@adonis-agora/telescope 0.1.0

package/dist/src/ui/define_config.d.ts

@@ -0,0 +1,87 @@
+import type { UiHttpContext } from './http.js';
+/**
+ * The decision hook gating the dashboard + JSON API. Return `true` to allow the
+ * request through, `false` to reject it (the guard answers 401/403). It receives
+ * the (framework-light) HTTP context, so a host can inspect headers, a session,
+ * an injected user — whatever its own auth exposes. Sync or async.
+ */
+export type AuthorizeHook = (ctx: UiHttpContext) => boolean | Promise<boolean>;
+/**
+ * Built-in credential gate used by the default {@link AuthorizeHook} when no
+ * custom `authorize` is supplied. When set, a request is allowed in production
+ * only if it presents the matching credential; otherwise the default policy is
+ * "allow only outside production".
+ */
+export interface UiCredentials {
+    /**
+     * A bearer/opaque token. A request is allowed when it carries
+     * `Authorization: Bearer <token>` OR `?token=<token>` matching this value.
+     */
+    token?: string;
+    /** HTTP Basic credentials (`Authorization: Basic <base64(user:pass)>`). */
+    basic?: {
+        username: string;
+        password: string;
+    };
+}
+/**
+ * The shape of `config/telescope_ui.ts`. Everything is optional with sane
+ * defaults: the dashboard is mounted at `/telescope`, and access is allowed
+ * automatically outside production (and denied in production unless a `token` /
+ * `basic` credential — or a custom `authorize` hook — says otherwise).
+ */
+export interface TelescopeUiConfig {
+    /**
+     * Master switch. When `false`, the provider registers no routes at all (the
+     * dashboard and JSON API simply do not exist). Default `true`.
+     */
+    enabled?: boolean;
+    /**
+     * URL prefix the dashboard + JSON API mount under. The dashboard page is served
+     * at the prefix root; the JSON API lives at `<path>/api/*`. Default `/telescope`.
+     */
+    path?: string;
+    /**
+     * The access-decision hook. When omitted, the default policy is used: allow when
+     * not in production, otherwise require a configured {@link UiCredentials}. Provide
+     * this to delegate to your own app auth (e.g. `ctx.auth.user?.isAdmin === true`).
+     */
+    authorize?: AuthorizeHook;
+    /**
+     * Built-in credentials for the default policy (ignored when a custom `authorize`
+     * is supplied). Lets you gate a production dashboard without writing a hook.
+     */
+    credentials?: UiCredentials;
+}
+/** The fully-resolved config the provider acts on (no optionals on the basics). */
+export interface ResolvedTelescopeUiConfig {
+    enabled: boolean;
+    /** Always a leading-slash, no-trailing-slash prefix, e.g. `/telescope`. */
+    path: string;
+    authorize: AuthorizeHook;
+    credentials: UiCredentials;
+}
+/**
+ * Identity helper giving `config/telescope_ui.ts` full type-checking. Mirrors the
+ * AdonisJS `defineConfig` convention.
+ *
+ * ```ts
+ * import { defineConfig } from '@adonis-agora/telescope/ui'
+ * export default defineConfig({ path: '/__telescope', authorize: (ctx) => true })
+ * ```
+ */
+export declare function defineConfig(config: TelescopeUiConfig): TelescopeUiConfig;
+/** Normalize a prefix to a leading slash with no trailing slash (`/telescope`). */
+export declare function normalizePath(path: string): string;
+/**
+ * The default access policy used when no custom `authorize` is configured:
+ *
+ * - if a `token` credential is set and the request presents it → allow;
+ * - if `basic` credentials are set and the request presents them → allow;
+ * - otherwise allow only when NOT in production (so a dev dashboard "just works"
+ *   while a production deploy is denied unless explicitly gated).
+ */
+export declare function defaultAuthorize(credentials: UiCredentials): AuthorizeHook;
+/** Apply defaults to a (possibly partial) config. */
+export declare function resolveConfig(config?: TelescopeUiConfig): ResolvedTelescopeUiConfig;
+//# sourceMappingURL=define_config.d.ts.map

