@blokjs/runner 0.6.21 → 0.7.0

package/dist/security/RBAC.d.ts

@@ -1,143 +0,0 @@
-/**
- * Role-Based Access Control (RBAC) for Blok
- *
- * Provides fine-grained access control for workflow execution:
- * - Role definitions with permissions
- * - Resource-based access control
- * - Hierarchical roles with inheritance
- * - Workflow-level and node-level access control
- *
- * @example
- * ```typescript
- * const rbac = new RBAC();
- *
- * // Define roles
- * rbac.addRole({
- *   name: "admin",
- *   permissions: [
- *     { resource: "workflow", actions: ["*"] },
- *     { resource: "node", actions: ["*"] },
- *   ],
- * });
- *
- * rbac.addRole({
- *   name: "developer",
- *   permissions: [
- *     { resource: "workflow", actions: ["read", "execute"] },
- *     { resource: "node", actions: ["read", "execute"] },
- *   ],
- *   inherits: ["viewer"],
- * });
- *
- * rbac.addRole({
- *   name: "viewer",
- *   permissions: [
- *     { resource: "workflow", actions: ["read"] },
- *   ],
- * });
- *
- * // Check permissions
- * rbac.can("admin", "workflow", "delete");     // true
- * rbac.can("developer", "workflow", "execute"); // true
- * rbac.can("viewer", "workflow", "execute");    // false
- * ```
- */
-export type Action = "read" | "create" | "update" | "delete" | "execute" | "admin" | "*";
-export interface Permission {
-    /** Resource type (e.g., "workflow", "node", "trigger", "runtime") */
-    resource: string;
-    /** Allowed actions on this resource */
-    actions: Action[];
-    /** Optional: restrict to specific resource instances by pattern */
-    resourcePattern?: string;
-    /** Optional: conditions that must be met (e.g., { "env": "staging" }) */
-    conditions?: Record<string, unknown>;
-}
-export interface RoleDefinition {
-    /** Unique role name */
-    name: string;
-    /** Human-readable description */
-    description?: string;
-    /** Permissions granted to this role */
-    permissions: Permission[];
-    /** Roles this role inherits from */
-    inherits?: string[];
-}
-export interface AccessCheckResult {
-    allowed: boolean;
-    role: string;
-    resource: string;
-    action: Action;
-    reason?: string;
-    matchedPermission?: Permission;
-}
-export interface RBACPolicy {
-    /** Named resource access policies */
-    workflows?: Record<string, {
-        allowedRoles: string[];
-        actions?: Action[];
-    }>;
-    /** Default policy when no specific policy matches */
-    defaultPolicy?: "allow" | "deny";
-}
-export declare class RBAC {
-    private roles;
-    private policies;
-    private roleCache;
-    /**
-     * Add a role definition
-     */
-    addRole(role: RoleDefinition): void;
-    /**
-     * Remove a role
-     */
-    removeRole(name: string): void;
-    /**
-     * Get a role definition
-     */
-    getRole(name: string): RoleDefinition | undefined;
-    /**
-     * Get all defined roles
-     */
-    getRoles(): RoleDefinition[];
-    /**
-     * Add a resource-specific policy
-     */
-    addPolicy(resourceId: string, policy: RBACPolicy): void;
-    /**
-     * Check if a role has permission to perform an action on a resource
-     */
-    can(roleName: string, resource: string, action: Action, resourceId?: string): AccessCheckResult;
-    /**
-     * Check if any of the given roles has permission
-     */
-    canAny(roles: string[], resource: string, action: Action, resourceId?: string): AccessCheckResult;
-    /**
-     * Check workflow-specific access
-     */
-    canAccessWorkflow(roles: string[], workflowPath: string, action?: Action): AccessCheckResult;
-    /**
-     * Get all effective permissions for a role (including inherited)
-     */
-    getEffectivePermissions(roleName: string, visited?: Set<string>): Permission[];
-    /**
-     * Export current RBAC configuration as JSON
-     */
-    toJSON(): {
-        roles: RoleDefinition[];
-        policies: Record<string, RBACPolicy>;
-    };
-    /**
-     * Load RBAC configuration from JSON
-     */
-    fromJSON(config: {
-        roles: RoleDefinition[];
-        policies?: Record<string, RBACPolicy>;
-    }): void;
-    private matchesPermission;
-    private matchesPattern;
-}
-/**
- * Create a preconfigured RBAC instance with common roles
- */
-export declare function createDefaultRBAC(): RBAC;

package/dist/security/RBAC.js

@@ -1,285 +0,0 @@
-/**
- * Role-Based Access Control (RBAC) for Blok
- *
- * Provides fine-grained access control for workflow execution:
- * - Role definitions with permissions
- * - Resource-based access control
- * - Hierarchical roles with inheritance
- * - Workflow-level and node-level access control
- *
- * @example
- * ```typescript
- * const rbac = new RBAC();
- *
- * // Define roles
- * rbac.addRole({
- *   name: "admin",
- *   permissions: [
- *     { resource: "workflow", actions: ["*"] },
- *     { resource: "node", actions: ["*"] },
- *   ],
- * });
- *
