@apart-tech/intelligence-core 1.11.4 → 1.11.6

package/dist/auth/ability.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ability.test.js","sourceRoot":"","sources":["../../src/auth/ability.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAE9C,OAAO,EACL,YAAY,EACZ,SAAS,EACT,4BAA4B,GAG7B,MAAM,cAAc,CAAC;AAOtB,8EAA8E;AAE9E,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;IACnD,MAAM,KAAK,GAAkB;QAC3B,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,mBAAmB;QAC1B,cAAc,EAAE,OAAO;QACvB,IAAI,EAAE,OAAO;KACd,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAEpC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,KAAK,MAAM,MAAM,IAAI;YACnB,QAAQ;YACR,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;SACA,EAAE,CAAC;YACX,KAAK,MAAM,OAAO,IAAI;gBACpB,cAAc;gBACd,YAAY;gBACZ,QAAQ;gBACR,MAAM;gBACN,WAAW;gBACX,eAAe;gBACf,KAAK;gBACL,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,QAAQ;gBACR,WAAW;gBACX,UAAU;gBACV,gBAAgB;gBAChB,cAAc;gBACd,YAAY;gBACZ,KAAK;aACG,EAAE,CAAC;gBACX,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,sEAAsE;QACtE,uEAAuE;QACvE,kEAAkE;QAClE,wEAAwE;QACxE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qCAAqC,EAAE,GAAG,EAAE;IACnD,MAAM,KAAK,GAAkB;QAC3B,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,mBAAmB;QAC1B,cAAc,EAAE,OAAO;QACvB,IAAI,EAAE,OAAO;KACd,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAEpC,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,+DAA+D;QAC/D,qEAAqE;QACrE,mEAAmE;QACnE,8BAA8B;QAC9B,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,uEAAuE;QACvE,4CAA4C;QAC5C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,kEAAkE;QAClE,kEAAkE;QAClE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,gEAAgE;IAChE,EAAE,CAAC,oGAAoG,EAAE,GAAG,EAAE;QAC5G,KAAK,MAAM,OAAO,IAAI;YACpB,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,WAAW;YACX,UAAU;YACV,gBAAgB;YAChB,cAAc;YACd,YAAY;YACZ,KAAK;SACG,EAAE,CAAC;YACX,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;IACpD,MAAM,MAAM,GAAkB;QAC5B,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,oBAAoB;QAC3B,cAAc,EAAE,OAAO;QACvB,IAAI,EAAE,QAAQ;KACf,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAErC,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,qEAAqE;QACrE,oEAAoE;QACpE,kEAAkE;QAClE,uEAAuE;QACvE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,mEAAmE;IACnE,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,KAAK,MAAM,OAAO,IAAI,CAAC,MAAM,EAAE,WAAW,CAAU,EAAE,CAAC;YACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wFAAwF,EAAE,GAAG,EAAE;QAChG,KAAK,MAAM,OAAO,IAAI;YACpB,QAAQ;YACR,QAAQ;YACR,gBAAgB;YAChB,cAAc;YACd,QAAQ;SACA,EAAE,CAAC;YACX,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oDAAoD,EAAE,GAAG,EAAE;IAClE,MAAM,QAAQ,GAAkB;QAC9B,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,iBAAiB;QACxB,cAAc,EAAE,IAAI;QACpB,IAAI,EAAE,MAAM;KACb,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAEvC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gGAAgG,EAAE,GAAG,EAAE;QACxG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,QAAQ,CAAC,+DAA+D,EAAE,GAAG,EAAE;IAC7E,MAAM,MAAM,GAAsB;QAChC,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,yBAAyB;QAC7B,cAAc,EAAE,OAAO;QACvB,IAAI,EAAE,gBAAgB;QACtB,YAAY,EAAE,IAAI;KACnB,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAErC,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,2EAA2E;IAC3E,EAAE;IACF,+DAA+D;IAC/D,+DAA+D;IAC/D,iEAAiE;IACjE,yDAAyD;IACzD,mEAAmE;IACnE,oEAAoE;IACpE,oEAAoE;IACpE,oEAAoE;IACpE,8DAA8D;IAC9D,kEAAkE;IAClE,4DAA4D;IAC5D,6DAA6D;IAE7D,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,gEAAgE;QAChE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,KAAK,MAAM,MAAM,IAAI;YACnB,QAAQ;YACR,MAAM;YACN,QAAQ;YACR,QAAQ;YACR,QAAQ;SACA,EAAE,CAAC;YACX,KAAK,MAAM,OAAO,IAAI;gBACpB,cAAc;gBACd,YAAY;gBACZ,QAAQ;gBACR,MAAM;gBACN,WAAW;gBACX,eAAe;gBACf,KAAK;gBACL,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,QAAQ;gBACR,WAAW;gBACX,UAAU;gBACV,gBAAgB;gBAChB,cAAc;gBACd,YAAY;gBACZ,KAAK;aACG,EAAE,CAAC;gBACX,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qEAAqE,EAAE,GAAG,EAAE;IACnF,MAAM,MAAM,GAAsB;QAChC,IAAI,EAAE,WAAW;QACjB,EAAE,EAAE,YAAY;QAChB,cAAc,EAAE,OAAO;QACvB,IAAI,EAAE,+BAA+B;QACrC,YAAY,EAAE,KAAK;KACpB,CAAC;IACF,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IAErC,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,QAAQ,CAAC,yEAAyE,EAAE,GAAG,EAAE;IACvF,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,mEAAmE;QACnE,iEAAiE;QACjE,sDAAsD;QACtD,MAAM,QAAQ,GAAiB;YAC7B,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;SAC1C,CAAC;QACF,MAAM,SAAS,GAA4B;YACzC,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,OAAO;YACvB,eAAe,EAAE,QAAQ;