npm - @athenaintel/react - Versions diffs - 0.9.19 → 0.9.20 - Mend

@athenaintel/react 0.9.19 → 0.9.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +57 -1
package/dist/AthenaAuthContext-B3AwLA5Z.cjs +15 -0
package/dist/AthenaAuthContext-B3AwLA5Z.cjs.map +1 -0
package/dist/AthenaAuthContext-DQsdayH2.js +16 -0
package/dist/AthenaAuthContext-DQsdayH2.js.map +1 -0
package/dist/auth.cjs +358 -0
package/dist/auth.cjs.map +1 -0
package/dist/auth.d.ts +240 -0
package/dist/auth.js +359 -0
package/dist/auth.js.map +1 -0
package/dist/index.cjs +51 -8
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +83 -1
package/dist/index.js +51 -8
package/dist/index.js.map +1 -1
package/package.json +15 -3

package/README.md CHANGED Viewed

@@ -8,6 +8,12 @@ React SDK for building AI-powered chat applications with the Athena platform.
 npm install @athenaintel/react
 ```
+If you use the PropelAuth-specific provider from `@athenaintel/react/auth`, also install:
+```bash
+npm install @propelauth/react
+```
 ## Quick Start
 ```tsx
@@ -44,10 +50,60 @@ function App() {
 </AthenaProvider>
 ```
-`config` accepts `apiKey`, `token`, `apiUrl`, `backendUrl`, `appUrl`, and `environment`. Top-level `apiKey`, `token`, `apiUrl`, `backendUrl`, `appUrl`, and `environment` props remain supported as compatibility aliases, but `config` is now the preferred API.
+`config` accepts `apiKey`, `token`, `apiUrl`, `backendUrl`, `appUrl`, `trustedParentOrigins`, and `environment`. Top-level `apiKey`, `token`, `apiUrl`, `backendUrl`, `appUrl`, and `environment` props remain supported as compatibility aliases, but `config` is now the preferred API.
 If `config.appUrl` is omitted, the provider resolves it from the parent bridge or from the matching Athena environment defaults. Known Athena staging and production `apiUrl` and `backendUrl` values automatically fall back to the corresponding frontend origin.
+Use `trustedParentOrigins` when the SDK runs inside an iframe on a private-cloud or custom parent domain and you want to explicitly allow postMessage auth/config from that parent.
+## Authentication
+### Same-origin SSO defaults
+```tsx
+import { AthenaSSOProvider } from '@athenaintel/react/auth';
+import { AthenaChat, AthenaProvider } from '@athenaintel/react';
+function App() {
+  return (
+    <AthenaSSOProvider>
+      <AthenaProvider enableThreadList>
+        <AthenaChat />
+      </AthenaProvider>
+    </AthenaSSOProvider>
+  );
+}
+```
+By default, `AthenaSSOProvider` uses same-origin SSO endpoints:
+- `/api/sso/userinfo`
+- `/api/sso/initiate`
+- `/api/sso/logout`
+This makes the SSO URLs optional when your frontend is reverse-proxied with the backend.
+### Cross-origin SSO backend
+```tsx
+import { AthenaSSOProvider } from '@athenaintel/react/auth';
+<AthenaSSOProvider ssoBaseUrl="https://api.example.com">
+  <AthenaProvider
+    config={{
+      backendUrl: 'https://api.example.com/api/assistant-ui',
+      apiUrl: 'https://sync.example.com/api/chat',
+      trustedParentOrigins: ['https://app.example.com'],
+    }}
+    enableThreadList
+  >
+    <AthenaChat />
+  </AthenaProvider>
+</AthenaSSOProvider>
+```
+If you need full control, `ssoUserInfoUrl`, `ssoLoginUrl`, and `ssoLogoutUrl` remain available as explicit overrides.
 ## Citation Links
 When you render chat inside `<AthenaLayout>`, Athena citation links (`app.athenaintel.com/dashboard/spaces?...`) now open the referenced asset in the SDK asset pane by default instead of navigating away.

package/dist/AthenaAuthContext-B3AwLA5Z.cjs ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+const React = require("react");
+const AthenaAuthContext = React.createContext(null);
+function useAthenaAuth() {
+  const ctx = React.useContext(AthenaAuthContext);
+  if (!ctx) {
+    throw new Error(
+      "[AthenaSDK] useAthenaAuth must be used within an <AthenaAuthProvider>"
+    );
+  }
+  return ctx;
+}
+exports.AthenaAuthContext = AthenaAuthContext;
+exports.useAthenaAuth = useAthenaAuth;
+//# sourceMappingURL=AthenaAuthContext-B3AwLA5Z.cjs.map

package/dist/AthenaAuthContext-B3AwLA5Z.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AthenaAuthContext-B3AwLA5Z.cjs","sources":["../src/auth/AthenaAuthContext.ts"],"sourcesContent":["import { createContext, useContext } from 'react';\nimport type { AthenaAuthState } from './types';\n\n/**\n * Internal context used by `AthenaAuthProvider` to share auth state.\n * Consumed by `useAthenaAuth()` and automatically by `AthenaProvider`.\n */\nexport const AthenaAuthContext = createContext<AthenaAuthState | null>(null);\n\n/**\n * Read the current Athena auth state.\n *\n * Must be used inside an `<AthenaAuthProvider>`.\n *\n * @example\n * ```tsx\n * function UserMenu() {\n * const { user, isLoggedIn, logout } = useAthenaAuth();\n * if (!isLoggedIn) return null;\n * return (\n * <div>\n * <span>{user?.email}</span>\n * <button onClick={() => logout()}>Log out</button>\n * </div>\n * );\n * }\n * ```\n */\nexport function useAthenaAuth(): AthenaAuthState {\n const ctx = useContext(AthenaAuthContext);\n if (!ctx) {\n throw new Error(\n '[AthenaSDK] useAthenaAuth must be used within an <AthenaAuthProvider>',\n );\n }\n return ctx;\n}\n"],"names":["createContext","useContext"],"mappings":";;AAOO,MAAM,oBAAoBA,MAAAA,cAAsC,IAAI;AAqBpE,SAAS,gBAAiC;AAC/C,QAAM,MAAMC,MAAAA,WAAW,iBAAiB;AACxC,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,SAAO;AACT;;;"}

