@cat-factory/server 0.6.0

package/dist/modules/auth/AuthController.js

@@ -0,0 +1,457 @@
+import { passwordLoginSchema, signupSchema } from '@cat-factory/contracts';
+import { Hono } from 'hono';
+import { deleteCookie, getCookie, setCookie } from 'hono/cookie';
+import { GitHubOAuth } from '../../auth/GitHubOAuth.js';
+import { GoogleOAuth } from '../../auth/GoogleOAuth.js';
+import { verifySession } from '../../auth/middleware.js';
+import { HmacSigner, TOKEN_AUDIENCE, } from '../../auth/signing.js';
+import { jsonBody } from '../../http/validation.js';
+import { ConflictError, NotFoundError, ValidationError } from '@cat-factory/kernel';
+// Authentication endpoints. The SPA is handed a signed session token (via the URL
+// fragment for OAuth redirects, or the JSON body for password login) which it carries
+// as `Authorization: Bearer` on subsequent calls. Three login providers compose here:
+//   - GitHub OAuth (browser round-trip)
+//   - Google OAuth (browser round-trip)
+//   - email/password (direct JSON)
+// All resolve to ONE canonical `users` row via the UserService, so the session id is
+// always the internal `usr_*` id regardless of how the user signed in.
+const OAUTH_STATE_TTL_MS = 10 * 60 * 1000;
+/** Browser-binding cookie for an OAuth round-trip (see the GitHub flow notes below). */
+const OAUTH_STATE_COOKIE = 'cf_oauth_state';
+const unavailable = (c) => c.json({ error: { code: 'unavailable', message: 'Authentication is not configured' } }, 503);
+function authConfig(c) {
+    return c.get('container').config.auth;
+}
+function githubClient(cfg) {
+    return new GitHubOAuth({
+        clientId: cfg.clientId,
+        clientSecret: cfg.clientSecret,
+        apiBase: cfg.apiBase,
+        oauthBase: cfg.oauthBase,
+    });
+}
+function googleClient(cfg) {
+    if (!cfg.google)
+        return null;
+    return new GoogleOAuth({
+        clientId: cfg.google.clientId,
+        clientSecret: cfg.google.clientSecret,
+        oauthBase: cfg.google.oauthBase,
+        apiBase: cfg.google.apiBase,
+    });
+}
+function githubCallbackUrl(c, cfg) {
+    if (cfg.callbackUrl)
+        return cfg.callbackUrl;
+    return `${new URL(c.req.url).origin}/auth/callback`;
+}
+function googleCallbackUrl(c, cfg) {
+    if (cfg.google?.redirectUrl)
+        return cfg.google.redirectUrl;
+    return `${new URL(c.req.url).origin}/auth/google/callback`;
+}
+/**
+ * Choose the post-login landing URL from the (untrusted) `redirect` query. The
+ * session token is appended as a fragment, so an unrestricted redirect is a
+ * token-exfiltration primitive — only same-origin or explicitly allowlisted origins
+ * are honoured, else the request origin.
+ */
+export function pickPostLoginRedirect(requested, requestOrigin, cfg) {
+    if (cfg.successRedirectUrl)
+        return cfg.successRedirectUrl;
+    const fallback = `${requestOrigin}/`;
+    if (!requested)
+        return fallback;
+    try {
+        const url = new URL(requested);
+        if (url.protocol !== 'http:' && url.protocol !== 'https:')
+            return fallback;
+        if (url.origin === requestOrigin || cfg.allowedRedirectOrigins.includes(url.origin)) {
+            return requested;
+        }
+    }
+    catch {
+        // fall through to the safe origin-relative default
+    }
+    return fallback;
+}
+function resolveRedirect(c, cfg) {
+    return pickPostLoginRedirect(c.req.query('redirect'), new URL(c.req.url).origin, cfg);
+}
+/** Append the session token as a URL fragment on the landing URL. */
+function withToken(redirect, token) {
+    const url = new URL(redirect);
+    url.hash = `token=${token}`;
+    return url.toString();
+}
+/** Build the SessionUser surface from a canonical user + chosen display login. */
+function sessionUser(user, login) {
+    return {
+        id: user.id,
+        login,
+        name: user.name,
+        avatarUrl: user.avatarUrl,
+        email: user.email,
+    };
+}
+async function mintSession(cfg, user) {
+    const session = {
+        ...user,
+        aud: TOKEN_AUDIENCE.session,
+        exp: Date.now() + cfg.sessionTtlMs,
+    };
+    return new HmacSigner(cfg.sessionSecret).sign(session);
+}
+/** Whether an email's domain is on the self-signup allowlist. */
+function emailDomainAllowed(email, cfg) {
+    const at = email.lastIndexOf('@');
+    if (at < 0)
+        return false;
+    const domain = email.slice(at + 1).toLowerCase();
+    return cfg.allowedEmailDomains.includes(domain);
+}
+/**
+ * GitHub allowlist gate — the deployment is private. A user is admitted only if their
+ * login is in `allowedLogins` OR they belong to an org in `allowedOrgs`. Both lists
+ * empty ⇒ deny everyone (fail closed).
