From b4b2ec6d9908217af08310d48f4485614717ebaf Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Fri, 27 Nov 2020 11:13:04 -0700
Subject: [PATCH 01/22] adds timing instruments to see why setup takes so long

---
 agent/src/Application.hs            |   4 +-
 agent/src/Handler/Register.hs       |  46 ++++++----
 agent/src/Handler/Register/Nginx.hs |  20 ++++-
 agent/src/Lib/Ssl.hs                | 131 +++++++++++++++++-----------
 4 files changed, 132 insertions(+), 69 deletions(-)

diff --git a/agent/src/Application.hs b/agent/src/Application.hs
index 1be93162b..27326812e 100644
--- a/agent/src/Application.hs
+++ b/agent/src/Application.hs
@@ -81,10 +81,10 @@ appMain = do
                 die . toS $ "Invalid Port: " <> n
         ["--git-hash"] -> do
             putStrLn @Text $embedGitRevision
-            exitWith ExitSuccess
+            exitSuccess
         ["--version"] -> do
             putStrLn @Text (show agentVersion)
-            exitWith ExitSuccess
+            exitSuccess
         _ -> pure settings
     createDirectoryIfMissing False (toS $ agentDataDirectory `relativeTo` appFilesystemBase settings')
 
diff --git a/agent/src/Handler/Register.hs b/agent/src/Handler/Register.hs
index a6a2c24a5..f40bec097 100644
--- a/agent/src/Handler/Register.hs
+++ b/agent/src/Handler/Register.hs
@@ -1,4 +1,5 @@
 {-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE QuasiQuotes #-}
 {-# LANGUAGE RecordWildCards #-}
 module Handler.Register where
 
@@ -31,44 +32,59 @@ import           Lib.SystemPaths
 import           Model
 import           Settings
 
-postRegisterR :: Handler RegisterRes
-postRegisterR = handleS9ErrT $ do
-    settings           <- getsYesod appSettings
 
-    productKey         <- liftIO . getProductKey . appFilesystemBase $ settings
-    req                <- requireCheckJsonBody
+postRegisterR :: Handler RegisterRes
+postRegisterR = handleS9ErrT . fromSys $ do
+    time "Start"
+    settings   <- getsYesod appSettings
+
+    productKey <- liftIO . getProductKey . appFilesystemBase $ settings
+    time "Read Product Key"
+    req <- requireCheckJsonBody
+    time "Parse JSON Body"
 
     -- Decrypt torkey and password. This acts as product key authentication.
-    torKeyFileContents <- decryptTorkey productKey req
-    password           <- decryptPassword productKey req
-    rsaKeyFileContents <- decryptRSAKey productKey req
+    torKeyFileContents <- lift $ decryptTorkey productKey req
+    time "Decrypt Tor Key"
+    password <- lift $ decryptPassword productKey req
+    time "Decrypt Password"
+    rsaKeyFileContents <- lift $ decryptRSAKey productKey req
+    time "Decrypto RSA"
 
     -- Check for existing registration.
-    checkExistingPasswordRegistration rootAccountName >>= \case
+    lift $ checkExistingPasswordRegistration rootAccountName >>= \case
         Nothing -> pure ()
         Just _  -> sendResponseStatus (Status 209 "Preexisting") ()
+    time "Check Password Registration"
 
     -- install new tor hidden service key and restart tor
-    registerResTorAddress <- runM (injectFilesystemBaseFromContext settings $ bootupTor torKeyFileContents) >>= \case
-        Just t  -> pure t
-        Nothing -> throwE TorServiceTimeoutE
+    registerResTorAddress <-
+        lift $ runM (injectFilesystemBaseFromContext settings $ bootupTor torKeyFileContents) >>= \case
+            Just t  -> pure t
+            Nothing -> throwE TorServiceTimeoutE
+    time "Bootstrap Tor Hidden Service"
 
     -- install new ssl CA cert + nginx conf and restart nginx
     registerResCert <-
-        runM . handleS9ErrC . (>>= liftEither) . liftIO . runM . injectFilesystemBaseFromContext settings $ do
+        runM . handleS9ErrC . liftEither <=< liftIO . runM . injectFilesystemBaseFromContext settings $ do
             bootupHttpNginx
             runError @S9Error $ bootupSslNginx rsaKeyFileContents
+    time "Bootstrap SSL Configuration"
 
     -- create an hmac of the torAddress + caCert for front end
     registerResTorAddressSig <- produceProofOfKey productKey registerResTorAddress
-    registerResCertSig       <- produceProofOfKey productKey registerResCert
+    time "Sign Tor Address"
+    registerResCertSig <- produceProofOfKey productKey registerResCert
+    time "Sign Certificate"
 
     -- must match CN in config/csr.conf
     let registerResCertName = root_CA_CERT_NAME
     registerResLanAddress <- runM . injectFilesystemBaseFromContext settings $ getStart9AgentHostnameLocal
+    time "Fetch Agent Hostname"
 
     -- registration successful, save the password hash
-    registerResClaimedAt  <- saveAccountRegistration rootAccountName password
+    registerResClaimedAt <- lift $ saveAccountRegistration rootAccountName password
+    time "Save Account Registration"
     pure RegisterRes { .. }
 
 
diff --git a/agent/src/Handler/Register/Nginx.hs b/agent/src/Handler/Register/Nginx.hs
index 59b4da6bc..2307c2740 100644
--- a/agent/src/Handler/Register/Nginx.hs
+++ b/agent/src/Handler/Register/Nginx.hs
@@ -21,6 +21,19 @@ import           Lib.Synchronizers
 import           Lib.SystemPaths
 import           Lib.Tor
 import           System.Posix                   ( removeLink )
+import           Data.String.Interpolate.IsString
+                                                ( i )
+
+time :: MonadIO m => Text -> StateT UTCTime m ()
+time t = do
+    last <- Startlude.get
+    now  <- liftIO getCurrentTime
+    putStrLn @Text [i|#{t}: #{diffUTCTime now last}|]
+    put now
+
+fromSys :: MonadIO m => StateT UTCTime m a -> m a
+fromSys m = liftIO getCurrentTime >>= evalStateT m
+
 
 -- Left error, Right CA cert for hmac signing
 bootupSslNginx :: (HasFilesystemBase sig m, Has (Error S9Error) sig m, Has (Lift IO) sig m, MonadIO m)
@@ -74,7 +87,7 @@ resetSslState = do
             >>= traverse_ removePathForcibly
         writeFile (toS $ flip relativeTo base $ rootCaDirectory <> "/index.txt")         ""
         writeFile (toS $ flip relativeTo base $ intermediateCaDirectory <> "/index.txt") ""
-    _ <- liftIO $ try @SomeException . removeLink . toS $ (nginxSitesEnabled nginxSslConf) `relativeTo` base
+    _ <- liftIO $ try @SomeException . removeLink . toS $ nginxSitesEnabled nginxSslConf `relativeTo` base
     pure ()
 
 
@@ -82,7 +95,7 @@ bootupHttpNginx :: (HasFilesystemBase sig m, MonadIO m) => m ()
 bootupHttpNginx = installAmbassadorUiNginxHTTP "start9-ambassador.conf"
 
 writeSslKeyAndCert :: (MonadIO m, HasFilesystemBase sig m, Has (Error S9Error) sig m) => ByteString -> m Text
-writeSslKeyAndCert rsaKeyFileContents = do
+writeSslKeyAndCert rsaKeyFileContents = fromSys $ do
     directory     <- toS <$> getAbsoluteLocationFor sslDirectory
     caKeyPath     <- toS <$> getAbsoluteLocationFor rootCaKeyPath
     caConfPath    <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
@@ -98,10 +111,13 @@ writeSslKeyAndCert rsaKeyFileContents = do
 
     let hostname = sid <> ".local"
 
+    time "SSL Start"
     liftIO $ createDirectoryIfMissing False directory
     liftIO $ BS.writeFile caKeyPath rsaKeyFileContents
+    time "Write SSL Root Key"
 
     (exit, str1, str2) <- writeRootCaCert caConfPath caKeyPath caCertPath
+    time "Generate SSL Root Cert"
     liftIO $ do
         putStrLn @Text "openssl logs"
         putStrLn @Text "exit code: "
diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index 37dea7a5d..94e5f82bb 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -1,6 +1,16 @@
 {-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE QuasiQuotes #-}
-module Lib.Ssl where
+module Lib.Ssl
+  ( DeriveCertificate(..)
+  , root_CA_CERT_NAME
+  , writeRootCaCert
+  , writeIntermediateCert
+  , domain_CSR_CONF
+  , writeLeafCert
+  , root_CA_OPENSSL_CONF
+  , intermediate_CA_OPENSSL_CONF
+  )
+where
 
 import           Startlude
 
@@ -258,52 +268,55 @@ OU = Embassy
 
 writeRootCaCert :: MonadIO m => FilePath -> FilePath -> FilePath -> m (ExitCode, String, String)
 writeRootCaCert confPath keyFilePath certFileDestinationPath = liftIO $ readProcessWithExitCode
-    "openssl"
-    [ "req"
-    , -- use x509
-      "-new"
-    , -- new request
-      "-x509"
-    , -- self signed x509
-      "-nodes"
-    , -- no passphrase
-      "-days"
-    , -- expires in...
-      "3650"
-    , -- valid for 10 years. Max is 20 years
-      "-key"
-    , -- source private key
-      toS keyFilePath
-    , "-out"
+  "openssl"
+  [ "req"
+  , -- use x509
+    "-new"
+  , -- new request
+    "-x509"
+  , -- self signed x509
+    "-nodes"
+  , -- no passphrase
+    "-days"
+  , -- expires in...
+    "3650"
+  , -- valid for 10 years. Max is 20 years
+    "-key"
+  , -- source private key
+    toS keyFilePath
+  , "-out"
     -- target cert path
-    , toS certFileDestinationPath
-    , "-config"
+  , toS certFileDestinationPath
+  , "-config"
       -- configured by...
-    , toS confPath
-    ]
-    ""
+  , toS confPath
+  ]
+  ""
 
 data DeriveCertificate = DeriveCertificate
-    { applicantConfPath :: FilePath
-    , applicantKeyPath  :: FilePath
-    , applicantCertPath :: FilePath
-    , signingConfPath   :: FilePath
-    , signingKeyPath    :: FilePath
-    , signingCertPath   :: FilePath
-    , duration          :: Integer
-    }
+  { applicantConfPath :: FilePath
+  , applicantKeyPath  :: FilePath
+  , applicantCertPath :: FilePath
+  , signingConfPath   :: FilePath
+  , signingKeyPath    :: FilePath
+  , signingCertPath   :: FilePath
+  , duration          :: Integer
+  }
 writeIntermediateCert :: MonadIO m => DeriveCertificate -> m (ExitCode, String, String)
-writeIntermediateCert DeriveCertificate {..} = liftIO $ interpret $ do
+writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
+  lift . lift $ time "Intermediate Cert Write Start"
     -- openssl genrsa -out dump/int.key 4096
-    segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
-    -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
-    segment $ openssl [i|req -new
+  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  lift . lift $ time "Generate intermediate RSA Key"
+  -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
+  segment $ openssl [i|req -new
                              -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -nodes
                              -out #{applicantCertPath <> ".csr"}|]
-    -- openssl x509 -CA dump/ca.crt -CAkey dump/ca.key -CAcreateserial -days 3650 -req -in dump/int.csr -out dump/int.crt
-    segment $ openssl [i|ca -batch
+  lift . lift $ time "Generate intermediate CSR"
+  -- openssl x509 -CA dump/ca.crt -CAkey dump/ca.key -CAcreateserial -days 3650 -req -in dump/int.csr -out dump/int.crt
+  segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
                             -rand_serial
                             -keyfile #{signingKeyPath}
@@ -313,17 +326,22 @@ writeIntermediateCert DeriveCertificate {..} = liftIO $ interpret $ do
                             -notext
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}|]
-    liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+  lift . lift $ time "Sign intermediate certificate"
+  liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+  lift . lift $ time "Update certificate chain"
 
 writeLeafCert :: MonadIO m => DeriveCertificate -> Text -> Text -> m (ExitCode, String, String)
-writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ interpret $ do
-    segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
-    segment $ openssl [i|req -config #{applicantConfPath}
+writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ fromSys $ interpret $ do
+  lift . lift $ time "Leaf Cert Write Start"
+  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  lift . lift $ time "Generate leaf RSA Key"
+  segment $ openssl [i|req -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -new
                              -addext subjectAltName=DNS:#{hostname},DNS:*.#{hostname},DNS:#{torAddress},DNS:*.#{torAddress}
                              -out #{applicantCertPath <> ".csr"}|]
-    segment $ openssl [i|ca -batch
+  lift . lift $ time "Generate leaf CSR"
+  segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
                             -rand_serial
                             -keyfile #{signingKeyPath}
@@ -334,13 +352,15 @@ writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ interpret $
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}
                             |]
-    liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+  lift . lift $ time "Sign leaf CSR"
+  liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+  lift . lift $ time "Update certificate chain"
 
-openssl :: Text -> IO (ExitCode, String, String)
-openssl = ($ "") . readProcessWithExitCode "openssl" . fmap toS . words
+openssl :: MonadIO m => Text -> m (ExitCode, String, String)
+openssl = liftIO . ($ "") . readProcessWithExitCode "openssl" . fmap toS . words
 {-# INLINE openssl #-}
 
-interpret :: ExceptT ExitCode (StateT (String, String) IO) () -> IO (ExitCode, String, String)
+interpret :: MonadIO m => ExceptT ExitCode (StateT (String, String) m) () -> m (ExitCode, String, String)
 interpret = fmap (over _1 (either id (const ExitSuccess)) . regroup) . flip runStateT ("", "") . runExceptT
 {-# INLINE interpret #-}
 
@@ -348,8 +368,19 @@ regroup :: (a, (b, c)) -> (a, b, c)
 regroup (a, (b, c)) = (a, b, c)
 {-# INLINE regroup #-}
 
-segment :: IO (ExitCode, String, String) -> ExceptT ExitCode (StateT (String, String) IO) ()
-segment action = liftIO action >>= \case
-    (ExitSuccess, o, e) -> modify (bimap (<> o) (<> e))
-    (ec         , o, e) -> modify (bimap (<> o) (<> e)) *> throwE ec
+segment :: MonadIO m => m (ExitCode, String, String) -> ExceptT ExitCode (StateT (String, String) m) ()
+segment action = (lift . lift) action >>= \case
+  (ExitSuccess, o, e) -> modify (bimap (<> o) (<> e))
+  (ec         , o, e) -> modify (bimap (<> o) (<> e)) *> throwE ec
 {-# INLINE segment #-}
+
+time :: MonadIO m => Text -> StateT UTCTime m ()
+time t = do
+  last <- Startlude.get
+  now  <- liftIO getCurrentTime
+  putStrLn @Text [i|#{t}: #{diffUTCTime now last}|]
+  put now
+
+fromSys :: MonadIO m => StateT UTCTime m a -> m a
+fromSys m = liftIO getCurrentTime >>= evalStateT m
+

From 02552eb2784422ff993ec41c0377c496b6b97e60 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Fri, 27 Nov 2020 15:21:37 -0700
Subject: [PATCH 02/22] attempt to use P256 instead

---
 agent/src/Lib/Ssl.hs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index 94e5f82bb..c8e5700b0 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -306,7 +306,7 @@ writeIntermediateCert :: MonadIO m => DeriveCertificate -> m (ExitCode, String,
 writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
   lift . lift $ time "Intermediate Cert Write Start"
     -- openssl genrsa -out dump/int.key 4096
-  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
   lift . lift $ time "Generate intermediate RSA Key"
   -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
   segment $ openssl [i|req -new
@@ -333,7 +333,7 @@ writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
 writeLeafCert :: MonadIO m => DeriveCertificate -> Text -> Text -> m (ExitCode, String, String)
 writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ fromSys $ interpret $ do
   lift . lift $ time "Leaf Cert Write Start"
-  segment $ openssl [i|genrsa -out #{applicantKeyPath} 4096|]
+  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
   lift . lift $ time "Generate leaf RSA Key"
   segment $ openssl [i|req -config #{applicantConfPath}
                              -key #{applicantKeyPath}

From f1208f281ca6004d64673c8ae655cd40c87fefec Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 17:44:18 -0700
Subject: [PATCH 03/22] fixes ssl renewal, replaces rsa with ecdsa for
 derivative certs

---
 agent/src/Application.hs            |  5 ++
 agent/src/Daemon/SslRenew.hs        | 77 ++++++++++++++++++++++++++++
 agent/src/Handler/Register/Nginx.hs | 79 +++++++++++++++++++++++++++--
 agent/src/Lib/Notifications.hs      | 15 +++++-
 agent/src/Lib/Ssl.hs                |  1 +
 agent/src/Lib/Synchronizers.hs      | 59 +++++++++++++++++----
 agent/src/Lib/SystemPaths.hs        |  7 +--
 7 files changed, 223 insertions(+), 20 deletions(-)
 create mode 100644 agent/src/Daemon/SslRenew.hs

diff --git a/agent/src/Application.hs b/agent/src/Application.hs
index 27326812e..01d24c2df 100644
--- a/agent/src/Application.hs
+++ b/agent/src/Application.hs
@@ -65,6 +65,7 @@ import           Lib.WebServer
 import           Model
 import           Settings
 import Lib.Background
+import qualified Daemon.SslRenew as SSLRenew
 
 appMain :: IO ()
 appMain = do
@@ -187,6 +188,10 @@ startupSequence foundation = do
         void . forkIO . forever $ forkIO (runReaderT AppNotifications.fetchAndSave foundation) >> threadDelay 5_000_000
         withAgentVersionLog_ "App notifications refreshing"
 
+        withAgentVersionLog_ "Initializing SSL certificate renewal loop"
+        void . forkIO . forever $ forkIO $ SSLRenew.renewSslLeafCert foundation
+        withAgentVersionLog_ "SSL Renewal daemon started"
+
         -- reloading avahi daemon
         -- DRAGONS! make sure this step happens AFTER system synchronization
         withAgentVersionLog_ "Publishing Agent to Avahi Daemon"
diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
new file mode 100644
index 000000000..a0b47c97a
--- /dev/null
+++ b/agent/src/Daemon/SslRenew.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE QuasiQuotes #-}
+module Daemon.SslRenew where
+
+import           Startlude               hiding ( err )
+
+import           Data.String.Interpolate        ( i )
+import           System.Process                 ( system )
+
+import           Foundation
+import           Lib.SystemPaths
+import           Settings
+import           Lib.Ssl
+import           Daemon.ZeroConf                ( getStart9AgentHostname )
+import           Lib.Tor
+import           Control.Carrier.Lift
+import           System.Directory               ( renameDirectory
+                                                , removeDirectory
+                                                )
+import           Lib.SystemCtl
+import qualified Lib.Notifications             as Notifications
+import           Database.Persist.Sql           ( runSqlPool )
+import           Lib.Types.Core
+import           Constants
+
+renewSslLeafCert :: AgentCtx -> IO ()
+renewSslLeafCert ctx = do
+    let base = appFilesystemBase . appSettings $ ctx
+    hn  <- injectFilesystemBase base getStart9AgentHostname
+    tor <- injectFilesystemBase base getAgentHiddenServiceUrl
+    putStr @Text "SSL Renewal Required? "
+    needsRenew <- doesSslNeedRenew (toS $ entityCertPath hn `relativeTo` base)
+    print needsRenew
+    when needsRenew $ runM . injectFilesystemBase base $ do
+        intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
+        intCaConfPath  <- toS <$> getAbsoluteLocationFor intermediateCaOpenSslConfPath
+        intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
+
+        sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
+        entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
+        entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
+        entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
+
+        (ec, out, err) <- writeLeafCert
+            DeriveCertificate { applicantConfPath = entConfPathTmp
+                              , applicantKeyPath  = entKeyPathTmp
+                              , applicantCertPath = entCertPathTmp
+                              , signingConfPath   = intCaConfPath
+                              , signingKeyPath    = intCaKeyPath
+                              , signingCertPath   = intCaCertPath
+                              , duration          = 365
+                              }
+            hn
+            tor
+        liftIO $ do
+            putStrLn @Text "openssl logs"
+            putStrLn @Text "exit code: "
+            print ec
+            putStrLn @String $ "stdout: " <> out
+            putStrLn @String $ "stderr: " <> err
+        case ec of
+            ExitSuccess -> pure ()
+            ExitFailure n ->
+                liftIO
+                    . void
+                    $ flip runSqlPool (appConnPool ctx)
+                    $ Notifications.emit (AppId "EmbassyOS") agentVersion
+                    $ Notifications.CertRenewFailed (ExitFailure n) out err
+        let sslDir = toS $ sslDirectory `relativeTo` base
+        liftIO $ removeDirectory sslDir
+        liftIO $ renameDirectory sslDirTmp sslDir
+        liftIO $ systemCtl RestartService "nginx" $> ()
+
+
+doesSslNeedRenew :: FilePath -> IO Bool
+doesSslNeedRenew cert = do
+    ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
+    pure $ ec /= ExitSuccess
diff --git a/agent/src/Handler/Register/Nginx.hs b/agent/src/Handler/Register/Nginx.hs
index 2307c2740..8eff38c6d 100644
--- a/agent/src/Handler/Register/Nginx.hs
+++ b/agent/src/Handler/Register/Nginx.hs
@@ -5,6 +5,7 @@ module Handler.Register.Nginx where
 
 import           Startlude               hiding ( ask
                                                 , catchError
+                                                , err
                                                 )
 
 import           Control.Carrier.Error.Church
@@ -23,6 +24,7 @@ import           Lib.Tor
 import           System.Posix                   ( removeLink )
 import           Data.String.Interpolate.IsString
                                                 ( i )
+import           Lib.SystemCtl
 
 time :: MonadIO m => Text -> StateT UTCTime m ()
 time t = do
@@ -67,13 +69,13 @@ resetSslState = do
     traverse_
         (liftIO . removePathForcibly . toS . flip relativeTo base)
         [ rootCaKeyPath
-        , relBase $ (rootCaCertPath `relativeTo` "/") <> ".csr"
+        , relBase $ (rootCaCertPath `relativeTo` base) <> ".csr"
         , rootCaCertPath
         , intermediateCaKeyPath
-        , relBase $ (intermediateCaCertPath `relativeTo` "/") <> ".csr"
+        , relBase $ (intermediateCaCertPath `relativeTo` base) <> ".csr"
         , intermediateCaCertPath
         , entityKeyPath host
-        , relBase $ (entityCertPath host `relativeTo` "/") <> ".csr"
+        , relBase $ (entityCertPath host `relativeTo` base) <> ".csr"
         , entityCertPath host
         , entityConfPath host
         , nginxSitesAvailable nginxSslConf
@@ -90,7 +92,6 @@ resetSslState = do
     _ <- liftIO $ try @SomeException . removeLink . toS $ nginxSitesEnabled nginxSslConf `relativeTo` base
     pure ()
 
