@arikajs/authorization 0.0.3 → 0.0.5

package/dist/RolePermission.js

@@ -0,0 +1,59 @@
+"use strict";
+/**
+ * Contracts for entities that have roles and permissions.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RolePermissionMixin = void 0;
+/**
+ * Mixin helper to add Role & Permission checking to any user object.
+ * Works with both string arrays and object arrays ({name: string}).
+ */
+class RolePermissionMixin {
+    /**
+     * Normalize roles/permissions to string arrays.
+     */
+    static normalize(items) {
+        if (!items)
+            return [];
+        return items.map((item) => typeof item === 'string' ? item : item.name);
+    }
+    static hasRole(user, role) {
+        const userRoles = this.normalize(user.roles);
+        if (Array.isArray(role)) {
+            return role.every(r => userRoles.includes(r));
+        }
+        return userRoles.includes(role);
+    }
+    static hasAnyRole(user, roles) {
+        const userRoles = this.normalize(user.roles);
+        return roles.some(r => userRoles.includes(r));
+    }
+    static hasAllRoles(user, roles) {
+        const userRoles = this.normalize(user.roles);
+        return roles.every(r => userRoles.includes(r));
+    }
+    static hasPermission(user, permission) {
+        // Check direct permissions
+        const userPerms = this.normalize(user.permissions);
+        if (userPerms.includes(permission))
+            return true;
+        // Check role-based permissions via a role→permissions map if user has rolePermissions
+        if (user.rolePermissions && typeof user.rolePermissions === 'object') {
+            const userRoles = this.normalize(user.roles);
+            for (const role of userRoles) {
+                const rolePerms = user.rolePermissions[role] || [];
+                if (rolePerms.includes(permission))
+                    return true;
+            }
+        }
+        return false;
+    }
+    static hasAnyPermission(user, permissions) {
+        return permissions.some(p => this.hasPermission(user, p));
+    }
+    static hasAllPermissions(user, permissions) {
+        return permissions.every(p => this.hasPermission(user, p));
+    }
+}
+exports.RolePermissionMixin = RolePermissionMixin;
+//# sourceMappingURL=RolePermission.js.map

package/dist/RolePermission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RolePermission.js","sourceRoot":"","sources":["../src/RolePermission.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAgBH;;;GAGG;AACH,MAAa,mBAAmB;IAE5B;;OAEG;IACK,MAAM,CAAC,SAAS,CAAC,KAAwB;QAC7C,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjF,CAAC;IAEM,MAAM,CAAC,OAAO,CAAC,IAAS,EAAE,IAAuB;QACpD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAEM,MAAM,CAAC,UAAU,CAAC,IAAS,EAAE,KAAe;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAEM,MAAM,CAAC,WAAW,CAAC,IAAS,EAAE,KAAe;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAEM,MAAM,CAAC,aAAa,CAAC,IAAS,EAAE,UAAkB;QACrD,2BAA2B;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnD,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAEhD,sFAAsF;QACtF,IAAI,IAAI,CAAC,eAAe,IAAI,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;YACnE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7C,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAa,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC7D,IAAI,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAAE,OAAO,IAAI,CAAC;YACpD,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,MAAM,CAAC,gBAAgB,CAAC,IAAS,EAAE,WAAqB;QAC3D,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAEM,MAAM,CAAC,iBAAiB,CAAC,IAAS,EAAE,WAAqB;QAC5D,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC;CACJ;AApDD,kDAoDC"}

package/dist/index.d.ts

@@ -1,6 +1,9 @@
 export * from './Gate';
 export * from './AuthorizationManager';
+export * from './AuthorizationContext';
+export * from './AuthResponse';
 export * from './PolicyResolver';
+export * from './RolePermission';
 export * from './Contracts/Policy';
 export * from './Exceptions/AuthorizationException';
 export * from './Middleware/Authorize';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qCAAqC,CAAC;AACpD,cAAc,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,oBAAoB,CAAC;AACnC,cAAc,qCAAqC,CAAC;AACpD,cAAc,wBAAwB,CAAC"}

package/dist/index.js

@@ -16,7 +16,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./Gate"), exports);
 __exportStar(require("./AuthorizationManager"), exports);
+__exportStar(require("./AuthorizationContext"), exports);
+__exportStar(require("./AuthResponse"), exports);
 __exportStar(require("./PolicyResolver"), exports);
+__exportStar(require("./RolePermission"), exports);
 __exportStar(require("./Contracts/Policy"), exports);
 __exportStar(require("./Exceptions/AuthorizationException"), exports);
 __exportStar(require("./Middleware/Authorize"), exports);