+ */
+async function isGitHubSignInAllowed(oauth, accessToken, user, cfg) {
+    if (cfg.allowedLogins.includes(user.login.toLowerCase()))
+        return true;
+    if (cfg.allowedOrgs.length === 0)
+        return false;
+    const orgs = await oauth.fetchUserOrgs(accessToken);
+    return orgs.some((org) => cfg.allowedOrgs.includes(org));
+}
+// Best-effort in-process throttle for the password endpoints. It bounds naive online
+// brute-force / credential-stuffing bursts without any new infrastructure, but is
+// deliberately modest: the window is per-isolate (each Workers isolate / Node process
+// keeps its own), so it is a speed bump, not an authoritative limiter — a durable,
+// cross-runtime limiter (D1/Postgres-backed, exercised by the conformance suite) is the
+// proper follow-up. Keyed by client IP + email so one attacker can't lock out an
+// unrelated victim, and PBKDF2's per-attempt cost remains the primary defence.
+const ATTEMPT_WINDOW_MS = 15 * 60 * 1000;
+const MAX_ATTEMPTS = 10;
+const attempts = new Map();
+function clientIp(c) {
+    return (c.req.header('cf-connecting-ip') ||
+        c.req.header('x-forwarded-for')?.split(',')[0]?.trim() ||
+        'unknown');
+}
+/** Record a password attempt for `c`+`email`; true once it is over the burst limit. */
+function passwordAttemptLimited(c, email) {
+    const now = Date.now();
+    const key = `${clientIp(c)}:${email.toLowerCase().trim()}`;
+    const recent = (attempts.get(key) ?? []).filter((t) => now - t < ATTEMPT_WINDOW_MS);
+    recent.push(now);
+    attempts.set(key, recent);
+    // Opportunistically evict fully-stale keys so the map can't grow unbounded.
+    if (attempts.size > 10_000) {
+        for (const [k, ts] of attempts) {
+            if (ts.every((t) => now - t >= ATTEMPT_WINDOW_MS))
+                attempts.delete(k);
+        }
+    }
+    return recent.length > MAX_ATTEMPTS;
+}
+const tooManyAttempts = (c) => c.json({ error: { code: 'rate_limited', message: 'Too many attempts. Please try again later.' } }, 429);
+export function authController() {
+    const app = new Hono();
+    // Lets the SPA decide which login controls to show, and (local mode only) surface a
+    // setup banner when the GitHub PAT is missing.
+    app.get('/config', (c) => {
+        const cfg = authConfig(c);
+        const { localMode } = c.get('container').config;
+        return c.json({
+            enabled: cfg.enabled,
+            providers: {
+                github: cfg.githubEnabled,
+                password: cfg.passwordEnabled,
+                google: !!cfg.google,
+            },
+            ...(localMode ? { localMode } : {}),
+        });
+    });
+    // ---- GitHub OAuth -------------------------------------------------------
+    app.get('/login', async (c) => {
+        const cfg = authConfig(c);
+        if (!cfg.githubEnabled)
+            return unavailable(c);
+        const nonce = crypto.randomUUID();
+        const state = {
+            aud: TOKEN_AUDIENCE.oauthState,
+            nonce,
+            redirect: resolveRedirect(c, cfg),
+            ...(c.req.query('invite') ? { invite: c.req.query('invite') } : {}),
+            exp: Date.now() + OAUTH_STATE_TTL_MS,
+        };
+        const signedState = await new HmacSigner(cfg.sessionSecret).sign(state);
+        setCookie(c, OAUTH_STATE_COOKIE, nonce, {
+            httpOnly: true,
+            secure: new URL(c.req.url).protocol === 'https:',
+            sameSite: 'Lax',
+            path: '/auth',
+            maxAge: OAUTH_STATE_TTL_MS / 1000,
+        });
+        const url = githubClient(cfg).authorizeUrl({
+            redirectUri: githubCallbackUrl(c, cfg),
+            state: signedState,
+            scope: cfg.allowedOrgs.length > 0 ? 'read:user read:org' : 'read:user',
+        });
+        return c.redirect(url);
+    });
+    app.get('/callback', async (c) => {
+        const cfg = authConfig(c);
+        if (!cfg.githubEnabled)
+            return unavailable(c);
+        const state = await consumeState(c, cfg);
+        const code = c.req.query('code');
+        if (!code || !state) {
+            return c.json({ error: { code: 'validation', message: 'Invalid OAuth callback' } }, 400);
+        }
+        const oauth = githubClient(cfg);
+        const accessToken = await oauth.exchangeCode(code, githubCallbackUrl(c, cfg));
+        const identity = await oauth.fetchUser(accessToken);
+        const container = c.get('container');
+        // An invite (matching this user's email) OR the allowlist admits the user. The
+        // invite short-circuits the org allowlist, so it is bound to the invited email —
+        // a leaked link can't admit an arbitrary GitHub account onto a private deployment.
