTzy17cS5F7ZPo4bsnS4DGkg=="],
 
@@ -1522,6 +1536,8 @@
 
     "@npmcli/fs/semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
 
+    "@tailwindcss/node/lightningcss": ["lightningcss@1.31.1", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.31.1", "lightningcss-darwin-arm64": "1.31.1", "lightningcss-darwin-x64": "1.31.1", "lightningcss-freebsd-x64": "1.31.1", "lightningcss-linux-arm-gnueabihf": "1.31.1", "lightningcss-linux-arm64-gnu": "1.31.1", "lightningcss-linux-arm64-musl": "1.31.1", "lightningcss-linux-x64-gnu": "1.31.1", "lightningcss-linux-x64-musl": "1.31.1", "lightningcss-win32-arm64-msvc": "1.31.1", "lightningcss-win32-x64-msvc": "1.31.1" } }, "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ=="],
+
     "@tailwindcss/oxide-wasm32-wasi/@emnapi/core": ["@emnapi/core@1.8.1", "", { "dependencies": { "@emnapi/wasi-threads": "1.1.0", "tslib": "^2.4.0" }, "bundled": true }, "sha512-AvT9QFpxK0Zd8J0jopedNm+w/2fIzvtPKPjqyw9jwvBaReTTqPBk9Hixaz7KbjimP+QNz605/XnjFcDAL2pqBg=="],
 
     "@tailwindcss/oxide-wasm32-wasi/@emnapi/runtime": ["@emnapi/runtime@1.8.1", "", { "dependencies": { "tslib": "^2.4.0" }, "bundled": true }, "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg=="],
@@ -1534,6 +1550,8 @@
 
     "@tailwindcss/oxide-wasm32-wasi/tslib": ["tslib@2.8.1", "", { "bundled": true }, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
 
+    "@tailwindcss/vite/vite": ["vite@8.0.0-beta.16", "", { "dependencies": { "@oxc-project/runtime": "0.115.0", "lightningcss": "^1.31.1", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rolldown": "1.0.0-rc.6", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.0.0-alpha.31", "esbuild": "^0.27.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-c0t7hYkxsjws89HH+BUFh/sL3BpPNhNsL9CJrTpMxBmwKQBRSa5OJ5w4o9O0bQVI/H/vx7UpUUIevvXa37NS/Q=="],
+
     "@tanstack/devtools-vite/chalk": ["chalk@5.6.2", "", {}, "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA=="],
 
     "@tanstack/router-generator/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
@@ -1546,6 +1564,24 @@
 
     "@tanstack/start-plugin-core/zod": ["zod@3.25.76", "", {}, "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ=="],
 
+    "@types/cacheable-request/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/fs-extra/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/keyv/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/mssql/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/node-forge/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/plist/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/readable-stream/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/responselike/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "@types/yauzl/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
     "anymatch/picomatch": ["picomatch@2.3.1", "", {}, "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="],
 
     "app-builder-lib/@electron/get": ["@electron/get@3.1.0", "", { "dependencies": { "debug": "^4.1.1", "env-paths": "^2.2.0", "fs-extra": "^8.1.0", "got": "^11.8.5", "progress": "^2.0.3", "semver": "^6.2.0", "sumchecker": "^3.0.1" }, "optionalDependencies": { "global-agent": "^3.0.0" } }, "sha512-F+nKc0xW+kVbBRhFzaMgPy3KwmuNTYX1fx6+FxxoSnNgwYX6LD7AKBTWkU0MQ6IBoe7dz069CNkR673sPAgkCQ=="],
@@ -1558,6 +1594,8 @@
 
     "bl/readable-stream": ["readable-stream@4.7.0", "", { "dependencies": { "abort-controller": "^3.0.0", "buffer": "^6.0.3", "events": "^3.3.0", "process": "^0.11.10", "string_decoder": "^1.3.0" } }, "sha512-oIGGmcpTLwPga8Bn6/Z75SVaH1z5dUut2ibSyAMVhmUggWpmDn2dapB0n7f8nwaSiRtepAsfJyfXIO5DCVAODg=="],
 
+    "bun-types/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
     "cacache/glob": ["glob@10.5.0", "", { "dependencies": { "foreground-child": "^3.1.0", "jackspeak": "^3.1.2", "minimatch": "^9.0.4", "minipass": "^7.1.2", "package-json-from-dist": "^1.0.0", "path-scurry": "^1.11.1" }, "bin": { "glob": "dist/esm/bin.mjs" } }, "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg=="],
 
     "cacache/lru-cache": ["lru-cache@10.4.3", "", {}, "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ=="],
@@ -1570,6 +1608,10 @@
 
     "ecdsa-sig-formatter/safe-buffer": ["safe-buffer@5.2.1", "", {}, "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="],
 
+    "electron/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
+    "electron-vite/vite": ["vite@8.0.0-beta.16", "", { "dependencies": { "@oxc-project/runtime": "0.115.0", "lightningcss": "^1.31.1", "picomatch": "^4.0.3", "postcss": "^8.5.6", "rolldown": "1.0.0-rc.6", "tinyglobby": "^0.2.15" }, "optionalDependencies": { "fsevents": "~2.3.3" }, "peerDependencies": { "@types/node": "^20.19.0 || >=22.12.0", "@vitejs/devtools": "^0.0.0-alpha.31", "esbuild": "^0.27.0", "jiti": ">=1.21.0", "less": "^4.0.0", "sass": "^1.70.0", "sass-embedded": "^1.70.0", "stylus": ">=0.54.8", "sugarss": "^5.0.0", "terser": "^5.16.0", "tsx": "^4.8.1", "yaml": "^2.4.2" }, "optionalPeers": ["@types/node", "@vitejs/devtools", "esbuild", "jiti", "less", "sass", "sass-embedded", "stylus", "sugarss", "terser", "tsx", "yaml"], "bin": { "vite": "bin/vite.js" } }, "sha512-c0t7hYkxsjws89HH+BUFh/sL3BpPNhNsL9CJrTpMxBmwKQBRSa5OJ5w4o9O0bQVI/H/vx7UpUUIevvXa37NS/Q=="],
+
     "electron-winstaller/fs-extra": ["fs-extra@7.0.1", "", { "dependencies": { "graceful-fs": "^4.1.2", "jsonfile": "^4.0.0", "universalify": "^0.1.0" } }, "sha512-YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw=="],
 
     "filelist/minimatch": ["minimatch@5.1.9", "", { "dependencies": { "brace-expansion": "^2.0.1" } }, "sha512-7o1wEA2RyMP7Iu7GNba9vc0RWWGACJOCZBJX2GJWip0ikV+wcOsgVuY9uE8CPiyQhkGFSlhuSkZPavN7u1c2Fw=="],
@@ -1580,6 +1622,10 @@
 
     "global-agent/semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
 
+    "h3/rou3": ["rou3@0.8.1", "", {}, "sha512-ePa+XGk00/3HuCqrEnK3LxJW7I0SdNg6EFzKUJG73hMAdDcOUC/i/aSz7LSDwLrGr33kal/rqOGydzwl6U7zBA=="],
+
+    "h3-v2/rou3": ["rou3@0.8.1", "", {}, "sha512-ePa+XGk00/3HuCqrEnK3LxJW7I0SdNg6EFzKUJG73hMAdDcOUC/i/aSz7LSDwLrGr33kal/rqOGydzwl6U7zBA=="],
+
     "hosted-git-info/lru-cache": ["lru-cache@6.0.0", "", { "dependencies": { "yallist": "^4.0.0" } }, "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA=="],
 
     "htmlparser2/entities": ["entities@7.0.1", "", {}, "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA=="],
@@ -1618,7 +1664,7 @@
 
     "recast/source-map": ["source-map@0.6.1", "", {}, "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="],
 
-    "rolldown/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.6", "", {}, "sha512-Y0+JT8Mi1mmW08K6HieG315XNRu4L0rkfCpA364HtytjgiqYnMYRdFPcxRl+BQQqNXzecL2S9nii+RUpO93XIA=="],
+    "rolldown/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.9", "", {}, "sha512-w6oiRWgEBl04QkFZgmW+jnU1EC9b57Oihi2ot3HNWIQRqgHp5PnYDia5iZ5FF7rpa4EQdiqMDXjlqKGXBhsoXw=="],
 
     "serialize-error/type-fest": ["type-fest@0.13.1", "", {}, "sha512-34R7HTnG0XIJcBSn5XhDd7nNFPRcXYRZrBB2O2jdKqYODldSzBAqzsWoZYYvduky73toYS/ESqxPvkDf/F0XMg=="],
 
@@ -1626,6 +1672,8 @@
 
     "source-map-support/source-map": ["source-map@0.6.1", "", {}, "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="],
 
+    "tedious/@types/node": ["@types/node@24.11.0", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-fPxQqz4VTgPI/IQ+lj9r0h+fDR66bzoeMGHp8ASee+32OSGIkeASsoZuJixsQoVef1QJbeubcPBxKk22QVoWdw=="],
+
     "tiny-async-pool/semver": ["semver@5.7.2", "", { "bin": { "semver": "bin/semver" } }, "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g=="],
 
     "tsx/esbuild": ["esbuild@0.27.3", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.27.3", "@esbuild/android-arm": "0.27.3", "@esbuild/android-arm64": "0.27.3", "@esbuild/android-x64": "0.27.3", "@esbuild/darwin-arm64": "0.27.3", "@esbuild/darwin-x64": "0.27.3", "@esbuild/freebsd-arm64": "0.27.3", "@esbuild/freebsd-x64": "0.27.3", "@esbuild/linux-arm": "0.27.3", "@esbuild/linux-arm64": "0.27.3", "@esbuild/linux-ia32": "0.27.3", "@esbuild/linux-loong64": "0.27.3", "@esbuild/linux-mips64el": "0.27.3", "@esbuild/linux-ppc64": "0.27.3", "@esbuild/linux-riscv64": "0.27.3", "@esbuild/linux-s390x": "0.27.3", "@esbuild/linux-x64": "0.27.3", "@esbuild/netbsd-arm64": "0.27.3", "@esbuild/netbsd-x64": "0.27.3", "@esbuild/openbsd-arm64": "0.27.3", "@esbuild/openbsd-x64": "0.27.3", "@esbuild/openharmony-arm64": "0.27.3", "@esbuild/sunos-x64": "0.27.3", "@esbuild/win32-arm64": "0.27.3", "@esbuild/win32-ia32": "0.27.3", "@esbuild/win32-x64": "0.27.3" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-8VwMnyGCONIs6cWue2IdpHxHnAjzxnw2Zr7MkVxB2vjmQ2ivqGFb4LEG3SMnv0Gb2F/G/2yA8zUaiL1gywDCCg=="],
@@ -1644,6 +1692,32 @@
 
     "@isaacs/cliui/wrap-ansi/ansi-styles": ["ansi-styles@6.2.3", "", {}, "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg=="],
 
+    "@tailwindcss/node/lightningcss/lightningcss-android-arm64": ["lightningcss-android-arm64@1.31.1", "", { "os": "android", "cpu": "arm64" }, "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.31.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.31.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.31.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.31.1", "", { "os": "linux", "cpu": "arm" }, "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.31.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w=="],
+
+    "@tailwindcss/node/lightningcss/lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.31.1", "", { "os": "win32", "cpu": "x64" }, "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw=="],
+
+    "@tailwindcss/vite/vite/lightningcss": ["lightningcss@1.31.1", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.31.1", "lightningcss-darwin-arm64": "1.31.1", "lightningcss-darwin-x64": "1.31.1", "lightningcss-freebsd-x64": "1.31.1", "lightningcss-linux-arm-gnueabihf": "1.31.1", "lightningcss-linux-arm64-gnu": "1.31.1", "lightningcss-linux-arm64-musl": "1.31.1", "lightningcss-linux-x64-gnu": "1.31.1", "lightningcss-linux-x64-musl": "1.31.1", "lightningcss-win32-arm64-msvc": "1.31.1", "lightningcss-win32-x64-msvc": "1.31.1" } }, "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ=="],
+
+    "@tailwindcss/vite/vite/rolldown": ["rolldown@1.0.0-rc.6", "", { "dependencies": { "@oxc-project/types": "=0.115.0", "@rolldown/pluginutils": "1.0.0-rc.6" }, "optionalDependencies": { "@rolldown/binding-android-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-x64": "1.0.0-rc.6", "@rolldown/binding-freebsd-x64": "1.0.0-rc.6", "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.6", "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-x64-musl": "1.0.0-rc.6", "@rolldown/binding-openharmony-arm64": "1.0.0-rc.6", "@rolldown/binding-wasm32-wasi": "1.0.0-rc.6", "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.6", "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.6" }, "bin": { "rolldown": "bin/cli.mjs" } }, "sha512-B8vFPV1ADyegoYfhg+E7RAucYKv0xdVlwYYsIJgfPNeiSxZGWNxts9RqhyGzC11ULK/VaeXyKezGCwpMiH8Ktw=="],
+
     "app-builder-lib/@electron/get/fs-extra": ["fs-extra@8.1.0", "", { "dependencies": { "graceful-fs": "^4.2.0", "jsonfile": "^4.0.0", "universalify": "^0.1.0" } }, "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g=="],
 
     "app-builder-lib/@electron/get/semver": ["semver@6.3.1", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="],
@@ -1656,6 +1730,10 @@
 
     "dir-compare/minimatch/brace-expansion": ["brace-expansion@1.1.12", "", { "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg=="],
 
+    "electron-vite/vite/lightningcss": ["lightningcss@1.31.1", "", { "dependencies": { "detect-libc": "^2.0.3" }, "optionalDependencies": { "lightningcss-android-arm64": "1.31.1", "lightningcss-darwin-arm64": "1.31.1", "lightningcss-darwin-x64": "1.31.1", "lightningcss-freebsd-x64": "1.31.1", "lightningcss-linux-arm-gnueabihf": "1.31.1", "lightningcss-linux-arm64-gnu": "1.31.1", "lightningcss-linux-arm64-musl": "1.31.1", "lightningcss-linux-x64-gnu": "1.31.1", "lightningcss-linux-x64-musl": "1.31.1", "lightningcss-win32-arm64-msvc": "1.31.1", "lightningcss-win32-x64-msvc": "1.31.1" } }, "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ=="],
+
+    "electron-vite/vite/rolldown": ["rolldown@1.0.0-rc.6", "", { "dependencies": { "@oxc-project/types": "=0.115.0", "@rolldown/pluginutils": "1.0.0-rc.6" }, "optionalDependencies": { "@rolldown/binding-android-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-arm64": "1.0.0-rc.6", "@rolldown/binding-darwin-x64": "1.0.0-rc.6", "@rolldown/binding-freebsd-x64": "1.0.0-rc.6", "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.6", "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.6", "@rolldown/binding-linux-x64-musl": "1.0.0-rc.6", "@rolldown/binding-openharmony-arm64": "1.0.0-rc.6", "@rolldown/binding-wasm32-wasi": "1.0.0-rc.6", "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.6", "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.6" }, "bin": { "rolldown": "bin/cli.mjs" } }, "sha512-B8vFPV1ADyegoYfhg+E7RAucYKv0xdVlwYYsIJgfPNeiSxZGWNxts9RqhyGzC11ULK/VaeXyKezGCwpMiH8Ktw=="],
+
     "electron-winstaller/fs-extra/jsonfile": ["jsonfile@4.0.0", "", { "optionalDependencies": { "graceful-fs": "^4.1.6" } }, "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg=="],
 
     "electron-winstaller/fs-extra/universalify": ["universalify@0.1.2", "", {}, "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="],
@@ -1730,6 +1808,56 @@
 
     "@electron/universal/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
 
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-android-arm64": ["lightningcss-android-arm64@1.31.1", "", { "os": "android", "cpu": "arm64" }, "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.31.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.31.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.31.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.31.1", "", { "os": "linux", "cpu": "arm" }, "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.31.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w=="],
+
+    "@tailwindcss/vite/vite/lightningcss/lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.31.1", "", { "os": "win32", "cpu": "x64" }, "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.0-rc.6", "", { "os": "android", "cpu": "arm64" }, "sha512-kvjTSWGcrv+BaR2vge57rsKiYdVR8V8CoS0vgKrc570qRBfty4bT+1X0z3j2TaVV+kAYzA0PjeB9+mdZyqUZlg=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-darwin-arm64": ["@rolldown/binding-darwin-arm64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "arm64" }, "sha512-+tJhD21KvGNtUrpLXrZQlT+j5HZKiEwR2qtcZb3vNOUpvoT9QjEykr75ZW/Kr0W89gose/HVXU6351uVZD8Qvw=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-darwin-x64": ["@rolldown/binding-darwin-x64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "x64" }, "sha512-DKNhjMk38FAWaHwUt1dFR3rA/qRAvn2NUvSG2UGvxvlMxSmN/qqww/j4ABAbXhNRXtGQNmrAINMXRuwHl16ZHg=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-freebsd-x64": ["@rolldown/binding-freebsd-x64@1.0.0-rc.6", "", { "os": "freebsd", "cpu": "x64" }, "sha512-8TThsRkCPAnfyMBShxrGdtoOE6h36QepqRQI97iFaQSCRbHFWHcDHppcojZnzXoruuhPnjMEygzaykvPVJsMRg=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-linux-arm-gnueabihf": ["@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm" }, "sha512-ZfmFoOwPUZCWtGOVC9/qbQzfc0249FrRUOzV2XabSMUV60Crp211OWLQN1zmQAsRIVWRcEwhJ46Z1mXGo/L/nQ=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-linux-arm64-gnu": ["@rolldown/binding-linux-arm64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-ZsGzbNETxPodGlLTYHaCSGVhNN/rvkMDCJYHdT7PZr5jFJRmBfmDi2awhF64Dt2vxrJqY6VeeYSgOzEbHRsb7Q=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-linux-arm64-musl": ["@rolldown/binding-linux-arm64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-elPpdevtCdUOqziemR86C4CSCr/5sUxalzDrf/CJdMT+kZt2C556as++qHikNOz0vuFf52h+GJNXZM08eWgGPQ=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-linux-x64-gnu": ["@rolldown/binding-linux-x64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-IBwXsf56o3xhzAyaZxdM1CX8UFiBEUFCjiVUgny67Q8vPIqkjzJj0YKhd3TbBHanuxThgBa59f6Pgutg2OGk5A=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-linux-x64-musl": ["@rolldown/binding-linux-x64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-vOk7G8V9Zm+8a6PL6JTpCea61q491oYlGtO6CvnsbhNLlKdf0bbCPytFzGQhYmCKZDKkEbmnkcIprTEGCURnwg=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-openharmony-arm64": ["@rolldown/binding-openharmony-arm64@1.0.0-rc.6", "", { "os": "none", "cpu": "arm64" }, "sha512-ASjEDI4MRv7XCQb2JVaBzfEYO98JKCGrAgoW6M03fJzH/ilCnC43Mb3ptB9q/lzsaahoJyIBoAGKAYEjUvpyvQ=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-wasm32-wasi": ["@rolldown/binding-wasm32-wasi@1.0.0-rc.6", "", { "dependencies": { "@napi-rs/wasm-runtime": "^1.1.1" }, "cpu": "none" }, "sha512-mYa1+h2l6Zc0LvmwUh0oXKKYihnw/1WC73vTqw+IgtfEtv47A+rWzzcWwVDkW73+UDr0d/Ie/HRXoaOY22pQDw=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-win32-arm64-msvc": ["@rolldown/binding-win32-arm64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "arm64" }, "sha512-e2ABskbNH3MRUBMjgxaMjYIw11DSwjLJxBII3UgpF6WClGLIh8A20kamc+FKH5vIaFVnYQInmcLYSUVpqMPLow=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/binding-win32-x64-msvc": ["@rolldown/binding-win32-x64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "x64" }, "sha512-dJVc3ifhaRXxIEh1xowLohzFrlQXkJ66LepHm+CmSprTWgVrPa8Fx3OL57xwIqDEH9hufcKkDX2v65rS3NZyRA=="],
+
+    "@tailwindcss/vite/vite/rolldown/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.6", "", {}, "sha512-Y0+JT8Mi1mmW08K6HieG315XNRu4L0rkfCpA364HtytjgiqYnMYRdFPcxRl+BQQqNXzecL2S9nii+RUpO93XIA=="],
+
     "app-builder-lib/@electron/get/fs-extra/jsonfile": ["jsonfile@4.0.0", "", { "optionalDependencies": { "graceful-fs": "^4.1.6" } }, "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg=="],
 
     "app-builder-lib/@electron/get/fs-extra/universalify": ["universalify@0.1.2", "", {}, "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="],
@@ -1740,6 +1868,56 @@
 
     "dir-compare/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
 
+    "electron-vite/vite/lightningcss/lightningcss-android-arm64": ["lightningcss-android-arm64@1.31.1", "", { "os": "android", "cpu": "arm64" }, "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-darwin-arm64": ["lightningcss-darwin-arm64@1.31.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-darwin-x64": ["lightningcss-darwin-x64@1.31.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-freebsd-x64": ["lightningcss-freebsd-x64@1.31.1", "", { "os": "freebsd", "cpu": "x64" }, "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-linux-arm-gnueabihf": ["lightningcss-linux-arm-gnueabihf@1.31.1", "", { "os": "linux", "cpu": "arm" }, "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-linux-arm64-gnu": ["lightningcss-linux-arm64-gnu@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-linux-arm64-musl": ["lightningcss-linux-arm64-musl@1.31.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-linux-x64-gnu": ["lightningcss-linux-x64-gnu@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-linux-x64-musl": ["lightningcss-linux-x64-musl@1.31.1", "", { "os": "linux", "cpu": "x64" }, "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-win32-arm64-msvc": ["lightningcss-win32-arm64-msvc@1.31.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w=="],
+
+    "electron-vite/vite/lightningcss/lightningcss-win32-x64-msvc": ["lightningcss-win32-x64-msvc@1.31.1", "", { "os": "win32", "cpu": "x64" }, "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-android-arm64": ["@rolldown/binding-android-arm64@1.0.0-rc.6", "", { "os": "android", "cpu": "arm64" }, "sha512-kvjTSWGcrv+BaR2vge57rsKiYdVR8V8CoS0vgKrc570qRBfty4bT+1X0z3j2TaVV+kAYzA0PjeB9+mdZyqUZlg=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-darwin-arm64": ["@rolldown/binding-darwin-arm64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "arm64" }, "sha512-+tJhD21KvGNtUrpLXrZQlT+j5HZKiEwR2qtcZb3vNOUpvoT9QjEykr75ZW/Kr0W89gose/HVXU6351uVZD8Qvw=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-darwin-x64": ["@rolldown/binding-darwin-x64@1.0.0-rc.6", "", { "os": "darwin", "cpu": "x64" }, "sha512-DKNhjMk38FAWaHwUt1dFR3rA/qRAvn2NUvSG2UGvxvlMxSmN/qqww/j4ABAbXhNRXtGQNmrAINMXRuwHl16ZHg=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-freebsd-x64": ["@rolldown/binding-freebsd-x64@1.0.0-rc.6", "", { "os": "freebsd", "cpu": "x64" }, "sha512-8TThsRkCPAnfyMBShxrGdtoOE6h36QepqRQI97iFaQSCRbHFWHcDHppcojZnzXoruuhPnjMEygzaykvPVJsMRg=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-linux-arm-gnueabihf": ["@rolldown/binding-linux-arm-gnueabihf@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm" }, "sha512-ZfmFoOwPUZCWtGOVC9/qbQzfc0249FrRUOzV2XabSMUV60Crp211OWLQN1zmQAsRIVWRcEwhJ46Z1mXGo/L/nQ=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-linux-arm64-gnu": ["@rolldown/binding-linux-arm64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-ZsGzbNETxPodGlLTYHaCSGVhNN/rvkMDCJYHdT7PZr5jFJRmBfmDi2awhF64Dt2vxrJqY6VeeYSgOzEbHRsb7Q=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-linux-arm64-musl": ["@rolldown/binding-linux-arm64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-elPpdevtCdUOqziemR86C4CSCr/5sUxalzDrf/CJdMT+kZt2C556as++qHikNOz0vuFf52h+GJNXZM08eWgGPQ=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-linux-x64-gnu": ["@rolldown/binding-linux-x64-gnu@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-IBwXsf56o3xhzAyaZxdM1CX8UFiBEUFCjiVUgny67Q8vPIqkjzJj0YKhd3TbBHanuxThgBa59f6Pgutg2OGk5A=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-linux-x64-musl": ["@rolldown/binding-linux-x64-musl@1.0.0-rc.6", "", { "os": "linux", "cpu": "x64" }, "sha512-vOk7G8V9Zm+8a6PL6JTpCea61q491oYlGtO6CvnsbhNLlKdf0bbCPytFzGQhYmCKZDKkEbmnkcIprTEGCURnwg=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-openharmony-arm64": ["@rolldown/binding-openharmony-arm64@1.0.0-rc.6", "", { "os": "none", "cpu": "arm64" }, "sha512-ASjEDI4MRv7XCQb2JVaBzfEYO98JKCGrAgoW6M03fJzH/ilCnC43Mb3ptB9q/lzsaahoJyIBoAGKAYEjUvpyvQ=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-wasm32-wasi": ["@rolldown/binding-wasm32-wasi@1.0.0-rc.6", "", { "dependencies": { "@napi-rs/wasm-runtime": "^1.1.1" }, "cpu": "none" }, "sha512-mYa1+h2l6Zc0LvmwUh0oXKKYihnw/1WC73vTqw+IgtfEtv47A+rWzzcWwVDkW73+UDr0d/Ie/HRXoaOY22pQDw=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-win32-arm64-msvc": ["@rolldown/binding-win32-arm64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "arm64" }, "sha512-e2ABskbNH3MRUBMjgxaMjYIw11DSwjLJxBII3UgpF6WClGLIh8A20kamc+FKH5vIaFVnYQInmcLYSUVpqMPLow=="],
+
+    "electron-vite/vite/rolldown/@rolldown/binding-win32-x64-msvc": ["@rolldown/binding-win32-x64-msvc@1.0.0-rc.6", "", { "os": "win32", "cpu": "x64" }, "sha512-dJVc3ifhaRXxIEh1xowLohzFrlQXkJ66LepHm+CmSprTWgVrPa8Fx3OL57xwIqDEH9hufcKkDX2v65rS3NZyRA=="],
+
+    "electron-vite/vite/rolldown/@rolldown/pluginutils": ["@rolldown/pluginutils@1.0.0-rc.6", "", {}, "sha512-Y0+JT8Mi1mmW08K6HieG315XNRu4L0rkfCpA364HtytjgiqYnMYRdFPcxRl+BQQqNXzecL2S9nii+RUpO93XIA=="],
+
     "filelist/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
 