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,yDAAuC;AACvC,mDAAiC;AACjC,qDAAmC;AACnC,sEAAoD;AACpD,yDAAuC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,yDAAuC;AACvC,yDAAuC;AACvC,iDAA+B;AAC/B,mDAAiC;AACjC,mDAAiC;AACjC,qDAAmC;AACnC,sEAAoD;AACpD,yDAAuC"}

package/dist/src/AuthResponse.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Represents the result of an authorization check.
+ * Allows gates/policies to return custom denial messages instead of just true/false.
+ */
+export declare class AuthResponse {
+    private _allowed;
+    private _message;
+    private _code;
+    constructor(allowed: boolean, message?: string | null, code?: string | null);
+    allowed(): boolean;
+    denied(): boolean;
+    message(): string | null;
+    code(): string | null;
+    /**
+     * Create an "allow" response.
+     */
+    static allow(message?: string | null): AuthResponse;
+    /**
+     * Create a "deny" response with an optional custom message.
+     */
+    static deny(message?: string, code?: string | null): AuthResponse;
+}
+//# sourceMappingURL=AuthResponse.d.ts.map

package/dist/src/AuthResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthResponse.d.ts","sourceRoot":"","sources":["../../src/AuthResponse.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,YAAY;IACrB,OAAO,CAAC,QAAQ,CAAU;IAC1B,OAAO,CAAC,QAAQ,CAAgB;IAChC,OAAO,CAAC,KAAK,CAAgB;gBAEjB,OAAO,EAAE,OAAO,EAAE,OAAO,GAAE,MAAM,GAAG,IAAW,EAAE,IAAI,GAAE,MAAM,GAAG,IAAW;IAMhF,OAAO,IAAI,OAAO;IAIlB,MAAM,IAAI,OAAO;IAIjB,OAAO,IAAI,MAAM,GAAG,IAAI;IAIxB,IAAI,IAAI,MAAM,GAAG,IAAI;IAI5B;;OAEG;WACW,KAAK,CAAC,OAAO,GAAE,MAAM,GAAG,IAAW,GAAG,YAAY;IAIhE;;OAEG;WACW,IAAI,CAAC,OAAO,GAAE,MAAuC,EAAE,IAAI,GAAE,MAAM,GAAG,IAAW,GAAG,YAAY;CAGjH"}

package/dist/src/AuthResponse.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthResponse = void 0;
+/**
+ * Represents the result of an authorization check.
+ * Allows gates/policies to return custom denial messages instead of just true/false.
+ */
+class AuthResponse {
+    constructor(allowed, message = null, code = null) {
+        this._allowed = allowed;
+        this._message = message;
+        this._code = code;
+    }
+    allowed() {
+        return this._allowed;
+    }
+    denied() {
+        return !this._allowed;
+    }
+    message() {
+        return this._message;
+    }
+    code() {
+        return this._code;
+    }
+    /**
+     * Create an "allow" response.
+     */
+    static allow(message = null) {
+        return new AuthResponse(true, message);
+    }
+    /**
+     * Create a "deny" response with an optional custom message.
+     */
+    static deny(message = 'This action is unauthorized.', code = null) {
+        return new AuthResponse(false, message, code);
+    }
+}
+exports.AuthResponse = AuthResponse;
+//# sourceMappingURL=AuthResponse.js.map

package/dist/src/AuthResponse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthResponse.js","sourceRoot":"","sources":["../../src/AuthResponse.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,MAAa,YAAY;IAKrB,YAAY,OAAgB,EAAE,UAAyB,IAAI,EAAE,OAAsB,IAAI;QACnF,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACtB,CAAC;IAEM,OAAO;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACzB,CAAC;IAEM,MAAM;QACT,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;IAC1B,CAAC;IAEM,OAAO;QACV,OAAO,IAAI,CAAC,QAAQ,CAAC;IACzB,CAAC;IAEM,IAAI;QACP,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,UAAyB,IAAI;QAC7C,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,IAAI,CAAC,UAAkB,8BAA8B,EAAE,OAAsB,IAAI;QAC3F,OAAO,IAAI,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC;CACJ;AAxCD,oCAwCC"}

