@ahksolution/permissions-sdk 1.0.0

package/README.md

@@ -0,0 +1,290 @@
+# @ahksolution/permissions-sdk
+
+gRPC client SDK for the AHK Solution Permissions Microservice. Provides NestJS integration for inter-service permission checks with RBAC and ABAC support.
+
+## Installation
+
+```bash
+# From private npm registry
+npm install @ahksolution/permissions-sdk
+
+# Or using pnpm
+pnpm add @ahksolution/permissions-sdk
+```
+
+**Peer Dependencies** (must be installed in your project):
+
+```bash
+pnpm add @nestjs/microservices @grpc/grpc-js @grpc/proto-loader
+```
+
+## Quick Start
+
+### 1. Register the Module
+
+```typescript
+// app.module.ts
+import { Module } from '@nestjs/common';
+import { PermissionsClientModule } from '@ahksolution/permissions-sdk';
+
+@Module({
+  imports: [
+    // Static configuration
+    PermissionsClientModule.register({
+      url: 'localhost:50051',
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+**With async configuration (recommended for production):**
+
+```typescript
+// app.module.ts
+import { Module } from '@nestjs/common';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { PermissionsClientModule } from '@ahksolution/permissions-sdk';
+
+@Module({
+  imports: [
+    ConfigModule.forRoot(),
+    PermissionsClientModule.registerAsync({
+      imports: [ConfigModule],
+      useFactory: (config: ConfigService) => ({
+        url: config.get<string>('PERMISSIONS_SERVICE_URL', 'localhost:50051'),
+      }),
+      inject: [ConfigService],
+    }),
+  ],
+})
+export class AppModule {}
+```
+
+### 2. Use the Client Service
+
+Inject `PermissionsGrpcClient` to check permissions programmatically:
+
+```typescript
+import { Injectable } from '@nestjs/common';
+import { PermissionsGrpcClient } from '@ahksolution/permissions-sdk';
+
+@Injectable()
+export class OrderService {
+  constructor(private readonly permissions: PermissionsGrpcClient) {}
+
+  async createOrder(userId: string, orderData: CreateOrderDto) {
+    // Simple boolean check
+    const canCreate = await this.permissions.hasPermission(userId, 'orders:create');
+    if (!canCreate) {
+      throw new ForbiddenException('You do not have permission to create orders');
+    }
+
+    // Continue with order creation...
+  }
+
+  async deleteOrder(userId: string, orderId: string) {
+    // Check multiple permissions (user needs ANY of these)
+    const canDelete = await this.permissions.hasAnyPermission(userId, [
+      'orders:delete',
+      'orders:manage',
+      'admin:full',
+    ]);
+
+    if (!canDelete) {
+      throw new ForbiddenException('You do not have permission to delete orders');
+    }
+
+    // Continue with deletion...
+  }
+}
+```
+
+### 3. Use Guard and Decorator (Recommended)
+
+For declarative permission checks on controller routes:
+
+```typescript
+import { Controller, Post, Delete, Param, Body, UseGuards } from '@nestjs/common';
+import {
+  PermissionsGuard,
+  RequirePermissions,
+  RequireAnyPermission,
+  RequireAllPermissions,
+} from '@ahksolution/permissions-sdk';
+import { JwtAuthGuard } from './your-auth-guard';
+
+@Controller('orders')
+@UseGuards(JwtAuthGuard, PermissionsGuard) // Auth guard must run first
+export class OrdersController {
+  // Require a single permission
+  @Post()
+  @RequirePermissions('orders:create')
+  async createOrder(@Body() dto: CreateOrderDto) {
+    // Permission already verified by guard
+    return this.orderService.create(dto);
+  }
+
+  // Require ALL permissions (AND logic)
+  @Post(':id/approve')
+  @RequirePermissions(['orders:read', 'orders:approve'])
+  async approveOrder(@Param('id') id: string) {
+    return this.orderService.approve(id);
+  }
+
+  // Require ANY of the permissions (OR logic)
+  @Delete(':id')
+  @RequirePermissions(['orders:delete', 'admin:full'], { mode: 'any' })
+  async deleteOrder(@Param('id') id: string) {
+    return this.orderService.delete(id);
+  }
+
+  // Using alias decorators for clarity
+  @Post(':id/export')
+  @RequireAllPermissions(['orders:read', 'orders:export'])
+  async exportOrder(@Param('id') id: string) {
+    return this.orderService.export(id);
+  }
+
+  @Post(':id/cancel')
+  @RequireAnyPermission(['orders:cancel', 'orders:manage'])
+  async cancelOrder(@Param('id') id: string) {
+    return this.orderService.cancel(id);
+  }
+}
+```
+
+## API Reference
+
+### PermissionsGrpcClient
