@blimu/backend 1.2.2 → 1.2.4

package/README.md

@@ -195,6 +195,7 @@ The SDK includes the following TypeScript interfaces:
 - **IntrospectionRequest**
 - **IntrospectionResponse**
 - **JWK**
+- **OAuthAccessTokenPayload**
 - **PlanAssignBody**
 - **PlanDeleteResponse**
 - **PlanResponse**

package/dist/client.d.mts

@@ -11,7 +11,7 @@ import { ResourcesService } from './services/resources.mjs';
 import { RolesService } from './services/roles.mjs';
 import { UsageService } from './services/usage.mjs';
 import { UsersService } from './services/users.mjs';
-import './schema-CdEZKE7E.mjs';
+import './schema-DlLjJUTG.mjs';
 import '@blimu/types';
 
 type ClientOption = FetchClientConfig & {

package/dist/client.d.ts

@@ -11,7 +11,7 @@ import { ResourcesService } from './services/resources.js';
 import { RolesService } from './services/roles.js';
 import { UsageService } from './services/usage.js';
 import { UsersService } from './services/users.js';
-import './schema-CdEZKE7E.js';
+import './schema-DlLjJUTG.js';
 import '@blimu/types';
 
 type ClientOption = FetchClientConfig & {

package/dist/index.cjs

@@ -714,6 +714,7 @@ __export(schema_zod_exports, {
   IntrospectionRequestSchema: () => IntrospectionRequestSchema,
   IntrospectionResponseSchema: () => IntrospectionResponseSchema,
   JWKSchema: () => JWKSchema,
+  OAuthAccessTokenPayloadSchema: () => OAuthAccessTokenPayloadSchema,
   OauthCheckConsentRequiredQuerySchema: () => OauthCheckConsentRequiredQuerySchema,
   PlanAssignBodySchema: () => PlanAssignBodySchema,
   PlanDeleteResponseSchema: () => PlanDeleteResponseSchema,
@@ -889,6 +890,15 @@ var JWKSchema = import_zod.z.object({
     use: import_zod.z.string()
   }).array()
 });
+var OAuthAccessTokenPayloadSchema = import_zod.z.object({
+  client_id: import_zod.z.string(),
+  environment_id: import_zod.z.string(),
+  exp: import_zod.z.number().int(),
+  iat: import_zod.z.number().int(),
+  scope: import_zod.z.string(),
+  sub: import_zod.z.string(),
+  token_type: import_zod.z.string()
+});
 var PlanDeleteResponseSchema = import_zod.z.object({ success: import_zod.z.boolean() });
 var ResourceMemberListSchema = import_zod.z.object({
   items: import_zod.z.object({
@@ -1397,7 +1407,7 @@ var TokenVerifier = class {
       const authJwks = new AuthJwksService(core);
       fetchJwks = () => authJwks.getJwks();
     } else {
-      cacheKey = `oauth:${clientId}`;
+      cacheKey = `oauth:${baseURL}:${clientId}`;
       const core = new import_fetch4.FetchClient({ baseURL });
       const authJwks = new AuthJwksService(core);
       fetchJwks = () => authJwks.getOAuthAppJwks({ client_id: clientId });

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/client.ts","../src/auth-strategies.ts","../src/services/auth_jwks.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts","../src/utils.ts","../src/schema.ts","../src/schema.zod.ts","../src/token-verifier.ts"],"sourcesContent":["/**\n * This file is generated only once. If it already exists, it will not be overwritten.\n * You can safely add custom exports, re-exports, or any other code here as needed.\n * Your customizations will be preserved across SDK regenerations.\n */\n\n// Re-export everything from client\nexport * from './client';\n\n// Re-export all error types from @blimu/fetch for instanceof checks\nexport * from '@blimu/fetch';\n\n// Re-exports for better ergonomics\nexport * from './utils';\nexport * as Schema from './schema';\nexport * as ZodSchema from './schema.zod';\nexport { BulkResourcesService } from './services/bulk_resources';\nexport { BulkRolesService } from './services/bulk_roles';\nexport { EntitlementsService } from './services/entitlements';\nexport { AuthJwksService } from './services/auth_jwks';\nexport type { JWK, JWKSet } from './token-verifier';\nexport { PlansService } from './services/plans';\nexport { ResourceMembersService } from './services/resource_members';\nexport { ResourcesService } from './services/resources';\nexport { RolesService } from './services/roles';\nexport { UsageService } from './services/usage';\nexport { UsersService } from './services/users';\n\n// Re-export token verifier for backward compatibility. This is custom code that is not generated by the codegen.\nexport * from './token-verifier';\nexport type * from '@blimu/types';\n","import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n  apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n  readonly authJwks: AuthJwksService;\n  readonly bulkResources: BulkResourcesService;\n  readonly bulkRoles: BulkRolesService;\n  readonly entitlements: EntitlementsService;\n  readonly oauth: OauthService;\n  readonly plans: PlansService;\n  readonly resourceMembers: ResourceMembersService;\n  readonly resources: ResourcesService;\n  readonly roles: RolesService;\n  readonly usage: UsageService;\n  readonly users: UsersService;\n\n  constructor(options?: ClientOption) {\n    const restCfg = { ...(options ?? {}) };\n    delete restCfg.apiKey;\n\n    const authStrategies = buildAuthStrategies(options ?? {});\n\n    const core = new FetchClient({\n      ...restCfg,\n      baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n      ...(authStrategies.length > 0 ? { authStrategies } : {}),\n    });\n\n    this.authJwks = new AuthJwksService(core);\n    this.bulkResources = new BulkResourcesService(core);\n    this.bulkRoles = new BulkRolesService(core);\n    this.entitlements = new EntitlementsService(core);\n    this.oauth = new OauthService(core);\n    this.plans = new PlansService(core);\n    this.resourceMembers = new ResourceMembersService(core);\n    this.resources = new ResourcesService(core);\n    this.roles = new RolesService(core);\n    this.usage = new UsageService(core);\n    this.users = new UsersService(core);\n  }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n  const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n  if (cfg.apiKey) {\n    authStrategies.push({\n      type: 'apiKey',\n      key: cfg.apiKey,\n      location: 'header',\n      name: 'X-API-KEY',\n    });\n  }\n  return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class AuthJwksService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/auth/.well-known/jwks.json*\n   * @summary Get JSON Web Key Set for environment (Public)*\n   * @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey).*/\n  getJwks(init?: Omit<RequestInit, 'method' | 'body'>): Promise<Schema.JWK> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/.well-known/jwks.json`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/auth/.well-known/public-key.pem*\n   * @summary Get environment public key (PEM)*\n   * @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key.*/\n  getPublicKeyPem(init?: Omit<RequestInit, 'method' | 'body'>): Promise<unknown> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/.well-known/public-key.pem`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/auth/oauth/.well-known/jwks.json*\n   * @summary Get JSON Web Key Set for OAuth app (Public)*\n   * @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/\n  getOAuthAppJwks(\n    query?: Schema.AuthJwksGetOAuthAppJwksQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.JWK> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/oauth/.well-known/jwks.json`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/resources/{resourceType}/bulk*\n   * @summary Bulk create resources*\n   * @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments.*/\n  create(\n    resourceType: ResourceType,\n    body: Schema.ResourceBulkCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceBulkResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class BulkRolesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/users/roles/bulk*\n   * @summary Bulk create roles*\n   * @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions.*/\n  create(\n    body: Schema.RoleBulkCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.RoleBulkResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users/roles/bulk`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/entitlements/check*\n   * @summary Check if a user has a specific entitlement on a resource*\n   * @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status.*/\n  checkEntitlement(\n    body: Schema.EntitlementCheckBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementCheckResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/entitlements/check`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}*\n   * @summary List entitlements for a specific resource*\n   * @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.*/\n  listForResource(\n    resourceType: ResourceType,\n    resourceId: string,\n    query?: Schema.EntitlementsListForResourceQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementsListResult> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/entitlements/list-for-tenant/{tenantResourceId}*\n   * @summary List entitlements for a tenant and all its sub-resources*\n   * @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).*/\n  listForTenant(\n    tenantResourceId: string,\n    query?: Schema.EntitlementsListForTenantQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementsListResult> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class OauthService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/oauth/authorize*\n   * @summary Check consent requirement*\n   * @description Checks if user consent is required for the OAuth2 app and requested scopes.*/\n  checkConsentRequired(\n    query?: Schema.OauthCheckConsentRequiredQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ConsentCheckResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/oauth/authorize`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/authorize*\n   * @summary Authorize OAuth2 application*\n   * @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements.*/\n  authorize(\n    body: Schema.AuthorizeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/authorize`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/authorize*\n   * @summary Authorize or deny device code*\n   * @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session.*/\n  authorizeDeviceCode(\n    body: Schema.DeviceAuthorizeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceAuthorizeResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/authorize`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/code*\n   * @summary Request device authorization codes*\n   * @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry).*/\n  requestDeviceCode(\n    body: Schema.DeviceCodeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceCodeResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/code`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/oauth/device/code/{user_code}*\n   * @summary Get device code information*\n   * @description Returns device code information including app name, scopes, and consent requirement status.*/\n  getDeviceCodeInfo(\n    user_code: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceCodeInfoResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/token*\n   * @summary Poll for device authorization tokens*\n   * @description Client polls this endpoint to exchange device_code for tokens once user has authorized.*/\n  exchangeDeviceCode(\n    body: Schema.DeviceTokenRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TokenResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/token`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/introspect*\n   * @summary Introspect token*\n   * @description Validates a token and returns metadata. Requires client authentication.*/\n  introspect(\n    body: Schema.IntrospectionRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.IntrospectionResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/introspect`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/revoke*\n   * @summary Revoke token*\n   * @description Revokes an access or refresh token. Requires client authentication.*/\n  revoke(\n    body: Schema.RevocationRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/revoke`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/token*\n   * @summary Token endpoint*\n   * @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec).*/\n  token(\n    body: Schema.TokenRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TokenResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/token`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * DELETE /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Remove plan assignment from a tenant resource*\n   * @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits.*/\n  delete(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.PlanDeleteResponse> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Get the plan assigned to a tenant resource*\n   * @description Retrieves the billing plan currently assigned to a tenant resource, if any.*/\n  read(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.PlanResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Assign a plan to a tenant resource*\n   * @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions.*/\n  assign(\n    resourceType: ResourceType,\n    resourceId: string,\n    body: Schema.PlanAssignBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}/members*\n   * @summary List members for a resource*\n   * @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.*/\n  list(\n    resourceType: ResourceType,\n    resourceId: string,\n    query?: Schema.ResourceMembersListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceMemberList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/resources/{resourceType}*\n   * @summary List resources*\n   * @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.*/\n  list(\n    resourceType: ResourceType,\n    query?: Schema.ResourcesListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/resources/{resourceType}*\n   * @summary Create a resource*\n   * @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist.*/\n  create(\n    resourceType: ResourceType,\n    body: Schema.ResourceCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Resource> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/resources/{resourceType}/{resourceId}*\n   * @summary Delete a resource*\n   * @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it.*/\n  delete(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}*\n   * @summary Read a resource*\n   * @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata.*/\n  read(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Resource> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * PUT /v1/resources/{resourceType}/{resourceId}*\n   * @summary Update a resource*\n   * @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist.*/\n  update(\n    resourceType: ResourceType,\n    resourceId: string,\n    body: Schema.ResourceUpdateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'PUT',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/users/{userId}/roles*\n   * @summary List user roles*\n   * @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.*/\n  list(\n    userId: string,\n    query?: Schema.RolesListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.RoleList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/users/{userId}/roles*\n   * @summary Create a role (assign role to user on resource)*\n   * @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration.*/\n  create(\n    userId: string,\n    body: Schema.RoleCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Role> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}*\n   * @summary Delete a role*\n   * @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources.*/\n  delete(\n    userId: string,\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class UsageService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}*\n   * @summary Get wallet balance*\n   * @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.*/\n  getBalance(\n    resourceType: string,\n    resourceId: string,\n    limitType: string,\n    query?: Schema.UsageGetBalanceQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.BalanceResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/check*\n   * @summary Check if consumption is allowed*\n   * @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption.*/\n  checkLimit(\n    body: Schema.UsageCheckBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.CheckLimitResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/check`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/consume*\n   * @summary Record consumption (inserts negative amount)*\n   * @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes.*/\n  consume(\n    body: Schema.UsageConsumeBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UsageWalletResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/consume`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/credit*\n   * @summary Add credits to wallet (inserts positive amount)*\n   * @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes.*/\n  credit(\n    body: Schema.UsageCreditBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UsageWalletResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/credit`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}*\n   * @summary Get transaction history*\n   * @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.*/\n  getTransactionHistory(\n    resourceType: string,\n    resourceId: string,\n    limitType: string,\n    query?: Schema.UsageGetTransactionHistoryQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TransactionHistoryResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class UsersService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/users*\n   * @summary List users*\n   * @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.*/\n  list(\n    query?: Schema.UsersListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/users*\n   * @summary Create a user*\n   * @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time.*/\n  create(\n    body: Schema.UserCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/users/{userId}*\n   * @summary Delete a user*\n   * @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user.*/\n  delete(userId: string, init?: Omit<RequestInit, 'method' | 'body'>): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}*\n   * @summary Get a user by ID*\n   * @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata.*/\n  read(userId: string, init?: Omit<RequestInit, 'method' | 'body'>): Promise<Schema.User> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * PUT /v1/users/{userId}*\n   * @summary Update a user*\n   * @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable.*/\n  update(\n    userId: string,\n    body: Schema.UserUpdateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'PUT',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}/effective-user-resources-roles*\n   * @summary List effective user resources roles*\n   * @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n  listEffectiveUserResourcesRoles(\n    userId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserResourceList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n      ...(init ?? {}),\n    });\n  }\n}\n","import { parseSSEStream, parseNDJSONStream } from '@blimu/fetch';\n\nexport type PaginableQuery = { limit?: number; offset?: number } & Record<string, unknown>;\n\nexport async function* paginate<T>(\n  fetchPage: (\n    query?: PaginableQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ) => Promise<{ data?: T[]; hasMore?: boolean; limit?: number; offset?: number }>,\n  initialQuery: PaginableQuery = {},\n  pageSize = 100\n): AsyncGenerator<T, void, unknown> {\n  let offset = Number(initialQuery.offset ?? 0);\n  const limit = Number(initialQuery.limit ?? pageSize);\n  // shallow copy to avoid mutating caller\n  const baseQuery: PaginableQuery = { ...initialQuery };\n  while (true) {\n    const page = await fetchPage({ ...baseQuery, limit, offset });\n    const items = page.data ?? [];\n    for (const item of items) {\n      yield item;\n    }\n    if (!page.hasMore || items.length < limit) break;\n    offset += limit;\n  }\n}\n\nexport async function listAll<T>(\n  fetchPage: (\n    query?: PaginableQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ) => Promise<{ data?: T[]; hasMore?: boolean; limit?: number; offset?: number }>,\n  query: PaginableQuery = {},\n  pageSize = 100\n): Promise<T[]> {\n  const out: T[] = [];\n  for await (const item of paginate<T>(fetchPage, query, pageSize)) out.push(item);\n  return out;\n}\n\n/**\n * Filters out undefined values from an array while preserving type safety\n * Useful for query keys where optional parameters might be undefined\n * Preserves tuple types when no undefined values are present\n */\nexport function isNotUndefined<T extends readonly unknown[]>(arr: T): T {\n  // Type assertion: when no undefined values exist, tuple is preserved\n  // When undefined values exist, they are filtered but type system can't infer exact tuple shape\n  return arr.filter(\n    (item): item is Exclude<T[number], undefined> => item !