+        const invited = state.invite ? await peekInvite(c, state.invite) : null;
+        const inviteAdmits = invited != null && emailMatchesInvite(identity.email, invited.email);
+        if (!inviteAdmits && !(await isGitHubSignInAllowed(oauth, accessToken, identity, cfg))) {
+            return c.json({ error: { code: 'forbidden', message: `@${identity.login} is not allowed to sign in` } }, 403);
+        }
+        const user = await container.userService.findOrCreateByIdentity('github', String(identity.id), {
+            name: identity.name,
+            email: identity.email,
+            // GitHub only exposes an email it has verified for the account, so it is trusted
+            // to link this login onto an existing same-email user.
+            emailVerified: !!identity.email,
+            avatarUrl: identity.avatarUrl,
+            metadata: { login: identity.login },
+        });
+        await container.accountService.ensurePersonalAccount({
+            id: user.id,
+            login: identity.login,
+            name: user.name,
+        });
+        if (state.invite)
+            await acceptInvite(c, state.invite, user.id, user.email);
+        const token = await mintSession(cfg, sessionUser(user, identity.login));
+        return c.redirect(withToken(state.redirect, token));
+    });
+    // ---- Google OAuth -------------------------------------------------------
+    app.get('/google/login', async (c) => {
+        const cfg = authConfig(c);
+        const google = googleClient(cfg);
+        if (!google)
+            return unavailable(c);
+        const nonce = crypto.randomUUID();
+        const state = {
+            aud: TOKEN_AUDIENCE.oauthState,
+            nonce,
+            redirect: resolveRedirect(c, cfg),
+            ...(c.req.query('invite') ? { invite: c.req.query('invite') } : {}),
+            exp: Date.now() + OAUTH_STATE_TTL_MS,
+        };
+        const signedState = await new HmacSigner(cfg.sessionSecret).sign(state);
+        setCookie(c, OAUTH_STATE_COOKIE, nonce, {
+            httpOnly: true,
+            secure: new URL(c.req.url).protocol === 'https:',
+            sameSite: 'Lax',
+            path: '/auth',
+            maxAge: OAUTH_STATE_TTL_MS / 1000,
+        });
+        return c.redirect(google.authorizeUrl({ redirectUri: googleCallbackUrl(c, cfg), state: signedState }));
+    });
+    app.get('/google/callback', async (c) => {
+        const cfg = authConfig(c);
+        const google = googleClient(cfg);
+        if (!google)
+            return unavailable(c);
+        const state = await consumeState(c, cfg);
+        const code = c.req.query('code');
+        if (!code || !state) {
+            return c.json({ error: { code: 'validation', message: 'Invalid OAuth callback' } }, 400);
+        }
+        const accessToken = await google.exchangeCode(code, googleCallbackUrl(c, cfg));
+        const identity = await google.fetchUser(accessToken);
+        const container = c.get('container');
+        const existing = await container.userService.findByIdentity('google', identity.subject);
+        // Gate NEW-user creation: an invite (matching the verified email) OR an allowlisted
+        // VERIFIED email domain. An unverified Google email is never trusted to self-signup.
+        const invited = state.invite ? await peekInvite(c, state.invite) : null;
+        const verifiedEmail = identity.emailVerified ? identity.email : null;
+        const inviteAdmits = invited != null && emailMatchesInvite(verifiedEmail, invited.email);
+        if (!existing) {
+            const allowed = inviteAdmits || (verifiedEmail ? emailDomainAllowed(verifiedEmail, cfg) : false);
+            if (!allowed) {
+                return c.json({ error: { code: 'forbidden', message: 'Sign-up requires an invitation' } }, 403);
+            }
+        }
+        const user = await container.userService.findOrCreateByIdentity('google', identity.subject, {
+            name: identity.name,
+            email: identity.email,
+            emailVerified: identity.emailVerified,
+            avatarUrl: identity.avatarUrl,
+            metadata: { email: identity.email },
+        });
+        await container.accountService.ensurePersonalAccount({
+            id: user.id,
+            login: identity.email || user.id,
+            name: user.name,
+        });
+        if (state.invite)
+            await acceptInvite(c, state.invite, user.id, user.email);
+        const token = await mintSession(cfg, sessionUser(user, identity.email || user.id));
+        return c.redirect(withToken(state.redirect, token));
+    });
+    // ---- Email / password ---------------------------------------------------
+    app.post('/signup', jsonBody(signupSchema), async (c) => {
+        const cfg = authConfig(c);
+        if (!cfg.passwordEnabled)
+            return unavailable(c);
+        const body = c.req.valid('json');
+        if (passwordAttemptLimited(c, body.email))
+            return tooManyAttempts(c);
+        const container = c.get('container');
+        // New-user creation is gated: an invite addressed to this email OR an allowlisted
+        // email domain. The invite is bound to its email so a leaked link can't be used to
+        // self-register an arbitrary address on a private deployment.
