@ankhorage/studio 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/README.md +1 -1
  2. package/dist/authSettings.d.ts +33 -0
  3. package/dist/authSettings.d.ts.map +1 -0
  4. package/dist/authSettings.js +525 -0
  5. package/dist/authSettings.js.map +1 -0
  6. package/dist/host/auth/projectAuthHealthService.d.ts +30 -0
  7. package/dist/host/auth/projectAuthHealthService.d.ts.map +1 -0
  8. package/dist/host/auth/projectAuthHealthService.js +46 -0
  9. package/dist/host/auth/projectAuthHealthService.js.map +1 -0
  10. package/dist/host/auth/projectAuthService.d.ts +23 -0
  11. package/dist/host/auth/projectAuthService.d.ts.map +1 -0
  12. package/dist/host/auth/projectAuthService.js +63 -0
  13. package/dist/host/auth/projectAuthService.js.map +1 -0
  14. package/dist/host/http/authRoutes.d.ts +7 -0
  15. package/dist/host/http/authRoutes.d.ts.map +1 -0
  16. package/dist/host/http/authRoutes.js +64 -0
  17. package/dist/host/http/authRoutes.js.map +1 -0
  18. package/dist/host/http/secretRoutes.d.ts.map +1 -1
  19. package/dist/host/http/secretRoutes.js +53 -2
  20. package/dist/host/http/secretRoutes.js.map +1 -1
  21. package/dist/host/http/serverWithSecrets.d.ts +6 -0
  22. package/dist/host/http/serverWithSecrets.d.ts.map +1 -0
  23. package/dist/host/http/serverWithSecrets.js +27 -0
  24. package/dist/host/http/serverWithSecrets.js.map +1 -0
  25. package/dist/host/index.d.ts +4 -0
  26. package/dist/host/index.d.ts.map +1 -1
  27. package/dist/host/index.js +4 -0
  28. package/dist/host/index.js.map +1 -1
  29. package/dist/host/layout/layoutGenerator.d.ts.map +1 -1
  30. package/dist/host/layout/layoutGenerator.js +8 -0
  31. package/dist/host/layout/layoutGenerator.js.map +1 -1
  32. package/dist/host/secrets/projectSecretService.d.ts +32 -1
  33. package/dist/host/secrets/projectSecretService.d.ts.map +1 -1
  34. package/dist/host/secrets/projectSecretService.js +83 -10
  35. package/dist/host/secrets/projectSecretService.js.map +1 -1
  36. package/dist/index.d.ts +4 -2
  37. package/dist/index.d.ts.map +1 -1
  38. package/dist/index.js +2 -0
  39. package/dist/index.js.map +1 -1
  40. package/dist/projectAuthApi.d.ts +24 -0
  41. package/dist/projectAuthApi.d.ts.map +1 -0
  42. package/dist/projectAuthApi.js +203 -0
  43. package/dist/projectAuthApi.js.map +1 -0
  44. package/dist/projectAuthHealth.d.ts +38 -0
  45. package/dist/projectAuthHealth.d.ts.map +1 -0
  46. package/dist/projectAuthHealth.js +219 -0
  47. package/dist/projectAuthHealth.js.map +1 -0
  48. package/dist/projectSecretApi.d.ts +14 -1
  49. package/dist/projectSecretApi.d.ts.map +1 -1
  50. package/dist/projectSecretApi.js +75 -18
  51. package/dist/projectSecretApi.js.map +1 -1
  52. package/dist/projectSecretUsage.d.ts +19 -0
  53. package/dist/projectSecretUsage.d.ts.map +1 -0
  54. package/dist/projectSecretUsage.js +38 -0
  55. package/dist/projectSecretUsage.js.map +1 -0
  56. package/dist/root.d.ts +3 -0
  57. package/dist/root.d.ts.map +1 -1
  58. package/dist/root.js +3 -0
  59. package/dist/root.js.map +1 -1
  60. package/dist/secretResponseGuard.d.ts +8 -0
  61. package/dist/secretResponseGuard.d.ts.map +1 -0
  62. package/dist/secretResponseGuard.js +46 -0
  63. package/dist/secretResponseGuard.js.map +1 -0
  64. package/dist/studioAdminRouteModel.d.ts +5 -6
  65. package/dist/studioAdminRouteModel.d.ts.map +1 -1
  66. package/dist/studioAdminRouteModel.js.map +1 -1
  67. package/dist/ui/StudioAdminOverlay.d.ts +0 -4
  68. package/dist/ui/StudioAdminOverlay.d.ts.map +1 -1
  69. package/dist/ui/StudioAdminOverlay.js +125 -107
  70. package/dist/ui/StudioAdminOverlay.js.map +1 -1
  71. package/dist/ui/StudioAuthSettingsOverlay.d.ts +9 -0
  72. package/dist/ui/StudioAuthSettingsOverlay.d.ts.map +1 -0
  73. package/dist/ui/StudioAuthSettingsOverlay.js +607 -0
  74. package/dist/ui/StudioAuthSettingsOverlay.js.map +1 -0
  75. package/dist/ui/useStudioAppBarAugmentation.d.ts.map +1 -1
  76. package/dist/ui/useStudioAppBarAugmentation.js +23 -10
  77. package/dist/ui/useStudioAppBarAugmentation.js.map +1 -1
  78. package/package.json +10 -2
package/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
 
4
4
  # @ankhorage/studio
5
5
 
6
- ![license: MIT](././paradox/badges/license.svg) ![npm: v0.2.0](././paradox/badges/npm.svg) ![runtime: bun](././paradox/badges/runtime.svg) ![typescript: strict](././paradox/badges/typescript.svg) ![eslint: checked](././paradox/badges/eslint.svg) ![prettier: checked](././paradox/badges/prettier.svg) ![build: checked](././paradox/badges/build.svg) ![tests: checked](././paradox/badges/tests.svg) ![docs: paradox](././paradox/badges/docs.svg)
6
+ ![license: MIT](././paradox/badges/license.svg) ![npm: v0.4.0](././paradox/badges/npm.svg) ![runtime: bun](././paradox/badges/runtime.svg) ![typescript: strict](././paradox/badges/typescript.svg) ![eslint: checked](././paradox/badges/eslint.svg) ![prettier: checked](././paradox/badges/prettier.svg) ![build: checked](././paradox/badges/build.svg) ![tests: checked](././paradox/badges/tests.svg) ![docs: paradox](././paradox/badges/docs.svg)
7
7
 
8
8
  Standalone Studio authoring package for Ankhorage apps.