== undefined\n  ) as unknown as T;\n}\n\n// Re-export streaming parsers from @blimu/fetch\nexport { parseSSEStream, parseNDJSONStream };\n","// Generated types from OpenAPI components.schemas\n\nimport type { ResourceType, EntitlementType, PlanType, UsageLimitType } from '@blimu/types';\n\nexport type Enum<T> = T[keyof T];\n\nexport interface AuthorizeRequest {\n  /** Action to take: allow or deny */\n  action: 'allow' | 'deny';\n  /** True if consent was auto-approved (not required or previously granted) */\n  auto_approved?: boolean;\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code challenge */\n  code_challenge?: string;\n  /** PKCE code challenge method */\n  code_challenge_method?: string;\n  /** Redirect URI */\n  redirect_uri: string;\n  /** Response type (typically \"code\") */\n  response_type: string;\n  /** Space-separated list of scopes */\n  scope?: string;\n  /** State parameter for CSRF protection */\n  state?: string;\n  /** True if user explicitly clicked Allow, false if auto-approved */\n  user_action?: boolean;\n}\n\nexport interface BalanceResponse {\n  balance: number;\n}\n\nexport interface CheckLimitResponse {\n  allowed: boolean;\n  current: number;\n  remaining?: number;\n  requested: number;\n}\n\nexport interface ConsentCheckResponse {\n  /** Whether user consent is required */\n  consent_required: boolean;\n  /** Whether consent was previously granted for this app and scopes */\n  previously_granted: boolean;\n}\n\nexport interface DeviceAuthorizeRequest {\n  /** Action to take: allow or deny */\n  action: 'allow' | 'deny';\n  /** True if consent was auto-approved (not required or previously granted) */\n  auto_approved?: boolean;\n  /** True if user explicitly clicked Allow, false if auto-approved */\n  user_action?: boolean;\n  /** The user code displayed to the user */\n  user_code: string;\n}\n\nexport interface DeviceAuthorizeResponse {\n  /** Whether the authorization was successful */\n  success: boolean;\n}\n\nexport interface DeviceCodeInfoResponse {\n  /** The name of the OAuth2 application */\n  appName: string;\n  /** Whether the user has already granted consent for this app and scopes */\n  previouslyGranted: boolean;\n  /** Whether the app requires user consent */\n  requireConsent: boolean;\n  /** The scopes requested by the device code */\n  scopes: string[];\n}\n\nexport interface DeviceCodeRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code challenge (base64url encoded SHA256 hash) */\n  code_challenge?: string;\n  /** PKCE code challenge method */\n  code_challenge_method?: 'S256' | 'plain';\n  /** Space-separated list of scopes */\n  scope?: string;\n}\n\nexport interface DeviceCodeResponse {\n  /** Device verification code (for polling) */\n  device_code: string;\n  /** Device code expiration time in seconds */\n  expires_in: number;\n  /** Minimum polling interval in seconds */\n  interval: number;\n  /** User verification code (short, human-readable) */\n  user_code: string;\n  /** Verification URI for user */\n  verification_uri: string;\n  /** Complete verification URI with user code */\n  verification_uri_complete: string;\n}\n\nexport interface DeviceTokenRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code verifier (if challenge was provided) */\n  code_verifier?: string;\n  /** Device code from authorization response */\n  device_code: string;\n  /** Grant type (must be device_code) */\n  grant_type: 'urn:ietf:params:oauth:grant-type:device_code';\n}\n\nexport interface EntitlementCheckBody {\n  amount?: number;\n  entitlement: EntitlementType;\n  resourceId: string;\n  userId: string;\n}\n\nexport interface EntitlementCheckResult {\n  allowed: boolean;\n  limit?: {\n    allowed: boolean;\n    current?: number;\n    limit?: number;\n    plan?: PlanType;\n    reason?: string;\n    remaining?: number;\n    scope?: string;\n  } | null;\n  plans?: { allowed: boolean; allowedPlans?: PlanType[]; plan?: PlanType; reason?: string } | null;\n  roles?: {\n    allowed: boolean;\n    allowedRoles?: string[];\n    reason?: string;\n    userRoles?: string[];\n  } | null;\n}\n\nexport interface EntitlementsListResult {\n  results: {\n    entitlements: {\n      allowed: boolean;\n      allowedByPlan: boolean;\n      allowedByRole: boolean;\n      allowedPlans?: PlanType[];\n      allowedRoles: string[];\n      currentPlan?: PlanType;\n      currentRole?: string;\n      entitlement: EntitlementType;\n    }[];\n    resourceId: string;\n    resourceType: ResourceType;\n  }[];\n}\n\nexport interface IntrospectionRequest {\n  /** The token to introspect */\n  token: string;\n  /** Hint about token type */\n  token_type_hint?: 'access_token' | 'refresh_token';\n}\n\nexport interface IntrospectionResponse {\n  /** Whether the token is active */\n  active: boolean;\n  /** Client ID */\n  client_id?: string;\n  /** Environment ID */\n  environment_id?: string;\n  /** Token expiration timestamp */\n  exp?: number;\n  /** Token issued at timestamp */\n  iat?: number;\n  /** Space-separated list of scopes */\n  scope?: string;\n  /** Subject (user ID) */\n  sub?: string;\n  /** Token type */\n  token_type?: string;\n  /** Username or user ID */\n  username?: string;\n}\n\nexport interface JWK {\n  keys: { alg: string; e: string; kid: string; kty: string; n: string; use: string }[];\n}\n\nexport interface PlanAssignBody {\n  planKey: PlanType;\n}\n\nexport interface PlanDeleteResponse {\n  success: boolean;\n}\n\nexport interface PlanResponse {\n  createdAt: string;\n  environmentId: string;\n  planKey: PlanType;\n  resourceId: string;\n  resourceType: ResourceType;\n  updatedAt: string;\n}\n\nexport interface Resource {\n  createdAt: string;\n  id: string;\n  name: string | null;\n  parents?: { id: string; type: ResourceType }[];\n  type: ResourceType;\n}\n\nexport interface ResourceBulkCreateBody {\n  resources: {\n    id?: string;\n    name?: string;\n    parents?: { id: string; type: ResourceType }[];\n    roles?: { role: string; userId: string }[];\n  }[];\n}\n\nexport interface ResourceBulkResult {\n  created: { environmentId: string; id: string; type: ResourceType }[];\n  errors: {\n    error: string;\n    index: number;\n    resource: {\n      id?: string;\n      name?: string;\n      parents?: { id: string; type: ResourceType }[];\n      roles?: { role: string; userId: string }[];\n    };\n  }[];\n  success: boolean;\n  summary: { failed: number; successful: number; total: number };\n}\n\nexport interface ResourceCreateBody {\n  id?: string;\n  name?: string;\n  parents?: { id: string; type: ResourceType }[];\n  roles?: { role: string; userId: string }[];\n}\n\nexport interface ResourceList {\n  items: Resource[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport interface ResourceMemberList {\n  items: {\n    inherited: boolean;\n    role: string;\n    user: {\n      avatarUrl: string | null;\n      createdAt: string;\n      email: string;\n      emailVerified: boolean;\n      firstName: string | null;\n      id: string;\n      lastLoginAt: string | null;\n      lastName: string | null;\n      lookupKey: string | null;\n      updatedAt: string;\n    };\n    userId: string;\n  }[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport interface ResourceUpdateBody {\n  name?: string;\n  /** Creates relationships with other resources. Parent resources must already exist. */\n  parents?: { id: string; type: ResourceType }[];\n}\n\nexport interface RevocationRequest {\n  /** The token to revoke */\n  token: string;\n  /** Hint about token type */\n  token_type_hint?: 'access_token' | 'refresh_token';\n}\n\nexport interface Role {\n  createdAt: string;\n  environmentId: string;\n  resourceId: string;\n  resourceType: ResourceType;\n  role: string;\n  userId: string;\n}\n\nexport interface RoleBulkCreateBody {\n  roles: { resourceId: string; resourceType: ResourceType; role: string; userId: string }[];\n}\n\nexport interface RoleBulkResult {\n  created: {\n    createdAt: string;\n    environmentId: string;\n    resourceId: string;\n    resourceType: ResourceType;\n    role: string;\n    userId: string;\n  }[];\n  errors: {\n    error: string;\n    index: number;\n    role: { resourceId: string; resourceType: ResourceType; role: string; userId: string };\n  }[];\n  success: boolean;\n  summary: { failed: number; successful: number; total: number };\n}\n\nexport interface RoleCreateBody {\n  resourceId: string;\n  resourceType: ResourceType;\n  role: string;\n}\n\nexport interface RoleList {\n  limit: number;\n  page: number;\n  roles: {\n    createdAt: string;\n    environmentId: string;\n    resourceId: string;\n    resourceType: ResourceType;\n    role: string;\n    userId: string;\n  }[];\n  total: number;\n}\n\nexport interface TokenRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** OAuth2 client secret (required for confidential clients) */\n  client_secret?: string;\n  /** Authorization code (required for authorization_code grant) */\n  code?: string;\n  /** PKCE code verifier (if challenge was provided) */\n  code_verifier?: string;\n  /** OAuth2 grant type */\n  grant_type: 'authorization_code' | 'refresh_token';\n  /** Redirect URI (required for authorization_code grant) */\n  redirect_uri?: string;\n  /** Refresh token (required for refresh_token grant) */\n  refresh_token?: string;\n  /** Space-separated list of scopes (optional for refresh) */\n  scope?: string;\n}\n\nexport interface TokenResponse {\n  /** Access token (JWT) */\n  access_token: string;\n  /** Access token expiration time in seconds */\n  expires_in: number;\n  /** Refresh token (for obtaining new access tokens) */\n  refresh_token: string;\n  /** Space-separated list of granted scopes */\n  scope?: string;\n  /** Token type */\n  token_type: string;\n}\n\nexport interface TransactionHistoryResponse {\n  items: {\n    amount: number;\n    createdAt: string;\n    environmentId: string;\n    id: string;\n    limitType: UsageLimitType;\n    resourceId: string;\n    resourceType: ResourceType;\n    tags: Record<string, unknown> | null;\n  }[];\n}\n\nexport interface UsageCheckBody {\n  amount: number;\n  limitType: UsageLimitType;\n  period: 'monthly' | 'yearly' | 'lifetime';\n  resourceId: string;\n  resourceType: ResourceType;\n}\n\nexport interface UsageConsumeBody {\n  amount: number;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags?: Record<string, unknown>;\n}\n\nexport interface UsageCreditBody {\n  amount: number;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags?: Record<string, unknown>;\n}\n\nexport interface UsageWalletResponse {\n  amount: number;\n  createdAt: string;\n  environmentId: string;\n  id: string;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags: Record<string, unknown> | null;\n}\n\nexport interface User {\n  avatarUrl: string | null;\n  createdAt: string;\n  email: string;\n  emailVerified: boolean;\n  firstName: string | null;\n  id: string;\n  lastLoginAt: string | null;\n  lastName: string | null;\n  lookupKey: string | null;\n  updatedAt: string;\n}\n\nexport interface UserCreateBody {\n  avatarUrl?: string;\n  email: string;\n  firstName?: string | null;\n  lastName?: string | null;\n  lookupKey: string;\n  newUser?: boolean | null;\n  password?: string | null;\n}\n\nexport interface UserList {\n  items: {\n    avatarUrl: string | null;\n    createdAt: string;\n    email: string;\n    emailVerified: boolean;\n    firstName: string | null;\n    id: string;\n    lastLoginAt: string | null;\n    lastName: string | null;\n    lookupKey: string | null;\n    updatedAt: string;\n  }[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport type UserResourceList = {\n  inherited: boolean;\n  resource: {\n    id: string;\n    name: string;\n    parents: { id: string; type: ResourceType }[];\n    type: ResourceType;\n  };\n  role: string;\n}[];\n\nexport interface UserUpdateBody {\n  avatarUrl?: string | null;\n  email?: string;\n  firstName?: string | null;\n  lastName?: string | null;\n  lookupKey?: string;\n  password?: string;\n}\n\n// Operation query parameter interfaces\n\n/**\n * Query params for AuthJwks.GetOAuthAppJwks*\n * Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/\nexport interface AuthJwksGetOAuthAppJwksQuery {\n  /** OAuth app client ID to get public keys for */\n  client_id?: string;\n}\n\n/**\n * Query params for Entitlements.ListForResource*\n * Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.*/\nexport interface EntitlementsListForResourceQuery {\n  /** The unique identifier of the user */\n  userId: string;\n}\n\n/**\n * Query params for Entitlements.ListForTenant*\n * Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).*/\nexport interface EntitlementsListForTenantQuery {\n  /** The unique identifier of the user */\n  userId: string;\n}\n\n/**\n * Query params for Oauth.CheckConsentRequired*\n * Checks if user consent is required for the OAuth2 app and requested scopes.*/\nexport interface OauthCheckConsentRequiredQuery {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** Redirect URI */\n  redirect_uri?: string;\n  /** Space-separated list of scopes */\n  scope?: string;\n}\n\n/**\n * Query params for Resource Members.List*\n * Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.*/\nexport interface ResourceMembersListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter members by email or name */\n  search?: string;\n}\n\n/**\n * Query params for Resources.List*\n * Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.*/\nexport interface ResourcesListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter resources by name */\n  search?: string;\n}\n\n/**\n * Query params for Roles.List*\n * Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.*/\nexport interface RolesListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Filter roles by specific resource ID */\n  resourceId?: string;\n  /** Filter roles by resource type */\n  resourceType?: ResourceType;\n  /** Filter by role name */\n  role?: string;\n}\n\n/**\n * Query params for Usage.GetBalance*\n * Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.*/\nexport interface UsageGetBalanceQuery {\n  /** Time period for the balance calculation */\n  period: 'monthly' | 'yearly' | 'lifetime';\n}\n\n/**\n * Query params for Usage.GetTransactionHistory*\n * Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.*/\nexport interface UsageGetTransactionHistoryQuery {\n  /** End date for filtering transactions (ISO 8601 format) */\n  endDate?: string;\n  /** Time period for filtering transactions */\n  period?: 'monthly' | 'yearly' | 'lifetime';\n  /** Start date for filtering transactions (ISO 8601 format) */\n  startDate?: string;\n}\n\n/**\n * Query params for Users.List*\n * Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.*/\nexport interface UsersListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter users by email, name, or lookup key */\n  search?: string;\n}\n","// Generated zod schemas from OpenAPI components.schemas\n// Use these schemas for runtime validation in forms, API requests, etc.\n\nimport { z } from 'zod';\n\n/**\n * Schema for EntitlementType\n * Entitlement identifier\n */\nexport const EntitlementTypeSchema = z.string();\n\n/**\n * Schema for PlanType\n * Plan type identifier\n */\nexport const PlanTypeSchema = z.string();\n\n/**\n * Schema for ResourceType\n * Resource type identifier\n */\nexport const ResourceTypeSchema = z.string();\n\n/**\n * Schema for UsageLimitType\n * Usage-based limit type identifier\n */\nexport const UsageLimitTypeSchema = z.string();\n\n/**\n * Zod schema for AuthorizeRequest\n */\nexport const AuthorizeRequestSchema = z.object({\n  /** Action to take: allow or deny */ action: z.enum(['allow', 'deny']),\n  /** True if consent was auto-approved (not required or previously granted) */ auto_approved: z\n    .boolean()\n    .optional(),\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code challenge */ code_challenge: z.string().optional(),\n  /** PKCE code challenge method */ code_challenge_method: z.string().optional(),\n  /** Redirect URI */ redirect_uri: z.string(),\n  /** Response type (typically \"code\") */ response_type: z.string(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n  /** State parameter for CSRF protection */ state: z.string().optional(),\n  /** True if user explicitly clicked Allow, false if auto-approved */ user_action: z\n    .boolean()\n    .optional(),\n});\n\n/**\n * Zod schema for BalanceResponse\n */\nexport const BalanceResponseSchema = z.object({ balance: z.number() });\n\n/**\n * Zod schema for CheckLimitResponse\n */\nexport const CheckLimitResponseSchema = z.object({\n  allowed: z.boolean(),\n  current: z.number(),\n  remaining: z.number().optional(),\n  requested: z.number(),\n});\n\n/**\n * Zod schema for ConsentCheckResponse\n */\nexport const ConsentCheckResponseSchema = z.object({\n  /** Whether user consent is required */ consent_required: z.boolean(),\n  /** Whether consent was previously granted for this app and scopes */ previously_granted:\n    z.boolean(),\n});\n\n/**\n * Zod schema for DeviceAuthorizeRequest\n */\nexport const DeviceAuthorizeRequestSchema = z.object({\n  /** Action to take: allow or deny */ action: z.enum(['allow', 'deny']),\n  /** True if consent was auto-approved (not required or previously granted) */ auto_approved: z\n    .boolean()\n    .optional(),\n  /** True if user explicitly clicked Allow, false if auto-approved */ user_action: z\n    .boolean()\n    .optional(),\n  /** The user code displayed to the user */ user_code: z.string(),\n});\n\n/**\n * Zod schema for DeviceAuthorizeResponse\n */\nexport const DeviceAuthorizeResponseSchema = z.object({\n  /** Whether the authorization was successful */ success: z.boolean(),\n});\n\n/**\n * Zod schema for DeviceCodeInfoResponse\n */\nexport const DeviceCodeInfoResponseSchema = z.object({\n  /** The name of the OAuth2 application */ appName: z.string(),\n  /** Whether the user has already granted consent for this app and scopes */ previouslyGranted:\n    z.boolean(),\n  /** Whether the app requires user consent */ requireConsent: z.boolean(),\n  /** The scopes requested by the device code */ scopes: z.string().array(),\n});\n\n/**\n * Zod schema for DeviceCodeRequest\n */\nexport const DeviceCodeRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code challenge (base64url encoded SHA256 hash) */ code_challenge: z.string().optional(),\n  /** PKCE code challenge method */ code_challenge_method: z.enum(['S256', 'plain']).optional(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n});\n\n/**\n * Zod schema for DeviceCodeResponse\n */\nexport const DeviceCodeResponseSchema = z.object({\n  /** Device verification code (for polling) */ device_code: z.string(),\n  /** Device code expiration time in seconds */ expires_in: z.number(),\n  /** Minimum polling interval in seconds */ interval: z.number(),\n  /** User verification code (short, human-readable) */ user_code: z.string(),\n  /** Verification URI for user */ verification_uri: z.string(),\n  /** Complete verification URI with user code */ verification_uri_complete: z.string(),\n});\n\n/**\n * Zod schema for DeviceTokenRequest\n */\nexport const DeviceTokenRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code verifier (if challenge was provided) */ code_verifier: z.string().optional(),\n  /** Device code from authorization response */ device_code: z.string(),\n  /** Grant type (must be device_code) */ grant_type: z.enum([\n    'urn:ietf:params:oauth:grant-type:device_code',\n  ]),\n});\n\n/**\n * Zod schema for IntrospectionRequest\n */\nexport const IntrospectionRequestSchema = z.object({\n  /** The token to introspect */ token: z.string(),\n  /** Hint about token type */ token_type_hint: z\n    .enum(['access_token', 'refresh_token'])\n    .optional(),\n});\n\n/**\n * Zod schema for IntrospectionResponse\n */\nexport const IntrospectionResponseSchema = z.object({\n  /** Whether the token is active */ active: z.boolean(),\n  /** Client ID */ client_id: z.string().optional(),\n  /** Environment ID */ environment_id: z.string().optional(),\n  /** Token expiration timestamp */ exp: z.number().optional(),\n  /** Token issued at timestamp */ iat: z.number().optional(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n  /** Subject (user ID) */ sub: z.string().optional(),\n  /** Token type */ token_type: z.string().optional(),\n  /** Username or user ID */ username: z.string().optional(),\n});\n\n/**\n * Zod schema for JWK\n */\nexport const JWKSchema = z.object({\n  keys: z\n    .object({\n      alg: z.string(),\n      e: z.string(),\n      kid: z.string(),\n      kty: z.string(),\n      n: z.string(),\n      use: z.string(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for PlanDeleteResponse\n */\nexport const PlanDeleteResponseSchema = z.object({ success: z.boolean() });\n\n/**\n * Zod schema for ResourceMemberList\n */\nexport const ResourceMemberListSchema = z.object({\n  items: z\n    .object({\n      inherited: z.boolean(),\n      role: z.string(),\n      user: z.object({\n        avatarUrl: z.string().nullable(),\n        createdAt: z.iso.datetime(),\n        email: z.email(),\n        emailVerified: z.boolean(),\n        firstName: z.string().nullable(),\n        id: z.string(),\n        lastLoginAt: z.iso.datetime().nullable(),\n        lastName: z.string().nullable(),\n        lookupKey: z.string().nullable(),\n        updatedAt: z.iso.datetime(),\n      }),\n      userId: z.string(),\n    })\n    .array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for RevocationRequest\n */\nexport const RevocationRequestSchema = z.object({\n  /** The token to revoke */ token: z.string(),\n  /** Hint about token type */ token_type_hint: z\n    .enum(['access_token', 'refresh_token'])\n    .optional(),\n});\n\n/**\n * Zod schema for TokenRequest\n */\nexport const TokenRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** OAuth2 client secret (required for confidential clients) */ client_secret: z\n    .string()\n    .optional(),\n  /** Authorization code (required for authorization_code grant) */ code: z.string().optional(),\n  /** PKCE code verifier (if challenge was provided) */ code_verifier: z.string().optional(),\n  /** OAuth2 grant type */ grant_type: z.enum(['authorization_code', 'refresh_token']),\n  /** Redirect URI (required for authorization_code grant) */ redirect_uri: z.string().optional(),\n  /** Refresh token (required for refresh_token grant) */ refresh_token: z.string().optional(),\n  /** Space-separated list of scopes (optional for refresh) */ scope: z.string().optional(),\n});\n\n/**\n * Zod schema for TokenResponse\n */\nexport const TokenResponseSchema = z.object({\n  /** Access token (JWT) */ access_token: z.string(),\n  /** Access token expiration time in seconds */ expires_in: z.number(),\n  /** Refresh token (for obtaining new access tokens) */ refresh_token: z.string(),\n  /** Space-separated list of granted scopes */ scope: z.string().optional(),\n  /** Token type */ token_type: z.string(),\n});\n\n/**\n * Zod schema for User\n */\nexport const UserSchema = z.object({\n  avatarUrl: z.string().nullable(),\n  createdAt: z.iso.datetime(),\n  email: z.email(),\n  emailVerified: z.boolean(),\n  firstName: z.string().nullable(),\n  id: z.string(),\n  lastLoginAt: z.iso.datetime().nullable(),\n  lastName: z.string().nullable(),\n  lookupKey: z.string().nullable(),\n  updatedAt: z.iso.datetime(),\n});\n\n/**\n * Zod schema for UserCreateBody\n */\nexport const UserCreateBodySchema = z.object({\n  avatarUrl: z.url().optional(),\n  email: z.email(),\n  firstName: z.string().nullable().optional(),\n  lastName: z.string().nullable().optional(),\n  lookupKey: z.string(),\n  newUser: z.boolean().nullable().optional(),\n  password: z.string().nullable().optional(),\n});\n\n/**\n * Zod schema for UserList\n */\nexport const UserListSchema = z.object({\n  items: z\n    .object({\n      avatarUrl: z.string().nullable(),\n      createdAt: z.iso.datetime(),\n      email: z.email(),\n      emailVerified: z.boolean(),\n      firstName: z.string().nullable(),\n      id: z.string(),\n      lastLoginAt: z.iso.datetime().nullable(),\n      lastName: z.string().nullable(),\n      lookupKey: z.string().nullable(),\n      updatedAt: z.iso.datetime(),\n    })\n    .array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for UserUpdateBody\n */\nexport const UserUpdateBodySchema = z.object({\n  avatarUrl: z.url().nullable().optional(),\n  email: z.email().optional(),\n  firstName: z.string().nullable().optional(),\n  lastName: z.string().nullable().optional(),\n  lookupKey: z.string().optional(),\n  password: z.string().optional(),\n});\n\n/**\n * Zod schema for EntitlementCheckBody\n */\nexport const EntitlementCheckBodySchema = z.object({\n  amount: z.number().int().optional(),\n  entitlement: EntitlementTypeSchema,\n  resourceId: z.string(),\n  userId: z.string(),\n});\n\n/**\n * Zod schema for EntitlementCheckResult\n */\nexport const EntitlementCheckResultSchema = z.object({\n  allowed: z.boolean(),\n  limit: z\n    .object({\n      allowed: z.boolean(),\n      current: z.number().optional(),\n      limit: z.number().optional(),\n      plan: PlanTypeSchema.optional(),\n      reason: z.string().optional(),\n      remaining: z.number().optional(),\n      scope: z.string().optional(),\n    })\n    .nullable()\n    .optional(),\n  plans: z\n    .object({\n      allowed: z.boolean(),\n      allowedPlans: PlanTypeSchema.array().optional(),\n      plan: PlanTypeSchema.optional(),\n      reason: z.string().optional(),\n    })\n    .nullable()\n    .optional(),\n  roles: z\n    .object({\n      allowed: z.boolean(),\n      allowedRoles: z.string().array().optional(),\n      reason: z.string().optional(),\n      userRoles: z.string().array().optional(),\n    })\n    .nullable()\n    .optional(),\n});\n\n/**\n * Zod schema for PlanAssignBody\n */\nexport const PlanAssignBodySchema = z.object({ planKey: PlanTypeSchema });\n\n/**\n * Zod schema for EntitlementsListResult\n */\nexport const EntitlementsListResultSchema = z.object({\n  results: z\n    .object({\n      entitlements: z\n        .object({\n          allowed: z.boolean(),\n          allowedByPlan: z.boolean(),\n          allowedByRole: z.boolean(),\n          allowedPlans: PlanTypeSchema.array().optional(),\n          allowedRoles: z.string().array(),\n          currentPlan: PlanTypeSchema.optional(),\n          currentRole: z.string().optional(),\n          entitlement: EntitlementTypeSchema,\n        })\n        .array(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n    })\n    .array(),\n});\n\n/**\n * Zod schema for PlanResponse\n */\nexport const PlanResponseSchema = z.object({\n  createdAt: z.iso.datetime(),\n  environmentId: z.string(),\n  planKey: PlanTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  updatedAt: z.iso.datetime(),\n});\n\n/**\n * Zod schema for Resource\n */\nexport const ResourceSchema = z.object({\n  createdAt: z.iso.datetime(),\n  id: z.string(),\n  name: z.string().nullable(),\n  parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n  type: ResourceTypeSchema,\n});\n\n/**\n * Zod schema for ResourceBulkCreateBody\n */\nexport const ResourceBulkCreateBodySchema = z.object({\n  resources: z\n    .object({\n      id: z.string().optional(),\n      name: z.string().optional(),\n      parents: z\n        .object({\n          id: z.string(),\n          type: ResourceTypeSchema,\n        })\n        .array()\n        .optional(),\n      roles: z\n        .object({\n          role: z.string(),\n          userId: z.string(),\n        })\n        .array()\n        .optional(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for ResourceBulkResult\n */\nexport const ResourceBulkResultSchema = z.object({\n  created: z\n    .object({\n      environmentId: z.string(),\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array(),\n  errors: z\n    .object({\n      error: z.string(),\n      index: z.number(),\n      resource: z.object({\n        id: z.string().optional(),\n        name: z.string().optional(),\n        parents: z\n          .object({\n            id: z.string(),\n            type: ResourceTypeSchema,\n          })\n          .array()\n          .optional(),\n        roles: z\n          .object({\n            role: z.string(),\n            userId: z.string(),\n          })\n          .array()\n          .optional(),\n      }),\n    })\n    .array(),\n  success: z.boolean(),\n  summary: z.object({\n    failed: z.number(),\n    successful: z.number(),\n    total: z.number(),\n  }),\n});\n\n/**\n * Zod schema for ResourceCreateBody\n */\nexport const ResourceCreateBodySchema = z.object({\n  id: z.string().optional(),\n  name: z.string().optional(),\n  parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n  roles: z\n    .object({\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array()\n    .optional(),\n});\n\n/**\n * Zod schema for ResourceUpdateBody\n */\nexport const ResourceUpdateBodySchema = z.object({\n  name: z.string().optional(),\n  /** Creates relationships with other resources. Parent resources must already exist. */ parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n});\n\n/**\n * Zod schema for Role\n */\nexport const RoleSchema = z.object({\n  createdAt: z.string(),\n  environmentId: z.string(),\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  role: z.string(),\n  userId: z.string(),\n});\n\n/**\n * Zod schema for RoleBulkCreateBody\n */\nexport const RoleBulkCreateBodySchema = z.object({\n  roles: z\n    .object({\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for RoleBulkResult\n */\nexport const RoleBulkResultSchema = z.object({\n  created: z\n    .object({\n      createdAt: z.string(),\n      environmentId: z.string(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n  errors: z\n    .object({\n      error: z.string(),\n      index: z.number(),\n      role: z.object({\n        resourceId: z.string(),\n        resourceType: ResourceTypeSchema,\n        role: z.string(),\n        userId: z.string(),\n      }),\n    })\n    .array(),\n  success: z.boolean(),\n  summary: z.object({\n    failed: z.number(),\n    successful: z.number(),\n    total: z.number(),\n  }),\n});\n\n/**\n * Zod schema for RoleCreateBody\n */\nexport const RoleCreateBodySchema = z.object({\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  role: z.string(),\n});\n\n/**\n * Zod schema for RoleList\n */\nexport const RoleListSchema = z.object({\n  limit: z.number(),\n  page: z.number(),\n  roles: z\n    .object({\n      createdAt: z.string(),\n      environmentId: z.string(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for UserResourceList\n */\nexport const UserResourceListSchema = z.array(\n  z.object({\n    inherited: z.boolean(),\n    resource: z\n      .object({\n        id: z.string(),\n        name: z.string(),\n        parents: z\n          .object({\n            id: z.string(),\n            type: ResourceTypeSchema,\n          })\n          .array(),\n        type: ResourceTypeSchema,\n      })\n      .catchall(z.unknown()),\n    role: z.string(),\n  })\n);\n\n/**\n * Zod schema for TransactionHistoryResponse\n */\nexport const TransactionHistoryResponseSchema = z.object({\n  items: z\n    .object({\n      amount: z.number().int(),\n      createdAt: z.iso.datetime(),\n      environmentId: z.string(),\n      id: z.string(),\n      limitType: UsageLimitTypeSchema,\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      tags: z.record(z.string(), z.unknown()).nullable(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for UsageCheckBody\n */\nexport const UsageCheckBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  period: z.enum(['monthly', 'yearly', 'lifetime']),\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n});\n\n/**\n * Zod schema for UsageConsumeBody\n */\nexport const UsageConsumeBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Zod schema for UsageCreditBody\n */\nexport const UsageCreditBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Zod schema for UsageWalletResponse\n */\nexport const UsageWalletResponseSchema = z.object({\n  amount: z.number().int(),\n  createdAt: z.iso.datetime(),\n  environmentId: z.string(),\n  id: z.string(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).nullable(),\n});\n\n/**\n * Zod schema for ResourceList\n */\nexport const ResourceListSchema = z.object({\n  items: ResourceSchema.array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n// Operation query parameter schemas\n\n/**\n * Schema for query params of AuthJwks.GetOAuthAppJwks\n * Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.\n */\nexport const AuthJwksGetOAuthAppJwksQuerySchema = z.object({\n  /** OAuth app client ID to get public keys for */\n  client_id: z.string().optional(),\n});\n\n/**\n * Schema for query params of Entitlements.ListForResource\n * Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.\n */\nexport const EntitlementsListForResourceQuerySchema = z.object({\n  /** The unique identifier of the user */\n  userId: z.string(),\n});\n\n/**\n * Schema for query params of Entitlements.ListForTenant\n * Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).\n */\nexport const EntitlementsListForTenantQuerySchema = z.object({\n  /** The unique identifier of the user */\n  userId: z.string(),\n});\n\n/**\n * Schema for query params of Oauth.CheckConsentRequired\n * Checks if user consent is required for the OAuth2 app and requested scopes.\n */\nexport const OauthCheckConsentRequiredQuerySchema = z.object({\n  /** OAuth2 client ID */\n  client_id: z.string(),\n  /** Redirect URI */\n  redirect_uri: z.string().optional(),\n  /** Space-separated list of scopes */\n  scope: z.string().optional(),\n});\n\n/**\n * Schema for query params of Resource Members.List\n * Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.\n */\nexport const ResourceMembersListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter members by email or name */\n  search: z.string().optional(),\n});\n\n/**\n * Schema for query params of Resources.List\n * Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.\n */\nexport const ResourcesListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter resources by name */\n  search: z.string().optional(),\n});\n\n/**\n * Schema for query params of Roles.List\n * Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.\n */\nexport const RolesListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Filter roles by specific resource ID */\n  resourceId: z.string().optional(),\n  /** Filter roles by resource type */\n  resourceType: ResourceTypeSchema.optional(),\n  /** Filter by role name */\n  role: z.string().optional(),\n});\n\n/**\n * Schema for query params of Usage.GetBalance\n * Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.\n */\nexport const UsageGetBalanceQuerySchema = z.object({\n  /** Time period for the balance calculation */\n  period: z.enum(['monthly', 'yearly', 'lifetime']),\n});\n\n/**\n * Schema for query params of Usage.GetTransactionHistory\n * Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.\n */\nexport const UsageGetTransactionHistoryQuerySchema = z.object({\n  /** End date for filtering transactions (ISO 8601 format) */\n  endDate: z.string().optional(),\n  /** Time period for filtering transactions */\n  period: z.enum(['monthly', 'yearly', 'lifetime']).optional(),\n  /** Start date for filtering transactions (ISO 8601 format) */\n  startDate: z.string().optional(),\n});\n\n/**\n * Schema for query params of Users.List\n * Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.\n */\nexport const UsersListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter users by email, name, or lookup key */\n  search: z.string().optional(),\n});\n","import * as crypto from 'crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { FetchClient } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport type * as Schema from './schema';\n\n/** Single JWK (element of a JWK Set's keys array). */\nexport type JWK = Schema.JWK['keys'][number];\n/** JWK Set as returned by Blimu auth JWKS endpoints. */\nexport type JWKSet = Schema.JWK;\n\ninterface CachedJWK {\n  key: crypto.KeyObject;\n  kid: string;\n  expiresAt: number;\n}\n\nexport interface VerifyTokenOptions {\n  /** API key/secret key – uses runtimeApiUrl + environment JWKS (authenticated). For environment/session tokens. */\n  secretKey?: string;\n  /** OAuth app client_id – uses runtimeApiUrl + public OAuth JWKS (no auth). For validating tokens issued by your OAuth2 apps. */\n  clientId?: string;\n  token: string;\n  /** Optional override for runtime API URL */\n  runtimeApiUrl?: string | undefined;\n}\n\nexport interface TokenVerifierOptions {\n  runtimeApiUrl?: string | undefined;\n  cacheTTL?: number | undefined; // Default: 1 hour\n}\n\nexport class TokenVerifier {\n  private readonly cache = new Map<string, CachedJWK>();\n  private readonly cacheTTL: number;\n  private readonly baseURL: string;\n\n  constructor(options?: TokenVerifierOptions) {\n    this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1000; // 1 hour\n    this.baseURL = options?.runtimeApiUrl ?? 'https://api.blimu.dev';\n  }\n\n  /**\n   * Convert JWK to KeyObject\n   */\n  private jwkToKeyObject(jwk: JWK): crypto.KeyObject {\n    return crypto.createPublicKey({\n      key: {\n        kty: jwk.kty,\n        n: jwk.n,\n        e: jwk.e,\n        alg: jwk.alg,\n      },\n      format: 'jwk',\n    });\n  }\n\n  /**\n   * Get public key for a specific key ID\n   */\n  private async getPublicKey(\n    kid: string,\n    cacheKey: string,\n    fetchJwks: () => Promise<JWKSet>\n  ): Promise<crypto.KeyObject> {\n    const cached = this.cache.get(cacheKey);\n    if (cached && cached.expiresAt > Date.now()) {\n      return cached.key;\n    }\n\n    const jwkSet = await fetchJwks();\n\n    // Find the key with matching kid\n    const jwk = jwkSet.keys.find((k) => k.kid === kid);\n    if (!jwk) {\n      const availableKids = jwkSet.keys.map((k) => k.kid).join(', ');\n      throw new Error(\n        `Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`\n      );\n    }\n\n    // Convert JWK to KeyObject\n    const keyObject = this.jwkToKeyObject(jwk);\n\n    // Cache the key\n    this.cache.set(cacheKey, {\n      key: keyObject,\n      kid,\n      expiresAt: Date.now() + this.cacheTTL,\n    });\n\n    return keyObject;\n  }\n\n  /**\n   * Verify JWT token using JWKs from Blimu runtime API.\n   * Supports: environment/session tokens (secretKey) or OAuth app tokens (clientId).\n   */\n  async verifyToken<T = unknown>(options: VerifyTokenOptions): Promise<T> {\n    const { secretKey, clientId, token, runtimeApiUrl } = options;\n\n    const provided = [secretKey, clientId].filter(Boolean);\n    if (provided.length !== 1) {\n      throw new Error(\n        'Exactly one of secretKey or clientId must be provided. ' +\n          'Use secretKey for environment/session tokens, clientId for OAuth app access tokens.'\n      );\n    }\n\n    // Decode token header to get kid (without verification)\n    const decoded = jwt.decode(token, { complete: true });\n    if (!decoded || typeof decoded === 'string') {\n      throw new Error('Invalid token format');\n    }\n\n    const header = decoded.header;\n    if (!header.kid) {\n      throw new Error('Token missing kid in header');\n    }\n\n    const baseURL = runtimeApiUrl ?? this.baseURL;\n    let cacheKey: string;\n    let fetchJwks: () => Promise<JWKSet>;\n\n    if (secretKey) {\n      cacheKey = secretKey;\n      const core = new FetchClient({\n        baseURL,\n        authStrategies: buildAuthStrategies({ apiKey: secretKey, baseURL }),\n      });\n      const authJwks = new AuthJwksService(core);\n      fetchJwks = () => authJwks.getJwks();\n    } else {\n      cacheKey = `oauth:${clientId!}`;\n      const core = new FetchClient({ baseURL });\n      const authJwks = new AuthJwksService(core);\n      fetchJwks = () => authJwks.getOAuthAppJwks({ client_id: clientId! });\n    }\n\n    let publicKey: crypto.KeyObject;\n    try {\n      publicKey = await this.getPublicKey(header.kid, cacheKey, fetchJwks);\n    } catch {\n      this.clearCache(cacheKey);\n      publicKey = await this.getPublicKey(header.kid, cacheKey, fetchJwks);\n    }\n\n    return jwt.verify(token, publicKey, { algorithms: ['RS256'] }) as T;\n  }\n\n  /**\n   * Clear cache (useful for testing or key rotation)\n   */\n  clearCache(cacheKey?: string): void {\n    if (cacheKey) {\n      this.cache.delete(cacheKey);\n    } else {\n      this.cache.clear();\n    }\n  }\n}\n\n/**\n * Convenience function to verify a token (environment or OAuth app).\n */\nexport async function verifyToken<T = unknown>(options: VerifyTokenOptions): Promise<T> {\n  const verifier = new TokenVerifier();\n  return verifier.verifyToken<T>(options);\n}\n\nexport interface VerifyOAuthTokenOptions {\n  token: string;\n  clientId: string;\n  runtimeApiUrl?: string | undefined;\n}\n\n/**\n * Convenience function to verify an OAuth app access token using the app's client_id.\n * Fetches the public JWKS from the runtime API (no auth required).