-
 bootupHttpNginx :: (HasFilesystemBase sig m, MonadIO m) => m ()
 bootupHttpNginx = installAmbassadorUiNginxHTTP "start9-ambassador.conf"
 
@@ -172,3 +173,73 @@ writeSslKeyAndCert rsaKeyFileContents = fromSys $ do
         ExitFailure ec -> throwError $ OpenSslE "leaf" ec str1' str2'
 
     readSystemPath' rootCaCertPath
+
+replaceDerivativeCerts :: (HasFilesystemBase sig m, Has (Error S9Error) sig m, MonadIO m) => m ()
+replaceDerivativeCerts = do
+    hn             <- getStart9AgentHostname
+    tor            <- getAgentHiddenServiceUrl
+
+    caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath
+    caConfPath     <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
+    caCertPath     <- toS <$> getAbsoluteLocationFor rootCaCertPath
+
+    intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
+    intCaConfPath  <- toS <$> getAbsoluteLocationFor intermediateCaOpenSslConfPath
+    intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
+
+    sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
+    entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
+    entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
+    entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
+    liftIO $ createDirectoryIfMissing True sslDirTmp
+    liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hn)
+
+    -- ensure duplicate certificates are acceptable
+    base <- Fused.ask @"filesystemBase"
+    liftIO $ BS.writeFile (toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base) "unique_subject = no\n"
+    liftIO $ BS.writeFile (toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base)
+                          "unique_subject = no\n"
+
+    (ec, out, err) <- writeIntermediateCert DeriveCertificate { applicantConfPath = intCaConfPath
+                                                              , applicantKeyPath  = intCaKeyPath
+                                                              , applicantCertPath = intCaCertPath
+                                                              , signingConfPath   = caConfPath
+                                                              , signingKeyPath    = caKeyPath
+                                                              , signingCertPath   = caCertPath
+                                                              , duration          = 3650
+                                                              }
+    liftIO $ do
+        putStrLn @Text "openssl logs"
+        putStrLn @Text "exit code: "
+        print ec
+        putStrLn @String $ "stdout: " <> out
+        putStrLn @String $ "stderr: " <> err
+    case ec of
+        ExitSuccess   -> pure ()
+        ExitFailure n -> throwError $ OpenSslE "leaf" n out err
+
+    (ec', out', err') <- writeLeafCert
+        DeriveCertificate { applicantConfPath = entConfPathTmp
+                          , applicantKeyPath  = entKeyPathTmp
+                          , applicantCertPath = entCertPathTmp
+                          , signingConfPath   = intCaConfPath
+                          , signingKeyPath    = intCaKeyPath
+                          , signingCertPath   = intCaCertPath
+                          , duration          = 365
+                          }
+        hn
+        tor
+    liftIO $ do
+        putStrLn @Text "openssl logs"
+        putStrLn @Text "exit code: "
+        print ec
+        putStrLn @String $ "stdout: " <> out'
+        putStrLn @String $ "stderr: " <> err'
+    case ec' of
+        ExitSuccess   -> pure ()
+        ExitFailure n -> throwError $ OpenSslE "leaf" n out' err'
+
+    sslDir <- toS <$> getAbsoluteLocationFor sslDirectory
+    liftIO $ removeDirectory sslDir
+    liftIO $ renameDirectory sslDirTmp sslDir
+    liftIO $ systemCtl RestartService "nginx" $> ()
diff --git a/agent/src/Lib/Notifications.hs b/agent/src/Lib/Notifications.hs
index 7e826e1cd..8da2e63ee 100644
--- a/agent/src/Lib/Notifications.hs
+++ b/agent/src/Lib/Notifications.hs
@@ -19,8 +19,8 @@ emit :: MonadIO m => AppId -> Version -> AgentNotification -> SqlPersistT m (Ent
 emit appId version ty = do
     uuid <- liftIO nextRandom
     now  <- liftIO getCurrentTime
-    let k = (NotificationKey uuid)
-    let v = (Notification now Nothing appId version (toCode ty) (toTitle ty) (toMessage appId version ty))
+    let k = NotificationKey uuid
+    let v = Notification now Nothing appId version (toCode ty) (toTitle ty) (toMessage appId version ty)
     insertKey k v
     putStrLn $ toMessage appId version ty
     pure $ Entity k v
@@ -42,6 +42,7 @@ data AgentNotification =
     | RestoreFailed S9Error
     | RestartFailed S9Error
     | DockerFuckening
+    | CertRenewFailed ExitCode String String
 
 -- CODES
 -- RULES:
@@ -54,6 +55,7 @@ data AgentNotification =
 -- The second digit indicates where the error was originated from as follows
 -- 0: Originates from Agent
 -- 1: Originates from App (Not presently used)
+-- 2: Originates from Agent ABOUT THE AGENT
 --
 -- The remaining section of the code may be as long as you want but must be at least one digit
 -- EXAMPLES:
@@ -78,6 +80,7 @@ toCode (InstallFailedS9Error _)        = "303"
 toCode (BackupFailed         _)        = "304"
 toCode (RestoreFailed        _)        = "305"
 toCode (RestartFailed        _)        = "306"
+toCode CertRenewFailed{}               = "320"
 
 toTitle :: AgentNotification -> Text
 toTitle InstallSuccess                  = "Install succeeded"
@@ -90,6 +93,7 @@ toTitle (BackupFailed                _) = "Backup failed"
 toTitle (RestoreFailed               _) = "Restore failed"
 toTitle (RestartFailed               _) = "Restart failed"
 toTitle DockerFuckening                 = "App unstoppable"
+toTitle CertRenewFailed{}               = "Embassy Certificate Renewal Failed"
 
 toMessage :: AppId -> Version -> AgentNotification -> Text
 toMessage appId version InstallSuccess = [i|Successfully installed #{appId} at version #{version}|]
@@ -107,3 +111,10 @@ toMessage appId _version (BackupFailed  reason) = [i|Failed to back up #{appId}:
 toMessage appId _version (RestoreFailed reason) = [i|Failed to restore #{appId}: #{errorMessage $ toError reason}|]
 toMessage appId _version (RestartFailed reason) =
     [i|Failed to restart #{appId}: #{errorMessage $ toError reason}. Please manually restart|]
+toMessage _ version (CertRenewFailed ec o e) = [i|Failed to renew SSL Certificates for EmbassyOS (#{version})
+ExitCode: #{ec}
+Stdout:
+#{o}
+Stderr:
+#{e}
+|]
diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index c8e5700b0..14f232dbc 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -9,6 +9,7 @@ module Lib.Ssl
   , writeLeafCert
   , root_CA_OPENSSL_CONF
   , intermediate_CA_OPENSSL_CONF
+  , segment
   )
 where
 
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index ae60630a2..6d1ba7240 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -87,7 +87,7 @@ parseKernelVersion = do
     major' <- decimal
     minor' <- char '.' *> decimal
     patch' <- char '.' *> decimal
-    arch   <- string "-v7l+" *> pure ArmV7 <|> string "-v8+" *> pure ArmV8
+    arch   <- string "-v7l+" $> ArmV7 <|> string "-v8+" $> ArmV8
     pure $ KernelVersion (Version (major', minor', patch', 0)) arch
 
 synchronizer :: Synchronizer
@@ -141,7 +141,7 @@ syncCreateSshDir = SyncOp "Create SSH directory" check migrate False
 syncRemoveAvahiSystemdDependency :: SyncOp
 syncRemoveAvahiSystemdDependency = SyncOp "Remove Avahi Systemd Dependency" check migrate False
     where
-        wanted = decodeUtf8 $ $(embedFile "config/agent.service")
+        wanted = decodeUtf8 $(embedFile "config/agent.service")
         check  = do
             base    <- asks $ appFilesystemBase . appSettings
             content <- liftIO $ readFile (toS $ agentServicePath `relativeTo` base)
@@ -172,7 +172,7 @@ sync32BitKernel = SyncOp "32 Bit Kernel Switch" check migrate True
         check          = do
             settings <- asks appSettings
             cfg      <- injectFilesystemBaseFromContext settings getBootCfgPath
-            liftIO . run $ fmap isNothing $ (shell [i|grep "arm_64bit=0" #{cfg} || true|] $| conduit await)
+            liftIO . run $ isNothing <$> (shell [i|grep "arm_64bit=0" #{cfg} || true|] $| conduit await)
         migrate = do
             base <- asks $ appFilesystemBase . appSettings
             let tmpFile = bootConfigTempPath `relativeTo` base
@@ -234,9 +234,9 @@ syncWriteConf name contents' confLocation = SyncOp [i|Write #{name} Conf|] check
                 liftIO
                 $       (Just <$> readFile (toS $ confLocation `relativeTo` base))
                 `catch` (\(e :: IOException) -> if isDoesNotExistError e then pure Nothing else throwIO e)
-            case conf of
-                Nothing -> pure True
-                Just co -> pure $ if co == contents then False else True
+            pure $ case conf of
+                Nothing -> True
+                Just co -> co /= contents
         migrate = do
             base <- asks $ appFilesystemBase . appSettings
             void . liftIO $ createDirectoryIfMissing True (takeDirectory (toS $ confLocation `relativeTo` base))
@@ -330,7 +330,7 @@ syncInstallAmbassadorUI = SyncOp "Install Ambassador UI" check migrate False
         streamUntar root stream = Conduit.runConduit $ Conduit.fromBStream stream .| Conduit.untar \f -> do
             let path = toS . (toS root </>) . joinPath . drop 1 . splitPath . B8.unpack . Conduit.filePath $ f
             print path
-            if (Conduit.fileType f == Conduit.FTDirectory)
+            if Conduit.fileType f == Conduit.FTDirectory
                 then liftIO $ createDirectoryIfMissing True path
                 else Conduit.sinkFile path
 
@@ -372,8 +372,8 @@ installAmbassadorUiNginx mSslOverrides fileName = do
     void . liftIO $ systemCtl RestartService "nginx"
     where
         ambassadorUiClientManifiest b = toS $ (ambassadorUiPath <> "/client-manifest.yaml") `relativeTo` b
-        nginxAvailableConf b = toS $ (nginxSitesAvailable fileName) `relativeTo` b
-        nginxEnabledConf b = toS $ (nginxSitesEnabled fileName) `relativeTo` b
+        nginxAvailableConf b = toS $ nginxSitesAvailable fileName `relativeTo` b
+        nginxEnabledConf b = toS $ nginxSitesEnabled fileName `relativeTo` b
 
 syncOpenHttpPorts :: SyncOp
 syncOpenHttpPorts = SyncOp "Open Hidden Service Port 80" check migrate False
@@ -426,6 +426,47 @@ syncPersistLogs :: SyncOp
 syncPersistLogs =
     (syncWriteConf "Journald" $(embedFile "config/journald.conf") journaldConfig) { syncOpRequiresReboot = True }
 
+syncRepairSsl :: SyncOp
+syncRepairSsl = SyncOp "Repair SSL Certs" check migrate False
+    where
+        check = do
+            base <- asks $ appFilesystemBase . appSettings
+            let p = toS $ sslDirectory `relativeTo` base
+            liftIO $ not <$> doesDirectoryExist p
+        migrate = do
+            base <- asks $ appFilesystemBase . appSettings
+            let newCerts = toS $ (agentTmpDirectory <> sslDirectory) `relativeTo` base
+            liftIO $ renameDirectory newCerts (toS $ sslDirectory `relativeTo` base)
+            liftIO $ systemCtl RestartService "nginx" $> ()
+
+-- syncConvertEcdsaCerts :: SyncOp
+-- syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
+--     where
+--         check = do
+--             fs     <- asks $ appFilesystemBase . appSettings
+--             header <- liftIO $ headMay . lines <$> readFile (toS $ intermediateCaKeyPath `relativeTo` fs)
+--             pure $ case header of
+--                 Nothing -> False
+--                 Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
+--         migrate = replaceDerivativeCerts
+
+-- syncConvertEcdsaLeafCert :: SyncOp
+-- syncConvertEcdsaLeafCert = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
+--     where
+--         check = do
+--             fs     <- asks $ appFilesystemBase . appSettings
+--             h      <- injectFilesystemBase fs getStart9AgentHostname
+--             header <- liftIO $ headMay . lines <$> readFile (toS $ entityKeyPath h `relativeTo` fs)
+--             pure $ case header of
+--                 Nothing -> False
+--                 Just y  -> "BEGIN RSA PRIVATE" `T.isInfixOf` y
+--         migrate = do
+--             base <- asks $ appFilesystemBase . appSettings
+--             _
+
+-- syncRotateExpiringCerts :: SyncOp
+-- syncRotateExpiringCerts = _
+
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do
     ref <- asks appIsUpdateFailed
diff --git a/agent/src/Lib/SystemPaths.hs b/agent/src/Lib/SystemPaths.hs
index d63da47ee..bbb4abb71 100644
--- a/agent/src/Lib/SystemPaths.hs
+++ b/agent/src/Lib/SystemPaths.hs
@@ -76,18 +76,15 @@ getAbsoluteLocationFor path = do
 readSystemPath :: (HasFilesystemBase sig m, MonadIO m) => SystemPath -> m (Maybe Text)
 readSystemPath path = do
     loadPath <- getAbsoluteLocationFor path
-    contents <-
-        liftIO
+    liftIO
         $       (Just <$> readFile (toS loadPath))
         `catch` (\(e :: IOException) -> if isDoesNotExistError e then pure Nothing else throwIO e)
-    pure contents
 
 -- like the above, but throws IO error if file not found
 readSystemPath' :: (HasFilesystemBase sig m, MonadIO m) => SystemPath -> m Text
 readSystemPath' path = do
     loadPath <- getAbsoluteLocationFor path
-    contents <- liftIO . readFile . toS $ loadPath
-    pure contents
+    liftIO . readFile . toS $ loadPath
 
 writeSystemPath :: (HasFilesystemBase sig m, MonadIO m) => SystemPath -> Text -> m ()
 writeSystemPath path contents = do

From d31b940c50f6cbdcd714b5155946390d7c20ba51 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 20:22:25 -0700
Subject: [PATCH 04/22] sleep before looping

---
 agent/src/Application.hs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/agent/src/Application.hs b/agent/src/Application.hs
index 01d24c2df..898d11951 100644
--- a/agent/src/Application.hs
+++ b/agent/src/Application.hs
@@ -19,6 +19,7 @@ module Application
     , handler
     , runDb
     , getAgentCtx
+    , sleep
     )
 where
 
@@ -189,7 +190,7 @@ startupSequence foundation = do
         withAgentVersionLog_ "App notifications refreshing"
 
         withAgentVersionLog_ "Initializing SSL certificate renewal loop"
-        void . forkIO . forever $ forkIO $ SSLRenew.renewSslLeafCert foundation
+        void . forkIO . forever $ forkIO $ SSLRenew.renewSslLeafCert foundation *> sleep 86_400
         withAgentVersionLog_ "SSL Renewal daemon started"
 
         -- reloading avahi daemon
@@ -204,6 +205,10 @@ startupSequence foundation = do
     withAgentVersionLog_ "Listening for Self-Update Signal"
     waitForUpdateSignal foundation
 
+sleep :: Integer -> IO ()
+sleep n = let (full, r) = (n * 1_000_000) `divMod` (fromIntegral $ (maxBound :: Int)) in
+    replicateM_ (fromIntegral full) (threadDelay maxBound) *> threadDelay (fromIntegral r)
+
 --------------------------------------------------------------
 -- Functions for DevelMain.hs (a way to run the AgentCtx from GHCi)
 --------------------------------------------------------------

From 282675d1f839d7af708b6ce1fdd7ad386f465f35 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 20:51:26 -0700
Subject: [PATCH 05/22] fixes parenthesis

---
 agent/src/Application.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/src/Application.hs b/agent/src/Application.hs
index 898d11951..e13488b46 100644
--- a/agent/src/Application.hs
+++ b/agent/src/Application.hs
@@ -190,7 +190,7 @@ startupSequence foundation = do
         withAgentVersionLog_ "App notifications refreshing"
 
         withAgentVersionLog_ "Initializing SSL certificate renewal loop"
-        void . forkIO . forever $ forkIO $ SSLRenew.renewSslLeafCert foundation *> sleep 86_400
+        void . forkIO . forever $ forkIO (SSLRenew.renewSslLeafCert foundation) *> sleep 86_400
         withAgentVersionLog_ "SSL Renewal daemon started"
 
         -- reloading avahi daemon

From bb6e09b5c25757273ac2ab54143f0fae4c362c2d Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 21:09:20 -0700
Subject: [PATCH 06/22] 0.2.6

---
 agent/config/settings.yml      | 2 +-
 agent/migrations/0.2.5::0.2.6  | 1 +
 agent/package.yaml             | 2 +-
 agent/src/Lib/Synchronizers.hs | 8 ++++----
 4 files changed, 7 insertions(+), 6 deletions(-)
 create mode 100644 agent/migrations/0.2.5::0.2.6

diff --git a/agent/config/settings.yml b/agent/config/settings.yml
index e86956673..1af22f3de 100644
--- a/agent/config/settings.yml
+++ b/agent/config/settings.yml
@@ -34,6 +34,6 @@ database:
   database: "start9_agent.sqlite3"
   poolsize: "_env:YESOD_SQLITE_POOLSIZE:10"
 
-app-mgr-version-spec: "=0.2.5"
+app-mgr-version-spec: "=0.2.6"
 
 #analytics: UA-YOURCODE
diff --git a/agent/migrations/0.2.5::0.2.6 b/agent/migrations/0.2.5::0.2.6
new file mode 100644
index 000000000..b928005e2
--- /dev/null
+++ b/agent/migrations/0.2.5::0.2.6
@@ -0,0 +1 @@
+SELECT TRUE;
\ No newline at end of file
diff --git a/agent/package.yaml b/agent/package.yaml
index 5d4df9213..ee7c00ab2 100644
--- a/agent/package.yaml
+++ b/agent/package.yaml
@@ -1,5 +1,5 @@
 name: ambassador-agent
-version: 0.2.5
+version: 0.2.6
 
 default-extensions:
 - NoImplicitPrelude
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index 6d1ba7240..e526ca75e 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -91,12 +91,12 @@ parseKernelVersion = do
     pure $ KernelVersion (Version (major', minor', patch', 0)) arch
 
 synchronizer :: Synchronizer
-synchronizer = sync_0_2_5
+synchronizer = sync_0_2_6
 {-# INLINE synchronizer #-}
 
-sync_0_2_5 :: Synchronizer
-sync_0_2_5 = Synchronizer
-    "0.2.5"
+sync_0_2_6 :: Synchronizer
+sync_0_2_6 = Synchronizer
+    "0.2.6"
     [ syncCreateAgentTmp
     , syncCreateSshDir
     , syncRemoveAvahiSystemdDependency

From 34abb6ae42d8364960777809582f6893927cd333 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Mon, 30 Nov 2020 21:58:56 -0700
Subject: [PATCH 07/22] 0.2.6

---
 appmgr/Cargo.lock            |  2 +-
 appmgr/Cargo.toml            |  2 +-
 appmgr/src/version/mod.rs    |  4 ++++
 appmgr/src/version/v0_2_6.rs | 21 +++++++++++++++++++++
 4 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 appmgr/src/version/v0_2_6.rs

diff --git a/appmgr/Cargo.lock b/appmgr/Cargo.lock
index b4e4a074c..2fd1ed051 100644
--- a/appmgr/Cargo.lock
+++ b/appmgr/Cargo.lock
@@ -35,7 +35,7 @@ dependencies = [
 
 [[package]]
 name = "appmgr"
-version = "0.2.5"
+version = "0.2.6"
 dependencies = [
  "argonautica",
  "async-trait",
diff --git a/appmgr/Cargo.toml b/appmgr/Cargo.toml
index 61444f663..a977f7fdd 100644
--- a/appmgr/Cargo.toml
+++ b/appmgr/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "appmgr"
-version = "0.2.5"
+version = "0.2.6"
 authors = ["Aiden McClelland <me@drbonez.dev>"]
 edition = "2018"
 
diff --git a/appmgr/src/version/mod.rs b/appmgr/src/version/mod.rs
index 26f89cccf..ced9e8e61 100644
--- a/appmgr/src/version/mod.rs
+++ b/appmgr/src/version/mod.rs
@@ -20,6 +20,7 @@ mod v0_2_2;
 mod v0_2_3;
 mod v0_2_4;
 mod v0_2_5;
+mod v0_2_6;
 
 pub use v0_2_5::Version as Current;
 
@@ -39,6 +40,7 @@ enum Version {
     V0_2_3(Wrapper<v0_2_3::Version>),
     V0_2_4(Wrapper<v0_2_4::Version>),
     V0_2_5(Wrapper<v0_2_5::Version>),
+    V0_2_6(Wrapper<v0_2_6::Version>),
     Other(emver::Version),
 }
 