9
9
 
@@ -0,0 +1,33 @@
1
+ import { type AppManifest } from '@ankhorage/contracts';
2
+ type ManifestAuth = NonNullable<AppManifest['infra']['auth']>;
3
+ type ManifestFlow = NonNullable<ManifestAuth['flow']>;
4
+ type ManifestSignIn = NonNullable<ManifestAuth['signIn']>;
5
+ type ManifestSignUp = NonNullable<ManifestAuth['signUp']>;
6
+ type ManifestOAuth = NonNullable<ManifestAuth['oauth']>;
7
+ type ManifestProfile = NonNullable<ManifestAuth['profile']>;
8
+ interface ValidationError {
9
+ readonly code: 'invalid_config';
10
+ readonly message: string;
11
+ }
12
+ type ValidationResult<T> = {
13
+ readonly ok: true;
14
+ readonly data: T;
15
+ } | {
16
+ readonly ok: false;
17
+ readonly error: ValidationError;
18
+ };
19
+ export interface StudioAuthSettings {
20
+ readonly scope: ManifestAuth['scope'];
21
+ readonly provider: ManifestAuth['provider'];
22
+ readonly flow: ManifestFlow;
23
+ readonly signIn: ManifestSignIn;
24
+ readonly signUp?: ManifestSignUp;
25
+ readonly oauth?: ManifestOAuth;
26
+ readonly profile?: ManifestProfile;
27
+ }
28
+ export type StudioAuthSettingsValidationResult = ValidationResult<StudioAuthSettings>;
29
+ export declare function readStudioAuthSettings(manifest: AppManifest): StudioAuthSettings | null;
30
+ export declare function applyStudioAuthSettings(manifest: AppManifest, settings: StudioAuthSettings): AppManifest;
31
+ export declare function validateStudioAuthSettings(value: unknown): StudioAuthSettingsValidationResult;
32
+ export {};
33
+ //# sourceMappingURL=authSettings.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authSettings.d.ts","sourceRoot":"","sources":["../src/authSettings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,WAAW,EAAqB,MAAM,sBAAsB,CAAC;AAI3E,KAAK,YAAY,GAAG,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAC9D,KAAK,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;AACtD,KAAK,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC1D,KAAK,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC1D,KAAK,aAAa,GAAG,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;AAExD,KAAK,eAAe,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC;AAC5D,UAAU,eAAe;IACvB,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AACD,KAAK,gBAAgB,CAAC,CAAC,IACrB;IAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG;IAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAA;CAAE,CAAC;AAEpG,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC;IAC5C,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,QAAQ,CAAC,MAAM,CAAC,EAAE,cAAc,CAAC;IACjC,QAAQ,CAAC,KAAK,CAAC,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,OAAO,CAAC,EAAE,eAAe,CAAC;CACpC;AAED,MAAM,MAAM,kCAAkC,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;AAwCtF,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,WAAW,GAAG,kBAAkB,GAAG,IAAI,CAyCvF;AAED,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,WAAW,EACrB,QAAQ,EAAE,kBAAkB,GAC3B,WAAW,CAqDb;AAED,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,kCAAkC,CAyC7F"}
@@ -0,0 +1,525 @@
1
+ import { DEFAULT_AUTH_FLOW } from '@ankhorage/contracts';
2
+ import { normalizeSecretRef } from '@ankhorage/contracts/secrets';
3
+ import { getSupabaseOAuthProviderDefinition } from '@ankhorage/supabase-auth';
4
+ const AUTH_SCOPES = new Set(['global', 'none', 'integrated']);
5
+ const AUTH_IDENTIFIERS = new Set(['email', 'phone', 'username']);
6
+ const AUTH_SIGN_UP_FIELDS = new Set([
7
+ 'email',
8
+ 'phone',
9
+ 'username',
10
+ 'password',
11
+ 'displayName',
12
+ 'firstName',
13
+ 'lastName',
14
+ ]);
15
+ const AUTH_SIGN_UP_POLICIES = new Set(['autoSignIn', 'requireVerification']);
16
+ const AUTH_PROFILE_FIELDS = new Set([
17
+ 'email',
18
+ 'phone',
19
+ 'username',
20
+ 'firstName',
21
+ 'lastName',
22
+ 'displayName',
23
+ 'avatarUrl',
24
+ ]);
25
+ const PROFILE_CREATE_STRATEGIES = new Set(['trigger', 'api', 'app']);
26
+ const PROFILE_UPDATE_STRATEGIES = new Set(['api', 'app']);
27
+ const FORBIDDEN_INLINE_SECRET_KEYS = new Set([
28
+ 'apikey',
29
+ 'clientid',
30
+ 'clientsecret',
31
+ 'credentials',
32
+ 'databasepassword',
33
+ 'password',
34
+ 'payload',
35
+ 'privatekey',
36
+ 'secret',
37
+ 'secretvalue',
38
+ 'servicerolekey',
39
+ 'token',
40
+ ]);
41
+ export function readStudioAuthSettings(manifest) {
42
+ const { auth } = manifest.infra;
43
+ if (!auth)
44
+ return null;
45
+ return {
46
+ scope: auth.scope,
47
+ provider: auth.provider,
48
+ flow: { ...(auth.flow ?? DEFAULT_AUTH_FLOW) },
49
+ signIn: { identifiers: [...(auth.signIn?.identifiers ?? ['email'])] },
50
+ ...(auth.signUp
51
+ ? {
52
+ signUp: {
53
+ requiredFields: [...auth.signUp.requiredFields],
54
+ ...(auth.signUp.optionalFields
55
+ ? { optionalFields: [...auth.signUp.optionalFields] }
56
+ : {}),
57
+ ...(auth.signUp.signUpPolicy ? { signUpPolicy: auth.signUp.signUpPolicy } : {}),
58
+ },
59
+ }
60
+ : {}),
61
+ ...(auth.oauth
62
+ ? {
63
+ oauth: {
64
+ enabled: auth.oauth.enabled,
65
+ callbackRoute: auth.oauth.callbackRoute,
66
+ providers: auth.oauth.providers.map(cloneOAuthProvider),
67
+ },
68
+ }
69
+ : {}),
70
+ ...(auth.profile
71
+ ? {
72
+ profile: {
73
+ fields: [...auth.profile.fields],
74
+ ...(auth.profile.table ? { table: auth.profile.table } : {}),
75
+ ...(auth.profile.primaryKey ? { primaryKey: auth.profile.primaryKey } : {}),
76
+ ...(auth.profile.createStrategy ? { createStrategy: auth.profile.createStrategy } : {}),
77
+ ...(auth.profile.updateStrategy ? { updateStrategy: auth.profile.updateStrategy } : {}),
78
+ },
79
+ }
80
+ : {}),
81
+ };
82
+ }
83
+ export function applyStudioAuthSettings(manifest, settings) {
84
+ const currentAuthorization = manifest.infra.auth?.authorization;
85
+ return {
86
+ ...manifest,
87
+ infra: {
88
+ ...manifest.infra,
89
+ auth: {
90