package/dist/src/ui/define_config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"define_config.d.ts","sourceRoot":"","sources":["../../../src/ui/define_config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,GAAG,EAAE,aAAa,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAE/E;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,KAAK,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;CAChD;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,SAAS,CAAC,EAAE,aAAa,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,aAAa,CAAC;CAC7B;AAED,mFAAmF;AACnF,MAAM,WAAW,yBAAyB;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,2EAA2E;IAC3E,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,WAAW,EAAE,aAAa,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,iBAAiB,GAAG,iBAAiB,CAEzE;AAED,mFAAmF;AACnF,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAMlD;AAiDD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,aAAa,GAAG,aAAa,CAS1E;AAED,qDAAqD;AACrD,wBAAgB,aAAa,CAAC,MAAM,GAAE,iBAAsB,GAAG,yBAAyB,CAQvF"}

package/dist/src/ui/define_config.js

@@ -0,0 +1,104 @@
+/**
+ * Identity helper giving `config/telescope_ui.ts` full type-checking. Mirrors the
+ * AdonisJS `defineConfig` convention.
+ *
+ * ```ts
+ * import { defineConfig } from '@adonis-agora/telescope/ui'
+ * export default defineConfig({ path: '/__telescope', authorize: (ctx) => true })
+ * ```
+ */
+export function defineConfig(config) {
+    return config;
+}
+/** Normalize a prefix to a leading slash with no trailing slash (`/telescope`). */
+export function normalizePath(path) {
+    let p = path.trim();
+    if (p === '' || p === '/')
+        return '/telescope';
+    if (!p.startsWith('/'))
+        p = `/${p}`;
+    while (p.length > 1 && p.endsWith('/'))
+        p = p.slice(0, -1);
+    return p;
+}
+/** Whether the current process is running in production. */
+function isProduction() {
+    return process.env.NODE_ENV === 'production';
+}
+/**
+ * Constant-time-ish string compare to avoid trivially leaking length/timing of a
+ * configured secret. Not a substitute for a real auth system, but better than `===`
+ * for a dev-tool credential check.
+ */
+function safeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let mismatch = 0;
+    for (let i = 0; i < a.length; i++)
+        mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    return mismatch === 0;
+}
+/** Pull a bearer token from `Authorization: Bearer …` or `?token=…`. */
+function readToken(ctx) {
+    const auth = ctx.request.header('authorization');
+    if (auth !== undefined) {
+        const match = /^Bearer\s+(.+)$/i.exec(auth.trim());
+        if (match?.[1] !== undefined)
+            return match[1].trim();
+    }
+    const qsToken = ctx.request.qs().token;
+    return typeof qsToken === 'string' ? qsToken : undefined;
+}
+/** Decode and compare `Authorization: Basic …` against configured credentials. */
+function matchesBasic(ctx, basic) {
+    const auth = ctx.request.header('authorization');
+    if (auth === undefined)
+        return false;
+    const match = /^Basic\s+(.+)$/i.exec(auth.trim());
+    if (match?.[1] === undefined)
+        return false;
+    let decoded;
+    try {
+        decoded = Buffer.from(match[1].trim(), 'base64').toString('utf8');
+    }
+    catch {
+        return false;
+    }
+    const sep = decoded.indexOf(':');
+    if (sep === -1)
+        return false;
+    const username = decoded.slice(0, sep);
+    const password = decoded.slice(sep + 1);
+    return safeEqual(username, basic.username) && safeEqual(password, basic.password);
+}
+/**
+ * The default access policy used when no custom `authorize` is configured:
+ *
+ * - if a `token` credential is set and the request presents it → allow;
+ * - if `basic` credentials are set and the request presents them → allow;
+ * - otherwise allow only when NOT in production (so a dev dashboard "just works"
+ *   while a production deploy is denied unless explicitly gated).
+ */
+export function defaultAuthorize(credentials) {
+    return (ctx) => {
+        if (credentials.token !== undefined) {
+            const presented = readToken(ctx);
+            if (presented !== undefined && safeEqual(presented, credentials.token))
+                return true;
+        }
+        if (credentials.basic !== undefined && matchesBasic(ctx, credentials.basic))
+            return true;
+        return !isProduction();
+    };
+}
+/** Apply defaults to a (possibly partial) config. */
+export function resolveConfig(config = {}) {
+    const credentials = config.credentials ?? {};
+    return {
+        enabled: config.enabled ?? true,
+        path: normalizePath(config.path ?? '/telescope'),
+        authorize: config.authorize ?? defaultAuthorize(credentials),
+        credentials,
+    };
+}
+//# sourceMappingURL=define_config.js.map