package/dist/AthenaAuthContext-DQsdayH2.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { createContext, useContext } from "react";
+const AthenaAuthContext = createContext(null);
+function useAthenaAuth() {
+  const ctx = useContext(AthenaAuthContext);
+  if (!ctx) {
+    throw new Error(
+      "[AthenaSDK] useAthenaAuth must be used within an <AthenaAuthProvider>"
+    );
+  }
+  return ctx;
+}
+export {
+  AthenaAuthContext as A,
+  useAthenaAuth as u
+};
+//# sourceMappingURL=AthenaAuthContext-DQsdayH2.js.map

package/dist/AthenaAuthContext-DQsdayH2.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AthenaAuthContext-DQsdayH2.js","sources":["../src/auth/AthenaAuthContext.ts"],"sourcesContent":["import { createContext, useContext } from 'react';\nimport type { AthenaAuthState } from './types';\n\n/**\n * Internal context used by `AthenaAuthProvider` to share auth state.\n * Consumed by `useAthenaAuth()` and automatically by `AthenaProvider`.\n */\nexport const AthenaAuthContext = createContext<AthenaAuthState | null>(null);\n\n/**\n * Read the current Athena auth state.\n *\n * Must be used inside an `<AthenaAuthProvider>`.\n *\n * @example\n * ```tsx\n * function UserMenu() {\n * const { user, isLoggedIn, logout } = useAthenaAuth();\n * if (!isLoggedIn) return null;\n * return (\n * <div>\n * <span>{user?.email}</span>\n * <button onClick={() => logout()}>Log out</button>\n * </div>\n * );\n * }\n * ```\n */\nexport function useAthenaAuth(): AthenaAuthState {\n const ctx = useContext(AthenaAuthContext);\n if (!ctx) {\n throw new Error(\n '[AthenaSDK] useAthenaAuth must be used within an <AthenaAuthProvider>',\n );\n }\n return ctx;\n}\n"],"names":[],"mappings":";AAOO,MAAM,oBAAoB,cAAsC,IAAI;AAqBpE,SAAS,gBAAiC;AAC/C,QAAM,MAAM,WAAW,iBAAiB;AACxC,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AACA,SAAO;AACT;"}

package/dist/auth.cjs ADDED Viewed

@@ -0,0 +1,358 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const jsxRuntime = require("react/jsx-runtime");
+const react = require("@propelauth/react");
+const React = require("react");
+const AthenaAuthContext = require("./AthenaAuthContext-B3AwLA5Z.cjs");
+const ATHENA_LOCATION_CHANGE_EVENT = "athena:location-change";
+let historyPatched = false;
+function patchHistoryForLocationTracking() {
+  if (historyPatched || typeof window === "undefined") {
+    return;
+  }
+  const notifyLocationChange = () => {
+    window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));
+  };
+  const originalPushState = window.history.pushState;
+  window.history.pushState = function pushState(...args) {
+    const result = originalPushState.apply(this, args);
+    notifyLocationChange();
+    return result;
+  };
+  const originalReplaceState = window.history.replaceState;
+  window.history.replaceState = function replaceState(...args) {
+    const result = originalReplaceState.apply(this, args);
+    notifyLocationChange();
+    return result;
+  };
+  historyPatched = true;
+}
+function useCurrentHref() {
+  const [href, setHref] = React.useState(
+    typeof window !== "undefined" ? window.location.href : "/"
+  );
+  React.useEffect(() => {
+    if (typeof window === "undefined") {
+      return;
+    }
+    patchHistoryForLocationTracking();
+    const updateHref = () => {
+      setHref(window.location.href);
+    };
+    updateHref();
+    window.addEventListener("popstate", updateHref);
+    window.addEventListener("hashchange", updateHref);
+    window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);
+    return () => {
+      window.removeEventListener("popstate", updateHref);
+      window.removeEventListener("hashchange", updateHref);
+      window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);
+    };
+  }, []);
+  return href;
+}
+function AthenaAuthBridge({
+  children,
+  displayWhileLoading
+}) {
+  const authInfo = react.useAuthInfo();
+  const logoutFn = react.useLogoutFunction();
+  const authState = React.useMemo(() => {
+    var _a;
+    if (authInfo.loading) {
+      return {
+        isLoggedIn: false,
+        isLoading: true,
+        user: null,
+        accessToken: null,
+        orgs: [],
+        logout: async () => {
+        }
+      };
+    }
+    if (!authInfo.isLoggedIn) {
+      return {
+        isLoggedIn: false,
+        isLoading: false,
+        user: null,
+        accessToken: null,
+        orgs: [],
+        logout: async (redirect = true) => logoutFn(redirect)
+      };
+    }
+    const user = {
+      userId: authInfo.user.userId,
+      email: authInfo.user.email,
+      firstName: authInfo.user.firstName ?? void 0,
+      lastName: authInfo.user.lastName ?? void 0,
+      username: authInfo.user.username ?? void 0,
+      pictureUrl: authInfo.user.pictureUrl ?? void 0,
+      properties: authInfo.user.properties
+    };
+    const orgs = ((_a = authInfo.orgHelper) == null ? void 0 : _a.getOrgs().map((org) => ({
+      orgId: org.orgId,
+      orgName: org.orgName,
+      urlSafeOrgName: org.urlSafeOrgName
+    }))) ?? [];
+    return {