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAExC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,SAAS,GAA4B;YACzC,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,OAAO;YACvB,eAAe,EAAE,sBAAsB;SACxC,CAAC;QACF,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAExC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,SAAS,GAA4B;YACzC,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,OAAO;YACvB,eAAe,EAAE,IAAI;SACtB,CAAC;QACF,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAExC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,SAAS,GAA4B;YACzC,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,OAAO;YACvB,eAAe,EAAE,EAAE;SACpB,CAAC;QACF,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAExC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,sEAAsE;QACtE,8DAA8D;QAC9D,MAAM,QAAQ,GAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACtE,MAAM,SAAS,GAA4B;YACzC,IAAI,EAAE,iBAAiB;YACvB,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,cAAc,EAAE,OAAO;YACvB,eAAe,EAAE,QAAQ;SAC1B,CAAC;QACF,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAExC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,SAAS,SAAS,CAAC,KAAmB;IACpC,OAAO,kBAAkB,CAAa,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,SAAS,CACtB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACtC,EAAE,CACH,CAAC;QACF,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,MAAM,GAAG,SAAS,CACtB,EAAE,EACF,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CACvC,CAAC;QACF,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAElC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IAC1C,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,MAAM,GAAG,SAAS,CACtB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACtC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CACvC,CAAC;QACF,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAElC,mEAAmE;QACnE,oEAAoE;QACpE,mEAAmE;QACnE,gEAAgE;QAChE,KAAK,MAAM,MAAM,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAU,EAAE,CAAC;YACrE,KAAK,MAAM,OAAO,IAAI;gBACpB,cAAc;gBACd,YAAY;gBACZ,QAAQ;gBACR,MAAM;aACE,EAAE,CAAC;gBACX,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAAiB;YAC1B,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;SAC1C,CAAC;QACF,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAEnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACrE,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,OAAO,GAAG,SAAS,CACvB,SAAS,CACP,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EACtC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAC9C,CACF,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,OAAO,GAAG,SAAS,CACvB,SAAS,CACP;YACE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;SAC1C,EACD,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CACvC,CACF,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,oEAAoE;QACpE,+DAA+D;QAC/D,8DAA8D;QAC9D,qBAAqB;QACrB,MAAM,OAAO,GAAG,SAAS,CACvB,SAAS,CACP,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EACzC;YACE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;YACzC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE;YACrC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE;SACpC,CACF,CACF,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,OAAO,GAAG,SAAS,CACvB,SAAS,CACP,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAC7C,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CACxC,CACF,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iGAAiG,EAAE,GAAG,EAAE;QACzG,MAAM,OAAO,GAAG,SAAS,CACvB,SAAS,CACP,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAC7C,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAChD,CACF,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,gEAAgE;QAChE,kEAAkE;QAClE,sBAAsB;QACtB,MAAM,UAAU,GAAiB;YAC/B,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;YACvC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;SAC1C,CAAC;QACF,MAAM,eAAe,GAAiB;YACpC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE;SACxC,CAAC;QAEF,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC,CAAC;QAElE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,qEAAqE;QACrE,oDAAoD;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,8DAA8D;QAC9D,kEAAkE;QAClE,mDAAmD;QACnD,MAAM,WAAW,GAAiB;YAChC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;SAC1C,CAAC;QACF,MAAM,mBAAmB,GAAiB;YACxC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;SACrC,CAAC;QAEF,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAEvE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,oEAAoE;IACpE,kEAAkE;IAClE,wEAAwE;IACxE,8DAA8D;IAC9D,kEAAkE;IAClE,2DAA2D;IAE3D,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,iEAAiE;QACjE,2DAA2D;QAC3D,4BAA4B;QAC5B,MAAM