package/dist/src/ui/define_config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"define_config.js","sourceRoot":"","sources":["../../../src/ui/define_config.ts"],"names":[],"mappings":"AAiEA;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,MAAyB;IACpD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,YAAY,CAAC;IAC/C,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;IACpC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,4DAA4D;AAC5D,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;AAC/C,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,CAAS,EAAE,CAAS;IACrC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,QAAQ,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACjF,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,wEAAwE;AACxE,SAAS,SAAS,CAAC,GAAkB;IACnC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACnD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACvD,CAAC;IACD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC;IACvC,OAAO,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAC3D,CAAC;AAED,kFAAkF;AAClF,SAAS,YAAY,CAAC,GAAkB,EAAE,KAA6C;IACrF,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAClD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACxC,OAAO,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;AACpF,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,WAA0B;IACzD,OAAO,CAAC,GAAG,EAAE,EAAE;QACb,IAAI,WAAW,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QACtF,CAAC;QACD,IAAI,WAAW,CAAC,KAAK,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACzF,OAAO,CAAC,YAAY,EAAE,CAAC;IACzB,CAAC,CAAC;AACJ,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,aAAa,CAAC,SAA4B,EAAE;IAC1D,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;IAC7C,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;QAC/B,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,IAAI,YAAY,CAAC;QAChD,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,gBAAgB,CAAC,WAAW,CAAC;QAC5D,WAAW;KACZ,CAAC;AACJ,CAAC"}

package/dist/src/ui/extension_api.d.ts

@@ -0,0 +1,23 @@
+import type { ExtensionRegistry } from '../extension/registry.js';
+import type { ExtensionContext } from '../extension/types.js';
+import type { UiHttpContext } from './http.js';
+/**
+ * JSON handlers for the extension SDK surface: dashboard/entry-type metadata and the per-panel data
+ * providers. Framework-light (same {@link UiHttpContext} as {@link TelescopeApi}), so they unit-test
+ * against a plain request/response. Constructed with the booted {@link ExtensionRegistry} and the
+ * {@link ExtensionContext} provider resolves run against.
+ */
+export declare class ExtensionApi {
+    private readonly registry;
+    private readonly ctx;
+    constructor(registry: ExtensionRegistry, ctx: ExtensionContext);
+    /** `GET /api/meta` — the dashboards + entry types contributed by every extension. */
+    meta(http: UiHttpContext): unknown;
+    /**
+     * `GET /api/ext/:ext/data/:provider` — resolve a named data provider. The `:ext` segment must be
+     * the provider's owning extension (namespace check), so one extension can't be addressed under
+     * another's name. The panel's request query string is passed through to `resolve`.
+     */
+    data(http: UiHttpContext, ext: string, providerName: string): Promise<unknown>;
+}
+//# sourceMappingURL=extension_api.d.ts.map

package/dist/src/ui/extension_api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extension_api.d.ts","sourceRoot":"","sources":["../../../src/ui/extension_api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE/C;;;;;GAKG;AACH,qBAAa,YAAY;IAErB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,GAAG;gBADH,QAAQ,EAAE,iBAAiB,EAC3B,GAAG,EAAE,gBAAgB;IAGxC,qFAAqF;IACrF,IAAI,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO;IASlC;;;;OAIG;IACG,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAoBrF"}