+
+| Method                                                    | Description                                         |
+| --------------------------------------------------------- | --------------------------------------------------- |
+| `hasPermission(userId, permissionCode)`                   | Returns `boolean` - does user have this permission? |
+| `hasAllPermissions(userId, permissionCodes)`              | Returns `boolean` - does user have ALL permissions? |
+| `hasAnyPermission(userId, permissionCodes)`               | Returns `boolean` - does user have ANY permission?  |
+| `checkPermission(userId, permissionCode, options?)`       | Returns full `EvaluationResult` with details        |
+| `checkBulkPermissions(userId, permissionCodes, options?)` | Returns results for multiple permissions            |
+| `getEffectivePermissions(userId)`                         | Returns all permissions and roles for a user        |
+
+### Decorators
+
+| Decorator                                    | Description                                  |
+| -------------------------------------------- | -------------------------------------------- |
+| `@RequirePermissions(permissions, options?)` | Require permission(s) with configurable mode |
+| `@RequireAllPermissions(permissions)`        | Shorthand for mode: 'all'                    |
+| `@RequireAnyPermission(permissions)`         | Shorthand for mode: 'any'                    |
+
+### Options
+
+```typescript
+interface RequirePermissionsOptions {
+  // 'all' = user must have ALL permissions (default)
+  // 'any' = user must have at least ONE permission
+  mode?: 'all' | 'any';
+
+  // Custom error message when denied
+  errorMessage?: string;
+
+  // Include request params as resource context for ABAC
+  includeResourceContext?: boolean;
+}
+```
+
+## Advanced Usage
+
+### Full Evaluation Result
+
+Get detailed information about permission decisions:
+
+```typescript
+const result = await this.permissions.checkPermission(userId, 'orders:create');
+
+console.log(result);
+// {
+//   allowed: true,
+//   source: 'rbac',           // 'rbac' | 'abac' | 'break-glass' | 'denied'
+//   matchedRoles: ['ADMIN'],
+//   matchedPolicies: [],
+//   reason: 'Permission granted via role(s): ADMIN',
+//   evaluationTimeMs: 3
+// }
+```
+
+### ABAC Context
+
+Pass resource and request context for attribute-based access control:
+
+```typescript
+const result = await this.permissions.checkPermission(userId, 'documents:read', {
+  resource: {
+    id: 'doc-123',
+    type: 'document',
+    ownerId: 'user-456',
+    department: 'engineering',
+  },
+  request: {
+    ip: '192.168.1.100',
+    method: 'GET',
+    path: '/api/documents/doc-123',
+  },
+});
+```
+
+### Get All User Permissions
+
+```typescript
+const effective = await this.permissions.getEffectivePermissions(userId);
+
+console.log(effective);
+// {
+//   permissions: ['users:read', 'users:create', 'orders:read'],
+//   roles: [
+//     { id: '...', code: 'USER', name: 'User', isSystem: false },
+//     { id: '...', code: 'ORDER_VIEWER', name: 'Order Viewer', isSystem: false }
+//   ],
+//   version: 1,
+//   computedAt: Date
+// }
+```
+
+## Environment Variables
+
+| Variable                  | Description         | Default           |
+| ------------------------- | ------------------- | ----------------- |
+| `PERMISSIONS_SERVICE_URL` | gRPC server address | `localhost:50051` |
+
+## Error Handling
+
+The guard throws `ForbiddenException` when permission is denied:
+
+```typescript
+// Default error
+throw new ForbiddenException('Access denied. Required permission(s): orders:create');
+
+// Custom error message
+@RequirePermissions('orders:create', {
+  errorMessage: 'You need order creation privileges'
+})
+```
+
+## Request Requirements
+
+The `PermissionsGuard` expects the request to have a `user` object with an `id` property (typically set by your JWT auth guard):
+
+```typescript
+interface Request {
+  user: {
+    id: string; // Required - the user ID to check permissions for
+    // ... other properties
+  };
+}
+```
+
+## Important Note
+
+This SDK is a client for the AHK Solution Permissions Microservice. It will not function without a running instance of the permissions service exposing a gRPC endpoint. The SDK only provides the client-side integration.
+
+## License
+
+MIT