+ scope: settings.scope,
91
+ provider: settings.provider,
92
+ flow: { ...settings.flow },
93
+ signIn: { identifiers: [...settings.signIn.identifiers] },
94
+ ...(settings.signUp
95
+ ? {
96
+ signUp: {
97
+ requiredFields: [...settings.signUp.requiredFields],
98
+ ...(settings.signUp.optionalFields
99
+ ? { optionalFields: [...settings.signUp.optionalFields] }
100
+ : {}),
101
+ ...(settings.signUp.signUpPolicy
102
+ ? { signUpPolicy: settings.signUp.signUpPolicy }
103
+ : {}),
104
+ },
105
+ }
106
+ : {}),
107
+ ...(settings.oauth
108
+ ? {
109
+ oauth: {
110
+ enabled: settings.oauth.enabled,
111
+ callbackRoute: settings.oauth.callbackRoute,
112
+ providers: settings.oauth.providers.map(cloneOAuthProvider),
113
+ },
114
+ }
115
+ : {}),
116
+ ...(settings.profile
117
+ ? {
118
+ profile: {
119
+ fields: [...settings.profile.fields],
120
+ ...(settings.profile.table ? { table: settings.profile.table } : {}),
121
+ ...(settings.profile.primaryKey ? { primaryKey: settings.profile.primaryKey } : {}),
122
+ ...(settings.profile.createStrategy
123
+ ? { createStrategy: settings.profile.createStrategy }
124
+ : {}),
125
+ ...(settings.profile.updateStrategy
126
+ ? { updateStrategy: settings.profile.updateStrategy }
127
+ : {}),
128
+ },
129
+ }
130
+ : {}),
131
+ ...(currentAuthorization ? { authorization: currentAuthorization } : {}),
132
+ },
133
+ },
134
+ };
135
+ }
136
+ export function validateStudioAuthSettings(value) {
137
+ const forbiddenPath = findForbiddenInlineSecretPath(value);
138
+ if (forbiddenPath) {
139
+ return invalid(`Auth configuration cannot contain inline secret field "${forbiddenPath}".`);
140
+ }
141
+ const record = asRecord(value);
142
+ if (!record ||
143
+ !hasOnlyKeys(record, ['scope', 'provider', 'flow', 'signIn', 'signUp', 'oauth', 'profile'])) {
144
+ return invalid('Auth configuration contains unsupported fields.');
145
+ }
146
+ if (typeof record.scope !== 'string' || !AUTH_SCOPES.has(record.scope)) {
147
+ return invalid('Auth scope must be global, none, or integrated.');
148
+ }
149
+ if (record.provider !== 'supabase') {
150
+ return invalid('The current Studio auth provider must be supabase.');
151
+ }
152
+ const flow = parseFlow(record.flow);
153
+ if (!flow.ok)
154
+ return flow;
155
+ const signIn = parseSignIn(record.signIn);
156
+ if (!signIn.ok)
157
+ return signIn;
158
+ const signUp = record.signUp === undefined ? undefined : parseSignUp(record.signUp);
159
+ if (signUp && !signUp.ok)
160
+ return signUp;
161
+ const oauth = record.oauth === undefined ? undefined : parseOAuth(record.oauth);
162
+ if (oauth && !oauth.ok)
163
+ return oauth;
164
+ const profile = record.profile === undefined ? undefined : parseProfile(record.profile);
165
+ if (profile && !profile.ok)
166
+ return profile;
167
+ return success({
168
+ scope: record.scope,
169
+ provider: 'supabase',
170
+ flow: flow.data,
171
+ signIn: signIn.data,
172
+ ...(signUp ? { signUp: signUp.data } : {}),
173
+ ...(oauth ? { oauth: oauth.data } : {}),
174
+ ...(profile ? { profile: profile.data } : {}),
175
+ });
176
+ }
177
+ function parseFlow(value) {
178
+ const record = asRecord(value);
179
+ const keys = [
180
+ 'signInRoute',
181
+ 'signUpRoute',
182
+ 'signOutRoute',
183
+ 'forgotPasswordRoute',
184
+ 'otpRoute',
185
+ 'postSignInRoute',
186
+ 'unauthorizedRoute',
187
+ ];
188
+ if (!record || !hasOnlyKeys(record, keys)) {
189
+ return invalid('Auth flow contains unsupported fields.');
190
+ }
191
+ const signInRoute = readRoute(record.signInRoute, 'signInRoute');
192
+ if (!signInRoute.ok)
193
+ return signInRoute;
194
+ const postSignInRoute = readRoute(record.postSignInRoute, 'postSignInRoute');
195
+ if (!postSignInRoute.ok)
196
+ return postSignInRoute;
197
+ const optionalRoutes = [
198
+ 'signUpRoute',
199
+ 'signOutRoute',
200
+ 'forgotPasswordRoute',
201
+ 'otpRoute',
202
+ 'unauthorizedRoute',
203
+ ];
204
+ const parsed = {};
205
+ for (const key of optionalRoutes) {
206
+ if (record[key] === undefined)
207
+ continue;
208
+ const route = readRoute(record[key], key);
209
+ if (!route.ok)
210
+ return route;
211
+ parsed[key] = route.data;
212
+ }
213
+ return success({
214
+ signInRoute: signInRoute.data,
215
+ postSignInRoute: postSignInRoute.data,
216
+ ...parsed,
217
+ });
218
+ }
219
+ function parseSignIn(value) {
220
+ const record = asRecord(value);
221
+ if (!record || !hasOnlyKeys(record, ['identifiers'])) {
222
+ return invalid('Sign-in configuration contains unsupported fields.');
223
+ }
224
+ const identifiers = readStringArray(record.identifiers, 'Sign-in identifiers', AUTH_IDENTIFIERS);
225
+ if (!identifiers.ok)
226
+ return identifiers;
227
+ if (identifiers.data.length === 0)
228
+ return invalid('At least one sign-in identifier is required.');
229
+ return success({ identifiers: identifiers.data });
230
+ }
231
+ function parseSignUp(value) {
232
+ const record = asRecord(value);
233
+ if (!record || !hasOnlyKeys(record, ['requiredFields', 'optionalFields', 'signUpPolicy'])) {
234
+ return invalid('Sign-up configuration contains unsupported fields.');
235
+ }
236
+ const required = readStringArray(record.requiredFields, 'Required sign-up fields', AUTH_SIGN_UP_FIELDS);
237
+ if (!required.ok)
238
+ return required;
239
+ if (required.data.length === 0) {
240
+ return invalid('Enabled sign-up requires at least one required field.');
241
+ }
242
+ const optional = record.optionalFields === undefined
243
+ ? undefined
244
+ : readStringArray(record.optionalFields, 'Optional sign-up fields', AUTH_SIGN_UP_FIELDS);
245
+ if (optional && !optional.ok)
246
+ return optional;
247
+ if (record.signUpPolicy !== undefined &&
248
+ (typeof record.signUpPolicy !== 'string' || !AUTH_SIGN_UP_POLICIES.has(record.signUpPolicy))) {
249
