@archlast/server 0.0.1

package/dist/auth/better-auth-instance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"better-auth-instance.d.ts","sourceRoot":"","sources":["../../src/auth/better-auth-instance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACtC;;OAEG;IACH,EAAE,EAAE,eAAe,CAAC;IAEpB;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;OAEG;IACH,QAAQ,CAAC,EAAE;QACP;;WAEG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC;QAEtB;;WAEG;QACH,UAAU,CAAC,EAAE,MAAM,MAAM,CAAC;QAE1B;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QAEtB;;WAEG;QACH,qBAAqB,CAAC,EAAE;YACpB,OAAO,EAAE,OAAO,CAAC;YACjB,MAAM,CAAC,EAAE,MAAM,CAAC;SACnB,CAAC;KACL,CAAC;IAEF;;OAEG;IACH,SAAS,CAAC,EAAE;QACR;;WAEG;QACH,GAAG,EAAE,MAAM,CAAC;QAEZ;;WAEG;QACH,MAAM,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF;;OAEG;IACH,OAAO,CAAC,EAAE;QACN;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAC;QAEnB;;WAEG;QACH,SAAS,CAAC,EAAE,MAAM,CAAC;QAEnB;;WAEG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF;;OAEG;IACH,OAAO,CAAC,EAAE;QACN;;WAEG;QACH,cAAc,CAAC,EAAE;YACb,OAAO,EAAE,OAAO,CAAC;YACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;SAC/B,CAAC;QAEF;;WAEG;QACH,eAAe,CAAC,EAAE;YACd,OAAO,EAAE,OAAO,CAAC;YACjB,6BAA6B,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;SAClF,CAAC;KACL,CAAC;IAEF;;OAEG;IACH,MAAM,CAAC,EAAE;QACL;;WAEG;QACH,aAAa,CAAC,EAAE,MAAM,CAAC;QAEvB;;WAEG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC;QAEtB;;WAEG;QACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAE3B;;WAEG;QACH,cAAc,CAAC,EAAE,OAAO,CAAC;QAEzB;;WAEG;QACH,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAEjC;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QAEtB;;WAEG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC;QAEtB;;WAEG;QACH,SAAS,CAAC,EAAE;YACR,OAAO,CAAC,EAAE,OAAO,CAAC;YAClB,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB,WAAW,CAAC,EAAE,MAAM,CAAC;SACxB,CAAC;QAEF;;WAEG;QACH,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;KAClC,CAAC;CACL;AAyDD;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,WAAW,EAAE,yBAAyB;;;;oBA8BnB,GAAG;;;;;;;;;;;2BAvNpC,MAAM;;;qBAWZ,OAAO;qBACP,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCA3CJ,CAAC;;;;;;;;;yCAeL,CAAC;;;;;;;;;;;;;;;yCAoBX,CAAA;yCAIA,CAAH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAkJE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBA+MwC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBA2B1B,CAAxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAgBm9B,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCA5V1/B,CAAJ;;;mDAQe,CAAC;4CAEF,CAAC;;;;;;;yCAWH,CAAC;;;;;;;;;;;;qCAgBT,CAAL;;;mDASK,CAAD;4CACC,CAAC;sCAMF,CAHD,CAAC;;uCAEG;6CAD+B,CAAC;;oCAInC;;uCAEG;oCACH,CAHR,CAAQ;;uCAEG;yCADkB,CAAC;iDAEb,CAAC;wCAEN,CAAH;yCACU,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBA2JO,CAAC;;;;;;;;;;;;;;;;6BAAD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAvHmD,CAAC;;;;;;;;;;;;;;gCAcrB,CAAC;uCAEjD,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAgNiF,CAAC;qCAC1D,CAAC;;;;;;;;;iCAMJ,CAAf;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAoBspW,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAi5D,CAAC;qCAAkD,CAAC;;;;;;;;;iCAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BA7Ctpb,GAAG;;;;GAuC1C;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,UAAU,CAAC,OAAO,wBAAwB,CAAC,CAAC"}

package/dist/auth/better-auth-instance.js

@@ -0,0 +1,251 @@
+"use strict";
+/**
+ * Better-Auth Instance Configuration
+ *
+ * This file creates and exports the Better-Auth instance with all plugins configured.