@@ -146,6 +148,7 @@ pub async fn init() -> Result<(), failure::Error> {
             Version::V0_2_3(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_4(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_5(v) => v.0.migrate_to(&Current::new()).await?,
+            Version::V0_2_6(v) => v.0.migrate_to(&Current::new()).await?,
             Version::Other(_) => (),
             // TODO find some way to automate this?
         }
@@ -231,6 +234,7 @@ pub async fn self_update(requirement: emver::VersionRange) -> Result<(), Error>
         Version::V0_2_3(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_4(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_5(v) => Current::new().migrate_to(&v.0).await?,
+        Version::V0_2_6(v) => Current::new().migrate_to(&v.0).await?,
         Version::Other(_) => (),
         // TODO find some way to automate this?
     };
diff --git a/appmgr/src/version/v0_2_6.rs b/appmgr/src/version/v0_2_6.rs
new file mode 100644
index 000000000..33c0d8133
--- /dev/null
+++ b/appmgr/src/version/v0_2_6.rs
@@ -0,0 +1,21 @@
+use super::*;
+
+const V0_2_6: emver::Version = emver::Version::new(0, 2, 6, 0);
+
+pub struct Version;
+#[async_trait]
+impl VersionT for Version {
+    type Previous = v0_2_5::Version;
+    fn new() -> Self {
+        Version
+    }
+    fn semver(&self) -> &'static emver::Version {
+        &V0_2_6
+    }
+    async fn up(&self) -> Result<(), Error> {
+        Ok(())
+    }
+    async fn down(&self) -> Result<(), Error> {
+        Ok(())
+    }
+}

From 5fa2c563cc516b6bfca0d9cd4fd7366931732199 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 21:59:36 -0700
Subject: [PATCH 08/22] removes timing code

---
 agent/src/Handler/Register.hs       | 40 ++++++++++-------------------
 agent/src/Handler/Register/Nginx.hs | 18 +------------
 2 files changed, 14 insertions(+), 44 deletions(-)

diff --git a/agent/src/Handler/Register.hs b/agent/src/Handler/Register.hs
index f40bec097..e0cf59568 100644
--- a/agent/src/Handler/Register.hs
+++ b/agent/src/Handler/Register.hs
@@ -34,57 +34,43 @@ import           Settings
 
 
 postRegisterR :: Handler RegisterRes
-postRegisterR = handleS9ErrT . fromSys $ do
-    time "Start"
-    settings   <- getsYesod appSettings
+postRegisterR = handleS9ErrT $ do
+    settings           <- getsYesod appSettings
 
-    productKey <- liftIO . getProductKey . appFilesystemBase $ settings
-    time "Read Product Key"
-    req <- requireCheckJsonBody
-    time "Parse JSON Body"
+    productKey         <- liftIO . getProductKey . appFilesystemBase $ settings
+    req                <- requireCheckJsonBody
 
     -- Decrypt torkey and password. This acts as product key authentication.
-    torKeyFileContents <- lift $ decryptTorkey productKey req
-    time "Decrypt Tor Key"
-    password <- lift $ decryptPassword productKey req
-    time "Decrypt Password"
-    rsaKeyFileContents <- lift $ decryptRSAKey productKey req
-    time "Decrypto RSA"
+    torKeyFileContents <- decryptTorkey productKey req
+    password           <- decryptPassword productKey req
+    rsaKeyFileContents <- decryptRSAKey productKey req
 
     -- Check for existing registration.
-    lift $ checkExistingPasswordRegistration rootAccountName >>= \case
+    checkExistingPasswordRegistration rootAccountName >>= \case
         Nothing -> pure ()
         Just _  -> sendResponseStatus (Status 209 "Preexisting") ()
-    time "Check Password Registration"
 
     -- install new tor hidden service key and restart tor
-    registerResTorAddress <-
-        lift $ runM (injectFilesystemBaseFromContext settings $ bootupTor torKeyFileContents) >>= \case
-            Just t  -> pure t
-            Nothing -> throwE TorServiceTimeoutE
-    time "Bootstrap Tor Hidden Service"
+    registerResTorAddress <- runM (injectFilesystemBaseFromContext settings $ bootupTor torKeyFileContents) >>= \case
+        Just t  -> pure t
+        Nothing -> throwE TorServiceTimeoutE
 
     -- install new ssl CA cert + nginx conf and restart nginx
     registerResCert <-
         runM . handleS9ErrC . liftEither <=< liftIO . runM . injectFilesystemBaseFromContext settings $ do
             bootupHttpNginx
             runError @S9Error $ bootupSslNginx rsaKeyFileContents
-    time "Bootstrap SSL Configuration"
 
     -- create an hmac of the torAddress + caCert for front end
     registerResTorAddressSig <- produceProofOfKey productKey registerResTorAddress
-    time "Sign Tor Address"
-    registerResCertSig <- produceProofOfKey productKey registerResCert
-    time "Sign Certificate"
+    registerResCertSig       <- produceProofOfKey productKey registerResCert
 
     -- must match CN in config/csr.conf
     let registerResCertName = root_CA_CERT_NAME
     registerResLanAddress <- runM . injectFilesystemBaseFromContext settings $ getStart9AgentHostnameLocal
-    time "Fetch Agent Hostname"
 
     -- registration successful, save the password hash
-    registerResClaimedAt <- lift $ saveAccountRegistration rootAccountName password
-    time "Save Account Registration"
+    registerResClaimedAt  <- saveAccountRegistration rootAccountName password
     pure RegisterRes { .. }
 
 
diff --git a/agent/src/Handler/Register/Nginx.hs b/agent/src/Handler/Register/Nginx.hs
index 8eff38c6d..bc42bba91 100644
--- a/agent/src/Handler/Register/Nginx.hs
+++ b/agent/src/Handler/Register/Nginx.hs
@@ -22,21 +22,8 @@ import           Lib.Synchronizers
 import           Lib.SystemPaths
 import           Lib.Tor
 import           System.Posix                   ( removeLink )
-import           Data.String.Interpolate.IsString
-                                                ( i )
 import           Lib.SystemCtl
 
-time :: MonadIO m => Text -> StateT UTCTime m ()
-time t = do
-    last <- Startlude.get
-    now  <- liftIO getCurrentTime
-    putStrLn @Text [i|#{t}: #{diffUTCTime now last}|]
-    put now
-
-fromSys :: MonadIO m => StateT UTCTime m a -> m a
-fromSys m = liftIO getCurrentTime >>= evalStateT m
-
-
 -- Left error, Right CA cert for hmac signing
 bootupSslNginx :: (HasFilesystemBase sig m, Has (Error S9Error) sig m, Has (Lift IO) sig m, MonadIO m)
                => ByteString
@@ -96,7 +83,7 @@ bootupHttpNginx :: (HasFilesystemBase sig m, MonadIO m) => m ()
 bootupHttpNginx = installAmbassadorUiNginxHTTP "start9-ambassador.conf"
 
 writeSslKeyAndCert :: (MonadIO m, HasFilesystemBase sig m, Has (Error S9Error) sig m) => ByteString -> m Text
-writeSslKeyAndCert rsaKeyFileContents = fromSys $ do
+writeSslKeyAndCert rsaKeyFileContents = do
     directory     <- toS <$> getAbsoluteLocationFor sslDirectory
     caKeyPath     <- toS <$> getAbsoluteLocationFor rootCaKeyPath
     caConfPath    <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
@@ -112,13 +99,10 @@ writeSslKeyAndCert rsaKeyFileContents = fromSys $ do
 
     let hostname = sid <> ".local"
 
-    time "SSL Start"
     liftIO $ createDirectoryIfMissing False directory
     liftIO $ BS.writeFile caKeyPath rsaKeyFileContents
-    time "Write SSL Root Key"
 
     (exit, str1, str2) <- writeRootCaCert caConfPath caKeyPath caCertPath
-    time "Generate SSL Root Cert"
     liftIO $ do
         putStrLn @Text "openssl logs"
         putStrLn @Text "exit code: "

From 4f1eb69378ead18f4a9325411e1fd6ae72d94528 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 22:08:45 -0700
Subject: [PATCH 09/22] removes more timing calls

---
 agent/src/Lib/Ssl.hs | 25 ++-----------------------
 1 file changed, 2 insertions(+), 23 deletions(-)

diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index 14f232dbc..70e76f48c 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -304,18 +304,15 @@ data DeriveCertificate = DeriveCertificate
   , duration          :: Integer
   }
 writeIntermediateCert :: MonadIO m => DeriveCertificate -> m (ExitCode, String, String)
-writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
-  lift . lift $ time "Intermediate Cert Write Start"
+writeIntermediateCert DeriveCertificate {..} = liftIO $ interpret $ do
     -- openssl genrsa -out dump/int.key 4096
   segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
-  lift . lift $ time "Generate intermediate RSA Key"
   -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
   segment $ openssl [i|req -new
                              -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -nodes
                              -out #{applicantCertPath <> ".csr"}|]
-  lift . lift $ time "Generate intermediate CSR"
   -- openssl x509 -CA dump/ca.crt -CAkey dump/ca.key -CAcreateserial -days 3650 -req -in dump/int.csr -out dump/int.crt
   segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
@@ -327,21 +324,16 @@ writeIntermediateCert DeriveCertificate {..} = liftIO $ fromSys $ interpret $ do
                             -notext
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}|]
-  lift . lift $ time "Sign intermediate certificate"
   liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
-  lift . lift $ time "Update certificate chain"
 
 writeLeafCert :: MonadIO m => DeriveCertificate -> Text -> Text -> m (ExitCode, String, String)
-writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ fromSys $ interpret $ do
-  lift . lift $ time "Leaf Cert Write Start"
+writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ interpret $ do
   segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
-  lift . lift $ time "Generate leaf RSA Key"
   segment $ openssl [i|req -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -new
                              -addext subjectAltName=DNS:#{hostname},DNS:*.#{hostname},DNS:#{torAddress},DNS:*.#{torAddress}
                              -out #{applicantCertPath <> ".csr"}|]
-  lift . lift $ time "Generate leaf CSR"
   segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
                             -rand_serial
@@ -353,9 +345,7 @@ writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ fromSys $ in
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}
                             |]
-  lift . lift $ time "Sign leaf CSR"
   liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
-  lift . lift $ time "Update certificate chain"
 
 openssl :: MonadIO m => Text -> m (ExitCode, String, String)
 openssl = liftIO . ($ "") . readProcessWithExitCode "openssl" . fmap toS . words
@@ -374,14 +364,3 @@ segment action = (lift . lift) action >>= \case
   (ExitSuccess, o, e) -> modify (bimap (<> o) (<> e))
   (ec         , o, e) -> modify (bimap (<> o) (<> e)) *> throwE ec
 {-# INLINE segment #-}
-
-time :: MonadIO m => Text -> StateT UTCTime m ()
-time t = do
-  last <- Startlude.get
-  now  <- liftIO getCurrentTime
-  putStrLn @Text [i|#{t}: #{diffUTCTime now last}|]
-  put now
-
-fromSys :: MonadIO m => StateT UTCTime m a -> m a
-fromSys m = liftIO getCurrentTime >>= evalStateT m
-

From 462cace44980691ad80973e2f187c961fd5bc359 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 22:13:36 -0700
Subject: [PATCH 10/22] uncomments rsa replacement synchronizer, removes unused
 code

---
 agent/src/Lib/Synchronizers.hs | 39 +++++++++++-----------------------
 1 file changed, 12 insertions(+), 27 deletions(-)

diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index e526ca75e..7dfb6dbe0 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -61,6 +61,8 @@ import           Settings
 import           Util.File
 import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
 import           Daemon.ZeroConf                ( getStart9AgentHostname )
+import qualified Data.Text                     as T
+import           Handler.Register.Nginx         ( replaceDerivativeCerts )
 
 
 data Synchronizer = Synchronizer
@@ -439,33 +441,16 @@ syncRepairSsl = SyncOp "Repair SSL Certs" check migrate False
             liftIO $ renameDirectory newCerts (toS $ sslDirectory `relativeTo` base)
             liftIO $ systemCtl RestartService "nginx" $> ()
 
--- syncConvertEcdsaCerts :: SyncOp
--- syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
---     where
---         check = do
---             fs     <- asks $ appFilesystemBase . appSettings
---             header <- liftIO $ headMay . lines <$> readFile (toS $ intermediateCaKeyPath `relativeTo` fs)
---             pure $ case header of
---                 Nothing -> False
---                 Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
---         migrate = replaceDerivativeCerts
-
--- syncConvertEcdsaLeafCert :: SyncOp
--- syncConvertEcdsaLeafCert = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
---     where
---         check = do
---             fs     <- asks $ appFilesystemBase . appSettings
---             h      <- injectFilesystemBase fs getStart9AgentHostname
---             header <- liftIO $ headMay . lines <$> readFile (toS $ entityKeyPath h `relativeTo` fs)
---             pure $ case header of
---                 Nothing -> False
---                 Just y  -> "BEGIN RSA PRIVATE" `T.isInfixOf` y
---         migrate = do
---             base <- asks $ appFilesystemBase . appSettings
---             _
-
--- syncRotateExpiringCerts :: SyncOp
--- syncRotateExpiringCerts = _
+syncConvertEcdsaCerts :: SyncOp
+syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
+    where
+        check = do
+            fs     <- asks $ appFilesystemBase . appSettings
+            header <- liftIO $ headMay . lines <$> readFile (toS $ intermediateCaKeyPath `relativeTo` fs)
+            pure $ case header of
+                Nothing -> False
+                Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
+        migrate = replaceDerivativeCerts
 
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do

From 24003a83977faf51ede512ec93ff35182cdfd4a7 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 22:14:52 -0700
Subject: [PATCH 11/22] revert spurious spacing change

---
 agent/src/Lib/Ssl.hs | 104 +++++++++++++++++++++----------------------
 1 file changed, 52 insertions(+), 52 deletions(-)

diff --git a/agent/src/Lib/Ssl.hs b/agent/src/Lib/Ssl.hs
index 70e76f48c..2bec299e6 100644
--- a/agent/src/Lib/Ssl.hs
+++ b/agent/src/Lib/Ssl.hs
@@ -1,16 +1,16 @@
 {-# LANGUAGE RecordWildCards #-}
 {-# LANGUAGE QuasiQuotes #-}
 module Lib.Ssl
-  ( DeriveCertificate(..)
-  , root_CA_CERT_NAME
-  , writeRootCaCert
-  , writeIntermediateCert
-  , domain_CSR_CONF
-  , writeLeafCert
-  , root_CA_OPENSSL_CONF
-  , intermediate_CA_OPENSSL_CONF
-  , segment
-  )
+    ( DeriveCertificate(..)
+    , root_CA_CERT_NAME
+    , writeRootCaCert
+    , writeIntermediateCert
+    , domain_CSR_CONF
+    , writeLeafCert
+    , root_CA_OPENSSL_CONF
+    , intermediate_CA_OPENSSL_CONF
+    , segment
+    )
 where
 
 import           Startlude
@@ -269,52 +269,52 @@ OU = Embassy
 
 writeRootCaCert :: MonadIO m => FilePath -> FilePath -> FilePath -> m (ExitCode, String, String)
 writeRootCaCert confPath keyFilePath certFileDestinationPath = liftIO $ readProcessWithExitCode
-  "openssl"
-  [ "req"
-  , -- use x509
-    "-new"
-  , -- new request
-    "-x509"
-  , -- self signed x509
-    "-nodes"
-  , -- no passphrase
-    "-days"
-  , -- expires in...
-    "3650"
-  , -- valid for 10 years. Max is 20 years
-    "-key"
-  , -- source private key
-    toS keyFilePath
-  , "-out"
+    "openssl"
+    [ "req"
+    , -- use x509
+      "-new"
+    , -- new request
+      "-x509"
+    , -- self signed x509
+      "-nodes"
+    , -- no passphrase
+      "-days"
+    , -- expires in...
+      "3650"
+    , -- valid for 10 years. Max is 20 years
+      "-key"
+    , -- source private key
+      toS keyFilePath
+    , "-out"
     -- target cert path
-  , toS certFileDestinationPath
-  , "-config"
+    , toS certFileDestinationPath
+    , "-config"
       -- configured by...
-  , toS confPath
-  ]
-  ""
+    , toS confPath
+    ]
+    ""
 
 data DeriveCertificate = DeriveCertificate
-  { applicantConfPath :: FilePath
-  , applicantKeyPath  :: FilePath
-  , applicantCertPath :: FilePath
-  , signingConfPath   :: FilePath
-  , signingKeyPath    :: FilePath
-  , signingCertPath   :: FilePath
-  , duration          :: Integer
-  }
+    { applicantConfPath :: FilePath
+    , applicantKeyPath  :: FilePath
+    , applicantCertPath :: FilePath
+    , signingConfPath   :: FilePath
+    , signingKeyPath    :: FilePath
+    , signingCertPath   :: FilePath
+    , duration          :: Integer
+    }
 writeIntermediateCert :: MonadIO m => DeriveCertificate -> m (ExitCode, String, String)
 writeIntermediateCert DeriveCertificate {..} = liftIO $ interpret $ do
     -- openssl genrsa -out dump/int.key 4096
-  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
-  -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
-  segment $ openssl [i|req -new
+    segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
+    -- openssl req -new -config dump/int-csr.conf -key dump/int.key -nodes -out dump/int.csr
+    segment $ openssl [i|req -new
                              -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -nodes
                              -out #{applicantCertPath <> ".csr"}|]
-  -- openssl x509 -CA dump/ca.crt -CAkey dump/ca.key -CAcreateserial -days 3650 -req -in dump/int.csr -out dump/int.crt
-  segment $ openssl [i|ca -batch
+    -- openssl x509 -CA dump/ca.crt -CAkey dump/ca.key -CAcreateserial -days 3650 -req -in dump/int.csr -out dump/int.crt
+    segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
                             -rand_serial
                             -keyfile #{signingKeyPath}
@@ -324,17 +324,17 @@ writeIntermediateCert DeriveCertificate {..} = liftIO $ interpret $ do
                             -notext
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}|]
-  liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+    liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
 
 writeLeafCert :: MonadIO m => DeriveCertificate -> Text -> Text -> m (ExitCode, String, String)
 writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ interpret $ do
-  segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
-  segment $ openssl [i|req -config #{applicantConfPath}
+    segment $ openssl [i|ecparam -genkey -name prime256v1 -noout -out #{applicantKeyPath}|]
+    segment $ openssl [i|req -config #{applicantConfPath}
                              -key #{applicantKeyPath}
                              -new
                              -addext subjectAltName=DNS:#{hostname},DNS:*.#{hostname},DNS:#{torAddress},DNS:*.#{torAddress}
                              -out #{applicantCertPath <> ".csr"}|]
-  segment $ openssl [i|ca -batch
+    segment $ openssl [i|ca -batch
                             -config #{signingConfPath}
                             -rand_serial
                             -keyfile #{signingKeyPath}
@@ -345,7 +345,7 @@ writeLeafCert DeriveCertificate {..} hostname torAddress = liftIO $ interpret $
                             -in #{applicantCertPath <> ".csr"}
                             -out #{applicantCertPath}
                             |]
-  liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
+    liftIO $ readFile signingCertPath >>= appendFile applicantCertPath
 
 openssl :: MonadIO m => Text -> m (ExitCode, String, String)
 openssl = liftIO . ($ "") . readProcessWithExitCode "openssl" . fmap toS . words
@@ -361,6 +361,6 @@ regroup (a, (b, c)) = (a, b, c)
 
 segment :: MonadIO m => m (ExitCode, String, String) -> ExceptT ExitCode (StateT (String, String) m) ()
 segment action = (lift . lift) action >>= \case
-  (ExitSuccess, o, e) -> modify (bimap (<> o) (<> e))
-  (ec         , o, e) -> modify (bimap (<> o) (<> e)) *> throwE ec
+    (ExitSuccess, o, e) -> modify (bimap (<> o) (<> e))
+    (ec         , o, e) -> modify (bimap (<> o) (<> e)) *> throwE ec
 {-# INLINE segment #-}

From 8288679bf62d80640365bb8808b668f62d360485 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 22:16:56 -0700
Subject: [PATCH 12/22] Update agent/src/Handler/Register.hs

---
 agent/src/Handler/Register.hs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/agent/src/Handler/Register.hs b/agent/src/Handler/Register.hs
index e0cf59568..734d821dd 100644
--- a/agent/src/Handler/Register.hs
+++ b/agent/src/Handler/Register.hs
@@ -32,7 +32,6 @@ import           Lib.SystemPaths
 import           Model
 import           Settings
 
-
 postRegisterR :: Handler RegisterRes
 postRegisterR = handleS9ErrT $ do
     settings           <- getsYesod appSettings

From 2b3309b002d69c7857e83bab2e2b895b6f213369 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Mon, 30 Nov 2020 22:25:47 -0700
Subject: [PATCH 13/22] update build scripts

---
 appmgr/build-dev.sh  | 3 ++-
 appmgr/build-prod.sh | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/appmgr/build-dev.sh b/appmgr/build-dev.sh
index e3ed2a7dc..d22bbab10 100755
--- a/appmgr/build-dev.sh
+++ b/appmgr/build-dev.sh
@@ -5,4 +5,5 @@ shopt -s expand_aliases
 
 alias 'rust-arm-builder'='docker run --rm -it -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-arm-cross:latest'
 
-rust-arm-builder cargo build --release
\ No newline at end of file
+cd ..
+rust-arm-builder sh -c "(cd appmgr && cargo build --release)"
\ No newline at end of file
diff --git a/appmgr/build-prod.sh b/appmgr/build-prod.sh
index 673968324..d9bc2db21 100755
--- a/appmgr/build-prod.sh
+++ b/appmgr/build-prod.sh
@@ -5,5 +5,7 @@ shopt -s expand_aliases
 
 alias 'rust-arm-builder'='docker run --rm -it -v "$HOME/.cargo/registry":/root/.cargo/registry -v "$(pwd)":/home/rust/src start9/rust-arm-cross:latest'
 
-rust-arm-builder cargo build --release --features=production
+cd ..
+rust-arm-builder sh -c "(cd appmgr && cargo build --release --features=production)"
+cd appmgr
 rust-arm-builder arm-linux-gnueabi-strip target/armv7-unknown-linux-gnueabihf/release/appmgr
\ No newline at end of file

From 28f120ff43e1074f0cca80b43c80d2290c4c43ca Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 23:23:01 -0700
Subject: [PATCH 14/22] 0.2.6 rc

