@cloud-copilot/iam-lens 0.1.108 → 0.1.109

package/dist/cjs/index.d.ts

@@ -6,4 +6,6 @@ export { makePrincipalIndex } from './principalIndex/makePrincipalIndex.js';
 export type { ContextKeys } from './simulate/contextKeys.js';
 export { simulateRequest, type SimulationRequest } from './simulate/simulate.js';
 export { whoCan, type WhoCanPrincipalScope, type ResourceAccessRequest, type WhoCanAllowed, type WhoCanResponse } from './whoCan/whoCan.js';
+export { WhoCanProcessor, type WhoCanProcessorConfig, type WhoCanProcessorRequest, type WhoCanSettledEvent, type WhoCanSettledSuccess, type WhoCanSettledError } from './whoCan/WhoCanProcessor.js';
+export { type LightRequestAnalysis, type LightResourceAnalysis, type LightResourceAnalysisWithPattern, type SingleResourceLightRequestAnalysis, type WildcardResourceLightRequestAnalysis } from './whoCan/requestAnalysis.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,aAAa,EACb,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,aAAa,EACb,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EAC1B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAA;AAC3E,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,eAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAChF,OAAO,EACL,MAAM,EACN,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,aAAa,EAClB,KAAK,cAAc,EACpB,MAAM,oBAAoB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,KAAK,aAAa,EAClB,KAAK,uBAAuB,EAC7B,MAAM,qBAAqB,CAAA;AAC5B,YAAY,EACV,aAAa,EACb,YAAY,EACZ,SAAS,EACT,qBAAqB,EACrB,aAAa,EACb,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EAC1B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,wCAAwC,CAAA;AAC3E,YAAY,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAA;AAC5D,OAAO,EAAE,eAAe,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAChF,OAAO,EACL,MAAM,EACN,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,aAAa,EAClB,KAAK,cAAc,EACpB,MAAM,oBAAoB,CAAA;AAC3B,OAAO,EACL,eAAe,EACf,KAAK,qBAAqB,EAC1B,KAAK,sBAAsB,EAC3B,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACxB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,oCAAoC,EAC1C,MAAM,6BAA6B,CAAA"}

package/dist/cjs/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.whoCan = exports.simulateRequest = exports.makePrincipalIndex = exports.principalCan = exports.loadCollectConfigs = exports.getCollectClient = exports.NoCacheProvider = exports.InMemoryCacheProvider = exports.IamCollectClient = void 0;
+exports.WhoCanProcessor = exports.whoCan = exports.simulateRequest = exports.makePrincipalIndex = exports.principalCan = exports.loadCollectConfigs = exports.getCollectClient = exports.NoCacheProvider = exports.InMemoryCacheProvider = exports.IamCollectClient = void 0;
 var client_js_1 = require("./collect/client.js");
 Object.defineProperty(exports, "IamCollectClient", { enumerable: true, get: function () { return client_js_1.IamCollectClient; } });
 Object.defineProperty(exports, "InMemoryCacheProvider", { enumerable: true, get: function () { return client_js_1.InMemoryCacheProvider; } });
@@ -16,4 +16,6 @@ var simulate_js_1 = require("./simulate/simulate.js");
 Object.defineProperty(exports, "simulateRequest", { enumerable: true, get: function () { return simulate_js_1.simulateRequest; } });
 var whoCan_js_1 = require("./whoCan/whoCan.js");
 Object.defineProperty(exports, "whoCan", { enumerable: true, get: function () { return whoCan_js_1.whoCan; } });
+var WhoCanProcessor_js_1 = require("./whoCan/WhoCanProcessor.js");
+Object.defineProperty(exports, "WhoCanProcessor", { enumerable: true, get: function () { return WhoCanProcessor_js_1.WhoCanProcessor; } });
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,iDAM4B;AAL1B,6GAAA,gBAAgB,OAAA;AAChB,kHAAA,qBAAqB,OAAA;AACrB,4GAAA,eAAe,OAAA;AAYjB,mDAK6B;AAJ3B,8GAAA,gBAAgB,OAAA;AAChB,gHAAA,kBAAkB,OAAA;AAIpB,kEAAqF;AAA5E,+GAAA,YAAY,OAAA;AACrB,gFAA2E;AAAlE,2HAAA,kBAAkB,OAAA;AAE3B,sDAAgF;AAAvE,8GAAA,eAAe,OAAA;AACxB,gDAM2B;AALzB,mGAAA,MAAM,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAAA,iDAM4B;AAL1B,6GAAA,gBAAgB,OAAA;AAChB,kHAAA,qBAAqB,OAAA;AACrB,4GAAA,eAAe,OAAA;AAYjB,mDAK6B;AAJ3B,8GAAA,gBAAgB,OAAA;AAChB,gHAAA,kBAAkB,OAAA;AAIpB,kEAAqF;AAA5E,+GAAA,YAAY,OAAA;AACrB,gFAA2E;AAAlE,2HAAA,kBAAkB,OAAA;AAE3B,sDAAgF;AAAvE,8GAAA,eAAe,OAAA;AACxB,gDAM2B;AALzB,mGAAA,MAAM,OAAA;AAMR,kEAOoC;AANlC,qHAAA,eAAe,OAAA"}