     "glob/minimatch/brace-expansion/balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],

docs/工具箱端-授权对接指南/utils/AesGcmUtil.kt

@@ -1,124 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.github.oshai.kotlinlogging.KotlinLogging
-import java.nio.charset.StandardCharsets
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-private val logger = KotlinLogging.logger {}
-
-/**
- * AES-256-GCM 加密解密工具类
- * 
- * 安全设计说明：
- * - 使用 AES-256-GCM 提供认证加密（AEAD）
- * - GCM 模式自动提供认证标签（tag），防止数据被篡改
- * - IV（初始化向量）长度为 12 字节（96位），符合 GCM 推荐
- * - 认证标签长度为 16 字节（128位），提供强认证
- * - 加密数据格式：IV (12字节) + Ciphertext (变长) + Tag (16字节)
- * 
- * 为什么第三方无法伪造：
- * - 只有拥有正确 licence + fingerprint 的设备才能派生正确的 AES 密钥
- * - GCM 模式会验证认证标签，任何篡改都会导致解密失败
- * - 即使第三方获取了加密数据，也无法解密（缺少密钥）
- */
-object AesGcmUtil {
-
-    private const val ALGORITHM = "AES"
-    private const val TRANSFORMATION = "AES/GCM/NoPadding"
-    private const val IV_LENGTH = 12 // 12 bytes = 96 bits (GCM 推荐)
-    private const val TAG_LENGTH = 16 // 16 bytes = 128 bits (GCM 认证标签长度)
-    private const val GCM_TAG_LENGTH_BITS = TAG_LENGTH * 8 // 128 bits
-
-    /**
-     * 解密 AES-256-GCM 加密的数据
-     * 
-     * @param encryptedData Base64 编码的加密数据（格式：iv + ciphertext + tag）
-     * @param key AES 密钥（32字节）
-     * @return 解密后的明文（UTF-8 字符串）
-     * @throws RuntimeException 如果解密失败（密钥错误、数据被篡改等）
-     */
-    fun decrypt(encryptedData: String, key: ByteArray): String {
-        return try {
-            // 1. Base64 解码
-            val encryptedBytes = Base64.getDecoder().decode(encryptedData)
-
-            // 2. 提取 IV、密文和认证标签
-            if (encryptedBytes.size < IV_LENGTH + TAG_LENGTH) {
-                throw IllegalArgumentException("加密数据长度不足，无法提取 IV 和 Tag")
-            }
-
-            val iv = encryptedBytes.copyOfRange(0, IV_LENGTH)
-            val tag = encryptedBytes.copyOfRange(encryptedBytes.size - TAG_LENGTH, encryptedBytes.size)
-            val ciphertext = encryptedBytes.copyOfRange(IV_LENGTH, encryptedBytes.size - TAG_LENGTH)
-
-            // 3. 创建 SecretKeySpec
-            val secretKey = SecretKeySpec(key, ALGORITHM)
-
-            // 4. 创建 GCMParameterSpec（包含 IV 和认证标签长度）
-            val gcmSpec = GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv)
-
-            // 5. 初始化 Cipher 进行解密
-            val cipher = Cipher.getInstance(TRANSFORMATION)
-            cipher.init(Cipher.DECRYPT_MODE, secretKey, gcmSpec)
-
-            // 6. 执行解密（GCM 模式会自动验证认证标签）
-            // 如果认证标签验证失败，会抛出异常
-            val decryptedBytes = cipher.doFinal(ciphertext + tag)
-
-            // 7. 转换为 UTF-8 字符串
-            String(decryptedBytes, StandardCharsets.UTF_8)
-        } catch (e: javax.crypto.AEADBadTagException) {
-            logger.error(e) { "AES-GCM 认证标签验证失败，数据可能被篡改或密钥错误" }
-            throw RuntimeException("解密失败：认证标签验证失败，数据可能被篡改或密钥错误", e)
-        } catch (e: Exception) {
-            logger.error(e) { "AES-GCM 解密失败" }
-            throw RuntimeException("解密失败: ${e.message}", e)
-        }
-    }
-
-    /**
-     * 加密数据（用于测试或客户端实现参考）
-     * 
-     * @param plaintext 明文数据
-     * @param key AES 密钥（32字节）
-     * @return Base64 编码的加密数据（格式：iv + ciphertext + tag）
-     */
-    fun encrypt(plaintext: String, key: ByteArray): String {
-        return try {
-            // 1. 生成随机 IV
-            val iv = ByteArray(IV_LENGTH)
-            java.security.SecureRandom().nextBytes(iv)
-
-            // 2. 创建 SecretKeySpec
-            val secretKey = SecretKeySpec(key, ALGORITHM)
-
-            // 3. 创建 GCMParameterSpec
-            val gcmSpec = GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv)
-
-            // 4. 初始化 Cipher 进行加密
-            val cipher = Cipher.getInstance(TRANSFORMATION)
-            cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmSpec)
-
-            // 5. 执行加密
-            val plaintextBytes = plaintext.toByteArray(StandardCharsets.UTF_8)
-            val encryptedBytes = cipher.doFinal(plaintextBytes)
-
-            // 6. 组装：IV + Ciphertext + Tag
-            // GCM 模式会将认证标签附加到密文末尾
-            val ciphertext = encryptedBytes.copyOfRange(0, encryptedBytes.size - TAG_LENGTH)
-            val tag = encryptedBytes.copyOfRange(encryptedBytes.size - TAG_LENGTH, encryptedBytes.size)
-
-            val result = iv + ciphertext + tag
-
-            // 7. Base64 编码返回
-            Base64.getEncoder().encodeToString(result)
-        } catch (e: Exception) {
-            logger.error(e) { "AES-GCM 加密失败" }
-            throw RuntimeException("加密失败: ${e.message}", e)
-        }
-    }
-}
-

docs/工具箱端-授权对接指南/utils/DateUtil.kt

@@ -1,42 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import java.text.SimpleDateFormat
-import java.util.*
-
-class DateUtil {
-
-    companion object {
-        // 获取当前时间戳
-        fun getCurrentTimestamp(): Long {
-            return System.currentTimeMillis()
-        }
-
-        // 格式化日期
-        fun formatDate(date: Date, format: String = "yyyy-MM-dd HH:mm:ss"): String {
-            val sdf = SimpleDateFormat(format)
-            return sdf.format(date)
-        }
-
-        // 解析日期字符串
-        fun parseDate(dateString: String, format: String = "yyyy-MM-dd HH:mm:ss"): Date? {
-            val sdf = SimpleDateFormat(format)
-            return try {
-                sdf.parse(dateString)
-            } catch (e: Exception) {
-                null
-            }
-        }
-
-        // 计算两个日期之间的天数差
-        fun getDaysBetweenDates(date1: Date, date2: Date): Long {
-            val diff = Math.abs(date1.time - date2.time)
-            return diff / (24 * 60 * 60 * 1000)
-        }
-
-        // 获取当前时间并格式化为 yyyy-MM-dd_HH-mm-ss
-        fun getCurrentFormattedTime(format: String = "yyyy-MM-dd_HH-mm-ss"): String {
-            val sdf = SimpleDateFormat(format)
-            return sdf.format(Date())
-        }
-    }
-}

docs/工具箱端-授权对接指南/utils/DeviceSignatureUtil.kt

@@ -1,129 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.github.oshai.kotlinlogging.KotlinLogging
-import java.nio.charset.StandardCharsets
-import java.security.MessageDigest
-import java.util.*
-import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
-
-private val logger = KotlinLogging.logger {}
-
-/**
- * 设备签名工具类
- * 用于生成和验证设备报告签名
- * 
- * 签名算法：HMAC-SHA256
- * 签名数据（严格顺序）：
- *   sign_payload = taskId + inspectionId + 
- *                  SHA256(assets.json) + 
- *                  SHA256(vulnerabilities.json) + 
- *                  SHA256(weakPasswords.json) + 
- *                  SHA256(漏洞评估报告.html)
- * 
- * 安全设计说明：
- * - 使用 HMAC-SHA256 提供消息认证，防止伪造和篡改
- * - 签名包含 taskId 和 inspectionId，确保签名与特定任务绑定
- * - 包含多个报告文件的 SHA256，确保报告内容完整性
- * - 只有拥有正确 licence + fingerprint 的设备才能生成有效签名
- */
-object DeviceSignatureUtil {
-
-    private const val HMAC_ALGORITHM = "HmacSHA256"
-
-    /**
-     * 签名数据文件列表（严格顺序）
-     */
-    data class SignatureFileHashes(
-        val assetsJsonSha256: String,
-        val vulnerabilitiesJsonSha256: String,
-        val weakPasswordsJsonSha256: String,
-        val reportHtmlSha256: String
-    )
-
-    /**
-     * 生成设备签名
-     * 
-     * @param key 派生密钥（32字节）
-     * @param taskId 任务ID
-     * @param inspectionId 检查ID
-     * @param fileHashes 各个文件的 SHA256 哈希值（hex字符串）
-     * @return Base64 编码的签名
-     */
-    fun generateSignature(
-        key: ByteArray,
-        taskId: String,
-        inspectionId: Long,
-        fileHashes: SignatureFileHashes
-    ): String {
-        return try {
-            // 组装签名数据（严格顺序）：
-            // taskId + inspectionId + SHA256(assets.json) + SHA256(vulnerabilities.json) + 
-            // SHA256(weakPasswords.json) + SHA256(漏洞评估报告.html)
-            val signatureData = buildString {
-                append(taskId)
-                append(inspectionId)
-                append(fileHashes.assetsJsonSha256)
-                append(fileHashes.vulnerabilitiesJsonSha256)
-                append(fileHashes.weakPasswordsJsonSha256)
-                append(fileHashes.reportHtmlSha256)
-            }
-            val dataBytes = signatureData.toByteArray(StandardCharsets.UTF_8)
-
-            // 使用 HMAC-SHA256 计算签名
-            val mac = Mac.getInstance(HMAC_ALGORITHM)
-            val secretKey = SecretKeySpec(key, HMAC_ALGORITHM)
-            mac.init(secretKey)
-            val signatureBytes = mac.doFinal(dataBytes)
-
-            // Base64 编码返回
-            Base64.getEncoder().encodeToString(signatureBytes)
-        } catch (e: Exception) {
-            logger.error(e) { "生成设备签名失败: taskId=$taskId, inspectionId=$inspectionId" }
-            throw RuntimeException("生成设备签名失败: ${e.message}", e)
-        }
-    }
-
-    /**
-     * 验证设备签名
-     * 
-     * @param key 派生密钥（32字节）
-     * @param taskId 任务ID
-     * @param inspectionId 检查ID
-     * @param fileHashes 各个文件的 SHA256 哈希值（hex字符串）
-     * @param expectedSignature Base64 编码的期望签名
-     * @return true 如果签名匹配，false 否则
-     */
-    fun verifySignature(
-        key: ByteArray,
-        taskId: String,
-        inspectionId: Long,
-        fileHashes: SignatureFileHashes,
-        expectedSignature: String
-    ): Boolean {
-        return try {
-            val calculatedSignature = generateSignature(key, taskId, inspectionId, fileHashes)
-            // 使用时间安全的比较，防止时序攻击
-            MessageDigest.isEqual(
-                Base64.getDecoder().decode(expectedSignature),
-                Base64.getDecoder().decode(calculatedSignature)
-            )
-        } catch (e: Exception) {
-            logger.error(e) { "验证设备签名失败: taskId=$taskId, inspectionId=$inspectionId" }
-            false
-        }
-    }
-
-    /**
-     * 计算文件的 SHA256 哈希值（hex字符串）
-     * 
-     * @param fileContent 文件内容
-     * @return SHA256 哈希值的 hex 字符串
-     */
-    fun calculateSha256(fileContent: ByteArray): String {
-        val digest = MessageDigest.getInstance("SHA-256")
-        val hashBytes = digest.digest(fileContent)
-        return hashBytes.joinToString("") { "%02x".format(it) }
-    }
-}
-

docs/工具箱端-授权对接指南/utils/DistributedIdUtil.kt

@@ -1,12 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-object DistributedIdUtil {
-    fun generateId(platformId: Long, localId: Long): Long {
-        require(platformId in 0..0xFFFF) { "platformId must be 0-65535" }
-        val safeLocalId = localId and 0xFFFFFFFFFFFF
-        return (platformId shl 48) or safeLocalId
-    }
-
-    fun parsePlatform(id: Long): Long = id ushr 48
-    fun parseLocal(id: Long): Long = id and 0xFFFFFFFFFFFF
-}

docs/工具箱端-授权对接指南/utils/HashUtil.kt

@@ -1,18 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import java.io.InputStream
-import java.security.MessageDigest
-
-object HashUtil {
-    fun calculateFileHash(inputStream: InputStream): String {
-        val digest = MessageDigest.getInstance("SHA-256")
-        val buffer = ByteArray(8192)
-        var bytesRead: Int
-
-        while (inputStream.read(buffer).also { bytesRead = it } != -1) {
-            digest.update(buffer, 0, bytesRead)
-        }
-
-        return digest.digest().joinToString("") { "%02x".format(it) }
-    }
-}

docs/工具箱端-授权对接指南/utils/HkdfUtil.kt

@@ -1,66 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.github.oshai.kotlinlogging.KotlinLogging
-import org.bouncycastle.crypto.digests.SHA256Digest
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator
-import org.bouncycastle.crypto.params.HKDFParameters
-import java.nio.charset.StandardCharsets
-
-private val logger = KotlinLogging.logger {}
-
-/**
- * HKDF (HMAC-based Key Derivation Function) 工具类
- * 用于从 licence + fingerprint 派生设备签名密钥
- * 
- * 安全设计说明：
- * - 使用 HKDF 而非直接哈希，提供更好的密钥分离和扩展性
- * - Salt 固定为 "AUTH_V3_SALT"，确保同一输入产生相同密钥
- * - Info 参数用于区分不同用途的密钥派生（device_report_signature）
- * - 输出长度 32 字节（256位），适用于 HMAC-SHA256
- */
-object HkdfUtil {
-
-    private const val SALT = "AUTH_V3_SALT"
-    private const val INFO = "device_report_signature"
-    private const val KEY_LENGTH = 32 // 32 bytes = 256 bits
-
-    /**
-     * 使用 HKDF 派生密钥（使用默认 salt 和 info）
-     * 
-     * @param input 输入密钥材料（licence + fingerprint）
-     * @return 派生出的密钥（32字节）
-     */
-    fun deriveKey(input: String): ByteArray {
-        return deriveKey(input, SALT, INFO)
-    }
-
-    /**
-     * 使用 HKDF 派生密钥（支持自定义 salt 和 info）
-     * 
-     * @param input 输入密钥材料（licence + fingerprint）
-     * @param salt Salt 值（用于密钥派生）
-     * @param info Info 值（用于区分不同用途的密钥）
-     * @param keyLength 输出密钥长度（默认32字节）
-     * @return 派生出的密钥
-     */
-    fun deriveKey(input: String, salt: String, info: String, keyLength: Int = KEY_LENGTH): ByteArray {
-        return try {
-            val inputBytes = input.toByteArray(StandardCharsets.UTF_8)
-            val saltBytes = salt.toByteArray(StandardCharsets.UTF_8)
-            val infoBytes = info.toByteArray(StandardCharsets.UTF_8)
-
-            val hkdf = HKDFBytesGenerator(SHA256Digest())
-            val params = HKDFParameters(inputBytes, saltBytes, infoBytes)
-            hkdf.init(params)
-
-            val derivedKey = ByteArray(keyLength)
-            hkdf.generateBytes(derivedKey, 0, keyLength)
-
-            derivedKey
-        } catch (e: Exception) {
-            logger.error(e) { "HKDF 密钥派生失败: input=$input, salt=$salt, info=$info" }
-            throw RuntimeException("HKDF 密钥派生失败: ${e.message}", e)
-        }
-    }
-}
-

docs/工具箱端-授权对接指南/utils/JwtUtil.kt

@@ -1,50 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
-import io.jsonwebtoken.security.Keys
-import org.springframework.beans.factory.annotation.Value
-import org.springframework.stereotype.Component
-import java.time.LocalDateTime
-import java.time.ZoneId
-import java.util.*
-import javax.crypto.SecretKey
-
-@Component
-class JwtUtil(
-    @Value("\${jwt.secret}")
-    private val secretKey: String
-) {
-
-
-    // 生成签名 Key（HS256）
-    private val signingKey: SecretKey = Keys.hmacShaKeyFor(Base64.getDecoder().decode(secretKey))
-
-    /**
-     * 生成 Token
-     * */
-    fun generateToken(subject: String, claims: Map<String, Any> = emptyMap(), expireDays: Long = 7): String {
-        val now = LocalDateTime.now()
-        val expiration = now.plusDays(expireDays)
-
-        return Jwts.builder()
-            .setSubject(subject)
-            .setClaims(claims)
-            .setIssuedAt(Date.from(now.atZone(ZoneId.systemDefault()).toInstant()))
-            .setExpiration(Date.from(expiration.atZone(ZoneId.systemDefault()).toInstant()))
-            .signWith(signingKey, SignatureAlgorithm.HS256)
-            .compact()
-    }
-
-
-    /**
-     * 解析 Token 获取 Claims
-     */
-    fun parseToken(token: String): Map<String, Any> {
-        return Jwts.parserBuilder()
-            .setSigningKey(signingKey)
-            .build()
-            .parseClaimsJws(token)
-            .body
-    }
-}

docs/工具箱端-授权对接指南/utils/RegionUtil.kt

@@ -1,22 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import kotlin.text.substring
-
-object RegionUtil {
-    fun getLevel(code: String?): String {
-        if (code == null || code.length != 6) {
-            return "无效编码"
-        }
-
-        val province = code.substring(0, 2)
-        val city = code.substring(2, 4)
-        val county = code.substring(4, 6)
-
-        return when {
-            city == "00" && county == "00" -> "province"
-            city != "00" && county == "00" -> "city"
-            county != "00" -> "county"
-            else -> "未知级别"
-        }
-    }
-}

docs/工具箱端-授权对接指南/utils/RsaOaepDecryptionUtil.kt

@@ -1,115 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.github.oshai.kotlinlogging.KotlinLogging
-import org.springframework.beans.factory.annotation.Value
-import org.springframework.stereotype.Component
-import java.nio.charset.StandardCharsets
-import java.security.KeyFactory
-import java.security.PublicKey
-import java.security.spec.PKCS8EncodedKeySpec
-import java.security.spec.X509EncodedKeySpec
-import java.util.*
-import javax.crypto.Cipher
-
-private val logger = KotlinLogging.logger {}
-
-/**
- * RSA-OAEP 解密工具类
- * 用于设备身份首次绑定时解密设备信息
- * 
- * 使用场景：设备使用平台的公钥加密数据，平台使用私钥解密
- */
-@Component
-class RsaOaepDecryptionUtil(
-    @Value("\${device.encrypt.privateKey:}")
-    private val privateKeyBase64: String
-) {
-
-    private val keyFactory = KeyFactory.getInstance("RSA")
-    private val cipherAlgorithm = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
-    
-    // 缓存私钥，避免每次解密都重新加载
-    private val privateKey by lazy {
-        if (privateKeyBase64.isBlank()) {
-            throw IllegalStateException("RSA私钥未配置，无法解密设备信息")
-        }
-        val privateKeyBytes = Base64.getDecoder().decode(privateKeyBase64)
-        val keySpec = PKCS8EncodedKeySpec(privateKeyBytes)
-        keyFactory.generatePrivate(keySpec)
-    }
-
-    init {
-        if (privateKeyBase64.isBlank()) {
-            logger.warn { "RSA私钥未配置，设备授权解密功能可能无法使用" }
-        }
-    }
-
-    /**
-     * 使用RSA-OAEP解密设备信息
-     * @param encryptedData Base64编码的加密数据
-     * @return 解密后的JSON字符串
-     */
-    fun decrypt(encryptedData: String): String {
-        if (privateKeyBase64.isBlank()) {
-            throw IllegalStateException("RSA私钥未配置，无法解密设备信息")
-        }
-
-        return try {
-            // 创建新的Cipher实例（Cipher不是线程安全的）
-            val cipher = Cipher.getInstance(cipherAlgorithm)
-            
-            // 初始化解密器
-            cipher.init(Cipher.DECRYPT_MODE, privateKey)
-
-            // Base64解码加密数据
-            val encryptedBytes = Base64.getDecoder().decode(encryptedData)
-
-            // 解密数据
-            val decryptedBytes = cipher.doFinal(encryptedBytes)
-
-            // 返回解密后的字符串
-            String(decryptedBytes, StandardCharsets.UTF_8)
-        } catch (e: Exception) {
-            logger.error(e) { "RSA-OAEP解密设备信息失败" }
-            throw RuntimeException("RSA-OAEP解密设备信息失败: ${e.message}", e)
-        }
-    }
-
-
-    /**
-     * 使用平台公钥加密数据
-     *
-     * @param plainText 原始JSON字符串（设备信息）
-     * @param publicKeyBase64 平台公钥（Base64）
-     * @return Base64编码的密文
-     */
-    fun  encrypt1(
-        plainText: String,
-        publicKeyBase64: String
-    ): String {
-        try {
-            val publicKey = loadPublicKey(publicKeyBase64)
-
-            val cipher = Cipher.getInstance(cipherAlgorithm)
-            cipher.init(Cipher.ENCRYPT_MODE, publicKey)
-
-            val encryptedBytes = cipher.doFinal(
-                plainText.toByteArray(StandardCharsets.UTF_8)
-            )
-
-            return Base64.getEncoder().encodeToString(encryptedBytes)
-        } catch (e: Exception) {
-            logger.error(e) { "RSA-OAEP 加密失败" }
-            throw RuntimeException("RSA-OAEP 加密失败: ${e.message}", e)
-        }
-    }
-
-    private fun loadPublicKey(base64Key: String): PublicKey {
-        val keyBytes = Base64.getDecoder().decode(base64Key)
-        val keySpec = X509EncodedKeySpec(keyBytes)
-        return keyFactory.generatePublic(keySpec)
-    }
-
-}
-
-