+        const invited = body.invite ? await peekInvite(c, body.invite) : null;
+        const allowed = (invited != null && emailMatchesInvite(body.email, invited.email)) ||
+            emailDomainAllowed(body.email, cfg);
+        if (!allowed) {
+            return c.json({ error: { code: 'forbidden', message: 'Sign-up requires an invitation' } }, 403);
+        }
+        try {
+            const user = await container.userService.signupWithPassword({
+                email: body.email,
+                password: body.password,
+                name: body.name,
+            });
+            await container.accountService.ensurePersonalAccount({
+                id: user.id,
+                login: user.email || user.id,
+                name: user.name,
+            });
+            if (body.invite)
+                await acceptInvite(c, body.invite, user.id, user.email);
+            const token = await mintSession(cfg, sessionUser(user, user.email || user.id));
+            return c.json({ token, user: sessionUser(user, user.email || user.id) }, 201);
+        }
+        catch (err) {
+            if (err instanceof ConflictError || err instanceof ValidationError) {
+                return c.json({ error: { code: 'validation', message: err.message } }, 400);
+            }
+            throw err;
+        }
+    });
+    app.post('/password-login', jsonBody(passwordLoginSchema), async (c) => {
+        const cfg = authConfig(c);
+        if (!cfg.passwordEnabled)
+            return unavailable(c);
+        const body = c.req.valid('json');
+        if (passwordAttemptLimited(c, body.email))
+            return tooManyAttempts(c);
+        const user = await c.get('container').userService.verifyPassword(body);
+        if (!user) {
+            return c.json({ error: { code: 'unauthorized', message: 'Invalid email or password' } }, 401);
+        }
+        const token = await mintSession(cfg, sessionUser(user, user.email || user.id));
+        return c.json({ token, user: sessionUser(user, user.email || user.id) });
+    });
+    // ---- Invitations (peek + accept) ----------------------------------------
+    // Public peek so the SPA can show the org name on the accept screen.
+    app.get('/invitations/:token', async (c) => {
+        const container = c.get('container');
+        if (!container.invitations)
+            return c.json({ valid: false });
+        const record = await container.invitations.peek(c.req.param('token'));
+        if (!record)
+            return c.json({ valid: false });
+        const account = await container.accountService.get(record.accountId);
+        return c.json({ valid: true, email: record.email, accountName: account?.name ?? null });
+    });
+    // Accept an invitation as the signed-in user (the SPA calls this after login).
+    app.post('/invitations/:token/accept', async (c) => {
+        const user = await verifySession(c);
+        if (!user) {
+            return c.json({ error: { code: 'unauthorized', message: 'Sign in to accept' } }, 401);
+        }
+        const container = c.get('container');
+        if (!container.invitations) {
+            return c.json({ error: { code: 'unavailable', message: 'Invitations not configured' } }, 503);
+        }
+        try {
+            const accountId = await container.invitations.accept(c.req.param('token'), user.id, user.email ?? null);
+            return c.json({ accountId });
+        }
+        catch (err) {
+            if (err instanceof ConflictError) {
+                return c.json({ error: { code: 'conflict', message: err.message } }, 409);
+            }
+            if (err instanceof NotFoundError) {
+                return c.json({ error: { code: 'not_found', message: 'Invitation not found' } }, 404);
+            }
+            throw err;
+        }
+    });
+    // Who am I? Used by the SPA to validate a stored token on boot.
+    app.get('/me', async (c) => {
+        if (!authConfig(c).enabled)
+            return c.json({ user: null, enabled: false });
+        const user = await verifySession(c);
+        if (!user) {
+            return c.json({ error: { code: 'unauthorized', message: 'Not authenticated' } }, 401);
+        }
+        return c.json({
+            user: {
+                id: user.id,
+                login: user.login,
+                name: user.name,
+                avatarUrl: user.avatarUrl,
+                email: user.email ?? null,
+            },
+            enabled: true,
+        });
+    });
+    // Stateless sessions: logout is a client-side token drop. Provided for symmetry.
+    app.post('/logout', (c) => c.body(null, 204));
+    return app;
+}
+/** Verify + single-use the OAuth state (signature, expiry, browser-binding cookie). */
+async function consumeState(c, cfg) {
+    const state = await new HmacSigner(cfg.sessionSecret).verify(c.req.query('state'), {
+        aud: TOKEN_AUDIENCE.oauthState,
+    });
+    const boundNonce = getCookie(c, OAUTH_STATE_COOKIE);
+    deleteCookie(c, OAUTH_STATE_COOKIE, { path: '/auth' });
+    if (!state || !boundNonce || boundNonce !== state.nonce)
+        return null;
+    return state;
+}
+async function peekInvite(c, token) {
+    const inv = c.get('container').invitations;
+    return inv ? inv.peek(token) : null;
+}
+/** Whether a sign-in email matches the address an invitation was sent to. */
+function emailMatchesInvite(signInEmail, inviteEmail) {
+    return !!signInEmail && signInEmail.toLowerCase().trim() === inviteEmail;
+}
+async function acceptInvite(c, token, userId, userEmail) {
+    const inv = c.get('container').invitations;
+    if (!inv)
+        return;
+    try {
+        await inv.accept(token, userId, userEmail);
+    }
+    catch (err) {
+        // Expected invite states (expired / already-used / wrong email) must not block an
+        // otherwise-valid login; an unexpected infra error should still surface.