package/dist/cjs/utils/bitset.js

@@ -16,7 +16,7 @@ const bitset_1 = require("bitset");
 function encodeBitSet(bitset) {
     const rawHex = bitset.toString(16);
     const compressedHex = compressHex(rawHex);
-    const sparseString = bitset.toArray().join(',');
+    const sparseString = ',' + bitset.toArray().join(',');
     if (sparseString.length < compressedHex.length && sparseString.length < rawHex.length) {
         return sparseString;
     }
@@ -39,9 +39,9 @@ function decodeBitSet(encoded) {
     }
     else if (typeof encoded === 'string') {
         // Check if it's a sparse array (comma-separated numbers)
-        if (encoded.includes(',')) {
+        if (encoded.startsWith(',')) {
             // It's a sparse array - convert to BitSet
-            const positions = encoded.split(',').map(Number);
+            const positions = encoded.slice(1).split(',').map(Number);
             const bitset = new bitset_1.default();
             positions.forEach((pos) => bitset.set(pos, 1));
             return bitset;

package/dist/cjs/utils/bitset.js.map

@@ -1 +1 @@
-{"version":3,"file":"bitset.js","sourceRoot":"","sources":["../../../src/utils/bitset.ts"],"names":[],"mappings":";;AAQA,oCAcC;AAQD,oCA2BC;AAQD,kCAKC;AAQD,sCAMC;AAQD,0DAgBC;AASD,8DA0BC;AA/ID,mCAA2B;AAE3B;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAc;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAClC,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACzC,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE/C,IAAI,YAAY,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACtF,OAAO,YAAY,CAAA;IACrB,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,aAAa,CAAA;IACtB,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAY;IACvC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,gBAAM,EAAE,CAAA;QAC3B,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC1C,OAAO,MAAM,CAAA;IACf,CAAC;SAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACvC,yDAAyD;QACzD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,0CAA0C;YAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAChD,MAAM,MAAM,GAAG,IAAI,gBAAM,EAAE,CAAA;YAC3B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9C,OAAO,MAAM,CAAA;QACf,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,yCAAyC;YACzC,MAAM,eAAe,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;YAC9C,OAAO,gBAAM,CAAC,aAAa,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;aAAM,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;YAC1B,OAAO,IAAI,gBAAM,EAAE,CAAA;QACrB,CAAC;aAAM,CAAC;YACN,sBAAsB;YACtB,OAAO,gBAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACtC,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,OAAO,gBAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,MAAM,mBAAmB,GAAG,YAAY,CAAA;IACxC,OAAO,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;QACnD,OAAO,IAAI,KAAK,CAAC,MAAM,GAAG,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,aAAqB;IACjD,qEAAqE;IACrE,MAAM,WAAW,GAAG,YAAY,CAAA;IAChC,OAAO,aAAa,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzD,OAAO,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,eAAuB;IAC7D,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxC,IAAI,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;QACpD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAA;IACrD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAChD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAClC,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,GAAG,SAAS,IAAI,GAAG,EAAE,CAAA;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,yBAAyB,CACvC,gBAAwB,EACxB,SAAiB,eAAe;IAEhC,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,wCAAwC,gBAAgB,EAAE,CAAC,CAAA;IAC7E,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1B,IAAI,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAEvB,kDAAkD;IAClD,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACtC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO,GAAG,MAAM,GAAG,SAAS,IAAI,QAAQ,EAAE,CAAA;AAC5C,CAAC"}