package/dist/client/index.d.ts

@@ -0,0 +1,3 @@
+export * from './permissions-client.module';
+export * from './permissions-grpc.client';
+//# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC"}

package/dist/client/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./permissions-client.module"), exports);
+__exportStar(require("./permissions-grpc.client"), exports);
+//# sourceMappingURL=index.js.map

package/dist/client/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8DAA4C;AAC5C,4DAA0C"}

package/dist/client/permissions-client.module.d.ts

@@ -0,0 +1,74 @@
+import { DynamicModule } from '@nestjs/common';
+/**
+ * Configuration options for the Permissions Client Module
+ */
+export interface PermissionsClientModuleOptions {
+    /**
+     * gRPC server URL (host:port)
+     * @default 'localhost:50051'
+     */
+    url?: string;
+    /**
+     * Path to the proto file
+     * @default Uses the bundled proto file from the SDK
+     */
+    protoPath?: string;
+}
+/**
+ * Async configuration options for the Permissions Client Module
+ */
+export interface PermissionsClientModuleAsyncOptions {
+    /**
+     * Imports required for the factory function
+     */
+    imports?: DynamicModule['imports'];
+    /**
+     * Factory function to create the module options
+     */
+    useFactory: (...args: unknown[]) => PermissionsClientModuleOptions | Promise<PermissionsClientModuleOptions>;
+    /**
+     * Dependencies to inject into the factory function
+     */
+    inject?: unknown[];
+}
+/**
+ * NestJS module for integrating the Permissions gRPC client
+ *
+ * @example
+ * ```typescript
+ * // Synchronous configuration
+ * @Module({
+ *   imports: [
+ *     PermissionsClientModule.register({
+ *       url: 'permissions-service:50051',
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // Async configuration with ConfigService
+ * @Module({
+ *   imports: [
+ *     PermissionsClientModule.registerAsync({
+ *       imports: [ConfigModule],
+ *       useFactory: (config: ConfigService) => ({
+ *         url: config.get('PERMISSIONS_SERVICE_URL'),
+ *       }),
+ *       inject: [ConfigService],
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ * ```
+ */
+export declare class PermissionsClientModule {
+    /**
+     * Register the module with static configuration
+     */
+    static register(options?: PermissionsClientModuleOptions): DynamicModule;
+    /**
+     * Register the module with async configuration
+     */
+    static registerAsync(options: PermissionsClientModuleAsyncOptions): DynamicModule;
+}
+//# sourceMappingURL=permissions-client.module.d.ts.map

package/dist/client/permissions-client.module.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-client.module.d.ts","sourceRoot":"","sources":["../../src/client/permissions-client.module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAU,MAAM,gBAAgB,CAAC;AAWvD;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC7C;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,mCAAmC;IAClD;;OAEG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;IAEnC;;OAEG;IACH,UAAU,EAAE,CACV,GAAG,IAAI,EAAE,OAAO,EAAE,KACf,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAE9E;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,qBACa,uBAAuB;IAClC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,8BAA8B,GAAG,aAAa;IAwBxE;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,mCAAmC,GAAG,aAAa;CA+BlF"}