+        if (err instanceof ConflictError || err instanceof NotFoundError)
+            return;
+        throw err;
+    }
+}
+//# sourceMappingURL=AuthController.js.map

package/dist/modules/auth/AuthController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthController.js","sourceRoot":"","sources":["../../../src/modules/auth/AuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AACxD,OAAO,EACL,UAAU,EAGV,cAAc,GACf,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AAEnD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAEnF,kFAAkF;AAClF,sFAAsF;AACtF,sFAAsF;AACtF,wCAAwC;AACxC,wCAAwC;AACxC,mCAAmC;AACnC,qFAAqF;AACrF,uEAAuE;AAEvE,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAEzC,wFAAwF;AACxF,MAAM,kBAAkB,GAAG,gBAAgB,CAAA;AAY3C,MAAM,WAAW,GAAG,CAAC,CAAkB,EAAE,EAAE,CACzC,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;AAE9F,SAAS,UAAU,CAAC,CAAkB;IACpC,OAAO,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,IAAI,CAAA;AACvC,CAAC;AAED,SAAS,YAAY,CAAC,GAAe;IACnC,OAAO,IAAI,WAAW,CAAC;QACrB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAe;IACnC,IAAI,CAAC,GAAG,CAAC,MAAM;QAAE,OAAO,IAAI,CAAA;IAC5B,OAAO,IAAI,WAAW,CAAC;QACrB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ;QAC7B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY;QACrC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS;QAC/B,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;KAC5B,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAkB,EAAE,GAAe;IAC5D,IAAI,GAAG,CAAC,WAAW;QAAE,OAAO,GAAG,CAAC,WAAW,CAAA;IAC3C,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,gBAAgB,CAAA;AACrD,CAAC;AAED,SAAS,iBAAiB,CAAC,CAAkB,EAAE,GAAe;IAC5D,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC,WAAW,CAAA;IAC1D,OAAO,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,uBAAuB,CAAA;AAC5D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAA6B,EAC7B,aAAqB,EACrB,GAAsE;IAEtE,IAAI,GAAG,CAAC,kBAAkB;QAAE,OAAO,GAAG,CAAC,kBAAkB,CAAA;IACzD,MAAM,QAAQ,GAAG,GAAG,aAAa,GAAG,CAAA;IACpC,IAAI,CAAC,SAAS;QAAE,OAAO,QAAQ,CAAA;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAA;QAC9B,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,QAAQ,CAAA;QAC1E,IAAI,GAAG,CAAC,MAAM,KAAK,aAAa,IAAI,GAAG,CAAC,sBAAsB,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACpF,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;IACrD,CAAC;IACD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,CAAkB,EAAE,GAAe;IAC1D,OAAO,qBAAqB,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AACvF,CAAC;AAED,qEAAqE;AACrE,SAAS,SAAS,CAAC,QAAgB,EAAE,KAAa;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAA;IAC7B,GAAG,CAAC,IAAI,GAAG,SAAS,KAAK,EAAE,CAAA;IAC3B,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAA;AACvB,CAAC;AAED,kFAAkF;AAClF,SAAS,WAAW,CAAC,IAAgB,EAAE,KAAa;IAClD,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,KAAK;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAA;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,GAAe,EAAE,IAAiB;IAC3D,MAAM,OAAO,GAAmB;QAC9B,GAAG,IAAI;QACP,GAAG,EAAE,cAAc,CAAC,OAAO;QAC3B,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY;KACnC,CAAA;IACD,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACxD,CAAC;AAED,iEAAiE;AACjE,SAAS,kBAAkB,CAAC,KAAa,EAAE,GAAe;IACxD,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,EAAE,GAAG,CAAC;QAAE,OAAO,KAAK,CAAA;IACxB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IAChD,OAAO,GAAG,CAAC,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AACjD,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,qBAAqB,CAClC,KAAkB,EAClB,WAAmB,EACnB,IAAuB,EACvB,GAAsD;IAEtD,IAAI,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAAE,OAAO,IAAI,CAAA;IACrE,IAAI,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAC9C,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,WAAW,CAAC,CAAA;IACnD,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;AAC1D,CAAC;AAED,qFAAqF;AACrF,kFAAkF;AAClF,sFAAsF;AACtF,mFAAmF;AACnF,wFAAwF;AACxF,iFAAiF;AACjF,+EAA+E;AAC/E,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AACxC,MAAM,YAAY,GAAG,EAAE,CAAA;AACvB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoB,CAAA;AAE5C,SAAS,QAAQ,CAAC,CAAkB;IAClC,OAAO,CACL,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC;QAChC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;QACtD,SAAS,CACV,CAAA;AACH,CAAC;AAED,uFAAuF;AACvF,SAAS,sBAAsB,CAAC,CAAkB,EAAE,KAAa;IAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,CAAA;IAC1D,MAAM,MAAM,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,iBAAiB,CAAC,CAAA;IACnF,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAChB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IACzB,4EAA4E;IAC5E,IAAI,QAAQ,CAAC,IAAI,GAAG,MAAM,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,iBAAiB,CAAC;gBAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,GAAG,YAAY,CAAA;AACrC,CAAC;AAED,MAAM,eAAe,GAAG,CAAC,CAAkB,EAAE,EAAE,CAC7C,CAAC,CAAC,IAAI,CACJ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,4CAA4C,EAAE,EAAE,EAC1F,GAAG,CACJ,CAAA;AAEH,MAAM,UAAU,cAAc;IAC5B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAU,CAAA;IAE9B,oFAAoF;IACpF,+CAA+C;IAC/C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QACvB,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAA;QAC/C,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,SAAS,EAAE;gBACT,MAAM,EAAE,GAAG,CAAC,aAAa;gBACzB,QAAQ,EAAE,GAAG,CAAC,eAAe;gBAC7B,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;aACrB;YACD,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,4EAA4E;IAE5E,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,IAAI,CAAC,GAAG,CAAC,aAAa;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACjC,MAAM,KAAK,GAAe;YACxB,GAAG,EAAE,cAAc,CAAC,UAAU;YAC9B,KAAK;YACL,QAAQ,EAAE,eAAe,CAAC,CAAC,EAAE,GAAG,CAAC;YACjC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB;SACrC,CAAA;QACD,MAAM,WAAW,GAAG,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACvE,SAAS,CAAC,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE;YACtC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ;YAChD,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,kBAAkB,GAAG,IAAI;SAClC,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC;YACzC,WAAW,EAAE,iBAAiB,CAAC,CAAC,EAAE,GAAG,CAAC;YACtC,KAAK,EAAE,WAAW;YAClB,KAAK,EAAE,GAAG,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,WAAW;SACvE,CAAC,CAAA;QACF,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,IAAI,CAAC,GAAG,CAAC,aAAa;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAC7C,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QACxC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAC1F,CAAC;QACD,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;QAC/B,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAA;QAC7E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;QAEnD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,+EAA+E;QAC/E,iFAAiF;QACjF,mFAAmF;QACnF,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACvE,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,IAAI,kBAAkB,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;QACzF,IAAI,CAAC,YAAY,IAAI,CAAC,CAAC,MAAM,qBAAqB,CAAC,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YACvF,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,QAAQ,CAAC,KAAK,4BAA4B,EAAE,EAAE,EACzF,GAAG,CACJ,CAAA;QACH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE;YAC7F,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,iFAAiF;YACjF,uDAAuD;YACvD,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK;YAC/B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE;SACpC,CAAC,CAAA;QACF,MAAM,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;YACnD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAA;QACF,IAAI,KAAK,CAAC,MAAM;YAAE,MAAM,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;QAC1E,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;QACvE,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAA;IACrD,CAAC,CAAC,CAAA;IAEF,4EAA4E;IAE5E,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACjC,MAAM,KAAK,GAAe;YACxB,GAAG,EAAE,cAAc,CAAC,UAAU;YAC9B,KAAK;YACL,QAAQ,EAAE,eAAe,CAAC,CAAC,EAAE,GAAG,CAAC;YACjC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB;SACrC,CAAA;QACD,MAAM,WAAW,GAAG,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACvE,SAAS,CAAC,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE;YACtC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ;YAChD,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,kBAAkB,GAAG,IAAI;SAClC,CAAC,CAAA;QACF,OAAO,CAAC,CAAC,QAAQ,CACf,MAAM,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CACpF,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtC,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAClC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QACxC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAC1F,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAA;QAC9E,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAA;QACpD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAEpC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,cAAc,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;QACvF,oFAAoF;QACpF,qFAAqF;QACrF,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACvE,MAAM,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;QACpE,MAAM,YAAY,GAAG,OAAO,IAAI,IAAI,IAAI,kBAAkB,CAAC,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;QACxF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GACX,YAAY,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,kBAAkB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;YAClF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gCAAgC,EAAE,EAAE,EAC3E,GAAG,CACJ,CAAA;YACH,CAAC;QACH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE;YAC1F,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE;SACpC,CAAC,CAAA;QACF,MAAM,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;YACnD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAA;QACF,IAAI,KAAK,CAAC,MAAM;YAAE,MAAM,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;QAC1E,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;QAClF,OAAO,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAA;IACrD,CAAC,CAAC,CAAA;IAEF,4EAA4E;IAE5E,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,IAAI,CAAC,GAAG,CAAC,eAAe;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAC/C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,sBAAsB,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC,CAAC,CAAC,CAAA;QACpE,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAEpC,kFAAkF;QAClF,mFAAmF;QACnF,8DAA8D;QAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACrE,MAAM,OAAO,GACX,CAAC,OAAO,IAAI,IAAI,IAAI,kBAAkB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAClE,kBAAkB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,gCAAgC,EAAE,EAAE,EAC3E,GAAG,CACJ,CAAA;QACH,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,kBAAkB,CAAC;gBAC1D,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;YACF,MAAM,SAAS,CAAC,cAAc,CAAC,qBAAqB,CAAC;gBACnD,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE;gBAC5B,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAA;YACF,IAAI,IAAI,CAAC,MAAM;gBAAE,MAAM,YAAY,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;YACxE,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YAC9E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,aAAa,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