+{"version":3,"file":"bitset.js","sourceRoot":"","sources":["../../../src/utils/bitset.ts"],"names":[],"mappings":";;AAQA,oCAcC;AAQD,oCA2BC;AAQD,kCAKC;AAQD,sCAMC;AAQD,0DAgBC;AASD,8DA0BC;AA/ID,mCAA2B;AAE3B;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAc;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAClC,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACzC,MAAM,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAErD,IAAI,YAAY,CAAC,MAAM,GAAG,aAAa,CAAC,MAAM,IAAI,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACtF,OAAO,YAAY,CAAA;IACrB,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,aAAa,CAAA;IACtB,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAY;IACvC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAI,gBAAM,EAAE,CAAA;QAC3B,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QAC1C,OAAO,MAAM,CAAA;IACf,CAAC;SAAM,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACvC,yDAAyD;QACzD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,0CAA0C;YAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YACzD,MAAM,MAAM,GAAG,IAAI,gBAAM,EAAE,CAAA;YAC3B,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YAC9C,OAAO,MAAM,CAAA;QACf,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,yCAAyC;YACzC,MAAM,eAAe,GAAG,aAAa,CAAC,OAAO,CAAC,CAAA;YAC9C,OAAO,gBAAM,CAAC,aAAa,CAAC,eAAe,CAAC,CAAA;QAC9C,CAAC;aAAM,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;YAC1B,OAAO,IAAI,gBAAM,EAAE,CAAA;QACrB,CAAC;aAAM,CAAC;YACN,sBAAsB;YACtB,OAAO,gBAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACtC,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,OAAO,gBAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,MAAM,mBAAmB,GAAG,YAAY,CAAA;IACxC,OAAO,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;QACnD,OAAO,IAAI,KAAK,CAAC,MAAM,GAAG,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAAC,aAAqB;IACjD,qEAAqE;IACrE,MAAM,WAAW,GAAG,YAAY,CAAA;IAChC,OAAO,aAAa,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACzD,OAAO,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,eAAuB;IAC7D,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACxC,IAAI,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IACxB,IAAI,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACzC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,CAAC,EAAE,CAAC;QACpD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAA;IACrD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAChD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAClC,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,GAAG,SAAS,IAAI,GAAG,EAAE,CAAA;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,yBAAyB,CACvC,gBAAwB,EACxB,SAAiB,eAAe;IAEhC,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,wCAAwC,gBAAgB,EAAE,CAAC,CAAA;IAC7E,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAC1B,IAAI,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAEvB,kDAAkD;IAClD,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACtC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAA;IAC1D,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO,GAAG,MAAM,GAAG,SAAS,IAAI,QAAQ,EAAE,CAAA;AAC5C,CAAC"}