---
 ui/client-manifest.yaml | 2 +-
 ui/package-lock.json    | 2 +-
 ui/package.json         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/client-manifest.yaml b/ui/client-manifest.yaml
index c9b087b52..1ebe81626 100644
--- a/ui/client-manifest.yaml
+++ b/ui/client-manifest.yaml
@@ -1,6 +1,6 @@
 manifest-version: 0
 app-id: start9-ambassador
-app-version: 0.2.5
+app-version: 0.2.6
 uri-rewrites:
     - =/api -> http://{{start9-ambassador}}:5959/authenticate
     - /api/ -> http://{{start9-ambassador}}:5959/
diff --git a/ui/package-lock.json b/ui/package-lock.json
index ee4c3bfb0..1f76589d5 100644
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "embassy-ui",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/ui/package.json b/ui/package.json
index 1c88a5088..8b2ed3431 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -1,6 +1,6 @@
 {
   "name": "embassy-ui",
-  "version": "0.2.5",
+  "version": "0.2.6",
   "description": "GUI for EmbassyOS",
   "author": "Start9 Labs",
   "homepage": "https://github.com/Start9Labs/embassy-ui",

From d5b07f18a184e82924a638005c2e87a723292848 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Mon, 30 Nov 2020 23:38:01 -0700
Subject: [PATCH 15/22] actually adds ecc sync to the list

---
 agent/src/Lib/Synchronizers.hs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index 7dfb6dbe0..b1a08c009 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -116,6 +116,7 @@ sync_0_2_6 = Synchronizer
     , syncPrepSslRootCaDir
     , syncPrepSslIntermediateCaDir
     , syncPersistLogs
+    , syncConvertEcdsaCerts
     ]
 
 syncCreateAgentTmp :: SyncOp

From 38320e576ef58c4965e2b4327ae1c1a791b28395 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 00:03:31 -0700
Subject: [PATCH 16/22] fix import cycle

---
 agent/src/Application.hs            |  2 +-
 agent/src/Handler/Register/Nginx.hs | 71 ------------------------
 agent/src/Lib/Error.hs              | 57 ++++++++++----------
 agent/src/Lib/Synchronizers.hs      | 83 +++++++++++++++++++++++++++--
 4 files changed, 109 insertions(+), 104 deletions(-)

diff --git a/agent/src/Application.hs b/agent/src/Application.hs
index e13488b46..4f20c9937 100644
--- a/agent/src/Application.hs
+++ b/agent/src/Application.hs
@@ -206,7 +206,7 @@ startupSequence foundation = do
     waitForUpdateSignal foundation
 
 sleep :: Integer -> IO ()
-sleep n = let (full, r) = (n * 1_000_000) `divMod` (fromIntegral $ (maxBound :: Int)) in
+sleep n = let (full, r) = (n * 1_000_000) `divMod` fromIntegral (maxBound :: Int) in
     replicateM_ (fromIntegral full) (threadDelay maxBound) *> threadDelay (fromIntegral r)
 
 --------------------------------------------------------------
diff --git a/agent/src/Handler/Register/Nginx.hs b/agent/src/Handler/Register/Nginx.hs
index bc42bba91..4d38353db 100644
--- a/agent/src/Handler/Register/Nginx.hs
+++ b/agent/src/Handler/Register/Nginx.hs
@@ -22,7 +22,6 @@ import           Lib.Synchronizers
 import           Lib.SystemPaths
 import           Lib.Tor
 import           System.Posix                   ( removeLink )
-import           Lib.SystemCtl
 
 -- Left error, Right CA cert for hmac signing
 bootupSslNginx :: (HasFilesystemBase sig m, Has (Error S9Error) sig m, Has (Lift IO) sig m, MonadIO m)
@@ -157,73 +156,3 @@ writeSslKeyAndCert rsaKeyFileContents = do
         ExitFailure ec -> throwError $ OpenSslE "leaf" ec str1' str2'
 
     readSystemPath' rootCaCertPath
-
-replaceDerivativeCerts :: (HasFilesystemBase sig m, Has (Error S9Error) sig m, MonadIO m) => m ()
-replaceDerivativeCerts = do
-    hn             <- getStart9AgentHostname
-    tor            <- getAgentHiddenServiceUrl
-
-    caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath
-    caConfPath     <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
-    caCertPath     <- toS <$> getAbsoluteLocationFor rootCaCertPath
-
-    intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
-    intCaConfPath  <- toS <$> getAbsoluteLocationFor intermediateCaOpenSslConfPath
-    intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
-
-    sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
-    entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
-    entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
-    entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
-    liftIO $ createDirectoryIfMissing True sslDirTmp
-    liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hn)
-
-    -- ensure duplicate certificates are acceptable
-    base <- Fused.ask @"filesystemBase"
-    liftIO $ BS.writeFile (toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base) "unique_subject = no\n"
-    liftIO $ BS.writeFile (toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base)
-                          "unique_subject = no\n"
-
-    (ec, out, err) <- writeIntermediateCert DeriveCertificate { applicantConfPath = intCaConfPath
-                                                              , applicantKeyPath  = intCaKeyPath
-                                                              , applicantCertPath = intCaCertPath
-                                                              , signingConfPath   = caConfPath
-                                                              , signingKeyPath    = caKeyPath
-                                                              , signingCertPath   = caCertPath
-                                                              , duration          = 3650
-                                                              }
-    liftIO $ do
-        putStrLn @Text "openssl logs"
-        putStrLn @Text "exit code: "
-        print ec
-        putStrLn @String $ "stdout: " <> out
-        putStrLn @String $ "stderr: " <> err
-    case ec of
-        ExitSuccess   -> pure ()
-        ExitFailure n -> throwError $ OpenSslE "leaf" n out err
-
-    (ec', out', err') <- writeLeafCert
-        DeriveCertificate { applicantConfPath = entConfPathTmp
-                          , applicantKeyPath  = entKeyPathTmp
-                          , applicantCertPath = entCertPathTmp
-                          , signingConfPath   = intCaConfPath
-                          , signingKeyPath    = intCaKeyPath
-                          , signingCertPath   = intCaCertPath
-                          , duration          = 365
-                          }
-        hn
-        tor
-    liftIO $ do
-        putStrLn @Text "openssl logs"
-        putStrLn @Text "exit code: "
-        print ec
-        putStrLn @String $ "stdout: " <> out'
-        putStrLn @String $ "stderr: " <> err'
-    case ec' of
-        ExitSuccess   -> pure ()
-        ExitFailure n -> throwError $ OpenSslE "leaf" n out' err'
-
-    sslDir <- toS <$> getAbsoluteLocationFor sslDirectory
-    liftIO $ removeDirectory sslDir
-    liftIO $ renameDirectory sslDirTmp sslDir
-    liftIO $ systemCtl RestartService "nginx" $> ()
diff --git a/agent/src/Lib/Error.hs b/agent/src/Lib/Error.hs
index 6a687b5b7..b014a4c3f 100644
--- a/agent/src/Lib/Error.hs
+++ b/agent/src/Lib/Error.hs
@@ -198,7 +198,7 @@ toStatus = \case
     NoCompliantAgentE _    -> status404
     PersistentE       _    -> status500
     WifiConnectionE        -> status500
-    AppMgrParseE _ _ _     -> status500
+    AppMgrParseE{}         -> status500
     AppMgrInvalidConfigE _ -> status400
     AppMgrE        _ _     -> status500
     AppMgrVersionE _ _     -> status500
@@ -220,28 +220,28 @@ toStatus = \case
         (AppStatusTmp    NeedsConfig, Start) -> status403
         (AppStatusTmp    NeedsConfig, Stop ) -> status200
         (AppStatusTmp    _          , _    ) -> status403
-    UpdateSelfE _ _             -> status500
-    InvalidSshKeyE _            -> status400
-    InvalidSsidE                -> status400
-    InvalidPskE                 -> status400
-    InvalidRequestE _ _         -> status400
-    NotFoundE       _ _         -> status404
-    UpdateInProgressE           -> status403
-    TemporarilyForbiddenE _ _ _ -> status403
-    TorServiceTimeoutE          -> status500
-    NginxSslE _                 -> status500
-    WifiOrphaningE              -> status403
-    ManifestParseE _ _          -> status500
-    NoPasswordExistsE           -> status401
-    MissingFileE        _       -> status500
-    ClientCryptographyE _       -> status401
-    TTLExpirationE      _       -> status403
-    EnvironmentValE     _       -> status500
-    HostsParamsE        _       -> status400
-    BackupE _ _                 -> status500
-    BackupPassInvalidE          -> status403
-    InternalE _                 -> status500
-    OpenSslE _ _ _ _            -> status500
+    UpdateSelfE _ _         -> status500
+    InvalidSshKeyE _        -> status400
+    InvalidSsidE            -> status400
+    InvalidPskE             -> status400
+    InvalidRequestE _ _     -> status400
+    NotFoundE       _ _     -> status404
+    UpdateInProgressE       -> status403
+    TemporarilyForbiddenE{} -> status403
+    TorServiceTimeoutE      -> status500
+    NginxSslE _             -> status500
+    WifiOrphaningE          -> status403
+    ManifestParseE _ _      -> status500
+    NoPasswordExistsE       -> status401
+    MissingFileE        _   -> status500
+    ClientCryptographyE _   -> status401
+    TTLExpirationE      _   -> status403
+    EnvironmentValE     _   -> status500
+    HostsParamsE        _   -> status400
+    BackupE _ _             -> status500
+    BackupPassInvalidE      -> status403
+    InternalE _             -> status500
+    OpenSslE{}              -> status500
 
 handleS9ErrC :: (MonadHandler m, MonadLogger m) => ErrorC S9Error m a -> m a
 handleS9ErrC action =
@@ -251,12 +251,11 @@ handleS9ErrC action =
     in  runErrorC action handleIt pure
 
 handleS9ErrT :: (MonadHandler m, MonadLogger m) => S9ErrT m a -> m a
-handleS9ErrT action = do
-    runExceptT action >>= \case
-        Left e -> do
-            $logError $ show e
-            toStatus >>= sendResponseStatus $ e
-        Right a -> pure a
+handleS9ErrT action = runExceptT action >>= \case
+    Left e -> do
+        $logError $ show e
+        toStatus >>= sendResponseStatus $ e
+    Right a -> pure a
 
 runS9ErrT :: MonadIO m => S9ErrT m a -> m (Either S9Error a)
 runS9ErrT = runExceptT
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index b1a08c009..a22469676 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -5,7 +5,9 @@
 {-# LANGUAGE TemplateHaskell      #-}
 module Lib.Synchronizers where
 
-import           Startlude               hiding ( check )
+import           Startlude               hiding ( check
+                                                , err
+                                                )
 import qualified Startlude.ByteStream          as ByteStream
 import qualified Startlude.ByteStream.Char8    as ByteStream
 
@@ -62,7 +64,7 @@ import           Util.File
 import qualified Lib.Algebra.Domain.AppMgr     as AppMgr2
 import           Daemon.ZeroConf                ( getStart9AgentHostname )
 import qualified Data.Text                     as T
-import           Handler.Register.Nginx         ( replaceDerivativeCerts )
+import           Control.Effect.Error    hiding ( run )
 
 
 data Synchronizer = Synchronizer
@@ -451,7 +453,82 @@ syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check m
             pure $ case header of
                 Nothing -> False
                 Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
-        migrate = replaceDerivativeCerts
+        migrate = cantFail $ do
+            base <- asks $ appFilesystemBase . appSettings
+            (runM . runExceptT) (injectFilesystemBase base replaceDerivativeCerts) >>= \case
+                Left  e  -> failUpdate e
+                Right () -> pure ()
+
+
+replaceDerivativeCerts :: (HasFilesystemBase sig m, Fused.Has (Error S9Error) sig m, MonadIO m) => m ()
+replaceDerivativeCerts = do
+    hn             <- getStart9AgentHostname
+    tor            <- getAgentHiddenServiceUrl
+
+    caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath
+    caConfPath     <- toS <$> getAbsoluteLocationFor rootCaOpenSslConfPath
+    caCertPath     <- toS <$> getAbsoluteLocationFor rootCaCertPath
+
+    intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
+    intCaConfPath  <- toS <$> getAbsoluteLocationFor intermediateCaOpenSslConfPath
+    intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
+
+    sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
+    entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
+    entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
+    entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
+    liftIO $ createDirectoryIfMissing True sslDirTmp
+    liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hn)
+
+    -- ensure duplicate certificates are acceptable
+    base <- Fused.ask @"filesystemBase"
+    liftIO $ BS.writeFile (toS $ (rootCaDirectory <> "index.txt.attr") `relativeTo` base) "unique_subject = no\n"
+    liftIO $ BS.writeFile (toS $ (intermediateCaDirectory <> "index.txt.attr") `relativeTo` base)
+                          "unique_subject = no\n"
+
+    (ec, out, err) <- writeIntermediateCert DeriveCertificate { applicantConfPath = intCaConfPath
+                                                              , applicantKeyPath  = intCaKeyPath
+                                                              , applicantCertPath = intCaCertPath
+                                                              , signingConfPath   = caConfPath
+                                                              , signingKeyPath    = caKeyPath
+                                                              , signingCertPath   = caCertPath
+                                                              , duration          = 3650
+                                                              }
+    liftIO $ do
+        putStrLn @Text "openssl logs"
+        putStrLn @Text "exit code: "
+        print ec
+        putStrLn @String $ "stdout: " <> out
+        putStrLn @String $ "stderr: " <> err
+    case ec of
+        ExitSuccess   -> pure ()
+        ExitFailure n -> throwError $ OpenSslE "leaf" n out err
+
+    (ec', out', err') <- writeLeafCert
+        DeriveCertificate { applicantConfPath = entConfPathTmp
+                          , applicantKeyPath  = entKeyPathTmp
+                          , applicantCertPath = entCertPathTmp
+                          , signingConfPath   = intCaConfPath
+                          , signingKeyPath    = intCaKeyPath
+                          , signingCertPath   = intCaCertPath
+                          , duration          = 365
+                          }
+        hn
+        tor
+    liftIO $ do
+        putStrLn @Text "openssl logs"
+        putStrLn @Text "exit code: "
+        print ec
+        putStrLn @String $ "stdout: " <> out'
+        putStrLn @String $ "stderr: " <> err'
+    case ec' of
+        ExitSuccess   -> pure ()
+        ExitFailure n -> throwError $ OpenSslE "leaf" n out' err'
+
+    sslDir <- toS <$> getAbsoluteLocationFor sslDirectory
+    liftIO $ removeDirectory sslDir
+    liftIO $ renameDirectory sslDirTmp sslDir
+    liftIO $ systemCtl RestartService "nginx" $> ()
 
 failUpdate :: S9Error -> ExceptT Void (ReaderT AgentCtx IO) ()
 failUpdate e = do

From 06c6805b3f05a96216fe1baf24abea8c598d0a73 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 01:32:56 -0700
Subject: [PATCH 17/22] fixes path removal

---
 agent/src/Daemon/SslRenew.hs   | 6 +++---
 agent/src/Lib/Synchronizers.hs | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
index a0b47c97a..dedeb477b 100644
--- a/agent/src/Daemon/SslRenew.hs
+++ b/agent/src/Daemon/SslRenew.hs
@@ -13,8 +13,8 @@ import           Lib.Ssl
 import           Daemon.ZeroConf                ( getStart9AgentHostname )
 import           Lib.Tor
 import           Control.Carrier.Lift
-import           System.Directory               ( renameDirectory
-                                                , removeDirectory
+import           System.Directory               ( removePathForcibly
+                                                , renameDirectory
                                                 )
 import           Lib.SystemCtl
 import qualified Lib.Notifications             as Notifications
@@ -66,7 +66,7 @@ renewSslLeafCert ctx = do
                     $ Notifications.emit (AppId "EmbassyOS") agentVersion
                     $ Notifications.CertRenewFailed (ExitFailure n) out err
         let sslDir = toS $ sslDirectory `relativeTo` base
-        liftIO $ removeDirectory sslDir
+        liftIO $ removePathForcibly sslDir
         liftIO $ renameDirectory sslDirTmp sslDir
         liftIO $ systemCtl RestartService "nginx" $> ()
 
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index a22469676..4f1a618e4 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -526,7 +526,7 @@ replaceDerivativeCerts = do
         ExitFailure n -> throwError $ OpenSslE "leaf" n out' err'
 
     sslDir <- toS <$> getAbsoluteLocationFor sslDirectory
-    liftIO $ removeDirectory sslDir
+    liftIO $ removePathForcibly sslDir
     liftIO $ renameDirectory sslDirTmp sslDir
     liftIO $ systemCtl RestartService "nginx" $> ()
 

From f14493a93cf1236242efa4b56fb216958e7017af Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 11:22:53 -0700
Subject: [PATCH 18/22] only run if ssl has been setup

---
 agent/src/Lib/Synchronizers.hs | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index 4f1a618e4..0a05ac4df 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -448,11 +448,16 @@ syncConvertEcdsaCerts :: SyncOp
 syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check migrate False
     where
         check = do
-            fs     <- asks $ appFilesystemBase . appSettings
-            header <- liftIO $ headMay . lines <$> readFile (toS $ intermediateCaKeyPath `relativeTo` fs)
-            pure $ case header of
-                Nothing -> False
-                Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
+            fs <- asks $ appFilesystemBase . appSettings
+            let intCertKey = toS $ intermediateCaKeyPath `relativeTo` fs
+            exists <- liftIO $ doesPathExist intCertKey
+            if exists
+                then do
+                    header <- liftIO $ headMay . lines <$> readFile intCertKey
+                    pure $ case header of
+                        Nothing -> False
+                        Just y  -> "BEGIN RSA PRIVATE KEY" `T.isInfixOf` y
+                else pure False
         migrate = cantFail $ do
             base <- asks $ appFilesystemBase . appSettings
             (runM . runExceptT) (injectFilesystemBase base replaceDerivativeCerts) >>= \case

From 2b22164fe04188fd2a0ea48c547ab7c93cb38455 Mon Sep 17 00:00:00 2001
From: Matt Hill <matthewonthemoon@gmail.com>
Date: Tue, 1 Dec 2020 11:55:56 -0700
Subject: [PATCH 19/22] remove amb-sdk dep

---
 ui/ionic.config.json                        |    5 -
 ui/package-lock.json                        | 1114 +++++++------------
 ui/package.json                             |    3 +-
 ui/src/app/app.component.html               |   84 +-
 ui/src/app/services/api/mock-api.service.ts |    4 +-
 ui/src/app/util/webview.context.ts          |    8 -
 6 files changed, 442 insertions(+), 776 deletions(-)
 delete mode 100644 ui/ionic.config.json
 delete mode 100644 ui/src/app/util/webview.context.ts