,UAAU,GAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,MAAM,WAAW,GAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;QAE9D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,GAAG,EAAE;QACnF,+DAA+D;QAC/D,gEAAgE;QAChE,uDAAuD;QACvD,MAAM,WAAW,GAAiB;YAChC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;YACzC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE;YACxC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE;YAC5C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE;SACnC,CAAC;QACF,MAAM,WAAW,GAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QAE/D,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,wDAAwD;QACxD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,+DAA+D;QAC/D,+DAA+D;QAC/D,oDAAoD;QACpD,MAAM,UAAU,GAAiB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,MAAM,aAAa,GAAiB;YAClC,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE;SACnC,CAAC;QACF,MAAM,OAAO,GAAG,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC;QAEhE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uCAAuC,EAAE,GAAG,EAAE;IACrD,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,iBAAiB,GAAG;YACxB;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc;gBACvB,UAAU,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE;aACxC;SACyB,CAAC;QAE7B,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACpD,4BAA4B,CAC7B,CAAC;QACF,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,kBAAkB,GAAG;YACzB;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc;gBACvB,UAAU,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE;aACxC;SACyB,CAAC;QAE7B,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC,OAAO,CACrD,4BAA4B,CAC7B,CAAC;QACF,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,UAAU,GAAG;YACjB;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc;gBACvB,MAAM,EAAE,CAAC,MAAM,CAAC;aACjB;SACyB,CAAC;QAE7B,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAC7C,4BAA4B,CAC7B,CAAC;QACF,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,KAAK,GAAG;YACZ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE;YAC3C,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;YACzC;gBACE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,QAAQ;gBACjB,UAAU,EAAE,EAAE,cAAc,EAAE,OAAO,EAAE;aACxC;SACyB,CAAC;QAE7B,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/delegation-jwt.d.ts

@@ -0,0 +1,167 @@
+/**
+ * In-process delegation JWT helpers (Phase 1d).
+ *
+ * Phase 1d replaces the original RFC 8693 Token Exchange plan with
+ * in-process delegation tokens — decision `e2f847e2`. When a user spawns
+ * an agent run, the API mints a short-lived JWT whose payload names the
+ * `AgentRun`, the user it runs on behalf of, and the organization; the
+ * sandbox receives this token instead of the user's Apart access token
+ * and presents it on every callback. The middleware verifies the token,
+ * looks up the `AgentRun`, and reconstructs a `DelegatedAgentPrincipal`
+ * whose ability is the captured snapshot from `AgentRun.captured_ability`
+ * (the Phase 1c column).
+ *
+ * Design notes
+ * ------------
+ * - **HS256 HMAC**, not RSA. The signer and the verifier are the same
+ *   process (the intelligence-api backend). There are no third-party
+ *   verifiers, so a symmetric key is the simplest correct shape and
+ *   avoids any public-key distribution story.
+ * - **Key material** is a 32-byte random value, base64-encoded, stored
+ *   in GCP Secret Manager as `intelligence-api-{env}-delegation-jwt-key`.
+ *   See `docs/runbooks/auth0-tenant-provisioning.md` for the rotation
+ *   procedure. The helpers here take the decoded key as a `Uint8Array`
+ *   argument; `loadDelegationKeyFromEnv` handles the env-var boundary.
+ * - **Issuer claim** distinguishes delegation tokens from Auth0 tokens
+ *   in the middleware. Auth0 issuers are `https://apart-next-*.eu.auth0.com/`
+ *   (URL-shaped); the delegation issuer is the bare string
+ *   `apart-intelligence` — the middleware can decode the JWT header/
+ *   payload without verifying to route a request to the right verifier.
+ * - **TTL is 15 minutes**, matching the spec's "short-lived" guidance.
+ *   A sandbox callback that arrives more than 15 minutes after spawn
+ *   gets a fresh token via the refresh-on-callback flow (see the Phase
+ *   1d user story `ed8fcc68`).
+ * - **No condition on `aud`.** A delegation token is only ever sent to
+ *   the intelligence-api and only ever verified by the intelligence-api;
+ *   an audience claim adds nothing a process-local HMAC key does not
+ *   already give us. `iss` is the one claim the middleware inspects to
+ *   route between Auth0 and delegation.