+      isLoggedIn: true,
+      isLoading: false,
+      user,
+      accessToken: authInfo.accessToken,
+      orgs,
+      logout: async (redirect = true) => logoutFn(redirect)
+    };
+  }, [authInfo, logoutFn]);
+  if (authState.isLoading) {
+    return /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: displayWhileLoading ?? null });
+  }
+  return /* @__PURE__ */ jsxRuntime.jsx(AthenaAuthContext.AthenaAuthContext.Provider, { value: authState, children });
+}
+function AthenaAuthProvider({
+  children,
+  authUrl,
+  postLoginRedirectUrl,
+  displayWhileLoading
+}) {
+  const currentHref = useCurrentHref();
+  const redirectUrl = postLoginRedirectUrl ?? currentHref;
+  return /* @__PURE__ */ jsxRuntime.jsx(
+    react.RequiredAuthProvider,
+    {
+      authUrl,
+      displayWhileLoading: displayWhileLoading ? /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: displayWhileLoading }) : void 0,
+      displayIfLoggedOut: /* @__PURE__ */ jsxRuntime.jsx(react.RedirectToLogin, { postLoginRedirectUrl: redirectUrl }),
+      children: /* @__PURE__ */ jsxRuntime.jsx(AthenaAuthBridge, { displayWhileLoading, children })
+    }
+  );
+}
+const DEFAULT_SSO_PATHS = {
+  userInfo: "/api/sso/userinfo",
+  login: "/api/sso/initiate",
+  logout: "/api/sso/logout"
+};
+const trimTrailingSlash = (value) => value.replace(/\/+$/, "");
+function resolveSSOUrl({
+  baseUrl,
+  overrideUrl,
+  defaultPath
+}) {
+  if (overrideUrl) {
+    return overrideUrl;
+  }
+  if (!baseUrl) {
+    return defaultPath;
+  }
+  return `${trimTrailingSlash(baseUrl)}${defaultPath}`;
+}
+function isValidSSOUserInfo(data) {
+  if (!data || typeof data !== "object") {
+    return false;
+  }
+  const candidate = data;
+  return typeof candidate.accessToken === "string" && Array.isArray(candidate.orgMemberInfos) && !!candidate.user && typeof candidate.user.user_id === "string" && typeof candidate.user.email === "string";
+}
+function mapSSOResponse(data) {
+  const user = {
+    userId: data.user.user_id,
+    email: data.user.email,
+    firstName: data.user.first_name || void 0,
+    lastName: data.user.last_name || void 0,
+    username: data.user.username || void 0,
+    pictureUrl: data.user.picture_url || void 0,
+    properties: data.user.properties
+  };
+  const orgs = data.orgMemberInfos.map((org) => ({
+    orgId: org.orgId,
+    orgName: org.orgName,
+    urlSafeOrgName: org.urlSafeOrgName
+  }));
+  return { user, orgs, accessToken: data.accessToken };
+}
+function AthenaSSOProvider({
+  children,
+  ssoBaseUrl,
+  ssoUserInfoUrl,
+  ssoLoginUrl,
+  ssoLogoutUrl,
+  displayWhileLoading,
+  displayOnError,
+  revalidateOnWindowFocus = true
+}) {
+  const [ssoData, setSSOData] = React.useState(null);
+  const [loading, setLoading] = React.useState(true);
+  const [error, setError] = React.useState(null);
+  const activeRequestRef = React.useRef(null);
+  const ssoUrls = React.useMemo(
+    () => ({
+      userInfo: resolveSSOUrl({
+        baseUrl: ssoBaseUrl,
+        overrideUrl: ssoUserInfoUrl,
+        defaultPath: DEFAULT_SSO_PATHS.userInfo
+      }),
+      login: resolveSSOUrl({
+        baseUrl: ssoBaseUrl,
+        overrideUrl: ssoLoginUrl,
+        defaultPath: DEFAULT_SSO_PATHS.login
+      }),
+      logout: resolveSSOUrl({
+        baseUrl: ssoBaseUrl,
+        overrideUrl: ssoLogoutUrl,
+        defaultPath: DEFAULT_SSO_PATHS.logout
+      })
+    }),
+    [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl]
+  );
+  const refreshSession = React.useCallback(
+    async ({ showLoading = false } = {}) => {
+      var _a;
+      (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+      const abortController = new AbortController();
+      activeRequestRef.current = abortController;
+      if (showLoading) {
+        setLoading(true);
+      }
+      try {
+        const response = await fetch(ssoUrls.userInfo, {
+          credentials: "include",
+          signal: abortController.signal
+        });
+        if (!response.ok) {
+          if (response.status === 401 || response.status === 403) {
+            setSSOData(null);
+            setError("unauthenticated");
+          } else {
+            setError("request_failed");
+          }
+          return;
+        }
+        const data = await response.json();
+        if (!isValidSSOUserInfo(data)) {
+          console.error(
+            '[AthenaSDK] Invalid SSO userinfo response: expected "user.user_id", "user.email", "orgMemberInfos", and "accessToken"'
+          );
+          setSSOData(null);
+          setError("invalid_response");
+          return;
+        }
+        setSSOData(data);
+        setError(null);
+      } catch (fetchError) {
+        if (fetchError instanceof DOMException && fetchError.name === "AbortError") {
+          return;
+        }
+        setError("request_failed");
+      } finally {
+        if (activeRequestRef.current === abortController) {
+          activeRequestRef.current = null;
+          setLoading(false);
+        }
+      }
+    },
+    [ssoUrls.userInfo]
+  );
+  React.useEffect(() => {
+    void refreshSession({ showLoading: true });
+    return () => {
+      var _a;
+      (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+    };
