@agentlensai/server 0.9.0 → 0.11.0

package/dist/cloud/ingestion/gateway.js

@@ -0,0 +1,198 @@
+/**
+ * API Gateway Service (S-3.2)
+ *
+ * Ingestion endpoints:
+ *   POST /v1/events       — single event
+ *   POST /v1/events/batch — up to 100 events
+ *
+ * Flow: Auth → Validate → Enrich → Publish to queue → 202 Accepted
+ */
+import { randomUUID } from 'crypto';
+import { BACKPRESSURE_THRESHOLD } from './event-queue.js';
+// ═══════════════════════════════════════════
+// Known event types
+// ═══════════════════════════════════════════
+const KNOWN_EVENT_TYPES = new Set([
+    'llm_call',
+    'tool_use',
+    'agent_action',
+    'error',
+    'session_start',
+    'session_end',
+    'guardrail',
+    'benchmark',
+    'custom',
+    'health_check',
+    'lesson',
+    'embedding',
+]);
+// ═══════════════════════════════════════════
+// Validation
+// ═══════════════════════════════════════════
+export function validateEvent(event, index) {
+    if (!event || typeof event !== 'object') {
+        return { index, error: 'event must be an object' };
+    }
+    const e = event;
+    if (!e.type || typeof e.type !== 'string') {
+        return { index, error: 'missing required field: type' };
+    }
+    if (!KNOWN_EVENT_TYPES.has(e.type)) {
+        return { index, error: `unknown event type: ${e.type}` };
+    }
+    if (!e.session_id || typeof e.session_id !== 'string') {
+        return { index, error: 'missing required field: session_id' };
+    }
+    if (e.timestamp !== undefined) {
+        const ts = new Date(e.timestamp);
+        if (isNaN(ts.getTime())) {
+            return { index, error: 'invalid timestamp format' };
+        }
+        // Reject timestamps more than 5 minutes in the future
+        if (ts.getTime() > Date.now() + 5 * 60 * 1000) {
+            return { index, error: 'timestamp in future' };
+        }
+    }
+    if (e.data !== undefined && (typeof e.data !== 'object' || e.data === null || Array.isArray(e.data))) {
+        return { index, error: 'data must be an object' };
+    }
+    return null;
+}
+// ═══════════════════════════════════════════
+// Enrichment
+// ═══════════════════════════════════════════
+function enrichEvent(event, auth, requestId) {
+    return {
+        id: event.id ?? randomUUID(),
+        type: event.type,
+        timestamp: event.timestamp ?? new Date().toISOString(),
+        session_id: event.session_id,
+        data: event.data ?? {},
+        org_id: auth.orgId,
+        api_key_id: auth.keyId,
+        received_at: new Date().toISOString(),
+        request_id: requestId,
+    };
+}
+// ═══════════════════════════════════════════
+// Gateway Service
+// ═══════════════════════════════════════════
+export class IngestionGateway {
+    queue;
+    constructor(queue) {
+        this.queue = queue;
+    }
+    /**
+     * POST /v1/events — ingest a single event
+     */
+    async ingestSingle(event, auth) {
+        const requestId = randomUUID();
+        // Check backpressure
+        const streamLen = await this.queue.getStreamLength();
+        if (streamLen >= BACKPRESSURE_THRESHOLD) {
+            return {
+                status: 503,
+                body: { error: 'Service temporarily unavailable. Retry later.' },
+                requestId,
+            };
+        }
+        // Validate
+        const error = validateEvent(event, 0);
+        if (error) {
+            return {
+                status: 400,
+                body: { error: error.error },
+                requestId,
+            };
+        }
+        // Check ingest scope
+        if (!auth.scopes.includes('ingest')) {
+            return {
+                status: 403,
+                body: { error: 'API key does not have ingest scope' },
+                requestId,
+            };
+        }
+        // Enrich & publish
+        const enriched = enrichEvent(event, auth, requestId);
+        await this.queue.publish(enriched);
+        return {
+            status: 202,
+            body: { accepted: true, request_id: requestId },
+            requestId,
+        };
+    }
+    /**
+     * POST /v1/events/batch — ingest up to 100 events
+     */
+    async ingestBatch(events, auth) {
+        const requestId = randomUUID();
+        // Must be array
+        if (!Array.isArray(events)) {
+            return {
+                status: 400,
+                body: { error: 'events must be an array' },
+                requestId,
+            };
+        }
+        // Max 100
+        if (events.length > 100) {
+            return {
+                status: 400,
+                body: { error: 'batch size exceeds maximum of 100 events' },
+                requestId,
+            };
+        }
+        if (events.length === 0) {
+            return {
+                status: 400,
+                body: { error: 'events array must not be empty' },
+                requestId,
+            };
+        }
+        // Check ingest scope
+        if (!auth.scopes.includes('ingest')) {
+            return {
+                status: 403,
+                body: { error: 'API key does not have ingest scope' },
+                requestId,
+            };
+        }
+        // Check backpressure
+        const streamLen = await this.queue.getStreamLength();
+        if (streamLen >= BACKPRESSURE_THRESHOLD) {
+            return {
+                status: 503,
+                body: { error: 'Service temporarily unavailable. Retry later.' },
+                requestId,
+            };
+        }
+        // Validate each event
+        const errors = [];
+        const valid = [];
+        for (let i = 0; i < events.length; i++) {
+            const err = validateEvent(events[i], i);
+            if (err) {
+                errors.push(err);
+            }
+            else {
+                valid.push(enrichEvent(events[i], auth, requestId));
+            }
+        }
+        // Publish valid events
+        if (valid.length > 0) {
+            await this.queue.publishBatch(valid);
+        }
+        return {
+            status: 202,
+            body: {
+                accepted: valid.length,
+                rejected: errors.length,
+                errors,
+                request_id: requestId,
+            },
+            requestId,
+        };
+    }
+}
+//# sourceMappingURL=gateway.js.map