\n */\nexport async function verifyOAuthToken<T = unknown>(options: VerifyOAuthTokenOptions): Promise<T> {\n  return verifyToken<T>({\n    ...options,\n    clientId: options.clientId,\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAAwC;AACxC,IAAAA,gBAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACZO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,QAAQ,MAAkE;AACxE,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAgB,MAA+D;AAC7E,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,OACA,MACqB;AACrB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACzCO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AZ1EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,yBAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;;;ADlD1B,0BAAc,yBAVd;;;AcAA,IAAAC,gBAAkD;AAIlD,gBAAuB,SACrB,WAIA,eAA+B,CAAC,GAChC,WAAW,KACuB;AAClC,MAAI,SAAS,OAAO,aAAa,UAAU,CAAC;AAC5C,QAAM,QAAQ,OAAO,aAAa,SAAS,QAAQ;AAEnD,QAAM,YAA4B,EAAE,GAAG,aAAa;AACpD,SAAO,MAAM;AACX,UAAM,OAAO,MAAM,UAAU,EAAE,GAAG,WAAW,OAAO,OAAO,CAAC;AAC5D,UAAM,QAAQ,KAAK,QAAQ,CAAC;AAC5B,eAAW,QAAQ,OAAO;AACxB,YAAM;AAAA,IACR;AACA,QAAI,CAAC,KAAK,WAAW,MAAM,SAAS,MAAO;AAC3C,cAAU;AAAA,EACZ;AACF;AAEA,eAAsB,QACpB,WAIA,QAAwB,CAAC,GACzB,WAAW,KACG;AACd,QAAM,MAAW,CAAC;AAClB,mBAAiB,QAAQ,SAAY,WAAW,OAAO,QAAQ,EAAG,KAAI,KAAK,IAAI;AAC/E,SAAO;AACT;AAOO,SAAS,eAA6C,KAAW;AAGtE,SAAO,IAAI;AAAA,IACT,CAAC,SAAgD,SAAS;AAAA,EAC5D;AACF;;;ACnDA;;;ACAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAkB;AAMX,IAAM,wBAAwB,aAAE,OAAO;AAMvC,IAAM,iBAAiB,aAAE,OAAO;AAMhC,IAAM,qBAAqB,aAAE,OAAO;AAMpC,IAAM,uBAAuB,aAAE,OAAO;AAKtC,IAAM,yBAAyB,aAAE,OAAO;AAAA;AAAA,EACR,QAAQ,aAAE,KAAK,CAAC,SAAS,MAAM,CAAC;AAAA;AAAA,EACS,eAAe,aAC1F,QAAQ,EACR,SAAS;AAAA;AAAA,EACY,WAAW,aAAE,OAAO;AAAA;AAAA,EACjB,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC7B,uBAAuB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACzD,cAAc,aAAE,OAAO;AAAA;AAAA,EACH,eAAe,aAAE,OAAO;AAAA;AAAA,EAC1B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtB,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACD,aAAa,aAC/E,QAAQ,EACR,SAAS;AACd,CAAC;AAKM,IAAM,wBAAwB,aAAE,OAAO,EAAE,SAAS,aAAE,OAAO,EAAE,CAAC;AAK9D,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,EAClB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,OAAO;AACtB,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EACT,kBAAkB,aAAE,QAAQ;AAAA;AAAA,EACE,oBACpE,aAAE,QAAQ;AACd,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA;AAAA,EACd,QAAQ,aAAE,KAAK,CAAC,SAAS,MAAM,CAAC;AAAA;AAAA,EACS,eAAe,aAC1F,QAAQ,EACR,SAAS;AAAA;AAAA,EACyD,aAAa,aAC/E,QAAQ,EACR,SAAS;AAAA;AAAA,EAC+B,WAAW,aAAE,OAAO;AACjE,CAAC;AAKM,IAAM,gCAAgC,aAAE,OAAO;AAAA;AAAA,EACJ,SAAS,aAAE,QAAQ;AACrE,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA;AAAA,EACT,SAAS,aAAE,OAAO;AAAA;AAAA,EACgB,mBAC1E,aAAE,QAAQ;AAAA;AAAA,EACiC,gBAAgB,aAAE,QAAQ;AAAA;AAAA,EACxB,QAAQ,aAAE,OAAO,EAAE,MAAM;AAC1E,CAAC;AAKM,IAAM,0BAA0B,aAAE,OAAO;AAAA;AAAA,EACtB,WAAW,aAAE,OAAO;AAAA;AAAA,EACe,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC7D,uBAAuB,aAAE,KAAK,CAAC,QAAQ,OAAO,CAAC,EAAE,SAAS;AAAA;AAAA,EACtD,OAAO,aAAE,OAAO,EAAE,SAAS;AACnE,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EACD,aAAa,aAAE,OAAO;AAAA;AAAA,EACtB,YAAY,aAAE,OAAO;AAAA;AAAA,EACxB,UAAU,aAAE,OAAO;AAAA;AAAA,EACR,WAAW,aAAE,OAAO;AAAA;AAAA,EACzC,kBAAkB,aAAE,OAAO;AAAA;AAAA,EACZ,2BAA2B,aAAE,OAAO;AACtF,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EACvB,WAAW,aAAE,OAAO;AAAA;AAAA,EACU,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1C,aAAa,aAAE,OAAO;AAAA;AAAA,EAC7B,YAAY,aAAE,KAAK;AAAA,IACzD;AAAA,EACF,CAAC;AACH,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EAClB,OAAO,aAAE,OAAO;AAAA;AAAA,EAClB,iBAAiB,aAC3C,KAAK,CAAC,gBAAgB,eAAe,CAAC,EACtC,SAAS;AACd,CAAC;AAKM,IAAM,8BAA8B,aAAE,OAAO;AAAA;AAAA,EACf,QAAQ,aAAE,QAAQ;AAAA;AAAA,EACpC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1B,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACxB,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1B,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACpB,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACxC,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAChC,YAAY,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACvB,UAAU,aAAE,OAAO,EAAE,SAAS;AAC3D,CAAC;AAKM,IAAM,YAAY,aAAE,OAAO;AAAA,EAChC,MAAM,aACH,OAAO;AAAA,IACN,KAAK,aAAE,OAAO;AAAA,IACd,GAAG,aAAE,OAAO;AAAA,IACZ,KAAK,aAAE,OAAO;AAAA,IACd,KAAK,aAAE,OAAO;AAAA,IACd,GAAG,aAAE,OAAO;AAAA,IACZ,KAAK,aAAE,OAAO;AAAA,EAChB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO,EAAE,SAAS,aAAE,QAAQ,EAAE,CAAC;AAKlE,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,QAAQ;AAAA,IACrB,MAAM,aAAE,OAAO;AAAA,IACf,MAAM,aAAE,OAAO;AAAA,MACb,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,MAC1B,OAAO,aAAE,MAAM;AAAA,MACf,eAAe,aAAE,QAAQ;AAAA,MACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,IAAI,aAAE,OAAO;AAAA,MACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,MACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,0BAA0B,aAAE,OAAO;AAAA;AAAA,EACnB,OAAO,aAAE,OAAO;AAAA;AAAA,EACd,iBAAiB,aAC3C,KAAK,CAAC,gBAAgB,eAAe,CAAC,EACtC,SAAS;AACd,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA;AAAA,EACjB,WAAW,aAAE,OAAO;AAAA;AAAA,EACoB,eAAe,aAC5E,OAAO,EACP,SAAS;AAAA;AAAA,EACsD,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtC,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAChE,YAAY,aAAE,KAAK,CAAC,sBAAsB,eAAe,CAAC;AAAA;AAAA,EACvB,cAAc,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtC,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC9B,OAAO,aAAE,OAAO,EAAE,SAAS;AAC1F,CAAC;AAKM,IAAM,sBAAsB,aAAE,OAAO;AAAA;AAAA,EAChB,cAAc,aAAE,OAAO;AAAA;AAAA,EACF,YAAY,aAAE,OAAO;AAAA;AAAA,EACb,eAAe,aAAE,OAAO;AAAA;AAAA,EACjC,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACvD,YAAY,aAAE,OAAO;AACzC,CAAC;AAKM,IAAM,aAAa,aAAE,OAAO;AAAA,EACjC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,OAAO,aAAE,MAAM;AAAA,EACf,eAAe,aAAE,QAAQ;AAAA,EACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,IAAI,aAAE,OAAO;AAAA,EACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,EACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,IAAI,SAAS;AAC5B,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,WAAW,aAAE,IAAI,EAAE,SAAS;AAAA,EAC5B,OAAO,aAAE,MAAM;AAAA,EACf,WAAW,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,aAAE,OAAO;AAAA,EACpB,SAAS,aAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC3C,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,IAC1B,OAAO,aAAE,MAAM;AAAA,IACf,eAAe,aAAE,QAAQ;AAAA,IACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,IAAI,aAAE,OAAO;AAAA,IACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,IACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,IAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,EAC5B,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,WAAW,aAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACvC,OAAO,aAAE,MAAM,EAAE,SAAS;AAAA,EAC1B,WAAW,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,aAAE,OAAO,EAAE,SAAS;AAChC,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA,EACjD,QAAQ,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,aAAa;AAAA,EACb,YAAY,aAAE,OAAO;AAAA,EACrB,QAAQ,aAAE,OAAO;AACnB,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,SAAS,aAAE,QAAQ;AAAA,EACnB,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,eAAe,SAAS;AAAA,IAC9B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC,EACA,SAAS,EACT,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,cAAc,eAAe,MAAM,EAAE,SAAS;AAAA,IAC9C,MAAM,eAAe,SAAS;AAAA,IAC9B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,CAAC,EACA,SAAS,EACT,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,cAAc,aAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,IAC1C,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,WAAW,aAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACzC,CAAC,EACA,SAAS,EACT,SAAS;AACd,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO,EAAE,SAAS,eAAe,CAAC;AAKjE,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,SAAS,aACN,OAAO;AAAA,IACN,cAAc,aACX,OAAO;AAAA,MACN,SAAS,aAAE,QAAQ;AAAA,MACnB,eAAe,aAAE,QAAQ;AAAA,MACzB,eAAe,aAAE,QAAQ;AAAA,MACzB,cAAc,eAAe,MAAM,EAAE,SAAS;AAAA,MAC9C,cAAc,aAAE,OAAO,EAAE,MAAM;AAAA,MAC/B,aAAa,eAAe,SAAS;AAAA,MACrC,aAAa,aAAE,OAAO,EAAE,SAAS;AAAA,MACjC,aAAa;AAAA,IACf,CAAC,EACA,MAAM;AAAA,IACT,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,EAChB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA,EACzC,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,eAAe,aAAE,OAAO;AAAA,EACxB,SAAS;AAAA,EACT,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,WAAW,aAAE,IAAI,SAAS;AAC5B,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,IAAI,aAAE,OAAO;AAAA,EACb,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,SAAS,aACN,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACZ,MAAM;AACR,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,WAAW,aACR,OAAO;AAAA,IACN,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,IACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,IAC1B,SAAS,aACN,OAAO;AAAA,MACN,IAAI,aAAE,OAAO;AAAA,MACb,MAAM;AAAA,IACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,IACZ,OAAO,aACJ,OAAO;AAAA,MACN,MAAM,aAAE,OAAO;AAAA,MACf,QAAQ,aAAE,OAAO;AAAA,IACnB,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACd,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,SAAS,aACN,OAAO;AAAA,IACN,eAAe,aAAE,OAAO;AAAA,IACxB,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM;AAAA,EACT,QAAQ,aACL,OAAO;AAAA,IACN,OAAO,aAAE,OAAO;AAAA,IAChB,OAAO,aAAE,OAAO;AAAA,IAChB,UAAU,aAAE,OAAO;AAAA,MACjB,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,MACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,SAAS,aACN,OAAO;AAAA,QACN,IAAI,aAAE,OAAO;AAAA,QACb,MAAM;AAAA,MACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,MACZ,OAAO,aACJ,OAAO;AAAA,QACN,MAAM,aAAE,OAAO;AAAA,QACf,QAAQ,aAAE,OAAO;AAAA,MACnB,CAAC,EACA,MAAM,EACN,SAAS;AAAA,IACd,CAAC;AAAA,EACH,CAAC,EACA,MAAM;AAAA,EACT,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,IAChB,QAAQ,aAAE,OAAO;AAAA,IACjB,YAAY,aAAE,OAAO;AAAA,IACrB,OAAO,aAAE,OAAO;AAAA,EAClB,CAAC;AACH,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,EACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,SAAS,aACN,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM,EACN,SAAS;AACd,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC8D,SAAS,aAC9F,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AACd,CAAC;AAKM,IAAM,aAAa,aAAE,OAAO;AAAA,EACjC,WAAW,aAAE,OAAO;AAAA,EACpB,eAAe,aAAE,OAAO;AAAA,EACxB,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO;AAAA,EACf,QAAQ,aAAE,OAAO;AACnB,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,OAAO,aACJ,OAAO;AAAA,IACN,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,SAAS,aACN,OAAO;AAAA,IACN,WAAW,aAAE,OAAO;AAAA,IACpB,eAAe,aAAE,OAAO;AAAA,IACxB,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,QAAQ,aACL,OAAO;AAAA,IACN,OAAO,aAAE,OAAO;AAAA,IAChB,OAAO,aAAE,OAAO;AAAA,IAChB,MAAM,aAAE,OAAO;AAAA,MACb,YAAY,aAAE,OAAO;AAAA,MACrB,cAAc;AAAA,MACd,MAAM,aAAE,OAAO;AAAA,MACf,QAAQ,aAAE,OAAO;AAAA,IACnB,CAAC;AAAA,EACH,CAAC,EACA,MAAM;AAAA,EACT,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,IAChB,QAAQ,aAAE,OAAO;AAAA,IACjB,YAAY,aAAE,OAAO;AAAA,IACrB,OAAO,aAAE,OAAO;AAAA,EAClB,CAAC;AACH,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO;AACjB,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,OAAO;AAAA,IACpB,eAAe,aAAE,OAAO;AAAA,IACxB,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,yBAAyB,aAAE;AAAA,EACtC,aAAE,OAAO;AAAA,IACP,WAAW,aAAE,QAAQ;AAAA,IACrB,UAAU,aACP,OAAO;AAAA,MACN,IAAI,aAAE,OAAO;AAAA,MACb,MAAM,aAAE,OAAO;AAAA,MACf,SAAS,aACN,OAAO;AAAA,QACN,IAAI,aAAE,OAAO;AAAA,QACb,MAAM;AAAA,MACR,CAAC,EACA,MAAM;AAAA,MACT,MAAM;AAAA,IACR,CAAC,EACA,SAAS,aAAE,QAAQ,CAAC;AAAA,IACvB,MAAM,aAAE,OAAO;AAAA,EACjB,CAAC;AACH;AAKO,IAAM,mCAAmC,aAAE,OAAO;AAAA,EACvD,OAAO,aACJ,OAAO;AAAA,IACN,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,IACvB,WAAW,aAAE,IAAI,SAAS;AAAA,IAC1B,eAAe,aAAE,OAAO;AAAA,IACxB,IAAI,aAAE,OAAO;AAAA,IACb,WAAW;AAAA,IACX,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AAAA,EACnD,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC;AAAA,EAChD,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAChB,CAAC;AAKM,IAAM,yBAAyB,aAAE,OAAO;AAAA,EAC7C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,wBAAwB,aAAE,OAAO;AAAA,EAC5C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,4BAA4B,aAAE,OAAO;AAAA,EAChD,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,eAAe,aAAE,OAAO;AAAA,EACxB,IAAI,aAAE,OAAO;AAAA,EACb,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA,EACzC,OAAO,eAAe,MAAM;AAAA,EAC5B,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAQM,IAAM,qCAAqC,aAAE,OAAO;AAAA;AAAA,EAEzD,WAAW,aAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAMM,IAAM,yCAAyC,aAAE,OAAO;AAAA;AAAA,EAE7D,QAAQ,aAAE,OAAO;AACnB,CAAC;AAMM,IAAM,uCAAuC,aAAE,OAAO;AAAA;AAAA,EAE3D,QAAQ,aAAE,OAAO;AACnB,CAAC;AAMM,IAAM,uCAAuC,aAAE,OAAO;AAAA;AAAA,EAE3D,WAAW,aAAE,OAAO;AAAA;AAAA,EAEpB,cAAc,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAElC,OAAO,aAAE,OAAO,EAAE,SAAS;AAC7B,CAAC;AAMM,IAAM,iCAAiC,aAAE,OAAO;AAAA;AAAA,EAErD,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAMM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EAE/C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAMM,IAAM,uBAAuB,aAAE,OAAO;AAAA;AAAA,EAE3C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,YAAY,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAEhC,cAAc,mBAAmB,SAAS;AAAA;AAAA,EAE1C,MAAM,aAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAMM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EAEjD,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC;AAClD,CAAC;AAMM,IAAM,wCAAwC,aAAE,OAAO;AAAA;AAAA,EAE5D,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE7B,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC,EAAE,SAAS;AAAA;AAAA,EAE3D,WAAW,aAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAMM,IAAM,uBAAuB,aAAE,OAAO;AAAA;AAAA,EAE3C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;;;AC5zBD,aAAwB;AACxB,UAAqB;AACrB,IAAAC,gBAA4B;AA+BrB,IAAM,gBAAN,MAAoB;AAAA,EACR,QAAQ,oBAAI,IAAuB;AAAA,EACnC;AAAA,EACA;AAAA,EAEjB,YAAY,SAAgC;AAC1C,SAAK,WAAW,SAAS,YAAY,KAAK,KAAK;AAC/C,SAAK,UAAU,SAAS,iBAAiB;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,KAA4B;AACjD,WAAc,uBAAgB;AAAA,MAC5B,KAAK;AAAA,QACH,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,QACP,GAAG,IAAI;AAAA,QACP,KAAK,IAAI;AAAA,MACX;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aACZ,KACA,UACA,WAC2B;AAC3B,UAAM,SAAS,KAAK,MAAM,IAAI,QAAQ;AACtC,QAAI,UAAU,OAAO,YAAY,KAAK,IAAI,GAAG;AAC3C,aAAO,OAAO;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,UAAU;AAG/B,UAAM,MAAM,OAAO,KAAK,KAAK,CAAC,MAAM,EAAE,QAAQ,GAAG;AACjD,QAAI,CAAC,KAAK;AACR,YAAM,gBAAgB,OAAO,KAAK,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,IAAI;AAC7D,YAAM,IAAI;AAAA,QACR,iBAAiB,GAAG,2CAA2C,aAAa;AAAA,MAC9E;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,eAAe,GAAG;AAGzC,SAAK,MAAM,IAAI,UAAU;AAAA,MACvB,KAAK;AAAA,MACL;AAAA,MACA,WAAW,KAAK,IAAI,IAAI,KAAK;AAAA,IAC/B,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAyB,SAAyC;AACtE,UAAM,EAAE,WAAW,UAAU,OAAO,cAAc,IAAI;AAEtD,UAAM,WAAW,CAAC,WAAW,QAAQ,EAAE,OAAO,OAAO;AACrD,QAAI,SAAS,WAAW,GAAG;AACzB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAGA,UAAM,UAAc,WAAO,OAAO,EAAE,UAAU,KAAK,CAAC;AACpD,QAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,UAAM,SAAS,QAAQ;AACvB,QAAI,CAAC,OAAO,KAAK;AACf,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,UAAU,iBAAiB,KAAK;AACtC,QAAI;AACJ,QAAI;AAEJ,QAAI,WAAW;AACb,iBAAW;AACX,YAAM,OAAO,IAAI,0BAAY;AAAA,QAC3B;AAAA,QACA,gBAAgB,oBAAoB,EAAE,QAAQ,WAAW,QAAQ,CAAC;AAAA,MACpE,CAAC;AACD,YAAM,WAAW,IAAI,gBAAgB,IAAI;AACzC,kBAAY,MAAM,SAAS,QAAQ;AAAA,IACrC,OAAO;AACL,iBAAW,SAAS,QAAS;AAC7B,YAAM,OAAO,IAAI,0BAAY,EAAE,QAAQ,CAAC;AACxC,YAAM,WAAW,IAAI,gBAAgB,IAAI;AACzC,kBAAY,MAAM,SAAS,gBAAgB,EAAE,WAAW,SAAU,CAAC;AAAA,IACrE;AAEA,QAAI;AACJ,QAAI;AACF,kBAAY,MAAM,KAAK,aAAa,OAAO,KAAK,UAAU,SAAS;AAAA,IACrE,QAAQ;AACN,WAAK,WAAW,QAAQ;AACxB,kBAAY,MAAM,KAAK,aAAa,OAAO,KAAK,UAAU,SAAS;AAAA,IACrE;AAEA,WAAW,WAAO,OAAO,WAAW,EAAE,YAAY,CAAC,OAAO,EAAE,CAAC;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,UAAyB;AAClC,QAAI,UAAU;AACZ,WAAK,MAAM,OAAO,QAAQ;AAAA,IAC5B,OAAO;AACL,WAAK,MAAM,MAAM;AAAA,IACnB;AAAA,EACF;AACF;AAKA,eAAsB,YAAyB,SAAyC;AACtF,QAAM,WAAW,IAAI,cAAc;AACnC,SAAO,SAAS,YAAe,OAAO;AACxC;AAYA,eAAsB,iBAA8B,SAA8C;AAChG,SAAO,YAAe;AAAA,IACpB,GAAG;AAAA,IACH,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;","names":["import_fetch","import_fetch","import_fetch"]}
+{"version":3,"sources":["../src/index.ts","../src/client.ts","../src/auth-strategies.ts","../src/services/auth_jwks.ts","../src/services/bulk_resources.ts","../src/services/bulk_roles.ts","../src/services/entitlements.ts","../src/services/oauth.ts","../src/services/plans.ts","../src/services/resource_members.ts","../src/services/resources.ts","../src/services/roles.ts","../src/services/usage.ts","../src/services/users.ts","../src/utils.ts","../src/schema.ts","../src/schema.zod.ts","../src/token-verifier.ts"],"sourcesContent":["/**\n * This file is generated only once. If it already exists, it will not be overwritten.\n * You can safely add custom exports, re-exports, or any other code here as needed.\n * Your customizations will be preserved across SDK regenerations.\n */\n\n// Re-export everything from client\nexport * from './client';\n\n// Re-export all error types from @blimu/fetch for instanceof checks\nexport * from '@blimu/fetch';\n\n// Re-exports for better ergonomics\nexport * from './utils';\nexport * as Schema from './schema';\nexport * as ZodSchema from './schema.zod';\nexport { BulkResourcesService } from './services/bulk_resources';\nexport { BulkRolesService } from './services/bulk_roles';\nexport { EntitlementsService } from './services/entitlements';\nexport { AuthJwksService } from './services/auth_jwks';\nexport type { JWK, JWKSet } from './token-verifier';\nexport { PlansService } from './services/plans';\nexport { ResourceMembersService } from './services/resource_members';\nexport { ResourcesService } from './services/resources';\nexport { RolesService } from './services/roles';\nexport { UsageService } from './services/usage';\nexport { UsersService } from './services/users';\n\n// Re-export token verifier for backward compatibility. This is custom code that is not generated by the codegen.\nexport * from './token-verifier';\nexport type * from '@blimu/types';\n","import { FetchClient, FetchError } from '@blimu/fetch';\nimport { type FetchClientConfig, type ApiKeyAuthStrategy } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport { BulkResourcesService } from './services/bulk_resources';\nimport { BulkRolesService } from './services/bulk_roles';\nimport { EntitlementsService } from './services/entitlements';\nimport { OauthService } from './services/oauth';\nimport { PlansService } from './services/plans';\nimport { ResourceMembersService } from './services/resource_members';\nimport { ResourcesService } from './services/resources';\nimport { RolesService } from './services/roles';\nimport { UsageService } from './services/usage';\nimport { UsersService } from './services/users';\n\nexport type ClientOption = FetchClientConfig & {\n  apiKey?: ApiKeyAuthStrategy['key'];\n};\n\nexport class Blimu {\n  readonly authJwks: AuthJwksService;\n  readonly bulkResources: BulkResourcesService;\n  readonly bulkRoles: BulkRolesService;\n  readonly entitlements: EntitlementsService;\n  readonly oauth: OauthService;\n  readonly plans: PlansService;\n  readonly resourceMembers: ResourceMembersService;\n  readonly resources: ResourcesService;\n  readonly roles: RolesService;\n  readonly usage: UsageService;\n  readonly users: UsersService;\n\n  constructor(options?: ClientOption) {\n    const restCfg = { ...(options ?? {}) };\n    delete restCfg.apiKey;\n\n    const authStrategies = buildAuthStrategies(options ?? {});\n\n    const core = new FetchClient({\n      ...restCfg,\n      baseURL: options?.baseURL ?? 'https://api.blimu.dev',\n      ...(authStrategies.length > 0 ? { authStrategies } : {}),\n    });\n\n    this.authJwks = new AuthJwksService(core);\n    this.bulkResources = new BulkResourcesService(core);\n    this.bulkRoles = new BulkRolesService(core);\n    this.entitlements = new EntitlementsService(core);\n    this.oauth = new OauthService(core);\n    this.plans = new PlansService(core);\n    this.resourceMembers = new ResourceMembersService(core);\n    this.resources = new ResourcesService(core);\n    this.roles = new RolesService(core);\n    this.usage = new UsageService(core);\n    this.users = new UsersService(core);\n  }\n}\n\n// Re-export FetchError for backward compatibility\nexport { FetchError };\nexport const BlimuError = FetchError;\n","import type { AuthStrategy } from '@blimu/fetch';\nimport type { ClientOption } from './client';\n\nexport function buildAuthStrategies(cfg: ClientOption): AuthStrategy[] {\n  const authStrategies: AuthStrategy[] = [...(cfg?.authStrategies ?? [])];\n\n  if (cfg.apiKey) {\n    authStrategies.push({\n      type: 'apiKey',\n      key: cfg.apiKey,\n      location: 'header',\n      name: 'X-API-KEY',\n    });\n  }\n  return authStrategies;\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class AuthJwksService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/auth/.well-known/jwks.json*\n   * @summary Get JSON Web Key Set for environment (Public)*\n   * @description Returns the public keys used to verify JWT tokens issued by this environment. Authenticate using either x-api-key header (secretKey) or x-blimu-publishable-key header (publishableKey).*/\n  getJwks(init?: Omit<RequestInit, 'method' | 'body'>): Promise<Schema.JWK> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/.well-known/jwks.json`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/auth/.well-known/public-key.pem*\n   * @summary Get environment public key (PEM)*\n   * @description Returns the public key in PEM format for verifying JWT tokens. Authenticate with x-api-key or x-blimu-publishable-key.*/\n  getPublicKeyPem(init?: Omit<RequestInit, 'method' | 'body'>): Promise<unknown> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/.well-known/public-key.pem`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/auth/oauth/.well-known/jwks.json*\n   * @summary Get JSON Web Key Set for OAuth app (Public)*\n   * @description Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/\n  getOAuthAppJwks(\n    query?: Schema.AuthJwksGetOAuthAppJwksQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.JWK> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/auth/oauth/.well-known/jwks.json`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class BulkResourcesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/resources/{resourceType}/bulk*\n   * @summary Bulk create resources*\n   * @description Creates multiple resources of the specified type in a single request. This operation supports partial success - some resources may be created while others fail. The response includes details about successful creations and any errors encountered. Resources can have parent relationships and initial role assignments.