+ return invalid('Sign-up policy must be autoSignIn or requireVerification.');
250
+ }
251
+ return success({
252
+ requiredFields: required.data,
253
+ ...(optional ? { optionalFields: optional.data } : {}),
254
+ ...(typeof record.signUpPolicy === 'string'
255
+ ? { signUpPolicy: record.signUpPolicy }
256
+ : {}),
257
+ });
258
+ }
259
+ function parseOAuth(value) {
260
+ const record = asRecord(value);
261
+ if (!record || !hasOnlyKeys(record, ['enabled', 'callbackRoute', 'providers'])) {
262
+ return invalid('OAuth configuration contains unsupported fields.');
263
+ }
264
+ if (typeof record.enabled !== 'boolean')
265
+ return invalid('OAuth enabled must be a boolean.');
266
+ const callbackRoute = readCallbackRoute(record.callbackRoute);
267
+ if (!callbackRoute.ok)
268
+ return callbackRoute;
269
+ if (!Array.isArray(record.providers))
270
+ return invalid('OAuth providers must be an array.');
271
+ const providers = [];
272
+ const providerIds = new Set();
273
+ const credentialRefs = new Map();
274
+ for (const providerValue of record.providers) {
275
+ const provider = parseOAuthProvider(providerValue);
276
+ if (!provider.ok)
277
+ return provider;
278
+ if (providerIds.has(provider.data.id)) {
279
+ return invalid(`OAuth provider "${provider.data.id}" is configured more than once.`);
280
+ }
281
+ providerIds.add(provider.data.id);
282
+ if (provider.data.credentialsRef) {
283
+ const owner = credentialRefs.get(provider.data.credentialsRef);
284
+ if (owner && owner !== provider.data.id) {
285
+ return invalid(`Secret reference "${provider.data.credentialsRef}" is shared by incompatible providers.`);
286
+ }
287
+ credentialRefs.set(provider.data.credentialsRef, provider.data.id);
288
+ }
289
+ providers.push(provider.data);
290
+ }
291
+ return success({ enabled: record.enabled, callbackRoute: callbackRoute.data, providers });
292
+ }
293
+ function parseOAuthProvider(value) {
294
+ const record = asRecord(value);
295
+ if (!record ||
296
+ !hasOnlyKeys(record, [
297
+ 'id',
298
+ 'label',
299
+ 'enabled',
300
+ 'scopes',
301
+ 'redirectTo',
302
+ 'queryParams',
303
+ 'icon',
304
+ 'credentialsRef',
305
+ ])) {
306
+ return invalid('OAuth provider configuration contains unsupported fields.');
307
+ }
308
+ if (typeof record.id !== 'string')
309
+ return invalid('OAuth provider id is required.');
310
+ const definition = getSupabaseOAuthProviderDefinition(record.id);
311
+ if (!definition)
312
+ return invalid(`OAuth provider "${record.id}" is not supported.`);
313
+ if (record.enabled !== undefined && typeof record.enabled !== 'boolean') {
314
+ return invalid('OAuth provider enabled must be a boolean.');
315
+ }
316
+ if (record.label !== undefined && typeof record.label !== 'string') {
317
+ return invalid('OAuth provider label must be a string.');
318
+ }
319
+ const scopes = record.scopes === undefined ? undefined : readStringArray(record.scopes, 'OAuth scopes');
320
+ if (scopes && !scopes.ok)
321
+ return scopes;
322
+ if (record.redirectTo !== undefined && typeof record.redirectTo !== 'string') {
323
+ return invalid('OAuth redirectTo must be a string.');
324
+ }
325
+ const queryParams = readOptionalStringRecord(record.queryParams, 'OAuth queryParams');
326
+ if (!queryParams.ok)
327
+ return queryParams;
328
+ const icon = readOptionalIcon(record.icon);
329
+ if (!icon.ok)
330
+ return icon;
331
+ let credentialsRef;
332
+ if (record.credentialsRef !== undefined) {
333
+ if (typeof record.credentialsRef !== 'string') {
334
+ return invalid('OAuth credentialsRef must be a string.');
335
+ }
336
+ const normalized = normalizeSecretRef(record.credentialsRef);
337
+ if (!normalized.ok)
338
+ return invalid(normalized.error.message);
339
+ credentialsRef = normalized.data;
340
+ }
341
+ if (record.enabled === true && !credentialsRef) {
342
+ return invalid(`Enabled OAuth provider "${record.id}" requires credentialsRef.`);
343
+ }
344
+ return success({
345
+ id: definition.id,
346
+ ...(typeof record.label === 'string' && record.label.trim()
347
+ ? { label: record.label.trim() }
348
+ : {}),
349
+ ...(typeof record.enabled === 'boolean' ? { enabled: record.enabled } : {}),
350
+ ...(scopes ? { scopes: scopes.data } : {}),
351
+ ...(typeof record.redirectTo === 'string' && record.redirectTo.trim()
352
+ ? { redirectTo: record.redirectTo.trim() }
353
+ : {}),
354
+ ...(queryParams.data ? { queryParams: queryParams.data } : {}),
355
+ ...(icon.data ? { icon: icon.data } : {}),
356
+ ...(credentialsRef ? { credentialsRef } : {}),
357
+ });
358
+ }
359
+ function parseProfile(value) {
360
+ const record = asRecord(value);
361
+ if (!record ||
362
+ !hasOnlyKeys(record, ['fields', 'table', 'primaryKey', 'createStrategy', 'updateStrategy'])) {
363
+ return invalid('Profile configuration contains unsupported fields.');
364
+ }
365
+ const fields = readStringArray(record.fields, 'Profile fields', AUTH_PROFILE_FIELDS);
366
+ if (!fields.ok)
367
+ return fields;
368
+ if (record.table !== undefined) {
369
+ if (typeof record.table !== 'string' || !record.table.trim()) {
370
+ return invalid('Profile table must be a non-empty string.');
371
+ }
372
+ if (record.table.trim().toLowerCase() === 'users') {
373
+ return invalid('Profile table cannot be named users.');
374
+ }
375
+ }
376
+ if (record.primaryKey !== undefined && record.primaryKey !== 'authUserId') {
377
+ return invalid('Profile primaryKey must be authUserId.');
378
+ }
379
+ if (record.createStrategy !== undefined &&
380
+ (typeof record.createStrategy !== 'string' ||
381
+ !PROFILE_CREATE_STRATEGIES.has(record.createStrategy))) {
382
+ return invalid('Profile createStrategy must be trigger, api, or app.');
383
+ }
384
+ if (record.updateStrategy !== undefined &&
385
+ (typeof record.updateStrategy !== 'string' ||