docs/工具箱端-授权对接指南/utils/RsaOaepDecryptionUtilV2.kt

@@ -1,103 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import java.nio.charset.StandardCharsets
-import java.security.KeyFactory
-import java.security.KeyPairGenerator
-import java.security.PublicKey
-import java.security.spec.PKCS8EncodedKeySpec
-import java.security.spec.X509EncodedKeySpec
-import java.util.*
-import javax.crypto.Cipher
-
-
-object RsaOaepCryptoUtil {
-
-    private const val cipherAlgorithm =
-        "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
-
-    private val keyFactory = KeyFactory.getInstance("RSA")
-
-    fun encrypt(
-        plainText: String,
-        publicKeyBase64: String
-    ): String {
-        val publicKey = loadPublicKey(publicKeyBase64)
-
-        val cipher = Cipher.getInstance(cipherAlgorithm)
-        cipher.init(Cipher.ENCRYPT_MODE, publicKey)
-
-        val encryptedBytes = cipher.doFinal(
-            plainText.toByteArray(StandardCharsets.UTF_8)
-        )
-        return Base64.getEncoder().encodeToString(encryptedBytes)
-    }
-
-    fun decrypt(
-        encryptedData: String,
-        privateKeyBase64: String
-    ): String {
-        val privateKeyBytes = Base64.getDecoder().decode(privateKeyBase64)
-        val keySpec = PKCS8EncodedKeySpec(privateKeyBytes)
-        val privateKey = keyFactory.generatePrivate(keySpec)
-
-        val cipher = Cipher.getInstance(cipherAlgorithm)
-        cipher.init(Cipher.DECRYPT_MODE, privateKey)
-
-        val decryptedBytes = cipher.doFinal(
-            Base64.getDecoder().decode(encryptedData)
-        )
-        return String(decryptedBytes, StandardCharsets.UTF_8)
-    }
-
-    private fun loadPublicKey(base64Key: String): PublicKey {
-        val keyBytes = Base64.getDecoder().decode(base64Key)
-        val keySpec = X509EncodedKeySpec(keyBytes)
-        return keyFactory.generatePublic(keySpec)
-    }
-}
-
-
-object Test {
-    @JvmStatic
-    fun main(args: Array<String>) {
-        val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
-        keyPairGenerator.initialize(2048)
-        val keyPair = keyPairGenerator.generateKeyPair()
-
-//        val publicKey = Base64.getEncoder().encodeToString(keyPair.public.encoded)
-//        val privateKey = Base64.getEncoder().encodeToString(keyPair.private.encoded)
-
-        val publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB"
-        val privateKey = "MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDMOVm8wNVov5+OXTkeLXzYk4BQBo3iCH2s4X7U2Ep87gnp7QcvLyUG7KWncDjGhOLJR6M2bbaHR2oCANI+dj/FlHvo84VMPWygevYtoUI3wkBtD3o/yATvAL2qmhOyxW8hVEftBtV3brQnp4PRLPBzH1yDn3VFI3r2kyl7khVGLxP30eGqXr/Cdkc5E+vXx4RIs5j3eNGyQvNzSrXyvrxFGhMmJB/71gLy5vmIqnusKNWc+LVRshiZeYvTy2TmaSxgDQ2pZABrWh8rHH/21C0H25OOFPG5O73hdT2OUZTzupodmz6SmprwIBthgkVtI/XEfChnOlTaOnDZoXbYcFjHAgMBAAECggEBAKUDagjj3wwmWWwU00QZCRmOBU2kHhyXM8Tu5yZgJb/QLt5/ESEE/OwdZrRmLtnpIb31TmF6QNQJ1hQMSdUCgwDIu1489mXl89GvyR6RgAnBwYDd0q+alLHxbU9d87CtauAJU5ynuvAn2RV5ez8XCqpamswXmg/lXUPDIO+h1+K+UJPwYFhzHL3WpZQXHofcSUCRn0JONbz7c9OwVFYe0v1g18wwAvIAsEEimcnXFZaIJ/md2md0Jk4+LOFUsbgCM5skNTooXarDiHGCRFMJXxvYpavC6hhhcWfh3K2ydHMhFdF70ZOs169ShDtYq4i/hkaZ+p7kFVo8Z6oxVUpC8IECgYEA+OQxfc2iGMD9uus/r1yjUx0kdhYKik202tE53C4ikAn490+Lb8qcY/kykFj721MHBc73ijq/ZNU21JxyMx4T1jbdvl+5Kv9EUFAQmsJuTSudC1Dud3MlUgYEtVUhau2WOexUIRyCda6V4NUYkJG4vLRyMloPprF3xThmJRgG9qcCgYEA0g6QrU1e/DjADSpymRfqoOX4ASp7G++CRHTB2NZvA6ZxnWoEX59TO3mW4z4fgJkIwevkPUA9nfO2bRQWph+aom5qAczsPmZ2OpR9cjel63AIV1AboUV2Gr/H4IfHs7qGX7JWmW1SnZyvvGuI5MdBHEcysJO+L5V1OVyFRzvj8OECgYAO21A4+jVa1OpQZgp/JUB6jZrHkbk/WDQbe7HAeuCFSJMb8BuaqLV9IjrqcuVVyjb5Gcmc7rTOCAwl1NDcTEdS2iOSYZRkBKjHQoA7PK/o21mce1BAwRbRNprBWDuObnAxNPIwp8sBy1IXAaFdv9UPLpZCey3D/YPwudUfEbgYsQKBgQCZax3sFYh8ew56Dzin7Dnnzk72uwozexkP2p8COovWhKiSqi4LkRh/Zez4iBUGHb+xsxJ+Uf8u8CObQ4LPTmHopPAz5HHfmYJcgrukwlQiwy60ZsPnZA5AtzXLHiCTenZOSrjJUnl2uEv6OChBv+4kMzQol5/erTBy9so5Htr6wQKBgQC3apeFD/x+0FjABleVITzGyAWj/Kxl/OOiL4dQAYW49wVD/j0ujG3CvbK0GHZFwy/Ju+pWlHISbiZiKYko/4GBtp+JwxG9fFmbHdl4BZSTwfQMYdNq8hN+0hBfWwcceIhbEZcFLIvG/ZhkcT3yh874XRn1A5V/AR8W9YFH1EWYwQ=="
-
-//        val plainText = "{\n" +
-//                "    \"taskId\": 723047797139586052,\n" +
-//                "    \"licence\": \"LIC-8F2A-XXXX\",\n" +
-//                "    \"fingerprint\": \"FP-2c91e9f3\",\n" +
-//                "    \"enterpriseId\": \"1173040813421105152\",\n" +
-//                "    \"inspectionId\": \"702286470691215417\",\n" +
-//                "    \"summary\": \"1\"\n" +
-//                "}"
-
-        val plainText = "{\n" +
-                "    \"licence\": \"lic-1234567890\",\n" +
-                "    \"fingerprint\": \"e19c60d21c544c1118e3b633eae1bb935e2762ebddbc671b60b8b61c65c05d1c\"\n" +
-                "}"
-
-        val encryptedText =
-            RsaOaepCryptoUtil.encrypt(plainText, publicKey)
-
-        val decryptedText =
-            RsaOaepCryptoUtil.decrypt(encryptedText, privateKey)
-
-        println("Plain Text: $plainText")
-
-        println("Public Key: $publicKey")
-        println("Private Key: $privateKey")
-
-
-        println("Encrypted: $encryptedText")
-        println("Decrypted: $decryptedText")
-    }
-}
-

docs/工具箱端-授权对接指南/utils/TaskEncryptionUtil.kt

@@ -1,120 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import io.github.oshai.kotlinlogging.KotlinLogging
-import java.nio.charset.StandardCharsets
-import java.security.MessageDigest
-import java.security.SecureRandom
-import java.util.*
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-private val logger = KotlinLogging.logger {}
-
-/**
- * 任务加密工具类
- * 使用 licence + fingerprint 作为密钥对任务数据进行 AES-256-GCM 对称加密
- * 
- * GCM 模式提供认证加密，比 ECB 模式更安全
- * 加密数据格式：IV(12字节) + 加密数据 + 认证标签(16字节)
- */
-object TaskEncryptionUtil {
-
-    private const val ALGORITHM = "AES"
-    private const val TRANSFORMATION = "AES/GCM/NoPadding"
-    private const val GCM_IV_LENGTH = 12 // GCM 推荐使用 12 字节 IV
-    private const val GCM_TAG_LENGTH = 16 // GCM 认证标签长度（128位）
-    private const val KEY_LENGTH = 32 // AES-256 密钥长度（256位 = 32字节）
-
-    private val secureRandom = SecureRandom()
-
-    /**
-     * 使用 licence + fingerprint 加密任务数据（AES-256-GCM）
-     * @param data 待加密的数据（JSON字符串）
-     * @param licence 授权码
-     * @param fingerprint 硬件指纹
-     * @return Base64编码的加密数据（包含IV + 加密数据 + 认证标签）
-     */
-    fun encrypt(data: String, licence: String, fingerprint: String): String {
-        return try {
-            // 使用 licence + fingerprint 生成密钥
-            val key = generateKey(licence, fingerprint)
-            
-            // 生成随机 IV（12字节）
-            val iv = ByteArray(GCM_IV_LENGTH)
-            secureRandom.nextBytes(iv)
-            
-            // 创建加密器
-            val cipher = Cipher.getInstance(TRANSFORMATION)
-            val parameterSpec = GCMParameterSpec(GCM_TAG_LENGTH * 8, iv) // 标签长度以位为单位
-            cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec)
-            
-            // 加密数据
-            val encryptedBytes = cipher.doFinal(data.toByteArray(StandardCharsets.UTF_8))
-            
-            // 组合：IV + 加密数据（包含认证标签）
-            val combined = ByteArray(iv.size + encryptedBytes.size)
-            System.arraycopy(iv, 0, combined, 0, iv.size)
-            System.arraycopy(encryptedBytes, 0, combined, iv.size, encryptedBytes.size)
-            
-            // 返回 Base64 编码的加密数据
-            Base64.getEncoder().encodeToString(combined)
-        } catch (e: Exception) {
-            logger.error(e) { "AES-256-GCM加密任务数据失败" }
-            throw RuntimeException("加密任务数据失败: ${e.message}", e)
-        }
-    }
-
-    /**
-     * 使用 licence + fingerprint 解密任务数据（AES-256-GCM）
-     * @param encryptedData Base64编码的加密数据（包含IV + 加密数据 + 认证标签）
-     * @param licence 授权码
-     * @param fingerprint 硬件指纹
-     * @return 解密后的数据（JSON字符串）
-     */
-    fun decrypt(encryptedData: String, licence: String, fingerprint: String): String {
-        return try {
-            // 使用 licence + fingerprint 生成密钥
-            val key = generateKey(licence, fingerprint)
-            
-            // Base64 解码
-            val combined = Base64.getDecoder().decode(encryptedData)
-            
-            // 分离 IV 和加密数据
-            if (combined.size < GCM_IV_LENGTH) {
-                throw IllegalArgumentException("加密数据格式错误：数据长度不足")
-            }
-            
-            val iv = combined.sliceArray(0 until GCM_IV_LENGTH)
-            val cipherText = combined.sliceArray(GCM_IV_LENGTH until combined.size)
-            
-            // 创建解密器
-            val cipher = Cipher.getInstance(TRANSFORMATION)
-            val parameterSpec = GCMParameterSpec(GCM_TAG_LENGTH * 8, iv)
-            cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec)
-            
-            // 解密数据（GCM 会自动验证认证标签）
-            val decryptedBytes = cipher.doFinal(cipherText)
-            
-            // 返回解密后的字符串
-            String(decryptedBytes, StandardCharsets.UTF_8)
-        } catch (e: Exception) {
-            logger.error(e) { "AES-256-GCM解密任务数据失败" }
-            throw RuntimeException("解密任务数据失败: ${e.message}", e)
-        }
-    }
-
-    /**
-     * 使用 licence + fingerprint 生成 AES-256 密钥（256位 = 32字节）
-     * 使用 SHA-256 哈希的全部32字节作为密钥
-     */
-    private fun generateKey(licence: String, fingerprint: String): SecretKeySpec {
-        val combined = "$licence$fingerprint"
-        val digest = MessageDigest.getInstance("SHA-256")
-        val hash = digest.digest(combined.toByteArray(StandardCharsets.UTF_8))
-        
-        // 使用全部32字节作为 AES-256 密钥
-        return SecretKeySpec(hash, ALGORITHM)
-    }
-}
-

docs/工具箱端-授权对接指南/utils/ZipVerifierUtil.kt

@@ -1,134 +0,0 @@
-package top.tangyh.lamp.filing.utils
-
-import com.fasterxml.jackson.databind.ObjectMapper
-import io.github.oshai.kotlinlogging.KotlinLogging
-import org.bouncycastle.openpgp.*
-import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider
-import java.io.ByteArrayInputStream
-import java.io.InputStream
-import java.security.MessageDigest
-import java.security.Security
-import java.util.zip.ZipFile
-
-object ZipVerifierUtil {
-
-    private val logger = KotlinLogging.logger {}
-
-//    @JvmStatic
-//    fun main(args: Array<String>) {
-//        verifyZip("signed.zip", "public.key")
-//    }
-
-    /**
-     * 验证 ZIP 文件
-     */
-    @Throws(Exception::class)
-    fun verifyZip(zipPath: String, pubkeyContent: String):Boolean {
-
-            println(Security.getProviders().joinToString { it.name })
-            val publicKey = readPublicKey(
-                ByteArrayInputStream(pubkeyContent.toByteArray())
-            )
-
-            val zip = ZipFile(zipPath)
-
-            // 1. 读取 manifest.json
-            val manifestEntry = zip.getEntry("META-INF/manifest.json")
-                ?: throw RuntimeException("manifest.json is missing!")
-            val manifestJson = zip.getInputStream(manifestEntry).readAllBytes().toString(Charsets.UTF_8)
-
-            // 2. 读取 signature.asc
-            val sigEntry = zip.getEntry("META-INF/signature.asc")
-                ?: throw RuntimeException("signature.asc is missing!")
-            val signature = zip.getInputStream(sigEntry).readAllBytes()
-
-            // 3. 使用 OpenPGP 验证签名
-            val ok = verifyDetachedSignature(publicKey, manifestJson.toByteArray(), signature)
-            if (!ok) throw RuntimeException("PGP signature invalid!")
-
-            // 4. 校验 manifest 里每个文件的 SHA-256
-            val mapper = ObjectMapper()
-            val manifest = mapper.readValue(manifestJson, Map::class.java)
-            val files = manifest["files"] as? Map<String, String>
-                ?: throw RuntimeException("Invalid manifest.json: missing 'files'")
-
-            for ((name, expectedHash) in files) {
-                val entry = zip.getEntry(name)
-                    ?: throw RuntimeException("文件不存在: $name")
-
-                val data = zip.getInputStream(entry).readAllBytes()
-                val hash = sha256Hex(data)
-
-                if (!hash.equals(expectedHash, ignoreCase = true)) {
-                    throw RuntimeException("Hash mismatch: $name")
-                }
-            }
-        return true
-    }
-
-    @Throws(Exception::class)
-    private fun sha256Hex(data: ByteArray): String {
-        val md = MessageDigest.getInstance("SHA-256")
-        return bytesToHex(md.digest(data))
-    }
-
-    private fun bytesToHex(bytes: ByteArray): String {
-        return bytes.joinToString("") { "%02x".format(it) }
-    }
-
-    @Throws(Exception::class)
-    private fun readPublicKey(keyIn: InputStream): PGPPublicKey {
-        val keyRings = PGPPublicKeyRingCollection(
-            PGPUtil.getDecoderStream(keyIn),
-            JcaKeyFingerprintCalculator()
-        )
-
-        for (keyRing in keyRings) {
-            for (key in keyRing) {
-                if (key.isEncryptionKey || key.isMasterKey) {
-                    return key
-                }
-            }
-        }
-
-        throw IllegalArgumentException("Can't find public key")
-    }
-
-    @Throws(Exception::class)
-    private fun verifyDetachedSignature(
-        key: PGPPublicKey,
-        data: ByteArray,
-        sigBytes: ByteArray
-    ): Boolean {
-
-        val decoder = PGPUtil.getDecoderStream(ByteArrayInputStream(sigBytes))
-        val factory = PGPObjectFactory(decoder, JcaKeyFingerprintCalculator())
-
-        val message = factory.nextObject()
-            ?: throw IllegalArgumentException("Invalid signature file")
-
-        val sigList = when (message) {
-            is PGPSignatureList -> message
-            is PGPCompressedData -> {
-                val compressedFactory = PGPObjectFactory(
-                    message.dataStream,
-                    JcaKeyFingerprintCalculator()
-                )
-                val compressedObj = compressedFactory.nextObject()
-                compressedObj as? PGPSignatureList
-                    ?: throw IllegalArgumentException("Invalid PGP signature (not signature list)")
-            }
-            else ->
-                throw IllegalArgumentException("Unsupported PGP signature format: ${message::class.java}")
-        }
-
-        val sig = sigList[0]
-
-        sig.init(JcaPGPContentVerifierBuilderProvider().setProvider("BC"), key)
-        sig.update(data)
-
-        return sig.verify()
-    }
-
-}