;gBACnE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;YAC7E,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QACzB,IAAI,CAAC,GAAG,CAAC,eAAe;YAAE,OAAO,WAAW,CAAC,CAAC,CAAC,CAAA;QAC/C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,IAAI,sBAAsB,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,eAAe,CAAC,CAAC,CAAC,CAAA;QACpE,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,CAAA;QACtE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,2BAA2B,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAC/F,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;QAC9E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;IAC1E,CAAC,CAAC,CAAA;IAEF,4EAA4E;IAE5E,qEAAqE;IACrE,GAAG,CAAC,GAAG,CAAC,qBAAqB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,IAAI,CAAC,SAAS,CAAC,WAAW;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QAC3D,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;QACrE,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QAC5C,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACpE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,IAAI,IAAI,EAAE,CAAC,CAAA;IACzF,CAAC,CAAC,CAAA;IAEF,+EAA+E;IAC/E,GAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAA;QACnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QACvF,CAAC;QACD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QAC/F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,MAAM,CAClD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EACpB,IAAI,CAAC,EAAE,EACP,IAAI,CAAC,KAAK,IAAI,IAAI,CACnB,CAAA;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;gBACjC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;YAC3E,CAAC;YACD,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;gBACjC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,sBAAsB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;YACvF,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,gEAAgE;IAChE,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;QACzE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,CAAC,CAAC,CAAA;QACnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;QACvF,CAAC;QACD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE;gBACJ,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI;aAC1B;YACD,OAAO,EAAE,IAAI;SACd,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,iFAAiF;IACjF,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;IAE7C,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,uFAAuF;AACvF,KAAK,UAAU,YAAY,CAAC,CAAkB,EAAE,GAAe;IAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,CAAa,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC7F,GAAG,EAAE,cAAc,CAAC,UAAU;KAC/B,CAAC,CAAA;IACF,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAA;IACnD,YAAY,CAAC,CAAC,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IACtD,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,UAAU,KAAK,KAAK,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACpE,OAAO,KAAK,CAAA;AACd,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,CAAkB,EAAE,KAAa;IACzD,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,WAAW,CAAA;IAC1C,OAAO,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;AACrC,CAAC;AAED,6EAA6E;AAC7E,SAAS,kBAAkB,CAAC,WAAsC,EAAE,WAAmB;IACrF,OAAO,CAAC,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,KAAK,WAAW,CAAA;AAC1E,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,CAAkB,EAClB,KAAa,EACb,MAAc,EACd,SAAwB;IAExB,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,WAAW,CAAA;IAC1C,IAAI,CAAC,GAAG;QAAE,OAAM;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kFAAkF;QAClF,yEAAyE;QACzE,IAAI,GAAG,YAAY,aAAa,IAAI,GAAG,YAAY,aAAa;YAAE,OAAM;QACxE,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC"}

package/dist/modules/board/BoardController.d.ts

@@ -0,0 +1,8 @@
+import { Hono } from 'hono';
+import type { AppEnv } from '../../http/env.js';
+/**
+ * Board mutations. Mounted under `/workspaces/:workspaceId`, so every handler
+ * reads the workspace id from the inherited path param.
+ */
+export declare function boardController(): Hono<AppEnv>;
+//# sourceMappingURL=BoardController.d.ts.map

package/dist/modules/board/BoardController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BoardController.d.ts","sourceRoot":"","sources":["../../../src/modules/board/BoardController.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAI/C;;;GAGG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAAC,MAAM,CAAC,CA0G9C"}

package/dist/modules/board/BoardController.js

@@ -0,0 +1,89 @@
+import { addFrameSchema, addModuleSchema, addServiceFromRepoSchema, addTaskSchema, moveBlockSchema, reparentSchema, toggleDependencySchema, updateBlockSchema, } from '@cat-factory/contracts';
+import { Hono } from 'hono';
+import { param } from '../../http/params.js';
+import { jsonBody } from '../../http/validation.js';
+/**
+ * Board mutations. Mounted under `/workspaces/:workspaceId`, so every handler
+ * reads the workspace id from the inherited path param.
+ */
+export function boardController() {
+    const app = new Hono();
+    app.post('/blocks', jsonBody(addFrameSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.addFrame(param(c, 'workspaceId'), c.req.valid('json'));
+        return c.json(block, 201);
+    });
+    // Import an existing GitHub repo as a service frame — no bootstrap / agent run.
+    // First link + sync the repo into the workspace (it may be App-accessible but
+    // not yet tracked here), then create the `ready` frame and link the repo to it.
+    // A 409 tells the client the App can't see the repo yet (grant it access); the
+    // board service 404s an unknown repo and 422s one already on the board.