386
+ !PROFILE_UPDATE_STRATEGIES.has(record.updateStrategy))) {
387
+ return invalid('Profile updateStrategy must be api or app.');
388
+ }
389
+ return success({
390
+ fields: fields.data,
391
+ ...(typeof record.table === 'string' ? { table: record.table.trim() } : {}),
392
+ ...(record.primaryKey === 'authUserId' ? { primaryKey: 'authUserId' } : {}),
393
+ ...(typeof record.createStrategy === 'string'
394
+ ? { createStrategy: record.createStrategy }
395
+ : {}),
396
+ ...(typeof record.updateStrategy === 'string'
397
+ ? { updateStrategy: record.updateStrategy }
398
+ : {}),
399
+ });
400
+ }
401
+ function cloneOAuthProvider(provider) {
402
+ return {
403
+ ...provider,
404
+ ...(provider.scopes ? { scopes: [...provider.scopes] } : {}),
405
+ ...(provider.queryParams ? { queryParams: { ...provider.queryParams } } : {}),
406
+ ...(provider.icon ? { icon: { ...provider.icon } } : {}),
407
+ };
408
+ }
409
+ function readRoute(value, field) {
410
+ if (typeof value !== 'string')
411
+ return invalid(`${field} must be a string.`);
412
+ const route = value.trim();
413
+ if (!route || route.includes('://') || route.includes('?') || route.includes('#')) {
414
+ return invalid(`${field} must be an application route without URL, query, or hash syntax.`);
415
+ }
416
+ return success(route);
417
+ }
418
+ function readCallbackRoute(value) {
419
+ if (typeof value !== 'string')
420
+ return invalid('OAuth callbackRoute must be a string.');
421
+ const route = value.trim();
422
+ if (!route.startsWith('/') ||
423
+ route.includes('://') ||
424
+ route.includes('?') ||
425
+ route.includes('#')) {
426
+ return invalid('OAuth callbackRoute must be an absolute app path without query or hash syntax.');
427
+ }
428
+ return success(route);
429
+ }
430
+ function readStringArray(value, label, allowed) {
431
+ if (!Array.isArray(value)) {
432
+ return invalid(`${label} must be a string array.`);
433
+ }
434
+ const entries = [];
435
+ for (const entry of value) {
436
+ if (typeof entry !== 'string') {
437
+ return invalid(`${label} must be a string array.`);
438
+ }
439
+ const normalizedEntry = entry.trim();
440
+ if (normalizedEntry)
441
+ entries.push(normalizedEntry);
442
+ }
443
+ const normalized = [...new Set(entries)];
444
+ if (allowed && normalized.some((entry) => !allowed.has(entry))) {
445
+ return invalid(`${label} contains an unsupported value.`);
446
+ }
447
+ return success(normalized);
448
+ }
449
+ function readOptionalStringRecord(value, label) {
450
+ if (value === undefined)
451
+ return success(undefined);
452
+ const record = asRecord(value);
453
+ if (!record || Object.values(record).some((entry) => typeof entry !== 'string')) {
454
+ return invalid(`${label} must contain only string values.`);
455
+ }
456
+ return success(Object.fromEntries(Object.entries(record).map(([key, entry]) => [key, String(entry)])));
457
+ }
458
+ function readOptionalIcon(value) {
459
+ if (value === undefined)
460
+ return success(undefined);
461
+ const record = asRecord(value);
462
+ if (!record ||
463
+ !hasOnlyKeys(record, ['name', 'provider', 'size', 'color']) ||
464
+ typeof record.name !== 'string') {
465
+ return invalid('OAuth provider icon is invalid.');
466
+ }
467
+ if (record.provider !== undefined && typeof record.provider !== 'string') {
468
+ return invalid('OAuth provider icon provider must be a string.');
469
+ }
470
+ if (record.size !== undefined &&
471
+ typeof record.size !== 'string' &&
472
+ typeof record.size !== 'number') {
473
+ return invalid('OAuth provider icon size must be a string or number.');
474
+ }
475
+ if (record.color !== undefined && typeof record.color !== 'string') {
476
+ return invalid('OAuth provider icon color must be a string.');
477
+ }
478
+ return success({
479
+ name: record.name,
480
+ ...(typeof record.provider === 'string' ? { provider: record.provider } : {}),
481
+ ...(typeof record.size === 'string' || typeof record.size === 'number'
482
+ ? { size: record.size }
483
+ : {}),
484
+ ...(typeof record.color === 'string' ? { color: record.color } : {}),
485
+ });
486
+ }
487
+ function findForbiddenInlineSecretPath(value, parent = '') {
488
+ if (Array.isArray(value)) {
489
+ for (const [index, entry] of value.entries()) {
490
+ const found = findForbiddenInlineSecretPath(entry, `${parent}[${index}]`);
491
+ if (found)
492
+ return found;
493
+ }
494
+ return null;
495
+ }
496
+ const record = asRecord(value);
497
+ if (!record)
498
+ return null;
499
+ for (const [key, entry] of Object.entries(record)) {
500
+ const path = parent ? `${parent}.${key}` : key;
501
+ const normalizedKey = key.replace(/[^a-z0-9]/giu, '').toLowerCase();
502
+ if (FORBIDDEN_INLINE_SECRET_KEYS.has(normalizedKey))
503
+ return path;
504
+ const found = findForbiddenInlineSecretPath(entry, path);
505
+ if (found)
506
+ return found;
507
+ }
508
+ return null;
509
+ }
510
+ function hasOnlyKeys(record, allowed) {
511
+ const allowedSet = new Set(allowed);
512
+ return Object.keys(record).every((key) => allowedSet.has(key));
513
+ }
514
+ function asRecord(value) {
515
+ return typeof value === 'object' && value !== null && !Array.isArray(value)
516
+ ? value
517
+ : null;
518
+ }
519
+ function success(data) {
520
+ return { ok: true, data };
521
+ }
522
+ function invalid(message) {
523
+ return { ok: false, error: { code: 'invalid_config', message } };
524
+ }
525