package/dist/src/AuthorizationContext.d.ts

@@ -0,0 +1,31 @@
+import { AuthResponse } from './AuthResponse';
+/**
+ * Per-request authorization context.
+ * Avoids the global mutable `Gate.currentUser` problem under concurrency.
+ * Each request gets its own `AuthorizationContext` with an isolated user reference.
+ */
+export declare class AuthorizationContext {
+    private user;
+    private cache;
+    constructor(user: any);
+    can(ability: string, ...args: any[]): Promise<boolean>;
+    cannot(ability: string, ...args: any[]): Promise<boolean>;
+    authorize(ability: string, ...args: any[]): Promise<void>;
+    inspect(ability: string, ...args: any[]): Promise<AuthResponse>;
+    any(abilities: string[], ...args: any[]): Promise<boolean>;
+    every(abilities: string[], ...args: any[]): Promise<boolean>;
+    none(abilities: string[], ...args: any[]): Promise<boolean>;
+    hasRole(role: string | string[]): boolean;
+    hasAnyRole(roles: string[]): boolean;
+    hasAllRoles(roles: string[]): boolean;
+    hasPermission(permission: string): boolean;
+    hasAnyPermission(permissions: string[]): boolean;
+    hasAllPermissions(permissions: string[]): boolean;
+    getUser(): any;
+    /**
+     * Clear the authorization cache (e.g. after role change mid-request).
+     */
+    flushCache(): void;
+    private buildCacheKey;
+}
+//# sourceMappingURL=AuthorizationContext.d.ts.map

package/dist/src/AuthorizationContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationContext.d.ts","sourceRoot":"","sources":["../../src/AuthorizationContext.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAG9C;;;;GAIG;AACH,qBAAa,oBAAoB;IAC7B,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,KAAK,CAAmC;gBAEpC,IAAI,EAAE,GAAG;IAMR,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAWtD,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzD,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAM/D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1D,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5D,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAMjE,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO;IAIzC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAIpC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAIrC,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;IAIhD,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;IAMjD,OAAO,IAAI,GAAG;IAIrB;;OAEG;IACI,UAAU,IAAI,IAAI;IAIzB,OAAO,CAAC,aAAa;CASxB"}

package/dist/src/AuthorizationContext.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationContext = void 0;
+const Gate_1 = require("./Gate");
+const RolePermission_1 = require("./RolePermission");
+/**
+ * Per-request authorization context.
+ * Avoids the global mutable `Gate.currentUser` problem under concurrency.
+ * Each request gets its own `AuthorizationContext` with an isolated user reference.
+ */
+class AuthorizationContext {
+    constructor(user) {
+        this.cache = new Map();
+        this.user = user;
+    }
+    // ── Single ability checks ───────────────────────────────────────
+    async can(ability, ...args) {
+        const cacheKey = this.buildCacheKey(ability, args);
+        if (this.cache.has(cacheKey)) {
+            return this.cache.get(cacheKey);
+        }
+        const result = await Gate_1.Gate.forUser(this.user).allows(ability, ...args);
+        this.cache.set(cacheKey, result);
+        return result;
+    }
+    async cannot(ability, ...args) {
+        return !(await this.can(ability, ...args));
+    }
+    async authorize(ability, ...args) {
+        await Gate_1.Gate.forUser(this.user).authorize(ability, ...args);
+    }
+    async inspect(ability, ...args) {
+        return await Gate_1.Gate.forUser(this.user).inspect(ability, ...args);
+    }
+    // ── Bulk ability checks ─────────────────────────────────────────
+    async any(abilities, ...args) {
+        return await Gate_1.Gate.forUser(this.user).any(abilities, ...args);
+    }
+    async every(abilities, ...args) {
+        return await Gate_1.Gate.forUser(this.user).every(abilities, ...args);
+    }
+    async none(abilities, ...args) {
+        return await Gate_1.Gate.forUser(this.user).none(abilities, ...args);
+    }
+    // ── Role & Permission checks (via mixin) ────────────────────────
+    hasRole(role) {
+        return RolePermission_1.RolePermissionMixin.hasRole(this.user, role);
+    }
+    hasAnyRole(roles) {
+        return RolePermission_1.RolePermissionMixin.hasAnyRole(this.user, roles);
+    }
+    hasAllRoles(roles) {
+        return RolePermission_1.RolePermissionMixin.hasAllRoles(this.user, roles);
+    }
+    hasPermission(permission) {
+        return RolePermission_1.RolePermissionMixin.hasPermission(this.user, permission);
+    }
+    hasAnyPermission(permissions) {
+        return RolePermission_1.RolePermissionMixin.hasAnyPermission(this.user, permissions);
+    }
+    hasAllPermissions(permissions) {
+        return RolePermission_1.RolePermissionMixin.hasAllPermissions(this.user, permissions);
+    }
+    // ── Internals ───────────────────────────────────────────────────
+    getUser() {
+        return this.user;
+    }
+    /**
+     * Clear the authorization cache (e.g. after role change mid-request).
+     */
+    flushCache() {
+        this.cache.clear();
+    }
+    buildCacheKey(ability, args) {
+        // Build a simple cache key from ability + resource IDs
+        const argIds = args.map(a => {
+            if (a && typeof a === 'object' && a.id !== undefined)
+                return `${a.constructor?.name || 'obj'}:${a.id}`;
+            if (a && typeof a === 'object' && a.constructor)
+                return a.constructor.name;
+            return String(a);
+        });
+        return `${ability}:${argIds.join(',')}`;
+    }
+}
+exports.AuthorizationContext = AuthorizationContext;
+//# sourceMappingURL=AuthorizationContext.js.map