- * rbac.addRole({
- *   name: "developer",
- *   permissions: [
- *     { resource: "workflow", actions: ["read", "execute"] },
- *     { resource: "node", actions: ["read", "execute"] },
- *   ],
- *   inherits: ["viewer"],
- * });
- *
- * rbac.addRole({
- *   name: "viewer",
- *   permissions: [
- *     { resource: "workflow", actions: ["read"] },
- *   ],
- * });
- *
- * // Check permissions
- * rbac.can("admin", "workflow", "delete");     // true
- * rbac.can("developer", "workflow", "execute"); // true
- * rbac.can("viewer", "workflow", "execute");    // false
- * ```
- */
-export class RBAC {
-    roles = new Map();
-    policies = new Map();
-    roleCache = new Map();
-    /**
-     * Add a role definition
-     */
-    addRole(role) {
-        this.roles.set(role.name, role);
-        // Invalidate cache for this role and any role that inherits from it
-        this.roleCache.clear();
-    }
-    /**
-     * Remove a role
-     */
-    removeRole(name) {
-        this.roles.delete(name);
-        this.roleCache.clear();
-    }
-    /**
-     * Get a role definition
-     */
-    getRole(name) {
-        return this.roles.get(name);
-    }
-    /**
-     * Get all defined roles
-     */
-    getRoles() {
-        return Array.from(this.roles.values());
-    }
-    /**
-     * Add a resource-specific policy
-     */
-    addPolicy(resourceId, policy) {
-        this.policies.set(resourceId, policy);
-    }
-    /**
-     * Check if a role has permission to perform an action on a resource
-     */
-    can(roleName, resource, action, resourceId) {
-        const permissions = this.getEffectivePermissions(roleName);
-        for (const perm of permissions) {
-            if (this.matchesPermission(perm, resource, action, resourceId)) {
-                return {
-                    allowed: true,
-                    role: roleName,
-                    resource,
-                    action,
-                    matchedPermission: perm,
-                };
-            }
-        }
-        return {
-            allowed: false,
-            role: roleName,
-            resource,
-            action,
-            reason: `Role '${roleName}' does not have '${action}' permission on '${resource}'`,
-        };
-    }
-    /**
-     * Check if any of the given roles has permission
-     */
-    canAny(roles, resource, action, resourceId) {
-        for (const role of roles) {
-            const result = this.can(role, resource, action, resourceId);
-            if (result.allowed)
-                return result;
-        }
-        return {
-            allowed: false,
-            role: roles.join(","),
-            resource,
-            action,
-            reason: `None of roles [${roles.join(", ")}] have '${action}' permission on '${resource}'`,
-        };
-    }
-    /**
-     * Check workflow-specific access
-     */
-    canAccessWorkflow(roles, workflowPath, action = "execute") {
-        // Check resource-specific policy first
-        const policy = this.policies.get(workflowPath);
-        if (policy?.workflows) {
-            for (const [pattern, config] of Object.entries(policy.workflows)) {
-                if (this.matchesPattern(workflowPath, pattern)) {
-                    const allowedActions = config.actions || ["execute"];
-                    if (!allowedActions.includes(action) && !allowedActions.includes("*")) {
-                        return {
-                            allowed: false,
-                            role: roles.join(","),
-                            resource: workflowPath,
-                            action,
-                            reason: `Action '${action}' not allowed on workflow '${workflowPath}'`,
-                        };
-                    }
-                    const hasAllowedRole = roles.some((r) => config.allowedRoles.includes(r));
-                    if (hasAllowedRole) {
-                        return {
-                            allowed: true,
-                            role: roles.find((r) => config.allowedRoles.includes(r)) || roles[0],
-                            resource: workflowPath,
-                            action,
-                        };
-                    }
-                }
-            }
-        }
-        // Fall back to general RBAC check
-        return this.canAny(roles, "workflow", action, workflowPath);
-    }
-    /**
-     * Get all effective permissions for a role (including inherited)
-     */
-    getEffectivePermissions(roleName, visited = new Set()) {
-        // Check cache
-        const cached = this.roleCache.get(roleName);
-        if (cached)
-            return cached;
-        // Guard against circular inheritance
-        if (visited.has(roleName))
-            return [];
-        visited.add(roleName);
-        const role = this.roles.get(roleName);
-        if (!role)
-            return [];