+ */
+/** The fixed issuer claim for delegation tokens. Checked on verify. */
+export declare const DELEGATION_ISSUER = "apart-intelligence";
+/** The fixed signing algorithm. HS256 matches the HMAC key material. */
+export declare const DELEGATION_ALGORITHM = "HS256";
+/** Delegation token lifetime in seconds. 15 minutes. */
+export declare const DELEGATION_TTL_SECONDS: number;
+/** The minimum acceptable key length, in bytes, after base64 decode. */
+export declare const DELEGATION_KEY_MIN_BYTES = 32;
+/**
+ * The fully-decoded payload of a delegation token. This is what the
+ * verifier returns and what the middleware threads into the
+ * `DelegatedAgentPrincipal` before calling `buildAbility`.
+ *
+ * - `sub` is the `AgentRun.id` the token was minted for.
+ * - `behalfOf` is the `User.id` who spawned the run.
+ * - `organizationId` is the org the run is scoped to.
+ * - `iat` and `exp` are JWT-standard, seconds-since-epoch.
+ */
+export interface DelegationTokenPayload {
+    sub: string;
+    behalfOf: string;
+    organizationId: string;
+    iat: number;
+    exp: number;
+}
+/** Arguments accepted by `mintDelegationToken`. */
+export interface MintDelegationTokenArgs {
+    agentRunId: string;
+    userId: string;
+    organizationId: string;
+    /**
+     * Optional override for TTL in seconds. Defaults to
+     * {@link DELEGATION_TTL_SECONDS}. Tests use short TTLs to exercise
+     * expiry paths without real-time sleeps.
+     */
+    ttlSeconds?: number;
+    /**
+     * Optional override for the "now" timestamp in seconds since epoch.
+     * Tests inject a fixed value so expiry and iat claims are
+     * deterministic.
+     */
+    nowSeconds?: number;
+}
+/** Discriminant for the typed reasons `verifyDelegationToken` can fail. */
+export type DelegationTokenErrorReason = "malformed" | "bad_signature" | "expired" | "wrong_issuer" | "missing_claim";
+/**
+ * Thrown by `verifyDelegationToken` on any verification failure. The
+ * `reason` discriminant lets the middleware map failures to the right
+ * HTTP status (401 for signature/expiry/issuer, 400 for malformed) and
+ * the right audit-event classification without having to parse error
+ * messages.
+ */
+export declare class DelegationTokenError extends Error {
+    readonly reason: DelegationTokenErrorReason;
+    readonly detail: string;
+    constructor(reason: DelegationTokenErrorReason, detail: string);
+}
+/**
+ * Mint a signed delegation token. Pure function: takes the claims and
+ * the key, returns the compact-serialization JWT string. Never touches
+ * the filesystem, the network, or the database.
+ *
+ * The caller is responsible for persisting the `AgentRun` row and its
+ * `captured_ability` before minting — if the token lands in the
+ * sandbox before the `AgentRun` row is visible to a concurrent
+ * middleware verification, the verifier will see a token whose `sub`
+ * is not in the DB and must reject with the appropriate error. That
+ * ordering belongs to the spawn path, not here.
+ */
+export declare function mintDelegationToken(args: MintDelegationTokenArgs, key: Uint8Array): Promise<string>;
+/**
+ * Verify a delegation token string against the given key. Returns the
+ * decoded payload or throws a `DelegationTokenError` with a typed
+ * reason. Never touches the filesystem, the network, or the database.
+ *
+ * Verification checks, in order:
+ *  1. The token is a syntactically valid JWS compact serialization.
+ *  2. The signature verifies against the given HMAC key.
+ *  3. The `iss` claim equals {@link DELEGATION_ISSUER}. Any other
+ *     issuer — including Auth0 issuers — is rejected as `wrong_issuer`
+ *     so that a leaked Auth0 token presented here cannot accidentally
+ *     authenticate against the delegation path.
+ *  4. The `exp` claim is in the future. jose checks this automatically
+ *     as part of `jwtVerify`; we re-map its error class to our typed
+ *     reason.
+ *  5. `sub`, `behalfOf`, and `organizationId` claims are all present
+ *     and non-empty strings. A token missing any of these cannot
+ *     successfully attach a `DelegatedAgentPrincipal` downstream, so
+ *     the verifier fails fast.
+ */
+export declare function verifyDelegationToken(token: string, key: Uint8Array): Promise<DelegationTokenPayload>;
+/**
+ * Peek at a JWT's `iss` claim without verifying the signature. Used by
+ * the auth middleware to route a bearer token to the right verifier
+ * (Auth0 vs delegation) before it knows which key to use. Returns
+ * `null` if the token is syntactically broken or the `iss` claim is
+ * absent — the caller should then fall through to its default path
+ * (currently Auth0) and let that verifier produce the real error.