+ * It includes:
+ * - Email and password authentication
+ * - Admin plugin (user management, roles, bans, impersonation)
+ * - Username plugin (username-based sign-in)
+ * - Anonymous plugin (guest users)
+ * - API Key plugin (API key management and authentication)
+ * - Organization plugin (multi-tenancy support)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createBetterAuthInstance = createBetterAuthInstance;
+const better_auth_1 = require("better-auth");
+const plugins_1 = require("better-auth/plugins");
+/**
+ * Default Better-Auth options
+ */
+const defaultOptions = {
+    baseURL: process.env.APP_URL || "http://localhost:3000",
+    secret: process.env.BETTER_AUTH_SECRET || "better-auth-secret-change-in-production",
+    advanced: {
+        cookiePrefix: "better-auth",
+        crossSubDomainCookies: {
+            enabled: false,
+        },
+    },
+    session: {
+        expiresIn: 30 * 24 * 60 * 60, // 30 days in seconds
+        updateAge: 24 * 60 * 60, // 1 day in seconds
+        freshAge: 5 * 60, // 5 minutes in seconds
+    },
+    rateLimit: {
+        max: 100,
+        window: 60 * 1000, // 1 minute
+    },
+};
+/**
+ * Merge user options with defaults
+ */
+function mergeOptions(userOptions) {
+    return {
+        ...defaultOptions,
+        ...userOptions,
+        advanced: {
+            ...defaultOptions.advanced,
+            ...userOptions.advanced,
+        },
+        session: {
+            ...defaultOptions.session,
+            ...userOptions.session,
+        },
+        rateLimit: {
+            max: userOptions.rateLimit?.max ?? defaultOptions.rateLimit.max,
+            window: userOptions.rateLimit?.window ?? defaultOptions.rateLimit.window,
+        },
+        // Default to allowing common development origins
+        allowedOrigins: userOptions.allowedOrigins ?? [
+            "http://localhost:3000",
+            "http://localhost:3001",
+            "http://localhost:4001",
+            "http://127.0.0.1:3000",
+            "http://127.0.0.1:3001",
+            "http://127.0.0.1:4001",
+            // Add more origins as needed for production
+        ],
+    };
+}
+/**
+ * Create a Better-Auth instance with Archlast adapter and plugins
+ */
+function createBetterAuthInstance(userOptions) {
+    const options = mergeOptions(userOptions);
+    if (process.env.NODE_ENV === "production" && !process.env.BETTER_AUTH_SECRET) {
+        throw new Error("[Better-Auth] CRITICAL: BETTER_AUTH_SECRET environment variable must be set in production.\n" +
+            "Generate a secure secret using: openssl rand -base64 32");
+    }
+    // Import the adapter factory
+    const { archlastBetterAuthAdapter } = require("./better-auth-adapter.js");
+    // Enable debug logs in development or when explicitly requested
+    const debugLogs = process.env.BETTER_AUTH_DEBUG === "true" || process.env.NODE_ENV === "development";
+    // Create the adapter instance by calling the factory
+    const adapterInstance = archlastBetterAuthAdapter(options.db, { debugLogs });
+    // Create the auth instance
+    const auth = (0, better_auth_1.betterAuth)({
+        // Pass the instantiated adapter (not the factory)
+        database: adapterInstance,
+        // Base configuration
+        baseURL: options.baseURL,
+        secret: options.secret,
+        // Trusted origins for CORS (array of origins or true for all)
+        trustedOrigins: (options.allowedOrigins ?? true),
+        // Email and password authentication
+        emailAndPassword: {
+            enabled: true,
+            requireEmailVerification: options.requireEmailVerification ?? process.env.NODE_ENV === "production",
+            // Password reset is handled by the admin plugin
+            sendResetPassword: async ({ user, url, token }) => {
+                // Email service integration for password reset
+                console.log("[Better-Auth] Password reset requested for:", user.email);
+                // TODO: Integrate email service to send reset emails
+                // Example:
+                // const emailService = globalContainer.resolve<EmailService>('EmailService');
+                // await emailService.sendPasswordReset({
+                //     to: user.email,
+                //     resetUrl: url,
+                //     userName: user.name || user.email,
+                // });
+            },
+        },
+        // Advanced options
+        advanced: {
+            generateId: options.advanced?.generateId,
+            cookiePrefix: options.advanced?.cookiePrefix ?? "better-auth",
+            crossSubDomainCookies: options.advanced?.crossSubDomainCookies,
+        },
+        // Session configuration
+        session: {
+            expiresIn: options.session?.expiresIn,