+  }, [refreshSession]);
+  React.useEffect(() => {
+    if (!revalidateOnWindowFocus || typeof window === "undefined") {
+      return;
+    }
+    const handleFocus = () => {
+      void refreshSession();
+    };
+    const handleVisibilityChange = () => {
+      if (document.visibilityState === "visible") {
+        void refreshSession();
+      }
+    };
+    window.addEventListener("focus", handleFocus);
+    document.addEventListener("visibilitychange", handleVisibilityChange);
+    return () => {
+      window.removeEventListener("focus", handleFocus);
+      document.removeEventListener("visibilitychange", handleVisibilityChange);
+    };
+  }, [revalidateOnWindowFocus, refreshSession]);
+  React.useEffect(() => {
+    if (!loading && error === "unauthenticated" && !displayOnError && typeof window !== "undefined") {
+      window.location.assign(ssoUrls.login);
+    }
+  }, [loading, error, displayOnError, ssoUrls.login]);
+  const logout = React.useCallback(async (redirectOnLogout = true) => {
+    var _a;
+    (_a = activeRequestRef.current) == null ? void 0 : _a.abort();
+    try {
+      await fetch(ssoUrls.logout, {
+        method: "POST",
+        credentials: "include"
+      });
+    } catch (logoutError) {
+      console.error("[AthenaSDK] Failed to invalidate SSO session during logout", logoutError);
+    }
+    setSSOData(null);
+    setError(null);
+    setLoading(false);
+    if (redirectOnLogout && typeof window !== "undefined") {
+      window.location.assign(ssoUrls.login);
+    }
+  }, [ssoUrls.login, ssoUrls.logout]);
+  const authState = React.useMemo(() => {
+    if (loading) {
+      return {
+        isLoggedIn: false,
+        isLoading: true,
+        user: null,
+        accessToken: null,
+        orgs: [],
+        logout: async () => {
+        }
+      };
+    }
+    if (error === "request_failed" && ssoData) {
+      const { user: user2, orgs: orgs2, accessToken: accessToken2 } = mapSSOResponse(ssoData);
+      return {
+        isLoggedIn: true,
+        isLoading: false,
+        user: user2,
+        accessToken: accessToken2,
+        orgs: orgs2,
+        logout
+      };
+    }
+    if (error || !ssoData) {
+      return {
+        isLoggedIn: false,
+        isLoading: false,
+        user: null,
+        accessToken: null,
+        orgs: [],
+        logout
+      };
+    }
+    const { user, orgs, accessToken } = mapSSOResponse(ssoData);
+    return {
+      isLoggedIn: true,
+      isLoading: false,
+      user,
+      accessToken,
+      orgs,
+      logout
+    };
+  }, [loading, error, ssoData, logout]);
+  if (authState.isLoading) {
+    return /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: displayWhileLoading ?? null });
+  }
+  if (!authState.isLoggedIn) {
+    return displayOnError ? /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: displayOnError }) : null;
+  }
+  return /* @__PURE__ */ jsxRuntime.jsx(AthenaAuthContext.AthenaAuthContext.Provider, { value: authState, children });
+}
+exports.AthenaAuthContext = AthenaAuthContext.AthenaAuthContext;
+exports.useAthenaAuth = AthenaAuthContext.useAthenaAuth;
+exports.AthenaAuthProvider = AthenaAuthProvider;
+exports.AthenaSSOProvider = AthenaSSOProvider;
+//# sourceMappingURL=auth.cjs.map

package/dist/auth.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.cjs","sources":["../src/auth/AthenaAuthProvider.tsx","../src/auth/AthenaSSOProvider.tsx"],"sourcesContent":["import {\n RequiredAuthProvider,\n RedirectToLogin,\n useAuthInfo,\n useLogoutFunction,\n} from '@propelauth/react';\nimport type { ReactNode } from 'react';\nimport { useEffect, useMemo, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type { AthenaAuthState, AthenaOrg, AthenaUser } from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaAuthProviderProps {\n children: ReactNode;\n\n /**\n * Your PropelAuth auth URL (e.g. `https://auth.yourdomain.com`).\n * Found in the PropelAuth dashboard under Frontend Integration.\n */\n authUrl: string;\n\n /**\n * Where to redirect after a successful login.\n * Defaults to the current page URL.\n */\n postLoginRedirectUrl?: string;\n\n /**\n * Custom element displayed while the auth state is loading.\n * Defaults to `null` (renders nothing).\n */\n displayWhileLoading?: ReactNode;\n}\n\nconst ATHENA_LOCATION_CHANGE_EVENT = 'athena:location-change';\nlet historyPatched = false;\n\nfunction patchHistoryForLocationTracking(): void {\n if (historyPatched || typeof window === 'undefined') {\n return;\n }\n\n const notifyLocationChange = () => {\n window.dispatchEvent(new Event(ATHENA_LOCATION_CHANGE_EVENT));\n };\n\n const originalPushState = window.history.pushState;\n window.history.pushState = function pushState(...args) {\n const result = originalPushState.apply(this, args);\n notifyLocationChange();\n return result;\n };\n\n const originalReplaceState = window.history.replaceState;\n window.history.replaceState = function replaceState(...args) {\n const result = originalReplaceState.apply(this, args);\n notifyLocationChange();\n return result;\n };\n\n historyPatched = true;\n}\n\nfunction useCurrentHref(): string {\n const [href, setHref] = useState(\n typeof window !