package/dist/cloud/ingestion/gateway.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../../../src/cloud/ingestion/gateway.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAyC1D,8CAA8C;AAC9C,oBAAoB;AACpB,8CAA8C;AAE9C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,UAAU;IACV,UAAU;IACV,cAAc;IACd,OAAO;IACP,eAAe;IACf,aAAa;IACb,WAAW;IACX,WAAW;IACX,QAAQ;IACR,cAAc;IACd,QAAQ;IACR,WAAW;CACZ,CAAC,CAAC;AAEH,8CAA8C;AAC9C,aAAa;AACb,8CAA8C;AAE9C,MAAM,UAAU,aAAa,CAAC,KAAc,EAAE,KAAa;IACzD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;IACrD,CAAC;IAED,MAAM,CAAC,GAAG,KAAgC,CAAC;IAE3C,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,CAAC,CAAC,UAAU,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAmB,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;QACtD,CAAC;QACD,sDAAsD;QACtD,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;QACjD,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACrG,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;IACpD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8CAA8C;AAC9C,aAAa;AACb,8CAA8C;AAE9C,SAAS,WAAW,CAClB,KAAoB,EACpB,IAAuB,EACvB,SAAiB;IAEjB,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE,IAAI,UAAU,EAAE;QAC5B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtD,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE;QACtB,MAAM,EAAE,IAAI,CAAC,KAAK;QAClB,UAAU,EAAE,IAAI,CAAC,KAAK;QACtB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,UAAU,EAAE,SAAS;KACtB,CAAC;AACJ,CAAC;AAED,8CAA8C;AAC9C,kBAAkB;AAClB,8CAA8C;AAE9C,MAAM,OAAO,gBAAgB;IACP;IAApB,YAAoB,KAAiB;QAAjB,UAAK,GAAL,KAAK,CAAY;IAAG,CAAC;IAEzC;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,KAAc,EACd,IAAuB;QAEvB,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAE/B,qBAAqB;QACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QACrD,IAAI,SAAS,IAAI,sBAAsB,EAAE,CAAC;YACxC,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,+CAA+C,EAAuB;gBACrF,SAAS;aACV,CAAC;QACJ,CAAC;QAED,WAAW;QACX,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACtC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAuB;gBACjD,SAAS;aACV,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAuB;gBAC1E,SAAS;aACV,CAAC;QACJ,CAAC;QAED,mBAAmB;QACnB,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAsB,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QACtE,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEnC,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE;YAC/C,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,MAAe,EACf,IAAuB;QAEvB,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAE/B,gBAAgB;QAChB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAuB;gBAC/D,SAAS;aACV,CAAC;QACJ,CAAC;QAED,UAAU;QACV,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,0CAA0C,EAAuB;gBAChF,SAAS;aACV,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAuB;gBACtE,SAAS;aACV,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAuB;gBAC1E,SAAS;aACV,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;QACrD,IAAI,SAAS,IAAI,sBAAsB,EAAE,CAAC;YACxC,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,EAAE,KAAK,EAAE,+CAA+C,EAAuB;gBACrF,SAAS;aACV,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,KAAK,GAAkB,EAAE,CAAC;QAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxC,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAkB,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QAED,OAAO;YACL,MAAM,EAAE,GAAG;YACX,IAAI,EAAE;gBACJ,QAAQ,EAAE,KAAK,CAAC,MAAM;gBACtB,QAAQ,EAAE,MAAM,CAAC,MAAM;gBACvB,MAAM;gBACN,UAAU,EAAE,SAAS;aACtB;YACD,SAAS;SACV,CAAC;IACJ,CAAC;CACF"}