docs/工具箱端-授权对接指南/工具箱端-任务二维码解密指南.md

@@ -1,644 +0,0 @@
-# 工具箱端 - 任务二维码解密指南
-
-## 概述
-
-本文档说明工具箱端如何解密任务二维码数据。App 创建任务后，平台会生成加密的任务数据并返回给 App，App 将其生成二维码。工具箱扫描二维码后，需要使用自己的 `licence` 和 `fingerprint` 解密任务数据。
-
-> ### UX 集成模式补充（当前项目实现）
->
-> 在当前集成模式中，工具箱扫描二维码后将密文提交给 UX 的 `crypto.decryptTask`。
-> UX 从本地配置读取 licence/fingerprint 执行底层解密并返回明文字符串。
-
-## 一、业务流程
-
-```
-App创建任务 → 平台加密任务数据 → 返回加密数据 → App生成二维码
-                                                      ↓
-工具箱扫描二维码 → 提取加密数据 → AES-256-GCM解密 → 获取任务信息
-```
-
-## 二、任务数据结构
-
-### 2.1 任务数据 JSON 格式
-
-解密后的任务数据为 JSON 格式，包含以下字段：
-
-```json
-{
-  "taskId": "TASK-20260115-4875",
-  "enterpriseId": "1173040813421105152",
-  "orgName": "超艺科技有限公司",
-  "inspectionId": "702286470691215417",
-  "inspectionPerson": "警务通",
-  "issuedAt": 1734571234567
-}
-```
-
-### 2.2 字段说明
-
-| 字段名 | 类型 | 说明 | 示例 |
-|--------|------|------|------|
-| `taskId` | String | 任务唯一ID（格式：TASK-YYYYMMDD-XXXX） | `"TASK-20260115-4875"` |
-| `enterpriseId` | String | 企业ID | `"1173040813421105152"` |
-| `orgName` | String | 单位名称 | `"超艺科技有限公司"` |
-| `inspectionId` | String | 检查ID | `"702286470691215417"` |
-| `inspectionPerson` | String | 检查人 | `"警务通"` |
-| `issuedAt` | Number | 任务发布时间戳（毫秒） | `1734571234567` |
-
-## 三、加密算法说明
-
-### 3.1 加密方式
-
-- **算法**：AES-256-GCM（Galois/Counter Mode）
-- **密钥长度**：256 位（32 字节）
-- **IV 长度**：12 字节（96 位）
-- **认证标签长度**：16 字节（128 位）
-
-### 3.2 密钥生成
-
-密钥由工具箱的 `licence` 和 `fingerprint` 生成：
-
-```
-密钥 = SHA-256(licence + fingerprint)
-```
-
-**重要说明**：
-- `licence` 和 `fingerprint` 直接字符串拼接（无分隔符）
-- 使用 SHA-256 哈希算法的全部 32 字节作为 AES-256 密钥
-- 工具箱必须使用与平台绑定时相同的 `licence` 和 `fingerprint`
-
-### 3.3 加密数据格式
-
-加密后的数据格式（Base64 编码前）：
-
-```
-[IV(12字节)] + [加密数据] + [认证标签(16字节)]
-```
-
-**数据布局**：
-```
-+------------------+------------------+------------------+
-|   IV (12字节)    |   加密数据       |   认证标签(16字节)|
-+------------------+------------------+------------------+
-```
-
-## 四、解密步骤
-
-### 4.1 解密流程
-
-1. **扫描二维码**：获取 Base64 编码的加密数据
-2. **Base64 解码**：将 Base64 字符串解码为字节数组
-3. **分离数据**：从字节数组中分离 IV、加密数据和认证标签
-4. **生成密钥**：使用 `licence + fingerprint` 生成 AES-256 密钥
-5. **解密数据**：使用 AES-256-GCM 解密（自动验证认证标签）
-6. **解析 JSON**：将解密后的字符串解析为 JSON 对象
-
-### 4.2 Python 实现示例
-
-```python
-import base64
-import json
-import hashlib
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-from cryptography.hazmat.backends import default_backend
-
-def decrypt_task_data(
-    encrypted_data_base64: str,
-    licence: str,
-    fingerprint: str
-) -> dict:
-    """
-    解密任务二维码数据
-    
-    Args:
-        encrypted_data_base64: Base64编码的加密数据
-        licence: 设备授权码
-        fingerprint: 设备硬件指纹
-    
-    Returns:
-        解密后的任务数据（字典）
-    """
-    # 1. Base64 解码
-    encrypted_bytes = base64.b64decode(encrypted_data_base64)
-    
-    # 2. 分离 IV 和加密数据（包含认证标签）
-    if len(encrypted_bytes) < 12:
-        raise ValueError("加密数据格式错误：数据长度不足")
-    
-    iv = encrypted_bytes[:12]  # IV: 前12字节
-    ciphertext_with_tag = encrypted_bytes[12:]  # 加密数据 + 认证标签
-    
-    # 3. 生成密钥：SHA-256(licence + fingerprint)
-    combined = licence + fingerprint
-    key = hashlib.sha256(combined.encode('utf-8')).digest()
-    
-    # 4. 使用 AES-256-GCM 解密
-    aesgcm = AESGCM(key)
-    decrypted_bytes = aesgcm.decrypt(iv, ciphertext_with_tag, None)
-    
-    # 5. 解析 JSON
-    decrypted_json = decrypted_bytes.decode('utf-8')
-    task_data = json.loads(decrypted_json)
-    
-    return task_data
-
-# 使用示例
-if __name__ == "__main__":
-    # 从二维码扫描获取的加密数据
-    encrypted_data = "Base64编码的加密数据..."
-    
-    # 工具箱的授权信息（必须与平台绑定时一致）
-    licence = "LIC-8F2A-XXXX"
-    fingerprint = "FP-2c91e9f3"
-    
-    # 解密任务数据
-    task_data = decrypt_task_data(encrypted_data, licence, fingerprint)
-    
-    print("任务ID:", task_data["taskId"])
-    print("企业ID:", task_data["enterpriseId"])
-    print("单位名称:", task_data["orgName"])
-    print("检查ID:", task_data["inspectionId"])
-    print("检查人:", task_data["inspectionPerson"])
-    print("发布时间:", task_data["issuedAt"])
-```
-
-### 4.3 Java/Kotlin 实现示例
-
-```kotlin
-import com.fasterxml.jackson.databind.ObjectMapper
-import java.nio.charset.StandardCharsets
-import java.security.MessageDigest
-import java.util.Base64
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-object TaskDecryptionUtil {
-    
-    private const val ALGORITHM = "AES"
-    private const val TRANSFORMATION = "AES/GCM/NoPadding"
-    private const val GCM_IV_LENGTH = 12 // GCM 推荐使用 12 字节 IV
-    private const val GCM_TAG_LENGTH = 16 // GCM 认证标签长度（128位）
-    private const val KEY_LENGTH = 32 // AES-256 密钥长度（256位 = 32字节）
-    
-    private val objectMapper = ObjectMapper()
-    
-    /**
-     * 解密任务二维码数据
-     * 
-     * @param encryptedDataBase64 Base64编码的加密数据
-     * @param licence 设备授权码
-     * @param fingerprint 设备硬件指纹
-     * @return 解密后的任务数据（Map）
-     */
-    fun decryptTaskData(
-        encryptedDataBase64: String,
-        licence: String,
-        fingerprint: String
-    ): Map<String, Any> {
-        // 1. Base64 解码
-        val encryptedBytes = Base64.getDecoder().decode(encryptedDataBase64)
-        
-        // 2. 分离 IV 和加密数据（包含认证标签）
-        if (encryptedBytes.size < GCM_IV_LENGTH) {
-            throw IllegalArgumentException("加密数据格式错误：数据长度不足")
-        }
-        
-        val iv = encryptedBytes.sliceArray(0 until GCM_IV_LENGTH)
-        val ciphertextWithTag = encryptedBytes.sliceArray(GCM_IV_LENGTH until encryptedBytes.size)
-        
-        // 3. 生成密钥：SHA-256(licence + fingerprint)
-        val combined = "$licence$fingerprint"
-        val digest = MessageDigest.getInstance("SHA-256")
-        val keyBytes = digest.digest(combined.toByteArray(StandardCharsets.UTF_8))
-        val key = SecretKeySpec(keyBytes, ALGORITHM)
-        
-        // 4. 使用 AES-256-GCM 解密
-        val cipher = Cipher.getInstance(TRANSFORMATION)
-        val parameterSpec = GCMParameterSpec(GCM_TAG_LENGTH * 8, iv) // 标签长度以位为单位
-        cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec)
-        
-        // 解密数据（GCM 会自动验证认证标签）
-        val decryptedBytes = cipher.doFinal(ciphertextWithTag)
-        
-        // 5. 解析 JSON
-        val decryptedJson = String(decryptedBytes, StandardCharsets.UTF_8)
-        @Suppress("UNCHECKED_CAST")
-        return objectMapper.readValue(decryptedJson, Map::class.java) as Map<String, Any>
-    }
-}
-
-// 使用示例
-fun main() {
-    // 从二维码扫描获取的加密数据
-    val encryptedData = "Base64编码的加密数据..."
-    
-    // 工具箱的授权信息（必须与平台绑定时一致）
-    val licence = "LIC-8F2A-XXXX"
-    val fingerprint = "FP-2c91e9f3"
-    
-    // 解密任务数据
-    val taskData = TaskDecryptionUtil.decryptTaskData(encryptedData, licence, fingerprint)
-    
-    println("任务ID: ${taskData["taskId"]}")
-    println("企业ID: ${taskData["enterpriseId"]}")
-    println("单位名称: ${taskData["orgName"]}")
-    println("检查ID: ${taskData["inspectionId"]}")
-    println("检查人: ${taskData["inspectionPerson"]}")
-    println("发布时间: ${taskData["issuedAt"]}")
-}
-```
-
-### 4.4 C# 实现示例
-
-```csharp
-using System;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-
-public class TaskDecryptionUtil
-{
-    private const int GcmIvLength = 12; // GCM 推荐使用 12 字节 IV
-    private const int GcmTagLength = 16; // GCM 认证标签长度（128位）
-    
-    /// <summary>
-    /// 解密任务二维码数据
-    /// </summary>
-    public static Dictionary<string, object> DecryptTaskData(
-        string encryptedDataBase64,
-        string licence,
-        string fingerprint
-    )
-    {
-        // 1. Base64 解码
-        byte[] encryptedBytes = Convert.FromBase64String(encryptedDataBase64);
-        
-        // 2. 分离 IV 和加密数据（包含认证标签）
-        if (encryptedBytes.Length < GcmIvLength)
-        {
-            throw new ArgumentException("加密数据格式错误：数据长度不足");
-        }
-        
-        byte[] iv = new byte[GcmIvLength];
-        Array.Copy(encryptedBytes, 0, iv, 0, GcmIvLength);
-        
-        byte[] ciphertextWithTag = new byte[encryptedBytes.Length - GcmIvLength];
-        Array.Copy(encryptedBytes, GcmIvLength, ciphertextWithTag, 0, ciphertextWithTag.Length);
-        
-        // 3. 生成密钥：SHA-256(licence + fingerprint)
-        string combined = licence + fingerprint;
-        byte[] keyBytes = SHA256.Create().ComputeHash(Encoding.UTF8.GetBytes(combined));
-        
-        // 4. 使用 AES-256-GCM 解密
-        using (AesGcm aesGcm = new AesGcm(keyBytes))
-        {
-            byte[] decryptedBytes = new byte[ciphertextWithTag.Length - GcmTagLength];
-            byte[] tag = new byte[GcmTagLength];
-            Array.Copy(ciphertextWithTag, ciphertextWithTag.Length - GcmTagLength, tag, 0, GcmTagLength);
-            Array.Copy(ciphertextWithTag, 0, decryptedBytes, 0, decryptedBytes.Length);
-            
-            aesGcm.Decrypt(iv, decryptedBytes, tag, null, decryptedBytes);
-            
-            // 5. 解析 JSON
-            string decryptedJson = Encoding.UTF8.GetString(decryptedBytes);
-            return JsonSerializer.Deserialize<Dictionary<string, object>>(decryptedJson);
-        }
-    }
-}
-
-// 使用示例
-class Program
-{
-    static void Main()
-    {
-        // 从二维码扫描获取的加密数据
-        string encryptedData = "Base64编码的加密数据...";
-        
-        // 工具箱的授权信息（必须与平台绑定时一致）
-        string licence = "LIC-8F2A-XXXX";
-        string fingerprint = "FP-2c91e9f3";
-        
-        // 解密任务数据
-        var taskData = TaskDecryptionUtil.DecryptTaskData(encryptedData, licence, fingerprint);
-        
-        Console.WriteLine($"任务ID: {taskData["taskId"]}");
-        Console.WriteLine($"企业ID: {taskData["enterpriseId"]}");
-        Console.WriteLine($"单位名称: {taskData["orgName"]}");
-        Console.WriteLine($"检查ID: {taskData["inspectionId"]}");
-        Console.WriteLine($"检查人: {taskData["inspectionPerson"]}");
-        Console.WriteLine($"发布时间: {taskData["issuedAt"]}");
-    }
-}
-```
-
-## 五、完整流程示例
-
-### 5.1 Python 完整示例（包含二维码扫描）
-
-```python
-import base64
-import json
-import hashlib
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-from pyzbar import pyzbar
-from PIL import Image
-
-class TaskQRCodeDecoder:
-    """任务二维码解码器"""
-    
-    def __init__(self, licence: str, fingerprint: str):
-        """
-        初始化解码器
-        
-        Args:
-            licence: 设备授权码
-            fingerprint: 设备硬件指纹
-        """
-        self.licence = licence
-        self.fingerprint = fingerprint
-        self._key = self._generate_key()
-    
-    def _generate_key(self) -> bytes:
-        """生成 AES-256 密钥"""
-        combined = self.licence + self.fingerprint
-        return hashlib.sha256(combined.encode('utf-8')).digest()
-    
-    def scan_qr_code(self, qr_image_path: str) -> dict:
-        """
-        扫描二维码并解密任务数据
-        
-        Args:
-            qr_image_path: 二维码图片路径
-        
-        Returns:
-            解密后的任务数据（字典）
-        """
-        # 1. 扫描二维码
-        image = Image.open(qr_image_path)
-        qr_codes = pyzbar.decode(image)
-        
-        if not qr_codes:
-            raise ValueError("未找到二维码")
-        
-        # 获取二维码内容（Base64编码的加密数据）
-        encrypted_data_base64 = qr_codes[0].data.decode('utf-8')
-        print(f"扫描到二维码内容: {encrypted_data_base64[:50]}...")
-        
-        # 2. 解密任务数据
-        return self.decrypt_task_data(encrypted_data_base64)
-    
-    def decrypt_task_data(self, encrypted_data_base64: str) -> dict:
-        """
-        解密任务数据
-        
-        Args:
-            encrypted_data_base64: Base64编码的加密数据
-        
-        Returns:
-            解密后的任务数据（字典）
-        """
-        # 1. Base64 解码
-        encrypted_bytes = base64.b64decode(encrypted_data_base64)
-        
-        # 2. 分离 IV 和加密数据（包含认证标签）
-        if len(encrypted_bytes) < 12:
-            raise ValueError("加密数据格式错误：数据长度不足")
-        
-        iv = encrypted_bytes[:12]  # IV: 前12字节
-        ciphertext_with_tag = encrypted_bytes[12:]  # 加密数据 + 认证标签
-        
-        # 3. 使用 AES-256-GCM 解密
-        aesgcm = AESGCM(self._key)
-        decrypted_bytes = aesgcm.decrypt(iv, ciphertext_with_tag, None)
-        
-        # 4. 解析 JSON
-        decrypted_json = decrypted_bytes.decode('utf-8')
-        task_data = json.loads(decrypted_json)
-        
-        return task_data
-
-# 使用示例
-if __name__ == "__main__":
-    # 工具箱的授权信息（必须与平台绑定时一致）
-    licence = "LIC-8F2A-XXXX"
-    fingerprint = "FP-2c91e9f3"
-    
-    # 创建解码器
-    decoder = TaskQRCodeDecoder(licence, fingerprint)
-    
-    # 扫描二维码并解密
-    try:
-        task_data = decoder.scan_qr_code("task_qr_code.png")
-        
-        print("\n=== 任务信息 ===")
-        print(f"任务ID: {task_data['taskId']}")
-        print(f"企业ID: {task_data['enterpriseId']}")
-        print(f"单位名称: {task_data['orgName']}")
-        print(f"检查ID: {task_data['inspectionId']}")
-        print(f"检查人: {task_data['inspectionPerson']}")
-        print(f"发布时间: {task_data['issuedAt']}")
-        
-        # 可以使用任务信息执行检查任务
-        # execute_inspection_task(task_data)
-        
-    except Exception as e:
-        print(f"解密失败: {e}")
-```
-
-### 5.2 Java/Kotlin 完整示例（包含二维码扫描）
-
-```kotlin
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.google.zxing.BinaryBitmap
-import com.google.zxing.MultiFormatReader
-import com.google.zxing.Result
-import com.google.zxing.client.j2se.BufferedImageLuminanceSource
-import com.google.zxing.common.HybridBinarizer
-import java.awt.image.BufferedImage
-import java.io.File
-import java.nio.charset.StandardCharsets
-import java.security.MessageDigest
-import java.util.Base64
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-import javax.imageio.ImageIO
-
-class TaskQRCodeDecoder(
-    private val licence: String,
-    private val fingerprint: String
-) {
-    
-    private val key: SecretKeySpec by lazy {
-        val combined = "$licence$fingerprint"
-        val digest = MessageDigest.getInstance("SHA-256")
-        val keyBytes = digest.digest(combined.toByteArray(StandardCharsets.UTF_8))
-        SecretKeySpec(keyBytes, "AES")
-    }
-    
-    private val objectMapper = ObjectMapper()
-    
-    /**
-     * 扫描二维码并解密任务数据
-     */
-    fun scanAndDecrypt(qrImagePath: String): Map<String, Any> {
-        // 1. 扫描二维码
-        val image: BufferedImage = ImageIO.read(File(qrImagePath))
-        val source = BufferedImageLuminanceSource(image)
-        val bitmap = BinaryBitmap(HybridBinarizer(source))
-        val reader = MultiFormatReader()
-        val result: Result = reader.decode(bitmap)
-        
-        // 获取二维码内容（Base64编码的加密数据）
-        val encryptedDataBase64 = result.text
-        println("扫描到二维码内容: ${encryptedDataBase64.take(50)}...")
-        
-        // 2. 解密任务数据
-        return decryptTaskData(encryptedDataBase64)
-    }
-    
-    /**
-     * 解密任务数据
-     */
-    fun decryptTaskData(encryptedDataBase64: String): Map<String, Any> {
-        // 1. Base64 解码
-        val encryptedBytes = Base64.getDecoder().decode(encryptedDataBase64)
-        
-        // 2. 分离 IV 和加密数据（包含认证标签）
-        if (encryptedBytes.size < 12) {
-            throw IllegalArgumentException("加密数据格式错误：数据长度不足")
-        }
-        
-        val iv = encryptedBytes.sliceArray(0 until 12)
-        val ciphertextWithTag = encryptedBytes.sliceArray(12 until encryptedBytes.size)
-        
-        // 3. 使用 AES-256-GCM 解密
-        val cipher = Cipher.getInstance("AES/GCM/NoPadding")
-        val parameterSpec = GCMParameterSpec(16 * 8, iv) // 标签长度以位为单位
-        cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec)
-        
-        // 解密数据（GCM 会自动验证认证标签）
-        val decryptedBytes = cipher.doFinal(ciphertextWithTag)
-        
-        // 4. 解析 JSON
-        val decryptedJson = String(decryptedBytes, StandardCharsets.UTF_8)
-        @Suppress("UNCHECKED_CAST")
-        return objectMapper.readValue(decryptedJson, Map::class.java) as Map<String, Any>
-    }
-}
-
-// 使用示例
-fun main() {
-    // 工具箱的授权信息（必须与平台绑定时一致）
-    val licence = "LIC-8F2A-XXXX"
-    val fingerprint = "FP-2c91e9f3"
-    
-    // 创建解码器
-    val decoder = TaskQRCodeDecoder(licence, fingerprint)
-    
-    // 扫描二维码并解密
-    try {
-        val taskData = decoder.scanAndDecrypt("task_qr_code.png")
-        
-        println("\n=== 任务信息 ===")
-        println("任务ID: ${taskData["taskId"]}")
-        println("企业ID: ${taskData["enterpriseId"]}")
-        println("单位名称: ${taskData["orgName"]}")
-        println("检查ID: ${taskData["inspectionId"]}")
-        println("检查人: ${taskData["inspectionPerson"]}")
-        println("发布时间: ${taskData["issuedAt"]}")
-        
-        // 可以使用任务信息执行检查任务
-        // executeInspectionTask(taskData)
-        
-    } catch (e: Exception) {
-        println("解密失败: ${e.message}")
-    }
-}
-```
-
-## 六、常见错误和注意事项
-
-### 6.1 解密失败
-
-**可能原因**：
-1. **密钥不匹配**：`licence` 或 `fingerprint` 与平台绑定时不一致
-   - 确保使用与设备授权时相同的 `licence` 和 `fingerprint`
-   - 检查字符串拼接是否正确（无分隔符）
-   
-2. **数据格式错误**：Base64 编码或数据布局错误
-   - 确保 Base64 解码正确
-   - 确保 IV 长度正确（12 字节）
-   
-3. **认证标签验证失败**：数据被篡改或损坏
-   - GCM 模式会自动验证认证标签
-   - 如果验证失败，说明数据被篡改或密钥错误
-
-4. **算法不匹配**：必须使用 `AES/GCM/NoPadding`
-   - 确保使用正确的加密算法
-   - 确保认证标签长度为 128 位（16 字节）
-
-### 6.2 二维码扫描失败
-
-**可能原因**：
-1. **二维码图片质量差**：确保图片清晰，有足够的对比度
-2. **二维码内容过长**：如果加密数据过长，可能需要更高版本的二维码
-3. **扫描库不支持**：确保使用支持 Base64 字符串的二维码扫描库
-
-### 6.3 JSON 解析失败
-
-**可能原因**：
-1. **字符编码错误**：确保使用 UTF-8 编码
-2. **JSON 格式错误**：确保解密后的字符串是有效的 JSON
-3. **字段缺失**：确保所有必需字段都存在
-
-## 七、安全设计说明
-
-### 7.1 为什么使用 AES-256-GCM
-
-1. **认证加密（AEAD）**：GCM 模式提供加密和认证，防止数据被篡改
-2. **强安全性**：AES-256 提供 256 位密钥强度
-3. **自动验证**：GCM 模式会自动验证认证标签，任何篡改都会导致解密失败
-
-### 7.2 为什么第三方无法解密
-
-1. **密钥绑定**：只有拥有正确 `licence + fingerprint` 的工具箱才能生成正确的密钥
-2. **认证标签**：GCM 模式会验证认证标签，任何篡改都会导致解密失败
-3. **密钥唯一性**：每个设备的 `licence + fingerprint` 组合是唯一的
-
-### 7.3 密钥生成的安全性
-
-1. **SHA-256 哈希**：使用强哈希算法生成密钥
-2. **密钥长度**：使用全部 32 字节作为 AES-256 密钥
-3. **密钥隔离**：每个设备的密钥是独立的，互不影响
-
-## 八、测试建议
-
-1. **单元测试**：
-   - 测试密钥生成是否正确
-   - 测试解密功能是否正常
-   - 测试 JSON 解析是否正确
-
-2. **集成测试**：
-   - 使用真实平台生成的二维码进行测试
-   - 测试不同长度的任务数据
-   - 测试错误的密钥是否会导致解密失败
-
-3. **边界测试**：
-   - 测试超长的任务数据
-   - 测试特殊字符的处理
-   - 测试错误的 Base64 格式
-
-## 九、参考实现
-
-- **Python**：`cryptography` 库（AES-GCM 加密）、`pyzbar` 库（二维码扫描）
-- **Java/Kotlin**：JDK `javax.crypto`（AES-GCM 加密）、ZXing 库（二维码扫描）
-- **C#**：`System.Security.Cryptography`（AES-GCM 加密）、ZXing.Net 库（二维码扫描）
-
-## 十、联系支持
-
-如有问题，请联系平台技术支持团队获取：
-- 测试环境地址
-- 技术支持
-