package/dist/client/permissions-client.module.js

@@ -0,0 +1,109 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var PermissionsClientModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionsClientModule = void 0;
+const common_1 = require("@nestjs/common");
+const microservices_1 = require("@nestjs/microservices");
+const path_1 = require("path");
+const constants_1 = require("../constants");
+const permissions_grpc_client_1 = require("./permissions-grpc.client");
+/**
+ * NestJS module for integrating the Permissions gRPC client
+ *
+ * @example
+ * ```typescript
+ * // Synchronous configuration
+ * @Module({
+ *   imports: [
+ *     PermissionsClientModule.register({
+ *       url: 'permissions-service:50051',
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // Async configuration with ConfigService
+ * @Module({
+ *   imports: [
+ *     PermissionsClientModule.registerAsync({
+ *       imports: [ConfigModule],
+ *       useFactory: (config: ConfigService) => ({
+ *         url: config.get('PERMISSIONS_SERVICE_URL'),
+ *       }),
+ *       inject: [ConfigService],
+ *     }),
+ *   ],
+ * })
+ * export class AppModule {}
+ * ```
+ */
+let PermissionsClientModule = PermissionsClientModule_1 = class PermissionsClientModule {
+    /**
+     * Register the module with static configuration
+     */
+    static register(options) {
+        const url = options?.url ?? constants_1.DEFAULT_GRPC_OPTIONS.url;
+        const protoPath = options?.protoPath ?? (0, path_1.join)(__dirname, '..', 'proto', 'permissions.proto');
+        return {
+            module: PermissionsClientModule_1,
+            imports: [
+                microservices_1.ClientsModule.register([
+                    {
+                        name: constants_1.PERMISSIONS_GRPC_CLIENT,
+                        transport: microservices_1.Transport.GRPC,
+                        options: {
+                            url,
+                            package: constants_1.PERMISSIONS_PACKAGE_NAME,
+                            protoPath,
+                        },
+                    },
+                ]),
+            ],
+            providers: [permissions_grpc_client_1.PermissionsGrpcClient],
+            exports: [permissions_grpc_client_1.PermissionsGrpcClient],
+        };
+    }
+    /**
+     * Register the module with async configuration
+     */
+    static registerAsync(options) {
+        return {
+            module: PermissionsClientModule_1,
+            imports: [
+                ...(options.imports ?? []),
+                microservices_1.ClientsModule.registerAsync([
+                    {
+                        name: constants_1.PERMISSIONS_GRPC_CLIENT,
+                        useFactory: async (...args) => {
+                            const config = await options.useFactory(...args);
+                            const url = config.url ?? constants_1.DEFAULT_GRPC_OPTIONS.url;
+                            const protoPath = config.protoPath ?? (0, path_1.join)(__dirname, '..', 'proto', 'permissions.proto');
+                            return {
+                                transport: microservices_1.Transport.GRPC,
+                                options: {
+                                    url,
+                                    package: constants_1.PERMISSIONS_PACKAGE_NAME,
+                                    protoPath,
+                                },
+                            };
+                        },
+                        inject: options.inject ?? [],
+                    },
+                ]),
+            ],
+            providers: [permissions_grpc_client_1.PermissionsGrpcClient],
+            exports: [permissions_grpc_client_1.PermissionsGrpcClient],
+        };
+    }
+};
+exports.PermissionsClientModule = PermissionsClientModule;
+exports.PermissionsClientModule = PermissionsClientModule = PermissionsClientModule_1 = __decorate([
+    (0, common_1.Module)({})
+], PermissionsClientModule);
+//# sourceMappingURL=permissions-client.module.js.map

package/dist/client/permissions-client.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-client.module.js","sourceRoot":"","sources":["../../src/client/permissions-client.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,yDAAiE;AACjE,+BAA4B;AAE5B,4CAIsB;AACtB,uEAAkE;AAyClE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEI,IAAM,uBAAuB,+BAA7B,MAAM,uBAAuB;IAClC;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAwC;QACtD,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,IAAI,gCAAoB,CAAC,GAAG,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAE5F,OAAO;YACL,MAAM,EAAE,yBAAuB;YAC/B,OAAO,EAAE;gBACP,6BAAa,CAAC,QAAQ,CAAC;oBACrB;wBACE,IAAI,EAAE,mCAAuB;wBAC7B,SAAS,EAAE,yBAAS,CAAC,IAAI;wBACzB,OAAO,EAAE;4BACP,GAAG;4BACH,OAAO,EAAE,oCAAwB;4BACjC,SAAS;yBACV;qBACF;iBACF,CAAC;aACH;YACD,SAAS,EAAE,CAAC,+CAAqB,CAAC;YAClC,OAAO,EAAE,CAAC,+CAAqB,CAAC;SACjC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,OAA4C;QAC/D,OAAO;YACL,MAAM,EAAE,yBAAuB;YAC/B,OAAO,EAAE;gBACP,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;gBAC1B,6BAAa,CAAC,aAAa,CAAC;oBAC1B;wBACE,IAAI,EAAE,mCAAuB;wBAC7B,UAAU,EAAE,KAAK,EAAE,GAAG,IAAe,EAAE,EAAE;4BACvC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;4BACjD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,gCAAoB,CAAC,GAAG,CAAC;4BACnD,MAAM,SAAS,GACb,MAAM,CAAC,SAAS,IAAI,IAAA,WAAI,EAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,CAAC,CAAC;4BAE1E,OAAO;gCACL,SAAS,EAAE,yBAAS,CAAC,IAAI;gCACzB,OAAO,EAAE;oCACP,GAAG;oCACH,OAAO,EAAE,oCAAwB;oCACjC,SAAS;iCACV;6BACF,CAAC;wBACJ,CAAC;wBACD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;qBAC7B;iBACF,CAAC;aACH;YACD,SAAS,EAAE,CAAC,+CAAqB,CAAC;YAClC,OAAO,EAAE,CAAC,+CAAqB,CAAC;SACjC,CAAC;IACJ,CAAC;CACF,CAAA;AA9DY,0DAAuB;kCAAvB,uBAAuB;IADnC,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,uBAAuB,CA8DnC"}