+            updateAge: options.session?.updateAge,
+            freshAge: options.session?.freshAge,
+            cookieCache: {
+                enabled: true,
+                maxAge: 5 * 60, // 5 minutes
+            },
+        },
+        // Rate limiting
+        rateLimit: options.rateLimit
+            ? {
+                window: options.rateLimit.window,
+                max: options.rateLimit.max,
+            }
+            : undefined,
+        // Social providers (can be extended)
+        socialProviders: {},
+        // Plugins
+        plugins: [
+            // Admin plugin - user management, roles, bans, impersonation
+            (0, plugins_1.admin)({
+                // Default role for new users
+                defaultRole: "user",
+                // Roles that have admin privileges
+                adminRoles: ["admin"],
+                // Allow users to delete their own accounts
+                deleteUserAccount: {
+                    enabled: options.account?.accountDeletion?.enabled ?? false,
+                    sendDeleteAccountConfirmation: async () => {
+                        console.log("[Better-Auth] Delete account confirmation requested");
+                    },
+                },
+            }),
+            // Username plugin - username-based sign-in
+            (0, plugins_1.username)({
+                // Minimum username length
+                minUsernameLength: 3,
+                // Maximum username length
+                maxUsernameLength: 32,
+            }),
+            // Anonymous plugin - guest users
+            (0, plugins_1.anonymous)({
+                // Called when an anonymous user links to a real account
+                onLinkAccount: async () => {
+                    console.log("[Better-Auth] Anonymous account linked");
+                    // Transfer data from anonymous user to new user if needed
+                },
+            }),
+            // Organization plugin - multi-tenancy support
+            (0, plugins_1.organization)({
+                // Allow users to create their own organizations
+                allowUserToCreateOrganization: true,
+                // The role assigned to the organization creator
+                creatorRole: "owner",
+                // Maximum number of members per organization (0 = unlimited)
+                membershipLimit: 0,
+            }),
+            // API Key plugin - API key management and authentication
+            (0, plugins_1.apiKey)({
+                // Default prefix for API keys (recommend appending underscore)
+                defaultPrefix: "arch_",
+                // Require name for API keys
+                requireName: true,
+                // Maximum name length
+                maximumNameLength: 100,
+                // Enable metadata for storing additional info
+                enableMetadata: true,
+                // Key expiration options
+                keyExpiration: {
+                    // Default expiration: 1 year if not specified
+                    defaultExpiresIn: 365 * 24 * 60 * 60 * 1000,
+                    // Allow custom expiration times
+                    disableCustomExpiresTime: false,
+                    // Minimum: 1 day
+                    minExpiresIn: 1,
+                    // Maximum: 1 year
+                    maxExpiresIn: 365,
+                },
+                // Rate limiting for API keys
+                rateLimit: {
+                    enabled: true,
+                    timeWindow: 60 * 60 * 1000, // 1 hour
+                    maxRequests: 1000, // 1000 requests per hour
+                },
+                // Header name for API key (support both x-api-key and Authorization: Bearer)
+                apiKeyHeaders: ["x-api-key", "authorization"],
+                // Don't enable sessions from API keys (security consideration)
+                enableSessionForAPIKeys: false,
+                // Store in database by default (can be changed to secondary-storage for Redis)
+                storage: "database",
+            }),
+        ],
+        // Database hooks for first user setup
+        // Automatically promote the first registered user to super-admin
+        databaseHooks: {
+            user: {
+                create: {
+                    after: async (user) => {
+                        try {
+                            // Check if this is the first user by counting total users
+                            const { archlastBetterAuthAdapter, } = require("./better-auth-adapter.js");
+                            const adapter = archlastBetterAuthAdapter(options.db, {
+                                debugLogs: false,
+                            });