package/dist/cloud/ingestion/index.d.ts

@@ -0,0 +1,7 @@
+export { type EventQueue, type QueuedEvent, type QueueHealth, type RedisClient, type RedisPipeline, InMemoryEventQueue, RedisEventQueue, createEventQueue, STREAM_NAME, DLQ_STREAM_NAME, CONSUMER_GROUP, BACKPRESSURE_THRESHOLD, } from './event-queue.js';
+export { IngestionGateway, validateEvent, type IncomingEvent, type SingleEventRequest, type BatchEventRequest, type SingleEventResponse, type BatchEventResponse, type ValidationError, } from './gateway.js';
+export { BatchWriter, InMemoryBatchWriter, calculateCost, computeHash, type StreamMessage, type BatchWriterConfig, type WriterStats, type InMemoryBatchWriterDeps, type ConsumerRedisClient, } from './batch-writer.js';
+export { RedisRateLimiter, InMemoryRateLimiter, TIER_LIMITS, type Tier, type RateLimitResult, type RateLimitCheckParams, type RateLimitConfig, type RateLimitRedisClient, } from './rate-limiter.js';
+export { BackpressureMonitor, generateCloudWatchAlarmConfig, generateAutoScalingPolicy, type BackpressureStatus, type BackpressureConfig, type CloudWatchAlarmConfig, type AutoScalingPolicy, } from './backpressure.js';
+export { DlqManager, InMemoryDlqManager, type DlqEntry, type DlqStats, type DlqHealthInfo, type DlqRedisClient, } from './dlq-manager.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/cloud/ingestion/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/cloud/ingestion/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,EACd,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,GACrB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,KAAK,aAAa,EAClB,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,uBAAuB,EAC5B,KAAK,mBAAmB,GACzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,WAAW,EACX,KAAK,IAAI,EACT,KAAK,eAAe,EACpB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,oBAAoB,GAC1B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,mBAAmB,EACnB,6BAA6B,EAC7B,yBAAyB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,UAAU,EACV,kBAAkB,EAClB,KAAK,QAAQ,EACb,KAAK,QAAQ,EACb,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,kBAAkB,CAAC"}

package/dist/cloud/ingestion/index.js

@@ -0,0 +1,7 @@
+export { InMemoryEventQueue, RedisEventQueue, createEventQueue, STREAM_NAME, DLQ_STREAM_NAME, CONSUMER_GROUP, BACKPRESSURE_THRESHOLD, } from './event-queue.js';
+export { IngestionGateway, validateEvent, } from './gateway.js';
+export { BatchWriter, InMemoryBatchWriter, calculateCost, computeHash, } from './batch-writer.js';
+export { RedisRateLimiter, InMemoryRateLimiter, TIER_LIMITS, } from './rate-limiter.js';
+export { BackpressureMonitor, generateCloudWatchAlarmConfig, generateAutoScalingPolicy, } from './backpressure.js';
+export { DlqManager, InMemoryDlqManager, } from './dlq-manager.js';
+//# sourceMappingURL=index.js.map