docs/工具箱端-授权对接指南/工具箱端-报告加密与签名生成指南.md

@@ -1,647 +0,0 @@
-# 工具箱端 - 报告加密与签名生成指南
-
-## 概述
-
-本文档说明工具箱端如何生成加密和签名的检查报告 ZIP 文件，以确保：
-1. **授权校验**：只有合法授权的工具箱才能生成有效的报告
-2. **防篡改校验**：确保报告内容在传输过程中未被篡改
-
-> ### UX 集成模式补充（当前项目实现）
->
-> 在当前集成模式中，工具箱可将原始报告 ZIP 直接上传到 UX 的 `crypto.signAndPackReport`：
->
-> 1. 工具箱先通过 `config.setLicence` 完成本地 licence 配置；
-> 2. 工具箱传入 `pgpPrivateKey`、`signingContext`、`summaryJson` 与 `rawZip`；
-> 3. UX 从本地配置读取 licence/fingerprint，执行签名与打包能力，生成 `summary.json`、`META-INF/manifest.json`、`META-INF/signature.asc`；
-> 4. UX 返回签名后的 ZIP（二进制文件响应），工具箱再用于离线介质回传平台。
-
-## 一、ZIP 文件结构要求
-
-工具箱生成的 ZIP 文件必须包含以下文件：
-
-```
-report.zip
-├── summary.json              # 摘要信息（必须包含授权和签名字段）
-├── assets.json               # 资产信息（用于签名校验）
-├── vulnerabilities.json      # 漏洞信息（用于签名校验）
-├── weakPasswords.json        # 弱密码信息（用于签名校验）
-├── 漏洞评估报告.html         # 漏洞评估报告（用于签名校验）
-└── META-INF/
-    ├── manifest.json         # 文件清单（用于 OpenPGP 签名）
-    └── signature.asc         # OpenPGP 签名文件（防篡改）
-```
-
-## 二、授权校验 - 设备签名（device_signature）
-
-### 2.1 目的
-
-设备签名用于验证报告是由合法授权的工具箱生成的，防止第三方伪造扫描结果。
-
-### 2.2 密钥派生
-
-使用 **HKDF-SHA256** 从设备的 `licence` 和 `fingerprint` 派生签名密钥：
-
-```
-K = HKDF(
-    input = licence + fingerprint,        # 输入密钥材料（字符串拼接）
-    salt = "AUTH_V3_SALT",                # 固定盐值
-    info = "device_report_signature",     # 固定信息参数
-    hash = SHA-256,                       # 哈希算法
-    length = 32                           # 输出密钥长度（32字节 = 256位）
-)
-```
-
-**伪代码示例**：
-```python
-import hkdf
-
-# 输入密钥材料
-ikm = licence + fingerprint  # 字符串直接拼接
-
-# HKDF 参数
-salt = "AUTH_V3_SALT"
-info = "device_report_signature"
-key_length = 32  # 32字节 = 256位
-
-# 派生密钥
-derived_key = hkdf.HKDF(
-    algorithm=hashlib.sha256,
-    length=key_length,
-    salt=salt.encode('utf-8'),
-    info=info.encode('utf-8'),
-    ikm=ikm.encode('utf-8')
-).derive()
-```
-
-### 2.3 签名数据组装（严格顺序）
-
-签名数据必须按照以下**严格顺序**组装：
-
-```
-sign_payload = 
-    taskId +                                    # 任务ID（字符串）
-    inspectionId +                              # 检查ID（数字转字符串）
-    SHA256(assets.json) +                      # assets.json 的 SHA256（hex字符串，小写）
-    SHA256(vulnerabilities.json) +             # vulnerabilities.json 的 SHA256（hex字符串，小写）
-    SHA256(weakPasswords.json) +               # weakPasswords.json 的 SHA256（hex字符串，小写）
-    SHA256(漏洞评估报告.html)                   # 漏洞评估报告.html 的 SHA256（hex字符串，小写）
-```
-
-**重要说明**：
-- 所有字符串直接拼接，**不添加任何分隔符**
-- SHA256 哈希值必须是 **hex 字符串（小写）**，例如：`a1b2c3d4...`
-- 文件内容必须是**原始字节**，不能进行任何编码转换
-- 顺序必须严格一致，任何顺序错误都会导致签名验证失败
-
-**伪代码示例**：
-```python
-import hashlib
-
-# 1. 读取文件内容（原始字节）
-assets_content = read_file("assets.json")
-vulnerabilities_content = read_file("vulnerabilities.json")
-weak_passwords_content = read_file("weakPasswords.json")
-report_html_content = read_file("漏洞评估报告.html")
-
-# 2. 计算 SHA256（hex字符串，小写）
-def sha256_hex(content: bytes) -> str:
-    return hashlib.sha256(content).hexdigest()
-
-assets_sha256 = sha256_hex(assets_content)
-vulnerabilities_sha256 = sha256_hex(vulnerabilities_content)
-weak_passwords_sha256 = sha256_hex(weak_passwords_content)
-report_html_sha256 = sha256_hex(report_html_content)
-
-# 3. 组装签名数据（严格顺序，直接拼接）
-sign_payload = (
-    str(task_id) +
-    str(inspection_id) +
-    assets_sha256 +
-    vulnerabilities_sha256 +
-    weak_passwords_sha256 +
-    report_html_sha256
-)
-```
-
-### 2.4 生成设备签名
-
-使用 **HMAC-SHA256** 计算签名：
-
-```
-device_signature = Base64(HMAC-SHA256(key=K, data=sign_payload))
-```
-
-**伪代码示例**：
-```python
-import hmac
-import base64
-
-# 使用派生密钥计算 HMAC-SHA256
-mac = hmac.new(
-    key=derived_key,                    # 派生密钥（32字节）
-    msg=sign_payload.encode('utf-8'),  # 签名数据（UTF-8编码）
-    digestmod=hashlib.sha256
-)
-
-# 计算签名
-signature_bytes = mac.digest()
-
-# Base64 编码
-device_signature = base64.b64encode(signature_bytes).decode('utf-8')
-```
-
-### 2.5 写入 summary.json
-
-将 `device_signature` 写入 `summary.json`：
-
-```json
-{
-  "orgId": 1173040813421105152,
-  "checkId": 702286470691215417,
-  "taskId": "TASK-20260115-4875",
-  "licence": "LIC-8F2A-XXXX",
-  "fingerprint": "FP-2c91e9f3",
-  "deviceSignature": "Base64编码的签名值",
-  "summary": "检查摘要信息",
-  ...其他字段...
-}
-```
-
-**必需字段**：
-- `licence`：设备授权码（字符串）
-- `fingerprint`：设备硬件指纹（字符串）
-- `taskId`：任务ID（字符串）
-- `deviceSignature`：设备签名（Base64字符串）
-- `checkId` 或 `inspectionId`：检查ID（数字）
-
-## 三、防篡改校验 - OpenPGP 签名
-
-### 3.1 目的
-
-OpenPGP 签名用于验证 ZIP 文件在传输过程中未被篡改，确保文件完整性。
-
-### 3.2 生成 manifest.json
-
-创建 `META-INF/manifest.json` 文件，包含所有文件的 SHA-256 哈希值：
-
-```json
-{
-  "files": {
-    "summary.json": "a1b2c3d4e5f6...",
-    "assets.json": "b2c3d4e5f6a1...",
-    "vulnerabilities.json": "c3d4e5f6a1b2...",
-    "weakPasswords.json": "d4e5f6a1b2c3...",
-    "漏洞评估报告.html": "e5f6a1b2c3d4..."
-  }
-}
-```
-
-**伪代码示例**：
-```python
-import hashlib
-import json
-
-def calculate_sha256_hex(content: bytes) -> str:
-    return hashlib.sha256(content).hexdigest()
-
-# 计算所有文件的 SHA256
-files_hashes = {
-    "summary.json": calculate_sha256_hex(summary_content),
-    "assets.json": calculate_sha256_hex(assets_content),
-    "vulnerabilities.json": calculate_sha256_hex(vulnerabilities_content),
-    "weakPasswords.json": calculate_sha256_hex(weak_passwords_content),
-    "漏洞评估报告.html": calculate_sha256_hex(report_html_content)
-}
-
-# 生成 manifest.json
-manifest = {
-    "files": files_hashes
-}
-
-manifest_json = json.dumps(manifest, ensure_ascii=False, indent=2)
-```
-
-### 3.3 生成 OpenPGP 签名
-
-使用工具箱的**私钥**对 `manifest.json` 进行 OpenPGP 签名，生成 `META-INF/signature.asc`：
-
-**伪代码示例（使用 Python gnupg）**：
-```python
-import gnupg
-
-# 初始化 GPG
-gpg = gnupg.GPG()
-
-# 导入私钥（或使用已配置的密钥）
-# gpg.import_keys(private_key_data)
-
-# 对 manifest.json 进行签名
-with open('META-INF/manifest.json', 'rb') as f:
-    signed_data = gpg.sign_file(
-        f,
-        detach=True,           # 分离式签名
-        clearsign=False,      # 不使用明文签名
-        output='META-INF/signature.asc'
-    )
-```
-
-**伪代码示例（使用 BouncyCastle - Java/Kotlin）**：
-```kotlin
-import org.bouncycastle.openpgp.*
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder
-import org.bouncycastle.openpgp.operator.jcajce.JcaPGPPrivateKey
-import java.io.ByteArrayOutputStream
-import java.io.FileOutputStream
-
-fun generatePGPSignature(
-    manifestContent: ByteArray,
-    privateKey: PGPPrivateKey,
-    publicKey: PGPPublicKey
-): ByteArray {
-    val signatureGenerator = PGPSignatureGenerator(
-        JcaPGPContentSignerBuilder(publicKey.algorithm, PGPUtil.SHA256)
-    )
-    signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey)
-    signatureGenerator.update(manifestContent)
-    
-    val signature = signatureGenerator.generate()
-    val signatureList = PGPSignatureList(signature)
-    
-    val out = ByteArrayOutputStream()
-    val pgpOut = PGPObjectFactory(PGPUtil.getEncoderStream(out))
-    signatureList.encode(out)
-    
-    return out.toByteArray()
-}
-```
-
-### 3.4 打包 ZIP 文件
-
-将所有文件打包成 ZIP 文件，确保包含：
-- 所有报告文件（summary.json、assets.json 等）
-- `META-INF/manifest.json`
-- `META-INF/signature.asc`
-
-**伪代码示例**：
-```python
-import zipfile
-
-def create_signed_zip(output_path: str):
-    with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zipf:
-        # 添加报告文件
-        zipf.write('summary.json', 'summary.json')
-        zipf.write('assets.json', 'assets.json')
-        zipf.write('vulnerabilities.json', 'vulnerabilities.json')
-        zipf.write('weakPasswords.json', 'weakPasswords.json')
-        zipf.write('漏洞评估报告.html', '漏洞评估报告.html')
-        
-        # 添加签名文件
-        zipf.write('META-INF/manifest.json', 'META-INF/manifest.json')
-        zipf.write('META-INF/signature.asc', 'META-INF/signature.asc')
-```
-
-## 四、完整流程示例
-
-### 4.1 Python 完整示例
-
-```python
-import hashlib
-import hmac
-import base64
-import json
-import zipfile
-import hkdf
-import gnupg
-
-def generate_report_zip(
-    licence: str,
-    fingerprint: str,
-    task_id: str,
-    inspection_id: int,
-    output_path: str
-):
-    """
-    生成带签名和加密的检查报告 ZIP 文件
-    """
-    
-    # ========== 1. 读取报告文件 ==========
-    assets_content = read_file("assets.json")
-    vulnerabilities_content = read_file("vulnerabilities.json")
-    weak_passwords_content = read_file("weakPasswords.json")
-    report_html_content = read_file("漏洞评估报告.html")
-    
-    # ========== 2. 生成设备签名 ==========
-    
-    # 2.1 密钥派生
-    ikm = licence + fingerprint
-    salt = "AUTH_V3_SALT"
-    info = "device_report_signature"
-    key_length = 32
-    
-    derived_key = hkdf.HKDF(
-        algorithm=hashlib.sha256,
-        length=key_length,
-        salt=salt.encode('utf-8'),
-        info=info.encode('utf-8'),
-        ikm=ikm.encode('utf-8')
-    ).derive()
-    
-    # 2.2 计算文件 SHA256
-    def sha256_hex(content: bytes) -> str:
-        return hashlib.sha256(content).hexdigest()
-    
-    assets_sha256 = sha256_hex(assets_content)
-    vulnerabilities_sha256 = sha256_hex(vulnerabilities_content)
-    weak_passwords_sha256 = sha256_hex(weak_passwords_content)
-    report_html_sha256 = sha256_hex(report_html_content)
-    
-    # 2.3 组装签名数据（严格顺序）
-    sign_payload = (
-        str(task_id) +
-        str(inspection_id) +
-        assets_sha256 +
-        vulnerabilities_sha256 +
-        weak_passwords_sha256 +
-        report_html_sha256
-    )
-    
-    # 2.4 计算 HMAC-SHA256
-    mac = hmac.new(
-        key=derived_key,
-        msg=sign_payload.encode('utf-8'),
-        digestmod=hashlib.sha256
-    )
-    device_signature = base64.b64encode(mac.digest()).decode('utf-8')
-    
-    # 2.5 生成 summary.json
-    summary = {
-        "orgId": 1173040813421105152,
-        "checkId": inspection_id,
-        "taskId": task_id,
-        "licence": licence,
-        "fingerprint": fingerprint,
-        "deviceSignature": device_signature,
-        "summary": "检查摘要信息"
-    }
-    summary_content = json.dumps(summary, ensure_ascii=False).encode('utf-8')
-    
-    # ========== 3. 生成 OpenPGP 签名 ==========
-    
-    # 3.1 生成 manifest.json
-    files_hashes = {
-        "summary.json": sha256_hex(summary_content),
-        "assets.json": assets_sha256,
-        "vulnerabilities.json": vulnerabilities_sha256,
-        "weakPasswords.json": weak_passwords_sha256,
-        "漏洞评估报告.html": report_html_sha256
-    }
-    manifest = {"files": files_hashes}
-    manifest_content = json.dumps(manifest, ensure_ascii=False, indent=2).encode('utf-8')
-    
-    # 3.2 生成 OpenPGP 签名
-    gpg = gnupg.GPG()
-    with open('META-INF/manifest.json', 'wb') as f:
-        f.write(manifest_content)
-    
-    with open('META-INF/manifest.json', 'rb') as f:
-        signed_data = gpg.sign_file(
-            f,
-            detach=True,
-            output='META-INF/signature.asc'
-        )
-    
-    # ========== 4. 打包 ZIP 文件 ==========
-    with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zipf:
-        zipf.writestr('summary.json', summary_content)
-        zipf.writestr('assets.json', assets_content)
-        zipf.writestr('vulnerabilities.json', vulnerabilities_content)
-        zipf.writestr('weakPasswords.json', weak_passwords_content)
-        zipf.writestr('漏洞评估报告.html', report_html_content)
-        zipf.writestr('META-INF/manifest.json', manifest_content)
-        zipf.write('META-INF/signature.asc', 'META-INF/signature.asc')
-    
-    print(f"报告 ZIP 文件生成成功: {output_path}")
-```
-
-### 4.2 Java/Kotlin 完整示例
-
-```kotlin
-import org.bouncycastle.crypto.digests.SHA256Digest
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator
-import org.bouncycastle.crypto.params.HKDFParameters
-import java.security.MessageDigest
-import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
-import java.util.Base64
-import java.util.zip.ZipOutputStream
-import java.io.FileOutputStream
-
-fun generateReportZip(
-    licence: String,
-    fingerprint: String,
-    taskId: String,
-    inspectionId: Long,
-    outputPath: String
-) {
-    // ========== 1. 读取报告文件 ==========
-    val assetsContent = readFile("assets.json")
-    val vulnerabilitiesContent = readFile("vulnerabilities.json")
-    val weakPasswordsContent = readFile("weakPasswords.json")
-    val reportHtmlContent = readFile("漏洞评估报告.html")
-    
-    // ========== 2. 生成设备签名 ==========
-    
-    // 2.1 密钥派生
-    val ikm = (licence + fingerprint).toByteArray(Charsets.UTF_8)
-    val salt = "AUTH_V3_SALT".toByteArray(Charsets.UTF_8)
-    val info = "device_report_signature".toByteArray(Charsets.UTF_8)
-    val keyLength = 32
-    
-    val hkdf = HKDFBytesGenerator(SHA256Digest())
-    hkdf.init(HKDFParameters(ikm, salt, info))
-    val derivedKey = ByteArray(keyLength)
-    hkdf.generateBytes(derivedKey, 0, keyLength)
-    
-    // 2.2 计算文件 SHA256
-    fun sha256Hex(content: ByteArray): String {
-        val digest = MessageDigest.getInstance("SHA-256")
-        val hashBytes = digest.digest(content)
-        return hashBytes.joinToString("") { "%02x".format(it) }
-    }
-    
-    val assetsSha256 = sha256Hex(assetsContent)
-    val vulnerabilitiesSha256 = sha256Hex(vulnerabilitiesContent)
-    val weakPasswordsSha256 = sha256Hex(weakPasswordsContent)
-    val reportHtmlSha256 = sha256Hex(reportHtmlContent)
-    
-    // 2.3 组装签名数据（严格顺序）
-    val signPayload = buildString {
-        append(taskId)
-        append(inspectionId)
-        append(assetsSha256)
-        append(vulnerabilitiesSha256)
-        append(weakPasswordsSha256)
-        append(reportHtmlSha256)
-    }
-    
-    // 2.4 计算 HMAC-SHA256
-    val mac = Mac.getInstance("HmacSHA256")
-    val secretKey = SecretKeySpec(derivedKey, "HmacSHA256")
-    mac.init(secretKey)
-    val signatureBytes = mac.doFinal(signPayload.toByteArray(Charsets.UTF_8))
-    val deviceSignature = Base64.getEncoder().encodeToString(signatureBytes)
-    
-    // 2.5 生成 summary.json
-    val summary = mapOf(
-        "orgId" to 1173040813421105152L,
-        "checkId" to inspectionId,
-        "taskId" to taskId,
-        "licence" to licence,
-        "fingerprint" to fingerprint,
-        "deviceSignature" to deviceSignature,
-        "summary" to "检查摘要信息"
-    )
-    val summaryContent = objectMapper.writeValueAsString(summary).toByteArray(Charsets.UTF_8)
-    
-    // ========== 3. 生成 OpenPGP 签名 ==========
-    
-    // 3.1 生成 manifest.json
-    val filesHashes = mapOf(
-        "summary.json" to sha256Hex(summaryContent),
-        "assets.json" to assetsSha256,
-        "vulnerabilities.json" to vulnerabilitiesSha256,
-        "weakPasswords.json" to weakPasswordsSha256,
-        "漏洞评估报告.html" to reportHtmlSha256
-    )
-    val manifest = mapOf("files" to filesHashes)
-    val manifestContent = objectMapper.writeValueAsString(manifest).toByteArray(Charsets.UTF_8)
-    
-    // 3.2 生成 OpenPGP 签名（使用 BouncyCastle）
-    val signatureAsc = generatePGPSignature(manifestContent, privateKey, publicKey)
-    
-    // ========== 4. 打包 ZIP 文件 ==========
-    ZipOutputStream(FileOutputStream(outputPath)).use { zipOut ->
-        zipOut.putNextEntry(ZipEntry("summary.json"))
-        zipOut.write(summaryContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("assets.json"))
-        zipOut.write(assetsContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("vulnerabilities.json"))
-        zipOut.write(vulnerabilitiesContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("weakPasswords.json"))
-        zipOut.write(weakPasswordsContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("漏洞评估报告.html"))
-        zipOut.write(reportHtmlContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("META-INF/manifest.json"))
-        zipOut.write(manifestContent)
-        zipOut.closeEntry()
-        
-        zipOut.putNextEntry(ZipEntry("META-INF/signature.asc"))
-        zipOut.write(signatureAsc)
-        zipOut.closeEntry()
-    }
-    
-    println("报告 ZIP 文件生成成功: $outputPath")
-}
-```
-
-## 五、平台端验证流程
-
-平台端会按以下顺序验证：
-
-1. **OpenPGP 签名验证**（防篡改）
-   - 读取 `META-INF/manifest.json` 和 `META-INF/signature.asc`
-   - 使用平台公钥验证签名
-   - 验证所有文件的 SHA256 是否与 manifest.json 中的哈希值匹配
-
-2. **设备签名验证**（授权）
-   - 从 `summary.json` 提取 `licence`、`fingerprint`、`taskId`、`deviceSignature`
-   - 验证 `licence + fingerprint` 是否已绑定
-   - 验证 `taskId` 是否存在且属于该设备
-   - 使用相同的 HKDF 派生密钥
-   - 重新计算签名并与 `deviceSignature` 比较
-
-## 六、常见错误和注意事项
-
-### 6.1 设备签名验证失败
-
-**可能原因**：
-1. **密钥派生错误**：确保使用正确的 `salt` 和 `info` 参数
-2. **签名数据顺序错误**：必须严格按照 `taskId + inspectionId + SHA256(...)` 的顺序
-3. **SHA256 格式错误**：必须是 hex 字符串（小写），不能包含分隔符
-4. **文件内容错误**：确保使用原始文件内容，不能进行编码转换
-5. **licence 或 fingerprint 不匹配**：确保与平台绑定的值一致
-
-### 6.2 OpenPGP 签名验证失败
-
-**可能原因**：
-1. **私钥不匹配**：确保使用与平台公钥对应的私钥
-2. **manifest.json 格式错误**：确保 JSON 格式正确
-3. **文件哈希值错误**：确保 manifest.json 中的哈希值与实际文件匹配
-
-### 6.3 文件缺失
-
-**必需文件**：
-- `summary.json`（必须包含授权字段）
-- `assets.json`
-- `vulnerabilities.json`
-- `weakPasswords.json`（文件名大小写不敏感）
-- `漏洞评估报告.html`（文件名包含"漏洞评估报告"且以".html"结尾）
-- `META-INF/manifest.json`
-- `META-INF/signature.asc`
-
-## 七、安全设计说明
-
-### 7.1 为什么第三方无法伪造
-
-1. **设备签名**：
-   - 只有拥有正确 `licence + fingerprint` 的设备才能派生正确的签名密钥
-   - 即使第三方获取了某个设备的签名，也无法用于其他任务（`taskId` 绑定）
-   - 即使第三方修改了报告内容，签名也会失效（多个文件的 SHA256 绑定）
-
-2. **OpenPGP 签名**：
-   - 只有拥有私钥的工具箱才能生成有效签名
-   - 任何文件修改都会导致哈希值不匹配
-
-### 7.2 密钥分离
-
-使用 HKDF 的 `info` 参数区分不同用途的密钥：
-- `device_report_signature`：用于设备签名
-- 其他用途可以使用不同的 `info` 值，确保密钥隔离
-
-## 八、测试建议
-
-1. **单元测试**：
-   - 测试密钥派生是否正确
-   - 测试签名生成和验证是否匹配
-   - 测试文件 SHA256 计算是否正确
-
-2. **集成测试**：
-   - 使用真实数据生成 ZIP 文件
-   - 上传到平台验证是否通过
-   - 测试篡改文件后验证是否失败
-
-3. **边界测试**：
-   - 测试文件缺失的情况
-   - 测试签名数据顺序错误的情况
-   - 测试错误的 `licence` 或 `fingerprint` 的情况
-
-## 九、参考实现
-
-- **HKDF 实现**：BouncyCastle（Java/Kotlin）、`hkdf` 库（Python）
-- **HMAC-SHA256**：Java `javax.crypto.Mac`、Python `hmac`
-- **OpenPGP**：BouncyCastle（Java/Kotlin）、`gnupg` 库（Python）
-
-## 十、联系支持
-
-如有问题，请联系平台技术支持团队。
-