package/dist/src/ui/extension_api.js

@@ -0,0 +1,50 @@
+/**
+ * JSON handlers for the extension SDK surface: dashboard/entry-type metadata and the per-panel data
+ * providers. Framework-light (same {@link UiHttpContext} as {@link TelescopeApi}), so they unit-test
+ * against a plain request/response. Constructed with the booted {@link ExtensionRegistry} and the
+ * {@link ExtensionContext} provider resolves run against.
+ */
+export class ExtensionApi {
+    registry;
+    ctx;
+    constructor(registry, ctx) {
+        this.registry = registry;
+        this.ctx = ctx;
+    }
+    /** `GET /api/meta` — the dashboards + entry types contributed by every extension. */
+    meta(http) {
+        return http.response.status(200).send({
+            data: {
+                entryTypes: this.registry.entryTypes(),
+                dashboards: this.registry.dashboards(),
+            },
+        });
+    }
+    /**
+     * `GET /api/ext/:ext/data/:provider` — resolve a named data provider. The `:ext` segment must be
+     * the provider's owning extension (namespace check), so one extension can't be addressed under
+     * another's name. The panel's request query string is passed through to `resolve`.
+     */
+    async data(http, ext, providerName) {
+        const owner = this.registry.providerOwner(providerName);
+        if (owner === undefined || owner !== ext) {
+            return http.response
+                .status(404)
+                .send({ error: `Unknown data provider "${ext}/${providerName}"` });
+        }
+        const provider = this.registry.findProvider(providerName);
+        if (!provider) {
+            return http.response.status(404).send({ error: `Unknown data provider "${providerName}"` });
+        }
+        try {
+            const result = await provider.resolve(http.request.qs(), this.ctx);
+            return http.response.status(200).send({ data: result });
+        }
+        catch (err) {
+            return http.response
+                .status(500)
+                .send({ error: err instanceof Error ? err.message : String(err) });
+        }
+    }
+}
+//# sourceMappingURL=extension_api.js.map

package/dist/src/ui/extension_api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extension_api.js","sourceRoot":"","sources":["../../../src/ui/extension_api.ts"],"names":[],"mappings":"AAIA;;;;;GAKG;AACH,MAAM,OAAO,YAAY;IAEJ;IACA;IAFnB,YACmB,QAA2B,EAC3B,GAAqB;QADrB,aAAQ,GAAR,QAAQ,CAAmB;QAC3B,QAAG,GAAH,GAAG,CAAkB;IACrC,CAAC;IAEJ,qFAAqF;IACrF,IAAI,CAAC,IAAmB;QACtB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACpC,IAAI,EAAE;gBACJ,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;gBACtC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;aACvC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,IAAI,CAAC,IAAmB,EAAE,GAAW,EAAE,YAAoB;QAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;YACzC,OAAO,IAAI,CAAC,QAAQ;iBACjB,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,GAAG,IAAI,YAAY,GAAG,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,YAAY,GAAG,EAAE,CAAC,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YACnE,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,QAAQ;iBACjB,MAAM,CAAC,GAAG,CAAC;iBACX,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;CACF"}