package/dist/cloud/ingestion/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/cloud/ingestion/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAML,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,cAAc,EACd,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,gBAAgB,EAChB,aAAa,GAOd,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,WAAW,GAMZ,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,WAAW,GAMZ,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,mBAAmB,EACnB,6BAA6B,EAC7B,yBAAyB,GAK1B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,UAAU,EACV,kBAAkB,GAKnB,MAAM,kBAAkB,CAAC"}

package/dist/cloud/ingestion/rate-limiter.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Rate Limiter (S-3.4)
+ *
+ * Sliding window rate limiting. Per-key and per-org limits.
+ * Tier defaults: Free=100/min, Pro=5K/min, Team=50K/min.
+ * 429 with Retry-After header. Per-key override supported.
+ */
+export type Tier = 'free' | 'pro' | 'team' | 'enterprise';
+export interface RateLimitResult {
+    allowed: boolean;
+    /** Current count in window */
+    current: number;
+    /** Limit that was applied */
+    limit: number;
+    /** Seconds until window resets (for Retry-After header) */
+    retryAfterSeconds: number;
+    /** Which limit was hit: 'key' | 'org' | null */
+    limitedBy: 'key' | 'org' | null;
+}
+export interface RateLimitConfig {
+    /** Window size in seconds (default: 60) */
+    windowSeconds?: number;
+}
+/** Per-tier default limits (events per minute) */
+export declare const TIER_LIMITS: Record<Tier, {
+    perKey: number;
+    perOrg: number;
+}>;
+export interface RateLimitCheckParams {
+    orgId: string;
+    keyId: string;
+    tier: Tier;
+    /** Per-key override limit (from api_keys.rate_limit_override), null = use tier default */
+    keyOverride: number | null;
+    /** Number of events in this request (default: 1) */
+    count?: number;
+}
+export interface RateLimitRedisClient {
+    multi(): RateLimitRedisMulti;
+}
+export interface RateLimitRedisMulti {
+    zremrangebyscore(key: string, min: number | string, max: number | string): RateLimitRedisMulti;
+    zadd(key: string, score: number, member: string): RateLimitRedisMulti;
+    zcard(key: string): RateLimitRedisMulti;
+    expire(key: string, seconds: number): RateLimitRedisMulti;
+    exec(): Promise<Array<[Error | null, unknown]> | null>;
+}
+/**
+ * Redis-backed sliding window rate limiter.
+ *
+ * Uses sorted sets with timestamp scores. Each request adds a member,
+ * old entries outside the window are pruned.
+ */
+export declare class RedisRateLimiter {
+    private redis;
+    private windowSeconds;
+    constructor(redis: RateLimitRedisClient, config?: RateLimitConfig);
+    check(params: RateLimitCheckParams): Promise<RateLimitResult>;
+    private slidingWindowCount;
+}
+/**
+ * In-memory sliding window rate limiter for testing.
+ */
+export declare class InMemoryRateLimiter {
+    private windows;
+    private windowSeconds;
+    constructor(config?: RateLimitConfig);
+    check(params: RateLimitCheckParams): Promise<RateLimitResult>;
+    /** Reset all state */
+    reset(): void;
+    private addAndCount;
+}
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/cloud/ingestion/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../../src/cloud/ingestion/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,MAAM,IAAI,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,YAAY,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gDAAgD;IAChD,SAAS,EAAE,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;CACjC;AAED,MAAM,WAAW,eAAe;IAC9B,2CAA2C;IAC3C,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,kDAAkD;AAClD,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAKxE,CAAC;AAEF,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,IAAI,CAAC;IACX,0FAA0F;IAC1F,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,oDAAoD;IACpD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,MAAM,WAAW,oBAAoB;IACnC,KAAK,IAAI,mBAAmB,CAAC;CAC9B;AAED,MAAM,WAAW,mBAAmB;IAClC,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,mBAAmB,CAAC;IAC/F,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAAC;IACtE,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB,CAAC;IACxC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,mBAAmB,CAAC;IAC1D,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CACxD;AAED;;;;;GAKG;AACH,qBAAa,gBAAgB;IAIzB,OAAO,CAAC,KAAK;IAHf,OAAO,CAAC,aAAa,CAAS;gBAGpB,KAAK,EAAE,oBAAoB,EACnC,MAAM,CAAC,EAAE,eAAe;IAKpB,KAAK,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;YA0CrD,kBAAkB;CA8BjC;AAMD;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,OAAO,CAA+B;IAC9C,OAAO,CAAC,aAAa,CAAS;gBAElB,MAAM,CAAC,EAAE,eAAe;IAI9B,KAAK,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,eAAe,CAAC;IA4CnE,sBAAsB;IACtB,KAAK,IAAI,IAAI;IAIb,OAAO,CAAC,WAAW;CAWpB"}