package/dist/src/AuthorizationContext.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationContext.js","sourceRoot":"","sources":["../../src/AuthorizationContext.ts"],"names":[],"mappings":";;;AAAA,iCAA8B;AAE9B,qDAAuD;AAEvD;;;;GAIG;AACH,MAAa,oBAAoB;IAI7B,YAAY,IAAS;QAFb,UAAK,GAAyB,IAAI,GAAG,EAAE,CAAC;QAG5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACrB,CAAC;IAED,mEAAmE;IAE5D,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,GAAG,IAAW;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QACrC,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,MAAM,CAAC;IAClB,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAW;QAC/C,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAW;QAClD,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,GAAG,IAAW;QAChD,OAAO,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACnE,CAAC;IAED,mEAAmE;IAE5D,KAAK,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,IAAW;QAChD,OAAO,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IACjE,CAAC;IAEM,KAAK,CAAC,KAAK,CAAC,SAAmB,EAAE,GAAG,IAAW;QAClD,OAAO,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IACnE,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,SAAmB,EAAE,GAAG,IAAW;QACjD,OAAO,MAAM,WAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IAClE,CAAC;IAED,mEAAmE;IAE5D,OAAO,CAAC,IAAuB;QAClC,OAAO,oCAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACxD,CAAC;IAEM,UAAU,CAAC,KAAe;QAC7B,OAAO,oCAAmB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC5D,CAAC;IAEM,WAAW,CAAC,KAAe;QAC9B,OAAO,oCAAmB,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC7D,CAAC;IAEM,aAAa,CAAC,UAAkB;QACnC,OAAO,oCAAmB,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IACpE,CAAC;IAEM,gBAAgB,CAAC,WAAqB;QACzC,OAAO,oCAAmB,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,iBAAiB,CAAC,WAAqB;QAC1C,OAAO,oCAAmB,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACzE,CAAC;IAED,mEAAmE;IAE5D,OAAO;QACV,OAAO,IAAI,CAAC,IAAI,CAAC;IACrB,CAAC;IAED;;OAEG;IACI,UAAU;QACb,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,IAAW;QAC9C,uDAAuD;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;YACxB,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,EAAE,KAAK,SAAS;gBAAE,OAAO,GAAG,CAAC,CAAC,WAAW,EAAE,IAAI,IAAI,KAAK,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC;YACvG,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW;gBAAE,OAAO,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;YAC3E,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QACH,OAAO,GAAG,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IAC5C,CAAC;CACJ;AA/FD,oDA+FC"}