+ //# sourceMappingURL=authSettings.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authSettings.js","sourceRoot":"","sources":["../src/authSettings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoB,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,kCAAkC,EAAE,MAAM,0BAA0B,CAAC;AA4B9E,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC;AAC9D,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;AACjE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,OAAO;IACP,OAAO;IACP,UAAU;IACV,UAAU;IACV,aAAa;IACb,WAAW;IACX,UAAU;CACX,CAAC,CAAC;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,EAAE,qBAAqB,CAAC,CAAC,CAAC;AAC7E,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,UAAU;IACV,aAAa;IACb,WAAW;CACZ,CAAC,CAAC;AACH,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AACrE,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAC1D,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,QAAQ;IACR,UAAU;IACV,cAAc;IACd,aAAa;IACb,kBAAkB;IAClB,UAAU;IACV,SAAS;IACT,YAAY;IACZ,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,OAAO;CACR,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,QAAqB;IAC1D,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC;IAChC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,iBAAiB,CAAC,EAAE;QAC7C,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;QACrE,GAAG,CAAC,IAAI,CAAC,MAAM;YACb,CAAC,CAAC;gBACE,MAAM,EAAE;oBACN,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;oBAC/C,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc;wBAC5B,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;wBACrD,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAChF;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,KAAK;YACZ,CAAC,CAAC;gBACE,KAAK,EAAE;oBACL,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;oBAC3B,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa;oBACvC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC;iBACxD;aACF;YACH,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,IAAI,CAAC,OAAO;YACd,CAAC,CAAC;gBACE,OAAO,EAAE;oBACP,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;oBAChC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC3E,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvF,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACxF;aACF;YACH,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,QAAqB,EACrB,QAA4B;IAE5B,MAAM,oBAAoB,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,aAAa,CAAC;IAEhE,OAAO;QACL,GAAG,QAAQ;QACX,KAAK,EAAE;YACL,GAAG,QAAQ,CAAC,KAAK;YACjB,IAAI,EAAE;gBACJ,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,IAAI,EAAE,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE;gBAC1B,MAAM,EAAE,EAAE,WAAW,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE;gBACzD,GAAG,CAAC,QAAQ,CAAC,MAAM;oBACjB,CAAC,CAAC;wBACE,MAAM,EAAE;4BACN,cAAc,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC;4BACnD,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,cAAc;gCAChC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;gCACzD,CAAC,CAAC,EAAE,CAAC;4BACP,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY;gCAC9B,CAAC,CAAC,EAAE,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE;gCAChD,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,QAAQ,CAAC,KAAK;oBAChB,CAAC,CAAC;wBACE,KAAK,EAAE;4BACL,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,OAAO;4BAC/B,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa;4BAC3C,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC;yBAC5D;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,QAAQ,CAAC,OAAO;oBAClB,CAAC,CAAC;wBACE,OAAO,EAAE;4BACP,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;4BACpC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BACpE,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;4BACnF,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc;gCACjC,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE;gCACrD,CAAC,CAAC,EAAE,CAAC;4BACP,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc;gCACjC,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE;gCACrD,CAAC,CAAC,EAAE,CAAC;yBACR;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACzE;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,KAAc;IACvD,MAAM,aAAa,GAAG,6BAA6B,CAAC,KAAK,CAAC,CAAC;IAC3D,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,OAAO,CAAC,0DAA0D,aAAa,IAAI,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IACE,CAAC,MAAM;QACP,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,EAC3F,CAAC;QACD,OAAO,OAAO,CAAC,iDAAiD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACvE,OAAO,OAAO,CAAC,iDAAiD,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QACnC,OAAO,OAAO,CAAC,oDAAoD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,OAAO,MAAM,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpF,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,OAAO,MAAM,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChF,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACxF,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE;QAAE,OAAO,OAAO,CAAC;IAE3C,OAAO,OAAO,CAAC;QACb,KAAK,EAAE,MAAM,CAAC,KAA8B;QAC5C,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1C,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG;QACX,aAAa;QACb,aAAa;QACb,cAAc;QACd,qBAAqB;QACrB,UAAU;QACV,iBAAiB;QACjB,mBAAmB;KACpB,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1C,OAAO,OAAO,CAAC,wCAAwC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IACjE,IAAI,CAAC,WAAW,CAAC,EAAE;QAAE,OAAO,WAAW,CAAC;IACxC,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;IAC7E,IAAI,CAAC,eAAe,CAAC,EAAE;QAAE,OAAO,eAAe,CAAC;IAEhD,MAAM,cAAc,GAAG;QACrB,aAAa;QACb,cAAc;QACd,qBAAqB;QACrB,UAAU;QACV,mBAAmB;KACX,CAAC;IACX,MAAM,MAAM,GAA0B,EAAE,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS;YAAE,SAAS;QACxC,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK,CAAC,EAAE;YAAE,OAAO,KAAK,CAAC;QAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,OAAO,OAAO,CAAC;QACb,WAAW,EAAE,WAAW,CAAC,IAAI;QAC7B,eAAe,EAAE,eAAe,CAAC,IAAI;QACrC,GAAG,MAAM;KACV,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC,oDAAoD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,WAAW,GAAG,eAAe,CAAC,MAAM,CAAC,WAAW,EAAE,qBAAqB,EAAE,gBAAgB,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW,CAAC,EAAE;QAAE,OAAO,WAAW,CAAC;IACxC,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,8CAA8C,CAAC,CAAC;IAClG,OAAO,OAAO,CAAC,EAAE,WAAW,EAAE,WAAW,CAAC,IAAqC,EAAE,CAAC,CAAC;AACrF,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;QAC1F,OAAO,OAAO,CAAC,oDAAoD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,QAAQ,GAAG,eAAe,CAC9B,MAAM,CAAC,cAAc,EACrB,yBAAyB,EACzB,mBAAmB,CACpB,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,QAAQ,CAAC;IAClC,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,uDAAuD,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,QAAQ,GACZ,MAAM,CAAC,cAAc,KAAK,SAAS;QACjC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,cAAc,EAAE,yBAAyB,EAAE,mBAAmB,CAAC,CAAC;IAC7F,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,QAAQ,CAAC;IAC9C,IACE,MAAM,CAAC,YAAY,KAAK,SAAS;QACjC,CAAC,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,EAC5F,CAAC;QACD,OAAO,OAAO,CAAC,2DAA2D,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,OAAO,CAAC;QACb,cAAc,EAAE,QAAQ,CAAC,IAAI;QAC7B,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,GAAG,CAAC,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ;YACzC,CAAC,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,YAA2D,EAAE;YACtF,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;AACL,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC;QAC/E,OAAO,OAAO,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,kCAAkC,CAAC,CAAC;IAC5F,MAAM,aAAa,GAAG,iBAAiB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC9D,IAAI,CAAC,aAAa,CAAC,EAAE;QAAE,OAAO,aAAa,CAAC;IAC5C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC,mCAAmC,CAAC,CAAC;IAE1F,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IACjD,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,QAAQ,CAAC;QAClC,IAAI,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC,mBAAmB,QAAQ,CAAC,IAAI,CAAC,EAAE,iCAAiC,CAAC,CAAC;QACvF,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClC,IAAI,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC/D,IAAI,KAAK,IAAI,KAAK,KAAK,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACxC,OAAO,OAAO,CACZ,qBAAqB,QAAQ,CAAC,IAAI,CAAC,cAAc,wCAAwC,CAC1F,CAAC;YACJ,CAAC;YACD,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;AAC5F,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IACE,CAAC,MAAM;QACP,CAAC,WAAW,CAAC,MAAM,EAAE;YACnB,IAAI;YACJ,OAAO;YACP,SAAS;YACT,QAAQ;YACR,YAAY;YACZ,aAAa;YACb,MAAM;YACN,gBAAgB;SACjB,CAAC,EACF,CAAC;QACD,OAAO,OAAO,CAAC,2DAA2D,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,gCAAgC,CAAC,CAAC;IACpF,MAAM,UAAU,GAAG,kCAAkC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACjE,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC,mBAAmB,MAAM,CAAC,EAAE,qBAAqB,CAAC,CAAC;IACnF,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACxE,OAAO,OAAO,CAAC,2CAA2C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnE,OAAO,OAAO,CAAC,wCAAwC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,MAAM,GACV,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC3F,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,OAAO,MAAM,CAAC;IACxC,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC7E,OAAO,OAAO,CAAC,oCAAoC,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC;IACtF,IAAI,CAAC,WAAW,CAAC,EAAE;QAAE,OAAO,WAAW,CAAC;IACxC,MAAM,IAAI,GAAG,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IAE1B,IAAI,cAAkC,CAAC;IACvC,IAAI,MAAM,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACxC,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,wCAAwC,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAC7D,IAAI,CAAC,UAAU,CAAC,EAAE;YAAE,OAAO,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7D,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC;IACnC,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,KAAK,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QAC/C,OAAO,OAAO,CAAC,2BAA2B,MAAM,CAAC,EAAE,4BAA4B,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,OAAO,CAAC;QACb,EAAE,EAAE,UAAU,CAAC,EAAE;QACjB,GAAG,CAAC,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE;YACzD,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE;YAChC,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,OAAO,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1C,GAAG,CAAC,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE;YACnE,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE;YAC1C,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9C,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IACE,CAAC,MAAM;QACP,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,CAAC,EAC3F,CAAC;QACD,OAAO,OAAO,CAAC,oDAAoD,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,CAAC,CAAC;IACrF,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,OAAO,MAAM,CAAC;IAC9B,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAC7D,OAAO,OAAO,CAAC,2CAA2C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;YAClD,OAAO,OAAO,CAAC,sCAAsC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,MAAM,CAAC,UAAU,KAAK,YAAY,EAAE,CAAC;QAC1E,OAAO,OAAO,CAAC,wCAAwC,CAAC,CAAC;IAC3D,CAAC;IACD,IACE,MAAM,CAAC,cAAc,KAAK,SAAS;QACnC,CAAC,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ;YACxC,CAAC,yBAAyB,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,EACxD,CAAC;QACD,OAAO,OAAO,CAAC,sDAAsD,CAAC,CAAC;IACzE,CAAC;IACD,IACE,MAAM,CAAC,cAAc,KAAK,SAAS;QACnC,CAAC,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ;YACxC,CAAC,yBAAyB,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,EACxD,CAAC;QACD,OAAO,OAAO,CAAC,4CAA4C,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO,OAAO,CAAC;QACb,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,GAAG,CAAC,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3E,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,YAAqB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpF,GAAG,CAAC,