== 'undefined' ? window.location.href : '/',\n );\n\n useEffect(() => {\n if (typeof window === 'undefined') {\n return;\n }\n\n patchHistoryForLocationTracking();\n\n const updateHref = () => {\n setHref(window.location.href);\n };\n\n updateHref();\n window.addEventListener('popstate', updateHref);\n window.addEventListener('hashchange', updateHref);\n window.addEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n\n return () => {\n window.removeEventListener('popstate', updateHref);\n window.removeEventListener('hashchange', updateHref);\n window.removeEventListener(ATHENA_LOCATION_CHANGE_EVENT, updateHref);\n };\n }, []);\n\n return href;\n}\n\n// ─── Internal Bridge ──────────────────────────────────────────────────\n\n/**\n * Reads PropelAuth state via hooks and maps it into the SDK's\n * `AthenaAuthState`, which is placed on `AthenaAuthContext`.\n */\nfunction AthenaAuthBridge({\n children,\n displayWhileLoading,\n}: {\n children: ReactNode;\n displayWhileLoading?: ReactNode;\n}) {\n const authInfo = useAuthInfo();\n const logoutFn = useLogoutFunction();\n\n const authState: AthenaAuthState = useMemo(() => {\n if (authInfo.loading) {\n return {\n isLoggedIn: false,\n isLoading: true,\n user: null,\n accessToken: null,\n orgs: [],\n logout: async () => {},\n };\n }\n\n if (!authInfo.isLoggedIn) {\n return {\n isLoggedIn: false,\n isLoading: false,\n user: null,\n accessToken: null,\n orgs: [],\n logout: async (redirect = true) => logoutFn(redirect),\n };\n }\n\n const user: AthenaUser = {\n userId: authInfo.user.userId,\n email: authInfo.user.email,\n firstName: authInfo.user.firstName ?? undefined,\n lastName: authInfo.user.lastName ?? undefined,\n username: authInfo.user.username ?? undefined,\n pictureUrl: authInfo.user.pictureUrl ?? undefined,\n properties: authInfo.user.properties,\n };\n\n const orgs: AthenaOrg[] =\n authInfo.orgHelper?.getOrgs().map((org) => ({\n orgId: org.orgId,\n orgName: org.orgName,\n urlSafeOrgName: org.urlSafeOrgName,\n })) ?? [];\n\n return {\n isLoggedIn: true,\n isLoading: false,\n user,\n accessToken: authInfo.accessToken,\n orgs,\n logout: async (redirect = true) => logoutFn(redirect),\n };\n }, [authInfo, logoutFn]);\n\n if (authState.isLoading) {\n return <>{displayWhileLoading ?? null}</>;\n }\n\n return (\n <AthenaAuthContext.Provider value={authState}>\n {children}\n </AthenaAuthContext.Provider>\n );\n}\n\n// ─── Public Provider ──────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by PropelAuth.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n * When present, `AthenaProvider` will automatically use the access token\n * from this provider — no need to pass `token` or `apiKey` manually.\n *\n * @example\n * ```tsx\n * import { AthenaAuthProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n * return (\n * <AthenaAuthProvider authUrl=\"https://auth.yourdomain.com\">\n * <AthenaProvider>\n * <AthenaChat />\n * </AthenaProvider>\n * </AthenaAuthProvider>\n * );\n * }\n * ```\n */\nexport function AthenaAuthProvider({\n children,\n authUrl,\n postLoginRedirectUrl,\n displayWhileLoading,\n}: AthenaAuthProviderProps) {\n const currentHref = useCurrentHref();\n const redirectUrl = postLoginRedirectUrl ?? currentHref;\n\n return (\n <RequiredAuthProvider\n authUrl={authUrl}\n displayWhileLoading={\n displayWhileLoading ? <>{displayWhileLoading}</> : undefined\n }\n displayIfLoggedOut={<RedirectToLogin postLoginRedirectUrl={redirectUrl} />}\n >\n <AthenaAuthBridge displayWhileLoading={displayWhileLoading}>\n {children}\n </AthenaAuthBridge>\n </RequiredAuthProvider>\n );\n}\n","import type { ReactNode } from 'react';\nimport { useCallback, useEffect, useMemo, useRef, useState } from 'react';\nimport { AthenaAuthContext } from './AthenaAuthContext';\nimport type {\n AthenaAuthState,\n AthenaOrg,\n AthenaSSOUserInfo,\n AthenaUser,\n} from './types';\n\n// ─── Props ────────────────────────────────────────────────────────────\n\nexport interface AthenaSSOProviderProps {\n children: ReactNode;\n\n /**\n * Base URL used to resolve the Athena SSO endpoints.\n *\n * When omitted, the provider defaults to same-origin relative paths:\n * `/api/sso/userinfo`, `/api/sso/initiate`, and `/api/sso/logout`.\n *\n * Use this when your frontend and backend live on different origins\n * (for example `https://app.example.com` + `https://api.example.com`).\n */\n ssoBaseUrl?: string;\n\n /**\n * Optional override for the SSO user-info endpoint that returns the\n * authenticated user's data and access token.\n *\n * The endpoint must return JSON matching `AthenaSSOUserInfo`:\n * ```json\n * {\n * \"user\": { \"user_id\": \"…\", \"email\": \"…\", … },\n * \"orgMemberInfos\": [{ \"orgId\": \"…\", \"orgName\": \"…\", \"urlSafeOrgName\": \"…\" }],\n * \"accessToken\": \"…\"\n * }\n * ```\n *\n * The request is sent with `credentials: 'include'` so that\n * session cookies are forwarded automatically.\n */\n ssoUserInfoUrl?: string;\n\n /**\n * Optional override for the URL to redirect the user to when no valid\n * SSO session exists.\n * This is typically the SSO initiation endpoint on your backend\n * (e.g. `https://api.yourdomain.com/api/sso/initiate`).\n */\n ssoLoginUrl?: string;\n\n /**\n * Optional override for the backend SSO logout endpoint.