+    app.post('/blocks/from-repo', jsonBody(addServiceFromRepoSchema), async (c) => {
+        const container = c.get('container');
+        const workspaceId = param(c, 'workspaceId');
+        const { repoGithubId } = c.req.valid('json');
+        if (container.github) {
+            const linked = await container.github.syncService.linkRepo(workspaceId, repoGithubId);
+            if (!linked) {
+                return c.json({
+                    error: {
+                        code: 'repo_not_accessible',
+                        message: 'The GitHub App cannot access this repository yet. Grant it access, then try again.',
+                    },
+                }, 409);
+            }
+        }
+        const block = await container.boardService.addServiceFromRepo(workspaceId, c.req.valid('json'));
+        return c.json(block, 201);
+    });
+    app.post('/blocks/:blockId/tasks', jsonBody(addTaskSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.addTask(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json'), c.get('user')?.id ?? null);
+        return c.json(block, 201);
+    });
+    app.post('/blocks/:blockId/modules', jsonBody(addModuleSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.addModule(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json'));
+        return c.json(block, 201);
+    });
+    app.patch('/blocks/:blockId', jsonBody(updateBlockSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.updateBlock(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json'));
+        return c.json(block);
+    });
+    app.post('/blocks/:blockId/move', jsonBody(moveBlockSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.moveBlock(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json').position);
+        return c.json(block);
+    });
+    app.post('/blocks/:blockId/reparent', jsonBody(reparentSchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.reparent(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json'));
+        return c.json(block);
+    });
+    app.delete('/blocks/:blockId', async (c) => {
+        const container = c.get('container');
+        const workspaceId = param(c, 'workspaceId');
+        const blockId = param(c, 'blockId');
+        // Tear down any running runs under this subtree FIRST — killing their containers
+        // and durable drivers — so deleting a service/module never orphans a container
+        // that would idle until its watchdog. Then remove the blocks + run records.
+        await container.executionService.teardownForBlockTree(workspaceId, blockId);
+        await container.boardService.removeBlock(workspaceId, blockId);
+        return c.body(null, 204);
+    });
+    app.post('/blocks/:blockId/dependencies', jsonBody(toggleDependencySchema), async (c) => {
+        const block = await c
+            .get('container')
+            .boardService.toggleDependency(param(c, 'workspaceId'), param(c, 'blockId'), c.req.valid('json').sourceId);
+        return c.json(block);
+    });
+    return app;
+}
+//# sourceMappingURL=BoardController.js.map

package/dist/modules/board/BoardController.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"BoardController.js","sourceRoot":"","sources":["../../../src/modules/board/BoardController.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,eAAe,EACf,wBAAwB,EACxB,aAAa,EACb,eAAe,EACf,cAAc,EACd,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAA;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AAEnD;;;GAGG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAU,CAAA;IAE9B,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxD,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,gFAAgF;IAChF,8EAA8E;IAC9E,gFAAgF;IAChF,+EAA+E;IAC/E,wEAAwE;IACxE,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,QAAQ,CAAC,wBAAwB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5E,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;QAC3C,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAC5C,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;YACrF,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,KAAK,EAAE;wBACL,IAAI,EAAE,qBAAqB;wBAC3B,OAAO,EACL,oFAAoF;qBACvF;iBACF,EACD,GAAG,CACJ,CAAA;YACH,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAC/F,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtE,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,OAAO,CACnB,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EACvB,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EACnB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EACnB,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,IAAI,CAC1B,CAAA;QACH,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1E,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5F,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,KAAK,CAAC,kBAAkB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAC9F,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,uBAAuB,EAAE,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvE,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,SAAS,CACrB,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EACvB,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EACnB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,QAAQ,CAC7B,CAAA;QACH,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1E,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAC3F,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,CAAA;QAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;QACnC,iFAAiF;QACjF,+EAA+E;QAC/E,4EAA4E;QAC5E,MAAM,SAAS,CAAC,gBAAgB,CAAC,oBAAoB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QAC3E,MAAM,SAAS,CAAC,YAAY,CAAC,WAAW,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QAC9D,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,+BAA+B,EAAE,QAAQ,CAAC,sBAAsB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtF,MAAM,KAAK,GAAG,MAAM,CAAC;aAClB,GAAG,CAAC,WAAW,CAAC;aAChB,YAAY,CAAC,gBAAgB,CAC5B,KAAK,CAAC,CAAC,EAAE,aAAa,CAAC,EACvB,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,EACnB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,QAAQ,CAC7B,CAAA;QACH,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/modules/boardScan/BoardScanController.d.ts

@@ -0,0 +1,10 @@
+import { Hono } from 'hono';
+import type { AppEnv } from '../../http/env.js';
+/**
+ * Workspace-scoped board-scan endpoints: read the persisted repository blueprints,
+ * and the "scan repository" command (decompose a repo into a service → modules
+ * blueprint, optionally spawning it onto the board). Mounted under
+ * `/workspaces/:workspaceId`.
+ */
+export declare function boardScanController(): Hono<AppEnv>;
+//# sourceMappingURL=BoardScanController.d.ts.map

package/dist/modules/boardScan/BoardScanController.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"BoardScanController.d.ts","sourceRoot":"","sources":["../../../src/modules/boardScan/BoardScanController.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAY/C;;;;;GAKG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAAC,MAAM,CAAC,CA0ClD"}