package/dist/src/ui/guard.d.ts

@@ -0,0 +1,33 @@
+import type { AuthorizeHook } from './define_config.js';
+import type { UiHttpContext } from './http.js';
+/** The outcome of an authorization check. */
+export interface GuardResult {
+    /** Whether the request may proceed to the handler. */
+    allowed: boolean;
+    /** When denied, the HTTP status the caller should answer with (401 or 403). */
+    status?: number;
+    /** When denied, a short message body. */
+    message?: string;
+}
+/**
+ * Run the configured {@link AuthorizeHook} against a request and translate the
+ * decision into a {@link GuardResult}. Framework-light: takes the same minimal
+ * HTTP context the handlers do, so it is unit-testable without a server.
+ *
+ * Denials are distinguished:
+ * - **401** when the request presented NO credential at all (an `Authorization`
+ *   header is absent and no `?token`) — prompts the host/browser to authenticate;
+ * - **403** when a credential WAS presented but rejected (wrong token/password).
+ *
+ * Any error thrown by a custom `authorize` hook fails closed (403) rather than
+ * leaking the dashboard.
+ */
+export declare function runGuard(ctx: UiHttpContext, authorize: AuthorizeHook): Promise<GuardResult>;
+/**
+ * Guard `ctx` and, on denial, write the status + message onto the response and
+ * return `false`. On success returns `true` and leaves the response untouched for
+ * the handler. A `WWW-Authenticate` header is sent on a 401 so a browser can
+ * surface a Basic-auth prompt when that scheme is in play.
+ */
+export declare function enforceGuard(ctx: UiHttpContext, authorize: AuthorizeHook): Promise<boolean>;
+//# sourceMappingURL=guard.d.ts.map

package/dist/src/ui/guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../../src/ui/guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE/C,6CAA6C;AAC7C,MAAM,WAAW,WAAW;IAC1B,sDAAsD;IACtD,OAAO,EAAE,OAAO,CAAC;IACjB,+EAA+E;IAC/E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,QAAQ,CAAC,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,CAejG;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,CAUjG"}

package/dist/src/ui/guard.js

@@ -0,0 +1,47 @@
+/**
+ * Run the configured {@link AuthorizeHook} against a request and translate the
+ * decision into a {@link GuardResult}. Framework-light: takes the same minimal
+ * HTTP context the handlers do, so it is unit-testable without a server.
+ *
+ * Denials are distinguished:
+ * - **401** when the request presented NO credential at all (an `Authorization`
+ *   header is absent and no `?token`) — prompts the host/browser to authenticate;
+ * - **403** when a credential WAS presented but rejected (wrong token/password).
+ *
+ * Any error thrown by a custom `authorize` hook fails closed (403) rather than
+ * leaking the dashboard.
+ */
+export async function runGuard(ctx, authorize) {
+    let allowed;
+    try {
+        allowed = await authorize(ctx);
+    }
+    catch {
+        return { allowed: false, status: 403, message: 'Forbidden' };
+    }
+    if (allowed)
+        return { allowed: true };
+    const presentedCredential = ctx.request.header('authorization') !== undefined || typeof ctx.request.qs().token === 'string';
+    return presentedCredential
+        ? { allowed: false, status: 403, message: 'Forbidden' }
+        : { allowed: false, status: 401, message: 'Unauthorized' };
+}
+/**
+ * Guard `ctx` and, on denial, write the status + message onto the response and
+ * return `false`. On success returns `true` and leaves the response untouched for
+ * the handler. A `WWW-Authenticate` header is sent on a 401 so a browser can
+ * surface a Basic-auth prompt when that scheme is in play.
+ */
+export async function enforceGuard(ctx, authorize) {
+    const result = await runGuard(ctx, authorize);
+    if (result.allowed)
+        return true;
+    const status = result.status ?? 403;
+    ctx.response.status(status);
+    if (status === 401) {
+        ctx.response.header('WWW-Authenticate', 'Basic realm="Telescope", Bearer');
+    }
+    ctx.response.send({ error: result.message ?? 'Forbidden' });
+    return false;
+}
+//# sourceMappingURL=guard.js.map

package/dist/src/ui/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../../src/ui/guard.ts"],"names":[],"mappings":"AAaA;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,GAAkB,EAAE,SAAwB;IACzE,IAAI,OAAgB,CAAC;IACrB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAEtC,MAAM,mBAAmB,GACvB,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,QAAQ,CAAC;IAElG,OAAO,mBAAmB;QACxB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE;QACvD,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;AAC/D,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAkB,EAAE,SAAwB;IAC7E,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC9C,IAAI,MAAM,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC;IACpC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,kBAAkB,EAAE,iCAAiC,CAAC,CAAC;IAC7E,CAAC;IACD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,OAAO,IAAI,WAAW,EAAE,CAAC,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/ui/http.d.ts