package/dist/cjs/whoCan/WhoCanMainThreadWorker.d.ts

@@ -1,11 +1,73 @@
 import { type JobResult } from '@cloud-copilot/job';
 import { IamCollectClient } from '../collect/client.js';
 import { type S3AbacOverride } from '../utils/s3Abac.js';
-import { ArrayStreamingWorkQueue } from '../workers/ArrayStreamingWorkQueue.js';
 import { PullBasedJobRunner } from '../workers/JobRunner.js';
-import { StreamingWorkQueue } from '../workers/StreamingWorkQueue.js';
 import { type LightRequestAnalysis } from './requestAnalysis.js';
 import { type WhoCanAllowed, type WhoCanDenyDetail } from './whoCan.js';
 import { type WhoCanExecutionResult, type WhoCanWorkItem } from './WhoCanWorker.js';
-export declare function createMainThreadStreamingWorkQueue(queue: StreamingWorkQueue<WhoCanWorkItem> | ArrayStreamingWorkQueue<WhoCanWorkItem>, collectClient: IamCollectClient, s3AbacOverride: S3AbacOverride | undefined, onComplete: (result: JobResult<WhoCanAllowed | undefined, Record<string, unknown>>) => void, denyDetailsCallback?: (details: LightRequestAnalysis) => boolean, onDenyDetail?: (detail: WhoCanDenyDetail) => void, collectGrantDetails?: boolean, strictContextKeys?: string[]): PullBasedJobRunner<WhoCanExecutionResult, Record<string, unknown>, WhoCanWorkItem>;
+/**
+ * A work item tagged with its owning request ID, used by the main-thread
+ * runner so that simulation results can be routed back to the correct request.
+ */
+export interface TaggedWhoCanWorkItem extends WhoCanWorkItem {
+    /** The request ID this work item belongs to. */
+    requestId: string;
+}
+/**
+ * Properties attached to each job so the requestId survives through to onComplete.
+ */
+interface MainThreadJobProperties {
+    /** The request ID this job belongs to. */
+    requestId: string;
+    /** Whether deny details should be collected for this work item's request. */
+    collectDenyDetails: boolean;
+}
+/**
+ * Dequeues the next tagged work item from the processor's FIFO scheduler.
+ *
+ * @returns the next tagged work item, or undefined if none are ready.
+ */
+export type DequeueWork = () => TaggedWhoCanWorkItem | undefined;
+/**
+ * Called when a simulation completes (allowed, denied, or error). Routes
+ * the result back to the processor by requestId.
+ *
+ * @param requestId - The request this result belongs to.
+ * @param result - The simulation result (fulfilled with WhoCanAllowed or undefined, or rejected).
+ */
+export type OnSimulationResult = (requestId: string, result: JobResult<WhoCanAllowed | undefined, Record<string, unknown>>) => void;
+/**
+ * Checks whether deny details should be included for a denied simulation.
+ *
+ * @param requestId - The request this check belongs to.
+ * @param lightAnalysis - The light analysis for the denied simulation.
+ * @returns true if deny details should be collected and delivered.
+ */
+export type OnCheckDenyDetails = (requestId: string, lightAnalysis: LightRequestAnalysis) => boolean;
+/**
+ * Called when deny details are ready to be delivered.
+ *
+ * @param requestId - The request this detail belongs to.
+ * @param detail - The deny detail record.
+ */
+export type OnDenyDetail = (requestId: string, detail: WhoCanDenyDetail) => void;
+/**
+ * Creates a main-thread simulation runner that pulls tagged work items from
+ * the processor's FIFO scheduler and routes results back by requestId.
+ *
+ * The requestId is threaded through the job's properties so it is available
+ * in onComplete without needing the workerId.
+ *
+ * @param dequeueWork - Function to dequeue the next tagged work item.
+ * @param onSimulationResult - Callback for simulation results.
+ * @param onCheckDenyDetails - Callback to check whether to collect deny details.
+ * @param onDenyDetail - Callback for deny detail delivery.
+ * @param collectClient - The IAM collect client for fetching policy data.
+ * @param s3AbacOverride - Optional override for S3 ABAC when checking S3 Bucket access.
+ * @param collectGrantDetails - Whether to collect grant details for allowed simulations.
+ * @param concurrency - The number of concurrent simulations to run on the main thread. Defaults to 50.
+ * @returns a PullBasedJobRunner that processes tagged whoCan work items.
+ */
+export declare function createMainThreadStreamingWorkQueue(dequeueWork: DequeueWork, onSimulationResult: OnSimulationResult, onCheckDenyDetails: OnCheckDenyDetails, onDenyDetail: OnDenyDetail, collectClient: IamCollectClient, s3AbacOverride: S3AbacOverride | undefined, collectGrantDetails: boolean, concurrency?: number): PullBasedJobRunner<WhoCanExecutionResult, MainThreadJobProperties, TaggedWhoCanWorkItem>;
+export {};
 //# sourceMappingURL=WhoCanMainThreadWorker.d.ts.map