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ;YAC3C,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,cAAgE,EAAE;YAC7F,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ;YAC3C,CAAC,CAAC,EAAE,cAAc,EAAE,MAAM,CAAC,cAAgE,EAAE;YAC7F,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,QAA+B;IACzD,OAAO;QACL,GAAG,QAAQ;QACX,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,GAAG,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACzD,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,KAAc,EAAE,KAAa;IAC9C,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,GAAG,KAAK,oBAAoB,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAClF,OAAO,OAAO,CAAC,GAAG,KAAK,mEAAmE,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,uCAAuC,CAAC,CAAC;IACvF,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;QACtB,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EACnB,CAAC;QACD,OAAO,OAAO,CACZ,gFAAgF,CACjF,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CACtB,KAAc,EACd,KAAa,EACb,OAA6B;IAE7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,GAAG,KAAK,0BAA0B,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,KAAK,IAAI,KAA2B,EAAE,CAAC;QAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,OAAO,CAAC,GAAG,KAAK,0BAA0B,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,eAAe;YAAE,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACrD,CAAC;IACD,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IACzC,IAAI,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC/D,OAAO,OAAO,CAAC,GAAG,KAAK,iCAAiC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,wBAAwB,CAC/B,KAAc,EACd,KAAa;IAEb,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,EAAE,CAAC;QAChF,OAAO,OAAO,CAAC,GAAG,KAAK,mCAAmC,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CACZ,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CACvF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAc;IAEd,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IACE,CAAC,MAAM;QACP,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC3D,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,OAAO,CAAC,iCAAiC,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACzE,OAAO,OAAO,CAAC,gDAAgD,CAAC,CAAC;IACnE,CAAC;IACD,IACE,MAAM,CAAC,IAAI,KAAK,SAAS;QACzB,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;QAC/B,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAC/B,CAAC;QACD,OAAO,OAAO,CAAC,sDAAsD,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACnE,OAAO,OAAO,CAAC,6CAA6C,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,OAAO,CAAC;QACb,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,GAAG,CAAC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,GAAG,CAAC,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;YACpE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE;YACvB,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACrE,CAAC,CAAC;AACL,CAAC;AAED,SAAS,6BAA6B,CAAC,KAAc,EAAE,MAAM,GAAG,EAAE;IAChE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,6BAA6B,CAAC,KAAK,EAAE,GAAG,MAAM,IAAI,KAAK,GAAG,CAAC,CAAC;YAC1E,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/C,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,IAAI,4BAA4B,CAAC,GAAG,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;QACjE,MAAM,KAAK,GAAG,6BAA6B,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,MAA+B,EAAE,OAA0B;IAC9E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QACzE,CAAC,CAAE,KAAiC;QACpC,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,OAAO,CAAI,IAAO;IACzB,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,OAAO,CAAC,OAAe;IAC9B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE,CAAC;AACnE,CAAC"}
@@ -0,0 +1,30 @@
1
+ import type { ProjectAuthHealth } from '../../projectAuthHealth';
2
+ import type { ProjectManager } from '../orchestrator/projectManager';
3
+ import type { ProjectSecretService } from '../secrets/projectSecretService';
4
+ type ProjectAuthHealthManager = Pick<ProjectManager, 'getProjectManifest' | 'getStudioManifest'>;
5
+ export declare class ProjectAuthHealthService {
6
+ private readonly projectManager;
7
+ private readonly secretService;
8
+ constructor(options: {
9
+ readonly projectManager: ProjectAuthHealthManager;
10
+ readonly secretService: Pick<ProjectSecretService, 'list'>;
11
+ });
12
+ get(input: {
13
+ readonly projectId: string;
14
+ readonly environment?: string;
15
+ }): Promise<ProjectAuthHealthResult>;
16
+ private readEditableManifest;
17
+ }
18
+ export type ProjectAuthHealthResult = {
19
+ readonly ok: true;
20
+ readonly state: 'loaded';
21
+ readonly data: ProjectAuthHealth;
22
+ } | {
23
+ readonly ok: false;
24
+ readonly error: {
25
+ readonly code: 'manifest_read_failed';
26
+ readonly message: string;
27
+ };
28
+ };
29
+ export {};
30
+ //# sourceMappingURL=projectAuthHealthService.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"projectAuthHealthService.d.ts","sourceRoot":"","sources":["../../../src/host/auth/projectAuthHealthService.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAEjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AAE5E,KAAK,wBAAwB,GAAG,IAAI,CAAC,cAAc,EAAE,oBAAoB,GAAG,mBAAmB,CAAC,CAAC;AAEjG,qBAAa,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA2B;IAC1D,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAqC;gBAEvD,OAAO,EAAE;QACnB,QAAQ,CAAC,cAAc,EAAE,wBAAwB,CAAC;QAClD,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;KAC5D;IAKK,GAAG,CAAC,KAAK,EAAE;QACf,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;KAC/B,GAAG,OAAO,CAAC,uBAAuB,CAAC;YA8BtB,oBAAoB;CAOnC;AAED,MAAM,MAAM,uBAAuB,GAC/B;IACE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAC;CAClC,GACD;IACE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,KAAK,EAAE;QACd,QAAQ,CAAC,IAAI,EAAE,sBAAsB,CAAC;QACtC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH,CAAC"}