+                            // Find all users to check if this is the first one
+                            const users = await adapter.findMany({
+                                model: "user",
+                                limit: 2,
+                            });
+                            if (users.length === 1) {
+                                // First user - promote to super-admin using the adapter
+                                // Use the adapter's update method to stay within Better-Auth's abstraction
+                                await adapter.update({
+                                    model: "user",
+                                    where: [{ field: "id", value: user.id }],
+                                    update: { role: "super-admin" },
+                                });
+                                console.log(`[Better-Auth] First user ${user.email} promoted to super-admin`);
+                            }
+                        }
+                        catch (error) {
+                            console.error("[Better-Auth] Failed to promote first user:", error);
+                        }
+                    },
+                },
+            },
+        },
+    });
+    return auth;
+}
+//# sourceMappingURL=better-auth-instance.js.map

package/dist/auth/better-auth-instance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"better-auth-instance.js","sourceRoot":"","sources":["../../src/auth/better-auth-instance.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AA0OH,4DAqNC;AA7bD,6CAAyC;AACzC,iDAAuF;AA6KvF;;GAEG;AACH,MAAM,cAAc,GAAuC;IACvD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB;IACvD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,yCAAyC;IACnF,QAAQ,EAAE;QACN,YAAY,EAAE,aAAa;QAC3B,qBAAqB,EAAE;YACnB,OAAO,EAAE,KAAK;SACjB;KACJ;IACD,OAAO,EAAE;QACL,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,qBAAqB;QACnD,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,mBAAmB;QAC5C,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE,uBAAuB;KAC5C;IACD,SAAS,EAAE;QACP,GAAG,EAAE,GAAG;QACR,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,WAAW;KACjC;CACJ,CAAC;AAEF;;GAEG;AACH,SAAS,YAAY,CAAC,WAAsC;IACxD,OAAO;QACH,GAAG,cAAc;QACjB,GAAG,WAAW;QACd,QAAQ,EAAE;YACN,GAAG,cAAc,CAAC,QAAQ;YAC1B,GAAG,WAAW,CAAC,QAAQ;SAC1B;QACD,OAAO,EAAE;YACL,GAAG,cAAc,CAAC,OAAO;YACzB,GAAG,WAAW,CAAC,OAAO;SACzB;QACD,SAAS,EAAE;YACP,GAAG,EAAE,WAAW,CAAC,SAAS,EAAE,GAAG,IAAI,cAAc,CAAC,SAAU,CAAC,GAAG;YAChE,MAAM,EAAE,WAAW,CAAC,SAAS,EAAE,MAAM,IAAI,cAAc,CAAC,SAAU,CAAC,MAAM;SAC5E;QACD,iDAAiD;QACjD,cAAc,EAAE,WAAW,CAAC,cAAc,IAAI;YAC1C,uBAAuB;YACvB,uBAAuB;YACvB,uBAAuB;YACvB,uBAAuB;YACvB,uBAAuB;YACvB,uBAAuB;YACvB,4CAA4C;SAC/C;KACJ,CAAC;AACN,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CAAC,WAAsC;IAC3E,MAAM,OAAO,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAE1C,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CACX,8FAA8F;YAC1F,yDAAyD,CAChE,CAAC;IACN,CAAC;IAED,6BAA6B;IAC7B,MAAM,EAAE,yBAAyB,EAAE,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;IAE1E,gEAAgE;IAChE,MAAM,SAAS,GACX,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC;IAEvF,qDAAqD;IACrD,MAAM,eAAe,GAAG,yBAAyB,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IAE7E,2BAA2B;IAC3B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC;QACpB,kDAAkD;QAClD,QAAQ,EAAE,eAAe;QAEzB,qBAAqB;QACrB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAO;QAEvB,8DAA8D;QAC9D,cAAc,EAAE,CAAC,OAAO,CAAC,cAAc,IAAI,IAAI,CAAQ;QAEvD,oCAAoC;QACpC,gBAAgB,EAAE;YACd,OAAO,EAAE,IAAI;YACb,wBAAwB,EACpB,OAAO,CAAC,wBAAwB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7E,gDAAgD;YAChD,iBAAiB,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE;gBAC9C,+CAA+C;gBAC/C,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;gBACvE,qDAAqD;gBACrD,WAAW;gBACX,8EAA8E;gBAC9E,yCAAyC;gBACzC,sBAAsB;gBACtB,qBAAqB;gBACrB,yCAAyC;gBACzC,MAAM;YACV,CAAC;SACJ;QAED,mBAAmB;QACnB,QAAQ,EAAE;YACN,UAAU,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU;YACxC,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY,IAAI,aAAa;YAC7D,qBAAqB,EAAE,OAAO,CAAC,QAAQ,EAAE,qBAAqB;SACjE;QAED,wBAAwB;QACxB,OAAO,EAAE;YACL,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS;YACrC,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,SAAS;YACrC,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,QAAQ;YACnC,WAAW,EAAE;gBACT,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,YAAY;aAC/B;SACJ;QAED,gBAAgB;QAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YACxB,CAAC,CAAC;gBACI,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM;gBAChC,GAAG,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG;aAC7B;YACH,CAAC,CAAC,SAAS;QAEf,qCAAqC;QACrC,eAAe,EAAE,EAAE;QAEnB,UAAU;QACV,OAAO,EAAE;YACL,6DAA6D;YAC7D,IAAA,eAAK,EAAC;gBACF,6BAA6B;gBAC7B,WAAW,EAAE,MAAM;gBACnB,mCAAmC;gBACnC,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,2CAA2C;gBAC3C,iBAAiB,EAAE;oBACf,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,IAAI,KAAK;oBAC3D,6BAA6B,EAAE,KAAK,IAAI,EAAE;wBACtC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;oBACvE,CAAC;iBACJ;aACJ,CAAC;YAEF,2CAA2C;YAC3C,IAAA,kBAAQ,EAAC;gBACL,0BAA0B;gBAC1B,iBAAiB,EAAE,CAAC;gBACpB,0BAA0B;gBAC1B,iBAAiB,EAAE,EAAE;aACxB,CAAC;YAEF,iCAAiC;YACjC,IAAA,mBAAS,EAAC;gBACN,wDAAwD;gBACxD,aAAa,EAAE,KAAK,IAAI,EAAE;oBACtB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACtD,0DAA0D;gBAC9D,CAAC;aACJ,CAAC;YAEF,8CAA8C;YAC9C,IAAA,sBAAY,EAAC;gBACT,gDAAgD;gBAChD,6BAA6B,EAAE,IAAI;gBACnC,gDAAgD;gBAChD,WAAW,EAAE,OAAO;gBACpB,6DAA6D;gBAC7D,eAAe,EAAE,CAAC;aACrB,CAAC;YAEF,yDAAyD;YACzD,IAAA,gBAAM,EAAC;gBACH,+DAA+D;gBAC/D,aAAa,EAAE,OAAO;gBAEtB,4BAA4B;gBAC5B,WAAW,EAAE,IAAI;gBAEjB,sBAAsB;gBACtB,iBAAiB,EAAE,GAAG;gBAEtB,8CAA8C;gBAC9C,cAAc,EAAE,IAAI;gBAEpB,yBAAyB;gBACzB,aAAa,EAAE;oBACX,8CAA8C;oBAC9C,gBAAgB,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;oBAC3C,gCAAgC;oBAChC,wBAAwB,EAAE,KAAK;oBAC/B,iBAAiB;oBACjB,YAAY,EAAE,CAAC;oBACf,kBAAkB;oBAClB,YAAY,EAAE,GAAG;iBACpB;gBAED,6BAA6B;gBAC7B,SAAS,EAAE;oBACP,OAAO,EAAE,IAAI;oBACb,UAAU,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;oBACrC,WAAW,EAAE,IAAI,EAAE,yBAAyB;iBAC/C;gBAED,6EAA6E;gBAC7E,aAAa,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC;gBAE7C,+DAA+D;gBAC/D,uBAAuB,EAAE,KAAK;gBAE9B,+EAA+E;gBAC/E,OAAO,EAAE,UAAU;aACtB,CAAC;SACL;QAED,sCAAsC;QACtC,iEAAiE;QACjE,aAAa,EAAE;YACX,IAAI,EAAE;gBACF,MAAM,EAAE;oBACJ,KAAK,EAAE,KAAK,EAAE,IAAS,EAAE,EAAE;wBACvB,IAAI,CAAC;4BACD,0DAA0D;4BAC1D,MAAM,EACF,yBAAyB,GAC5B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;4BACxC,MAAM,OAAO,GAAG,yBAAyB,CAAC,OAAO,CAAC,EAAE,EAAE;gCAClD,SAAS,EAAE,KAAK;6BACnB,CAAC,CAAC;4BAEH,mDAAmD;4BACnD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC;gCACjC,KAAK,EAAE,MAAM;gCACb,KAAK,EAAE,CAAC;6BACX,CAAC,CAAC;4BAEH,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gCACrB,wDAAwD;gCACxD,2EAA2E;gCAC3E,MAAM,OAAO,CAAC,MAAM,CAAC;oCACjB,KAAK,EAAE,MAAM;oCACb,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;oCACxC,MAAM,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE;iCAClC,CAAC,CAAC;gCAEH,OAAO,CAAC,GAAG,CACP,4BAA4B,IAAI,CAAC,KAAK,0BAA0B,CACnE,CAAC;4BACN,CAAC;wBACL,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACb,OAAO,CAAC,KAAK,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;wBACxE,CAAC;oBACL,CAAC;iBACJ;aACJ;SACJ;KACJ,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/dist/auth/better-auth-seed.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Better-Auth User Seeding
+ *
+ * Creates initial admin users for Better-Auth using the Better-Auth internal API.
+ * This is separate from the platform admin system (ast_ tokens, sat_ tokens).
+ * Better-Auth users are for app-level authentication.
+ */
+import type { IDatabaseClient } from "../db/interfaces.js";
+import type { BetterAuthInstance } from "./better-auth-instance.js";
+/**
+ * Seed a default Better-Auth admin user using the Better-Auth instance
+ *
+ * Creates an initial admin user that can be used to log in via Better-Auth.
+ * This user can manage app-level users and organizations via the dashboard.
+ *
+ * Only runs if no Better-Auth users exist and BETTER_AUTH_ADMIN_EMAIL/PASSWORD are set.
+ *
+ * @param db Database client
+ * @param auth Better-Auth instance (optional, for API-based seeding)
+ * @returns Promise<void>
+ */
+export declare function seedBetterAuthAdminUser(db: IDatabaseClient, auth?: BetterAuthInstance): Promise<void>;
+//# sourceMappingURL=better-auth-seed.d.ts.map

package/dist/auth/better-auth-seed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"better-auth-seed.d.ts","sourceRoot":"","sources":["../../src/auth/better-auth-seed.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEpE;;;;;;;;;;;GAWG;AACH,wBAAsB,uBAAuB,CACzC,EAAE,EAAE,eAAe,EACnB,IAAI,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAwPf"}

package/dist/auth/better-auth-seed.js

@@ -0,0 +1,316 @@
+"use strict";
+/**
+ * Better-Auth User Seeding
+ *
+ * Creates initial admin users for Better-Auth using the Better-Auth internal API.
+ * This is separate from the platform admin system (ast_ tokens, sat_ tokens).
+ * Better-Auth users are for app-level authentication.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.seedBetterAuthAdminUser = seedBetterAuthAdminUser;
+const logger_js_1 = require("../logging/logger.js");
+/**
+ * Seed a default Better-Auth admin user using the Better-Auth instance
+ *
+ * Creates an initial admin user that can be used to log in via Better-Auth.
+ * This user can manage app-level users and organizations via the dashboard.
+ *
+ * Only runs if no Better-Auth users exist and BETTER_AUTH_ADMIN_EMAIL/PASSWORD are set.