*/\n  create(\n    resourceType: ResourceType,\n    body: Schema.ResourceBulkCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceBulkResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/bulk`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class BulkRolesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/users/roles/bulk*\n   * @summary Bulk create roles*\n   * @description Assigns multiple roles to users on resources in a single request. This operation supports partial success - some role assignments may succeed while others fail. The response includes details about successful assignments and any errors encountered. All roles must be valid according to your resource definitions.*/\n  create(\n    body: Schema.RoleBulkCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.RoleBulkResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users/roles/bulk`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class EntitlementsService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * POST /v1/entitlements/check*\n   * @summary Check if a user has a specific entitlement on a resource*\n   * @description Checks whether a user has permission to perform a specific action (entitlement) on a resource. This endpoint evaluates role-based access, plan gating, and usage limits. The response includes detailed information about why access was granted or denied, including which roles were checked, plan requirements, and usage limit status.*/\n  checkEntitlement(\n    body: Schema.EntitlementCheckBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementCheckResult> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/entitlements/check`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/entitlements/list-for-resource/{resourceType}/{resourceId}*\n   * @summary List entitlements for a specific resource*\n   * @description Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.*/\n  listForResource(\n    resourceType: ResourceType,\n    resourceId: string,\n    query?: Schema.EntitlementsListForResourceQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementsListResult> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/entitlements/list-for-resource/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/entitlements/list-for-tenant/{tenantResourceId}*\n   * @summary List entitlements for a tenant and all its sub-resources*\n   * @description Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).*/\n  listForTenant(\n    tenantResourceId: string,\n    query?: Schema.EntitlementsListForTenantQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.EntitlementsListResult> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/entitlements/list-for-tenant/${encodeURIComponent(tenantResourceId)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class OauthService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/oauth/authorize*\n   * @summary Check consent requirement*\n   * @description Checks if user consent is required for the OAuth2 app and requested scopes.*/\n  checkConsentRequired(\n    query?: Schema.OauthCheckConsentRequiredQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ConsentCheckResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/oauth/authorize`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/authorize*\n   * @summary Authorize OAuth2 application*\n   * @description Handles user consent approval/denial. Validates auto_approved flag against consent requirements.*/\n  authorize(\n    body: Schema.AuthorizeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/authorize`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/authorize*\n   * @summary Authorize or deny device code*\n   * @description Allows an authenticated user to authorize or deny a device code request. Requires valid user session.*/\n  authorizeDeviceCode(\n    body: Schema.DeviceAuthorizeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceAuthorizeResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/authorize`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/code*\n   * @summary Request device authorization codes*\n   * @description Initiates device authorization flow. Returns device_code (for polling) and user_code (for user entry).*/\n  requestDeviceCode(\n    body: Schema.DeviceCodeRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceCodeResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/code`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/oauth/device/code/{user_code}*\n   * @summary Get device code information*\n   * @description Returns device code information including app name, scopes, and consent requirement status.*/\n  getDeviceCodeInfo(\n    user_code: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.DeviceCodeInfoResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/oauth/device/code/${encodeURIComponent(user_code)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/device/token*\n   * @summary Poll for device authorization tokens*\n   * @description Client polls this endpoint to exchange device_code for tokens once user has authorized.*/\n  exchangeDeviceCode(\n    body: Schema.DeviceTokenRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TokenResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/device/token`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/introspect*\n   * @summary Introspect token*\n   * @description Validates a token and returns metadata. Requires client authentication.*/\n  introspect(\n    body: Schema.IntrospectionRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.IntrospectionResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/introspect`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/revoke*\n   * @summary Revoke token*\n   * @description Revokes an access or refresh token. Requires client authentication.*/\n  revoke(\n    body: Schema.RevocationRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/revoke`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/oauth/token*\n   * @summary Token endpoint*\n   * @description Issues access and refresh tokens. Supports authorization_code and refresh_token (always available per OAuth2 spec).*/\n  token(\n    body: Schema.TokenRequest,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TokenResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/oauth/token`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class PlansService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * DELETE /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Remove plan assignment from a tenant resource*\n   * @description Removes the billing plan assignment from a tenant resource. After removal, the resource will have no plan and will be subject to default limits.*/\n  delete(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.PlanDeleteResponse> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Get the plan assigned to a tenant resource*\n   * @description Retrieves the billing plan currently assigned to a tenant resource, if any.*/\n  read(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.PlanResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/resources/{resourceType}/{resourceId}/plan*\n   * @summary Assign a plan to a tenant resource*\n   * @description Assigns a billing plan to a tenant resource. Plans control feature access and usage limits based on your plan definitions. The resource must be marked as a tenant in your resource definitions.*/\n  assign(\n    resourceType: ResourceType,\n    resourceId: string,\n    body: Schema.PlanAssignBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/plan`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourceMembersService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}/members*\n   * @summary List members for a resource*\n   * @description Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.*/\n  list(\n    resourceType: ResourceType,\n    resourceId: string,\n    query?: Schema.ResourceMembersListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceMemberList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/members`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class ResourcesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/resources/{resourceType}*\n   * @summary List resources*\n   * @description Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.*/\n  list(\n    resourceType: ResourceType,\n    query?: Schema.ResourcesListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.ResourceList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/resources/{resourceType}*\n   * @summary Create a resource*\n   * @description Creates a new resource of the specified type. Resources can have parent relationships to form hierarchies. You can optionally assign initial roles to users when creating the resource. Parent resources must already exist.*/\n  create(\n    resourceType: ResourceType,\n    body: Schema.ResourceCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Resource> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/resources/{resourceType}/{resourceId}*\n   * @summary Delete a resource*\n   * @description Deletes a resource by its type and ID. This operation is permanent and cannot be undone. Deleting a resource may affect child resources that depend on it.*/\n  delete(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/resources/{resourceType}/{resourceId}*\n   * @summary Read a resource*\n   * @description Retrieves a single resource by its type and ID. Returns the resource with its parent relationships and metadata.*/\n  read(\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Resource> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * PUT /v1/resources/{resourceType}/{resourceId}*\n   * @summary Update a resource*\n   * @description Updates an existing resource. You can update the resource name and modify parent relationships. Parent resources must already exist.*/\n  update(\n    resourceType: ResourceType,\n    resourceId: string,\n    body: Schema.ResourceUpdateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'PUT',\n      path: `/v1/resources/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\nimport type { ResourceType } from '@blimu/types';\n\nexport class RolesService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/users/{userId}/roles*\n   * @summary List user roles*\n   * @description Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.*/\n  list(\n    userId: string,\n    query?: Schema.RolesListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.RoleList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/users/{userId}/roles*\n   * @summary Create a role (assign role to user on resource)*\n   * @description Assigns a role to a user on a specific resource. The role must be defined in your resource definitions for the specified resource type. Roles can be inherited from parent resources based on your resource configuration.*/\n  create(\n    userId: string,\n    body: Schema.RoleCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.Role> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/users/{userId}/roles/{resourceType}/{resourceId}*\n   * @summary Delete a role*\n   * @description Removes a role assignment from a user on a specific resource. This only removes the direct role assignment and does not affect inherited roles from parent resources.*/\n  delete(\n    userId: string,\n    resourceType: ResourceType,\n    resourceId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/users/${encodeURIComponent(userId)}/roles/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}`,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class UsageService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/usage/balance/{resourceType}/{resourceId}/{limitType}*\n   * @summary Get wallet balance*\n   * @description Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.*/\n  getBalance(\n    resourceType: string,\n    resourceId: string,\n    limitType: string,\n    query?: Schema.UsageGetBalanceQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.BalanceResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/usage/balance/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/check*\n   * @summary Check if consumption is allowed*\n   * @description Checks whether a specific amount of consumption is allowed for a resource and limit type within a given time period. Returns the current balance, requested amount, and remaining balance after the consumption.*/\n  checkLimit(\n    body: Schema.UsageCheckBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.CheckLimitResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/check`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/consume*\n   * @summary Record consumption (inserts negative amount)*\n   * @description Records consumption from a usage wallet for a specific resource and limit type. This decreases the available balance. Consumption can be tagged for tracking purposes.*/\n  consume(\n    body: Schema.UsageConsumeBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UsageWalletResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/consume`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/usage/credit*\n   * @summary Add credits to wallet (inserts positive amount)*\n   * @description Adds credits to a usage wallet for a specific resource and limit type. This increases the available balance for usage-based limits. Credits can be tagged for tracking purposes.*/\n  credit(\n    body: Schema.UsageCreditBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UsageWalletResponse> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/usage/credit`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/usage/transactions/{resourceType}/{resourceId}/{limitType}*\n   * @summary Get transaction history*\n   * @description Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.*/\n  getTransactionHistory(\n    resourceType: string,\n    resourceId: string,\n    limitType: string,\n    query?: Schema.UsageGetTransactionHistoryQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.TransactionHistoryResponse> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/usage/transactions/${encodeURIComponent(resourceType)}/${encodeURIComponent(resourceId)}/${encodeURIComponent(limitType)}`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n}\n","import type { FetchClient } from '@blimu/fetch';\nimport type * as Schema from '../schema';\n\nexport class UsersService {\n  constructor(private core: FetchClient) {}\n\n  /**\n   * GET /v1/users*\n   * @summary List users*\n   * @description Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.*/\n  list(\n    query?: Schema.UsersListQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users`,\n      query,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * POST /v1/users*\n   * @summary Create a user*\n   * @description Creates a new user in your environment. The lookupKey is a unique identifier that you can use to reference the user in your system. It should be stable and not change over time.*/\n  create(\n    body: Schema.UserCreateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'POST',\n      path: `/v1/users`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * DELETE /v1/users/{userId}*\n   * @summary Delete a user*\n   * @description Deletes a user by their ID or lookup key. This operation is permanent and cannot be undone. Deleting a user will also remove all role assignments for that user.*/\n  delete(userId: string, init?: Omit<RequestInit, 'method' | 'body'>): Promise<unknown> {\n    return this.core.request({\n      method: 'DELETE',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}*\n   * @summary Get a user by ID*\n   * @description Retrieves a single user by their ID or lookup key. Returns user information including email, name, and metadata.*/\n  read(userId: string, init?: Omit<RequestInit, 'method' | 'body'>): Promise<Schema.User> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * PUT /v1/users/{userId}*\n   * @summary Update a user*\n   * @description Updates an existing user. You can modify email, name, and other user properties. The lookupKey can be updated but should remain stable.*/\n  update(\n    userId: string,\n    body: Schema.UserUpdateBody,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.User> {\n    return this.core.request({\n      method: 'PUT',\n      path: `/v1/users/${encodeURIComponent(userId)}`,\n      body,\n      ...(init ?? {}),\n    });\n  }\n\n  /**\n   * GET /v1/users/{userId}/effective-user-resources-roles*\n   * @summary List effective user resources roles*\n   * @description Retrieves all resources and roles for a user, including inherited roles from parent resources. The response indicates whether each role is directly assigned or inherited through resource hierarchies.*/\n  listEffectiveUserResourcesRoles(\n    userId: string,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ): Promise<Schema.UserResourceList> {\n    return this.core.request({\n      method: 'GET',\n      path: `/v1/users/${encodeURIComponent(userId)}/effective-user-resources-roles`,\n      ...(init ?? {}),\n    });\n  }\n}\n","import { parseSSEStream, parseNDJSONStream } from '@blimu/fetch';\n\nexport type PaginableQuery = { limit?: number; offset?: number } & Record<string, unknown>;\n\nexport async function* paginate<T>(\n  fetchPage: (\n    query?: PaginableQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ) => Promise<{ data?: T[]; hasMore?: boolean; limit?: number; offset?: number }>,\n  initialQuery: PaginableQuery = {},\n  pageSize = 100\n): AsyncGenerator<T, void, unknown> {\n  let offset = Number(initialQuery.offset ?? 0);\n  const limit = Number(initialQuery.limit ?? pageSize);\n  // shallow copy to avoid mutating caller\n  const baseQuery: PaginableQuery = { ...initialQuery };\n  while (true) {\n    const page = await fetchPage({ ...baseQuery, limit, offset });\n    const items = page.data ?? [];\n    for (const item of items) {\n      yield item;\n    }\n    if (!page.hasMore || items.length < limit) break;\n    offset += limit;\n  }\n}\n\nexport async function listAll<T>(\n  fetchPage: (\n    query?: PaginableQuery,\n    init?: Omit<RequestInit, 'method' | 'body'>\n  ) => Promise<{ data?: T[]; hasMore?: boolean; limit?: number; offset?: number }>,\n  query: PaginableQuery = {},\n  pageSize = 100\n): Promise<T[]> {\n  const out: T[] = [];\n  for await (const item of paginate<T>(fetchPage, query, pageSize)) out.push(item);\n  return out;\n}\n\n/**\n * Filters out undefined values from an array while preserving type safety\n * Useful for query keys where optional parameters might be undefined\n * Preserves tuple types when no undefined values are present\n */\nexport function isNotUndefined<T extends readonly unknown[]>(arr: T): T {\n  // Type assertion: when no undefined values exist, tuple is preserved\n  // When undefined values exist, they are filtered but type system can't infer exact tuple shape\n  return arr.filter(\n    (item): item is Exclude<T[number], undefined> => item !