\n * Defaults to `/api/sso/logout` (or `${ssoBaseUrl}/api/sso/logout`).\n */\n ssoLogoutUrl?: string;\n\n /**\n * Custom element displayed while the SSO session is being verified.\n * Defaults to `null` (renders nothing).\n */\n displayWhileLoading?: ReactNode;\n\n /**\n * Custom element displayed when SSO authentication fails.\n * If not provided, the user is automatically redirected to `ssoLoginUrl`.\n */\n displayOnError?: ReactNode;\n\n /**\n * Re-validate the SSO session when the window regains focus.\n * Enabled by default so token expiry and user switching are picked up\n * without requiring a full page reload.\n */\n revalidateOnWindowFocus?: boolean;\n}\n\n// ─── Helpers ──────────────────────────────────────────────────────────\n\ntype AthenaSSOError = 'unauthenticated' | 'invalid_response' | 'request_failed';\n\nconst DEFAULT_SSO_PATHS = {\n userInfo: '/api/sso/userinfo',\n login: '/api/sso/initiate',\n logout: '/api/sso/logout',\n} as const;\n\nconst trimTrailingSlash = (value: string): string => value.replace(/\\/+$/, '');\n\nfunction resolveSSOUrl({\n baseUrl,\n overrideUrl,\n defaultPath,\n}: {\n baseUrl?: string;\n overrideUrl?: string;\n defaultPath: string;\n}): string {\n if (overrideUrl) {\n return overrideUrl;\n }\n\n if (!baseUrl) {\n return defaultPath;\n }\n\n return `${trimTrailingSlash(baseUrl)}${defaultPath}`;\n}\n\nfunction isValidSSOUserInfo(data: unknown): data is AthenaSSOUserInfo {\n if (!data || typeof data !== 'object') {\n return false;\n }\n\n const candidate = data as {\n accessToken?: unknown;\n orgMemberInfos?: unknown;\n user?: {\n user_id?: unknown;\n email?: unknown;\n };\n };\n\n return (\n typeof candidate.accessToken === 'string' &&\n Array.isArray(candidate.orgMemberInfos) &&\n !!candidate.user &&\n typeof candidate.user.user_id === 'string' &&\n typeof candidate.user.email === 'string'\n );\n}\n\n/** Map the backend SSO response to the SDK's user/org types. */\nfunction mapSSOResponse(data: AthenaSSOUserInfo): {\n user: AthenaUser;\n orgs: AthenaOrg[];\n accessToken: string;\n} {\n const user: AthenaUser = {\n userId: data.user.user_id,\n email: data.user.email,\n firstName: data.user.first_name || undefined,\n lastName: data.user.last_name || undefined,\n username: data.user.username || undefined,\n pictureUrl: data.user.picture_url || undefined,\n properties: data.user.properties,\n };\n\n const orgs: AthenaOrg[] = data.orgMemberInfos.map((org) => ({\n orgId: org.orgId,\n orgName: org.orgName,\n urlSafeOrgName: org.urlSafeOrgName,\n }));\n\n return { user, orgs, accessToken: data.accessToken };\n}\n\n// ─── Provider ─────────────────────────────────────────────────────────\n\n/**\n * Wraps your app with Athena authentication powered by an external SSO\n * identity provider (e.g. Microsoft Entra / Azure AD, Okta, etc.).\n *\n * The SSO login flow is handled entirely by your backend. This provider\n * verifies the session by fetching `ssoUserInfoUrl` and exposes the\n * same `AthenaAuthState` context that `AthenaAuthProvider` (PropelAuth)\n * provides, so downstream components like `<AthenaProvider>` and\n * `useAthenaAuth()` work identically.\n *\n * Place this **above** `<AthenaProvider>` in the component tree.\n *\n * @example\n * ```tsx\n * import { AthenaSSOProvider } from '@athenaintel/react/auth';\n * import { AthenaProvider, AthenaChat } from '@athenaintel/react';\n *\n * function App() {\n * return (\n * <AthenaSSOProvider\n * ssoUserInfoUrl=\"https://api.yourdomain.com/api/sso/userinfo\"\n * ssoLoginUrl=\"https://api.yourdomain.com/api/sso/initiate\"\n * >\n * <AthenaProvider>\n * <AthenaChat />\n * </AthenaProvider>\n * </AthenaSSOProvider>\n * );\n * }\n * ```\n */\nexport function AthenaSSOProvider({\n children,\n ssoBaseUrl,\n ssoUserInfoUrl,\n ssoLoginUrl,\n ssoLogoutUrl,\n displayWhileLoading,\n displayOnError,\n revalidateOnWindowFocus = true,\n}: AthenaSSOProviderProps) {\n const [ssoData, setSSOData] = useState<AthenaSSOUserInfo | null>(null);\n const [loading, setLoading] = useState(true);\n const [error, setError] = useState<AthenaSSOError | null>(null);\n const activeRequestRef = useRef<AbortController | null>(null);\n\n const ssoUrls = useMemo(\n () => ({\n userInfo: resolveSSOUrl({\n baseUrl: ssoBaseUrl,\n overrideUrl: ssoUserInfoUrl,\n defaultPath: DEFAULT_SSO_PATHS.userInfo,\n }),\n login: resolveSSOUrl({\n baseUrl: ssoBaseUrl,\n overrideUrl: ssoLoginUrl,\n defaultPath: DEFAULT_SSO_PATHS.login,\n }),\n logout: resolveSSOUrl({\n baseUrl: ssoBaseUrl,\n overrideUrl: ssoLogoutUrl,\n defaultPath: DEFAULT_SSO_PATHS.logout,\n }),\n }),\n [ssoBaseUrl, ssoUserInfoUrl, ssoLoginUrl, ssoLogoutUrl],\n );\n\n const refreshSession = useCallback(\n async ({ showLoading = false }: { showLoading?: boolean } = {}): Promise<void> => {\n activeRequestRef.current?.abort();\n const abortController = new AbortController();\n activeRequestRef.current = abortController;\n\n if (showLoading) {\n setLoading(true);\n }\n\n try {\n const response = await fetch(ssoUrls.userInfo, {\n credentials: 'include',\n signal: abortController.signal,\n });\n\n if (!response.ok) {\n if (response.status === 401 || response.status === 403) {\n setSSOData(null);\n setError('unauthenticated');\n } else {\n