-        const permissions = [...role.permissions];
-        // Resolve inherited permissions
-        if (role.inherits) {
-            for (const parentRole of role.inherits) {
-                const inherited = this.getEffectivePermissions(parentRole, visited);
-                permissions.push(...inherited);
-            }
-        }
-        // Cache results
-        this.roleCache.set(roleName, permissions);
-        return permissions;
-    }
-    /**
-     * Export current RBAC configuration as JSON
-     */
-    toJSON() {
-        return {
-            roles: Array.from(this.roles.values()),
-            policies: Object.fromEntries(this.policies),
-        };
-    }
-    /**
-     * Load RBAC configuration from JSON
-     */
-    fromJSON(config) {
-        this.roles.clear();
-        this.policies.clear();
-        this.roleCache.clear();
-        for (const role of config.roles) {
-            this.addRole(role);
-        }
-        if (config.policies) {
-            for (const [id, policy] of Object.entries(config.policies)) {
-                this.addPolicy(id, policy);
-            }
-        }
-    }
-    matchesPermission(perm, resource, action, resourceId) {
-        // Check resource type
-        if (perm.resource !== resource && perm.resource !== "*")
-            return false;
-        // Check action
-        if (!perm.actions.includes(action) && !perm.actions.includes("*"))
-            return false;
-        // Check resource pattern if specified
-        if (perm.resourcePattern && resourceId) {
-            if (!this.matchesPattern(resourceId, perm.resourcePattern))
-                return false;
-        }
-        return true;
-    }
-    matchesPattern(value, pattern) {
-        // Support wildcards: "workflow/*", "workflow/user-*"
-        if (pattern === "*")
-            return true;
-        const regexStr = pattern.replace(/\*/g, ".*").replace(/\?/g, ".");
-        const regex = new RegExp(`^${regexStr}$`);
-        return regex.test(value);
-    }
-}
-/**
- * Create a preconfigured RBAC instance with common roles
- */
-export function createDefaultRBAC() {
-    const rbac = new RBAC();
-    rbac.addRole({
-        name: "admin",
-        description: "Full access to all resources",
-        permissions: [{ resource: "*", actions: ["*"] }],
-    });
-    rbac.addRole({
-        name: "developer",
-        description: "Can read, create, and execute workflows and nodes",
-        permissions: [
-            { resource: "workflow", actions: ["read", "create", "update", "execute"] },
-            { resource: "node", actions: ["read", "create", "update", "execute"] },
-            { resource: "trigger", actions: ["read"] },
-            { resource: "runtime", actions: ["read", "execute"] },
-        ],
-        inherits: ["viewer"],
-    });
-    rbac.addRole({
-        name: "operator",
-        description: "Can execute and monitor workflows",
-        permissions: [
-            { resource: "workflow", actions: ["read", "execute"] },
-            { resource: "node", actions: ["read", "execute"] },
-            { resource: "trigger", actions: ["read"] },
-            { resource: "runtime", actions: ["read"] },
-            { resource: "metrics", actions: ["read"] },
-            { resource: "health", actions: ["read"] },
-        ],
-    });
-    rbac.addRole({
-        name: "viewer",
-        description: "Read-only access to workflows and nodes",
-        permissions: [
-            { resource: "workflow", actions: ["read"] },
-            { resource: "node", actions: ["read"] },
-            { resource: "metrics", actions: ["read"] },
-            { resource: "health", actions: ["read"] },
-        ],
-    });
-    rbac.addRole({
-        name: "service",
-        description: "Machine-to-machine service account",
-        permissions: [
-            { resource: "workflow", actions: ["execute"] },
-            { resource: "node", actions: ["execute"] },
-        ],
-    });
-    return rbac;
-}
-//# sourceMappingURL=RBAC.js.map

package/dist/security/RBAC.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"RBAC.js","sourceRoot":"","sources":["../../src/security/RBAC.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AA0CH,MAAM,OAAO,IAAI;IACR,KAAK,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC/C,QAAQ,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC9C,SAAS,GAA8B,IAAI,GAAG,EAAE,CAAC;IAEzD;;OAEG;IACH,OAAO,CAAC,IAAoB;QAC3B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAChC,oEAAoE;QACpE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACtB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAY;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,QAAQ;QACP,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,UAAkB,EAAE,MAAkB;QAC/C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,QAAgB,EAAE,QAAgB,EAAE,MAAc,EAAE,UAAmB;QAC1E,MAAM,WAAW,GAAG,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