package/dist/cjs/whoCan/WhoCanMainThreadWorker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"WhoCanMainThreadWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACxD,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAA;AAC/E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAEL,KAAK,oBAAoB,EAE1B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACvE,OAAO,EAEL,KAAK,qBAAqB,EAC1B,KAAK,cAAc,EACpB,MAAM,mBAAmB,CAAA;AAE1B,wBAAgB,kCAAkC,CAChD,KAAK,EAAE,kBAAkB,CAAC,cAAc,CAAC,GAAG,uBAAuB,CAAC,cAAc,CAAC,EACnF,aAAa,EAAE,gBAAgB,EAC/B,cAAc,EAAE,cAAc,GAAG,SAAS,EAC1C,UAAU,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC,aAAa,GAAG,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,IAAI,EAC3F,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,OAAO,EAChE,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,gBAAgB,KAAK,IAAI,EACjD,mBAAmB,CAAC,EAAE,OAAO,EAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,sFA4D7B"}
+{"version":3,"file":"WhoCanMainThreadWorker.d.ts","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,OAAO,EAEL,KAAK,oBAAoB,EAE1B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAA;AACvE,OAAO,EAAiB,KAAK,qBAAqB,EAAE,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAElG;;;GAGG;AACH,MAAM,WAAW,oBAAqB,SAAQ,cAAc;IAC1D,gDAAgD;IAChD,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;GAEG;AACH,UAAU,uBAAuB;IAC/B,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAA;IAEjB,6EAA6E;IAC7E,kBAAkB,EAAE,OAAO,CAAA;CAC5B;AAED;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,oBAAoB,GAAG,SAAS,CAAA;AAEhE;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,SAAS,CAAC,aAAa,GAAG,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAClE,IAAI,CAAA;AAET;;;;;;GAMG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,oBAAoB,KAAK,OAAO,CAAA;AAEpG;;;;;GAKG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,KAAK,IAAI,CAAA;AAEhF;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,kCAAkC,CAChD,WAAW,EAAE,WAAW,EACxB,kBAAkB,EAAE,kBAAkB,EACtC,kBAAkB,EAAE,kBAAkB,EACtC,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,gBAAgB,EAC/B,cAAc,EAAE,cAAc,GAAG,SAAS,EAC1C,mBAAmB,EAAE,OAAO,EAC5B,WAAW,GAAE,MAAW,4FAoEzB"}