setError('request_failed');\n }\n return;\n }\n\n const data: unknown = await response.json();\n\n if (!isValidSSOUserInfo(data)) {\n console.error(\n '[AthenaSDK] Invalid SSO userinfo response: expected \"user.user_id\", \"user.email\", \"orgMemberInfos\", and \"accessToken\"',\n );\n setSSOData(null);\n setError('invalid_response');\n return;\n }\n\n setSSOData(data);\n setError(null);\n } catch (fetchError) {\n if (fetchError instanceof DOMException && fetchError.name === 'AbortError') {\n return;\n }\n\n setError('request_failed');\n } finally {\n if (activeRequestRef.current === abortController) {\n activeRequestRef.current = null;\n setLoading(false);\n }\n }\n },\n [ssoUrls.userInfo],\n );\n\n useEffect(() => {\n void refreshSession({ showLoading: true });\n\n return () => {\n activeRequestRef.current?.abort();\n };\n }, [refreshSession]);\n\n useEffect(() => {\n if (!revalidateOnWindowFocus || typeof window === 'undefined') {\n return;\n }\n\n const handleFocus = () => {\n void refreshSession();\n };\n const handleVisibilityChange = () => {\n if (document.visibilityState === 'visible') {\n void refreshSession();\n }\n };\n\n window.addEventListener('focus', handleFocus);\n document.addEventListener('visibilitychange', handleVisibilityChange);\n\n return () => {\n window.removeEventListener('focus', handleFocus);\n document.removeEventListener('visibilitychange', handleVisibilityChange);\n };\n }, [revalidateOnWindowFocus, refreshSession]);\n\n // Redirect to SSO login when session is invalid and no error UI provided.\n useEffect(() => {\n if (\n !loading &&\n error === 'unauthenticated' &&\n !displayOnError &&\n typeof window !== 'undefined'\n ) {\n window.location.assign(ssoUrls.login);\n }\n }, [loading, error, displayOnError, ssoUrls.login]);\n\n const logout = useCallback(async (redirectOnLogout = true) => {\n activeRequestRef.current?.abort();\n\n try {\n await fetch(ssoUrls.logout, {\n method: 'POST',\n credentials: 'include',\n });\n } catch (logoutError) {\n console.error('[AthenaSDK] Failed to invalidate SSO session during logout', logoutError);\n }\n\n setSSOData(null);\n setError(null);\n setLoading(false);\n\n if (redirectOnLogout && typeof window !== 'undefined') {\n window.location.assign(ssoUrls.login);\n }\n }, [ssoUrls.login, ssoUrls.logout]);\n\n const authState: AthenaAuthState = useMemo(() => {\n if (loading) {\n return {\n isLoggedIn: false,\n isLoading: true,\n user: null,\n accessToken: null,\n orgs: [],\n logout: async () => {},\n };\n }\n\n if (error === 'request_failed' && ssoData) {\n const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n return {\n isLoggedIn: true,\n isLoading: false,\n user,\n accessToken,\n orgs,\n logout,\n };\n }\n\n if (error || !ssoData) {\n return {\n isLoggedIn: false,\n isLoading: false,\n user: null,\n accessToken: null,\n orgs: [],\n logout,\n };\n }\n\n const { user, orgs, accessToken } = mapSSOResponse(ssoData);\n\n return {\n isLoggedIn: true,\n isLoading: false,\n user,\n accessToken,\n orgs,\n logout,\n };\n }, [loading, error, ssoData, logout]);\n\n if (authState.isLoading) {\n return <>{displayWhileLoading ?? null}</>;\n }\n\n if (!authState.isLoggedIn) {\n return displayOnError ? <>{displayOnError}</> : null;\n }\n\n return (\n <AthenaAuthContext.Provider value={authState}>\n {children}\n </AthenaAuthContext.Provider>\n );\n}\n"],"names":["useState","useEffect","useAuthInfo","useLogoutFunction","useMemo","jsx","Fragment","AthenaAuthContext","RequiredAuthProvider","RedirectToLogin","useRef","useCallback","user","orgs","accessToken"],"mappings":";;;;;;AAmCA,MAAM,+BAA+B;AACrC,IAAI,iBAAiB;AAErB,SAAS,kCAAwC;AAC/C,MAAI,kBAAkB,OAAO,WAAW,aAAa;AACnD;AAAA,EACF;AAEA,QAAM,uBAAuB,MAAM;AACjC,WAAO,cAAc,IAAI,MAAM,4BAA4B,CAAC;AAAA,EAC9D;AAEA,QAAM,oBAAoB,OAAO,QAAQ;AACzC,SAAO,QAAQ,YAAY,SAAS,aAAa,MAAM;AACrD,UAAM,SAAS,kBAAkB,MAAM,MAAM,IAAI;AACjD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,QAAM,uBAAuB,OAAO,QAAQ;AAC5C,SAAO,QAAQ,eAAe,SAAS,gBAAgB,MAAM;AAC3D,UAAM,SAAS,qBAAqB,MAAM,MAAM,IAAI;AACpD,yBAAA;AACA,WAAO;AAAA,EACT;AAEA,mBAAiB;AACnB;AAEA,SAAS,iBAAyB;AAChC,QAAM,CAAC,MAAM,OAAO,IAAIA,MAAAA;AAAAA,IACtB,OAAO,WAAW,cAAc,OAAO,SAAS,OAAO;AAAA,EAAA;AAGzDC,QAAAA,UAAU,MAAM;AACd,QAAI,OAAO,WAAW,aAAa;AACjC;AAAA,IACF;AAEA,oCAAA;AAEA,UAAM,aAAa,MAAM;AACvB,cAAQ,OAAO,SAAS,IAAI;AAAA,IAC9B;AAEA,eAAA;AACA,WAAO,iBAAiB,YAAY,UAAU;AAC9C,WAAO,iBAAiB,cAAc,UAAU;AAChD,WAAO,iBAAiB,8BAA8B,UAAU;AAEhE,WAAO,MAAM;AACX,aAAO,oBAAoB,YAAY,UAAU;AACjD,aAAO,oBAAoB,cAAc,UAAU;AACnD,aAAO,oBAAoB,8BAA8B,UAAU;AAAA,IACrE;AAAA,EACF,GAAG,CAAA,CAAE;AAEL,SAAO;AACT;AAQA,SAAS,iBAAiB;AAAA,EACxB;AAAA,EACA;AACF,GAGG;AACD,QAAM,WAAWC,MAAAA,YAAA;AACjB,QAAM,WAAWC,MAAAA,kBAAA;AAEjB,QAAM,YAA6BC,MAAAA,QAAQ,MAAM;;AAC/C,QAAI,SAAS,SAAS;AACpB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,CAAC,SAAS,YAAY;AACxB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,MAAA;AAAA,IAExD;AAEA,UAAM,OAAmB;AAAA,MACvB,QAAQ,SAAS,KAAK;AAAA,MACtB,OAAO,SAAS,KAAK;AAAA,MACrB,WAAW,SAAS,KAAK,aAAa;AAAA,MACtC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,UAAU,SAAS,KAAK,YAAY;AAAA,MACpC,YAAY,SAAS,KAAK,cAAc;AAAA,MACxC,YAAY,SAAS,KAAK;AAAA,IAAA;AAG5B,UAAM,SACJ,cAAS,cAAT,mBAAoB,UAAU,IAAI,CAAC,SAAS;AAAA,MAC1C,OAAO,IAAI;AAAA,MACX,SAAS,IAAI;AAAA,MACb,gBAAgB,IAAI;AAAA