package/dist/src/AuthorizationManager.d.ts

@@ -0,0 +1,25 @@
+import { AuthorizationContext } from './AuthorizationContext';
+import { AuthResponse } from './AuthResponse';
+export declare class AuthorizationManager {
+    private user;
+    private context;
+    constructor(user: any);
+    /**
+     * Create a request-scoped authorization context and bind it to the request.
+     */
+    static createContext(request: any): AuthorizationContext;
+    can(ability: string, ...args: any[]): Promise<boolean>;
+    cannot(ability: string, ...args: any[]): Promise<boolean>;
+    authorize(ability: string, ...args: any[]): Promise<void>;
+    inspect(ability: string, ...args: any[]): Promise<AuthResponse>;
+    any(abilities: string[], ...args: any[]): Promise<boolean>;
+    every(abilities: string[], ...args: any[]): Promise<boolean>;
+    none(abilities: string[], ...args: any[]): Promise<boolean>;
+    hasRole(role: string | string[]): boolean;
+    hasAnyRole(roles: string[]): boolean;
+    hasAllRoles(roles: string[]): boolean;
+    hasPermission(permission: string): boolean;
+    hasAnyPermission(permissions: string[]): boolean;
+    hasAllPermissions(permissions: string[]): boolean;
+}
+//# sourceMappingURL=AuthorizationManager.d.ts.map

package/dist/src/AuthorizationManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationManager.d.ts","sourceRoot":"","sources":["../../src/AuthorizationManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,qBAAa,oBAAoB;IAC7B,OAAO,CAAC,IAAI,CAAM;IAClB,OAAO,CAAC,OAAO,CAAuB;gBAE1B,IAAI,EAAE,GAAG;IAKrB;;OAEG;WACW,aAAa,CAAC,OAAO,EAAE,GAAG,GAAG,oBAAoB;IAWlD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAItD,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzD,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1D,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5D,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAMjE,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO;IAIzC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAIpC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAIrC,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;IAIhD,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO;CAG3D"}

package/dist/src/AuthorizationManager.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationManager = void 0;
+const AuthorizationContext_1 = require("./AuthorizationContext");
+class AuthorizationManager {
+    constructor(user) {
+        this.user = user;
+        this.context = new AuthorizationContext_1.AuthorizationContext(user);
+    }
+    /**
+     * Create a request-scoped authorization context and bind it to the request.
+     */
+    static createContext(request) {
+        const user = request.user || (request.auth ? null : null);
+        const context = new AuthorizationContext_1.AuthorizationContext(user);
+        request.can = context.can.bind(context);
+        request.cannot = context.cannot.bind(context);
+        request.authorize = context.authorize.bind(context);
+        return context;
+    }
+    // ── Delegated checks ────────────────────────────────────────────
+    async can(ability, ...args) {
+        return await this.context.can(ability, ...args);
+    }
+    async cannot(ability, ...args) {
+        return await this.context.cannot(ability, ...args);
+    }
+    async authorize(ability, ...args) {
+        return await this.context.authorize(ability, ...args);
+    }
+    async inspect(ability, ...args) {
+        return await this.context.inspect(ability, ...args);
+    }
+    async any(abilities, ...args) {
+        return await this.context.any(abilities, ...args);
+    }
+    async every(abilities, ...args) {
+        return await this.context.every(abilities, ...args);
+    }
+    async none(abilities, ...args) {
+        return await this.context.none(abilities, ...args);
+    }
+    // ── Role & Permission ───────────────────────────────────────────
+    hasRole(role) {
+        return this.context.hasRole(role);
+    }
+    hasAnyRole(roles) {
+        return this.context.hasAnyRole(roles);
+    }
+    hasAllRoles(roles) {
+        return this.context.hasAllRoles(roles);
+    }
+    hasPermission(permission) {
+        return this.context.hasPermission(permission);
+    }
+    hasAnyPermission(permissions) {
+        return this.context.hasAnyPermission(permissions);
+    }
+    hasAllPermissions(permissions) {
+        return this.context.hasAllPermissions(permissions);
+    }
+}
+exports.AuthorizationManager = AuthorizationManager;
+//# sourceMappingURL=AuthorizationManager.js.map