diff --git a/ui/ionic.config.json b/ui/ionic.config.json
deleted file mode 100644
index 58dfd88ad..000000000
--- a/ui/ionic.config.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "name": "Embassy",
-  "integrations": {},
-  "type": "angular"
-}
\ No newline at end of file
diff --git a/ui/package-lock.json b/ui/package-lock.json
index 1f76589d5..764f066a4 100644
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
@@ -243,41 +243,16 @@
       }
     },
     "@angular-devkit/schematics": {
-      "version": "10.1.7",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-10.1.7.tgz",
-      "integrity": "sha512-nk9RXA09b+7uq59HS/gyztNzUGHH/eQAUQhWHdDYSCG6v1lhJVCKx1HgDPELVxmeq9f+HArkAW7Y7c+ccdNQ7A==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-10.2.0.tgz",
+      "integrity": "sha512-TQI5NnE6iM3ChF5gZQ9qb+lZgMWa7aLoF5ksOyT3zrmOuICiQYJhA6SsjV95q7J4M55qYymwBib8KTqU/xuQww==",
       "dev": true,
       "requires": {
-        "@angular-devkit/core": "10.1.7",
+        "@angular-devkit/core": "10.2.0",
         "ora": "5.0.0",
         "rxjs": "6.6.2"
       },
       "dependencies": {
-        "@angular-devkit/core": {
-          "version": "10.1.7",
-          "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-10.1.7.tgz",
-          "integrity": "sha512-RRyDkN2FByA+nlnRx/MzUMK1FXwj7+SsrzJcvZfWx4yA5rfKmJiJryXQEzL44GL1aoaXSuvOYu3H72wxZADN8Q==",
-          "dev": true,
-          "requires": {
-            "ajv": "6.12.4",
-            "fast-json-stable-stringify": "2.1.0",
-            "magic-string": "0.25.7",
-            "rxjs": "6.6.2",
-            "source-map": "0.7.3"
-          }
-        },
-        "ajv": {
-          "version": "6.12.4",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
-          "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^3.1.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
         "rxjs": {
           "version": "6.6.2",
           "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
@@ -287,12 +262,6 @@
             "tslib": "^1.9.0"
           }
         },
-        "source-map": {
-          "version": "0.7.3",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-          "dev": true
-        },
         "tslib": {
           "version": "1.14.1",
           "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
@@ -302,16 +271,16 @@
       }
     },
     "@angular/cli": {
-      "version": "10.1.7",
-      "resolved": "https://registry.npmjs.org/@angular/cli/-/cli-10.1.7.tgz",
-      "integrity": "sha512-0tbeHnPIzSV/z+KlZT7N2J1yMnwQi4xIxvbsANrLjoAxNssse84i9BDdMZYsPoV8wbzcDhFOtt5KmfTO0GIeYQ==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/@angular/cli/-/cli-10.2.0.tgz",
+      "integrity": "sha512-YBzwkFBmG6CdUJk8onsPXxHX/ByU5MERBQgYhLC873e2nZlXMUu+Ttq2Wai6apyskGvsXKxZNPOQSFZTGKXzXg==",
       "dev": true,
       "requires": {
-        "@angular-devkit/architect": "0.1001.7",
-        "@angular-devkit/core": "10.1.7",
-        "@angular-devkit/schematics": "10.1.7",
-        "@schematics/angular": "10.1.7",
-        "@schematics/update": "0.1001.7",
+        "@angular-devkit/architect": "0.1002.0",
+        "@angular-devkit/core": "10.2.0",
+        "@angular-devkit/schematics": "10.2.0",
+        "@schematics/angular": "10.2.0",
+        "@schematics/update": "0.1002.0",
         "@yarnpkg/lockfile": "1.1.0",
         "ansi-colors": "4.1.1",
         "debug": "4.1.1",
@@ -329,41 +298,6 @@
         "uuid": "8.3.0"
       },
       "dependencies": {
-        "@angular-devkit/architect": {
-          "version": "0.1001.7",
-          "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1001.7.tgz",
-          "integrity": "sha512-uFYIvMdewU44GbIyRfsUHNMLkx+C0kokpnj7eH5NbJfbyFpCfd3ijBHh+voPdPsDRWs9lLgjbxfHpswSPj4D8w==",
-          "dev": true,
-          "requires": {
-            "@angular-devkit/core": "10.1.7",
-            "rxjs": "6.6.2"
-          }
-        },
-        "@angular-devkit/core": {
-          "version": "10.1.7",
-          "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-10.1.7.tgz",
-          "integrity": "sha512-RRyDkN2FByA+nlnRx/MzUMK1FXwj7+SsrzJcvZfWx4yA5rfKmJiJryXQEzL44GL1aoaXSuvOYu3H72wxZADN8Q==",
-          "dev": true,
-          "requires": {
-            "ajv": "6.12.4",
-            "fast-json-stable-stringify": "2.1.0",
-            "magic-string": "0.25.7",
-            "rxjs": "6.6.2",
-            "source-map": "0.7.3"
-          }
-        },
-        "ajv": {
-          "version": "6.12.4",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
-          "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^3.1.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
         "ansi-colors": {
           "version": "4.1.1",
           "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
@@ -379,37 +313,6 @@
             "ms": "^2.1.1"
           }
         },
-        "open": {
-          "version": "7.2.0",
-          "resolved": "https://registry.npmjs.org/open/-/open-7.2.0.tgz",
-          "integrity": "sha512-4HeyhxCvBTI5uBePsAdi55C5fmqnWZ2e2MlmvWi5KW5tdH5rxoiv/aMtbeVxKZc3eWkT1GymMnLG8XC4Rq4TDQ==",
-          "dev": true,
-          "requires": {
-            "is-docker": "^2.0.0",
-            "is-wsl": "^2.1.1"
-          }
-        },
-        "rxjs": {
-          "version": "6.6.2",
-          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
-          "integrity": "sha512-BHdBMVoWC2sL26w//BCu3YzKT4s2jip/WhwsGEDmeKYBhKDZeYezVUnHatYB7L85v5xs0BAQmg6BEYJEKxBabg==",
-          "dev": true,
-          "requires": {
-            "tslib": "^1.9.0"
-          }
-        },
-        "source-map": {
-          "version": "0.7.3",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-          "dev": true
-        },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
-        },
         "uuid": {
           "version": "8.3.0",
           "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.0.tgz",
@@ -419,26 +322,26 @@
       }
     },
     "@angular/common": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/common/-/common-10.1.6.tgz",
-      "integrity": "sha512-4ywlUHHF5ofZRTHJ/jQTHoO8Tu05Wvn+3N7swaJ9yAfiywbSE4Bop6FYsocxaxROrGS0k6Unvgj8+J7x6AeqlA==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/common/-/common-10.2.3.tgz",
+      "integrity": "sha512-xKKN8bgdudktVC/gwUtdeS2khYqSENWQe1CS8nE0V88qKCftwPhCD5Ovp6+6LflqvQhJWb0guf7HXjq9oBqO2w==",
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/compiler": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/compiler/-/compiler-10.1.6.tgz",
-      "integrity": "sha512-LynYIrzSV+7pVcY5a3N3mCtyZ2eMKzIk1iKLI76w4PHfJBTpBuv8L8aSy/kmnaPwCT/YM/657DMMy2A4HwU5nw==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/compiler/-/compiler-10.2.3.tgz",
+      "integrity": "sha512-Bg+QbyvJVlfGQpJCagEMkkqoRi2LMQc8iuu+cVYVqQOETLO0LxmkPpMQ/7pRLTNWl36PoYEB7IjUkp+qng8xKg==",
       "dev": true,
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/compiler-cli": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/compiler-cli/-/compiler-cli-10.1.6.tgz",
-      "integrity": "sha512-FPb/9E4HEhFWlCPf85xtmgXDmnD+iTtfjPATEMERRY0/si1Or9JeFya2VLdWldOmBQYqnvxc9o/rpdNkpT8TYA==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/compiler-cli/-/compiler-cli-10.2.3.tgz",
+      "integrity": "sha512-29RL/lIbHpjoWMUz23cyRcyG50PXqvxlLk0IpyCUWDVtPp6Hc8S/JayxeSwxNST79miDobGaeiGmS0JHuCouVQ==",
       "dev": true,
       "requires": {
         "canonical-path": "1.0.0",
@@ -612,47 +515,47 @@
       }
     },
     "@angular/core": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/core/-/core-10.1.6.tgz",
-      "integrity": "sha512-sUleQouCedT87VOCb49T7cm6La2VeJg1omtO5+QfjWmifNcQ/nqV56Zxov3RT7CmsVwVbkA0X5Q62oSEPAUXrw==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/core/-/core-10.2.3.tgz",
+      "integrity": "sha512-mE6nLpul/IJllk0VYrlrP69n0P7JPz+BHYAVobwO5+0EGO65ieTD18DxzfEt4eQgthnM3VQwSZxjW4n9Y1p/dQ==",
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/forms": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/forms/-/forms-10.1.6.tgz",
-      "integrity": "sha512-sTPnwL0r7lniv2/XU4nK3eU9osGpGD4YdJ0qLsXfR/ku4mhgbKk/taVBTmAdQwWBUOOafzU1yG9asvsm8H1Kbw==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/forms/-/forms-10.2.3.tgz",
+      "integrity": "sha512-IcQ0xK+f84khGAs6cd0BUJIebFV3KQsVF9kbAX10bpPmleI62xI074mIefAiu3ZLEOm3OnhYDDZwrrk7UIrmow==",
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/language-service": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/language-service/-/language-service-10.1.6.tgz",
-      "integrity": "sha512-lxZHL4RGjir6acj0eF7xihIXWtRg/Z4Y+PMX7fKEI66hc1sLxH+AKkZKG6yr+rrJK2DcakC8Izz/BO+BS2ELjw==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/language-service/-/language-service-10.2.3.tgz",
+      "integrity": "sha512-8rtNG3HjBdUMlKcakh6gDfFvYSS5X16ymbVR0i2L/Nc4d9HuqgKrIrsNY4We/jSBoAjo/CGS8AvbscMa8oW4Eg==",
       "dev": true
     },
     "@angular/platform-browser": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/platform-browser/-/platform-browser-10.1.6.tgz",
-      "integrity": "sha512-kN2ik35eBqFWNmKPRkZbp5qHkhNINf3PudFUy9ii8kP01OL+Nyrn0MBisIHl3sf+KOV8sf9dMQGPOyQDz22wig==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/platform-browser/-/platform-browser-10.2.3.tgz",
+      "integrity": "sha512-ElTuRF4SWhYxJypDlaa/n49DrqrWV2tYU5kkgF+VNbVbvzKHnVEZe4x1KSWrEzIyewcjxwwE6ZF0oXMdd4AZQQ==",
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/platform-browser-dynamic": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/platform-browser-dynamic/-/platform-browser-dynamic-10.1.6.tgz",
-      "integrity": "sha512-MOdaLnbAXVruYpV0Q5CXLb/fP6xHxWzjRhAh7sLaIIu/TnhTSZpxgxZxBx05hvzP4rH/7S2XvAiuQQomevCIXQ==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/platform-browser-dynamic/-/platform-browser-dynamic-10.2.3.tgz",
+      "integrity": "sha512-ujwcGzlWQ6S83iHIF3ArfDn8ik8YETZcuSMCTxjaNv8kwEqiRzchZDkheJpoH9HyddnM6UVGL6D/5k11TMWTew==",
       "requires": {
         "tslib": "^2.0.0"
       }
     },
     "@angular/router": {
-      "version": "10.1.6",
-      "resolved": "https://registry.npmjs.org/@angular/router/-/router-10.1.6.tgz",
-      "integrity": "sha512-MV8kSDhboFRH23MnrQvNGHncMb4nkdJDwS108p7oNZjjDkUUR3A5TMWmmN/3BRnue6JoPRWBCPyb53cA21schQ==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/@angular/router/-/router-10.2.3.tgz",
+      "integrity": "sha512-QUVqEOai3hASeMgTXIVo9Ql6EGJ+v0QHs/O+5pFplXGAzMQDpCnrpOuB4FExWxdafiiYfKfLlNvxj0tEJ2gU0w==",
       "requires": {
         "tslib": "^2.0.0"
       }
@@ -667,9 +570,9 @@
       }
     },
     "@babel/compat-data": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.12.1.tgz",
-      "integrity": "sha512-725AQupWJZ8ba0jbKceeFblZTY90McUBWMwHhkFQ9q1zKPJ95GUktljFcgcsIVwRnTnRKlcYzfiNImg5G9m6ZQ==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.12.7.tgz",
+      "integrity": "sha512-YaxPMGs/XIWtYqrdEOZOCPsVWfEoriXopnsz3/i7apYPXQ3698UFhS6dVT1KN5qOsWmVgw/FOrmQgpRaZayGsw==",
       "dev": true
     },
     "@babel/core": {
@@ -749,14 +652,14 @@
       }
     },
     "@babel/helper-compilation-targets": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.12.1.tgz",
-      "integrity": "sha512-jtBEif7jsPwP27GPHs06v4WBV0KrE8a/P7n0N0sSvHn2hwUCYnolP/CLmz51IzAW4NlN+HuoBtb9QcwnRo9F/g==",
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.12.5.tgz",
+      "integrity": "sha512-+qH6NrscMolUlzOYngSBMIOQpKUGPPsc61Bu5W10mg84LxZ7cmvnBHzARKbDoFxVvqqAbj6Tg6N7bSrWSPXMyw==",
       "dev": true,
       "requires": {
-        "@babel/compat-data": "^7.12.1",
+        "@babel/compat-data": "^7.12.5",
         "@babel/helper-validator-option": "^7.12.1",
-        "browserslist": "^4.12.0",
+        "browserslist": "^4.14.5",
         "semver": "^5.5.0"
       },
       "dependencies": {
@@ -782,13 +685,12 @@
       }
     },
     "@babel/helper-create-regexp-features-plugin": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.12.1.tgz",
-      "integrity": "sha512-rsZ4LGvFTZnzdNZR5HZdmJVuXK8834R5QkF3WvcnBhrlVtF0HSIUC6zbreL9MgjTywhKokn8RIYRiq99+DLAxA==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.12.7.tgz",
+      "integrity": "sha512-idnutvQPdpbduutvi3JVfEgcVIHooQnhvhx0Nk9isOINOIGYkZea1Pk2JlJRiUnMefrlvr0vkByATBY/mB4vjQ==",
       "dev": true,
       "requires": {
         "@babel/helper-annotate-as-pure": "^7.10.4",
-        "@babel/helper-regex": "^7.10.4",
         "regexpu-core": "^4.7.1"
       }
     },
@@ -842,21 +744,21 @@
       }
     },
     "@babel/helper-member-expression-to-functions": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.12.1.tgz",
-      "integrity": "sha512-k0CIe3tXUKTRSoEx1LQEPFU9vRQfqHtl+kf8eNnDqb4AUJEy5pz6aIiog+YWtVm2jpggjS1laH68bPsR+KWWPQ==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.12.7.tgz",
+      "integrity": "sha512-DCsuPyeWxeHgh1Dus7APn7iza42i/qXqiFPWyBDdOFtvS581JQePsc1F/nD+fHrcswhLlRc2UpYS1NwERxZhHw==",
       "dev": true,
       "requires": {
-        "@babel/types": "^7.12.1"
+        "@babel/types": "^7.12.7"
       }
     },
     "@babel/helper-module-imports": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.12.1.tgz",
-      "integrity": "sha512-ZeC1TlMSvikvJNy1v/wPIazCu3NdOwgYZLIkmIyAsGhqkNpiDoQQRmaCK8YP4Pq3GPTLPV9WXaPCJKvx06JxKA==",
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.12.5.tgz",
+      "integrity": "sha512-SR713Ogqg6++uexFRORf/+nPXMmWIn80TALu0uaFb+iQIUoR7bOC7zBWyzBs5b3tBBJXuyD0cRu1F15GyzjOWA==",
       "dev": true,
       "requires": {
-        "@babel/types": "^7.12.1"
+        "@babel/types": "^7.12.5"
       }
     },
     "@babel/helper-module-transforms": {
@@ -877,12 +779,12 @@
       }
     },
     "@babel/helper-optimise-call-expression": {
-      "version": "7.10.4",
-      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.10.4.tgz",
-      "integrity": "sha512-n3UGKY4VXwXThEiKrgRAoVPBMqeoPgHVqiHZOanAJCG9nQUL2pLRQirUzl0ioKclHGpGqRgIOkgcIJaIWLpygg==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.12.7.tgz",
+      "integrity": "sha512-I5xc9oSJ2h59OwyUqjv95HRyzxj53DAubUERgQMrpcCEYQyToeHA+NEcUEsVWB4j53RDeskeBJ0SgRAYHDBckw==",
       "dev": true,
       "requires": {
-        "@babel/types": "^7.10.4"
+        "@babel/types": "^7.12.7"
       }
     },
     "@babel/helper-plugin-utils": {
@@ -891,15 +793,6 @@
       "integrity": "sha512-O4KCvQA6lLiMU9l2eawBPMf1xPP8xPfB3iEQw150hOVTqj/rfXz0ThTb4HEzqQfs2Bmo5Ay8BzxfzVtBrr9dVg==",
       "dev": true
     },
-    "@babel/helper-regex": {
-      "version": "7.10.5",
-      "resolved": "https://registry.npmjs.org/@babel/helper-regex/-/helper-regex-7.10.5.tgz",
-      "integrity": "sha512-68kdUAzDrljqBrio7DYAEgCoJHxppJOERHOgOrDN7WjOzP0ZQ1LsSDRXcemzVZaLvjaJsJEESb6qt+znNuENDg==",
-      "dev": true,
-      "requires": {
-        "lodash": "^4.17.19"
-      }
-    },
     "@babel/helper-remap-async-to-generator": {
       "version": "7.12.1",
       "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.12.1.tgz",
@@ -912,15 +805,15 @@
       }
     },
     "@babel/helper-replace-supers": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.12.1.tgz",
-      "integrity": "sha512-zJjTvtNJnCFsCXVi5rUInstLd/EIVNmIKA1Q9ynESmMBWPWd+7sdR+G4/wdu+Mppfep0XLyG2m7EBPvjCeFyrw==",
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.12.5.tgz",
+      "integrity": "sha512-5YILoed0ZyIpF4gKcpZitEnXEJ9UoDRki1Ey6xz46rxOzfNMAhVIJMoune1hmPVxh40LRv1+oafz7UsWX+vyWA==",
       "dev": true,
       "requires": {
         "@babel/helper-member-expression-to-functions": "^7.12.1",
         "@babel/helper-optimise-call-expression": "^7.10.4",
-        "@babel/traverse": "^7.12.1",
-        "@babel/types": "^7.12.1"
+        "@babel/traverse": "^7.12.5",
+        "@babel/types": "^7.12.5"
       }
     },
     "@babel/helper-simple-access": {
@@ -975,14 +868,14 @@
       }
     },
     "@babel/helpers": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.12.1.tgz",
-      "integrity": "sha512-9JoDSBGoWtmbay98efmT2+mySkwjzeFeAL9BuWNoVQpkPFQF8SIIFUfY5os9u8wVzglzoiPRSW7cuJmBDUt43g==",
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.12.5.tgz",
+      "integrity": "sha512-lgKGMQlKqA8meJqKsW6rUnc4MdUk35Ln0ATDqdM1a/UpARODdI4j5Y5lVfUScnSNkJcdCRAaWkspykNoFg9sJA==",
       "dev": true,
       "requires": {
         "@babel/template": "^7.10.4",
-        "@babel/traverse": "^7.12.1",
-        "@babel/types": "^7.12.1"
+        "@babel/traverse": "^7.12.5",
+        "@babel/types": "^7.12.5"
       }
     },
     "@babel/highlight": {
@@ -997,9 +890,9 @@
       }
     },
     "@babel/parser": {
-      "version": "7.12.3",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.3.tgz",
-      "integrity": "sha512-kFsOS0IbsuhO5ojF8Hc8z/8vEIOkylVBrjiZUbLTE3XFe0Qi+uu6HjzQixkFaqr0ZPAMZcBVxEwmsnsLPZ2Xsw==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.12.7.tgz",
+      "integrity": "sha512-oWR02Ubp4xTLCAqPRiNIuMVgNO5Aif/xpXtabhzW2HWUD47XJsAB4Zd/Rg30+XeQA3juXigV7hlquOTmwqLiwg==",
       "dev": true
     },
     "@babel/plugin-proposal-async-generator-functions": {
@@ -1074,9 +967,9 @@
       }
     },
     "@babel/plugin-proposal-numeric-separator": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.12.1.tgz",
-      "integrity": "sha512-MR7Ok+Af3OhNTCxYVjJZHS0t97ydnJZt/DbR4WISO39iDnhiD8XHrY12xuSJ90FFEGjir0Fzyyn7g/zY6hxbxA==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-numeric-separator/-/plugin-proposal-numeric-separator-7.12.7.tgz",
+      "integrity": "sha512-8c+uy0qmnRTeukiGsjLGy6uVs/TFjJchGXUeBqlG4VWYOdJWkhhVPdQ3uHwbmalfJwv2JsV0qffXP4asRfL2SQ==",
       "dev": true,
       "requires": {
         "@babel/helper-plugin-utils": "^7.10.4",
@@ -1105,9 +998,9 @@
       }
     },
     "@babel/plugin-proposal-optional-chaining": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.12.1.tgz",
-      "integrity": "sha512-c2uRpY6WzaVDzynVY9liyykS+kVU+WRZPMPYpkelXH8KBt1oXoI89kPbZKKG/jDT5UK92FTW2fZkZaJhdiBabw==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-optional-chaining/-/plugin-proposal-optional-chaining-7.12.7.tgz",
+      "integrity": "sha512-4ovylXZ0PWmwoOvhU2vhnzVNnm88/Sm9nx7V8BPgMvAzn5zDou3/Awy0EjglyubVHasJj+XCEkr/r1X3P5elCA==",
       "dev": true,
       "requires": {
         "@babel/helper-plugin-utils": "^7.10.4",
@@ -1531,13 +1424,12 @@
       }
     },
     "@babel/plugin-transform-sticky-regex": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.12.1.tgz",
-      "integrity": "sha512-CiUgKQ3AGVk7kveIaPEET1jNDhZZEl1RPMWdTBE1799bdz++SwqDHStmxfCtDfBhQgCl38YRiSnrMuUMZIWSUQ==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.12.7.tgz",
+      "integrity": "sha512-VEiqZL5N/QvDbdjfYQBhruN0HYjSPjC4XkeqW4ny/jNtH9gcbgaqBIXYEZCNnESMAGs0/K/R7oFGMhOyu/eIxg==",
       "dev": true,
       "requires": {
-        "@babel/helper-plugin-utils": "^7.10.4",
-        "@babel/helper-regex": "^7.10.4"
+        "@babel/helper-plugin-utils": "^7.10.4"
       }
     },
     "@babel/plugin-transform-template-literals": {
@@ -1695,29 +1587,29 @@
       }
     },
     "@babel/traverse": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.12.1.tgz",
-      "integrity": "sha512-MA3WPoRt1ZHo2ZmoGKNqi20YnPt0B1S0GTZEPhhd+hw2KGUzBlHuVunj6K4sNuK+reEvyiPwtp0cpaqLzJDmAw==",
+      "version": "7.12.9",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.12.9.tgz",
+      "integrity": "sha512-iX9ajqnLdoU1s1nHt36JDI9KG4k+vmI8WgjK5d+aDTwQbL2fUnzedNedssA645Ede3PM2ma1n8Q4h2ohwXgMXw==",
       "dev": true,
       "requires": {
         "@babel/code-frame": "^7.10.4",
-        "@babel/generator": "^7.12.1",
+        "@babel/generator": "^7.12.5",
         "@babel/helper-function-name": "^7.10.4",
         "@babel/helper-split-export-declaration": "^7.11.0",
-        "@babel/parser": "^7.12.1",
-        "@babel/types": "^7.12.1",
+        "@babel/parser": "^7.12.7",
+        "@babel/types": "^7.12.7",
         "debug": "^4.1.0",
         "globals": "^11.1.0",
         "lodash": "^4.17.19"
       },
       "dependencies": {
         "@babel/generator": {
-          "version": "7.12.1",
-          "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.12.1.tgz",
-          "integrity": "sha512-DB+6rafIdc9o72Yc3/Ph5h+6hUjeOp66pF0naQBgUFFuPqzQwIlPTm3xZR7YNvduIMtkDIj2t21LSQwnbCrXvg==",
+          "version": "7.12.5",
+          "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.12.5.tgz",
+          "integrity": "sha512-m16TQQJ8hPt7E+OS/XVQg/7U184MLXtvuGbCdA7na61vha+ImkyyNM/9DDA0unYCVZn3ZOhng+qz48/KBOT96A==",
           "dev": true,
           "requires": {
-            "@babel/types": "^7.12.1",
+            "@babel/types": "^7.12.5",
             "jsesc": "^2.5.1",
             "source-map": "^0.5.0"
           }
@@ -1731,9 +1623,9 @@
       }
     },
     "@babel/types": {
-      "version": "7.12.1",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.12.1.tgz",
-      "integrity": "sha512-BzSY3NJBKM4kyatSOWh3D/JJ2O3CVzBybHWxtgxnggaxEuaSTTDqeiSb/xk9lrkw2Tbqyivw5ZU4rT+EfznQsA==",
+      "version": "7.12.7",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.12.7.tgz",
+      "integrity": "sha512-MNyI92qZq6jrQkXvtIiykvl4WtoRrVV9MPn+ZfsoEENjiWcBQ3ZSHrkxnJWgWtLX3XXqX5hrSQ+X69wkmesXuQ==",
       "dev": true,
       "requires": {
         "@babel/helper-validator-identifier": "^7.10.4",
@@ -1742,11 +1634,11 @@
       }
     },
     "@ionic/angular": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/@ionic/angular/-/angular-5.4.0.tgz",
-      "integrity": "sha512-FpAdtPfN8TgXwkkk+zG1h1QZBkyVhOjlbyMXLO2G8Z67q7eKao0AAE22BjzhKO9STGDlzPViEpzG4QZMPYih8g==",
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/@ionic/angular/-/angular-5.5.1.tgz",
+      "integrity": "sha512-54aGiuZSnKcxN3gdsQN4LMdW96X/0crdnIUlAJt4DhdsrwjzHNEjCaXUTstAcpB1Rxbz5/uWbzpDcd174izkxQ==",
       "requires": {
-        "@ionic/core": "5.4.0",
+        "@ionic/core": "5.5.1",
         "tslib": "^1.9.3"
       },
       "dependencies": {
@@ -1771,6 +1663,12 @@
         "ws": "^7.0.1"
       },
       "dependencies": {
+        "colorette": {
+          "version": "1.1.0",
+          "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.1.0.tgz",
+          "integrity": "sha512-6S062WDQUXi6hOfkO/sBPVwE5ASXY4G2+b4atvhJfSsuUUhIaUKlkjLe9692Ipyt5/a+IPF5aVTu3V5gvXq5cg==",
+          "dev": true
+        },
         "tslib": {
           "version": "1.14.1",
           "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
@@ -1778,9 +1676,9 @@
           "dev": true
         },
         "ws": {
-          "version": "7.3.1",
-          "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.1.tgz",
-          "integrity": "sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==",
+          "version": "7.4.0",
+          "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.0.tgz",
+          "integrity": "sha512-kyFwXuV/5ymf+IXhS6f0+eAFvydbaBW3zjpT6hUdAh/hbVjTIB5EHBGi0bPoCLSK2wcuz3BrEkB9LrYv1Nm4NQ==",
           "dev": true
         }
       }
@@ -1871,9 +1769,9 @@
       }
     },
     "@ionic/core": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/@ionic/core/-/core-5.4.0.tgz",
-      "integrity": "sha512-VmAqWWNozVDms2tA0I0fiqgu1tRdh58uhxwM8+xOVjIy8yoJmFxc5/glg4XIrbsYRfb347UICFx75Eh464zJJw==",
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/@ionic/core/-/core-5.5.1.tgz",
+      "integrity": "sha512-ytsweRqFeupuVzMJydjh0w0RMjlI+GkHwXQ5SwVuto+cRxA9aKPkcxELzOWYRto3E00jbXFBThGhoL+jNUsK7g==",
       "requires": {
         "ionicons": "^5.1.2",
         "tslib": "^1.10.0"
@@ -2001,13 +1899,21 @@
           }
         },
         "jsonfile": {
-          "version": "6.0.1",
-          "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.0.1.tgz",
-          "integrity": "sha512-jR2b5v7d2vIOust+w3wtFKZIfpC2pnRmFAhAC/BuweZFQR8qZzxH1OyrQ10HmdVYiXWkYUqPVsz91cG7EL2FBg==",
+          "version": "6.1.0",
+          "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
+          "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
           "dev": true,
           "requires": {
             "graceful-fs": "^4.1.6",
-            "universalify": "^1.0.0"
+            "universalify": "^2.0.0"
+          },
+          "dependencies": {
+            "universalify": {
+              "version": "2.0.0",
+              "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz",
+              "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==",
+              "dev": true
+            }
           }
         },
         "universalify": {
@@ -2276,176 +2182,30 @@
       }
     },
     "@schematics/angular": {
-      "version": "10.1.7",
-      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-10.1.7.tgz",
-      "integrity": "sha512-jcyLWDSbpgHvB/BNVSsV4uLJpC2qRx9Z5+rcQpBB1BerqIPS/1cTQg7TViHZtcqnZqWvzHR3jfqzDUSOCZpuJQ==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-10.2.0.tgz",
+      "integrity": "sha512-rJRTTTL8CMMFb3ebCvAVHKHxuNzRqy/HtbXhJ82l5Xo/jXcm74eV2Q0RBUrNo1yBKWFIR+FIwiXLJaGcC/R9Pw==",
       "dev": true,
       "requires": {
-        "@angular-devkit/core": "10.1.7",
-        "@angular-devkit/schematics": "10.1.7",
+        "@angular-devkit/core": "10.2.0",
+        "@angular-devkit/schematics": "10.2.0",
         "jsonc-parser": "2.3.0"
-      },
-      "dependencies": {
-        "@angular-devkit/core": {
-          "version": "10.1.7",
-          "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-10.1.7.tgz",
-          "integrity": "sha512-RRyDkN2FByA+nlnRx/MzUMK1FXwj7+SsrzJcvZfWx4yA5rfKmJiJryXQEzL44GL1aoaXSuvOYu3H72wxZADN8Q==",
-          "dev": true,
-          "requires": {
-            "ajv": "6.12.4",
-            "fast-json-stable-stringify": "2.1.0",
-            "magic-string": "0.25.7",
-            "rxjs": "6.6.2",
-            "source-map": "0.7.3"
-          }
-        },
-        "ajv": {
-          "version": "6.12.4",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
-          "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^3.1.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
-        "rxjs": {
-          "version": "6.6.2",
-          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
-          "integrity": "sha512-BHdBMVoWC2sL26w//BCu3YzKT4s2jip/WhwsGEDmeKYBhKDZeYezVUnHatYB7L85v5xs0BAQmg6BEYJEKxBabg==",
-          "dev": true,
-          "requires": {
-            "tslib": "^1.9.0"
-          }
-        },
-        "source-map": {
-          "version": "0.7.3",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-          "dev": true
-        },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
-        }
       }
     },
     "@schematics/update": {
-      "version": "0.1001.7",
-      "resolved": "https://registry.npmjs.org/@schematics/update/-/update-0.1001.7.tgz",
-      "integrity": "sha512-q7g/9YaAiqyWxYmUXiSWxB9xwc30xL5iUWY3Rp2LXSH6ihaRsLabmNr743R2YQmMj2Ss+9OhILHmj7nMmqODgw==",
+      "version": "0.1002.0",
+      "resolved": "https://registry.npmjs.org/@schematics/update/-/update-0.1002.0.tgz",
+      "integrity": "sha512-g2bfJSAj3x/YL0GNhnHsDSQmO6DoxSnLxoFLqNN5+ukxK5jq7OZNDwMJGxZ3X6RcSMWKEkIKL/wlq9yhj2T/kw==",
       "dev": true,
       "requires": {
-        "@angular-devkit/core": "10.1.7",
-        "@angular-devkit/schematics": "10.1.7",
+        "@angular-devkit/core": "10.2.0",
+        "@angular-devkit/schematics": "10.2.0",
         "@yarnpkg/lockfile": "1.1.0",
         "ini": "1.3.5",
         "npm-package-arg": "^8.0.0",
         "pacote": "9.5.12",
         "semver": "7.3.2",
         "semver-intersect": "1.4.0"
-      },
-      "dependencies": {
-        "@angular-devkit/core": {
-          "version": "10.1.7",
-          "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-10.1.7.tgz",
-          "integrity": "sha512-RRyDkN2FByA+nlnRx/MzUMK1FXwj7+SsrzJcvZfWx4yA5rfKmJiJryXQEzL44GL1aoaXSuvOYu3H72wxZADN8Q==",
-          "dev": true,
-          "requires": {
-            "ajv": "6.12.4",
-            "fast-json-stable-stringify": "2.1.0",
-            "magic-string": "0.25.7",
-            "rxjs": "6.6.2",
-            "source-map": "0.7.3"
-          }
-        },
-        "ajv": {
-          "version": "6.12.4",
-          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
-          "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
-          "dev": true,
-          "requires": {
-            "fast-deep-equal": "^3.1.1",
-            "fast-json-stable-stringify": "^2.0.0",
-            "json-schema-traverse": "^0.4.1",
-            "uri-js": "^4.2.2"
-          }
-        },
-        "rxjs": {
-          "version": "6.6.2",
-          "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-6.6.2.tgz",
-          "integrity": "sha512-BHdBMVoWC2sL26w//BCu3YzKT4s2jip/WhwsGEDmeKYBhKDZeYezVUnHatYB7L85v5xs0BAQmg6BEYJEKxBabg==",
-          "dev": true,
-          "requires": {
-            "tslib": "^1.9.0"
-          }
-        },
-        "source-map": {
-          "version": "0.7.3",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-          "dev": true
-        },
-        "tslib": {
-          "version": "1.14.1",
-          "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-          "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-          "dev": true
-        }
-      }
-    },
-    "@start9labs/ambassador-sdk": {
-      "version": "file:../ambassador-sdk",
-      "requires": {
-        "ts-transformer-keys": "^0.4.1",
-        "uuid": "^8.0.0"
-      },
-      "dependencies": {
-        "@types/uuid": {
-          "version": "7.0.3",
-          "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-7.0.3.tgz",
-          "integrity": "sha512-PUdqTZVrNYTNcIhLHkiaYzoOIaUi5LFg/XLerAdgvwQrUCx+oSbtoBze1AMyvYbcwzUSNC+Isl58SM4Sm/6COw=="
-        },
-        "path-parse": {
-          "version": "1.0.6",
-          "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
-          "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw=="
-        },
-        "resolve": {
-          "version": "1.17.0",
-          "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz",
-          "integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==",
-          "requires": {
-            "path-parse": "^1.0.6"
-          }
-        },
-        "ts-transformer-keys": {
-          "version": "0.4.1",
-          "resolved": "https://registry.npmjs.org/ts-transformer-keys/-/ts-transformer-keys-0.4.1.tgz",
-          "integrity": "sha512-CahLCOHt6MS8Sixz5cU8XovuKOoP6hnQd91pxG3a7iuuLsdrbWLveQvKi7d/FJjRhEtVELp3bMnqvSpm+nCgKw=="
-        },
-        "ttypescript": {
-          "version": "1.5.10",
-          "resolved": "https://registry.npmjs.org/ttypescript/-/ttypescript-1.5.10.tgz",
-          "integrity": "sha512-Hk7TRej1hM+p+Fo+Pyb/XK9pe9CAt3Sh5n5YRutxFS8hUgkh2u1Vd2K40kMcNP3WYhiVFBMqXwM/2E8O95Ep6g==",
-          "requires": {
-            "resolve": "^1.9.0"
-          }
-        },
-        "typescript": {
-          "version": "3.8.3",
-          "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.8.3.tgz",
-          "integrity": "sha512-MYlEfn5VrLNsgudQTVJeNaQFUAI7DkhnOjdpAp4T+ku1TfQClewlbSuTVHiA+8skNBgaf02TL/kLOvig4y3G8w=="
-        },
-        "uuid": {
-          "version": "8.0.0",
-          "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.0.0.tgz",
-          "integrity": "sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw=="
-        }
       }
     },
     "@start9labs/emver": {
@@ -2492,9 +2252,9 @@
       "dev": true
     },
     "@types/marked": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@types/marked/-/marked-1.1.0.tgz",
-      "integrity": "sha512-j8XXj6/l9kFvCwMyVqozznqpd/nk80krrW+QiIJN60Uu9gX5Pvn4/qPJ2YngQrR3QREPwmrE1f9/EWKVTFzoEw==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@types/marked/-/marked-1.2.0.tgz",
+      "integrity": "sha512-Kj9T+GlJrQQbXL0R6/zuYLaqlrtTmEVXl5LojsjA3KbPn1IpetEUFwJWCi4aDgATtvaR5Yj5vqSGX9upoLbBng==",
       "dev": true
     },
     "@types/minimatch": {
@@ -2504,9 +2264,9 @@
       "dev": true
     },
     "@types/node": {
-      "version": "14.11.10",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.11.10.tgz",
-      "integrity": "sha512-yV1nWZPlMFpoXyoknm4S56y2nlTAuFYaJuQtYRAOU7xA/FJ9RY0Xm7QOkaYMMmr8ESdHIuUb6oQgR/0+2NqlyA=="
+      "version": "14.14.10",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.10.tgz",
+      "integrity": "sha512-J32dgx2hw8vXrSbu4ZlVhn1Nm3GbeCFNw2FWL8S5QKucHGY0cyNwjdQdO+KMBZ4wpmC7KhLCiNsdk1RFRIYUQQ=="
     },
     "@types/q": {
       "version": "1.5.4",
@@ -3074,14 +2834,6 @@
         "num2fraction": "^1.2.2",
         "postcss": "^7.0.32",
         "postcss-value-parser": "^4.1.0"
-      },
-      "dependencies": {
-        "colorette": {
-          "version": "1.2.1",
-          "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.1.tgz",
-          "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==",
-          "dev": true
-        }
       }
     },
     "aws-sign2": {
@@ -3091,9 +2843,9 @@
       "dev": true
     },
     "aws4": {
-      "version": "1.10.1",
-      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.10.1.tgz",
-      "integrity": "sha512-zg7Hz2k5lI8kb7U32998pRRFin7zJlkfezGJjUc2heaD4Pw2wObakCDVzkKztTm/Ln7eiVvYsjqak0Ed4LkMDA==",
+      "version": "1.11.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz",
+      "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==",
       "dev": true
     },
     "babel-loader": {
@@ -3226,9 +2978,9 @@
       "integrity": "sha1-tYLexpPC8R6JPPBk7mrFthMaIgI="
     },
     "base64-js": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.3.1.tgz",
-      "integrity": "sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
+      "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==",
       "dev": true
     },
     "base64url": {
@@ -3303,9 +3055,9 @@
       }
     },
     "bip39": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/bip39/-/bip39-3.0.2.tgz",
-      "integrity": "sha512-J4E1r2N0tUylTKt07ibXvhpT2c5pyAFgvuA5q1H9uDy6dEGpjV8jmymh3MTYJDLCNbIVClSB9FbND49I6N24MQ==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/bip39/-/bip39-3.0.3.tgz",
+      "integrity": "sha512-P0dKrz4g0V0BjXfx7d9QNkJ/Txcz/k+hM9TnjqjUaXtuOfAvxXSw2rJw8DX0e3ZPwnK/IgDxoRqf0bvoVCqbMg==",
       "requires": {
         "@types/node": "11.11.6",
         "create-hash": "^1.1.0",
@@ -3498,13 +3250,21 @@
       }
     },
     "browserify-rsa": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz",
-      "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.1.0.tgz",
+      "integrity": "sha512-AdEER0Hkspgno2aR97SAf6vi0y0k8NuOpGnVH3O99rcA5Q6sh8QxcngtHuJ6uXwnfAXNM4Gn1Gb7/MV1+Ymbog==",
       "dev": true,
       "requires": {
-        "bn.js": "^4.1.0",
+        "bn.js": "^5.0.0",
         "randombytes": "^2.0.1"
+      },
+      "dependencies": {
+        "bn.js": {
+          "version": "5.1.3",