,IAAA,QACf,CAAA;AAET,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA,aAAa,SAAS;AAAA,MACtB;AAAA,MACA,QAAQ,OAAO,WAAW,SAAS,SAAS,QAAQ;AAAA,IAAA;AAAA,EAExD,GAAG,CAAC,UAAU,QAAQ,CAAC;AAEvB,MAAI,UAAU,WAAW;AACvB,WAAOC,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;AA2BO,SAAS,mBAAmB;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAA4B;AAC1B,QAAM,cAAc,eAAA;AACpB,QAAM,cAAc,wBAAwB;AAE5C,SACEF,2BAAAA;AAAAA,IAACG,MAAAA;AAAAA,IAAA;AAAA,MACC;AAAA,MACA,qBACE,sBAAsBH,+BAAAC,WAAAA,UAAA,EAAG,UAAA,oBAAA,CAAoB,IAAM;AAAA,MAErD,oBAAoBD,2BAAAA,IAACI,MAAAA,iBAAA,EAAgB,sBAAsB,YAAA,CAAa;AAAA,MAExE,UAAAJ,2BAAAA,IAAC,kBAAA,EAAiB,qBACf,SAAA,CACH;AAAA,IAAA;AAAA,EAAA;AAGN;ACzIA,MAAM,oBAAoB;AAAA,EACxB,UAAU;AAAA,EACV,OAAO;AAAA,EACP,QAAQ;AACV;AAEA,MAAM,oBAAoB,CAAC,UAA0B,MAAM,QAAQ,QAAQ,EAAE;AAE7E,SAAS,cAAc;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACF,GAIW;AACT,MAAI,aAAa;AACf,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO,GAAG,kBAAkB,OAAO,CAAC,GAAG,WAAW;AACpD;AAEA,SAAS,mBAAmB,MAA0C;AACpE,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,WAAO;AAAA,EACT;AAEA,QAAM,YAAY;AASlB,SACE,OAAO,UAAU,gBAAgB,YACjC,MAAM,QAAQ,UAAU,cAAc,KACtC,CAAC,CAAC,UAAU,QACZ,OAAO,UAAU,KAAK,YAAY,YAClC,OAAO,UAAU,KAAK,UAAU;AAEpC;AAGA,SAAS,eAAe,MAItB;AACA,QAAM,OAAmB;AAAA,IACvB,QAAQ,KAAK,KAAK;AAAA,IAClB,OAAO,KAAK,KAAK;AAAA,IACjB,WAAW,KAAK,KAAK,cAAc;AAAA,IACnC,UAAU,KAAK,KAAK,aAAa;AAAA,IACjC,UAAU,KAAK,KAAK,YAAY;AAAA,IAChC,YAAY,KAAK,KAAK,eAAe;AAAA,IACrC,YAAY,KAAK,KAAK;AAAA,EAAA;AAGxB,QAAM,OAAoB,KAAK,eAAe,IAAI,CAAC,SAAS;AAAA,IAC1D,OAAO,IAAI;AAAA,IACX,SAAS,IAAI;AAAA,IACb,gBAAgB,IAAI;AAAA,EAAA,EACpB;AAEF,SAAO,EAAE,MAAM,MAAM,aAAa,KAAK,YAAA;AACzC;AAmCO,SAAS,kBAAkB;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,0BAA0B;AAC5B,GAA2B;AACzB,QAAM,CAAC,SAAS,UAAU,IAAIL,MAAAA,SAAmC,IAAI;AACrE,QAAM,CAAC,SAAS,UAAU,IAAIA,MAAAA,SAAS,IAAI;AAC3C,QAAM,CAAC,OAAO,QAAQ,IAAIA,MAAAA,SAAgC,IAAI;AAC9D,QAAM,mBAAmBU,MAAAA,OAA+B,IAAI;AAE5D,QAAM,UAAUN,MAAAA;AAAAA,IACd,OAAO;AAAA,MACL,UAAU,cAAc;AAAA,QACtB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,OAAO,cAAc;AAAA,QACnB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,MACD,QAAQ,cAAc;AAAA,QACpB,SAAS;AAAA,QACT,aAAa;AAAA,QACb,aAAa,kBAAkB;AAAA,MAAA,CAChC;AAAA,IAAA;AAAA,IAEH,CAAC,YAAY,gBAAgB,aAAa,YAAY;AAAA,EAAA;AAGxD,QAAM,iBAAiBO,MAAAA;AAAAA,IACrB,OAAO,EAAE,cAAc,MAAA,IAAqC,OAAsB;;AAChF,6BAAiB,YAAjB,mBAA0B;AAC1B,YAAM,kBAAkB,IAAI,gBAAA;AAC5B,uBAAiB,UAAU;AAE3B,UAAI,aAAa;AACf,mBAAW,IAAI;AAAA,MACjB;AAEA,UAAI;AACF,cAAM,WAAW,MAAM,MAAM,QAAQ,UAAU;AAAA,UAC7C,aAAa;AAAA,UACb,QAAQ,gBAAgB;AAAA,QAAA,CACzB;AAED,YAAI,CAAC,SAAS,IAAI;AAChB,cAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,uBAAW,IAAI;AACf,qBAAS,iBAAiB;AAAA,UAC5B,OAAO;AACL,qBAAS,gBAAgB;AAAA,UAC3B;AACA;AAAA,QACF;AAEA,cAAM,OAAgB,MAAM,SAAS,KAAA;AAErC,YAAI,CAAC,mBAAmB,IAAI,GAAG;AAC7B,kBAAQ;AAAA,YACN;AAAA,UAAA;AAEF,qBAAW,IAAI;AACf,mBAAS,kBAAkB;AAC3B;AAAA,QACF;AAEA,mBAAW,IAAI;AACf,iBAAS,IAAI;AAAA,MACf,SAAS,YAAY;AACnB,YAAI,sBAAsB,gBAAgB,WAAW,SAAS,cAAc;AAC1E;AAAA,QACF;AAEA,iBAAS,gBAAgB;AAAA,MAC3B,UAAA;AACE,YAAI,iBAAiB,YAAY,iBAAiB;AAChD,2BAAiB,UAAU;AAC3B,qBAAW,KAAK;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAAA;AAGnBV,QAAAA,UAAU,MAAM;AACd,SAAK,eAAe,EAAE,aAAa,MAAM;AAEzC,WAAO,MAAM;;AACX,6BAAiB,YAAjB,mBAA0B;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnBA,QAAAA,UAAU,MAAM;AACd,QAAI,CAAC,2BAA2B,OAAO,WAAW,aAAa;AAC7D;AAAA,IACF;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,eAAA;AAAA,IACP;AACA,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,WAAW;AAC1C,aAAK,eAAA;AAAA,MACP;AAAA,IACF;AAEA,WAAO,iBAAiB,SAAS,WAAW;AAC5C,aAAS,iBAAiB,oBAAoB,sBAAsB;AAEpE,WAAO,MAAM;AACX,aAAO,oBAAoB,SAAS,WAAW;AAC/C,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,yBAAyB,cAAc,CAAC;AAG5CA,QAAAA,UAAU,MAAM;AACd,QACE,CAAC,WACD,UAAU,qBACV,CAAC,kBACD,OAAO,WAAW,aAClB;AACA,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,SAAS,OAAO,gBAAgB,QAAQ,KAAK,CAAC;AAElD,QAAM,SAASU,MAAAA,YAAY,OAAO,mBAAmB,SAAS;;AAC5D,2BAAiB,YAAjB,mBAA0B;AAE1B,QAAI;AACF,YAAM,MAAM,QAAQ,QAAQ;AAAA,QAC1B,QAAQ;AAAA,QACR,aAAa;AAAA,MAAA,CACd;AAAA,IACH,SAAS,aAAa;AACpB,cAAQ,MAAM,8DAA8D,WAAW;AAAA,IACzF;AAEA,eAAW,IAAI;AACf,aAAS,IAAI;AACb,eAAW,KAAK;AAEhB,QAAI,oBAAoB,OAAO,WAAW,aAAa;AACrD,aAAO,SAAS,OAAO,QAAQ,KAAK;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,QAAQ,OAAO,QAAQ,MAAM,CAAC;AAElC,QAAM,YAA6BP,MAAAA,QAAQ,MAAM;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN,QAAQ,YAAY;AAAA,QAAC;AAAA,MAAA;AAAA,IAEzB;AAEA,QAAI,UAAU,oBAAoB,SAAS;AACzC,YAAM,EAAE,MAAAQ,OAAM,MAAAC,OAAM,aAAAC,aAAAA,IAAgB,eAAe,OAAO;AAE1D,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAAF;AAAAA,QACA,aAAAE;AAAAA,QACA,MAAAD;AAAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QAAI,SAAS,CAAC,SAAS;AACrB,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,WAAW;AAAA,QACX,MAAM;AAAA,QACN,aAAa;AAAA,QACb,MAAM,CAAA;AAAA,QACN;AAAA,MAAA;AAAA,IAEJ;AAEA,UAAM,EAAE,MAAM,MAAM,YAAA,IAAgB,eAAe,OAAO;AAE1D,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAAA,EAEJ,GAAG,CAAC,SAAS,OAAO,SAAS,MAAM,CAAC;AAEpC,MAAI,UAAU,WAAW;AACvB,WAAOR,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,iCAAuB,KAAA,CAAK;AAAA,EACxC;AAEA,MAAI,CAAC,UAAU,YAAY;AACzB,WAAO,iBAAiBD,2BAAAA,IAAAC,WAAAA,UAAA,EAAG,UAAA,eAAA,CAAe,IAAM;AAAA,EAClD;AAEA,wCACGC,kBAAAA,kBAAkB,UAAlB,EAA2B,OAAO,WAChC,UACH;AAEJ;;;;;"}