@@ -0,0 +1,47 @@
+/**
+ * The minimal HTTP surface the JSON API handlers and the auth guard read/write,
+ * kept deliberately framework-light so handlers are unit-testable with a plain
+ * object (no running AdonisJS server). An Adonis `HttpContext` satisfies this
+ * structurally — `request.qs()`, `request.header()`, and a `response` that can
+ * set a status and a body — so the provider passes the real `ctx` straight
+ * through.
+ */
+/** The slice of an inbound request the UI reads. */
+export interface UiRequest {
+    /** The request method, upper- or lower-cased (`GET`, `get`). */
+    method(): string;
+    /** The parsed query string as a flat record (Adonis `request.qs()`). */
+    qs(): Record<string, unknown>;
+    /** A single request header by (case-insensitive) name, or `undefined`. */
+    header(name: string): string | undefined;
+}
+/** The slice of an outbound response the UI writes. */
+export interface UiResponse {
+    /** Set the HTTP status code; returns `this` for chaining (Adonis-compatible). */
+    status(code: number): UiResponse;
+    /** Set a response header; returns `this` for chaining (Adonis-compatible). */
+    header(name: string, value: string): UiResponse;
+    /** Send a body (object → JSON, string → as-is). Terminal. */
+    send(body: unknown): unknown;
+}
+/** A framework-light HTTP context: just the request + response slices above. */
+export interface UiHttpContext {
+    request: UiRequest;
+    response: UiResponse;
+}
+/**
+ * A tiny in-memory {@link UiResponse} for tests and for capturing a handler's
+ * output without a live server. Records the last status/headers/body written.
+ */
+export declare class RecordingResponse implements UiResponse {
+    statusCode: number;
+    readonly headers: Record<string, string>;
+    body: unknown;
+    sent: boolean;
+    status(code: number): this;
+    header(name: string, value: string): this;
+    send(body: unknown): unknown;
+}
+/** Build a plain {@link UiRequest} from a method, query record, and headers. */
+export declare function makeRequest(method: string, qs?: Record<string, unknown>, headers?: Record<string, string>): UiRequest;
+//# sourceMappingURL=http.d.ts.map

package/dist/src/ui/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../src/ui/http.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,oDAAoD;AACpD,MAAM,WAAW,SAAS;IACxB,gEAAgE;IAChE,MAAM,IAAI,MAAM,CAAC;IACjB,wEAAwE;IACxE,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,0EAA0E;IAC1E,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC1C;AAED,uDAAuD;AACvD,MAAM,WAAW,UAAU;IACzB,iFAAiF;IACjF,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAAC;IACjC,8EAA8E;IAC9E,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,UAAU,CAAC;IAChD,6DAA6D;IAC7D,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED,gFAAgF;AAChF,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,SAAS,CAAC;IACnB,QAAQ,EAAE,UAAU,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,iBAAkB,YAAW,UAAU;IAClD,UAAU,SAAO;IACjB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAM;IAC9C,IAAI,EAAE,OAAO,CAAa;IAC1B,IAAI,UAAS;IAEb,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK1B,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAKzC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO;CAK7B;AAED,gFAAgF;AAChF,wBAAgB,WAAW,CACzB,MAAM,EAAE,MAAM,EACd,EAAE,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,EAChC,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,GACnC,SAAS,CAQX"}