+ *
+ * @param db Database client
+ * @param auth Better-Auth instance (optional, for API-based seeding)
+ * @returns Promise<void>
+ */
+async function seedBetterAuthAdminUser(db, auth) {
+    try {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Better-Auth Seed] Checking if Better-Auth admin user exists...",
+        });
+        // Check if admin users already exist (use system_auth_user - the Better-Auth adapter collection name)
+        const existingUsers = await db.query("system_auth_user").findMany();
+        // Check if any user has admin role
+        const adminUser = existingUsers?.find((u) => u.role === "admin" || u.role === "super-admin");
+        if (adminUser) {
+            // Check if admin user has a username
+            if (!adminUser.username || adminUser.username.length < 3) {
+                logger_js_1.logger.log({
+                    timestamp: Date.now(),
+                    level: "info",
+                    kind: "system",
+                    message: "[Better-Auth Seed] Admin user exists but missing username. Updating...",
+                });
+                // Update the admin user with a username
+                const username = process.env.BETTER_AUTH_ADMIN_USERNAME || "admin";
+                await db.update("system_auth_user", adminUser._id || adminUser.id, {
+                    username: username,
+                    displayUsername: username,
+                    updatedAt: Date.now(),
+                });
+                logger_js_1.logger.log({
+                    timestamp: Date.now(),
+                    level: "info",
+                    kind: "system",
+                    message: `[Better-Auth Seed] ✓ Admin user username set to: ${username}`,
+                });
+                logger_js_1.logger.log({
+                    timestamp: Date.now(),
+                    level: "info",
+                    kind: "system",
+                    message: `[Better-Auth Seed] Login credentials: username=${username}, password=<from .env>`,
+                });
+            }
+            else {
+                logger_js_1.logger.log({
+                    timestamp: Date.now(),
+                    level: "info",
+                    kind: "system",
+                    message: `[Better-Auth Seed] ✓ Admin user already exists with username: ${adminUser.username}`,
+                });
+            }
+            return;
+        }
+        // Check if ANY users exist - if so, we don't want to auto-create an admin
+        // This prevents creating an admin in a production system with existing users
+        if (existingUsers && existingUsers.length > 0) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "warn",
+                kind: "system",
+                message: "[Better-Auth Seed] Users exist but no admin found. Please create an admin user manually or delete all users to re-seed.",
+            });
+            return;
+        }
+        // Read from environment variables
+        const email = process.env.BETTER_AUTH_ADMIN_EMAIL || process.env.ARCHLAST_ADMIN_EMAIL;
+        const password = process.env.BETTER_AUTH_ADMIN_PASSWORD || process.env.ARCHLAST_ADMIN_PASSWORD;
+        const name = process.env.BETTER_AUTH_ADMIN_NAME || "Admin User";
+        // Derive username from email or use env var - required for username-based admin login
+        const username = process.env.BETTER_AUTH_ADMIN_USERNAME ||
+            (email ? email.split("@")[0] : undefined);
+        if (!email || !password) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "warn",
+                kind: "system",
+                message: "[Better-Auth Seed] Skipping seed - no BETTER_AUTH_ADMIN_EMAIL/PASSWORD set. Better-Auth users can be created via the dashboard.",
+            });
+            return;
+        }
+        // Validate username (required for admin login)
+        if (!username || username.length < 3) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "error",
+                kind: "system",
+                message: "[Better-Auth Seed] Invalid BETTER_AUTH_ADMIN_USERNAME or email. Must be at least 3 characters.",
+            });
+            return;
+        }
+        // Validate email format
+        const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+        if (!emailRegex.test(email)) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "error",
+                kind: "system",
+                message: "[Better-Auth Seed] Invalid BETTER_AUTH_ADMIN_EMAIL format.",
+            });
+            return;
+        }
+        // Validate password length
+        if (password.length < 8) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "error",
+                kind: "system",
+                message: "[Better-Auth Seed] Invalid BETTER_AUTH_ADMIN_PASSWORD. Must be at least 8 characters.",
+            });
+            return;
+        }
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Better-Auth Seed] Creating first Better-Auth admin user from environment...",
+        });
+        // If Better-Auth instance is provided, use the admin API to create the user
+        if (auth) {
+            try {
+                // Use Better-Auth's signUpUsername API which accepts both username and email
+                // This is the correct way to create users with the username plugin
+                const result = await auth.api.signUpUsername({
+                    body: {
+                        username,
+                        email,
+                        password,
+                        name,
+                    },
+                });
+                if (result && result.user) {