docs/工具箱端-授权对接指南/工具箱端-摘要信息二维码生成指南.md

@@ -1,756 +0,0 @@
-# 工具箱端 - 摘要信息二维码生成指南
-
-## 概述
-
-本文档说明工具箱端如何生成摘要信息二维码。工具箱完成检查任务后，需要将摘要信息加密并生成二维码，供 App 扫描后上传到平台。
-
-> ### UX 集成模式补充（当前项目实现）
->
-> 在当前集成模式中，工具箱将明文文本传给 UX 的 `crypto.encryptSummary`，并提供 `salt`。
-> UX 从本地配置读取 licence/fingerprint，执行 HKDF + AES-256-GCM 并返回 Base64 密文。
-
-## 一、业务流程
-
-```
-工具箱完成检查 → 准备摘要信息 → HKDF派生密钥 → AES-256-GCM加密 → 组装二维码内容 → 生成二维码
-                                                                                    ↓
-App扫描二维码 → 提取taskId和encrypted → 提交到平台 → 平台解密验证 → 保存摘要信息
-```
-
-## 二、二维码内容格式
-
-二维码内容为 JSON 格式，包含以下字段：
-
-```json
-{
-  "taskId": "TASK-20260115-4875",
-  "encrypted": "uWUcAmp6UQd0w3G3crdsd4613QCxGLoEgslgXJ4G2hQhpQdjtghtQjCBUZwB/JO+NRgH1vSTr8dqBJRq7Qh4nugESrB2jUSGASTf4+5E7cLlDOmtDw7QlqS+6Hb7sn3daMSOovcna07huchHeesrJCiHV8ntEDXdCCdQOEHfkZAvy5gS8jQY41x5Qcnmqbz3qqHTmceIihTj4uqRVyKOE8jxzY6ko76jx0gW239gyFysJUTrqSPiFAr+gToi2l9SWP8ISViBmYmCY2cQtKvPfTKXwxGMid0zE/nDmb9n38X1oR05nAP0v1KaVY7iPcjsWySDGqO2iIbPzV8tQzq5TNuYqn9gvxIX/oRTFECP+aosfmOD5I8H8rVFTebyTHw+ONV3KoN2IMRqnG+a2lucbhzwQk7/cX1hs9lYm+yapmp+0MbLCtf2KMWqJPdeZqTVZgi3R181BCxo3OIwcCFTnZ/b9pdw+q8ai6SJpso5mA0TpUCvqYlGlKMZde0nj07kmLpdAm3AOg3GtPezfJu8iHmsc4PTa8RDsPgTIxcdyxNSMqo1Ws3VLQXm6DHK/kma/vbvSA/N7upPzi7wLvboig=="
-}
-```
-
-### 2.1 字段说明
-
-| 字段名 | 类型 | 说明 | 示例 |
-|--------|------|------|------|
-| `taskId` | String | 任务ID（从任务二维码中获取） | `"TASK-20260115-4875"` |
-| `encrypted` | String | Base64编码的加密数据 | `"uWUcAmp6UQd0w3G3..."` |
-
-## 三、摘要信息数据结构
-
-### 3.1 明文数据 JSON 格式
-
-加密前的摘要信息为 JSON 格式，包含以下字段：
-
-```json
-{
-  "enterpriseId": "1173040813421105152",
-  "inspectionId": "702286470691215417",
-  "summary": "检查摘要信息",
-  "timestamp": 1734571234567
-}
-```
-
-### 3.2 字段说明
-
-| 字段名 | 类型 | 说明 | 示例 |
-|--------|------|------|------|
-| `enterpriseId` | String | 企业ID（从任务数据中获取） | `"1173040813421105152"` |
-| `inspectionId` | String | 检查ID（从任务数据中获取） | `"702286470691215417"` |
-| `summary` | String | 检查摘要信息 | `"检查摘要信息"` |
-| `timestamp` | Number | 时间戳（毫秒） | `1734571234567` |
-
-## 四、密钥派生（HKDF-SHA256）
-
-### 4.1 密钥派生参数
-
-使用 **HKDF-SHA256** 从 `licence + fingerprint` 派生 AES 密钥：
-
-```
-AES Key = HKDF(
-    input = licence + fingerprint,              # 输入密钥材料（字符串拼接）
-    salt = taskId,                              # Salt值（任务ID）
-    info = "inspection_report_encryption",     # Info值（固定值）
-    hash = SHA-256,                             # 哈希算法
-    length = 32                                 # 输出密钥长度（32字节 = 256位）
-)
-```
-
-**重要说明**：
-- `ikm`（输入密钥材料）= `licence + fingerprint`（直接字符串拼接，无分隔符）
-- `salt` = `taskId`（从任务二维码中获取的任务ID）
-- `info` = `"inspection_report_encryption"`（固定值，区分不同用途的密钥）
-- `length` = `32` 字节（AES-256 密钥长度）
-
-### 4.2 Python 实现示例
-
-```python
-import hashlib
-import hkdf
-
-def derive_aes_key(licence: str, fingerprint: str, task_id: str) -> bytes:
-    """
-    使用 HKDF-SHA256 派生 AES-256 密钥
-    
-    Args:
-        licence: 设备授权码
-        fingerprint: 设备硬件指纹
-        task_id: 任务ID
-    
-    Returns:
-        派生出的密钥（32字节）
-    """
-    # 输入密钥材料
-    ikm = licence + fingerprint  # 直接字符串拼接
-    
-    # HKDF 参数
-    salt = task_id
-    info = "inspection_report_encryption"
-    key_length = 32  # 32字节 = 256位
-    
-    # 派生密钥
-    derived_key = hkdf.HKDF(
-        algorithm=hashlib.sha256,
-        length=key_length,
-        salt=salt.encode('utf-8'),
-        info=info.encode('utf-8'),
-        ikm=ikm.encode('utf-8')
-    ).derive()
-    
-    return derived_key
-```
-
-### 4.3 Java/Kotlin 实现示例
-
-```kotlin
-import org.bouncycastle.crypto.digests.SHA256Digest
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator
-import org.bouncycastle.crypto.params.HKDFParameters
-import java.nio.charset.StandardCharsets
-
-fun deriveAesKey(licence: String, fingerprint: String, taskId: String): ByteArray {
-    // 输入密钥材料
-    val ikm = (licence + fingerprint).toByteArray(StandardCharsets.UTF_8)
-    
-    // HKDF 参数
-    val salt = taskId.toByteArray(StandardCharsets.UTF_8)
-    val info = "inspection_report_encryption".toByteArray(StandardCharsets.UTF_8)
-    val keyLength = 32  // 32字节 = 256位
-    
-    // 派生密钥
-    val hkdf = HKDFBytesGenerator(SHA256Digest())
-    val params = HKDFParameters(ikm, salt, info)
-    hkdf.init(params)
-    
-    val derivedKey = ByteArray(keyLength)
-    hkdf.generateBytes(derivedKey, 0, keyLength)
-    
-    return derivedKey
-}
-```
-
-## 五、AES-256-GCM 加密
-
-### 5.1 加密算法
-
-- **算法**：AES-256-GCM（Galois/Counter Mode）
-- **密钥长度**：256 位（32 字节）
-- **IV 长度**：12 字节（96 位）
-- **认证标签长度**：16 字节（128 位）
-
-### 5.2 加密数据格式
-
-加密后的数据格式（Base64 编码前）：
-
-```
-[IV(12字节)] + [加密数据] + [认证标签(16字节)]
-```
-
-**数据布局**：
-```
-+------------------+------------------+------------------+
-|   IV (12字节)    |   加密数据       |   认证标签(16字节)|
-+------------------+------------------+------------------+
-```
-
-### 5.3 Python 实现示例
-
-```python
-import base64
-import hashlib
-import hkdf
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-from cryptography.hazmat.backends import default_backend
-import json
-import time
-
-def encrypt_summary_data(
-    enterprise_id: str,
-    inspection_id: str,
-    summary: str,
-    licence: str,
-    fingerprint: str,
-    task_id: str
-) -> str:
-    """
-    加密摘要信息数据
-    
-    Args:
-        enterprise_id: 企业ID
-        inspection_id: 检查ID
-        summary: 摘要信息
-        licence: 设备授权码
-        fingerprint: 设备硬件指纹
-        task_id: 任务ID
-    
-    Returns:
-        Base64编码的加密数据
-    """
-    # 1. 组装明文数据（JSON格式）
-    timestamp = int(time.time() * 1000)  # 毫秒时间戳
-    plaintext_map = {
-        "enterpriseId": str(enterprise_id),
-        "inspectionId": str(inspection_id),
-        "summary": summary,
-        "timestamp": timestamp
-    }
-    plaintext = json.dumps(plaintext_map, ensure_ascii=False)
-    
-    # 2. 使用 HKDF-SHA256 派生 AES 密钥
-    ikm = licence + fingerprint
-    salt = task_id
-    info = "inspection_report_encryption"
-    key_length = 32
-    
-    aes_key = hkdf.HKDF(
-        algorithm=hashlib.sha256,
-        length=key_length,
-        salt=salt.encode('utf-8'),
-        info=info.encode('utf-8'),
-        ikm=ikm.encode('utf-8')
-    ).derive()
-    
-    # 3. 使用 AES-256-GCM 加密数据
-    aesgcm = AESGCM(aes_key)
-    iv = os.urandom(12)  # 生成12字节随机IV
-    encrypted_bytes = aesgcm.encrypt(iv, plaintext.encode('utf-8'), None)
-    
-    # 4. 组装：IV + 加密数据（包含认证标签）
-    # AESGCM.encrypt 返回的格式已经是：加密数据 + 认证标签
-    combined = iv + encrypted_bytes
-    
-    # 5. Base64 编码
-    encrypted_base64 = base64.b64encode(combined).decode('utf-8')
-    
-    return encrypted_base64
-```
-
-### 5.4 Java/Kotlin 实现示例
-
-```kotlin
-import com.fasterxml.jackson.databind.ObjectMapper
-import org.bouncycastle.crypto.digests.SHA256Digest
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator
-import org.bouncycastle.crypto.params.HKDFParameters
-import java.nio.charset.StandardCharsets
-import java.security.SecureRandom
-import java.util.Base64
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-
-object SummaryEncryptionUtil {
-    
-    private const val ALGORITHM = "AES"
-    private const val TRANSFORMATION = "AES/GCM/NoPadding"
-    private const val GCM_IV_LENGTH = 12 // 12 bytes = 96 bits
-    private const val GCM_TAG_LENGTH = 16 // 16 bytes = 128 bits
-    private const val GCM_TAG_LENGTH_BITS = GCM_TAG_LENGTH * 8 // 128 bits
-    
-    private val objectMapper = ObjectMapper()
-    private val secureRandom = SecureRandom()
-    
-    /**
-     * 加密摘要信息数据
-     */
-    fun encryptSummaryData(
-        enterpriseId: String,
-        inspectionId: String,
-        summary: String,
-        licence: String,
-        fingerprint: String,
-        taskId: String
-    ): String {
-        // 1. 组装明文数据（JSON格式）
-        val timestamp = System.currentTimeMillis()
-        val plaintextMap = mapOf(
-            "enterpriseId" to enterpriseId,
-            "inspectionId" to inspectionId,
-            "summary" to summary,
-            "timestamp" to timestamp
-        )
-        val plaintext = objectMapper.writeValueAsString(plaintextMap)
-        
-        // 2. 使用 HKDF-SHA256 派生 AES 密钥
-        val ikm = (licence + fingerprint).toByteArray(StandardCharsets.UTF_8)
-        val salt = taskId.toByteArray(StandardCharsets.UTF_8)
-        val info = "inspection_report_encryption".toByteArray(StandardCharsets.UTF_8)
-        val keyLength = 32
-        
-        val hkdf = HKDFBytesGenerator(SHA256Digest())
-        val params = HKDFParameters(ikm, salt, info)
-        hkdf.init(params)
-        
-        val aesKey = ByteArray(keyLength)
-        hkdf.generateBytes(aesKey, 0, keyLength)
-        
-        // 3. 使用 AES-256-GCM 加密数据
-        val iv = ByteArray(GCM_IV_LENGTH)
-        secureRandom.nextBytes(iv)
-        
-        val secretKey = SecretKeySpec(aesKey, ALGORITHM)
-        val gcmSpec = GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv)
-        
-        val cipher = Cipher.getInstance(TRANSFORMATION)
-        cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmSpec)
-        
-        val plaintextBytes = plaintext.toByteArray(StandardCharsets.UTF_8)
-        val encryptedBytes = cipher.doFinal(plaintextBytes)
-        
-        // 4. 组装：IV + 加密数据（包含认证标签）
-        // GCM 模式会将认证标签附加到密文末尾
-        val ciphertext = encryptedBytes.sliceArray(0 until encryptedBytes.size - GCM_TAG_LENGTH)
-        val tag = encryptedBytes.sliceArray(encryptedBytes.size - GCM_TAG_LENGTH until encryptedBytes.size)
-        
-        val combined = iv + ciphertext + tag
-        
-        // 5. Base64 编码
-        return Base64.getEncoder().encodeToString(combined)
-    }
-}
-```
-
-## 六、组装二维码内容
-
-### 6.1 二维码内容 JSON
-
-将 `taskId` 和加密后的 `encrypted` 组装成 JSON 格式：
-
-```json
-{
-  "taskId": "TASK-20260115-4875",
-  "encrypted": "Base64编码的加密数据"
-}
-```
-
-### 6.2 Python 实现示例
-
-```python
-import json
-
-def generate_qr_code_content(task_id: str, encrypted: str) -> str:
-    """
-    生成二维码内容（JSON格式）
-    
-    Args:
-        task_id: 任务ID
-        encrypted: Base64编码的加密数据
-    
-    Returns:
-        JSON格式的字符串
-    """
-    qr_content = {
-        "taskId": task_id,
-        "encrypted": encrypted
-    }
-    return json.dumps(qr_content, ensure_ascii=False)
-```
-
-## 七、完整流程示例
-
-### 7.1 Python 完整示例
-
-```python
-import base64
-import json
-import time
-import hashlib
-import hkdf
-import qrcode
-from cryptography.hazmat.primitives.ciphers.aead import AESGCM
-import os
-
-class SummaryQRCodeGenerator:
-    """摘要信息二维码生成器"""
-    
-    def __init__(self, licence: str, fingerprint: str):
-        """
-        初始化生成器
-        
-        Args:
-            licence: 设备授权码
-            fingerprint: 设备硬件指纹
-        """
-        self.licence = licence
-        self.fingerprint = fingerprint
-    
-    def generate_summary_qr_code(
-        self,
-        task_id: str,
-        enterprise_id: str,
-        inspection_id: str,
-        summary: str,
-        output_path: str = "summary_qr.png"
-    ) -> str:
-        """
-        生成摘要信息二维码
-        
-        Args:
-            task_id: 任务ID（从任务二维码中获取）
-            enterprise_id: 企业ID（从任务数据中获取）
-            inspection_id: 检查ID（从任务数据中获取）
-            summary: 摘要信息
-            output_path: 二维码图片保存路径
-        
-        Returns:
-            二维码内容（JSON字符串）
-        """
-        # 1. 组装明文数据（JSON格式）
-        timestamp = int(time.time() * 1000)  # 毫秒时间戳
-        plaintext_map = {
-            "enterpriseId": str(enterprise_id),
-            "inspectionId": str(inspection_id),
-            "summary": summary,
-            "timestamp": timestamp
-        }
-        plaintext = json.dumps(plaintext_map, ensure_ascii=False)
-        print(f"明文数据: {plaintext}")
-        
-        # 2. 使用 HKDF-SHA256 派生 AES 密钥
-        ikm = self.licence + self.fingerprint
-        salt = task_id
-        info = "inspection_report_encryption"
-        key_length = 32
-        
-        aes_key = hkdf.HKDF(
-            algorithm=hashlib.sha256,
-            length=key_length,
-            salt=salt.encode('utf-8'),
-            info=info.encode('utf-8'),
-            ikm=ikm.encode('utf-8')
-        ).derive()
-        print(f"密钥派生成功: {len(aes_key)} 字节")
-        
-        # 3. 使用 AES-256-GCM 加密数据
-        aesgcm = AESGCM(aes_key)
-        iv = os.urandom(12)  # 生成12字节随机IV
-        encrypted_bytes = aesgcm.encrypt(iv, plaintext.encode('utf-8'), None)
-        
-        # 组装：IV + 加密数据（包含认证标签）
-        combined = iv + encrypted_bytes
-        
-        # Base64 编码
-        encrypted_base64 = base64.b64encode(combined).decode('utf-8')
-        print(f"加密成功: {encrypted_base64[:50]}...")
-        
-        # 4. 组装二维码内容（JSON格式）
-        qr_content = {
-            "taskId": task_id,
-            "encrypted": encrypted_base64
-        }
-        qr_content_json = json.dumps(qr_content, ensure_ascii=False)
-        print(f"二维码内容: {qr_content_json[:100]}...")
-        
-        # 5. 生成二维码
-        qr = qrcode.QRCode(
-            version=1,
-            error_correction=qrcode.constants.ERROR_CORRECT_M,
-            box_size=10,
-            border=4,
-        )
-        qr.add_data(qr_content_json)
-        qr.make(fit=True)
-        
-        img = qr.make_image(fill_color="black", back_color="white")
-        img.save(output_path)
-        print(f"二维码已生成: {output_path}")
-        
-        return qr_content_json
-
-# 使用示例
-if __name__ == "__main__":
-    # 工具箱的授权信息（必须与平台绑定时一致）
-    licence = "LIC-8F2A-XXXX"
-    fingerprint = "FP-2c91e9f3"
-    
-    # 创建生成器
-    generator = SummaryQRCodeGenerator(licence, fingerprint)
-    
-    # 从任务二维码中获取的信息
-    task_id = "TASK-20260115-4875"
-    enterprise_id = "1173040813421105152"
-    inspection_id = "702286470691215417"
-    summary = "检查摘要信息：发现3个高危漏洞，5个中危漏洞"
-    
-    # 生成二维码
-    qr_content = generator.generate_summary_qr_code(
-        task_id=task_id,
-        enterprise_id=enterprise_id,
-        inspection_id=inspection_id,
-        summary=summary,
-        output_path="summary_qr_code.png"
-    )
-    
-    print(f"\n二维码内容:\n{qr_content}")
-```
-
-### 7.2 Java/Kotlin 完整示例
-
-```kotlin
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.google.zxing.BarcodeFormat
-import com.google.zxing.EncodeHintType
-import com.google.zxing.qrcode.QRCodeWriter
-import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel
-import org.bouncycastle.crypto.digests.SHA256Digest
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator
-import org.bouncycastle.crypto.params.HKDFParameters
-import java.awt.image.BufferedImage
-import java.nio.charset.StandardCharsets
-import java.security.SecureRandom
-import java.util.Base64
-import javax.crypto.Cipher
-import javax.crypto.spec.GCMParameterSpec
-import javax.crypto.spec.SecretKeySpec
-import javax.imageio.ImageIO
-import java.io.File
-
-class SummaryQRCodeGenerator(
-    private val licence: String,
-    private val fingerprint: String
-) {
-    
-    private const val ALGORITHM = "AES"
-    private const val TRANSFORMATION = "AES/GCM/NoPadding"
-    private const val GCM_IV_LENGTH = 12
-    private const val GCM_TAG_LENGTH = 16
-    private const val GCM_TAG_LENGTH_BITS = GCM_TAG_LENGTH * 8
-    
-    private val objectMapper = ObjectMapper()
-    private val secureRandom = SecureRandom()
-    
-    /**
-     * 生成摘要信息二维码
-     */
-    fun generateSummaryQRCode(
-        taskId: String,
-        enterpriseId: String,
-        inspectionId: String,
-        summary: String,
-        outputPath: String = "summary_qr.png"
-    ): String {
-        // 1. 组装明文数据（JSON格式）
-        val timestamp = System.currentTimeMillis()
-        val plaintextMap = mapOf(
-            "enterpriseId" to enterpriseId,
-            "inspectionId" to inspectionId,
-            "summary" to summary,
-            "timestamp" to timestamp
-        )
-        val plaintext = objectMapper.writeValueAsString(plaintextMap)
-        println("明文数据: $plaintext")
-        
-        // 2. 使用 HKDF-SHA256 派生 AES 密钥
-        val ikm = (licence + fingerprint).toByteArray(StandardCharsets.UTF_8)
-        val salt = taskId.toByteArray(StandardCharsets.UTF_8)
-        val info = "inspection_report_encryption".toByteArray(StandardCharsets.UTF_8)
-        val keyLength = 32
-        
-        val hkdf = HKDFBytesGenerator(SHA256Digest())
-        val params = HKDFParameters(ikm, salt, info)
-        hkdf.init(params)
-        
-        val aesKey = ByteArray(keyLength)
-        hkdf.generateBytes(aesKey, 0, keyLength)
-        println("密钥派生成功: ${aesKey.size} 字节")
-        
-        // 3. 使用 AES-256-GCM 加密数据
-        val iv = ByteArray(GCM_IV_LENGTH)
-        secureRandom.nextBytes(iv)
-        
-        val secretKey = SecretKeySpec(aesKey, ALGORITHM)
-        val gcmSpec = GCMParameterSpec(GCM_TAG_LENGTH_BITS, iv)
-        
-        val cipher = Cipher.getInstance(TRANSFORMATION)
-        cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmSpec)
-        
-        val plaintextBytes = plaintext.toByteArray(StandardCharsets.UTF_8)
-        val encryptedBytes = cipher.doFinal(plaintextBytes)
-        
-        // 组装：IV + 加密数据（包含认证标签）
-        val ciphertext = encryptedBytes.sliceArray(0 until encryptedBytes.size - GCM_TAG_LENGTH)
-        val tag = encryptedBytes.sliceArray(encryptedBytes.size - GCM_TAG_LENGTH until encryptedBytes.size)
-        
-        val combined = iv + ciphertext + tag
-        
-        // Base64 编码
-        val encryptedBase64 = Base64.getEncoder().encodeToString(combined)
-        println("加密成功: ${encryptedBase64.take(50)}...")
-        
-        // 4. 组装二维码内容（JSON格式）
-        val qrContent = mapOf(
-            "taskId" to taskId,
-            "encrypted" to encryptedBase64
-        )
-        val qrContentJson = objectMapper.writeValueAsString(qrContent)
-        println("二维码内容: ${qrContentJson.take(100)}...")
-        
-        // 5. 生成二维码
-        val hints = hashMapOf<EncodeHintType, Any>().apply {
-            put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.M)
-            put(EncodeHintType.CHARACTER_SET, "UTF-8")
-            put(EncodeHintType.MARGIN, 1)
-        }
-        
-        val writer = QRCodeWriter()
-        val bitMatrix = writer.encode(qrContentJson, BarcodeFormat.QR_CODE, 300, 300, hints)
-        
-        val width = bitMatrix.width
-        val height = bitMatrix.height
-        val image = BufferedImage(width, height, BufferedImage.TYPE_INT_RGB)
-        
-        for (x in 0 until width) {
-            for (y in 0 until height) {
-                image.setRGB(x, y, if (bitMatrix[x, y]) 0x000000 else 0xFFFFFF)
-            }
-        }
-        
-        ImageIO.write(image, "PNG", File(outputPath))
-        println("二维码已生成: $outputPath")
-        
-        return qrContentJson
-    }
-}
-
-// 使用示例
-fun main() {
-    // 工具箱的授权信息（必须与平台绑定时一致）
-    val licence = "LIC-8F2A-XXXX"
-    val fingerprint = "FP-2c91e9f3"
-    
-    // 创建生成器
-    val generator = SummaryQRCodeGenerator(licence, fingerprint)
-    
-    // 从任务二维码中获取的信息
-    val taskId = "TASK-20260115-4875"
-    val enterpriseId = "1173040813421105152"
-    val inspectionId = "702286470691215417"
-    val summary = "检查摘要信息：发现3个高危漏洞，5个中危漏洞"
-    
-    // 生成二维码
-    val qrContent = generator.generateSummaryQRCode(
-        taskId = taskId,
-        enterpriseId = enterpriseId,
-        inspectionId = inspectionId,
-        summary = summary,
-        outputPath = "summary_qr_code.png"
-    )
-    
-    println("\n二维码内容:\n$qrContent")
-}
-```
-
-## 八、平台端验证流程
-
-平台端会按以下流程验证：
-
-1. **接收请求**：App 扫描二维码后，将 `taskId` 和 `encrypted` 提交到平台
-2. **查询任务**：根据 `taskId` 查询任务记录，获取 `deviceLicenceId`
-3. **获取设备信息**：根据 `deviceLicenceId` 查询设备授权记录，获取 `licence` 和 `fingerprint`
-4. **密钥派生**：使用相同的 HKDF 参数派生 AES 密钥
-5. **解密数据**：使用 AES-256-GCM 解密（自动验证认证标签）
-6. **时间戳校验**：验证 `timestamp` 是否在合理范围内（防止重放攻击）
-7. **保存摘要**：将摘要信息保存到数据库
-
-## 九、常见错误和注意事项
-
-### 9.1 加密失败
-
-**可能原因**：
-1. **密钥派生错误**：确保使用正确的 HKDF 参数
-   - `ikm` = `licence + fingerprint`（直接字符串拼接）
-   - `salt` = `taskId`（必须与任务二维码中的 taskId 一致）
-   - `info` = `"inspection_report_encryption"`（固定值）
-   - `length` = `32` 字节
-
-2. **数据格式错误**：确保 JSON 格式正确
-   - 字段名和类型必须匹配
-   - 时间戳必须是数字类型（毫秒）
-
-3. **IV 生成错误**：确保使用安全的随机数生成器生成 12 字节 IV
-
-### 9.2 平台验证失败
-
-**可能原因**：
-1. **taskId 不匹配**：确保二维码中的 `taskId` 与任务二维码中的 `taskId` 一致
-2. **密钥不匹配**：确保 `licence` 和 `fingerprint` 与平台绑定时一致
-3. **时间戳过期**：平台会验证时间戳，确保时间戳在合理范围内
-4. **认证标签验证失败**：数据被篡改或密钥错误
-
-### 9.3 二维码生成失败
-
-**可能原因**：
-1. **内容过长**：如果加密数据过长，可能需要更高版本的二维码
-2. **JSON 格式错误**：确保 JSON 格式正确
-3. **字符编码错误**：确保使用 UTF-8 编码
-
-## 十、安全设计说明
-
-### 10.1 为什么使用 HKDF
-
-1. **密钥分离**：使用 `info` 参数区分不同用途的密钥
-2. **Salt 随机性**：使用 `taskId` 作为 salt，确保每个任务的密钥不同
-3. **密钥扩展**：HKDF 提供更好的密钥扩展性
-
-### 10.2 为什么第三方无法伪造
-
-1. **密钥绑定**：只有拥有正确 `licence + fingerprint` 的工具箱才能生成正确的密钥
-2. **任务绑定**：使用 `taskId` 作为 salt，确保密钥与特定任务绑定
-3. **认证加密**：GCM 模式提供认证加密，任何篡改都会导致解密失败
-4. **时间戳校验**：平台会验证时间戳，防止重放攻击
-
-### 10.3 密钥派生参数的重要性
-
-- **ikm**：`licence + fingerprint` 是设备唯一标识
-- **salt**：`taskId` 确保每个任务使用不同的密钥
-- **info**：`"inspection_report_encryption"` 区分不同用途的密钥
-- **length**：`32` 字节提供 256 位密钥强度
-
-## 十一、测试建议
-
-1. **单元测试**：
-   - 测试密钥派生是否正确
-   - 测试加密和解密是否匹配
-   - 测试 JSON 格式是否正确
-
-2. **集成测试**：
-   - 使用真实任务数据生成二维码
-   - App 扫描二维码并提交到平台
-   - 验证平台是否能正确解密和验证
-
-3. **边界测试**：
-   - 测试超长的摘要信息
-   - 测试特殊字符的处理
-   - 测试错误的 taskId 是否会导致解密失败
-
-## 十二、参考实现
-
-- **Python**：`hkdf` 库（HKDF）、`cryptography` 库（AES-GCM）、`qrcode` 库（二维码生成）
-- **Java/Kotlin**：BouncyCastle（HKDF）、JDK `javax.crypto`（AES-GCM）、ZXing 库（二维码生成）
-- **C#**：BouncyCastle.Net（HKDF）、`System.Security.Cryptography`（AES-GCM）、ZXing.Net 库（二维码生成）
-
-## 十三、联系支持
-
-如有问题，请联系平台技术支持团队获取：
-- 测试环境地址
-- 技术支持
-