+ *
+ * This is NOT authentication. Do not use the returned issuer for any
+ * authorization decision — it is entirely attacker-controlled. The
+ * only correct use is "pick which verifier to hand the token to."
+ */
+export declare function peekIssuer(token: string): string | null;
+/** Discriminant for `loadDelegationKeyFromEnv` failures. */
+export type DelegationKeyLoadErrorReason = "missing" | "malformed" | "too_short";
+/**
+ * Thrown by `loadDelegationKeyFromEnv` if the env var is missing,
+ * not valid base64, or yields a key shorter than
+ * {@link DELEGATION_KEY_MIN_BYTES}. Separate from
+ * `DelegationTokenError` because key-loading failures happen at
+ * service startup, not on the hot path — they should crash the
+ * process, not return a 4xx.
+ */
+export declare class DelegationKeyLoadError extends Error {
+    readonly reason: DelegationKeyLoadErrorReason;
+    constructor(reason: DelegationKeyLoadErrorReason, detail: string);
+}
+/**
+ * Read the HMAC key from `INTELLIGENCE_DELEGATION_JWT_KEY`, base64-
+ * decode it, and return the decoded bytes. Call this once at service
+ * startup; cache the result and pass it into every mint/verify call.
+ *
+ * Takes an optional `env` record to make tests hermetic — production
+ * callers pass nothing and get `process.env`.
+ */
+export declare function loadDelegationKeyFromEnv(env?: NodeJS.ProcessEnv): Uint8Array;
+//# sourceMappingURL=delegation-jwt.d.ts.map

package/dist/auth/delegation-jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation-jwt.d.ts","sourceRoot":"","sources":["../../src/auth/delegation-jwt.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,uEAAuE;AACvE,eAAO,MAAM,iBAAiB,uBAAuB,CAAC;AAEtD,wEAAwE;AACxE,eAAO,MAAM,oBAAoB,UAAU,CAAC;AAE5C,wDAAwD;AACxD,eAAO,MAAM,sBAAsB,QAAU,CAAC;AAE9C,wEAAwE;AACxE,eAAO,MAAM,wBAAwB,KAAK,CAAC;AAE3C;;;;;;;;;GASG;AACH,MAAM,WAAW,sBAAsB;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,mDAAmD;AACnD,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,2EAA2E;AAC3E,MAAM,MAAM,0BAA0B,GAClC,WAAW,GACX,eAAe,GACf,SAAS,GACT,cAAc,GACd,eAAe,CAAC;AAEpB;;;;;;GAMG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,QAAQ,CAAC,MAAM,EAAE,0BAA0B,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBAEZ,MAAM,EAAE,0BAA0B,EAAE,MAAM,EAAE,MAAM;CAM/D;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,uBAAuB,EAC7B,GAAG,EAAE,UAAU,GACd,OAAO,CAAC,MAAM,CAAC,CAcjB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,UAAU,GACd,OAAO,CAAC,sBAAsB,CAAC,CA6DjC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAYvD;AAED,4DAA4D;AAC5D,MAAM,MAAM,4BAA4B,GAAG,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC;AAEjF;;;;;;;GAOG;AACH,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,QAAQ,CAAC,MAAM,EAAE,4BAA4B,CAAC;gBAElC,MAAM,EAAE,4BAA4B,EAAE,MAAM,EAAE,MAAM;CAKjE;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,UAAU,CA+BZ"}

package/dist/auth/delegation-jwt.js

@@ -0,0 +1,237 @@
+import { SignJWT, jwtVerify, errors as joseErrors } from "jose";
+/**
+ * In-process delegation JWT helpers (Phase 1d).
+ *
+ * Phase 1d replaces the original RFC 8693 Token Exchange plan with
+ * in-process delegation tokens — decision `e2f847e2`. When a user spawns
+ * an agent run, the API mints a short-lived JWT whose payload names the
+ * `AgentRun`, the user it runs on behalf of, and the organization; the
+ * sandbox receives this token instead of the user's Apart access token
+ * and presents it on every callback. The middleware verifies the token,
+ * looks up the `AgentRun`, and reconstructs a `DelegatedAgentPrincipal`
+ * whose ability is the captured snapshot from `AgentRun.captured_ability`
+ * (the Phase 1c column).
+ *
+ * Design notes
+ * ------------
+ * - **HS256 HMAC**, not RSA. The signer and the verifier are the same
+ *   process (the intelligence-api backend). There are no third-party
+ *   verifiers, so a symmetric key is the simplest correct shape and
+ *   avoids any public-key distribution story.
+ * - **Key material** is a 32-byte random value, base64-encoded, stored
+ *   in GCP Secret Manager as `intelligence-api-{env}-delegation-jwt-key`.