+                    // Set admin role using Better-Auth's admin plugin API
+                    await auth.api.admin.setRole({
+                        body: {
+                            userId: result.user.id,
+                            role: "admin",
+                        },
+                    });
+                    logger_js_1.logger.log({
+                        timestamp: Date.now(),
+                        level: "info",
+                        kind: "system",
+                        message: "[Better-Auth Seed] ✓ Better-Auth admin user created successfully via API!",
+                    });
+                    logCredentials(email, username, name, password);
+                    return;
+                }
+            }
+            catch (apiError) {
+                logger_js_1.logger.log({
+                    timestamp: Date.now(),
+                    level: "warn",
+                    kind: "system",
+                    message: "[Better-Auth Seed] API-based seeding failed, falling back to direct DB creation",
+                    context: { error: apiError instanceof Error ? apiError.message : String(apiError) },
+                });
+            }
+        }
+        // Fallback: Create user and account directly in DB
+        // This is needed when Better-Auth instance is not available during bootstrap
+        const { createId } = await import("@paralleldrive/cuid2");
+        const now = new Date();
+        // Generate IDs
+        const userId = createId();
+        const accountId = createId();
+        // Hash password using Better-Auth compatible format (bcrypt or scrypt)
+        // Better-Auth uses its own password hashing, so we need to use a compatible format
+        // For now, we'll use the Bun password hashing which is bcrypt-compatible
+        let hashedPassword;
+        try {
+            // Bun has built-in password hashing
+            hashedPassword = await Bun.password.hash(password, {
+                algorithm: "bcrypt",
+                cost: 10,
+            });
+        }
+        catch {
+            // Fallback to a simple hash if Bun password is not available
+            const crypto = await import("crypto");
+            const salt = crypto.randomBytes(16).toString("hex");
+            const hash = crypto.pbkdf2Sync(password, salt, 100000, 64, "sha512").toString("hex");
+            hashedPassword = `$pbkdf2-sha512$100000$${salt}$${hash}`;
+        }
+        // Create the user with username for username-based login
+        await db.insert("system_auth_user", {
+            _id: userId,
+            email,
+            emailVerified: true,
+            name,
+            image: null,
+            createdAt: now,
+            updatedAt: now,
+            // Better-Auth admin plugin fields
+            role: "admin",
+            banned: false,
+            banReason: null,
+            banExpires: null,
+            // Better-Auth username plugin fields - SET USERNAME for admin login
+            username: username,
+            displayUsername: username,
+            // Better-Auth anonymous plugin field
+            isAnonymous: false,
+        });
+        // Create the credential account (this is how Better-Auth stores passwords)
+        await db.insert("system_auth_account", {
+            _id: accountId,
+            userId: userId,
+            providerId: "credential",
+            accountId: userId,
+            password: hashedPassword,
+            createdAt: now,
+            updatedAt: now,
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Better-Auth Seed] ✓ Better-Auth admin user created successfully!",
+        });
+        logCredentials(email, username, name, password);
+    }
+    catch (error) {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "error",
+            kind: "system",
+            message: "Failed to seed Better-Auth admin user:",
+            context: { error },
+        });
+        throw error;
+    }
+}
+function logCredentials(email, username, name, password) {
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `[Better-Auth Seed]   Email: ${email}`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `[Better-Auth Seed]   Username: ${username}`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `[Better-Auth Seed]   Name: ${name}`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `[Better-Auth Seed]   Role: admin`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: "",
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: "Better-Auth login credentials:",
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `  Username: ${username}`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: `  Password: ${password}`,
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: "",
+    });
+    logger_js_1.logger.log({
+        timestamp: Date.now(),
+        level: "info",
+        kind: "system",
+        message: "You can now log in to the admin dashboard using username at /_archlast/admin/auth/sign-in",
+    });
+}
+//# sourceMappingURL=better-auth-seed.js.map