package/dist/cloud/ingestion/rate-limiter.js

@@ -0,0 +1,153 @@
+/**
+ * Rate Limiter (S-3.4)
+ *
+ * Sliding window rate limiting. Per-key and per-org limits.
+ * Tier defaults: Free=100/min, Pro=5K/min, Team=50K/min.
+ * 429 with Retry-After header. Per-key override supported.
+ */
+/** Per-tier default limits (events per minute) */
+export const TIER_LIMITS = {
+    free: { perKey: 100, perOrg: 200 },
+    pro: { perKey: 5_000, perOrg: 10_000 },
+    team: { perKey: 50_000, perOrg: 100_000 },
+    enterprise: { perKey: 100_000, perOrg: 500_000 },
+};
+/**
+ * Redis-backed sliding window rate limiter.
+ *
+ * Uses sorted sets with timestamp scores. Each request adds a member,
+ * old entries outside the window are pruned.
+ */
+export class RedisRateLimiter {
+    redis;
+    windowSeconds;
+    constructor(redis, config) {
+        this.redis = redis;
+        this.windowSeconds = config?.windowSeconds ?? 60;
+    }
+    async check(params) {
+        const { orgId, keyId, tier, keyOverride, count = 1 } = params;
+        const tierLimits = TIER_LIMITS[tier];
+        const keyLimit = keyOverride ?? tierLimits.perKey;
+        const orgLimit = tierLimits.perOrg;
+        const now = Date.now();
+        const windowStart = now - this.windowSeconds * 1000;
+        // Check per-key limit
+        const keyCount = await this.slidingWindowCount(`rate:key:${keyId}`, now, windowStart, count);
+        if (keyCount > keyLimit) {
+            return {
+                allowed: false,
+                current: keyCount,
+                limit: keyLimit,
+                retryAfterSeconds: this.windowSeconds,
+                limitedBy: 'key',
+            };
+        }
+        // Check per-org limit
+        const orgCount = await this.slidingWindowCount(`rate:org:${orgId}`, now, windowStart, count);
+        if (orgCount > orgLimit) {
+            return {
+                allowed: false,
+                current: orgCount,
+                limit: orgLimit,
+                retryAfterSeconds: this.windowSeconds,
+                limitedBy: 'org',
+            };
+        }
+        return {
+            allowed: true,
+            current: keyCount,
+            limit: keyLimit,
+            retryAfterSeconds: 0,
+            limitedBy: null,
+        };
+    }
+    async slidingWindowCount(key, now, windowStart, count) {
+        const multi = this.redis.multi();
+        // Remove entries outside window
+        multi.zremrangebyscore(key, 0, windowStart);
+        // Add new entries
+        for (let i = 0; i < count; i++) {
+            multi.zadd(key, now, `${now}:${Math.random().toString(36).slice(2, 8)}:${i}`);
+        }
+        // Count entries in window
+        multi.zcard(key);
+        // Set expiry to auto-cleanup
+        multi.expire(key, this.windowSeconds * 2);
+        const results = await multi.exec();
+        if (!results)
+            return 0;
+        // zcard result is at index 2 + count (after zremrangebyscore + count zadds)
+        const zcardIdx = 1 + count;
+        const zcardResult = results[zcardIdx];
+        return zcardResult?.[1] ?? 0;
+    }
+}
+// ═══════════════════════════════════════════
+// In-Memory Rate Limiter (testing / no Redis)
+// ═══════════════════════════════════════════
+/**
+ * In-memory sliding window rate limiter for testing.
+ */
+export class InMemoryRateLimiter {
+    windows = new Map();
+    windowSeconds;
+    constructor(config) {
+        this.windowSeconds = config?.windowSeconds ?? 60;
+    }
+    async check(params) {
+        const { orgId, keyId, tier, keyOverride, count = 1 } = params;
+        const tierLimits = TIER_LIMITS[tier];
+        const keyLimit = keyOverride ?? tierLimits.perKey;
+        const orgLimit = tierLimits.perOrg;
+        const now = Date.now();
+        const windowStart = now - this.windowSeconds * 1000;
+        // Check per-key
+        const keyKey = `rate:key:${keyId}`;
+        const keyCount = this.addAndCount(keyKey, now, windowStart, count);
+        if (keyCount > keyLimit) {
+            return {
+                allowed: false,
+                current: keyCount,
+                limit: keyLimit,
+                retryAfterSeconds: this.windowSeconds,
+                limitedBy: 'key',
+            };
+        }
+        // Check per-org
+        const orgKey = `rate:org:${orgId}`;
+        const orgCount = this.addAndCount(orgKey, now, windowStart, count);
+        if (orgCount > orgLimit) {
+            return {
+                allowed: false,
+                current: orgCount,