== undefined\n  ) as unknown as T;\n}\n\n// Re-export streaming parsers from @blimu/fetch\nexport { parseSSEStream, parseNDJSONStream };\n","// Generated types from OpenAPI components.schemas\n\nimport type { ResourceType, EntitlementType, PlanType, UsageLimitType } from '@blimu/types';\n\nexport type Enum<T> = T[keyof T];\n\nexport interface AuthorizeRequest {\n  /** Action to take: allow or deny */\n  action: 'allow' | 'deny';\n  /** True if consent was auto-approved (not required or previously granted) */\n  auto_approved?: boolean;\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code challenge */\n  code_challenge?: string;\n  /** PKCE code challenge method */\n  code_challenge_method?: string;\n  /** Redirect URI */\n  redirect_uri: string;\n  /** Response type (typically \"code\") */\n  response_type: string;\n  /** Space-separated list of scopes */\n  scope?: string;\n  /** State parameter for CSRF protection */\n  state?: string;\n  /** True if user explicitly clicked Allow, false if auto-approved */\n  user_action?: boolean;\n}\n\nexport interface BalanceResponse {\n  balance: number;\n}\n\nexport interface CheckLimitResponse {\n  allowed: boolean;\n  current: number;\n  remaining?: number;\n  requested: number;\n}\n\nexport interface ConsentCheckResponse {\n  /** Whether user consent is required */\n  consent_required: boolean;\n  /** Whether consent was previously granted for this app and scopes */\n  previously_granted: boolean;\n}\n\nexport interface DeviceAuthorizeRequest {\n  /** Action to take: allow or deny */\n  action: 'allow' | 'deny';\n  /** True if consent was auto-approved (not required or previously granted) */\n  auto_approved?: boolean;\n  /** True if user explicitly clicked Allow, false if auto-approved */\n  user_action?: boolean;\n  /** The user code displayed to the user */\n  user_code: string;\n}\n\nexport interface DeviceAuthorizeResponse {\n  /** Whether the authorization was successful */\n  success: boolean;\n}\n\nexport interface DeviceCodeInfoResponse {\n  /** The name of the OAuth2 application */\n  appName: string;\n  /** Whether the user has already granted consent for this app and scopes */\n  previouslyGranted: boolean;\n  /** Whether the app requires user consent */\n  requireConsent: boolean;\n  /** The scopes requested by the device code */\n  scopes: string[];\n}\n\nexport interface DeviceCodeRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code challenge (base64url encoded SHA256 hash) */\n  code_challenge?: string;\n  /** PKCE code challenge method */\n  code_challenge_method?: 'S256' | 'plain';\n  /** Space-separated list of scopes */\n  scope?: string;\n}\n\nexport interface DeviceCodeResponse {\n  /** Device verification code (for polling) */\n  device_code: string;\n  /** Device code expiration time in seconds */\n  expires_in: number;\n  /** Minimum polling interval in seconds */\n  interval: number;\n  /** User verification code (short, human-readable) */\n  user_code: string;\n  /** Verification URI for user */\n  verification_uri: string;\n  /** Complete verification URI with user code */\n  verification_uri_complete: string;\n}\n\nexport interface DeviceTokenRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** PKCE code verifier (if challenge was provided) */\n  code_verifier?: string;\n  /** Device code from authorization response */\n  device_code: string;\n  /** Grant type (must be device_code) */\n  grant_type: 'urn:ietf:params:oauth:grant-type:device_code';\n}\n\nexport interface EntitlementCheckBody {\n  amount?: number;\n  entitlement: EntitlementType;\n  resourceId: string;\n  userId: string;\n}\n\nexport interface EntitlementCheckResult {\n  allowed: boolean;\n  limit?: {\n    allowed: boolean;\n    current?: number;\n    limit?: number;\n    plan?: PlanType;\n    reason?: string;\n    remaining?: number;\n    scope?: string;\n  } | null;\n  plans?: { allowed: boolean; allowedPlans?: PlanType[]; plan?: PlanType; reason?: string } | null;\n  roles?: {\n    allowed: boolean;\n    allowedRoles?: string[];\n    reason?: string;\n    userRoles?: string[];\n  } | null;\n}\n\nexport interface EntitlementsListResult {\n  results: {\n    entitlements: {\n      allowed: boolean;\n      allowedByPlan: boolean;\n      allowedByRole: boolean;\n      allowedPlans?: PlanType[];\n      allowedRoles: string[];\n      currentPlan?: PlanType;\n      currentRole?: string;\n      entitlement: EntitlementType;\n    }[];\n    resourceId: string;\n    resourceType: ResourceType;\n  }[];\n}\n\nexport interface IntrospectionRequest {\n  /** The token to introspect */\n  token: string;\n  /** Hint about token type */\n  token_type_hint?: 'access_token' | 'refresh_token';\n}\n\nexport interface IntrospectionResponse {\n  /** Whether the token is active */\n  active: boolean;\n  /** Client ID */\n  client_id?: string;\n  /** Environment ID */\n  environment_id?: string;\n  /** Token expiration timestamp */\n  exp?: number;\n  /** Token issued at timestamp */\n  iat?: number;\n  /** Space-separated list of scopes */\n  scope?: string;\n  /** Subject (user ID) */\n  sub?: string;\n  /** Token type */\n  token_type?: string;\n  /** Username or user ID */\n  username?: string;\n}\n\nexport interface JWK {\n  keys: { alg: string; e: string; kid: string; kty: string; n: string; use: string }[];\n}\n\nexport interface OAuthAccessTokenPayload {\n  client_id: string;\n  environment_id: string;\n  exp: number;\n  iat: number;\n  scope: string;\n  sub: string;\n  token_type: string;\n}\n\nexport interface PlanAssignBody {\n  planKey: PlanType;\n}\n\nexport interface PlanDeleteResponse {\n  success: boolean;\n}\n\nexport interface PlanResponse {\n  createdAt: string;\n  environmentId: string;\n  planKey: PlanType;\n  resourceId: string;\n  resourceType: ResourceType;\n  updatedAt: string;\n}\n\nexport interface Resource {\n  createdAt: string;\n  id: string;\n  name: string | null;\n  parents?: { id: string; type: ResourceType }[];\n  type: ResourceType;\n}\n\nexport interface ResourceBulkCreateBody {\n  resources: {\n    id?: string;\n    name?: string;\n    parents?: { id: string; type: ResourceType }[];\n    roles?: { role: string; userId: string }[];\n  }[];\n}\n\nexport interface ResourceBulkResult {\n  created: { environmentId: string; id: string; type: ResourceType }[];\n  errors: {\n    error: string;\n    index: number;\n    resource: {\n      id?: string;\n      name?: string;\n      parents?: { id: string; type: ResourceType }[];\n      roles?: { role: string; userId: string }[];\n    };\n  }[];\n  success: boolean;\n  summary: { failed: number; successful: number; total: number };\n}\n\nexport interface ResourceCreateBody {\n  id?: string;\n  name?: string;\n  parents?: { id: string; type: ResourceType }[];\n  roles?: { role: string; userId: string }[];\n}\n\nexport interface ResourceList {\n  items: Resource[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport interface ResourceMemberList {\n  items: {\n    inherited: boolean;\n    role: string;\n    user: {\n      avatarUrl: string | null;\n      createdAt: string;\n      email: string;\n      emailVerified: boolean;\n      firstName: string | null;\n      id: string;\n      lastLoginAt: string | null;\n      lastName: string | null;\n      lookupKey: string | null;\n      updatedAt: string;\n    };\n    userId: string;\n  }[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport interface ResourceUpdateBody {\n  name?: string;\n  /** Creates relationships with other resources. Parent resources must already exist. */\n  parents?: { id: string; type: ResourceType }[];\n}\n\nexport interface RevocationRequest {\n  /** The token to revoke */\n  token: string;\n  /** Hint about token type */\n  token_type_hint?: 'access_token' | 'refresh_token';\n}\n\nexport interface Role {\n  createdAt: string;\n  environmentId: string;\n  resourceId: string;\n  resourceType: ResourceType;\n  role: string;\n  userId: string;\n}\n\nexport interface RoleBulkCreateBody {\n  roles: { resourceId: string; resourceType: ResourceType; role: string; userId: string }[];\n}\n\nexport interface RoleBulkResult {\n  created: {\n    createdAt: string;\n    environmentId: string;\n    resourceId: string;\n    resourceType: ResourceType;\n    role: string;\n    userId: string;\n  }[];\n  errors: {\n    error: string;\n    index: number;\n    role: { resourceId: string; resourceType: ResourceType; role: string; userId: string };\n  }[];\n  success: boolean;\n  summary: { failed: number; successful: number; total: number };\n}\n\nexport interface RoleCreateBody {\n  resourceId: string;\n  resourceType: ResourceType;\n  role: string;\n}\n\nexport interface RoleList {\n  limit: number;\n  page: number;\n  roles: {\n    createdAt: string;\n    environmentId: string;\n    resourceId: string;\n    resourceType: ResourceType;\n    role: string;\n    userId: string;\n  }[];\n  total: number;\n}\n\nexport interface TokenRequest {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** OAuth2 client secret (required for confidential clients) */\n  client_secret?: string;\n  /** Authorization code (required for authorization_code grant) */\n  code?: string;\n  /** PKCE code verifier (if challenge was provided) */\n  code_verifier?: string;\n  /** OAuth2 grant type */\n  grant_type: 'authorization_code' | 'refresh_token';\n  /** Redirect URI (required for authorization_code grant) */\n  redirect_uri?: string;\n  /** Refresh token (required for refresh_token grant) */\n  refresh_token?: string;\n  /** Space-separated list of scopes (optional for refresh) */\n  scope?: string;\n}\n\nexport interface TokenResponse {\n  /** Access token (JWT) */\n  access_token: string;\n  /** Access token expiration time in seconds */\n  expires_in: number;\n  /** Refresh token (for obtaining new access tokens) */\n  refresh_token: string;\n  /** Space-separated list of granted scopes */\n  scope?: string;\n  /** Token type */\n  token_type: string;\n}\n\nexport interface TransactionHistoryResponse {\n  items: {\n    amount: number;\n    createdAt: string;\n    environmentId: string;\n    id: string;\n    limitType: UsageLimitType;\n    resourceId: string;\n    resourceType: ResourceType;\n    tags: Record<string, unknown> | null;\n  }[];\n}\n\nexport interface UsageCheckBody {\n  amount: number;\n  limitType: UsageLimitType;\n  period: 'monthly' | 'yearly' | 'lifetime';\n  resourceId: string;\n  resourceType: ResourceType;\n}\n\nexport interface UsageConsumeBody {\n  amount: number;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags?: Record<string, unknown>;\n}\n\nexport interface UsageCreditBody {\n  amount: number;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags?: Record<string, unknown>;\n}\n\nexport interface UsageWalletResponse {\n  amount: number;\n  createdAt: string;\n  environmentId: string;\n  id: string;\n  limitType: UsageLimitType;\n  resourceId: string;\n  resourceType: ResourceType;\n  tags: Record<string, unknown> | null;\n}\n\nexport interface User {\n  avatarUrl: string | null;\n  createdAt: string;\n  email: string;\n  emailVerified: boolean;\n  firstName: string | null;\n  id: string;\n  lastLoginAt: string | null;\n  lastName: string | null;\n  lookupKey: string | null;\n  updatedAt: string;\n}\n\nexport interface UserCreateBody {\n  avatarUrl?: string;\n  email: string;\n  firstName?: string | null;\n  lastName?: string | null;\n  lookupKey: string;\n  newUser?: boolean | null;\n  password?: string | null;\n}\n\nexport interface UserList {\n  items: {\n    avatarUrl: string | null;\n    createdAt: string;\n    email: string;\n    emailVerified: boolean;\n    firstName: string | null;\n    id: string;\n    lastLoginAt: string | null;\n    lastName: string | null;\n    lookupKey: string | null;\n    updatedAt: string;\n  }[];\n  limit: number;\n  page: number;\n  total: number;\n}\n\nexport type UserResourceList = {\n  inherited: boolean;\n  resource: {\n    id: string;\n    name: string;\n    parents: { id: string; type: ResourceType }[];\n    type: ResourceType;\n  };\n  role: string;\n}[];\n\nexport interface UserUpdateBody {\n  avatarUrl?: string | null;\n  email?: string;\n  firstName?: string | null;\n  lastName?: string | null;\n  lookupKey?: string;\n  password?: string;\n}\n\n// Operation query parameter interfaces\n\n/**\n * Query params for AuthJwks.GetOAuthAppJwks*\n * Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.*/\nexport interface AuthJwksGetOAuthAppJwksQuery {\n  /** OAuth app client ID to get public keys for */\n  client_id?: string;\n}\n\n/**\n * Query params for Entitlements.ListForResource*\n * Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.*/\nexport interface EntitlementsListForResourceQuery {\n  /** The unique identifier of the user */\n  userId: string;\n}\n\n/**\n * Query params for Entitlements.ListForTenant*\n * Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).*/\nexport interface EntitlementsListForTenantQuery {\n  /** The unique identifier of the user */\n  userId: string;\n}\n\n/**\n * Query params for Oauth.CheckConsentRequired*\n * Checks if user consent is required for the OAuth2 app and requested scopes.*/\nexport interface OauthCheckConsentRequiredQuery {\n  /** OAuth2 client ID */\n  client_id: string;\n  /** Redirect URI */\n  redirect_uri?: string;\n  /** Space-separated list of scopes */\n  scope?: string;\n}\n\n/**\n * Query params for Resource Members.List*\n * Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.*/\nexport interface ResourceMembersListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter members by email or name */\n  search?: string;\n}\n\n/**\n * Query params for Resources.List*\n * Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.*/\nexport interface ResourcesListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter resources by name */\n  search?: string;\n}\n\n/**\n * Query params for Roles.List*\n * Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.*/\nexport interface RolesListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Filter roles by specific resource ID */\n  resourceId?: string;\n  /** Filter roles by resource type */\n  resourceType?: ResourceType;\n  /** Filter by role name */\n  role?: string;\n}\n\n/**\n * Query params for Usage.GetBalance*\n * Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.*/\nexport interface UsageGetBalanceQuery {\n  /** Time period for the balance calculation */\n  period: 'monthly' | 'yearly' | 'lifetime';\n}\n\n/**\n * Query params for Usage.GetTransactionHistory*\n * Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.*/\nexport interface UsageGetTransactionHistoryQuery {\n  /** End date for filtering transactions (ISO 8601 format) */\n  endDate?: string;\n  /** Time period for filtering transactions */\n  period?: 'monthly' | 'yearly' | 'lifetime';\n  /** Start date for filtering transactions (ISO 8601 format) */\n  startDate?: string;\n}\n\n/**\n * Query params for Users.List*\n * Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.*/\nexport interface UsersListQuery {\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit?: number;\n  /** Page number for pagination */\n  page?: number;\n  /** Search query to filter users by email, name, or lookup key */\n  search?: string;\n}\n","// Generated zod schemas from OpenAPI components.schemas\n// Use these schemas for runtime validation in forms, API requests, etc.\n\nimport { z } from 'zod';\n\n/**\n * Schema for EntitlementType\n * Entitlement identifier\n */\nexport const EntitlementTypeSchema = z.string();\n\n/**\n * Schema for PlanType\n * Plan type identifier\n */\nexport const PlanTypeSchema = z.string();\n\n/**\n * Schema for ResourceType\n * Resource type identifier\n */\nexport const ResourceTypeSchema = z.string();\n\n/**\n * Schema for UsageLimitType\n * Usage-based limit type identifier\n */\nexport const UsageLimitTypeSchema = z.string();\n\n/**\n * Zod schema for AuthorizeRequest\n */\nexport const AuthorizeRequestSchema = z.object({\n  /** Action to take: allow or deny */ action: z.enum(['allow', 'deny']),\n  /** True if consent was auto-approved (not required or previously granted) */ auto_approved: z\n    .boolean()\n    .optional(),\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code challenge */ code_challenge: z.string().optional(),\n  /** PKCE code challenge method */ code_challenge_method: z.string().optional(),\n  /** Redirect URI */ redirect_uri: z.string(),\n  /** Response type (typically \"code\") */ response_type: z.string(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n  /** State parameter for CSRF protection */ state: z.string().optional(),\n  /** True if user explicitly clicked Allow, false if auto-approved */ user_action: z\n    .boolean()\n    .optional(),\n});\n\n/**\n * Zod schema for BalanceResponse\n */\nexport const BalanceResponseSchema = z.object({ balance: z.number() });\n\n/**\n * Zod schema for CheckLimitResponse\n */\nexport const CheckLimitResponseSchema = z.object({\n  allowed: z.boolean(),\n  current: z.number(),\n  remaining: z.number().optional(),\n  requested: z.number(),\n});\n\n/**\n * Zod schema for ConsentCheckResponse\n */\nexport const ConsentCheckResponseSchema = z.object({\n  /** Whether user consent is required */ consent_required: z.boolean(),\n  /** Whether consent was previously granted for this app and scopes */ previously_granted:\n    z.boolean(),\n});\n\n/**\n * Zod schema for DeviceAuthorizeRequest\n */\nexport const DeviceAuthorizeRequestSchema = z.object({\n  /** Action to take: allow or deny */ action: z.enum(['allow', 'deny']),\n  /** True if consent was auto-approved (not required or previously granted) */ auto_approved: z\n    .boolean()\n    .optional(),\n  /** True if user explicitly clicked Allow, false if auto-approved */ user_action: z\n    .boolean()\n    .optional(),\n  /** The user code displayed to the user */ user_code: z.string(),\n});\n\n/**\n * Zod schema for DeviceAuthorizeResponse\n */\nexport const DeviceAuthorizeResponseSchema = z.object({\n  /** Whether the authorization was successful */ success: z.boolean(),\n});\n\n/**\n * Zod schema for DeviceCodeInfoResponse\n */\nexport const DeviceCodeInfoResponseSchema = z.object({\n  /** The name of the OAuth2 application */ appName: z.string(),\n  /** Whether the user has already granted consent for this app and scopes */ previouslyGranted:\n    z.boolean(),\n  /** Whether the app requires user consent */ requireConsent: z.boolean(),\n  /** The scopes requested by the device code */ scopes: z.string().array(),\n});\n\n/**\n * Zod schema for DeviceCodeRequest\n */\nexport const DeviceCodeRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code challenge (base64url encoded SHA256 hash) */ code_challenge: z.string().optional(),\n  /** PKCE code challenge method */ code_challenge_method: z.enum(['S256', 'plain']).optional(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n});\n\n/**\n * Zod schema for DeviceCodeResponse\n */\nexport const DeviceCodeResponseSchema = z.object({\n  /** Device verification code (for polling) */ device_code: z.string(),\n  /** Device code expiration time in seconds */ expires_in: z.number(),\n  /** Minimum polling interval in seconds */ interval: z.number(),\n  /** User verification code (short, human-readable) */ user_code: z.string(),\n  /** Verification URI for user */ verification_uri: z.string(),\n  /** Complete verification URI with user code */ verification_uri_complete: z.string(),\n});\n\n/**\n * Zod schema for DeviceTokenRequest\n */\nexport const DeviceTokenRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** PKCE code verifier (if challenge was provided) */ code_verifier: z.string().optional(),\n  /** Device code from authorization response */ device_code: z.string(),\n  /** Grant type (must be device_code) */ grant_type: z.enum([\n    'urn:ietf:params:oauth:grant-type:device_code',\n  ]),\n});\n\n/**\n * Zod schema for IntrospectionRequest\n */\nexport const IntrospectionRequestSchema = z.object({\n  /** The token to introspect */ token: z.string(),\n  /** Hint about token type */ token_type_hint: z\n    .enum(['access_token', 'refresh_token'])\n    .optional(),\n});\n\n/**\n * Zod schema for IntrospectionResponse\n */\nexport const IntrospectionResponseSchema = z.object({\n  /** Whether the token is active */ active: z.boolean(),\n  /** Client ID */ client_id: z.string().optional(),\n  /** Environment ID */ environment_id: z.string().optional(),\n  /** Token expiration timestamp */ exp: z.number().optional(),\n  /** Token issued at timestamp */ iat: z.number().optional(),\n  /** Space-separated list of scopes */ scope: z.string().optional(),\n  /** Subject (user ID) */ sub: z.string().optional(),\n  /** Token type */ token_type: z.string().optional(),\n  /** Username or user ID */ username: z.string().optional(),\n});\n\n/**\n * Zod schema for JWK\n */\nexport const JWKSchema = z.object({\n  keys: z\n    .object({\n      alg: z.string(),\n      e: z.string(),\n      kid: z.string(),\n      kty: z.string(),\n      n: z.string(),\n      use: z.string(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for OAuthAccessTokenPayload\n */\nexport const OAuthAccessTokenPayloadSchema = z.object({\n  client_id: z.string(),\n  environment_id: z.string(),\n  exp: z.number().int(),\n  iat: z.number().int(),\n  scope: z.string(),\n  sub: z.string(),\n  token_type: z.string(),\n});\n\n/**\n * Zod schema for PlanDeleteResponse\n */\nexport const PlanDeleteResponseSchema = z.object({ success: z.boolean() });\n\n/**\n * Zod schema for ResourceMemberList\n */\nexport const ResourceMemberListSchema = z.object({\n  items: z\n    .object({\n      inherited: z.boolean(),\n      role: z.string(),\n      user: z.object({\n        avatarUrl: z.string().nullable(),\n        createdAt: z.iso.datetime(),\n        email: z.email(),\n        emailVerified: z.boolean(),\n        firstName: z.string().nullable(),\n        id: z.string(),\n        lastLoginAt: z.iso.datetime().nullable(),\n        lastName: z.string().nullable(),\n        lookupKey: z.string().nullable(),\n        updatedAt: z.iso.datetime(),\n      }),\n      userId: z.string(),\n    })\n    .array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for RevocationRequest\n */\nexport const RevocationRequestSchema = z.object({\n  /** The token to revoke */ token: z.string(),\n  /** Hint about token type */ token_type_hint: z\n    .enum(['access_token', 'refresh_token'])\n    .optional(),\n});\n\n/**\n * Zod schema for TokenRequest\n */\nexport const TokenRequestSchema = z.object({\n  /** OAuth2 client ID */ client_id: z.string(),\n  /** OAuth2 client secret (required for confidential clients) */ client_secret: z\n    .string()\n    .optional(),\n  /** Authorization code (required for authorization_code grant) */ code: z.string().optional(),\n  /** PKCE code verifier (if challenge was provided) */ code_verifier: z.string().optional(),\n  /** OAuth2 grant type */ grant_type: z.enum(['authorization_code', 'refresh_token']),\n  /** Redirect URI (required for authorization_code grant) */ redirect_uri: z.string().optional(),\n  /** Refresh token (required for refresh_token grant) */ refresh_token: z.string().optional(),\n  /** Space-separated list of scopes (optional for refresh) */ scope: z.string().optional(),\n});\n\n/**\n * Zod schema for TokenResponse\n */\nexport const TokenResponseSchema = z.object({\n  /** Access token (JWT) */ access_token: z.string(),\n  /** Access token expiration time in seconds */ expires_in: z.number(),\n  /** Refresh token (for obtaining new access tokens) */ refresh_token: z.string(),\n  /** Space-separated list of granted scopes */ scope: z.string().optional(),\n  /** Token type */ token_type: z.string(),\n});\n\n/**\n * Zod schema for User\n */\nexport const UserSchema = z.object({\n  avatarUrl: z.string().nullable(),\n  createdAt: z.iso.datetime(),\n  email: z.email(),\n  emailVerified: z.boolean(),\n  firstName: z.string().nullable(),\n  id: z.string(),\n  lastLoginAt: z.iso.datetime().nullable(),\n  lastName: z.string().nullable(),\n  lookupKey: z.string().nullable(),\n  updatedAt: z.iso.datetime(),\n});\n\n/**\n * Zod schema for UserCreateBody\n */\nexport const UserCreateBodySchema = z.object({\n  avatarUrl: z.url().optional(),\n  email: z.email(),\n  firstName: z.string().nullable().optional(),\n  lastName: z.string().nullable().optional(),\n  lookupKey: z.string(),\n  newUser: z.boolean().nullable().optional(),\n  password: z.string().nullable().optional(),\n});\n\n/**\n * Zod schema for UserList\n */\nexport const UserListSchema = z.object({\n  items: z\n    .object({\n      avatarUrl: z.string().nullable(),\n      createdAt: z.iso.datetime(),\n      email: z.email(),\n      emailVerified: z.boolean(),\n      firstName: z.string().nullable(),\n      id: z.string(),\n      lastLoginAt: z.iso.datetime().nullable(),\n      lastName: z.string().nullable(),\n      lookupKey: z.string().nullable(),\n      updatedAt: z.iso.datetime(),\n    })\n    .array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for UserUpdateBody\n */\nexport const UserUpdateBodySchema = z.object({\n  avatarUrl: z.url().nullable().optional(),\n  email: z.email().optional(),\n  firstName: z.string().nullable().optional(),\n  lastName: z.string().nullable().optional(),\n  lookupKey: z.string().optional(),\n  password: z.string().optional(),\n});\n\n/**\n * Zod schema for EntitlementCheckBody\n */\nexport const EntitlementCheckBodySchema = z.object({\n  amount: z.number().int().optional(),\n  entitlement: EntitlementTypeSchema,\n  resourceId: z.string(),\n  userId: z.string(),\n});\n\n/**\n * Zod schema for EntitlementCheckResult\n */\nexport const EntitlementCheckResultSchema = z.object({\n  allowed: z.boolean(),\n  limit: z\n    .object({\n      allowed: z.boolean(),\n      current: z.number().optional(),\n      limit: z.number().optional(),\n      plan: PlanTypeSchema.optional(),\n      reason: z.string().optional(),\n      remaining: z.number().optional(),\n      scope: z.string().optional(),\n    })\n    .nullable()\n    .optional(),\n  plans: z\n    .object({\n      allowed: z.boolean(),\n      allowedPlans: PlanTypeSchema.array().optional(),\n      plan: PlanTypeSchema.optional(),\n      reason: z.string().optional(),\n    })\n    .nullable()\n    .optional(),\n  roles: z\n    .object({\n      allowed: z.boolean(),\n      allowedRoles: z.string().array().optional(),\n      reason: z.string().optional(),\n      userRoles: z.string().array().optional(),\n    })\n    .nullable()\n    .optional(),\n});\n\n/**\n * Zod schema for PlanAssignBody\n */\nexport const PlanAssignBodySchema = z.object({ planKey: PlanTypeSchema });\n\n/**\n * Zod schema for EntitlementsListResult\n */\nexport const EntitlementsListResultSchema = z.object({\n  results: z\n    .object({\n      entitlements: z\n        .object({\n          allowed: z.boolean(),\n          allowedByPlan: z.boolean(),\n          allowedByRole: z.boolean(),\n          allowedPlans: PlanTypeSchema.array().optional(),\n          allowedRoles: z.string().array(),\n          currentPlan: PlanTypeSchema.optional(),\n          currentRole: z.string().optional(),\n          entitlement: EntitlementTypeSchema,\n        })\n        .array(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n    })\n    .array(),\n});\n\n/**\n * Zod schema for PlanResponse\n */\nexport const PlanResponseSchema = z.object({\n  createdAt: z.iso.datetime(),\n  environmentId: z.string(),\n  planKey: PlanTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  updatedAt: z.iso.datetime(),\n});\n\n/**\n * Zod schema for Resource\n */\nexport const ResourceSchema = z.object({\n  createdAt: z.iso.datetime(),\n  id: z.string(),\n  name: z.string().nullable(),\n  parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n  type: ResourceTypeSchema,\n});\n\n/**\n * Zod schema for ResourceBulkCreateBody\n */\nexport const ResourceBulkCreateBodySchema = z.object({\n  resources: z\n    .object({\n      id: z.string().optional(),\n      name: z.string().optional(),\n      parents: z\n        .object({\n          id: z.string(),\n          type: ResourceTypeSchema,\n        })\n        .array()\n        .optional(),\n      roles: z\n        .object({\n          role: z.string(),\n          userId: z.string(),\n        })\n        .array()\n        .optional(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for ResourceBulkResult\n */\nexport const ResourceBulkResultSchema = z.object({\n  created: z\n    .object({\n      environmentId: z.string(),\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array(),\n  errors: z\n    .object({\n      error: z.string(),\n      index: z.number(),\n      resource: z.object({\n        id: z.string().optional(),\n        name: z.string().optional(),\n        parents: z\n          .object({\n            id: z.string(),\n            type: ResourceTypeSchema,\n          })\n          .array()\n          .optional(),\n        roles: z\n          .object({\n            role: z.string(),\n            userId: z.string(),\n          })\n          .array()\n          .optional(),\n      }),\n    })\n    .array(),\n  success: z.boolean(),\n  summary: z.object({\n    failed: z.number(),\n    successful: z.number(),\n    total: z.number(),\n  }),\n});\n\n/**\n * Zod schema for ResourceCreateBody\n */\nexport const ResourceCreateBodySchema = z.object({\n  id: z.string().optional(),\n  name: z.string().optional(),\n  parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n  roles: z\n    .object({\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array()\n    .optional(),\n});\n\n/**\n * Zod schema for ResourceUpdateBody\n */\nexport const ResourceUpdateBodySchema = z.object({\n  name: z.string().optional(),\n  /** Creates relationships with other resources. Parent resources must already exist. */ parents: z\n    .object({\n      id: z.string(),\n      type: ResourceTypeSchema,\n    })\n    .array()\n    .optional(),\n});\n\n/**\n * Zod schema for Role\n */\nexport const RoleSchema = z.object({\n  createdAt: z.string(),\n  environmentId: z.string(),\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  role: z.string(),\n  userId: z.string(),\n});\n\n/**\n * Zod schema for RoleBulkCreateBody\n */\nexport const RoleBulkCreateBodySchema = z.object({\n  roles: z\n    .object({\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for RoleBulkResult\n */\nexport const RoleBulkResultSchema = z.object({\n  created: z\n    .object({\n      createdAt: z.string(),\n      environmentId: z.string(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n  errors: z\n    .object({\n      error: z.string(),\n      index: z.number(),\n      role: z.object({\n        resourceId: z.string(),\n        resourceType: ResourceTypeSchema,\n        role: z.string(),\n        userId: z.string(),\n      }),\n    })\n    .array(),\n  success: z.boolean(),\n  summary: z.object({\n    failed: z.number(),\n    successful: z.number(),\n    total: z.number(),\n  }),\n});\n\n/**\n * Zod schema for RoleCreateBody\n */\nexport const RoleCreateBodySchema = z.object({\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  role: z.string(),\n});\n\n/**\n * Zod schema for RoleList\n */\nexport const RoleListSchema = z.object({\n  limit: z.number(),\n  page: z.number(),\n  roles: z\n    .object({\n      createdAt: z.string(),\n      environmentId: z.string(),\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      role: z.string(),\n      userId: z.string(),\n    })\n    .array(),\n  total: z.number(),\n});\n\n/**\n * Zod schema for UserResourceList\n */\nexport const UserResourceListSchema = z.array(\n  z.object({\n    inherited: z.boolean(),\n    resource: z\n      .object({\n        id: z.string(),\n        name: z.string(),\n        parents: z\n          .object({\n            id: z.string(),\n            type: ResourceTypeSchema,\n          })\n          .array(),\n        type: ResourceTypeSchema,\n      })\n      .catchall(z.unknown()),\n    role: z.string(),\n  })\n);\n\n/**\n * Zod schema for TransactionHistoryResponse\n */\nexport const TransactionHistoryResponseSchema = z.object({\n  items: z\n    .object({\n      amount: z.number().int(),\n      createdAt: z.iso.datetime(),\n      environmentId: z.string(),\n      id: z.string(),\n      limitType: UsageLimitTypeSchema,\n      resourceId: z.string(),\n      resourceType: ResourceTypeSchema,\n      tags: z.record(z.string(), z.unknown()).nullable(),\n    })\n    .array(),\n});\n\n/**\n * Zod schema for UsageCheckBody\n */\nexport const UsageCheckBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  period: z.enum(['monthly', 'yearly', 'lifetime']),\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n});\n\n/**\n * Zod schema for UsageConsumeBody\n */\nexport const UsageConsumeBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Zod schema for UsageCreditBody\n */\nexport const UsageCreditBodySchema = z.object({\n  amount: z.number().int(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Zod schema for UsageWalletResponse\n */\nexport const UsageWalletResponseSchema = z.object({\n  amount: z.number().int(),\n  createdAt: z.iso.datetime(),\n  environmentId: z.string(),\n  id: z.string(),\n  limitType: UsageLimitTypeSchema,\n  resourceId: z.string(),\n  resourceType: ResourceTypeSchema,\n  tags: z.record(z.string(), z.unknown()).nullable(),\n});\n\n/**\n * Zod schema for ResourceList\n */\nexport const ResourceListSchema = z.object({\n  items: ResourceSchema.array(),\n  limit: z.number(),\n  page: z.number(),\n  total: z.number(),\n});\n\n// Operation query parameter schemas\n\n/**\n * Schema for query params of AuthJwks.GetOAuthAppJwks\n * Returns the public key for a specific OAuth app to verify JWT tokens. This is a public endpoint following OAuth2/OIDC standards. Provide client_id to get keys for a specific OAuth app, or use authenticated endpoint for environment keys.\n */\nexport const AuthJwksGetOAuthAppJwksQuerySchema = z.object({\n  /** OAuth app client ID to get public keys for */\n  client_id: z.string().optional(),\n});\n\n/**\n * Schema for query params of Entitlements.ListForResource\n * Returns entitlements for a specific resource and user. Only evaluates roles and plans (excludes limits). Provides detailed information about why entitlements are allowed or denied, including current roles, allowed roles, current plan, and allowed plans. Results are cached per resource for performance.\n */\nexport const EntitlementsListForResourceQuerySchema = z.object({\n  /** The unique identifier of the user */\n  userId: z.string(),\n});\n\n/**\n * Schema for query params of Entitlements.ListForTenant\n * Returns entitlements for a tenant resource and all its descendant resources. This endpoint scopes queries to a single tenant, preventing cross-tenant data access. Only evaluates roles and plans (excludes limits). Results are cached per resource for performance. The tenant resource type is automatically determined from the environment definition (resource marked as `is_tenant: true`).\n */\nexport const EntitlementsListForTenantQuerySchema = z.object({\n  /** The unique identifier of the user */\n  userId: z.string(),\n});\n\n/**\n * Schema for query params of Oauth.CheckConsentRequired\n * Checks if user consent is required for the OAuth2 app and requested scopes.\n */\nexport const OauthCheckConsentRequiredQuerySchema = z.object({\n  /** OAuth2 client ID */\n  client_id: z.string(),\n  /** Redirect URI */\n  redirect_uri: z.string().optional(),\n  /** Space-separated list of scopes */\n  scope: z.string().optional(),\n});\n\n/**\n * Schema for query params of Resource Members.List\n * Retrieves a paginated list of users who have roles (direct or inherited) on the specified resource. Supports search functionality to filter users by email or name.\n */\nexport const ResourceMembersListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter members by email or name */\n  search: z.string().optional(),\n});\n\n/**\n * Schema for query params of Resources.List\n * Retrieves a paginated list of resources of the specified type. Supports search and filtering. Resources are returned with their parent relationships and metadata.\n */\nexport const ResourcesListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter resources by name */\n  search: z.string().optional(),\n});\n\n/**\n * Schema for query params of Roles.List\n * Retrieves a paginated list of roles assigned to a user. Supports filtering by resource type, resource ID, and role name. Returns both directly assigned roles and inherited roles.\n */\nexport const RolesListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Filter roles by specific resource ID */\n  resourceId: z.string().optional(),\n  /** Filter roles by resource type */\n  resourceType: ResourceTypeSchema.optional(),\n  /** Filter by role name */\n  role: z.string().optional(),\n});\n\n/**\n * Schema for query params of Usage.GetBalance\n * Retrieves the current balance of a usage wallet for a specific resource and limit type within a given time period. The balance reflects all credits and consumption transactions.\n */\nexport const UsageGetBalanceQuerySchema = z.object({\n  /** Time period for the balance calculation */\n  period: z.enum(['monthly', 'yearly', 'lifetime']),\n});\n\n/**\n * Schema for query params of Usage.GetTransactionHistory\n * Retrieves the transaction history for a usage wallet, including all credits and consumption records. Supports filtering by time period and date range.\n */\nexport const UsageGetTransactionHistoryQuerySchema = z.object({\n  /** End date for filtering transactions (ISO 8601 format) */\n  endDate: z.string().optional(),\n  /** Time period for filtering transactions */\n  period: z.enum(['monthly', 'yearly', 'lifetime']).optional(),\n  /** Start date for filtering transactions (ISO 8601 format) */\n  startDate: z.string().optional(),\n});\n\n/**\n * Schema for query params of Users.List\n * Retrieves a paginated list of users in your environment. Supports search functionality to filter users by email, name, or lookup key.\n */\nexport const UsersListQuerySchema = z.object({\n  /** Number of items per page (minimum: 1, maximum: 100) */\n  limit: z.number().optional(),\n  /** Page number for pagination */\n  page: z.number().optional(),\n  /** Search query to filter users by email, name, or lookup key */\n  search: z.string().optional(),\n});\n","import * as crypto from 'crypto';\nimport * as jwt from 'jsonwebtoken';\nimport { FetchClient } from '@blimu/fetch';\nimport { buildAuthStrategies } from './auth-strategies';\nimport { AuthJwksService } from './services/auth_jwks';\nimport type * as Schema from './schema';\n\n/** Single JWK (element of a JWK Set's keys array). */\nexport type JWK = Schema.JWK['keys'][number];\n/** JWK Set as returned by Blimu auth JWKS endpoints. */\nexport type JWKSet = Schema.JWK;\n\ninterface CachedJWK {\n  key: crypto.KeyObject;\n  kid: string;\n  expiresAt: number;\n}\n\nexport interface VerifyTokenOptions {\n  /** API key/secret key – uses runtimeApiUrl + environment JWKS (authenticated). For environment/session tokens. */\n  secretKey?: string;\n  /** OAuth app client_id – uses runtimeApiUrl + public OAuth JWKS (no auth). For validating tokens issued by your OAuth2 apps. */\n  clientId?: string;\n  token: string;\n  /** Optional override for runtime API URL */\n  runtimeApiUrl?: string | undefined;\n}\n\nexport interface TokenVerifierOptions {\n  runtimeApiUrl?: string | undefined;\n  cacheTTL?: number | undefined; // Default: 1 hour\n}\n\nexport class TokenVerifier {\n  private readonly cache = new Map<string, CachedJWK>();\n  private readonly cacheTTL: number;\n  private readonly baseURL: string;\n\n  constructor(options?: TokenVerifierOptions) {\n    this.cacheTTL = options?.cacheTTL ?? 60 * 60 * 1000; // 1 hour\n    this.baseURL = options?.runtimeApiUrl ?? 'https://api.blimu.dev';\n  }\n\n  /**\n   * Convert JWK to KeyObject\n   */\n  private jwkToKeyObject(jwk: JWK): crypto.KeyObject {\n    return crypto.createPublicKey({\n      key: {\n        kty: jwk.kty,\n        n: jwk.n,\n        e: jwk.e,\n        alg: jwk.alg,\n      },\n      format: 'jwk',\n    });\n  }\n\n  /**\n   * Get public key for a specific key ID\n   */\n  private async getPublicKey(\n    kid: string,\n    cacheKey: string,\n    fetchJwks: () => Promise<JWKSet>\n  ): Promise<crypto.KeyObject> {\n    const cached = this.cache.get(cacheKey);\n    if (cached && cached.expiresAt > Date.now()) {\n      return cached.key;\n    }\n\n    const jwkSet = await fetchJwks();\n\n    // Find the key with matching kid\n    const jwk = jwkSet.keys.find((k) => k.kid === kid);\n    if (!jwk) {\n      const availableKids = jwkSet.keys.map((k) => k.kid).join(', ');\n      throw new Error(\n        `Key with kid '${kid}' not found in JWK Set. Available kids: ${availableKids}`\n      );\n    }\n\n    // Convert JWK to KeyObject\n    const keyObject = this.jwkToKeyObject(jwk);\n\n    // Cache the key\n    this.cache.set(cacheKey, {\n      key: keyObject,\n      kid,\n      expiresAt: Date.now() + this.cacheTTL,\n    });\n\n    return keyObject;\n  }\n\n  /**\n   * Verify JWT token using JWKs from Blimu runtime API.\n   * Supports: environment/session tokens (secretKey) or OAuth app tokens (clientId).\n   */\n  async verifyToken<T = unknown>(options: VerifyTokenOptions): Promise<T> {\n    const { secretKey, clientId, token, runtimeApiUrl } = options;\n\n    const provided = [secretKey, clientId].filter(Boolean);\n    if (provided.length !== 1) {\n      throw new Error(\n        'Exactly one of secretKey or clientId must be provided. ' +\n          'Use secretKey for environment/session tokens, clientId for OAuth app access tokens.'\n      );\n    }\n\n    // Decode token header to get kid (without verification)\n    const decoded = jwt.decode(token, { complete: true });\n    if (!decoded || typeof decoded === 'string') {\n      throw new Error('Invalid token format');\n    }\n\n    const header = decoded.header;\n    if (!header.kid) {\n      throw new Error('Token missing kid in header');\n    }\n\n    const baseURL = runtimeApiUrl ?? this.baseURL;\n    let cacheKey: string;\n    let fetchJwks: () => Promise<JWKSet>;\n\n    if (secretKey) {\n      cacheKey = secretKey;\n      const core = new FetchClient({\n        baseURL,\n        authStrategies: buildAuthStrategies({ apiKey: secretKey, baseURL }),\n      });\n      const authJwks = new AuthJwksService(core);\n      fetchJwks = () => authJwks.getJwks();\n    } else {\n      // Include baseURL so we don't reuse JWKS from a different runtime (e.g. after DB reset or wrong BLIMU_API_URL)\n      cacheKey = `oauth:${baseURL}:${clientId!}`;\n      const core = new FetchClient({ baseURL });\n      const authJwks = new AuthJwksService(core);\n      fetchJwks = () => authJwks.getOAuthAppJwks({ client_id: clientId! });\n    }\n\n    let publicKey: crypto.KeyObject;\n    try {\n      publicKey = await this.getPublicKey(header.kid, cacheKey, fetchJwks);\n    } catch {\n      this.clearCache(cacheKey);\n      publicKey = await this.getPublicKey(header.kid, cacheKey, fetchJwks);\n    }\n\n    return jwt.verify(token, publicKey, { algorithms: ['RS256'] }) as T;\n  }\n\n  /**\n   * Clear cache (useful for testing or key rotation)\n   */\n  clearCache(cacheKey?: string): void {\n    if (cacheKey) {\n      this.cache.delete(cacheKey);\n    } else {\n      this.cache.clear();\n    }\n  }\n}\n\n/**\n * Convenience function to verify a token (environment or OAuth app).\n */\nexport async function verifyToken<T = unknown>(options: VerifyTokenOptions): Promise<T> {\n  const verifier = new TokenVerifier();\n  return verifier.verifyToken<T>(options);\n}\n\nexport interface VerifyOAuthTokenOptions {\n  token: string;\n  clientId: string;\n  runtimeApiUrl?: string | undefined;\n}\n\n/**\n * Convenience function to verify an OAuth app access token using the app's client_id.\n * Fetches the public JWKS from the runtime API (no auth required).