package/dist/src/AuthorizationManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationManager.js","sourceRoot":"","sources":["../../src/AuthorizationManager.ts"],"names":[],"mappings":";;;AAAA,iEAA8D;AAG9D,MAAa,oBAAoB;IAI7B,YAAY,IAAS;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,IAAI,2CAAoB,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,aAAa,CAAC,OAAY;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,IAAI,2CAAoB,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,mEAAmE;IAE5D,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,GAAG,IAAW;QAC5C,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACpD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAW;QAC/C,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACvD,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAW;QAClD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1D,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,GAAG,IAAW;QAChD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,IAAW;QAChD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IACtD,CAAC;IAEM,KAAK,CAAC,KAAK,CAAC,SAAmB,EAAE,GAAG,IAAW;QAClD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IACxD,CAAC;IAEM,KAAK,CAAC,IAAI,CAAC,SAAmB,EAAE,GAAG,IAAW;QACjD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,CAAC,CAAC;IACvD,CAAC;IAED,mEAAmE;IAE5D,OAAO,CAAC,IAAuB;QAClC,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAEM,UAAU,CAAC,KAAe;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAEM,WAAW,CAAC,KAAe;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAEM,aAAa,CAAC,UAAkB;QACnC,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAClD,CAAC;IAEM,gBAAgB,CAAC,WAAqB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;IACtD,CAAC;IAEM,iBAAiB,CAAC,WAAqB;QAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACvD,CAAC;CACJ;AA5ED,oDA4EC"}

package/dist/src/Contracts/Policy.d.ts

@@ -0,0 +1,4 @@
+export interface Policy {
+    [method: string]: ((user: any, ...args: any[]) => boolean | Promise<boolean>) | any;
+}
+//# sourceMappingURL=Policy.d.ts.map

package/dist/src/Contracts/Policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Policy.d.ts","sourceRoot":"","sources":["../../../src/Contracts/Policy.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,MAAM;IACnB,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,GAAG,CAAC;CACvF"}

package/dist/src/Contracts/Policy.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=Policy.js.map

package/dist/src/Contracts/Policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Policy.js","sourceRoot":"","sources":["../../../src/Contracts/Policy.ts"],"names":[],"mappings":""}

package/dist/src/Exceptions/AuthorizationException.d.ts

@@ -0,0 +1,6 @@
+export declare class AuthorizationException extends Error {
+    statusCode: number;
+    code: string | null;
+    constructor(message?: string, code?: string | null);
+}
+//# sourceMappingURL=AuthorizationException.d.ts.map

package/dist/src/Exceptions/AuthorizationException.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationException.d.ts","sourceRoot":"","sources":["../../../src/Exceptions/AuthorizationException.ts"],"names":[],"mappings":"AAAA,qBAAa,sBAAuB,SAAQ,KAAK;IACtC,UAAU,EAAE,MAAM,CAAO;IACzB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;gBAEf,OAAO,GAAE,MAAuC,EAAE,IAAI,GAAE,MAAM,GAAG,IAAW;CAK3F"}

package/dist/src/Exceptions/AuthorizationException.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationException = void 0;
+class AuthorizationException extends Error {
+    constructor(message = 'This action is unauthorized.', code = null) {
+        super(message);
+        this.statusCode = 403;
+        this.name = 'AuthorizationException';
+        this.code = code;
+    }
+}
+exports.AuthorizationException = AuthorizationException;
+//# sourceMappingURL=AuthorizationException.js.map

package/dist/src/Exceptions/AuthorizationException.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthorizationException.js","sourceRoot":"","sources":["../../../src/Exceptions/AuthorizationException.ts"],"names":[],"mappings":";;;AAAA,MAAa,sBAAuB,SAAQ,KAAK;IAI7C,YAAY,UAAkB,8BAA8B,EAAE,OAAsB,IAAI;QACpF,KAAK,CAAC,OAAO,CAAC,CAAC;QAJZ,eAAU,GAAW,GAAG,CAAC;QAK5B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACrB,CAAC;CACJ;AATD,wDASC"}