package/dist/auth/better-auth-seed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"better-auth-seed.js","sourceRoot":"","sources":["../../src/auth/better-auth-seed.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAkBH,0DA2PC;AA3QD,oDAA8C;AAI9C;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,uBAAuB,CACzC,EAAmB,EACnB,IAAyB;IAEzB,IAAI,CAAC;QACD,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,iEAAiE;SAC7E,CAAC,CAAC;QAEH,sGAAsG;QACtG,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEpE,mCAAmC;QACnC,MAAM,SAAS,GAAG,aAAa,EAAE,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC;QAElG,IAAI,SAAS,EAAE,CAAC;YACZ,qCAAqC;YACrC,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvD,kBAAM,CAAC,GAAG,CAAC;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,wEAAwE;iBACpF,CAAC,CAAC;gBAEH,wCAAwC;gBACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,OAAO,CAAC;gBACnE,MAAM,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,SAAS,CAAC,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE;oBAC/D,QAAQ,EAAE,QAAQ;oBAClB,eAAe,EAAE,QAAQ;oBACzB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACxB,CAAC,CAAC;gBAEH,kBAAM,CAAC,GAAG,CAAC;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,oDAAoD,QAAQ,EAAE;iBAC1E,CAAC,CAAC;gBACH,kBAAM,CAAC,GAAG,CAAC;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,kDAAkD,QAAQ,wBAAwB;iBAC9F,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,kBAAM,CAAC,GAAG,CAAC;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,iEAAiE,SAAS,CAAC,QAAQ,EAAE;iBACjG,CAAC,CAAC;YACP,CAAC;YACD,OAAO;QACX,CAAC;QAED,0EAA0E;QAC1E,6EAA6E;QAC7E,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,yHAAyH;aACrI,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,kCAAkC;QAClC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;QACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAC/F,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,YAAY,CAAC;QAChE,sFAAsF;QACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B;YACnD,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAE9C,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtB,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,QAAQ;gBACd,OAAO,EACH,iIAAiI;aACxI,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,+CAA+C;QAC/C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,gGAAgG;aAC5G,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,wBAAwB;QACxB,MAAM,UAAU,GAAG,4BAA4B,CAAC;QAChD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,4DAA4D;aACxE,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EACH,uFAAuF;aAC9F,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,8EAA8E;SAC1F,CAAC,CAAC;QAEH,4EAA4E;QAC5E,IAAI,IAAI,EAAE,CAAC;YACP,IAAI,CAAC;gBACD,6EAA6E;gBAC7E,mEAAmE;gBACnE,MAAM,MAAM,GAAG,MAAO,IAAY,CAAC,GAAG,CAAC,cAAc,CAAC;oBAClD,IAAI,EAAE;wBACF,QAAQ;wBACR,KAAK;wBACL,QAAQ;wBACR,IAAI;qBACP;iBACJ,CAAC,CAAC;gBAEH,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;oBACxB,sDAAsD;oBACtD,MAAO,IAAY,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC;wBAClC,IAAI,EAAE;4BACF,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;4BACtB,IAAI,EAAE,OAAO;yBAChB;qBACJ,CAAC,CAAC;oBAEH,kBAAM,CAAC,GAAG,CAAC;wBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;wBACrB,KAAK,EAAE,MAAM;wBACb,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,2EAA2E;qBACvF,CAAC,CAAC;oBACH,cAAc,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;oBAChD,OAAO;gBACX,CAAC;YACL,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAChB,kBAAM,CAAC,GAAG,CAAC;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,KAAK,EAAE,MAAM;oBACb,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,iFAAiF;oBAC1F,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,YAAY,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;iBACtF,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,mDAAmD;QACnD,6EAA6E;QAC7E,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;QAC1D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QAEvB,eAAe;QACf,MAAM,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,QAAQ,EAAE,CAAC;QAE7B,uEAAuE;QACvE,mFAAmF;QACnF,yEAAyE;QACzE,IAAI,cAAsB,CAAC;QAC3B,IAAI,CAAC;YACD,oCAAoC;YACpC,cAAc,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC/C,SAAS,EAAE,QAAQ;gBACnB,IAAI,EAAE,EAAE;aACX,CAAC,CAAC;QACP,CAAC;QAAC,MAAM,CAAC;YACL,6DAA6D;YAC7D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACpD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrF,cAAc,GAAG,yBAAyB,IAAI,IAAI,IAAI,EAAE,CAAC;QAC7D,CAAC;QAED,yDAAyD;QACzD,MAAM,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE;YAChC,GAAG,EAAE,MAAM;YACX,KAAK;YACL,aAAa,EAAE,IAAI;YACnB,IAAI;YACJ,KAAK,EAAE,IAAI;YACX,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,kCAAkC;YAClC,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,KAAK;YACb,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI;YAChB,oEAAoE;YACpE,QAAQ,EAAE,QAAQ;YAClB,eAAe,EAAE,QAAQ;YACzB,qCAAqC;YACrC,WAAW,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,2EAA2E;QAC3E,MAAM,EAAE,CAAC,MAAM,CAAC,qBAAqB,EAAE;YACnC,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,YAAY;YACxB,SAAS,EAAE,MAAM;YACjB,QAAQ,EAAE,cAAc;YACxB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACjB,CAAC,CAAC;QAEH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,mEAAmE;SAC/E,CAAC,CAAC;QACH,cAAc,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,wCAAwC;YACjD,OAAO,EAAE,EAAE,KAAK,EAAE;SACrB,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IAChB,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,KAAa,EAAE,QAAgB,EAAE,IAAY,EAAE,QAAgB;IACnF,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,+BAA+B,KAAK,EAAE;KAClD,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,kCAAkC,QAAQ,EAAE;KACxD,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,8BAA8B,IAAI,EAAE;KAChD,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,kCAAkC;KAC9C,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,EAAE;KACd,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,gCAAgC;KAC5C,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,eAAe,QAAQ,EAAE;KACrC,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,eAAe,QAAQ,EAAE;KACrC,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,EAAE;KACd,CAAC,CAAC;IACH,kBAAM,CAAC,GAAG,CAAC;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,KAAK,EAAE,MAAM;QACb,IAAI,EAAE,QAAQ;QACd,OAAO,EAAE,2FAA2F;KACvG,CAAC,CAAC;AACP,CAAC"}