package/dist/cjs/whoCan/WhoCanMainThreadWorker.js

@@ -4,54 +4,75 @@ exports.createMainThreadStreamingWorkQueue = createMainThreadStreamingWorkQueue;
 const JobRunner_js_1 = require("../workers/JobRunner.js");
 const requestAnalysis_js_1 = require("./requestAnalysis.js");
 const WhoCanWorker_js_1 = require("./WhoCanWorker.js");
-function createMainThreadStreamingWorkQueue(queue, collectClient, s3AbacOverride, onComplete, denyDetailsCallback, onDenyDetail, collectGrantDetails, strictContextKeys) {
-    const collectDenyDetails = !!denyDetailsCallback;
-    return new JobRunner_js_1.PullBasedJobRunner(50, async () => {
-        return queue.dequeue();
-    }, (workItem) => {
-        return (0, WhoCanWorker_js_1.createJobForWhoCanWorkItem)(workItem, collectClient, {
-            s3AbacOverride,
-            collectDenyDetails,
-            collectGrantDetails,
-            strictContextKeys
-        });
+/**
+ * Creates a main-thread simulation runner that pulls tagged work items from
+ * the processor's FIFO scheduler and routes results back by requestId.
+ *
+ * The requestId is threaded through the job's properties so it is available
+ * in onComplete without needing the workerId.
+ *
+ * @param dequeueWork - Function to dequeue the next tagged work item.
+ * @param onSimulationResult - Callback for simulation results.
+ * @param onCheckDenyDetails - Callback to check whether to collect deny details.
+ * @param onDenyDetail - Callback for deny detail delivery.
+ * @param collectClient - The IAM collect client for fetching policy data.
+ * @param s3AbacOverride - Optional override for S3 ABAC when checking S3 Bucket access.
+ * @param collectGrantDetails - Whether to collect grant details for allowed simulations.
+ * @param concurrency - The number of concurrent simulations to run on the main thread. Defaults to 50.
+ * @returns a PullBasedJobRunner that processes tagged whoCan work items.
+ */
+function createMainThreadStreamingWorkQueue(dequeueWork, onSimulationResult, onCheckDenyDetails, onDenyDetail, collectClient, s3AbacOverride, collectGrantDetails, concurrency = 50) {
+    return new JobRunner_js_1.PullBasedJobRunner(concurrency, async () => {
+        return dequeueWork();
+    }, (taggedItem) => {
+        const { requestId, ...workItem } = taggedItem;
+        return {
+            properties: { requestId, collectDenyDetails: workItem.collectDenyDetails },
+            execute: async (context) => {
+                return (0, WhoCanWorker_js_1.executeWhoCan)(workItem, collectClient, {
+                    s3AbacOverride,
+                    collectDenyDetails: workItem.collectDenyDetails,
+                    collectGrantDetails,
+                    strictContextKeys: workItem.strictContextKeys
+                });
+            }
+        };
     }, async (result) => {
+        const { requestId, collectDenyDetails } = result.properties;
         if (result.status === 'fulfilled') {
             const executionResult = result.value;
             if (executionResult.type === 'allowed') {
-                // Simulation was allowed - pass through to onComplete
-                onComplete({
+                onSimulationResult(requestId, {
                     status: 'fulfilled',
                     value: executionResult.allowed,
-                    properties: result.properties
+                    properties: {}
                 });
             }
             else {
-                // Simulation was denied
-                onComplete({
+                // Denied — handle deny details BEFORE reporting the simulation result,
+                // because onSimulationResult may trigger request completion checks.
+                const hasDetails = executionResult.type === 'denied_single' || executionResult.type === 'denied_wildcard';
+                if (collectDenyDetails && hasDetails) {
+                    const lightAnalysis = (0, requestAnalysis_js_1.toLightRequestAnalysis)(executionResult);
+                    const shouldInclude = onCheckDenyDetails(requestId, lightAnalysis);
+                    if (shouldInclude) {
+                        onDenyDetail(requestId, (0, requestAnalysis_js_1.convertToDenialDetails)(executionResult));
+                    }
+                }
+                // Now report the denied simulation result (may trigger completion check)
+                onSimulationResult(requestId, {
                     status: 'fulfilled',
                     value: undefined,
-                    properties: result.properties
+                    properties: {}
                 });
-                // Check if we should include deny details
-                if (denyDetailsCallback && onDenyDetail) {
-                    const hasDetails = executionResult.type === 'denied_single' || executionResult.type === 'denied_wildcard';
-                    if (hasDetails) {
-                        const lightAnalysis = (0, requestAnalysis_js_1.toLightRequestAnalysis)(executionResult);
-                        const shouldInclude = denyDetailsCallback(lightAnalysis);
-                        if (shouldInclude) {
-                            onDenyDetail((0, requestAnalysis_js_1.convertToDenialDetails)(executionResult));
-                        }
-                    }
-                }
             }
         }
         else {
-            // Error case - pass through as rejected
-            onComplete({
+            // Error case
+            onSimulationResult(requestId, {
                 status: 'rejected',
                 reason: result.reason,
-                properties: result.properties
+                properties: {}
             });
         }
     });