docs/工具箱端-授权对接指南/工具箱端-设备授权二维码生成指南.md

@@ -1,601 +0,0 @@
-# 工具箱端 - 设备授权二维码生成指南
-
-## 概述
-
-本文档说明工具箱端如何生成设备授权二维码，用于设备首次授权和绑定。App 扫描二维码后，会将加密的设备信息提交到平台完成授权校验和绑定。
-
-> ### UX 集成模式补充（当前项目实现）
->
-> 调用前提：工具箱先调用 `config.setLicence` 写入本地 licence（fingerprint 由 UX 本机计算并持久化）。
->
-> 在当前集成模式中，工具箱调用 UX 的 `crypto.encryptDeviceInfo`，直接传入
-> `platformPublicKey` 获取加密后的 Base64 密文。
-> UX 不保存业务设备实体，仅保存本机身份材料（licence/fingerprint）。
-
-## 一、业务流程
-
-```
-工具箱 → 生成设备信息 → RSA-OAEP加密 → Base64编码 → 生成二维码
-                                                          ↓
-App扫描二维码 → 提取加密数据 → 调用平台接口 → 平台解密验证 → 授权成功
-```
-
-## 二、设备信息准备
-
-### 2.1 设备信息字段
-
-工具箱需要准备以下设备信息：
-
-| 字段名 | 类型 | 说明 | 示例 |
-|--------|------|------|------|
-| `licence` | String | 设备授权码（工具箱唯一标识） | `"LIC-8F2A-XXXX"` |
-| `fingerprint` | String | 设备硬件指纹（设备唯一标识） | `"FP-2c91e9f3"` |
-
-### 2.2 生成设备信息 JSON
-
-将设备信息组装成 JSON 格式：
-
-```json
-{
-  "licence": "LIC-8F2A-XXXX",
-  "fingerprint": "FP-2c91e9f3"
-}
-```
-
-**重要说明**：
-- `licence` 和 `fingerprint` 必须是字符串类型
-- JSON 格式必须正确，不能有多余的逗号或格式错误
-- 建议使用标准的 JSON 库生成，避免手动拼接
-
-**伪代码示例**：
-```python
-import json
-
-device_info = {
-    "licence": "LIC-8F2A-XXXX",      # 工具箱授权码
-    "fingerprint": "FP-2c91e9f3"     # 设备硬件指纹
-}
-
-# 转换为 JSON 字符串
-device_info_json = json.dumps(device_info, ensure_ascii=False)
-# 结果: {"licence":"LIC-8F2A-XXXX","fingerprint":"FP-2c91e9f3"}
-```
-
-## 三、RSA-OAEP 加密
-
-### 3.1 加密算法
-
-使用 **RSA-OAEP** 非对称加密算法：
-
-- **算法名称**：`RSA/ECB/OAEPWithSHA-256AndMGF1Padding`
-- **密钥长度**：2048 位（推荐）
-- **填充方式**：OAEP with SHA-256 and MGF1
-- **加密方向**：使用**平台公钥**加密，平台使用私钥解密
-
-### 3.2 获取平台公钥
-
-平台公钥需要从平台获取，通常以 **Base64 编码**的字符串形式提供。
-
-**公钥格式**：
-- 格式：X.509 标准格式（DER 编码）
-- 存储：Base64 编码的字符串
-- 示例：`MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB`
-
-### 3.3 加密步骤
-
-1. **加载平台公钥**：从 Base64 字符串加载公钥对象
-2. **初始化加密器**：使用 `RSA/ECB/OAEPWithSHA-256AndMGF1Padding` 算法
-3. **加密数据**：使用公钥加密设备信息 JSON 字符串（UTF-8 编码）
-4. **Base64 编码**：将加密后的字节数组进行 Base64 编码
-
-### 3.4 Python 实现示例
-
-```python
-import base64
-import json
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.backends import default_backend
-
-def encrypt_device_info(licence: str, fingerprint: str, platform_public_key_base64: str) -> str:
-    """
-    使用平台公钥加密设备信息
-    
-    Args:
-        licence: 设备授权码
-        fingerprint: 设备硬件指纹
-        platform_public_key_base64: 平台公钥（Base64编码）
-    
-    Returns:
-        Base64编码的加密数据
-    """
-    # 1. 组装设备信息 JSON
-    device_info = {
-        "licence": licence,
-        "fingerprint": fingerprint
-    }
-    device_info_json = json.dumps(device_info, ensure_ascii=False)
-    
-    # 2. 加载平台公钥
-    public_key_bytes = base64.b64decode(platform_public_key_base64)
-    public_key = serialization.load_der_public_key(
-        public_key_bytes,
-        backend=default_backend()
-    )
-    
-    # 3. 使用 RSA-OAEP 加密
-    # OAEP padding with SHA-256 and MGF1
-    encrypted_bytes = public_key.encrypt(
-        device_info_json.encode('utf-8'),
-        padding.OAEP(
-            mgf=padding.MGF1(algorithm=hashes.SHA256()),
-            algorithm=hashes.SHA256(),
-            label=None
-        )
-    )
-    
-    # 4. Base64 编码
-    encrypted_base64 = base64.b64encode(encrypted_bytes).decode('utf-8')
-    
-    return encrypted_base64
-```
-
-### 3.5 Java/Kotlin 实现示例
-
-```kotlin
-import java.security.KeyFactory
-import java.security.PublicKey
-import java.security.spec.X509EncodedKeySpec
-import java.util.Base64
-import javax.crypto.Cipher
-import java.nio.charset.StandardCharsets
-
-object DeviceAuthorizationUtil {
-    
-    private const val CIPHER_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
-    
-    /**
-     * 使用平台公钥加密设备信息
-     * 
-     * @param licence 设备授权码
-     * @param fingerprint 设备硬件指纹
-     * @param platformPublicKeyBase64 平台公钥（Base64编码）
-     * @return Base64编码的加密数据
-     */
-    fun encryptDeviceInfo(
-        licence: String,
-        fingerprint: String,
-        platformPublicKeyBase64: String
-    ): String {
-        // 1. 组装设备信息 JSON
-        val deviceInfo = mapOf(
-            "licence" to licence,
-            "fingerprint" to fingerprint
-        )
-        val deviceInfoJson = objectMapper.writeValueAsString(deviceInfo)
-        
-        // 2. 加载平台公钥
-        val publicKeyBytes = Base64.getDecoder().decode(platformPublicKeyBase64)
-        val keySpec = X509EncodedKeySpec(publicKeyBytes)
-        val keyFactory = KeyFactory.getInstance("RSA")
-        val publicKey = keyFactory.generatePublic(keySpec)
-        
-        // 3. 使用 RSA-OAEP 加密
-        val cipher = Cipher.getInstance(CIPHER_ALGORITHM)
-        cipher.init(Cipher.ENCRYPT_MODE, publicKey)
-        val encryptedBytes = cipher.doFinal(deviceInfoJson.toByteArray(StandardCharsets.UTF_8))
-        
-        // 4. Base64 编码
-        return Base64.getEncoder().encodeToString(encryptedBytes)
-    }
-}
-```
-
-### 3.6 C# 实现示例
-
-```csharp
-using System;
-using System.Security.Cryptography;
-using System.Text;
-using System.Text.Json;
-
-public class DeviceAuthorizationUtil
-{
-    private const string CipherAlgorithm = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
-    
-    /// <summary>
-    /// 使用平台公钥加密设备信息
-    /// </summary>
-    public static string EncryptDeviceInfo(
-        string licence, 
-        string fingerprint, 
-        string platformPublicKeyBase64)
-    {
-        // 1. 组装设备信息 JSON
-        var deviceInfo = new
-        {
-            licence = licence,
-            fingerprint = fingerprint
-        };
-        var deviceInfoJson = JsonSerializer.Serialize(deviceInfo);
-        
-        // 2. 加载平台公钥
-        var publicKeyBytes = Convert.FromBase64String(platformPublicKeyBase64);
-        using var rsa = RSA.Create();
-        rsa.ImportSubjectPublicKeyInfo(publicKeyBytes, out _);
-        
-        // 3. 使用 RSA-OAEP 加密
-        var encryptedBytes = rsa.Encrypt(
-            Encoding.UTF8.GetBytes(deviceInfoJson),
-            RSAEncryptionPadding.OaepSHA256
-        );
-        
-        // 4. Base64 编码
-        return Convert.ToBase64String(encryptedBytes);
-    }
-}
-```
-
-## 四、生成二维码
-
-### 4.1 二维码内容
-
-二维码内容就是加密后的 **Base64 编码字符串**（不是 JSON 格式）。
-
-**示例**：
-```
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB...
-```
-
-### 4.2 二维码生成
-
-使用标准的二维码生成库生成二维码图片。
-
-**Python 示例（使用 qrcode 库）**：
-```python
-import qrcode
-from PIL import Image
-
-def generate_qr_code(encrypted_data: str, output_path: str = "device_qr.png"):
-    """
-    生成设备授权二维码
-    
-    Args:
-        encrypted_data: Base64编码的加密数据
-        output_path: 二维码图片保存路径
-    """
-    qr = qrcode.QRCode(
-        version=1,                      # 控制二维码大小（1-40）
-        error_correction=qrcode.constants.ERROR_CORRECT_M,  # 错误纠正级别
-        box_size=10,                    # 每个小方块的像素数
-        border=4,                       # 边框的厚度
-    )
-    qr.add_data(encrypted_data)
-    qr.make(fit=True)
-    
-    # 创建二维码图片
-    img = qr.make_image(fill_color="black", back_color="white")
-    img.save(output_path)
-    
-    print(f"二维码已生成: {output_path}")
-```
-
-**Java/Kotlin 示例（使用 ZXing 库）**：
-```kotlin
-import com.google.zxing.BarcodeFormat
-import com.google.zxing.EncodeHintType
-import com.google.zxing.qrcode.QRCodeWriter
-import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel
-import java.awt.image.BufferedImage
-import javax.imageio.ImageIO
-import java.io.File
-
-fun generateQRCode(encryptedData: String, outputPath: String = "device_qr.png") {
-    val hints = hashMapOf<EncodeHintType, Any>().apply {
-        put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.M)
-        put(EncodeHintType.CHARACTER_SET, "UTF-8")
-        put(EncodeHintType.MARGIN, 1)
-    }
-    
-    val writer = QRCodeWriter()
-    val bitMatrix = writer.encode(encryptedData, BarcodeFormat.QR_CODE, 300, 300, hints)
-    
-    val width = bitMatrix.width
-    val height = bitMatrix.height
-    val image = BufferedImage(width, height, BufferedImage.TYPE_INT_RGB)
-    
-    for (x in 0 until width) {
-        for (y in 0 until height) {
-            image.setRGB(x, y, if (bitMatrix[x, y]) 0x000000 else 0xFFFFFF)
-        }
-    }
-    
-    ImageIO.write(image, "PNG", File(outputPath))
-    println("二维码已生成: $outputPath")
-}
-```
-
-## 五、完整流程示例
-
-### 5.1 Python 完整示例
-
-```python
-import json
-import base64
-import qrcode
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.backends import default_backend
-
-def generate_device_authorization_qr(
-    licence: str,
-    fingerprint: str,
-    platform_public_key_base64: str,
-    qr_output_path: str = "device_qr.png"
-) -> str:
-    """
-    生成设备授权二维码
-    
-    Args:
-        licence: 设备授权码
-        fingerprint: 设备硬件指纹
-        platform_public_key_base64: 平台公钥（Base64编码）
-        qr_output_path: 二维码图片保存路径
-    
-    Returns:
-        加密后的Base64字符串（二维码内容）
-    """
-    # 1. 组装设备信息 JSON
-    device_info = {
-        "licence": licence,
-        "fingerprint": fingerprint
-    }
-    device_info_json = json.dumps(device_info, ensure_ascii=False)
-    print(f"设备信息 JSON: {device_info_json}")
-    
-    # 2. 加载平台公钥
-    public_key_bytes = base64.b64decode(platform_public_key_base64)
-    public_key = serialization.load_der_public_key(
-        public_key_bytes,
-        backend=default_backend()
-    )
-    
-    # 3. 使用 RSA-OAEP 加密
-    encrypted_bytes = public_key.encrypt(
-        device_info_json.encode('utf-8'),
-        padding.OAEP(
-            mgf=padding.MGF1(algorithm=hashes.SHA256()),
-            algorithm=hashes.SHA256(),
-            label=None
-        )
-    )
-    
-    # 4. Base64 编码
-    encrypted_base64 = base64.b64encode(encrypted_bytes).decode('utf-8')
-    print(f"加密后的 Base64: {encrypted_base64[:100]}...")  # 只显示前100个字符
-    
-    # 5. 生成二维码
-    qr = qrcode.QRCode(
-        version=1,
-        error_correction=qrcode.constants.ERROR_CORRECT_M,
-        box_size=10,
-        border=4,
-    )
-    qr.add_data(encrypted_base64)
-    qr.make(fit=True)
-    
-    img = qr.make_image(fill_color="black", back_color="white")
-    img.save(qr_output_path)
-    print(f"二维码已生成: {qr_output_path}")
-    
-    return encrypted_base64
-
-# 使用示例
-if __name__ == "__main__":
-    # 平台公钥（示例，实际使用时需要从平台获取）
-    platform_public_key = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB"
-    
-    # 设备信息
-    licence = "LIC-8F2A-XXXX"
-    fingerprint = "FP-2c91e9f3"
-    
-    # 生成二维码
-    encrypted_data = generate_device_authorization_qr(
-        licence=licence,
-        fingerprint=fingerprint,
-        platform_public_key_base64=platform_public_key,
-        qr_output_path="device_authorization_qr.png"
-    )
-    
-    print(f"\n二维码内容（加密后的Base64）:\n{encrypted_data}")
-```
-
-### 5.2 Java/Kotlin 完整示例
-
-```kotlin
-import com.fasterxml.jackson.databind.ObjectMapper
-import com.google.zxing.BarcodeFormat
-import com.google.zxing.EncodeHintType
-import com.google.zxing.qrcode.QRCodeWriter
-import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel
-import java.awt.image.BufferedImage
-import java.security.KeyFactory
-import java.security.PublicKey
-import java.security.spec.X509EncodedKeySpec
-import java.util.Base64
-import javax.crypto.Cipher
-import javax.imageio.ImageIO
-import java.io.File
-import java.nio.charset.StandardCharsets
-
-object DeviceAuthorizationQRGenerator {
-    
-    private const val CIPHER_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"
-    private val objectMapper = ObjectMapper()
-    
-    /**
-     * 生成设备授权二维码
-     */
-    fun generateDeviceAuthorizationQR(
-        licence: String,
-        fingerprint: String,
-        platformPublicKeyBase64: String,
-        qrOutputPath: String = "device_qr.png"
-    ): String {
-        // 1. 组装设备信息 JSON
-        val deviceInfo = mapOf(
-            "licence" to licence,
-            "fingerprint" to fingerprint
-        )
-        val deviceInfoJson = objectMapper.writeValueAsString(deviceInfo)
-        println("设备信息 JSON: $deviceInfoJson")
-        
-        // 2. 加载平台公钥
-        val publicKeyBytes = Base64.getDecoder().decode(platformPublicKeyBase64)
-        val keySpec = X509EncodedKeySpec(publicKeyBytes)
-        val keyFactory = KeyFactory.getInstance("RSA")
-        val publicKey = keyFactory.generatePublic(keySpec)
-        
-        // 3. 使用 RSA-OAEP 加密
-        val cipher = Cipher.getInstance(CIPHER_ALGORITHM)
-        cipher.init(Cipher.ENCRYPT_MODE, publicKey)
-        val encryptedBytes = cipher.doFinal(deviceInfoJson.toByteArray(StandardCharsets.UTF_8))
-        
-        // 4. Base64 编码
-        val encryptedBase64 = Base64.getEncoder().encodeToString(encryptedBytes)
-        println("加密后的 Base64: ${encryptedBase64.take(100)}...")
-        
-        // 5. 生成二维码
-        val hints = hashMapOf<EncodeHintType, Any>().apply {
-            put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.M)
-            put(EncodeHintType.CHARACTER_SET, "UTF-8")
-            put(EncodeHintType.MARGIN, 1)
-        }
-        
-        val writer = QRCodeWriter()
-        val bitMatrix = writer.encode(encryptedBase64, BarcodeFormat.QR_CODE, 300, 300, hints)
-        
-        val width = bitMatrix.width
-        val height = bitMatrix.height
-        val image = BufferedImage(width, height, BufferedImage.TYPE_INT_RGB)
-        
-        for (x in 0 until width) {
-            for (y in 0 until height) {
-                image.setRGB(x, y, if (bitMatrix[x, y]) 0x000000 else 0xFFFFFF)
-            }
-        }
-        
-        ImageIO.write(image, "PNG", File(qrOutputPath))
-        println("二维码已生成: $qrOutputPath")
-        
-        return encryptedBase64
-    }
-}
-
-// 使用示例
-fun main() {
-    // 平台公钥（示例，实际使用时需要从平台获取）
-    val platformPublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDlZvMDVaL+fjl05Hi182JOAUAaN4gh9rOF+1NhKfO4J6e0HLy8lBuylp3A4xoTiyUejNm22h0dqAgDSPnY/xZR76POFTD1soHr2LaFCN8JAbQ96P8gE7wC9qpoTssVvIVRH7QbVd260J6eD0Szwcx9cg591RSN69pMpe5IVRi8T99Hhql6/wnZHORPr18eESLOY93jRskLzc0q18r68RRoTJiQf+9YC8ub5iKp7rCjVnPi1UbIYmXmL08tk5mksYA0NqWQAa1ofKxx/9tQtB9uTjhTxuTu94XU9jlGU87qaHZs+kpqa8CAbYYJFbSP1xHwoZzpU2jpw2aF22HBYxwIDAQAB"
-    
-    // 设备信息
-    val licence = "LIC-8F2A-XXXX"
-    val fingerprint = "FP-2c91e9f3"
-    
-    // 生成二维码
-    val encryptedData = DeviceAuthorizationQRGenerator.generateDeviceAuthorizationQR(
-        licence = licence,
-        fingerprint = fingerprint,
-        platformPublicKeyBase64 = platformPublicKey,
-        qrOutputPath = "device_authorization_qr.png"
-    )
-    
-    println("\n二维码内容（加密后的Base64）:\n$encryptedData")
-}
-```
-
-## 六、平台端验证流程
-
-平台端会按以下流程验证：
-
-1. **接收请求**：App 扫描二维码后，将 `encryptedDeviceInfo` 和 `appid` 提交到平台
-2. **RSA-OAEP 解密**：使用平台私钥解密 `encryptedDeviceInfo`
-3. **提取设备信息**：从解密后的 JSON 中提取 `licence` 和 `fingerprint`
-4. **设备验证**：
-   - 检查 `filing_device_licence` 表中是否存在该 `licence`
-   - 如果存在，验证 `fingerprint` 是否匹配
-   - 如果 `fingerprint` 不匹配，记录非法授权日志并返回错误
-5. **App 绑定**：检查 `filing_app_licence` 表中是否存在绑定关系
-   - 如果不存在，创建新的绑定记录
-   - 如果已存在，返回已绑定信息
-6. **返回响应**：返回 `deviceLicenceId` 和 `licence`
-
-## 七、常见错误和注意事项
-
-### 7.1 加密失败
-
-**可能原因**：
-1. **公钥格式错误**：确保使用正确的 Base64 编码的公钥
-2. **算法不匹配**：必须使用 `RSA/ECB/OAEPWithSHA-256AndMGF1Padding`
-3. **数据长度超限**：RSA-2048 最多加密 245 字节（设备信息 JSON 通常不会超过）
-4. **字符编码错误**：确保使用 UTF-8 编码
-
-### 7.2 二维码扫描失败
-
-**可能原因**：
-1. **二维码内容过长**：如果加密后的数据过长，可能需要使用更高版本的二维码（version）
-2. **错误纠正级别过低**：建议使用 `ERROR_CORRECT_M` 或更高
-3. **二维码图片质量差**：确保二维码图片清晰，有足够的对比度
-
-### 7.3 平台验证失败
-
-**可能原因**：
-1. **licence 已存在但 fingerprint 不匹配**：设备被替换或授权码被复用
-2. **JSON 格式错误**：确保 JSON 格式正确，字段名和类型匹配
-3. **加密数据损坏**：确保 Base64 编码和解码正确
-
-## 八、安全设计说明
-
-### 8.1 为什么使用 RSA-OAEP
-
-1. **非对称加密**：只有平台拥有私钥，可以解密数据
-2. **OAEP 填充**：提供更好的安全性，防止某些攻击
-3. **SHA-256**：使用强哈希算法，提供更好的安全性
-
-### 8.2 为什么第三方无法伪造
-
-1. **只有平台能解密**：第三方无法获取平台私钥，无法解密数据
-2. **fingerprint 验证**：平台会验证硬件指纹，防止授权码被复用
-3. **非法授权日志**：平台会记录所有非法授权尝试
-
-## 九、测试建议
-
-1. **单元测试**：
-   - 测试 JSON 生成是否正确
-   - 测试加密和解密是否匹配
-   - 测试 Base64 编码和解码是否正确
-
-2. **集成测试**：
-   - 使用真实平台公钥生成二维码
-   - App 扫描二维码并提交到平台
-   - 验证平台是否能正确解密和验证
-
-3. **边界测试**：
-   - 测试超长的 licence 或 fingerprint
-   - 测试特殊字符的处理
-   - 测试错误的公钥格式
-
-## 十、参考实现
-
-- **Python**：`cryptography` 库（RSA 加密）、`qrcode` 库（二维码生成）
-- **Java/Kotlin**：JDK `javax.crypto`（RSA 加密）、ZXing 库（二维码生成）
-- **C#**：`System.Security.Cryptography`（RSA 加密）、ZXing.Net 库（二维码生成）
-
-## 十一、联系支持
-
-如有问题，请联系平台技术支持团队获取：
-- 平台公钥（Base64 编码）
-- 测试环境地址
-- 技术支持
-