+ *   See `docs/runbooks/auth0-tenant-provisioning.md` for the rotation
+ *   procedure. The helpers here take the decoded key as a `Uint8Array`
+ *   argument; `loadDelegationKeyFromEnv` handles the env-var boundary.
+ * - **Issuer claim** distinguishes delegation tokens from Auth0 tokens
+ *   in the middleware. Auth0 issuers are `https://apart-next-*.eu.auth0.com/`
+ *   (URL-shaped); the delegation issuer is the bare string
+ *   `apart-intelligence` — the middleware can decode the JWT header/
+ *   payload without verifying to route a request to the right verifier.
+ * - **TTL is 15 minutes**, matching the spec's "short-lived" guidance.
+ *   A sandbox callback that arrives more than 15 minutes after spawn
+ *   gets a fresh token via the refresh-on-callback flow (see the Phase
+ *   1d user story `ed8fcc68`).
+ * - **No condition on `aud`.** A delegation token is only ever sent to
+ *   the intelligence-api and only ever verified by the intelligence-api;
+ *   an audience claim adds nothing a process-local HMAC key does not
+ *   already give us. `iss` is the one claim the middleware inspects to
+ *   route between Auth0 and delegation.
+ */
+/** The fixed issuer claim for delegation tokens. Checked on verify. */
+export const DELEGATION_ISSUER = "apart-intelligence";
+/** The fixed signing algorithm. HS256 matches the HMAC key material. */
+export const DELEGATION_ALGORITHM = "HS256";
+/** Delegation token lifetime in seconds. 15 minutes. */
+export const DELEGATION_TTL_SECONDS = 15 * 60;
+/** The minimum acceptable key length, in bytes, after base64 decode. */
+export const DELEGATION_KEY_MIN_BYTES = 32;
+/**
+ * Thrown by `verifyDelegationToken` on any verification failure. The
+ * `reason` discriminant lets the middleware map failures to the right
+ * HTTP status (401 for signature/expiry/issuer, 400 for malformed) and
+ * the right audit-event classification without having to parse error
+ * messages.
+ */
+export class DelegationTokenError extends Error {
+    reason;
+    detail;
+    constructor(reason, detail) {
+        super(`delegation token ${reason}: ${detail}`);
+        this.name = "DelegationTokenError";
+        this.reason = reason;
+        this.detail = detail;
+    }
+}
+/**
+ * Mint a signed delegation token. Pure function: takes the claims and
+ * the key, returns the compact-serialization JWT string. Never touches
+ * the filesystem, the network, or the database.
+ *
+ * The caller is responsible for persisting the `AgentRun` row and its
+ * `captured_ability` before minting — if the token lands in the
+ * sandbox before the `AgentRun` row is visible to a concurrent
+ * middleware verification, the verifier will see a token whose `sub`
+ * is not in the DB and must reject with the appropriate error. That
+ * ordering belongs to the spawn path, not here.
+ */
+export async function mintDelegationToken(args, key) {
+    const ttl = args.ttlSeconds ?? DELEGATION_TTL_SECONDS;
+    const now = args.nowSeconds ?? Math.floor(Date.now() / 1000);
+    return await new SignJWT({
+        behalfOf: args.userId,
+        organizationId: args.organizationId,
+    })
+        .setProtectedHeader({ alg: DELEGATION_ALGORITHM, typ: "JWT" })
+        .setIssuer(DELEGATION_ISSUER)
+        .setSubject(args.agentRunId)
+        .setIssuedAt(now)
+        .setExpirationTime(now + ttl)
+        .sign(key);
+}
+/**
+ * Verify a delegation token string against the given key. Returns the
+ * decoded payload or throws a `DelegationTokenError` with a typed
+ * reason. Never touches the filesystem, the network, or the database.
+ *
+ * Verification checks, in order:
+ *  1. The token is a syntactically valid JWS compact serialization.
+ *  2. The signature verifies against the given HMAC key.
+ *  3. The `iss` claim equals {@link DELEGATION_ISSUER}. Any other
+ *     issuer — including Auth0 issuers — is rejected as `wrong_issuer`
+ *     so that a leaked Auth0 token presented here cannot accidentally
+ *     authenticate against the delegation path.
+ *  4. The `exp` claim is in the future. jose checks this automatically
+ *     as part of `jwtVerify`; we re-map its error class to our typed
+ *     reason.
+ *  5. `sub`, `behalfOf`, and `organizationId` claims are all present
+ *     and non-empty strings. A token missing any of these cannot
+ *     successfully attach a `DelegatedAgentPrincipal` downstream, so
+ *     the verifier fails fast.