package/dist/src/Gate.d.ts

@@ -0,0 +1,76 @@
+import { AuthResponse } from './AuthResponse';
+type GateCallback = (user: any, ...args: any[]) => boolean | AuthResponse | Promise<boolean | AuthResponse>;
+type BeforeCallback = (user: any, ability: string, ...args: any[]) => boolean | null | undefined | Promise<boolean | null | undefined>;
+type AfterCallback = (user: any, ability: string, result: boolean, ...args: any[]) => void | Promise<void>;
+export declare class Gate {
+    private static abilities;
+    private static policyResolver;
+    private static beforeCallbacks;
+    private static afterCallbacks;
+    private static currentUser;
+    /**
+     * Define a new ability.
+     */
+    static define(ability: string, callback: GateCallback): void;
+    /**
+     * Register a policy for a model.
+     */
+    static policy(model: any, policy: any): void;
+    /**
+     * Register a callback to run before all gate checks.
+     * Return `true` to allow immediately (super admin bypass).
+     * Return `false` to deny immediately.
+     * Return `null`/`undefined` to continue to the actual gate check.
+     */
+    static before(callback: BeforeCallback): void;
+    /**
+     * Register a callback to run after all gate checks.
+     * Useful for logging, auditing decisions, etc.
+     */
+    static after(callback: AfterCallback): void;
+    /**
+     * Set the current user for authorization checks.
+     */
+    static forUser(user: any): typeof Gate;
+    /**
+     * Determine if the user is authorized for an ability.
+     * Returns the AuthResponse for rich deny messages.
+     */
+    static inspect(ability: string, ...args: any[]): Promise<AuthResponse>;
+    /**
+     * Determine if the user is authorized to perform an ability.
+     */
+    static allows(ability: string, ...args: any[]): Promise<boolean>;
+    /**
+     * Determine if the user is NOT authorized.
+     */
+    static denies(ability: string, ...args: any[]): Promise<boolean>;
+    /**
+     * Authorize or throw exception with optional custom message.
+     */
+    static authorize(ability: string, ...args: any[]): Promise<void>;
+    /**
+     * Check authorization (alias for allows).
+     */
+    static check(ability: string, ...args: any[]): Promise<boolean>;
+    /**
+     * Check if the user can perform ANY of the given abilities.
+     */
+    static any(abilities: string[], ...args: any[]): Promise<boolean>;
+    /**
+     * Check if the user can perform ALL of the given abilities.
+     */
+    static every(abilities: string[], ...args: any[]): Promise<boolean>;
+    /**
+     * Check if the user can perform NONE of the given abilities.
+     */
+    static none(abilities: string[], ...args: any[]): Promise<boolean>;
+    private static normalizeResult;
+    private static runAfterCallbacks;
+    /**
+     * Reset all gates, policies, and hooks (useful for testing).
+     */
+    static reset(): void;
+}
+export {};
+//# sourceMappingURL=Gate.d.ts.map

package/dist/src/Gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Gate.d.ts","sourceRoot":"","sources":["../../src/Gate.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,KAAK,YAAY,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,GAAG,YAAY,GAAG,OAAO,CAAC,OAAO,GAAG,YAAY,CAAC,CAAC;AAC5G,KAAK,cAAc,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;AACvI,KAAK,aAAa,GAAG,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE3G,qBAAa,IAAI;IACb,OAAO,CAAC,MAAM,CAAC,SAAS,CAAwC;IAChE,OAAO,CAAC,MAAM,CAAC,cAAc,CAAwC;IACrE,OAAO,CAAC,MAAM,CAAC,eAAe,CAAwB;IACtD,OAAO,CAAC,MAAM,CAAC,cAAc,CAAuB;IACpD,OAAO,CAAC,MAAM,CAAC,WAAW,CAAa;IAIvC;;OAEG;WACW,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,IAAI;IAInE;;OAEG;WACW,MAAM,CAAC,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,GAAG,IAAI;IAMnD;;;;;OAKG;WACW,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI;IAIpD;;;OAGG;WACW,KAAK,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI;IAMlD;;OAEG;WACW,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,IAAI;IAO7C;;;OAGG;WACiB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAkDnF;;OAEG;WACiB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7E;;OAEG;WACiB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI7E;;OAEG;WACiB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAO7E;;OAEG;WACiB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAM5E;;OAEG;WACiB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAS9E;;OAEG;WACiB,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAShF;;OAEG;WACiB,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAW/E,OAAO,CAAC,MAAM,CAAC,eAAe;mBAOT,iBAAiB;IAMtC;;OAEG;WACW,KAAK,IAAI,IAAI;CAO9B"}