package/dist/src/ui/http.js

@@ -0,0 +1,43 @@
+/**
+ * The minimal HTTP surface the JSON API handlers and the auth guard read/write,
+ * kept deliberately framework-light so handlers are unit-testable with a plain
+ * object (no running AdonisJS server). An Adonis `HttpContext` satisfies this
+ * structurally — `request.qs()`, `request.header()`, and a `response` that can
+ * set a status and a body — so the provider passes the real `ctx` straight
+ * through.
+ */
+/**
+ * A tiny in-memory {@link UiResponse} for tests and for capturing a handler's
+ * output without a live server. Records the last status/headers/body written.
+ */
+export class RecordingResponse {
+    statusCode = 200;
+    headers = {};
+    body = undefined;
+    sent = false;
+    status(code) {
+        this.statusCode = code;
+        return this;
+    }
+    header(name, value) {
+        this.headers[name.toLowerCase()] = value;
+        return this;
+    }
+    send(body) {
+        this.body = body;
+        this.sent = true;
+        return body;
+    }
+}
+/** Build a plain {@link UiRequest} from a method, query record, and headers. */
+export function makeRequest(method, qs = {}, headers = {}) {
+    const lower = {};
+    for (const [key, value] of Object.entries(headers))
+        lower[key.toLowerCase()] = value;
+    return {
+        method: () => method,
+        qs: () => qs,
+        header: (name) => lower[name.toLowerCase()],
+    };
+}
+//# sourceMappingURL=http.js.map

package/dist/src/ui/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../../src/ui/http.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AA4BH;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAC5B,UAAU,GAAG,GAAG,CAAC;IACR,OAAO,GAA2B,EAAE,CAAC;IAC9C,IAAI,GAAY,SAAS,CAAC;IAC1B,IAAI,GAAG,KAAK,CAAC;IAEb,MAAM,CAAC,IAAY;QACjB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,IAAY,EAAE,KAAa;QAChC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAa;QAChB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,gFAAgF;AAChF,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,KAA8B,EAAE,EAChC,UAAkC,EAAE;IAEpC,MAAM,KAAK,GAA2B,EAAE,CAAC;IACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC;IACrF,OAAO;QACL,MAAM,EAAE,GAAG,EAAE,CAAC,MAAM;QACpB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE;QACZ,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC"}

package/dist/src/ui/index.d.ts

@@ -0,0 +1,12 @@
+/** Keep in sync with this package's `version` in package.json. */
+export declare const VERSION = "0.1.0";
+export { defineConfig, resolveConfig, normalizePath, defaultAuthorize } from './define_config.js';
+export type { AuthorizeHook, ResolvedTelescopeUiConfig, TelescopeUiConfig, UiCredentials, } from './define_config.js';
+export { RecordingResponse, makeRequest } from './http.js';
+export type { UiHttpContext, UiRequest, UiResponse } from './http.js';
+export { enforceGuard, runGuard } from './guard.js';
+export type { GuardResult } from './guard.js';
+export { TelescopeApi, buildQuery, toSummary } from './api.js';
+export type { EntrySummary } from './api.js';
+export { renderDashboard } from './dashboard.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/ui/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/ui/index.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,eAAO,MAAM,OAAO,UAAU,CAAC;AAG/B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAClG,YAAY,EACV,aAAa,EACb,yBAAyB,EACzB,iBAAiB,EACjB,aAAa,GACd,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAC3D,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGtE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACpD,YAAY,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC/D,YAAY,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAG7C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/src/ui/index.js

@@ -0,0 +1,13 @@
+/** Keep in sync with this package's `version` in package.json. */
+export const VERSION = '0.1.0';
+// — config —
+export { defineConfig, resolveConfig, normalizePath, defaultAuthorize } from './define_config.js';
+// — HTTP shapes (framework-light) —
+export { RecordingResponse, makeRequest } from './http.js';
+// — auth guard —
+export { enforceGuard, runGuard } from './guard.js';
+// — JSON API —
+export { TelescopeApi, buildQuery, toSummary } from './api.js';
+// — dashboard —
+export { renderDashboard } from './dashboard.js';
+//# sourceMappingURL=index.js.map

package/dist/src/ui/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/ui/index.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,aAAa;AACb,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAQlG,oCAAoC;AACpC,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAG3D,iBAAiB;AACjB,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAGpD,eAAe;AACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG/D,gBAAgB;AAChB,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/src/watchers/cache_watcher.d.ts