docs/摘要+zip/EncryptionTestController.kt

@@ -0,0 +1,432 @@
+package top.tangyh.lamp.filing.controller.compress
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import io.swagger.annotations.Api
+import io.swagger.annotations.ApiOperation
+import io.swagger.annotations.ApiParam
+import org.springframework.validation.annotation.Validated
+import org.springframework.web.bind.annotation.*
+import top.tangyh.basic.annotation.log.WebLog
+import top.tangyh.basic.base.R
+import top.tangyh.lamp.filing.dto.management.UploadInspectionFileV2Request
+import top.tangyh.lamp.filing.utils.AesGcmUtil
+import top.tangyh.lamp.filing.utils.HkdfUtil
+import top.tangyh.lamp.filing.utils.PgpSignatureUtil
+import java.util.*
+
+/**
+ * 加密测试工具类
+ * 
+ * 用于生成加密后的 encrypted 数据，测试 uploadInspectionFileV2Encrypted 接口
+ * 
+ * 使用说明：
+ * 1. 调用 /compression/test/generateEncrypted 接口
+ * 2. 传入 licence、fingerprint、taskId 和明文数据
+ * 3. 获取加密后的 Base64 字符串
+ * 4. 使用返回的 encrypted 数据测试 uploadInspectionFileV2Encrypted 接口
+ */
+@Validated
+@RestController
+@RequestMapping("/compression/test")
+@Api(value = "EncryptionTest", tags = ["加密测试工具"])
+class EncryptionTestController {
+
+    private val objectMapper = ObjectMapper()
+    
+    companion object {
+        private const val DEFAULT_PGP_PRIVATE_KEY = """-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEaSZqXBYJKwYBBAHaRw8BAQdARzZ5JXreuTeTgMFwYcw0Ju7aCWmXuUMmQyff
+5vmN8RQAAP4nli0R/MTNtgx9+g5ZPyAj8XSAnjHaW9u2UJQxYhMIYw8XtBZpdHRj
+PGl0dGNAaXR0Yy5zaC5jbj6IkwQTFgoAOxYhBG8IkI1kmkNpEu8iuqWu91t6SEzN
+BQJpJmpcAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEKWu91t6SEzN
+dSQBAPM5llVG0X6SBa4YM90Iqyb2jWvlNjstoF8jjPVny1CiAP4hIOUvb686oSA0
+OrS3AuICi7X/r+JnSo1Z7pngUA3VC5xdBGkmalwSCisGAQQBl1UBBQEBB0BouQlG
+hIL0bq7EbaB55s+ygLVFOfhjFA8E4fwFBFJGVAMBCAcAAP98ZXRGgzld1XUa5ZGx
+cTE+1qGZY4E4BVIeqkVxdg5tqA64iHgEGBYKACAWIQRvCJCNZJpDaRLvIrqlrvdb
+ekhMzQUCaSZqXAIbDAAKCRClrvdbekhMzcaSAQDB/4pvDuc7SploQg1fBYobFm5P
+vxguByr8I+PrYWKKOQEAnaeXT4ipi1nICXFiigztsIl2xTth3D77XG6pZUU/Zw8=
+=/k1H
+-----END PGP PRIVATE KEY BLOCK-----"""
+        
+        private const val DEFAULT_PGP_PASSPHRASE = ""
+    }
+
+    /**
+     * 生成加密数据请求 DTO
+     */
+    data class GenerateEncryptedRequest(
+        @ApiParam(value = "授权码", required = true)
+        val licence: String,
+        
+        @ApiParam(value = "硬件指纹", required = true)
+        val fingerprint: String,
+        
+        @ApiParam(value = "任务ID", required = true)
+        val taskId: String,
+        
+        @ApiParam(value = "企业ID", required = true)
+        val enterpriseId: Long,
+        
+        @ApiParam(value = "检查ID", required = true)
+        val inspectionId: Long,
+        
+        @ApiParam(value = "摘要信息", required = true)
+        val summary: String
+    )
+
+    /**
+     * 生成加密数据响应 DTO
+     */
+    data class GenerateEncryptedResponse(
+        val encrypted: String,
+        val requestBody: UploadInspectionFileV2Request,
+        val plaintext: String,
+        val keyDerivationInfo: KeyDerivationInfo
+    )
+
+    /**
+     * 密钥派生信息
+     */
+    data class KeyDerivationInfo(
+        val ikm: String,
+        val salt: String,
+        val info: String,
+        val keyLength: Int,
+        val keyHex: String
+    )
+
+    /**
+     * 生成加密数据
+     * 
+     * 模拟工具箱端的加密逻辑：
+     * 1. 使用 HKDF-SHA256 派生 AES 密钥
+     *    - ikm = licence + fingerprint
+     *    - salt = taskId
+     *    - info = "inspection_report_encryption"
+     *    - length = 32 bytes
+     * 
+     * 2. 使用 AES-256-GCM 加密数据
+     *    - 格式：IV (12字节) + Ciphertext + Tag (16字节)
+     *    - Base64 编码返回
+     * 
+     * @param request 生成加密数据请求
+     * @return 加密后的数据和完整的请求体
+     */
+    @ApiOperation(value = "生成加密数据", notes = "生成加密后的 encrypted 数据，用于测试 uploadInspectionFileV2Encrypted 接口")
+    @PostMapping("/generateEncrypted")
+    @WebLog(value = "'生成加密数据:'", request = false)
+    fun generateEncrypted(
+        @RequestBody request: GenerateEncryptedRequest
+    ): R<GenerateEncryptedResponse> {
+        return try {
+            // 1. 组装明文数据（JSON格式）
+            val timestamp = System.currentTimeMillis()
+            val plaintextMap = mapOf(
+                "enterpriseId" to request.enterpriseId.toString(),
+                "inspectionId" to request.inspectionId.toString(),
+                "summary" to request.summary,
+                "timestamp" to timestamp
+            )
+            val plaintext = objectMapper.writeValueAsString(plaintextMap)
+
+            // 2. 使用 HKDF-SHA256 派生 AES 密钥
+            // ikm = licence + fingerprint
+            // salt = taskId（工具箱从二维码获取，平台从请求获取）
+            // info = "inspection_report_encryption"（固定值）
+            // length = 32 bytes
+            val ikm = "${request.licence}${request.fingerprint}"
+            val salt = request.taskId.toString()
+            val info = "inspection_report_encryption"
+            val keyLength = 32
+
+            val aesKey = HkdfUtil.deriveKey(ikm, salt, info, keyLength)
+
+            // 3. 使用 AES-256-GCM 加密数据
+            val encrypted = AesGcmUtil.encrypt(plaintext, aesKey)
+
+            // 4. 组装完整的请求体（appid 需要前端自己赋值）
+            val requestBody = UploadInspectionFileV2Request().apply {
+                this.appid = "test-appid" // 测试用的 appid，实际使用时前端会赋值
+                this.taskId = request.taskId
+                this.encrypted = encrypted
+            }
+
+            // 5. 返回加密数据和密钥派生信息
+            val response = GenerateEncryptedResponse(
+                encrypted = encrypted,
+                requestBody = requestBody,
+                plaintext = plaintext,
+                keyDerivationInfo = KeyDerivationInfo(
+                    ikm = ikm,
+                    salt = salt,
+                    info = info,
+                    keyLength = keyLength,
+                    keyHex = aesKey.joinToString("") { "%02x".format(it) }
+                )
+            )
+
+            R.success(response, "加密数据生成成功")
+        } catch (e: Exception) {
+            R.fail("生成加密数据失败: ${e.message}")
+        }
+    }
+
+    /**
+     * 快速生成测试数据（使用默认值）
+     * 
+     * @return 加密后的数据和完整的请求体
+     */
+    @ApiOperation(value = "快速生成测试数据", notes = "使用默认值快速生成加密数据，用于快速测试")
+    @GetMapping("/generateTestData")
+    @WebLog(value = "'快速生成测试数据:'", request = false)
+    fun generateTestData(): R<GenerateEncryptedResponse> {
+        return try {
+            // 使用默认测试数据
+            val request = GenerateEncryptedRequest(
+                licence = "TEST-LICENCE-001",
+                fingerprint = "TEST-FINGERPRINT-001",
+                taskId = "TASK-20260115-4875",
+                enterpriseId = 1173040813421105152L,
+                inspectionId = 702286470691215417L,
+                summary = "测试摘要信息"
+            )
+
+            generateEncrypted(request).data?.let {
+                R.success(it, "测试数据生成成功")
+            } ?: R.fail("生成测试数据失败")
+        } catch (e: Exception) {
+            R.fail("生成测试数据失败: ${e.message}")
+        }
+    }
+
+    /**
+     * 验证加密数据（解密测试）
+     * 
+     * 用于验证生成的加密数据是否能正确解密
+     * 
+     * @param encrypted 加密后的 Base64 字符串
+     * @param licence 授权码
+     * @param fingerprint 硬件指纹
+     * @param taskId 任务ID
+     * @return 解密后的明文数据
+     */
+    @ApiOperation(value = "验证加密数据", notes = "解密加密数据，验证加密是否正确")
+    @PostMapping("/verifyEncrypted")
+    @WebLog(value = "'验证加密数据:'", request = false)
+    fun verifyEncrypted(
+        @ApiParam(value = "加密后的 Base64 字符串", required = true)
+        @RequestParam encrypted: String,
+        
+        @ApiParam(value = "授权码", required = true)
+        @RequestParam licence: String,
+        
+        @ApiParam(value = "硬件指纹", required = true)
+        @RequestParam fingerprint: String,
+        
+        @ApiParam(value = "任务ID", required = true)
+        @RequestParam taskId: String
+    ): R<Map<String, Any>> {
+        return try {
+            // 1. 使用相同的密钥派生规则派生密钥
+            val ikm = "$licence$fingerprint"
+            val salt = taskId.toString()
+            val info = "inspection_report_encryption"
+            val aesKey = HkdfUtil.deriveKey(ikm, salt, info, 32)
+
+            // 2. 解密数据
+            val decrypted = AesGcmUtil.decrypt(encrypted, aesKey)
+
+            // 3. 解析 JSON
+            @Suppress("UNCHECKED_CAST")
+            val dataMap = objectMapper.readValue(decrypted, Map::class.java) as Map<String, Any>
+
+            R.success(dataMap, "解密成功")
+        } catch (e: Exception) {
+            R.fail("解密失败: ${e.message}")
+        }
+    }
+
+    /**
+     * 生成加密报告 ZIP 文件请求 DTO
+     */
+    data class GenerateEncryptedZipRequest(
+        @ApiParam(value = "授权码", required = true)
+        val licence: String,
+        
+        @ApiParam(value = "硬件指纹", required = true)
+        val fingerprint: String,
+        
+        @ApiParam(value = "任务ID", required = true)
+        val taskId: String,
+        
+        @ApiParam(value = "企业ID", required = true)
+        val enterpriseId: Long,
+        
+        @ApiParam(value = "检查ID", required = true)
+        val inspectionId: Long,
+        
+        @ApiParam(value = "摘要信息", required = true)
+        val summary: String,
+        
+        @ApiParam(value = "资产信息 JSON", required = true)
+        val assetsJson: String,
+        
+        @ApiParam(value = "漏洞信息 JSON", required = true)
+        val vulnerabilitiesJson: String,
+        
+        @ApiParam(value = "弱密码信息 JSON", required = true)
+        val weakPasswordsJson: String,
+        
+        @ApiParam(value = "漏洞评估报告 HTML", required = true)
+        val reportHtml: String,
+        
+        @ApiParam(value = "PGP 私钥（可选，不提供则跳过 PGP 签名）", required = false)
+        val pgpPrivateKey: String? = null,
+        
+        @ApiParam(value = "PGP 私钥密码（可选）", required = false)
+        val pgpPassphrase: String? = null
+    )
+
+    /**
+     * 生成加密报告 ZIP 文件
+     * 
+     * 按照文档《工具箱端-报告加密与签名生成指南.md》生成加密报告 ZIP 文件
+     * 
+     * @param request 生成请求
+     * @return ZIP 文件（二进制流）
+     */
+    @ApiOperation(value = "生成加密报告 ZIP", notes = "生成带设备签名的加密报告 ZIP 文件，可被 uploadInspectionFileV2 接口解密")
+    @PostMapping("/generateEncryptedZip")
+    @WebLog(value = "'生成加密报告 ZIP:'", request = false)
+    fun generateEncryptedZip(
+        @RequestBody request: GenerateEncryptedZipRequest,
+        response: javax.servlet.http.HttpServletResponse
+    ) {
+        try {
+            // 1. 准备文件内容
+            val assetsContent = request.assetsJson.toByteArray(Charsets.UTF_8)
+            val vulnerabilitiesContent = request.vulnerabilitiesJson.toByteArray(Charsets.UTF_8)
+            val weakPasswordsContent = request.weakPasswordsJson.toByteArray(Charsets.UTF_8)
+            val reportHtmlContent = request.reportHtml.toByteArray(Charsets.UTF_8)
+
+            // 2. 生成设备签名
+            // 2.1 密钥派生
+            val ikm = "${request.licence}${request.fingerprint}"
+            val salt = "AUTH_V3_SALT"
+            val info = "device_report_signature"
+            val derivedKey = HkdfUtil.deriveKey(ikm, salt, info, 32)
+
+            // 2.2 计算文件 SHA256
+            fun sha256Hex(content: ByteArray): String {
+                val digest = java.security.MessageDigest.getInstance("SHA-256")
+                return digest.digest(content).joinToString("") { "%02x".format(it) }
+            }
+
+            val assetsSha256 = sha256Hex(assetsContent)
+            val vulnerabilitiesSha256 = sha256Hex(vulnerabilitiesContent)
+            val weakPasswordsSha256 = sha256Hex(weakPasswordsContent)
+            val reportHtmlSha256 = sha256Hex(reportHtmlContent)
+
+            // 2.3 组装签名数据（严格顺序）
+            val signPayload = buildString {
+                append(request.taskId)
+                append(request.inspectionId)
+                append(assetsSha256)
+                append(vulnerabilitiesSha256)
+                append(weakPasswordsSha256)
+                append(reportHtmlSha256)
+            }
+
+            // 2.4 计算 HMAC-SHA256
+            val mac = javax.crypto.Mac.getInstance("HmacSHA256")
+            val secretKey = javax.crypto.spec.SecretKeySpec(derivedKey, "HmacSHA256")
+            mac.init(secretKey)
+            val signatureBytes = mac.doFinal(signPayload.toByteArray(Charsets.UTF_8))
+            val deviceSignature = Base64.getEncoder().encodeToString(signatureBytes)
+
+            // 2.5 生成 summary.json
+            val summaryMap = mapOf(
+                "orgId" to request.enterpriseId,
+                "checkId" to request.inspectionId,
+                "taskId" to request.taskId,
+                "licence" to request.licence,
+                "fingerprint" to request.fingerprint,
+                "deviceSignature" to deviceSignature,
+                "summary" to request.summary
+            )
+            val summaryContent = objectMapper.writeValueAsString(summaryMap).toByteArray(Charsets.UTF_8)
+
+            // 3. 生成 manifest.json
+            val filesHashes = mapOf(
+                "summary.json" to sha256Hex(summaryContent),
+                "assets.json" to assetsSha256,
+                "vulnerabilities.json" to vulnerabilitiesSha256,
+                "weakPasswords.json" to weakPasswordsSha256,
+                "漏洞评估报告.html" to reportHtmlSha256
+            )
+            val manifest = mapOf("files" to filesHashes)
+            val manifestContent = objectMapper.writeValueAsString(manifest).toByteArray(Charsets.UTF_8)
+
+            // 4. 生成 signature.asc
+            val privateKey = request.pgpPrivateKey?.takeIf { it.isNotBlank() } ?: DEFAULT_PGP_PRIVATE_KEY
+            val passphrase = request.pgpPassphrase ?: DEFAULT_PGP_PASSPHRASE
+            
+            val signatureAsc = try {
+                PgpSignatureUtil.generateDetachedSignature(
+                    manifestContent,
+                    privateKey,
+                    passphrase
+                )
+            } catch (e: Exception) {
+                throw RuntimeException("生成 PGP 签名失败: ${e.message}", e)
+            }
+
+            // 5. 打包 ZIP 文件到内存
+            val baos = java.io.ByteArrayOutputStream()
+            java.util.zip.ZipOutputStream(baos).use { zipOut ->
+                zipOut.putNextEntry(java.util.zip.ZipEntry("summary.json"))
+                zipOut.write(summaryContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("assets.json"))
+                zipOut.write(assetsContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("vulnerabilities.json"))
+                zipOut.write(vulnerabilitiesContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("weakPasswords.json"))
+                zipOut.write(weakPasswordsContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("漏洞评估报告.html"))
+                zipOut.write(reportHtmlContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("META-INF/manifest.json"))
+                zipOut.write(manifestContent)
+                zipOut.closeEntry()
+
+                zipOut.putNextEntry(java.util.zip.ZipEntry("META-INF/signature.asc"))
+                zipOut.write(signatureAsc)
+                zipOut.closeEntry()
+            }
+
+            val zipBytes = baos.toByteArray()
+
+            // 6. 设置响应头并输出
+            response.contentType = "application/octet-stream"
+            response.setHeader("Content-Disposition", "attachment; filename=\"report_${request.taskId}.zip\"")
+            response.setHeader("Content-Length", zipBytes.size.toString())
+            response.outputStream.write(zipBytes)
+            response.outputStream.flush()
+        } catch (e: Exception) {
+            response.reset()
+            response.contentType = "application/json; charset=UTF-8"
+            response.writer.write("{\"code\": 500, \"msg\": \"生成 ZIP 文件失败: ${e.message}\"}")
+        }
+    }
+}
+

package.json

@@ -22,30 +22,30 @@
     "typecheck": "turbo run typecheck"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.4.5",
+    "@biomejs/biome": "^2.4.7",
-    "turbo": "^2.8.13",
+    "turbo": "^2.8.17",
     "typescript": "^5.9.3"
   },
   "catalog": {
-    "@orpc/client": "^1.13.6",
+    "@orpc/client": "^1.13.7",
-    "@orpc/contract": "^1.13.6",
+    "@orpc/contract": "^1.13.7",
-    "@orpc/openapi": "^1.13.6",
+    "@orpc/openapi": "^1.13.7",
-    "@orpc/server": "^1.13.6",
+    "@orpc/server": "^1.13.7",
-    "@orpc/tanstack-query": "^1.13.6",
+    "@orpc/tanstack-query": "^1.13.7",
-    "@orpc/zod": "^1.13.6",
+    "@orpc/zod": "^1.13.7",
     "@t3-oss/env-core": "^0.13.10",
     "@tailwindcss/vite": "^4.2.1",
-    "@tanstack/devtools-vite": "^0.5.3",
+    "@tanstack/devtools-vite": "^0.5.5",
-    "@tanstack/react-devtools": "^0.9.9",
+    "@tanstack/react-devtools": "^0.9.13",
     "@tanstack/react-query": "^5.90.21",
     "@tanstack/react-query-devtools": "^5.91.3",
-    "@tanstack/react-router": "^1.166.2",
+    "@tanstack/react-router": "^1.167.3",
-    "@tanstack/react-router-devtools": "^1.166.2",
+    "@tanstack/react-router-devtools": "^1.166.9",
-    "@tanstack/react-router-ssr-query": "^1.166.2",
+    "@tanstack/react-router-ssr-query": "^1.166.9",
-    "@tanstack/react-start": "^1.166.2",
+    "@tanstack/react-start": "^1.166.14",
     "@types/bun": "^1.3.10",
-    "@types/node": "^24.11.0",
+    "@types/node": "^24.12.0",
-    "@vitejs/plugin-react": "^5.1.4",
+    "@vitejs/plugin-react": "^5.2.0",
     "babel-plugin-react-compiler": "^1.0.0",
     "drizzle-kit": "1.0.0-beta.15-859cf75",
     "drizzle-orm": "1.0.0-beta.15-859cf75",
@@ -53,17 +53,18 @@
     "electron-builder": "^26.8.1",
     "electron-vite": "^5.0.0",
     "jszip": "^3.10.1",
-    "motion": "^12.35.0",
+    "lossless-json": "^4.3.0",
-    "nitro": "npm:nitro-nightly@3.0.1-20260227-181935-bfbb207c",
+    "motion": "^12.36.0",
+    "nitro": "npm:nitro-nightly@3.0.1-20260315-195328-c31268c6",
     "openpgp": "^6.0.1",
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
     "tailwindcss": "^4.2.1",
     "tree-kill": "^1.2.2",
     "uuid": "^13.0.0",
-    "vite": "^8.0.0-beta.16",
+    "vite": "^8.0.0",
     "vite-tsconfig-paths": "^6.1.1",
-    "systeminformation": "^5.31.3",
+    "systeminformation": "^5.31.4",
     "zod": "^4.3.6"
   },
   "overrides": {

packages/crypto/src/index.ts

@@ -2,5 +2,6 @@ export { aesGcmDecrypt, aesGcmEncrypt } from './aes-gcm'
 export { sha256, sha256Hex } from './hash'
 export { hkdfSha256 } from './hkdf'
 export { hmacSha256, hmacSha256Base64 } from './hmac'
-export { generatePgpKeyPair, pgpSignDetached, pgpVerifyDetached } from './pgp'
+export { generatePgpKeyPair, pgpSignDetached, pgpVerifyDetached, validatePgpPrivateKey } from './pgp'
 export { rsaOaepEncrypt } from './rsa-oaep'
+export { rsaVerifySignature, validateRsaPublicKey } from './rsa-signature'

packages/crypto/src/pgp.ts

@@ -28,6 +28,10 @@ export const generatePgpKeyPair = async (
  * @param armoredPrivateKey - ASCII-armored private key
  * @returns ASCII-armored detached signature (signature.asc content)
  */
+export const validatePgpPrivateKey = async (armoredKey: string): Promise<void> => {
+  await openpgp.readPrivateKey({ armoredKey })
+}
+
 export const pgpSignDetached = async (data: Uint8Array, armoredPrivateKey: string): Promise<string> => {
   const privateKey = await openpgp.readPrivateKey({ armoredKey: armoredPrivateKey })
   const message = await openpgp.createMessage({ binary: data })

packages/crypto/src/rsa-signature.test.ts

@@ -0,0 +1,24 @@
+import { describe, expect, it } from 'bun:test'
+import { constants, createSign, generateKeyPairSync } from 'node:crypto'
+import { rsaVerifySignature, validateRsaPublicKey } from './rsa-signature'
+
+describe('rsaVerifySignature', () => {
+  it('verifies SHA256withRSA signatures over raw payload bytes', () => {
+    const { privateKey, publicKey } = generateKeyPairSync('rsa', { modulusLength: 2048 })
+    const payload = Buffer.from('eyJsaWNlbmNlX2lkIjoiTElDLTAwMSIsImV4cGlyZV90aW1lIjoiMjAyNy0wMy0xOSJ9', 'utf-8')
+
+    const signer = createSign('RSA-SHA256')
+    signer.update(payload)
+    signer.end()
+
+    const signature = signer.sign({ key: privateKey, padding: constants.RSA_PKCS1_PADDING })
+    const publicKeyBase64 = publicKey.export({ format: 'der', type: 'spki' }).toString('base64')
+
+    expect(rsaVerifySignature(payload, signature, publicKeyBase64)).toBe(true)
+    expect(rsaVerifySignature(Buffer.from(`${payload}x`, 'utf-8'), signature, publicKeyBase64)).toBe(false)
+  })
+
+  it('rejects malformed SPKI public keys', () => {
+    expect(() => validateRsaPublicKey('not-a-public-key')).toThrow()
+  })
+})

packages/crypto/src/rsa-signature.ts

@@ -0,0 +1,19 @@
+import { constants, createPublicKey, verify } from 'node:crypto'
+
+const createSpkiPublicKey = (publicKeyBase64: string) => {
+  return createPublicKey({
+    key: Buffer.from(publicKeyBase64, 'base64'),
+    format: 'der',
+    type: 'spki',
+  })
+}
+
+export const validateRsaPublicKey = (publicKeyBase64: string): void => {
+  createSpkiPublicKey(publicKeyBase64)
+}
+
+export const rsaVerifySignature = (data: Uint8Array, signature: Uint8Array, publicKeyBase64: string): boolean => {
+  const publicKey = createSpkiPublicKey(publicKeyBase64)
+
+  return verify('RSA-SHA256', data, { key: publicKey, padding: constants.RSA_PKCS1_PADDING }, signature)
+}