+ */
+export async function verifyDelegationToken(token, key) {
+    let payload;
+    try {
+        const result = await jwtVerify(token, key, {
+            issuer: DELEGATION_ISSUER,
+            algorithms: [DELEGATION_ALGORITHM],
+        });
+        payload = result.payload;
+    }
+    catch (err) {
+        if (err instanceof joseErrors.JWTExpired) {
+            throw new DelegationTokenError("expired", err.message);
+        }
+        if (err instanceof joseErrors.JWTClaimValidationFailed) {
+            // jose throws this for issuer mismatch. Map to wrong_issuer so
+            // the caller gets the useful signal even though the library
+            // class is generic.
+            if (err.claim === "iss") {
+                throw new DelegationTokenError("wrong_issuer", err.message);
+            }
+            throw new DelegationTokenError("missing_claim", err.message);
+        }
+        if (err instanceof joseErrors.JWSSignatureVerificationFailed) {
+            throw new DelegationTokenError("bad_signature", err.message);
+        }
+        if (err instanceof joseErrors.JWSInvalid || err instanceof joseErrors.JWTInvalid) {
+            throw new DelegationTokenError("malformed", err.message);
+        }
+        // Unknown jose error — treat as malformed. Downstream sees a 4xx
+        // rather than a 5xx for anything we didn't explicitly classify.
+        throw new DelegationTokenError("malformed", err instanceof Error ? err.message : String(err));
+    }
+    const sub = payload.sub;
+    const behalfOf = payload.behalfOf;
+    const organizationId = payload.organizationId;
+    const iat = payload.iat;
+    const exp = payload.exp;
+    if (typeof sub !== "string" || sub.length === 0) {
+        throw new DelegationTokenError("missing_claim", "sub is missing or empty");
+    }
+    if (typeof behalfOf !== "string" || behalfOf.length === 0) {
+        throw new DelegationTokenError("missing_claim", "behalfOf is missing or empty");
+    }
+    if (typeof organizationId !== "string" || organizationId.length === 0) {
+        throw new DelegationTokenError("missing_claim", "organizationId is missing or empty");
+    }
+    if (typeof iat !== "number") {
+        throw new DelegationTokenError("missing_claim", "iat is missing");
+    }
+    if (typeof exp !== "number") {
+        throw new DelegationTokenError("missing_claim", "exp is missing");
+    }
+    return { sub, behalfOf, organizationId, iat, exp };
+}
+/**
+ * Peek at a JWT's `iss` claim without verifying the signature. Used by
+ * the auth middleware to route a bearer token to the right verifier
+ * (Auth0 vs delegation) before it knows which key to use. Returns
+ * `null` if the token is syntactically broken or the `iss` claim is
+ * absent — the caller should then fall through to its default path
+ * (currently Auth0) and let that verifier produce the real error.
+ *
+ * This is NOT authentication. Do not use the returned issuer for any
+ * authorization decision — it is entirely attacker-controlled. The
+ * only correct use is "pick which verifier to hand the token to."
+ */
+export function peekIssuer(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+        return null;
+    }
+    try {
+        const payloadJson = Buffer.from(parts[1], "base64url").toString("utf8");
+        const payload = JSON.parse(payloadJson);
+        return typeof payload.iss === "string" ? payload.iss : null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Thrown by `loadDelegationKeyFromEnv` if the env var is missing,
+ * not valid base64, or yields a key shorter than
+ * {@link DELEGATION_KEY_MIN_BYTES}. Separate from
+ * `DelegationTokenError` because key-loading failures happen at
+ * service startup, not on the hot path — they should crash the
+ * process, not return a 4xx.
+ */
+export class DelegationKeyLoadError extends Error {
+    reason;
+    constructor(reason, detail) {
+        super(`delegation key ${reason}: ${detail}`);
+        this.name = "DelegationKeyLoadError";
+        this.reason = reason;
+    }
+}
+/**
+ * Read the HMAC key from `INTELLIGENCE_DELEGATION_JWT_KEY`, base64-
+ * decode it, and return the decoded bytes. Call this once at service
+ * startup; cache the result and pass it into every mint/verify call.
+ *
+ * Takes an optional `env` record to make tests hermetic — production
+ * callers pass nothing and get `process.env`.
+ */
+export function loadDelegationKeyFromEnv(env = process.env) {
+    const raw = env["INTELLIGENCE_DELEGATION_JWT_KEY"];
+    if (typeof raw !== "string" || raw.length === 0) {
+        throw new DelegationKeyLoadError("missing", "INTELLIGENCE_DELEGATION_JWT_KEY is not set");
+    }
+    let decoded;
+    try {
+        decoded = Buffer.from(raw, "base64");
+    }
+    catch (err) {
+        throw new DelegationKeyLoadError("malformed", `INTELLIGENCE_DELEGATION_JWT_KEY is not valid base64: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    // Buffer.from(..., "base64") never throws on invalid input — it silently
+    // drops unrecognized characters. The length check below catches the
+    // case where the env var was, e.g., an empty string, whitespace, or
+    // a few stray characters.