+          "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-5.1.3.tgz",
+          "integrity": "sha512-GkTiFpjFtUzU9CbMeJ5iazkCzGL3jrhzerzZIuqLABjbwRaFt33I9tUdSNryIptM+RxDet6OKm2WnLXzW51KsQ==",
+          "dev": true
+        }
       }
     },
     "browserify-sign": {
@@ -3542,15 +3302,16 @@
       }
     },
     "browserslist": {
-      "version": "4.14.5",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.14.5.tgz",
-      "integrity": "sha512-Z+vsCZIvCBvqLoYkBFTwEYH3v5MCQbsAjp50ERycpOjnPmolg1Gjy4+KaWWpm8QOJt9GHkhdqAl14NpCX73CWA==",
+      "version": "4.14.7",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.14.7.tgz",
+      "integrity": "sha512-BSVRLCeG3Xt/j/1cCGj1019Wbty0H+Yvu2AOuZSuoaUWn3RatbL33Cxk+Q4jRMRAbOm0p7SLravLjpnT6s0vzQ==",
       "dev": true,
       "requires": {
-        "caniuse-lite": "^1.0.30001135",
-        "electron-to-chromium": "^1.3.571",
-        "escalade": "^3.1.0",
-        "node-releases": "^1.1.61"
+        "caniuse-lite": "^1.0.30001157",
+        "colorette": "^1.2.1",
+        "electron-to-chromium": "^1.3.591",
+        "escalade": "^3.1.1",
+        "node-releases": "^1.1.66"
       }
     },
     "bs58": {
@@ -3657,15 +3418,6 @@
         "unique-filename": "^1.1.1"
       },
       "dependencies": {
-        "lru-cache": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-          "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-          "dev": true,
-          "requires": {
-            "yallist": "^4.0.0"
-          }
-        },
         "mkdirp": {
           "version": "1.0.4",
           "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
@@ -3691,6 +3443,16 @@
         "unset-value": "^1.0.0"
       }
     },
+    "call-bind": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.0.tgz",
+      "integrity": "sha512-AEXsYIyyDY3MCzbwdhzG3Jx1R0J2wetQyUynn6dYHAO+bg8l1k7jwZtRv4ryryFs7EP+NDlikJlVe59jr0cM2w==",
+      "dev": true,
+      "requires": {
+        "function-bind": "^1.1.1",
+        "get-intrinsic": "^1.0.0"
+      }
+    },
     "caller-callsite": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/caller-callsite/-/caller-callsite-2.0.0.tgz",
@@ -3733,9 +3495,9 @@
       }
     },
     "caniuse-lite": {
-      "version": "1.0.30001150",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001150.tgz",
-      "integrity": "sha512-kiNKvihW0m36UhAFnl7bOAv0i1K1f6wpfVtTF5O5O82XzgtBnb05V0XeV3oZ968vfg2sRNChsHw8ASH2hDfoYQ==",
+      "version": "1.0.30001164",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001164.tgz",
+      "integrity": "sha512-G+A/tkf4bu0dSp9+duNiXc7bGds35DioCyC6vgK2m/rjA4Krpy5WeZgZyfH2f0wj2kI6yAWWucyap6oOwmY1mg==",
       "dev": true
     },
     "canonical-path": {
@@ -4011,9 +3773,9 @@
       }
     },
     "colorette": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.1.0.tgz",
-      "integrity": "sha512-6S062WDQUXi6hOfkO/sBPVwE5ASXY4G2+b4atvhJfSsuUUhIaUKlkjLe9692Ipyt5/a+IPF5aVTu3V5gvXq5cg==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.1.tgz",
+      "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==",
       "dev": true
     },
     "combined-stream": {
@@ -4280,69 +4042,29 @@
         "webpack-sources": "^1.4.3"
       },
       "dependencies": {
-        "cacache": {
-          "version": "15.0.5",
-          "resolved": "https://registry.npmjs.org/cacache/-/cacache-15.0.5.tgz",
-          "integrity": "sha512-lloiL22n7sOjEEXdL8NAjTgv9a1u43xICE9/203qonkZUCj5X1UEWIdf2/Y0d6QcCtMzbKQyhrcDbdvlZTs/+A==",
-          "dev": true,
-          "requires": {
-            "@npmcli/move-file": "^1.0.1",
-            "chownr": "^2.0.0",
-            "fs-minipass": "^2.0.0",
-            "glob": "^7.1.4",
-            "infer-owner": "^1.0.4",
-            "lru-cache": "^6.0.0",
-            "minipass": "^3.1.1",
-            "minipass-collect": "^1.0.2",
-            "minipass-flush": "^1.0.5",
-            "minipass-pipeline": "^1.2.2",
-            "mkdirp": "^1.0.3",
-            "p-map": "^4.0.0",
-            "promise-inflight": "^1.0.1",
-            "rimraf": "^3.0.2",
-            "ssri": "^8.0.0",
-            "tar": "^6.0.2",
-            "unique-filename": "^1.1.1"
-          }
-        },
-        "lru-cache": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-          "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-          "dev": true,
-          "requires": {
-            "yallist": "^4.0.0"
-          }
-        },
-        "mkdirp": {
-          "version": "1.0.4",
-          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz",
-          "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==",
-          "dev": true
-        },
         "p-limit": {
-          "version": "3.0.2",
-          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.0.2.tgz",
-          "integrity": "sha512-iwqZSOoWIW+Ew4kAGUlN16J4M7OB3ysMLSZtnhmqx7njIHFPlxWBX8xo3lVTyFVq6mI/lL9qt2IsN1sHwaxJkg==",
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+          "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
           "dev": true,
           "requires": {
-            "p-try": "^2.0.0"
+            "yocto-queue": "^0.1.0"
           }
         }
       }
     },
     "core-js": {
-      "version": "3.6.5",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.6.5.tgz",
-      "integrity": "sha512-vZVEEwZoIsI+vPEuoF9Iqf5H7/M3eeQqWlQnYa8FSKKePuYTf5MWnxb5SDAzCa60b3JBRS5g9b+Dq7b1y/RCrA=="
+      "version": "3.8.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.8.0.tgz",
+      "integrity": "sha512-W2VYNB0nwQQE7tKS7HzXd7r2y/y2SVJl4ga6oH/dnaLFzM0o2lB2P3zCkWj5Wc/zyMYjtgd5Hmhk0ObkQFZOIA=="
     },
     "core-js-compat": {
-      "version": "3.6.5",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.6.5.tgz",
-      "integrity": "sha512-7ItTKOhOZbznhXAQ2g/slGg1PJV5zDO/WdkTwi7UEOJmkvsE32PWvx6mKtDjiMpjnR2CNf6BAD6sSxIlv7ptng==",
+      "version": "3.8.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.8.0.tgz",
+      "integrity": "sha512-o9QKelQSxQMYWHXc/Gc4L8bx/4F7TTraE5rhuN8I7mKBt5dBIUpXpIR3omv70ebr8ST5R3PqbDQr+ZI3+Tt1FQ==",
       "dev": true,
       "requires": {
-        "browserslist": "^4.8.5",
+        "browserslist": "^4.14.7",
         "semver": "7.0.0"
       },
       "dependencies": {
@@ -4496,9 +4218,9 @@
       },
       "dependencies": {
         "camelcase": {
-          "version": "6.1.0",
-          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.1.0.tgz",
-          "integrity": "sha512-WCMml9ivU60+8rEJgELlFp1gxFcEGxwYleE3bziHEDeqsqAWGHdimB7beBFGjLzVNgPGyDsfgXLQEYMpmIFnVQ==",
+          "version": "6.2.0",
+          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.2.0.tgz",
+          "integrity": "sha512-c7wVvbw3f37nuobQNtgsgG9POC9qMbNuMQmTCqZv23b6MIz0fcYpBiOlv9gEN/hdLdnZTDQhg6e9Dq5M1vKvfg==",
           "dev": true
         }
       }
@@ -4630,28 +4352,28 @@
       "dev": true
     },
     "csso": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/csso/-/csso-4.0.3.tgz",
-      "integrity": "sha512-NL3spysxUkcrOgnpsT4Xdl2aiEiBG6bXswAABQVHcMrfjjBisFOKwLDOmf4wf32aPdcJws1zds2B0Rg+jqMyHQ==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/csso/-/csso-4.2.0.tgz",
+      "integrity": "sha512-wvlcdIbf6pwKEk7vHj8/Bkc0B4ylXZruLvOgs9doS5eOsOpuodOV2zJChSpkp+pRpYQLQMeF04nr3Z68Sta9jA==",
       "dev": true,
       "requires": {
-        "css-tree": "1.0.0-alpha.39"
+        "css-tree": "^1.1.2"
       },
       "dependencies": {
         "css-tree": {
-          "version": "1.0.0-alpha.39",
-          "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.0.0-alpha.39.tgz",
-          "integrity": "sha512-7UvkEYgBAHRG9Nt980lYxjsTrCyHFN53ky3wVsDkiMdVqylqRt+Zc+jm5qw7/qyOvN2dHSYtX0e4MbCCExSvnA==",
+          "version": "1.1.2",
+          "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-1.1.2.tgz",
+          "integrity": "sha512-wCoWush5Aeo48GLhfHPbmvZs59Z+M7k5+B1xDnXbdWNcEF423DoFdqSWE0PM5aNk5nI5cp1q7ms36zGApY/sKQ==",
           "dev": true,
           "requires": {
-            "mdn-data": "2.0.6",
+            "mdn-data": "2.0.14",
             "source-map": "^0.6.1"
           }
         },
         "mdn-data": {
-          "version": "2.0.6",
-          "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.6.tgz",
-          "integrity": "sha512-rQvjv71olwNHgiTbfPZFkJtjNMciWgswYeciZhtvWLO8bmX3TnhyA62I6sTWOyZssWHJJjY6/KiWwqQsWWsqOA==",
+          "version": "2.0.14",
+          "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.14.tgz",
+          "integrity": "sha512-dn6wd0uw5GsdswPFfsgMp5NSB0/aDe6fK94YJV/AJDYXL6HVLWBsxeq7js7Ad+mU2K9LAlwpk6kN2D5mwCPVow==",
           "dev": true
         }
       }
@@ -4693,9 +4415,9 @@
       }
     },
     "debug": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.2.0.tgz",
-      "integrity": "sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==",
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz",
+      "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==",
       "dev": true,
       "requires": {
         "ms": "2.1.2"
@@ -5110,9 +4832,9 @@
       "dev": true
     },
     "electron-to-chromium": {
-      "version": "1.3.583",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.583.tgz",
-      "integrity": "sha512-L9BwLwJohjZW9mQESI79HRzhicPk1DFgM+8hOCfGgGCFEcA3Otpv7QK6SGtYoZvfQfE3wKLh0Hd5ptqUFv3gvQ==",
+      "version": "1.3.612",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.612.tgz",
+      "integrity": "sha512-CdrdX1B6mQqxfw+51MPWB5qA6TKWjza9f5voBtUlRfEZEwZiFaxJLrhFI8zHE9SBAuGt4h84rQU6Ho9Bauo1LA==",
       "dev": true
     },
     "elliptic": {
@@ -5153,17 +4875,6 @@
       "dev": true,
       "requires": {
         "iconv-lite": "^0.6.2"
-      },
-      "dependencies": {
-        "iconv-lite": {
-          "version": "0.6.2",
-          "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.2.tgz",
-          "integrity": "sha512-2y91h5OpQlolefMPmUlivelittSWy0rP+oYVpn6A7GwVHNE8AWzoYOBNmlwks3LobaJxgHCYZAnyNo2GgpNRNQ==",
-          "dev": true,
-          "requires": {
-            "safer-buffer": ">= 2.1.2 < 3.0.0"
-          }
-        }
       }
     },
     "end-of-stream": {
@@ -5688,9 +5399,9 @@
       "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw=="
     },
     "fastq": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.8.0.tgz",
-      "integrity": "sha512-SMIZoZdLh/fgofivvIkmknUXyPnvxRE3DhtZ5Me3Mrsk5gyPL42F0xr51TdRXskBxHfMp+07bcYzfsYEsSQA9Q==",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.9.0.tgz",
+      "integrity": "sha512-i7FVWL8HhVY+CTkwFxkN2mk3h+787ixS5S63eb78diVRc1MCssarHq3W5cj0av7YDSwmaV928RNag+U1etRQ7w==",
       "dev": true,
       "requires": {
         "reusify": "^1.0.4"
@@ -6102,9 +5813,9 @@
       "dev": true
     },
     "gensync": {
-      "version": "1.0.0-beta.1",
-      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.1.tgz",
-      "integrity": "sha512-r8EC6NO1sngH/zdD9fiRDLdcgnbayXah+mLgManTaIZJqEC1MZstmnox8KpnI2/fxQwrp5OpCOYWLp4rBl4Jcg==",
+      "version": "1.0.0-beta.2",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz",
+      "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==",
       "dev": true
     },
     "get-caller-file": {
@@ -6112,6 +5823,17 @@
       "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
       "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg=="
     },
+    "get-intrinsic": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.0.1.tgz",
+      "integrity": "sha512-ZnWP+AmS1VUaLgTRy47+zKtjTxz+0xMpx3I52i+aalBK1QP19ggLF3Db89KJX7kjfOfP2eoa01qc++GwPgufPg==",
+      "dev": true,
+      "requires": {
+        "function-bind": "^1.1.1",
+        "has": "^1.0.3",
+        "has-symbols": "^1.0.1"
+      }
+    },
     "get-stream": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz",
@@ -6340,17 +6062,6 @@
       "dev": true,
       "requires": {
         "lru-cache": "^6.0.0"
-      },
-      "dependencies": {
-        "lru-cache": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-          "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-          "dev": true,
-          "requires": {
-            "yallist": "^4.0.0"
-          }
-        }
       }
     },
     "hpack.js": {
@@ -6665,9 +6376,9 @@
       },
       "dependencies": {
         "debug": {
-          "version": "3.2.6",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
-          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
           "dev": true,
           "requires": {
             "ms": "^2.1.1"
@@ -6703,9 +6414,9 @@
       }
     },
     "ieee754": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz",
-      "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
+      "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==",
       "dev": true
     },
     "iferr": {
@@ -7050,9 +6761,9 @@
       }
     },
     "is-core-module": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.0.0.tgz",
-      "integrity": "sha512-jq1AH6C8MuteOoBPwkxHafmByhL9j5q4OaPGdbuD+ZtQJVzH+i6E3BJDQcBA09k57i2Hh2yQbEG8yObZ0jdlWw==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.2.0.tgz",
+      "integrity": "sha512-XRAfAdyyY5F5cOXn7hYQDqh2Xmii+DEfIcQGxK/uNwMHhIkPWO0g8msXcbzLe+MpGoR951MlqM/2iIlU4vKDdQ==",
       "dev": true,
       "requires": {
         "has": "^1.0.3"
@@ -7701,9 +7412,9 @@
       }
     },
     "loglevel": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/loglevel/-/loglevel-1.7.0.tgz",
-      "integrity": "sha512-i2sY04nal5jDcagM3FMfG++T69GEEM8CYuOfeOIvmXzOIcwE9a/CJPR0MFM97pYMj/u10lzz7/zd7+qwhrBTqQ==",
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/loglevel/-/loglevel-1.7.1.tgz",
+      "integrity": "sha512-Hesni4s5UkWkwCGJMQGAh71PaLUmKFM60dHvq0zi/vDhhrzuk+4GgNbTXJ12YYQJn6ZKBDNIjYcuQGKudvqrIw==",
       "dev": true
     },
     "loose-envify": {
@@ -7716,20 +7427,12 @@
       }
     },
     "lru-cache": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
-      "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
       "dev": true,
       "requires": {
-        "yallist": "^3.0.2"
-      },
-      "dependencies": {
-        "yallist": {
-          "version": "3.1.1",
-          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
-          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
-          "dev": true
-        }
+        "yallist": "^4.0.0"
       }
     },
     "magic-string": {
@@ -7813,6 +7516,15 @@
           "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==",
           "dev": true
         },
+        "lru-cache": {
+          "version": "5.1.1",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+          "dev": true,
+          "requires": {
+            "yallist": "^3.0.2"
+          }
+        },
         "rimraf": {
           "version": "2.7.1",
           "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz",
@@ -7830,6 +7542,12 @@
           "requires": {
             "figgy-pudding": "^3.5.1"
           }
+        },
+        "yallist": {
+          "version": "3.1.1",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
+          "dev": true
         }
       }
     },
@@ -7849,9 +7567,9 @@
       }
     },
     "marked": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/marked/-/marked-1.2.0.tgz",
-      "integrity": "sha512-tiRxakgbNPBr301ihe/785NntvYyhxlqcL3YaC8CaxJQh7kiaEtrN9B/eK2I2943Yjkh5gw25chYFDQhOMCwMA=="
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-1.2.5.tgz",
+      "integrity": "sha512-2AlqgYnVPOc9WDyWu7S5DJaEZsfk6dNh/neatQ3IHUW4QLutM/VPSH9lG7bif+XjFWc9K9XR3QvR+fXuECmfdA=="
     },
     "md5.js": {
       "version": "1.3.5",
@@ -8308,9 +8026,9 @@
       "dev": true
     },
     "node-html-parser": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-1.3.1.tgz",
-      "integrity": "sha512-AwYVI6GyEKj9NGoyMfSx4j5l7Axf7obQgLWGxtasLjED6RggTTQoq5ZRzjwSUfgSZ+Mv8Nzbi3pID0gFGqNUsA==",
+      "version": "1.4.9",
+      "resolved": "https://registry.npmjs.org/node-html-parser/-/node-html-parser-1.4.9.tgz",
+      "integrity": "sha512-UVcirFD1Bn0O+TSmloHeHqZZCxHjvtIeGdVdGMhyZ8/PWlEiZaZ5iJzR189yKZr8p0FXN58BUeC7RHRkf/KYGw==",
       "dev": true,
       "requires": {
         "he": "1.2.0"
@@ -8394,9 +8112,9 @@
       }
     },
     "node-releases": {
-      "version": "1.1.64",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.64.tgz",
-      "integrity": "sha512-Iec8O9166/x2HRMJyLLLWkd0sFFLrFNy+Xf+JQfSQsdBJzPcHpNl3JQ9gD4j+aJxmCa25jNsIbM4bmACtSbkSg==",
+      "version": "1.1.67",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.67.tgz",
+      "integrity": "sha512-V5QF9noGFl3EymEwUYzO+3NTDpGfQB4ve6Qfnzf3UNydMhjQRVPR1DZTuvWiLzaFJYw2fmDwAfnRNEVb64hSIg==",
       "dev": true
     },
     "normalize-package-data": {
@@ -8521,6 +8239,15 @@
           "integrity": "sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==",
           "dev": true
         },
+        "lru-cache": {
+          "version": "5.1.1",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+          "dev": true,
+          "requires": {
+            "yallist": "^3.0.2"
+          }
+        },
         "npm-package-arg": {
           "version": "6.1.1",
           "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-6.1.1.tgz",
@@ -8538,6 +8265,12 @@
           "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
           "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
           "dev": true
+        },
+        "yallist": {
+          "version": "3.1.1",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
+          "dev": true
         }
       }
     },
@@ -8609,19 +8342,19 @@
       }
     },
     "object-inspect": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.8.0.tgz",
-      "integrity": "sha512-jLdtEOB112fORuypAyl/50VRVIBIdVQOSUUGQHzJ4xBSbit81zRarz7GThkEFZy1RceYrWYcPcBFPQwHyAc1gA==",
+      "version": "1.9.0",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.9.0.tgz",
+      "integrity": "sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw==",
       "dev": true
     },
     "object-is": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.3.tgz",
-      "integrity": "sha512-teyqLvFWzLkq5B9ki8FVWA902UER2qkxmdA4nLf+wjOLAWgxzCWZNCxpDq9MvE8MmhWNr+I8w3BN49Vx36Y6Xg==",
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.4.tgz",
+      "integrity": "sha512-1ZvAZ4wlF7IyPVOcE1Omikt7UpaFlOQq0HlSti+ZvDH3UiD2brwGMwDbyV43jao2bKJ+4+WdPJHSd7kgzKYVqg==",
       "dev": true,
       "requires": {
-        "define-properties": "^1.1.3",
-        "es-abstract": "^1.18.0-next.1"
+        "call-bind": "^1.0.0",
+        "define-properties": "^1.1.3"
       }
     },
     "object-keys": {
@@ -8640,46 +8373,26 @@
       }
     },
     "object.assign": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.1.tgz",
-      "integrity": "sha512-VT/cxmx5yaoHSOTSyrCygIDFco+RsibY2NM0a4RdEeY/4KgqezwFtK1yr3U67xYhqJSlASm2pKhLVzPj2lr4bA==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz",
+      "integrity": "sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ==",
       "dev": true,
       "requires": {
+        "call-bind": "^1.0.0",
         "define-properties": "^1.1.3",
-        "es-abstract": "^1.18.0-next.0",
         "has-symbols": "^1.0.1",
         "object-keys": "^1.1.1"
       }
     },
     "object.getownpropertydescriptors": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.0.tgz",
-      "integrity": "sha512-Z53Oah9A3TdLoblT7VKJaTDdXdT+lQO+cNpKVnya5JDe9uLvzu1YyY1yFDFrcxrlRgWrEFH0jJtD/IbuwjcEVg==",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/object.getownpropertydescriptors/-/object.getownpropertydescriptors-2.1.1.tgz",
+      "integrity": "sha512-6DtXgZ/lIZ9hqx4GtZETobXLR/ZLaa0aqV0kzbn80Rf8Z2e/XFnhA0I7p07N2wH8bBBltr2xQPi6sbKWAY2Eng==",
       "dev": true,
       "requires": {
+        "call-bind": "^1.0.0",
         "define-properties": "^1.1.3",
-        "es-abstract": "^1.17.0-next.1"
-      },
-      "dependencies": {
-        "es-abstract": {
-          "version": "1.17.7",
-          "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.7.tgz",
-          "integrity": "sha512-VBl/gnfcJ7OercKA9MVaegWsBHFjV492syMudcnQZvt/Dw8ezpcOHYZXa/J96O8vx+g4x65YKhxOwDUh63aS5g==",
-          "dev": true,
-          "requires": {
-            "es-to-primitive": "^1.2.1",
-            "function-bind": "^1.1.1",
-            "has": "^1.0.3",
-            "has-symbols": "^1.0.1",
-            "is-callable": "^1.2.2",
-            "is-regex": "^1.1.1",
-            "object-inspect": "^1.8.0",
-            "object-keys": "^1.1.1",
-            "object.assign": "^4.1.1",
-            "string.prototype.trimend": "^1.0.1",
-            "string.prototype.trimstart": "^1.0.1"
-          }
-        }
+        "es-abstract": "^1.18.0-next.1"
       }
     },
     "object.pick": {
@@ -8692,36 +8405,15 @@
       }
     },
     "object.values": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.1.tgz",
-      "integrity": "sha512-WTa54g2K8iu0kmS/us18jEmdv1a4Wi//BZ/DTVYEcH0XhLM5NYdpDHja3gt57VrZLcNAO2WGA+KpWsDBaHt6eA==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.2.tgz",
+      "integrity": "sha512-MYC0jvJopr8EK6dPBiO8Nb9mvjdypOachO5REGk6MXzujbBrAisKo3HmdEI6kZDL6fC31Mwee/5YbtMebixeag==",
       "dev": true,
       "requires": {
+        "call-bind": "^1.0.0",
         "define-properties": "^1.1.3",
-        "es-abstract": "^1.17.0-next.1",
-        "function-bind": "^1.1.1",
+        "es-abstract": "^1.18.0-next.1",
         "has": "^1.0.3"
-      },
-      "dependencies": {
-        "es-abstract": {
-          "version": "1.17.7",
-          "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.7.tgz",
-          "integrity": "sha512-VBl/gnfcJ7OercKA9MVaegWsBHFjV492syMudcnQZvt/Dw8ezpcOHYZXa/J96O8vx+g4x65YKhxOwDUh63aS5g==",
-          "dev": true,
-          "requires": {
-            "es-to-primitive": "^1.2.1",
-            "function-bind": "^1.1.1",
-            "has": "^1.0.3",
-            "has-symbols": "^1.0.1",
-            "is-callable": "^1.2.2",
-            "is-regex": "^1.1.1",
-            "object-inspect": "^1.8.0",
-            "object-keys": "^1.1.1",
-            "object.assign": "^4.1.1",
-            "string.prototype.trimend": "^1.0.1",
-            "string.prototype.trimstart": "^1.0.1"
-          }
-        }
       }
     },
     "obuf": {
@@ -9036,6 +8728,15 @@
           "integrity": "sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==",
           "dev": true
         },
+        "lru-cache": {
+          "version": "5.1.1",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+          "dev": true,
+          "requires": {
+            "yallist": "^3.0.2"
+          }
+        },
         "minipass": {
           "version": "2.9.0",
           "resolved": "https://registry.npmjs.org/minipass/-/minipass-2.9.0.tgz",
@@ -9363,9 +9064,9 @@
       },
       "dependencies": {
         "debug": {
-          "version": "3.2.6",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
-          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
           "dev": true,
           "requires": {
             "ms": "^2.1.1"
@@ -10323,9 +10024,9 @@
       "dev": true
     },
     "regenerate": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.1.tgz",
-      "integrity": "sha512-j2+C8+NtXQgEKWk49MMP5P/u2GhnahTtVkRIHr5R5lVRlbKvmQ+oS+A5aLKWp2ma5VkT8sh6v+v4hbH0YHR66A==",
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz",
+      "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==",
       "dev": true
     },
     "regenerate-unicode-properties": {
@@ -10513,12 +10214,12 @@
       "dev": true
     },
     "resolve": {
-      "version": "1.18.1",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.18.1.tgz",
-      "integrity": "sha512-lDfCPaMKfOJXjy0dPayzPdF1phampNWr3qFCjAu+rw/qbQmr5jWH5xN2hwh9QKfw9E5v4hwV7A+jrCmL8yjjqA==",
+      "version": "1.19.0",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.19.0.tgz",
+      "integrity": "sha512-rArEXAgsBG4UgRGcynxWIWKFvh/XZCcS8UJdHhwy91zwAvCZIbcs+vAbflgBnNjYMs/i/i+/Ux6IZhML1yPvxg==",
       "dev": true,
       "requires": {
-        "is-core-module": "^2.0.0",
+        "is-core-module": "^2.1.0",
         "path-parse": "^1.0.6"
       }
     },
@@ -10707,9 +10408,9 @@
       "dev": true
     },
     "run-parallel": {
-      "version": "1.1.9",
-      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz",
-      "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==",
+      "version": "1.1.10",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.10.tgz",
+      "integrity": "sha512-zb/1OuZ6flOlH6tQyMPUrE3x3Ulxjlo9WIVXR4yVYi4H9UXQaeIsPbLn2R3O3vQCnDKkAl2qHiuocKKX4Tz/Sw==",
       "dev": true
     },
     "run-queue": {
@@ -11259,9 +10960,9 @@
       },
       "dependencies": {
         "debug": {
-          "version": "3.2.6",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
-          "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
+          "version": "3.2.7",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+          "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
           "dev": true,
           "requires": {
             "ms": "^2.1.1"
@@ -11404,9 +11105,9 @@
       }
     },
     "spdx-license-ids": {
-      "version": "3.0.6",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.6.tgz",
-      "integrity": "sha512-+orQK83kyMva3WyPf59k1+Y525csj5JejicWut55zeTWANuN17qSiSLUXWtzHeNWORSvT7GLDJ/E/XiIWoXBTw==",
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.7.tgz",
+      "integrity": "sha512-U+MTEOO0AiDzxwFvoa4JVnMV6mZlJKk2sBLt90s7G0Gd0Mlknc7kxEn3nuDPNZRta7O2uy8oLcZLVT+4sqNZHQ==",
       "dev": true
     },
     "spdy": {
@@ -11651,65 +11352,23 @@
       }
     },
     "string.prototype.trimend": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.1.tgz",
-      "integrity": "sha512-LRPxFUaTtpqYsTeNKaFOw3R4bxIzWOnbQ837QfBylo8jIxtcbK/A/sMV7Q+OAV/vWo+7s25pOE10KYSjaSO06g==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.3.tgz",
+      "integrity": "sha512-ayH0pB+uf0U28CtjlLvL7NaohvR1amUvVZk+y3DYb0Ey2PUV5zPkkKy9+U1ndVEIXO8hNg18eIv9Jntbii+dKw==",
       "dev": true,
       "requires": {
-        "define-properties": "^1.1.3",
-        "es-abstract": "^1.17.5"
-      },
-      "dependencies": {
-        "es-abstract": {
-          "version": "1.17.7",
-          "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.7.tgz",
-          "integrity": "sha512-VBl/gnfcJ7OercKA9MVaegWsBHFjV492syMudcnQZvt/Dw8ezpcOHYZXa/J96O8vx+g4x65YKhxOwDUh63aS5g==",
-          "dev": true,
-          "requires": {
-            "es-to-primitive": "^1.2.1",
-            "function-bind": "^1.1.1",
-            "has": "^1.0.3",
-            "has-symbols": "^1.0.1",
-            "is-callable": "^1.2.2",
-            "is-regex": "^1.1.1",
-            "object-inspect": "^1.8.0",
-            "object-keys": "^1.1.1",
-            "object.assign": "^4.1.1",
-            "string.prototype.trimend": "^1.0.1",
-            "string.prototype.trimstart": "^1.0.1"
-          }
-        }
+        "call-bind": "^1.0.0",
+        "define-properties": "^1.1.3"
       }
     },
     "string.prototype.trimstart": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.1.tgz",
-      "integrity": "sha512-XxZn+QpvrBI1FOcg6dIpxUPgWCPuNXvMD72aaRaUQv1eD4e/Qy8i/hFTe0BUmD60p/QA6bh1avmuPTfNjqVWRw==",
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.3.tgz",
+      "integrity": "sha512-oBIBUy5lea5tt0ovtOFiEQaBkoBBkyJhZXzJYrSmDo5IUUqbOPvVezuRs/agBIdZ2p2Eo1FD6bD9USyBLfl3xg==",
       "dev": true,
       "requires": {
-        "define-properties": "^1.1.3",
-        "es-abstract": "^1.17.5"
-      },
-      "dependencies": {
-        "es-abstract": {
-          "version": "1.17.7",
-          "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.17.7.tgz",
-          "integrity": "sha512-VBl/gnfcJ7OercKA9MVaegWsBHFjV492syMudcnQZvt/Dw8ezpcOHYZXa/J96O8vx+g4x65YKhxOwDUh63aS5g==",
-          "dev": true,
-          "requires": {
-            "es-to-primitive": "^1.2.1",
-            "function-bind": "^1.1.1",
-            "has": "^1.0.3",
-            "has-symbols": "^1.0.1",
-            "is-callable": "^1.2.2",
-            "is-regex": "^1.1.1",
-            "object-inspect": "^1.8.0",
-            "object-keys": "^1.1.1",
-            "object.assign": "^4.1.1",
-            "string.prototype.trimend": "^1.0.1",
-            "string.prototype.trimstart": "^1.0.1"
-          }
-        }
+        "call-bind": "^1.0.0",
+        "define-properties": "^1.1.3"
       }
     },
     "string_decoder": {
@@ -11945,12 +11604,12 @@
       },
       "dependencies": {
         "p-limit": {
-          "version": "3.0.2",
-          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.0.2.tgz",
-          "integrity": "sha512-iwqZSOoWIW+Ew4kAGUlN16J4M7OB3ysMLSZtnhmqx7njIHFPlxWBX8xo3lVTyFVq6mI/lL9qt2IsN1sHwaxJkg==",
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+          "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
           "dev": true,
           "requires": {
-            "p-try": "^2.0.0"
+            "yocto-queue": "^0.1.0"
           }
         }
       }
@@ -12016,9 +11675,9 @@
       "dev": true
     },
     "timers-browserify": {
-      "version": "2.0.11",
-      "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.11.tgz",
-      "integrity": "sha512-60aV6sgJ5YEbzUdn9c8kYGIqOubPoUdqQCul3SBAsRCZ40s6Y5cMcrW4dt3/k/EsbLVJNl9n6Vz3fTc+k2GeKQ==",
+      "version": "2.0.12",
+      "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-2.0.12.tgz",
+      "integrity": "sha512-9phl76Cqm6FhSX9Xe1ZUAMLtm1BLkKj2Qd5ApyWkXzsMRaA7dgr81kf4wJmQf/hAvg8EEyJxDo3du/0KlhPiKQ==",
       "dev": true,
       "requires": {
         "setimmediate": "^1.0.4"
@@ -12275,15 +11934,15 @@
       "integrity": "sha512-7uc1O8h1M1g0rArakJdf0uLRSSgFcYexrVoKo+bzJd32gd4gDy2L/Z+8/FjPnU9ydY3pEnVPtr9FyscYY60K1g=="
     },
     "typescript": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.0.3.tgz",
-      "integrity": "sha512-tEu6DGxGgRJPb/mVPIZ48e69xCn2yRmCgYmDugAVwmJ6o+0u1RI18eO7E7WBTLYLaEVVOhwQmcdhQHweux/WPg==",
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.0.5.tgz",
+      "integrity": "sha512-ywmr/VrTVCmNTJ6iV2LwIrfG1P+lv6luD8sUJs+2eI9NLGigaN+nUQc13iHqisq7bra9lnmUSYqbJvegraBOPQ==",
       "dev": true
     },
     "uglify-js": {
-      "version": "3.11.3",
-      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.11.3.tgz",
-      "integrity": "sha512-wDRziHG94mNj2n3R864CvYw/+pc9y/RNImiTyrrf8BzgWn75JgFSwYvXrtZQMnMnOp/4UTrf3iCSQxSStPiByA==",
+      "version": "3.12.1",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.12.1.tgz",
+      "integrity": "sha512-o8lHP20KjIiQe5b/67Rh68xEGRrc2SRsCuuoYclXXoC74AfSRGblU1HKzJWH3HxPZ+Ort85fWHpSX7KwBUC9CQ==",
       "optional": true
     },
     "unicode-canonical-property-names-ecmascript": {
@@ -12631,21 +12290,21 @@
       "dev": true
     },
     "watchpack": {
-      "version": "1.7.4",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-1.7.4.tgz",
-      "integrity": "sha512-aWAgTW4MoSJzZPAicljkO1hsi1oKj/RRq/OJQh2PKI2UKL04c2Bs+MBOB+BBABHTXJpf9mCwHN7ANCvYsvY2sg==",
+      "version": "1.7.5",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-1.7.5.tgz",
+      "integrity": "sha512-9P3MWk6SrKjHsGkLT2KHXdQ/9SNkyoJbabxnKOoJepsvJjJG8uYTR3yTPxPQvNDI3w4Nz1xnE0TLHK4RIVe/MQ==",
       "dev": true,
       "requires": {
         "chokidar": "^3.4.1",
         "graceful-fs": "^4.1.2",
         "neo-async": "^2.5.0",
-        "watchpack-chokidar2": "^2.0.0"
+        "watchpack-chokidar2": "^2.0.1"
       }
     },
     "watchpack-chokidar2": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/watchpack-chokidar2/-/watchpack-chokidar2-2.0.0.tgz",
-      "integrity": "sha512-9TyfOyN/zLUbA288wZ8IsMZ+6cbzvsNyEzSBp6e/zkifi6xxbl8SmQ/CxQq32k8NNqrdVEVUVSEf56L4rQ/ZxA==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/watchpack-chokidar2/-/watchpack-chokidar2-2.0.1.tgz",
+      "integrity": "sha512-nCFfBIPKr5Sh61s4LPpy1Wtfi0HE8isJ3d2Yb5/Ppw2P2B/3eVSEBjKfN0fmHJSK14+31KwMKmcrzs2GM4P0Ww==",
       "dev": true,
       "optional": true,
       "requires": {
@@ -13111,6 +12770,15 @@
             "json5": "^1.0.1"
           }
         },
+        "lru-cache": {
+          "version": "5.1.1",
+          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz",
+          "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==",
+          "dev": true,
+          "requires": {
+            "yallist": "^3.0.2"
+          }
+        },
         "memory-fs": {
           "version": "0.4.1",
           "resolved": "https://registry.npmjs.org/memory-fs/-/memory-fs-0.4.1.tgz",
@@ -13238,6 +12906,12 @@
             "is-number": "^3.0.0",
             "repeat-string": "^1.6.1"
           }
+        },
+        "yallist": {
+          "version": "3.1.1",
+          "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
+          "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==",
+          "dev": true
         }
       }
     },
@@ -13831,9 +13505,9 @@
       "dev": true
     },
     "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w=="
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ=="
     },
     "yallist": {
       "version": "4.0.0",
@@ -13873,10 +13547,16 @@
       "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
       "dev": true
     },
+    "yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true
+    },
     "zone.js": {
-      "version": "0.11.2",
-      "resolved": "https://registry.npmjs.org/zone.js/-/zone.js-0.11.2.tgz",
-      "integrity": "sha512-JUpNKmWIovqRZlqkX6pFdBVlOU42n5Mt1n2yEaJdy+msBant/l2L1hTG6BFxCzM+KV3SX4XQOcwbhnwsPAeUTA==",
+      "version": "0.11.3",
+      "resolved": "https://registry.npmjs.org/zone.js/-/zone.js-0.11.3.tgz",
+      "integrity": "sha512-Y4hTHoh4VcxU5BDGAqEoOnOiyT254w6CiHtpQxAJUSMZPyVgdbKf+5R7Mwz6xsPhMIeBXk5rTopRZDpjssTCUg==",
       "requires": {
         "tslib": "^2.0.0"
       }
diff --git a/ui/package.json b/ui/package.json
index 8b2ed3431..5a238a86f 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -23,7 +23,6 @@
     "@angular/router": "^10.1.6",
     "@ionic/angular": "^5.4.0",
     "@ionic/storage": "2.2.0",
-    "@start9labs/ambassador-sdk": "file:../ambassador-sdk",
     "@start9labs/emver": "^0.1.1",
     "ajv": "^6.12.6",
     "angularx-qrcode": "^10.0.11",
@@ -57,6 +56,6 @@
     "node-html-parser": "^1.3.1",
     "ts-node": "^9.0.0",
     "tslint": "^6.1.0",
-    "typescript": "^4.0.3"
+    "typescript": "4.0.5"
   }
 }
diff --git a/ui/src/app/app.component.html b/ui/src/app/app.component.html
index 49aec556f..55b380da9 100644
--- a/ui/src/app/app.component.html
+++ b/ui/src/app/app.component.html
@@ -63,46 +63,46 @@
       <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mNkYAAAAAYAAjCB0C8AAAAASUVORK5CYII=">
 