\n */\nexport async function verifyOAuthToken<T = unknown>(options: VerifyOAuthTokenOptions): Promise<T> {\n  return verifyToken<T>({\n    ...options,\n    clientId: options.clientId,\n  });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAAwC;AACxC,IAAAA,gBAAgE;;;ACEzD,SAAS,oBAAoB,KAAmC;AACrE,QAAM,iBAAiC,CAAC,GAAI,KAAK,kBAAkB,CAAC,CAAE;AAEtE,MAAI,IAAI,QAAQ;AACd,mBAAe,KAAK;AAAA,MAClB,MAAM;AAAA,MACN,KAAK,IAAI;AAAA,MACT,UAAU;AAAA,MACV,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACZO,IAAM,kBAAN,MAAsB;AAAA,EAC3B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,QAAQ,MAAkE;AACxE,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAgB,MAA+D;AAC7E,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,OACA,MACqB;AACrB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACzCO,IAAM,uBAAN,MAA2B;AAAA,EAChC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,MACA,MACgC;AAChC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACjBO,IAAM,sBAAN,MAA0B;AAAA,EAC/B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,iBACE,MACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,cACA,YACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,sCAAsC,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MAC9G;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cACE,kBACA,OACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,oCAAoC,mBAAmB,gBAAgB,CAAC;AAAA,MAC9E;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,qBACE,OACA,MACsC;AACtC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,UACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,oBACE,MACA,MACyC;AACzC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,WACA,MACwC;AACxC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,yBAAyB,mBAAmB,SAAS,CAAC;AAAA,MAC5D,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACuC;AACvC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MACE,MACA,MAC+B;AAC/B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AChJO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,OACE,cACA,YACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpDO,IAAM,yBAAN,MAA6B;AAAA,EAClC,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,YACA,OACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACpBO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,cACA,OACA,MAC8B;AAC9B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,MACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC;AAAA,MACvD;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KACE,cACA,YACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,cACA,YACA,MACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,iBAAiB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzF;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,QACA,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,cACA,YACA,MACkB;AAClB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC,UAAU,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC;AAAA,MACzH,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACtDO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WACE,cACA,YACA,WACA,OACA,MACiC;AACjC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,qBAAqB,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MAC9H;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,WACE,MACA,MACoC;AACpC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,QACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACqC;AACrC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBACE,cACA,YACA,WACA,OACA,MAC4C;AAC5C,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,0BAA0B,mBAAmB,YAAY,CAAC,IAAI,mBAAmB,UAAU,CAAC,IAAI,mBAAmB,SAAS,CAAC;AAAA,MACnI;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;ACxFO,IAAM,eAAN,MAAmB;AAAA,EACxB,YAAoB,MAAmB;AAAnB;AAAA,EAAoB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,KACE,OACA,MAC0B;AAC1B,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM;AAAA,MACN;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,QAAgB,MAA+D;AACpF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAAK,QAAgB,MAAmE;AACtF,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OACE,QACA,MACA,MACsB;AACtB,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C;AAAA,MACA,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gCACE,QACA,MACkC;AAClC,WAAO,KAAK,KAAK,QAAQ;AAAA,MACvB,QAAQ;AAAA,MACR,MAAM,aAAa,mBAAmB,MAAM,CAAC;AAAA,MAC7C,GAAI,QAAQ,CAAC;AAAA,IACf,CAAC;AAAA,EACH;AACF;;;AZ1EO,IAAM,QAAN,MAAY;AAAA,EACR;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAwB;AAClC,UAAM,UAAU,EAAE,GAAI,WAAW,CAAC,EAAG;AACrC,WAAO,QAAQ;AAEf,UAAM,iBAAiB,oBAAoB,WAAW,CAAC,CAAC;AAExD,UAAM,OAAO,IAAI,yBAAY;AAAA,MAC3B,GAAG;AAAA,MACH,SAAS,SAAS,WAAW;AAAA,MAC7B,GAAI,eAAe,SAAS,IAAI,EAAE,eAAe,IAAI,CAAC;AAAA,IACxD,CAAC;AAED,SAAK,WAAW,IAAI,gBAAgB,IAAI;AACxC,SAAK,gBAAgB,IAAI,qBAAqB,IAAI;AAClD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,eAAe,IAAI,oBAAoB,IAAI;AAChD,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,kBAAkB,IAAI,uBAAuB,IAAI;AACtD,SAAK,YAAY,IAAI,iBAAiB,IAAI;AAC1C,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAClC,SAAK,QAAQ,IAAI,aAAa,IAAI;AAAA,EACpC;AACF;AAIO,IAAM,aAAa;;;ADlD1B,0BAAc,yBAVd;;;AcAA,IAAAC,gBAAkD;AAIlD,gBAAuB,SACrB,WAIA,eAA+B,CAAC,GAChC,WAAW,KACuB;AAClC,MAAI,SAAS,OAAO,aAAa,UAAU,CAAC;AAC5C,QAAM,QAAQ,OAAO,aAAa,SAAS,QAAQ;AAEnD,QAAM,YAA4B,EAAE,GAAG,aAAa;AACpD,SAAO,MAAM;AACX,UAAM,OAAO,MAAM,UAAU,EAAE,GAAG,WAAW,OAAO,OAAO,CAAC;AAC5D,UAAM,QAAQ,KAAK,QAAQ,CAAC;AAC5B,eAAW,QAAQ,OAAO;AACxB,YAAM;AAAA,IACR;AACA,QAAI,CAAC,KAAK,WAAW,MAAM,SAAS,MAAO;AAC3C,cAAU;AAAA,EACZ;AACF;AAEA,eAAsB,QACpB,WAIA,QAAwB,CAAC,GACzB,WAAW,KACG;AACd,QAAM,MAAW,CAAC;AAClB,mBAAiB,QAAQ,SAAY,WAAW,OAAO,QAAQ,EAAG,KAAI,KAAK,IAAI;AAC/E,SAAO;AACT;AAOO,SAAS,eAA6C,KAAW;AAGtE,SAAO,IAAI;AAAA,IACT,CAAC,SAAgD,SAAS;AAAA,EAC5D;AACF;;;ACnDA;;;ACAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAkB;AAMX,IAAM,wBAAwB,aAAE,OAAO;AAMvC,IAAM,iBAAiB,aAAE,OAAO;AAMhC,IAAM,qBAAqB,aAAE,OAAO;AAMpC,IAAM,uBAAuB,aAAE,OAAO;AAKtC,IAAM,yBAAyB,aAAE,OAAO;AAAA;AAAA,EACR,QAAQ,aAAE,KAAK,CAAC,SAAS,MAAM,CAAC;AAAA;AAAA,EACS,eAAe,aAC1F,QAAQ,EACR,SAAS;AAAA;AAAA,EACY,WAAW,aAAE,OAAO;AAAA;AAAA,EACjB,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC7B,uBAAuB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACzD,cAAc,aAAE,OAAO;AAAA;AAAA,EACH,eAAe,aAAE,OAAO;AAAA;AAAA,EAC1B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtB,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACD,aAAa,aAC/E,QAAQ,EACR,SAAS;AACd,CAAC;AAKM,IAAM,wBAAwB,aAAE,OAAO,EAAE,SAAS,aAAE,OAAO,EAAE,CAAC;AAK9D,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,EAClB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,OAAO;AACtB,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EACT,kBAAkB,aAAE,QAAQ;AAAA;AAAA,EACE,oBACpE,aAAE,QAAQ;AACd,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA;AAAA,EACd,QAAQ,aAAE,KAAK,CAAC,SAAS,MAAM,CAAC;AAAA;AAAA,EACS,eAAe,aAC1F,QAAQ,EACR,SAAS;AAAA;AAAA,EACyD,aAAa,aAC/E,QAAQ,EACR,SAAS;AAAA;AAAA,EAC+B,WAAW,aAAE,OAAO;AACjE,CAAC;AAKM,IAAM,gCAAgC,aAAE,OAAO;AAAA;AAAA,EACJ,SAAS,aAAE,QAAQ;AACrE,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA;AAAA,EACT,SAAS,aAAE,OAAO;AAAA;AAAA,EACgB,mBAC1E,aAAE,QAAQ;AAAA;AAAA,EACiC,gBAAgB,aAAE,QAAQ;AAAA;AAAA,EACxB,QAAQ,aAAE,OAAO,EAAE,MAAM;AAC1E,CAAC;AAKM,IAAM,0BAA0B,aAAE,OAAO;AAAA;AAAA,EACtB,WAAW,aAAE,OAAO;AAAA;AAAA,EACe,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC7D,uBAAuB,aAAE,KAAK,CAAC,QAAQ,OAAO,CAAC,EAAE,SAAS;AAAA;AAAA,EACtD,OAAO,aAAE,OAAO,EAAE,SAAS;AACnE,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EACD,aAAa,aAAE,OAAO;AAAA;AAAA,EACtB,YAAY,aAAE,OAAO;AAAA;AAAA,EACxB,UAAU,aAAE,OAAO;AAAA;AAAA,EACR,WAAW,aAAE,OAAO;AAAA;AAAA,EACzC,kBAAkB,aAAE,OAAO;AAAA;AAAA,EACZ,2BAA2B,aAAE,OAAO;AACtF,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EACvB,WAAW,aAAE,OAAO;AAAA;AAAA,EACU,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1C,aAAa,aAAE,OAAO;AAAA;AAAA,EAC7B,YAAY,aAAE,KAAK;AAAA,IACzD;AAAA,EACF,CAAC;AACH,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EAClB,OAAO,aAAE,OAAO;AAAA;AAAA,EAClB,iBAAiB,aAC3C,KAAK,CAAC,gBAAgB,eAAe,CAAC,EACtC,SAAS;AACd,CAAC;AAKM,IAAM,8BAA8B,aAAE,OAAO;AAAA;AAAA,EACf,QAAQ,aAAE,QAAQ;AAAA;AAAA,EACpC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1B,gBAAgB,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACxB,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC1B,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACpB,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACxC,KAAK,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAChC,YAAY,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACvB,UAAU,aAAE,OAAO,EAAE,SAAS;AAC3D,CAAC;AAKM,IAAM,YAAY,aAAE,OAAO;AAAA,EAChC,MAAM,aACH,OAAO;AAAA,IACN,KAAK,aAAE,OAAO;AAAA,IACd,GAAG,aAAE,OAAO;AAAA,IACZ,KAAK,aAAE,OAAO;AAAA,IACd,KAAK,aAAE,OAAO;AAAA,IACd,GAAG,aAAE,OAAO;AAAA,IACZ,KAAK,aAAE,OAAO;AAAA,EAChB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,gCAAgC,aAAE,OAAO;AAAA,EACpD,WAAW,aAAE,OAAO;AAAA,EACpB,gBAAgB,aAAE,OAAO;AAAA,EACzB,KAAK,aAAE,OAAO,EAAE,IAAI;AAAA,EACpB,KAAK,aAAE,OAAO,EAAE,IAAI;AAAA,EACpB,OAAO,aAAE,OAAO;AAAA,EAChB,KAAK,aAAE,OAAO;AAAA,EACd,YAAY,aAAE,OAAO;AACvB,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO,EAAE,SAAS,aAAE,QAAQ,EAAE,CAAC;AAKlE,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,QAAQ;AAAA,IACrB,MAAM,aAAE,OAAO;AAAA,IACf,MAAM,aAAE,OAAO;AAAA,MACb,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,MAC1B,OAAO,aAAE,MAAM;AAAA,MACf,eAAe,aAAE,QAAQ;AAAA,MACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,IAAI,aAAE,OAAO;AAAA,MACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,MACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,MAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,MAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,0BAA0B,aAAE,OAAO;AAAA;AAAA,EACnB,OAAO,aAAE,OAAO;AAAA;AAAA,EACd,iBAAiB,aAC3C,KAAK,CAAC,gBAAgB,eAAe,CAAC,EACtC,SAAS;AACd,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA;AAAA,EACjB,WAAW,aAAE,OAAO;AAAA;AAAA,EACoB,eAAe,aAC5E,OAAO,EACP,SAAS;AAAA;AAAA,EACsD,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtC,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAChE,YAAY,aAAE,KAAK,CAAC,sBAAsB,eAAe,CAAC;AAAA;AAAA,EACvB,cAAc,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACtC,eAAe,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC9B,OAAO,aAAE,OAAO,EAAE,SAAS;AAC1F,CAAC;AAKM,IAAM,sBAAsB,aAAE,OAAO;AAAA;AAAA,EAChB,cAAc,aAAE,OAAO;AAAA;AAAA,EACF,YAAY,aAAE,OAAO;AAAA;AAAA,EACb,eAAe,aAAE,OAAO;AAAA;AAAA,EACjC,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EACvD,YAAY,aAAE,OAAO;AACzC,CAAC;AAKM,IAAM,aAAa,aAAE,OAAO;AAAA,EACjC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,OAAO,aAAE,MAAM;AAAA,EACf,eAAe,aAAE,QAAQ;AAAA,EACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,IAAI,aAAE,OAAO;AAAA,EACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,EACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAW,aAAE,IAAI,SAAS;AAC5B,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,WAAW,aAAE,IAAI,EAAE,SAAS;AAAA,EAC5B,OAAO,aAAE,MAAM;AAAA,EACf,WAAW,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,aAAE,OAAO;AAAA,EACpB,SAAS,aAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC3C,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,IAC1B,OAAO,aAAE,MAAM;AAAA,IACf,eAAe,aAAE,QAAQ;AAAA,IACzB,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,IAAI,aAAE,OAAO;AAAA,IACb,aAAa,aAAE,IAAI,SAAS,EAAE,SAAS;AAAA,IACvC,UAAU,aAAE,OAAO,EAAE,SAAS;AAAA,IAC9B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,WAAW,aAAE,IAAI,SAAS;AAAA,EAC5B,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,WAAW,aAAE,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACvC,OAAO,aAAE,MAAM,EAAE,SAAS;AAAA,EAC1B,WAAW,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1C,UAAU,aAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACzC,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,UAAU,aAAE,OAAO,EAAE,SAAS;AAChC,CAAC;AAKM,IAAM,6BAA6B,aAAE,OAAO;AAAA,EACjD,QAAQ,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS;AAAA,EAClC,aAAa;AAAA,EACb,YAAY,aAAE,OAAO;AAAA,EACrB,QAAQ,aAAE,OAAO;AACnB,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,SAAS,aAAE,QAAQ;AAAA,EACnB,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,IAC3B,MAAM,eAAe,SAAS;AAAA,IAC9B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,WAAW,aAAE,OAAO,EAAE,SAAS;AAAA,IAC/B,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,CAAC,EACA,SAAS,EACT,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,cAAc,eAAe,MAAM,EAAE,SAAS;AAAA,IAC9C,MAAM,eAAe,SAAS;AAAA,IAC9B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,CAAC,EACA,SAAS,EACT,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,SAAS,aAAE,QAAQ;AAAA,IACnB,cAAc,aAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,IAC1C,QAAQ,aAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,WAAW,aAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACzC,CAAC,EACA,SAAS,EACT,SAAS;AACd,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO,EAAE,SAAS,eAAe,CAAC;AAKjE,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,SAAS,aACN,OAAO;AAAA,IACN,cAAc,aACX,OAAO;AAAA,MACN,SAAS,aAAE,QAAQ;AAAA,MACnB,eAAe,aAAE,QAAQ;AAAA,MACzB,eAAe,aAAE,QAAQ;AAAA,MACzB,cAAc,eAAe,MAAM,EAAE,SAAS;AAAA,MAC9C,cAAc,aAAE,OAAO,EAAE,MAAM;AAAA,MAC/B,aAAa,eAAe,SAAS;AAAA,MACrC,aAAa,aAAE,OAAO,EAAE,SAAS;AAAA,MACjC,aAAa;AAAA,IACf,CAAC,EACA,MAAM;AAAA,IACT,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,EAChB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA,EACzC,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,eAAe,aAAE,OAAO;AAAA,EACxB,SAAS;AAAA,EACT,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,WAAW,aAAE,IAAI,SAAS;AAC5B,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,IAAI,aAAE,OAAO;AAAA,EACb,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,SAAS,aACN,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACZ,MAAM;AACR,CAAC;AAKM,IAAM,+BAA+B,aAAE,OAAO;AAAA,EACnD,WAAW,aACR,OAAO;AAAA,IACN,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,IACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,IAC1B,SAAS,aACN,OAAO;AAAA,MACN,IAAI,aAAE,OAAO;AAAA,MACb,MAAM;AAAA,IACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,IACZ,OAAO,aACJ,OAAO;AAAA,MACN,MAAM,aAAE,OAAO;AAAA,MACf,QAAQ,aAAE,OAAO;AAAA,IACnB,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACd,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,SAAS,aACN,OAAO;AAAA,IACN,eAAe,aAAE,OAAO;AAAA,IACxB,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM;AAAA,EACT,QAAQ,aACL,OAAO;AAAA,IACN,OAAO,aAAE,OAAO;AAAA,IAChB,OAAO,aAAE,OAAO;AAAA,IAChB,UAAU,aAAE,OAAO;AAAA,MACjB,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,MACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,SAAS,aACN,OAAO;AAAA,QACN,IAAI,aAAE,OAAO;AAAA,QACb,MAAM;AAAA,MACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,MACZ,OAAO,aACJ,OAAO;AAAA,QACN,MAAM,aAAE,OAAO;AAAA,QACf,QAAQ,aAAE,OAAO;AAAA,MACnB,CAAC,EACA,MAAM,EACN,SAAS;AAAA,IACd,CAAC;AAAA,EACH,CAAC,EACA,MAAM;AAAA,EACT,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,IAChB,QAAQ,aAAE,OAAO;AAAA,IACjB,YAAY,aAAE,OAAO;AAAA,IACrB,OAAO,aAAE,OAAO;AAAA,EAClB,CAAC;AACH,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,IAAI,aAAE,OAAO,EAAE,SAAS;AAAA,EACxB,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA,EAC1B,SAAS,aACN,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AAAA,EACZ,OAAO,aACJ,OAAO;AAAA,IACN,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM,EACN,SAAS;AACd,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAC8D,SAAS,aAC9F,OAAO;AAAA,IACN,IAAI,aAAE,OAAO;AAAA,IACb,MAAM;AAAA,EACR,CAAC,EACA,MAAM,EACN,SAAS;AACd,CAAC;AAKM,IAAM,aAAa,aAAE,OAAO;AAAA,EACjC,WAAW,aAAE,OAAO;AAAA,EACpB,eAAe,aAAE,OAAO;AAAA,EACxB,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO;AAAA,EACf,QAAQ,aAAE,OAAO;AACnB,CAAC;AAKM,IAAM,2BAA2B,aAAE,OAAO;AAAA,EAC/C,OAAO,aACJ,OAAO;AAAA,IACN,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,SAAS,aACN,OAAO;AAAA,IACN,WAAW,aAAE,OAAO;AAAA,IACpB,eAAe,aAAE,OAAO;AAAA,IACxB,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,QAAQ,aACL,OAAO;AAAA,IACN,OAAO,aAAE,OAAO;AAAA,IAChB,OAAO,aAAE,OAAO;AAAA,IAChB,MAAM,aAAE,OAAO;AAAA,MACb,YAAY,aAAE,OAAO;AAAA,MACrB,cAAc;AAAA,MACd,MAAM,aAAE,OAAO;AAAA,MACf,QAAQ,aAAE,OAAO;AAAA,IACnB,CAAC;AAAA,EACH,CAAC,EACA,MAAM;AAAA,EACT,SAAS,aAAE,QAAQ;AAAA,EACnB,SAAS,aAAE,OAAO;AAAA,IAChB,QAAQ,aAAE,OAAO;AAAA,IACjB,YAAY,aAAE,OAAO;AAAA,IACrB,OAAO,aAAE,OAAO;AAAA,EAClB,CAAC;AACH,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO;AACjB,CAAC;AAKM,IAAM,iBAAiB,aAAE,OAAO;AAAA,EACrC,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aACJ,OAAO;AAAA,IACN,WAAW,aAAE,OAAO;AAAA,IACpB,eAAe,aAAE,OAAO;AAAA,IACxB,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO;AAAA,IACf,QAAQ,aAAE,OAAO;AAAA,EACnB,CAAC,EACA,MAAM;AAAA,EACT,OAAO,aAAE,OAAO;AAClB,CAAC;AAKM,IAAM,yBAAyB,aAAE;AAAA,EACtC,aAAE,OAAO;AAAA,IACP,WAAW,aAAE,QAAQ;AAAA,IACrB,UAAU,aACP,OAAO;AAAA,MACN,IAAI,aAAE,OAAO;AAAA,MACb,MAAM,aAAE,OAAO;AAAA,MACf,SAAS,aACN,OAAO;AAAA,QACN,IAAI,aAAE,OAAO;AAAA,QACb,MAAM;AAAA,MACR,CAAC,EACA,MAAM;AAAA,MACT,MAAM;AAAA,IACR,CAAC,EACA,SAAS,aAAE,QAAQ,CAAC;AAAA,IACvB,MAAM,aAAE,OAAO;AAAA,EACjB,CAAC;AACH;AAKO,IAAM,mCAAmC,aAAE,OAAO;AAAA,EACvD,OAAO,aACJ,OAAO;AAAA,IACN,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,IACvB,WAAW,aAAE,IAAI,SAAS;AAAA,IAC1B,eAAe,aAAE,OAAO;AAAA,IACxB,IAAI,aAAE,OAAO;AAAA,IACb,WAAW;AAAA,IACX,YAAY,aAAE,OAAO;AAAA,IACrB,cAAc;AAAA,IACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AAAA,EACnD,CAAC,EACA,MAAM;AACX,CAAC;AAKM,IAAM,uBAAuB,aAAE,OAAO;AAAA,EAC3C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC;AAAA,EAChD,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAChB,CAAC;AAKM,IAAM,yBAAyB,aAAE,OAAO;AAAA,EAC7C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,wBAAwB,aAAE,OAAO;AAAA,EAC5C,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,4BAA4B,aAAE,OAAO;AAAA,EAChD,QAAQ,aAAE,OAAO,EAAE,IAAI;AAAA,EACvB,WAAW,aAAE,IAAI,SAAS;AAAA,EAC1B,eAAe,aAAE,OAAO;AAAA,EACxB,IAAI,aAAE,OAAO;AAAA,EACb,WAAW;AAAA,EACX,YAAY,aAAE,OAAO;AAAA,EACrB,cAAc;AAAA,EACd,MAAM,aAAE,OAAO,aAAE,OAAO,GAAG,aAAE,QAAQ,CAAC,EAAE,SAAS;AACnD,CAAC;AAKM,IAAM,qBAAqB,aAAE,OAAO;AAAA,EACzC,OAAO,eAAe,MAAM;AAAA,EAC5B,OAAO,aAAE,OAAO;AAAA,EAChB,MAAM,aAAE,OAAO;AAAA,EACf,OAAO,aAAE,OAAO;AAClB,CAAC;AAQM,IAAM,qCAAqC,aAAE,OAAO;AAAA;AAAA,EAEzD,WAAW,aAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAMM,IAAM,yCAAyC,aAAE,OAAO;AAAA;AAAA,EAE7D,QAAQ,aAAE,OAAO;AACnB,CAAC;AAMM,IAAM,uCAAuC,aAAE,OAAO;AAAA;AAAA,EAE3D,QAAQ,aAAE,OAAO;AACnB,CAAC;AAMM,IAAM,uCAAuC,aAAE,OAAO;AAAA;AAAA,EAE3D,WAAW,aAAE,OAAO;AAAA;AAAA,EAEpB,cAAc,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAElC,OAAO,aAAE,OAAO,EAAE,SAAS;AAC7B,CAAC;AAMM,IAAM,iCAAiC,aAAE,OAAO;AAAA;AAAA,EAErD,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAMM,IAAM,2BAA2B,aAAE,OAAO;AAAA;AAAA,EAE/C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAMM,IAAM,uBAAuB,aAAE,OAAO;AAAA;AAAA,EAE3C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,YAAY,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAEhC,cAAc,mBAAmB,SAAS;AAAA;AAAA,EAE1C,MAAM,aAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAMM,IAAM,6BAA6B,aAAE,OAAO;AAAA;AAAA,EAEjD,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC;AAClD,CAAC;AAMM,IAAM,wCAAwC,aAAE,OAAO;AAAA;AAAA,EAE5D,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE7B,QAAQ,aAAE,KAAK,CAAC,WAAW,UAAU,UAAU,CAAC,EAAE,SAAS;AAAA;AAAA,EAE3D,WAAW,aAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAMM,IAAM,uBAAuB,aAAE,OAAO;AAAA;AAAA,EAE3C,OAAO,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE3B,MAAM,aAAE,OAAO,EAAE,SAAS;AAAA;AAAA,EAE1B,QAAQ,aAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;;;ACz0BD,aAAwB;AACxB,UAAqB;AACrB,IAAAC,gBAA4B;AA+BrB,IAAM,gBAAN,MAAoB;AAAA,EACR,QAAQ,oBAAI,IAAuB;AAAA,EACnC;AAAA,EACA;AAAA,EAEjB,YAAY,SAAgC;AAC1C,SAAK,WAAW,SAAS,YAAY,KAAK,KAAK;AAC/C,SAAK,UAAU,SAAS,iBAAiB;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,KAA4B;AACjD,WAAc,uBAAgB;AAAA,MAC5B,KAAK;AAAA,QACH,KAAK,IAAI;AAAA,QACT,GAAG,IAAI;AAAA,QACP,GAAG,IAAI;AAAA,QACP,KAAK,IAAI;AAAA,MACX;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,aACZ,KACA,UACA,WAC2B;AAC3B,UAAM,SAAS,KAAK,MAAM,IAAI,QAAQ;AACtC,QAAI,UAAU,OAAO,YAAY,KAAK,IAAI,GAAG;AAC3C,aAAO,OAAO;AAAA,IAChB;AAEA,UAAM,SAAS,MAAM,UAAU;AAG/B,UAAM,MAAM,OAAO,KAAK,KAAK,CAAC,MAAM,EAAE,QAAQ,GAAG;AACjD,QAAI,CAAC,KAAK;AACR,YAAM,gBAAgB,OAAO,KAAK,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,IAAI;AAC7D,YAAM,IAAI;AAAA,QACR,iBAAiB,GAAG,2CAA2C,aAAa;AAAA,MAC9E;AAAA,IACF;AAGA,UAAM,YAAY,KAAK,eAAe,GAAG;AAGzC,SAAK,MAAM,IAAI,UAAU;AAAA,MACvB,KAAK;AAAA,MACL;AAAA,MACA,WAAW,KAAK,IAAI,IAAI,KAAK;AAAA,IAC/B,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAyB,SAAyC;AACtE,UAAM,EAAE,WAAW,UAAU,OAAO,cAAc,IAAI;AAEtD,UAAM,WAAW,CAAC,WAAW,QAAQ,EAAE,OAAO,OAAO;AACrD,QAAI,SAAS,WAAW,GAAG;AACzB,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAGA,UAAM,UAAc,WAAO,OAAO,EAAE,UAAU,KAAK,CAAC;AACpD,QAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,UAAM,SAAS,QAAQ;AACvB,QAAI,CAAC,OAAO,KAAK;AACf,YAAM,IAAI,MAAM,6BAA6B;AAAA,IAC/C;AAEA,UAAM,UAAU,iBAAiB,KAAK;AACtC,QAAI;AACJ,QAAI;AAEJ,QAAI,WAAW;AACb,iBAAW;AACX,YAAM,OAAO,IAAI,0BAAY;AAAA,QAC3B;AAAA,QACA,gBAAgB,oBAAoB,EAAE,QAAQ,WAAW,QAAQ,CAAC;AAAA,MACpE,CAAC;AACD,YAAM,WAAW,IAAI,gBAAgB,IAAI;AACzC,kBAAY,MAAM,SAAS,QAAQ;AAAA,IACrC,OAAO;AAEL,iBAAW,SAAS,OAAO,IAAI,QAAS;AACxC,YAAM,OAAO,IAAI,0BAAY,EAAE,QAAQ,CAAC;AACxC,YAAM,WAAW,IAAI,gBAAgB,IAAI;AACzC,kBAAY,MAAM,SAAS,gBAAgB,EAAE,WAAW,SAAU,CAAC;AAAA,IACrE;AAEA,QAAI;AACJ,QAAI;AACF,kBAAY,MAAM,KAAK,aAAa,OAAO,KAAK,UAAU,SAAS;AAAA,IACrE,QAAQ;AACN,WAAK,WAAW,QAAQ;AACxB,kBAAY,MAAM,KAAK,aAAa,OAAO,KAAK,UAAU,SAAS;AAAA,IACrE;AAEA,WAAW,WAAO,OAAO,WAAW,EAAE,YAAY,CAAC,OAAO,EAAE,CAAC;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,UAAyB;AAClC,QAAI,UAAU;AACZ,WAAK,MAAM,OAAO,QAAQ;AAAA,IAC5B,OAAO;AACL,WAAK,MAAM,MAAM;AAAA,IACnB;AAAA,EACF;AACF;AAKA,eAAsB,YAAyB,SAAyC;AACtF,QAAM,WAAW,IAAI,cAAc;AACnC,SAAO,SAAS,YAAe,OAAO;AACxC;AAYA,eAAsB,iBAA8B,SAA8C;AAChG,SAAO,YAAe;AAAA,IACpB,GAAG;AAAA,IACH,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;","names":["import_fetch","import_fetch","import_fetch"]}