package/dist/cjs/whoCan/WhoCanMainThreadWorker.js.map

@@ -1 +1 @@
-{"version":3,"file":"WhoCanMainThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":";;AAkBA,gFAoEC;AAlFD,0DAA4D;AAE5D,6DAI6B;AAE7B,uDAI0B;AAE1B,SAAgB,kCAAkC,CAChD,KAAmF,EACnF,aAA+B,EAC/B,cAA0C,EAC1C,UAA2F,EAC3F,mBAAgE,EAChE,YAAiD,EACjD,mBAA6B,EAC7B,iBAA4B;IAE5B,MAAM,kBAAkB,GAAG,CAAC,CAAC,mBAAmB,CAAA;IAEhD,OAAO,IAAI,iCAAkB,CAC3B,EAAE,EACF,KAAK,IAAI,EAAE;QACT,OAAO,KAAK,CAAC,OAAO,EAAE,CAAA;IACxB,CAAC,EACD,CAAC,QAAQ,EAAE,EAAE;QACX,OAAO,IAAA,4CAA0B,EAAC,QAAQ,EAAE,aAAa,EAAE;YACzD,cAAc;YACd,kBAAkB;YAClB,mBAAmB;YACnB,iBAAiB;SAClB,CAAC,CAAA;IACJ,CAAC,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAA;YACpC,IAAI,eAAe,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvC,sDAAsD;gBACtD,UAAU,CAAC;oBACT,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,eAAe,CAAC,OAAO;oBAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,wBAAwB;gBACxB,UAAU,CAAC;oBACT,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,SAAS;oBAChB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAC,CAAA;gBAEF,0CAA0C;gBAC1C,IAAI,mBAAmB,IAAI,YAAY,EAAE,CAAC;oBACxC,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,eAAe,IAAI,eAAe,CAAC,IAAI,KAAK,iBAAiB,CAAA;oBAExF,IAAI,UAAU,EAAE,CAAC;wBACf,MAAM,aAAa,GAAG,IAAA,2CAAsB,EAAC,eAAe,CAAC,CAAA;wBAC7D,MAAM,aAAa,GAAG,mBAAmB,CAAC,aAAa,CAAC,CAAA;wBAExD,IAAI,aAAa,EAAE,CAAC;4BAClB,YAAY,CAAC,IAAA,2CAAsB,EAAC,eAAe,CAAC,CAAC,CAAA;wBACvD,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,UAAU,CAAC;gBACT,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}
+{"version":3,"file":"WhoCanMainThreadWorker.js","sourceRoot":"","sources":["../../../src/whoCan/WhoCanMainThreadWorker.ts"],"names":[],"mappings":";;AAqFA,gFA4EC;AA9JD,0DAA4D;AAC5D,6DAI6B;AAE7B,uDAAkG;AA0DlG;;;;;;;;;;;;;;;;GAgBG;AACH,SAAgB,kCAAkC,CAChD,WAAwB,EACxB,kBAAsC,EACtC,kBAAsC,EACtC,YAA0B,EAC1B,aAA+B,EAC/B,cAA0C,EAC1C,mBAA4B,EAC5B,cAAsB,EAAE;IAExB,OAAO,IAAI,iCAAkB,CAK3B,WAAW,EACX,KAAK,IAAI,EAAE;QACT,OAAO,WAAW,EAAE,CAAA;IACtB,CAAC,EACD,CAAC,UAAU,EAAE,EAAE;QACb,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,UAAU,CAAA;QAC7C,OAAO;YACL,UAAU,EAAE,EAAE,SAAS,EAAE,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB,EAAE;YAC1E,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;gBACzB,OAAO,IAAA,+BAAa,EAAC,QAAQ,EAAE,aAAa,EAAE;oBAC5C,cAAc;oBACd,kBAAkB,EAAE,QAAQ,CAAC,kBAAkB;oBAC/C,mBAAmB;oBACnB,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;iBAC9C,CAAC,CAAA;YACJ,CAAC;SACF,CAAA;IACH,CAAC,EACD,KAAK,EAAE,MAAM,EAAE,EAAE;QACf,MAAM,EAAE,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAC,UAAU,CAAA;QAE3D,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAA;YACpC,IAAI,eAAe,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACvC,kBAAkB,CAAC,SAAS,EAAE;oBAC5B,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,eAAe,CAAC,OAAO;oBAC9B,UAAU,EAAE,EAAE;iBACf,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,uEAAuE;gBACvE,oEAAoE;gBACpE,MAAM,UAAU,GACd,eAAe,CAAC,IAAI,KAAK,eAAe,IAAI,eAAe,CAAC,IAAI,KAAK,iBAAiB,CAAA;gBAExF,IAAI,kBAAkB,IAAI,UAAU,EAAE,CAAC;oBACrC,MAAM,aAAa,GAAG,IAAA,2CAAsB,EAAC,eAAe,CAAC,CAAA;oBAC7D,MAAM,aAAa,GAAG,kBAAkB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;oBAElE,IAAI,aAAa,EAAE,CAAC;wBAClB,YAAY,CAAC,SAAS,EAAE,IAAA,2CAAsB,EAAC,eAAe,CAAC,CAAC,CAAA;oBAClE,CAAC;gBACH,CAAC;gBAED,yEAAyE;gBACzE,kBAAkB,CAAC,SAAS,EAAE;oBAC5B,MAAM,EAAE,WAAW;oBACnB,KAAK,EAAE,SAAS;oBAChB,UAAU,EAAE,EAAE;iBACf,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,aAAa;YACb,kBAAkB,CAAC,SAAS,EAAE;gBAC5B,MAAM,EAAE,UAAU;gBAClB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,UAAU,EAAE,EAAE;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}