       <!-- Ionicons -->
-      <ion-icon name="add"></ion-icon> <!--0.2.5-->
-      <ion-icon name="alert-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="alert-circle-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="arrow-back"></ion-icon> <!--0.2.5-->
-      <ion-icon name="arrow-forward"></ion-icon> <!--0.2.5-->
-      <ion-icon name="arrow-up"></ion-icon> <!--0.2.5-->
+      <ion-icon name="add"></ion-icon>
+      <ion-icon name="alert-outline"></ion-icon>
+      <ion-icon name="alert-circle-outline"></ion-icon>
+      <ion-icon name="arrow-back"></ion-icon>
+      <ion-icon name="arrow-forward"></ion-icon>
+      <ion-icon name="arrow-up"></ion-icon>
       <ion-icon name="bookmark-outline"></ion-icon>
-      <ion-icon name="cart-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="chevron-down"></ion-icon> <!--0.2.5-->
-      <ion-icon name="chevron-up"></ion-icon> <!--0.2.5-->
-      <ion-icon name="close"></ion-icon> <!--0.2.5-->
-      <ion-icon name="close-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="code-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="cog-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="color-wand-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="construct-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="copy-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="cube-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="download-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="ellipse"></ion-icon> <!--0.2.5-->
-      <ion-icon name="eye-off-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="eye-outline"></ion-icon> <!--0.2.5-->
+      <ion-icon name="cart-outline"></ion-icon>
+      <ion-icon name="chevron-down"></ion-icon>
+      <ion-icon name="chevron-up"></ion-icon>
+      <ion-icon name="close"></ion-icon>
+      <ion-icon name="close-outline"></ion-icon>
+      <ion-icon name="code-outline"></ion-icon>
+      <ion-icon name="cog-outline"></ion-icon>
+      <ion-icon name="color-wand-outline"></ion-icon>
+      <ion-icon name="construct-outline"></ion-icon>
+      <ion-icon name="copy-outline"></ion-icon>
+      <ion-icon name="cube-outline"></ion-icon>
+      <ion-icon name="download-outline"></ion-icon>
+      <ion-icon name="ellipse"></ion-icon>
+      <ion-icon name="eye-off-outline"></ion-icon>
+      <ion-icon name="eye-outline"></ion-icon>
       <ion-icon name="file-tray-stacked-outline"></ion-icon>
-      <ion-icon name="grid-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="help-circle-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="home-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="information-circle-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="list-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="newspaper-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="notifications-outline"></ion-icon>  <!--0.2.5-->
-      <ion-icon name="power"></ion-icon> <!--0.2.5-->
-      <ion-icon name="pulse"></ion-icon> <!--0.2.5-->
-      <ion-icon name="qr-code-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="reload-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="refresh-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="save-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="terminal-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="trash-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="warning-outline"></ion-icon> <!--0.2.5-->
-      <ion-icon name="wifi"></ion-icon> <!--0.2.5-->
+      <ion-icon name="grid-outline"></ion-icon>
+      <ion-icon name="help-circle-outline"></ion-icon>
+      <ion-icon name="home-outline"></ion-icon>
+      <ion-icon name="information-circle-outline"></ion-icon>
+      <ion-icon name="list-outline"></ion-icon>
+      <ion-icon name="newspaper-outline"></ion-icon>
+      <ion-icon name="notifications-outline"></ion-icon> 
+      <ion-icon name="power"></ion-icon>
+      <ion-icon name="pulse"></ion-icon>
+      <ion-icon name="qr-code-outline"></ion-icon>
+      <ion-icon name="reload-outline"></ion-icon>
+      <ion-icon name="refresh-outline"></ion-icon>
+      <ion-icon name="save-outline"></ion-icon>
+      <ion-icon name="terminal-outline"></ion-icon>
+      <ion-icon name="trash-outline"></ion-icon>
+      <ion-icon name="warning-outline"></ion-icon>
+      <ion-icon name="wifi"></ion-icon>
       <!-- Ionic components -->
       <ion-action-sheet></ion-action-sheet>
       <ion-alert></ion-alert>
@@ -139,15 +139,15 @@
       <ion-loading></ion-loading>
       <ion-modal></ion-modal>
       <ion-note></ion-note>
-      <ion-radio></ion-radio> <!--0.2.5-->
+      <ion-radio></ion-radio>
       <ion-row></ion-row>
       <ion-segment></ion-segment>
       <ion-segment-button></ion-segment-button>
       <ion-select></ion-select>
       <ion-select-option></ion-select-option>
-      <ion-slides></ion-slides> <!--0.2.5-->
-      <ion-spinner name="dots"></ion-spinner> <!--0.2.5-->
-      <ion-spinner name="lines"></ion-spinner> <!--0.2.5-->
+      <ion-slides></ion-slides>
+      <ion-spinner name="dots"></ion-spinner>
+      <ion-spinner name="lines"></ion-spinner>
       <ion-text></ion-text>
       <ion-textarea></ion-textarea>
       <ion-title></ion-title>
diff --git a/ui/src/app/services/api/mock-api.service.ts b/ui/src/app/services/api/mock-api.service.ts
index f25c5b2bd..1f979ebb3 100644
--- a/ui/src/app/services/api/mock-api.service.ts
+++ b/ui/src/app/services/api/mock-api.service.ts
@@ -389,7 +389,7 @@ const mockApiNotifications: ReqRes.GetNotificationsRes = [
 const mockApiServer: () => ReqRes.GetServerRes = () => ({
   serverId: 'start9-mockxyzab',
   name: 'Embassy:12345678',
-  versionInstalled: '0.2.5',
+  versionInstalled: '0.2.6',
   status: ServerStatus.RUNNING,
   alternativeRegistryUrl: 'beta-registry.start9labs.com',
   specs: {
@@ -420,7 +420,7 @@ const mockApiServer: () => ReqRes.GetServerRes = () => ({
 })
 