+    if (decoded.length < DELEGATION_KEY_MIN_BYTES) {
+        throw new DelegationKeyLoadError("too_short", `decoded key is ${decoded.length} bytes; need at least ${DELEGATION_KEY_MIN_BYTES}`);
+    }
+    return new Uint8Array(decoded);
+}
+//# sourceMappingURL=delegation-jwt.js.map

package/dist/auth/delegation-jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation-jwt.js","sourceRoot":"","sources":["../../src/auth/delegation-jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,CAAC;AAEhE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,uEAAuE;AACvE,MAAM,CAAC,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAEtD,wEAAwE;AACxE,MAAM,CAAC,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAE5C,wDAAwD;AACxD,MAAM,CAAC,MAAM,sBAAsB,GAAG,EAAE,GAAG,EAAE,CAAC;AAE9C,wEAAwE;AACxE,MAAM,CAAC,MAAM,wBAAwB,GAAG,EAAE,CAAC;AA+C3C;;;;;;GAMG;AACH,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,MAAM,CAA6B;IACnC,MAAM,CAAS;IAExB,YAAY,MAAkC,EAAE,MAAc;QAC5D,KAAK,CAAC,oBAAoB,MAAM,KAAK,MAAM,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAA6B,EAC7B,GAAe;IAEf,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,sBAAsB,CAAC;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE7D,OAAO,MAAM,IAAI,OAAO,CAAC;QACvB,QAAQ,EAAE,IAAI,CAAC,MAAM;QACrB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC;SACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,oBAAoB,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;SAC7D,SAAS,CAAC,iBAAiB,CAAC;SAC5B,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;SAC3B,WAAW,CAAC,GAAG,CAAC;SAChB,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;SAC5B,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAa,EACb,GAAe;IAEf,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE;YACzC,MAAM,EAAE,iBAAiB;YACzB,UAAU,EAAE,CAAC,oBAAoB,CAAC;SACnC,CAAC,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,OAAkC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,IAAI,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,GAAG,YAAY,UAAU,CAAC,wBAAwB,EAAE,CAAC;YACvD,+DAA+D;YAC/D,4DAA4D;YAC5D,oBAAoB;YACpB,IAAI,GAAG,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;gBACxB,MAAM,IAAI,oBAAoB,CAAC,cAAc,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,GAAG,YAAY,UAAU,CAAC,8BAA8B,EAAE,CAAC;YAC7D,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,GAAG,YAAY,UAAU,CAAC,UAAU,IAAI,GAAG,YAAY,UAAU,CAAC,UAAU,EAAE,CAAC;YACjF,MAAM,IAAI,oBAAoB,CAAC,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QACD,iEAAiE;QACjE,gEAAgE;QAChE,MAAM,IAAI,oBAAoB,CAC5B,WAAW,EACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CACjD,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAExB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,yBAAyB,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,8BAA8B,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,oBAAoB,CAC5B,eAAe,EACf,oCAAoC,CACrC,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,oBAAoB,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AACrD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAsB,CAAC;QAC7D,OAAO,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAKD;;;;;;;GAOG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IACtC,MAAM,CAA+B;IAE9C,YAAY,MAAoC,EAAE,MAAc;QAC9D,KAAK,CAAC,kBAAkB,MAAM,KAAK,MAAM,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,GAAG,GAAG,GAAG,CAAC,iCAAiC,CAAC,CAAC;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,sBAAsB,CAC9B,SAAS,EACT,4CAA4C,CAC7C,CAAC;IACJ,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,sBAAsB,CAC9B,WAAW,EACX,wDAAwD,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC3G,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,oEAAoE;IACpE,oEAAoE;IACpE,0BAA0B;IAC1B,IAAI,OAAO,CAAC,MAAM,GAAG,wBAAwB,EAAE,CAAC;QAC9C,MAAM,IAAI,sBAAsB,CAC9B,WAAW,EACX,kBAAkB,OAAO,CAAC,MAAM,yBAAyB,wBAAwB,EAAE,CACpF,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC"}

package/dist/auth/delegation-jwt.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=delegation-jwt.test.d.ts.map

package/dist/auth/delegation-jwt.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation-jwt.test.d.ts","sourceRoot":"","sources":["../../src/auth/delegation-jwt.test.ts"],"names":[],"mappings":""}