package/dist/client/permissions-grpc.client.d.ts

@@ -0,0 +1,45 @@
+import { OnModuleInit } from '@nestjs/common';
+import { ClientGrpc } from '@nestjs/microservices';
+import type { BulkPermissionResultRecord, EffectivePermissions, EvaluationResult, RequestContext, ResourceContext } from '../types';
+/**
+ * gRPC client for the Permissions Service
+ * Provides methods to check permissions via gRPC calls to the permissions microservice
+ */
+export declare class PermissionsGrpcClient implements OnModuleInit {
+    private readonly client;
+    private readonly logger;
+    private permissionsService;
+    constructor(client: ClientGrpc);
+    onModuleInit(): void;
+    /**
+     * Check if a user has a specific permission
+     */
+    checkPermission(userId: string, permissionCode: string, options?: {
+        resource?: ResourceContext;
+        request?: RequestContext;
+    }): Promise<EvaluationResult>;
+    /**
+     * Check multiple permissions at once
+     */
+    checkBulkPermissions(userId: string, permissionCodes: string[], options?: {
+        resource?: ResourceContext;
+        request?: RequestContext;
+    }): Promise<BulkPermissionResultRecord>;
+    /**
+     * Get all effective permissions for a user
+     */
+    getEffectivePermissions(userId: string): Promise<EffectivePermissions>;
+    /**
+     * Simple boolean check - does user have this permission?
+     */
+    hasPermission(userId: string, permissionCode: string): Promise<boolean>;
+    /**
+     * Check if user has ALL of the specified permissions
+     */
+    hasAllPermissions(userId: string, permissionCodes: string[]): Promise<boolean>;
+    /**
+     * Check if user has ANY of the specified permissions
+     */
+    hasAnyPermission(userId: string, permissionCodes: string[]): Promise<boolean>;
+}
+//# sourceMappingURL=permissions-grpc.client.d.ts.map

package/dist/client/permissions-grpc.client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions-grpc.client.d.ts","sourceRoot":"","sources":["../../src/client/permissions-grpc.client.ts"],"names":[],"mappings":"AAAA,OAAO,EAA8B,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAInD,OAAO,KAAK,EACV,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,EAEhB,cAAc,EACd,eAAe,EAChB,MAAM,UAAU,CAAC;AAkGlB;;;GAGG;AACH,qBACa,qBAAsB,YAAW,YAAY;IAMtD,OAAO,CAAC,QAAQ,CAAC,MAAM;IALzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA0C;IACjE,OAAO,CAAC,kBAAkB,CAA0B;gBAIjC,MAAM,EAAE,UAAU;IAGrC,YAAY,IAAI,IAAI;IAMpB;;OAEG;IACG,eAAe,CACnB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,eAAe,CAAC;QAC3B,OAAO,CAAC,EAAE,cAAc,CAAC;KAC1B,GACA,OAAO,CAAC,gBAAgB,CAAC;IAY5B;;OAEG;IACG,oBAAoB,CACxB,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,MAAM,EAAE,EACzB,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,eAAe,CAAC;QAC3B,OAAO,CAAC,EAAE,cAAc,CAAC;KAC1B,GACA,OAAO,CAAC,0BAA0B,CAAC;IAmBtC;;OAEG;IACG,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiB5E;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAO7E;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAOpF;;OAEG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;CAMpF"}