@@ -0,0 +1,60 @@
+import { type RecordInput } from '../entry.js';
+import type { EmitterLike, Watcher } from './emitter.js';
+/**
+ * The `@adonisjs/cache` event names this watcher subscribes to, mapped to the
+ * cache operation recorded for each.
+ *
+ * NOTE: `@adonisjs/cache` is not installed in this repository, so these event
+ * names and their payloads could NOT be verified against its types (see this
+ * package's README). They follow `@adonisjs/cache`'s documented `cache:*` event
+ * convention but should be treated as best-effort. The set is exported so a host
+ * can override it if a future version diverges.
+ */
+export declare const CACHE_EVENTS: Record<string, CacheOperation>;
+/** The normalized cache operation a recorded entry describes. */
+export type CacheOperation = 'hit' | 'miss' | 'write' | 'delete' | 'clear';
+/**
+ * The structural slice of a `@adonisjs/cache` event payload this watcher reads.
+ * Read defensively (every field optional) because the exact shape is owned by
+ * `@adonisjs/cache` and could not be verified here.
+ */
+export interface CacheEventLike {
+    key?: string;
+    store?: string;
+}
+/** The recorded body of a `cache` entry. */
+export interface CacheEntryContent {
+    /** The cache operation observed. */
+    operation: CacheOperation;
+    /** The cache key, or `null` when the event did not carry one. */
+    key: string | null;
+    /** The cache store name (e.g. `'redis'`), or `null`. */
+    store: string | null;
+    /** The active trace id at operation time, or `null`. */
+    traceId: string | null;
+}
+/**
+ * Records `@adonisjs/cache` activity as `cache` telescope entries — one per
+ * hit/miss/write/delete/clear event — correlated to the active request via the
+ * trace id.
+ *
+ * Recording is fire-and-forget and fully guarded: a telescope failure can never
+ * break a cache operation.
+ *
+ * @remarks
+ * The event-name → operation map ({@link CACHE_EVENTS}) is best-effort because
+ * `@adonisjs/cache` is not installed in this repo and its event contract could not
+ * be verified. Pass a custom map to the constructor to adapt to your version.
+ */
+export declare class CacheWatcher implements Watcher {
+    readonly type: "cache";
+    private readonly events;
+    private readonly unsubscribes;
+    constructor(events?: Record<string, CacheOperation>);
+    start(emitter: EmitterLike): void;
+    stop(): void;
+    private handle;
+}
+/** Map a cache operation + payload to a telescope {@link RecordInput}. */
+export declare function buildCacheEntry(operation: CacheOperation, event: CacheEventLike): RecordInput<CacheEntryContent>;
+//# sourceMappingURL=cache_watcher.d.ts.map

package/dist/src/watchers/cache_watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache_watcher.d.ts","sourceRoot":"","sources":["../../../src/watchers/cache_watcher.ts"],"names":[],"mappings":"AACA,OAAO,EAAa,KAAK,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAGzD;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAMvD,CAAC;AAEF,iEAAiE;AACjE,MAAM,MAAM,cAAc,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE3E;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IAChC,oCAAoC;IACpC,SAAS,EAAE,cAAc,CAAC;IAC1B,iEAAiE;IACjE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,wDAAwD;IACxD,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,wDAAwD;IACxD,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,YAAa,YAAW,OAAO;IAC1C,QAAQ,CAAC,IAAI,UAAmB;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;gBAE1C,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAgB;IAIjE,KAAK,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAOjC,IAAI,IAAI,IAAI;IAKZ,OAAO,CAAC,MAAM;CAIf;AAED,0EAA0E;AAC1E,wBAAgB,eAAe,CAC7B,SAAS,EAAE,cAAc,EACzB,KAAK,EAAE,cAAc,GACpB,WAAW,CAAC,iBAAiB,CAAC,CAYhC"}