 const mockVersionLatest: ReqRes.GetVersionLatestRes = {
-  versionLatest: '0.2.5',
+  versionLatest: '0.2.6',
   canUpdate: true,
 }
 
diff --git a/ui/src/app/util/webview.context.ts b/ui/src/app/util/webview.context.ts
deleted file mode 100644
index bb4987dc1..000000000
--- a/ui/src/app/util/webview.context.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import WebviewContext from '@start9labs/ambassador-sdk/dist/webview-context'
-
-export const webviewContext = new WebviewContext(async (method: string, data: any) => {
-  throw new Error (`${method} UNIMPLEMENTED`)
-  // switch(method){
-  //   case 'getConfigValue': throw new Error ('getConfigValue UNIMPLEMENTED')
-  // }
-})
\ No newline at end of file

From b5b6afbeef0c30c081a67dfdc7cef4eb982791f5 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 11:59:49 -0700
Subject: [PATCH 20/22] fix hostname vs server id delineation

---
 agent/src/Daemon/SslRenew.hs   | 2 +-
 agent/src/Lib/Synchronizers.hs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
index dedeb477b..ed47d4527 100644
--- a/agent/src/Daemon/SslRenew.hs
+++ b/agent/src/Daemon/SslRenew.hs
@@ -25,7 +25,7 @@ import           Constants
 renewSslLeafCert :: AgentCtx -> IO ()
 renewSslLeafCert ctx = do
     let base = appFilesystemBase . appSettings $ ctx
-    hn  <- injectFilesystemBase base getStart9AgentHostname
+    hn  <- (<> ".local") <$> injectFilesystemBase base getStart9AgentHostname
     tor <- injectFilesystemBase base getAgentHiddenServiceUrl
     putStr @Text "SSL Renewal Required? "
     needsRenew <- doesSslNeedRenew (toS $ entityCertPath hn `relativeTo` base)
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index 0a05ac4df..af72e9fb0 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -467,7 +467,7 @@ syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check m
 
 replaceDerivativeCerts :: (HasFilesystemBase sig m, Fused.Has (Error S9Error) sig m, MonadIO m) => m ()
 replaceDerivativeCerts = do
-    hn             <- getStart9AgentHostname
+    hn             <- (<> ".local") <$> getStart9AgentHostname
     tor            <- getAgentHiddenServiceUrl
 
     caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath

From 45dbfc59e16d2d1afcfd17bad6474c938c686fec Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Tue, 1 Dec 2020 12:33:18 -0700
Subject: [PATCH 21/22] fixes hostname vs sid delineation again

---
 agent/src/Daemon/SslRenew.hs   | 13 +++++++------
 agent/src/Lib/Synchronizers.hs | 13 +++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/agent/src/Daemon/SslRenew.hs b/agent/src/Daemon/SslRenew.hs
index ed47d4527..ee2efff38 100644
--- a/agent/src/Daemon/SslRenew.hs
+++ b/agent/src/Daemon/SslRenew.hs
@@ -25,10 +25,11 @@ import           Constants
 renewSslLeafCert :: AgentCtx -> IO ()
 renewSslLeafCert ctx = do
     let base = appFilesystemBase . appSettings $ ctx
-    hn  <- (<> ".local") <$> injectFilesystemBase base getStart9AgentHostname
+    sid <- injectFilesystemBase base getStart9AgentHostname
+    let hostname = sid <> ".local"
     tor <- injectFilesystemBase base getAgentHiddenServiceUrl
     putStr @Text "SSL Renewal Required? "
-    needsRenew <- doesSslNeedRenew (toS $ entityCertPath hn `relativeTo` base)
+    needsRenew <- doesSslNeedRenew (toS $ entityCertPath sid `relativeTo` base)
     print needsRenew
     when needsRenew $ runM . injectFilesystemBase base $ do
         intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
@@ -36,9 +37,9 @@ renewSslLeafCert ctx = do
         intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
 
         sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
-        entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
-        entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
-        entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
+        entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath sid)
+        entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath sid)
+        entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath sid)
 
         (ec, out, err) <- writeLeafCert
             DeriveCertificate { applicantConfPath = entConfPathTmp
@@ -49,7 +50,7 @@ renewSslLeafCert ctx = do
                               , signingCertPath   = intCaCertPath
                               , duration          = 365
                               }
-            hn
+            hostname
             tor
         liftIO $ do
             putStrLn @Text "openssl logs"
diff --git a/agent/src/Lib/Synchronizers.hs b/agent/src/Lib/Synchronizers.hs
index af72e9fb0..d76fd4ce4 100644
--- a/agent/src/Lib/Synchronizers.hs
+++ b/agent/src/Lib/Synchronizers.hs
@@ -467,7 +467,8 @@ syncConvertEcdsaCerts = SyncOp "Convert Intermediate Cert to ECDSA P256" check m
 
 replaceDerivativeCerts :: (HasFilesystemBase sig m, Fused.Has (Error S9Error) sig m, MonadIO m) => m ()
 replaceDerivativeCerts = do
-    hn             <- (<> ".local") <$> getStart9AgentHostname
+    sid <- getStart9AgentHostname
+    let hostname = sid <> ".local"
     tor            <- getAgentHiddenServiceUrl
 
     caKeyPath      <- toS <$> getAbsoluteLocationFor rootCaKeyPath
@@ -479,11 +480,11 @@ replaceDerivativeCerts = do
     intCaCertPath  <- toS <$> getAbsoluteLocationFor intermediateCaCertPath
 
     sslDirTmp      <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> sslDirectory)
-    entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath hn)
-    entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath hn)
-    entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath hn)
+    entKeyPathTmp  <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityKeyPath sid)
+    entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath sid)
+    entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath sid)
     liftIO $ createDirectoryIfMissing True sslDirTmp
-    liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hn)
+    liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hostname)
 
     -- ensure duplicate certificates are acceptable
     base <- Fused.ask @"filesystemBase"
@@ -518,7 +519,7 @@ replaceDerivativeCerts = do
                           , signingCertPath   = intCaCertPath
                           , duration          = 365
                           }
-        hn
+        hostname
         tor
     liftIO $ do
         putStrLn @Text "openssl logs"

From f6dce1568922ba47d0111f180312e7fd720a0d2c Mon Sep 17 00:00:00 2001
From: Matt Hill <matthewonthemoon@gmail.com>
Date: Tue, 1 Dec 2020 12:33:24 -0700
Subject: [PATCH 22/22] ionic config

---
 ui/ionic.config.json | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 ui/ionic.config.json

diff --git a/ui/ionic.config.json b/ui/ionic.config.json
new file mode 100644
index 000000000..58dfd88ad
--- /dev/null
+++ b/ui/ionic.config.json
@@ -0,0 +1,5 @@
+{
+  "name": "Embassy",
+  "integrations": {},
+  "type": "angular"
+}
\ No newline at end of file