+                limit: orgLimit,
+                retryAfterSeconds: this.windowSeconds,
+                limitedBy: 'org',
+            };
+        }
+        return {
+            allowed: true,
+            current: keyCount,
+            limit: keyLimit,
+            retryAfterSeconds: 0,
+            limitedBy: null,
+        };
+    }
+    /** Reset all state */
+    reset() {
+        this.windows.clear();
+    }
+    addAndCount(key, now, windowStart, count) {
+        let entries = this.windows.get(key) ?? [];
+        // Prune old entries
+        entries = entries.filter((ts) => ts > windowStart);
+        // Add new
+        for (let i = 0; i < count; i++) {
+            entries.push(now);
+        }
+        this.windows.set(key, entries);
+        return entries.length;
+    }
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/cloud/ingestion/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../src/cloud/ingestion/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAyBH,kDAAkD;AAClD,MAAM,CAAC,MAAM,WAAW,GAAqD;IAC3E,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE;IAClC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE;IACtC,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;IACzC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;CACjD,CAAC;AA4BF;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IAIjB;IAHF,aAAa,CAAS;IAE9B,YACU,KAA2B,EACnC,MAAwB;QADhB,UAAK,GAAL,KAAK,CAAsB;QAGnC,IAAI,CAAC,aAAa,GAAG,MAAM,EAAE,aAAa,IAAI,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAA4B;QACtC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC;QAC9D,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,WAAW,IAAI,UAAU,CAAC,MAAM,CAAC;QAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAEpD,sBAAsB;QACtB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,KAAK,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAC7F,IAAI,QAAQ,GAAG,QAAQ,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,QAAQ;gBACf,iBAAiB,EAAE,IAAI,CAAC,aAAa;gBACrC,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,sBAAsB;QACtB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,YAAY,KAAK,EAAE,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAC7F,IAAI,QAAQ,GAAG,QAAQ,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,QAAQ;gBACf,iBAAiB,EAAE,IAAI,CAAC,aAAa;gBACrC,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,QAAQ;YACf,iBAAiB,EAAE,CAAC;YACpB,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,GAAW,EACX,GAAW,EACX,WAAmB,EACnB,KAAa;QAEb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAEjC,gCAAgC;QAChC,KAAK,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAE5C,kBAAkB;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,0BAA0B;QAC1B,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEjB,6BAA6B;QAC7B,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC;QAE1C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC;QAEvB,4EAA4E;QAC5E,MAAM,QAAQ,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACtC,OAAQ,WAAW,EAAE,CAAC,CAAC,CAAY,IAAI,CAAC,CAAC;IAC3C,CAAC;CACF;AAED,8CAA8C;AAC9C,8CAA8C;AAC9C,8CAA8C;AAE9C;;GAEG;AACH,MAAM,OAAO,mBAAmB;IACtB,OAAO,GAAG,IAAI,GAAG,EAAoB,CAAC;IACtC,aAAa,CAAS;IAE9B,YAAY,MAAwB;QAClC,IAAI,CAAC,aAAa,GAAG,MAAM,EAAE,aAAa,IAAI,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAA4B;QACtC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC;QAC9D,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,WAAW,IAAI,UAAU,CAAC,MAAM,CAAC;QAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC;QAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAEpD,gBAAgB;QAChB,MAAM,MAAM,GAAG,YAAY,KAAK,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACnE,IAAI,QAAQ,GAAG,QAAQ,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,QAAQ;gBACf,iBAAiB,EAAE,IAAI,CAAC,aAAa;gBACrC,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,gBAAgB;QAChB,MAAM,MAAM,GAAG,YAAY,KAAK,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACnE,IAAI,QAAQ,GAAG,QAAQ,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,QAAQ;gBACjB,KAAK,EAAE,QAAQ;gBACf,iBAAiB,EAAE,IAAI,CAAC,aAAa;gBACrC,SAAS,EAAE,KAAK;aACjB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,QAAQ;YACf,iBAAiB,EAAE,CAAC;YACpB,SAAS,EAAE,IAAI;SAChB,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,KAAK;QACH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,WAAW,CAAC,GAAW,EAAE,GAAW,EAAE,WAAmB,EAAE,KAAa;QAC9E,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC1C,oBAAoB;QACpB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,WAAW,CAAC,CAAC;QACnD,UAAU;QACV,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,MAAM,CAAC;IACxB,CAAC;CACF"}