;QAE3D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;gBAChE,OAAO;oBACN,OAAO,EAAE,IAAI;oBACb,IAAI,EAAE,QAAQ;oBACd,QAAQ;oBACR,MAAM;oBACN,iBAAiB,EAAE,IAAI;iBACvB,CAAC;YACH,CAAC;QACF,CAAC;QAED,OAAO;YACN,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,QAAQ;YACd,QAAQ;YACR,MAAM;YACN,MAAM,EAAE,SAAS,QAAQ,oBAAoB,MAAM,oBAAoB,QAAQ,GAAG;SAClF,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAe,EAAE,QAAgB,EAAE,MAAc,EAAE,UAAmB;QAC5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;YAC5D,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,MAAM,CAAC;QACnC,CAAC;QAED,OAAO;YACN,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YACrB,QAAQ;YACR,MAAM;YACN,MAAM,EAAE,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,MAAM,oBAAoB,QAAQ,GAAG;SAC1F,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,KAAe,EAAE,YAAoB,EAAE,SAAiB,SAAS;QAClF,uCAAuC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClE,IAAI,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;oBAChD,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC;oBACrD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;wBACvE,OAAO;4BACN,OAAO,EAAE,KAAK;4BACd,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;4BACrB,QAAQ,EAAE,YAAY;4BACtB,MAAM;4BACN,MAAM,EAAE,WAAW,MAAM,8BAA8B,YAAY,GAAG;yBACtE,CAAC;oBACH,CAAC;oBAED,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC1E,IAAI,cAAc,EAAE,CAAC;wBACpB,OAAO;4BACN,OAAO,EAAE,IAAI;4BACb,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;4BACpE,QAAQ,EAAE,YAAY;4BACtB,MAAM;yBACN,CAAC;oBACH,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;QAED,kCAAkC;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,QAAgB,EAAE,UAAuB,IAAI,GAAG,EAAE;QACzE,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,qCAAqC;QACrC,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAEtB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QAErB,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QAE1C,gCAAgC;QAChC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBACpE,WAAW,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;YAChC,CAAC;QACF,CAAC;QAED,gBAAgB;QAChB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC1C,OAAO,WAAW,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,MAAM;QACL,OAAO;YACN,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACtC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC3C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,MAA0E;QAClF,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,KAAK,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5D,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;YAC5B,CAAC;QACF,CAAC;IACF,CAAC;IAEO,iBAAiB,CAAC,IAAgB,EAAE,QAAgB,EAAE,MAAc,EAAE,UAAmB;QAChG,sBAAsB;QACtB,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG;YAAE,OAAO,KAAK,CAAC;QAEtE,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAEhF,sCAAsC;QACtC,IAAI,IAAI,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC;YACxC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,eAAe,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC1E,CAAC;QAED,OAAO,IAAI,CAAC;IACb,CAAC;IAEO,cAAc,CAAC,KAAa,EAAE,OAAe;QACpD,qDAAqD;QACrD,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAEjC,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;CACD;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAChC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAExB,IAAI,CAAC,OAAO,CAAC;QACZ,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,8BAA8B;QAC3C,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;KAChD,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC;QACZ,IAAI,EAAE,WAAW;QACjB,WAAW,EAAE,mDAAmD;QAChE,WAAW,EAAE;YACZ,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE;YAC1E,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,EAAE;YACtE,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE;SACrD;QACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;KACpB,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC;QACZ,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,mCAAmC;QAChD,WAAW,EAAE;YACZ,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE;YACtD,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,EAAE;YAClD,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;SACzC;KACD,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC;QACZ,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,yCAAyC;QACtD,WAAW,EAAE;YACZ,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC3C,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YACvC,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;YAC1C,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE;SACzC;KACD,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC;QACZ,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,oCAAoC;QACjD,WAAW,EAAE;YACZ,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE;YAC9C,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE;SAC1C;KACD,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACb,CAAC"}