package/dist/cloud/migrate.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Cloud Migration Runner
+ *
+ * Executes numbered SQL migration files against PostgreSQL.
+ * Tracks applied migrations in a `_cloud_migrations` table.
+ * Idempotent: skips already-applied migrations.
+ */
+export interface MigrationClient {
+    query(sql: string, params?: unknown[]): Promise<{
+        rows: unknown[];
+    }>;
+}
+export interface MigrationResult {
+    applied: string[];
+    skipped: string[];
+}
+/**
+ * Get ordered migration files from the migrations directory.
+ */
+export declare function getMigrationFiles(dir?: string): string[];
+/**
+ * Read the SQL content of a migration file.
+ */
+export declare function readMigration(filename: string, dir?: string): string;
+/**
+ * Run all pending migrations in order.
+ */
+export declare function runMigrations(client: MigrationClient, dir?: string): Promise<MigrationResult>;
+/**
+ * Validate migration SQL files without executing them.
+ * Returns parsing issues (basic checks).
+ */
+export declare function validateMigrations(dir?: string): {
+    valid: boolean;
+    files: string[];
+    errors: {
+        file: string;
+        error: string;
+    }[];
+};
+export declare const PARTITIONED_TABLES: readonly ["events", "audit_log", "usage_records"];
+export declare const TENANT_SCOPED_TABLES: readonly ["events", "sessions", "agents", "alert_rules", "alert_history", "lessons", "embeddings", "session_summaries", "sharing_config", "agent_sharing_config", "deny_list_rules", "sharing_audit_log", "sharing_review_queue", "anonymous_id_map", "capability_registry", "discovery_config", "delegation_log", "api_keys", "usage_records", "invoices", "audit_log", "org_members", "org_invitations"];
+export declare const CLOUD_TABLES: readonly ["orgs", "users", "org_members", "org_invitations", "api_keys", "usage_records", "invoices", "audit_log"];
+export declare const EXISTING_TABLES: readonly ["events", "sessions", "agents", "alert_rules", "alert_history", "lessons", "embeddings", "session_summaries", "sharing_config", "agent_sharing_config", "deny_list_rules", "sharing_audit_log", "sharing_review_queue", "anonymous_id_map", "capability_registry", "discovery_config", "delegation_log"];
+//# sourceMappingURL=migrate.d.ts.map

package/dist/cloud/migrate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../src/cloud/migrate.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC,CAAC;CACtE;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAID;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAuB,GAAG,MAAM,EAAE,CAIxE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAE,MAAuB,GAAG,MAAM,CAEpF;AAsBD;;GAEG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,eAAe,EACvB,GAAG,GAAE,MAAuB,GAC3B,OAAO,CAAC,eAAe,CAAC,CAoB1B;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,GAAE,MAAuB,GAAG;IAChE,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC3C,CAqBA;AAGD,eAAO,MAAM,kBAAkB,mDAAoD,CAAC;AAGpF,eAAO,MAAM,oBAAoB,4YAwBvB,CAAC;AAGX,eAAO,MAAM,YAAY,oHASf,CAAC;AAGX,eAAO,MAAM,eAAe,oTAkBlB,CAAC"}