@cloud-copilot/iam-simulate 0.1.4 → 0.1.6

package/dist/cjs/ConditionKeys.d.ts

@@ -0,0 +1,19 @@
+export type BaseConditionKeyType = 'String' | 'ARN' | 'Numeric' | 'Bool' | 'Date' | 'IPAddress' | 'Binary';
+export type ArrayConditionKeyType = `ArrayOf${BaseConditionKeyType}`;
+export type ConditionKeyType = BaseConditionKeyType | ArrayConditionKeyType;
+/**
+ * Check if a condition key is an array types
+ *
+ * @param key the condition key type to check
+ * @returns true if the key is an array type, otherwise false
+ */
+export declare function isConditionKeyArray(key: ConditionKeyType): key is ArrayConditionKeyType;
+/**
+ * Get the BaseConditionKeyType from an ArrayConditionKeyType
+ *
+ * @param key the ArrayConditionKeyType to get the base type from
+ * @returns the base type of the array key
+ * @throws if the key is not an array type
+ */
+export declare function getBaseConditionKeyType(key: ArrayConditionKeyType): BaseConditionKeyType;
+//# sourceMappingURL=ConditionKeys.d.ts.map

package/dist/cjs/ConditionKeys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConditionKeys.d.ts","sourceRoot":"","sources":["../../src/ConditionKeys.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,WAAW,GAAG,QAAQ,CAAA;AAC1G,MAAM,MAAM,qBAAqB,GAAG,UAAU,oBAAoB,EAAE,CAAA;AACpE,MAAM,MAAM,gBAAgB,GAAG,oBAAoB,GAAG,qBAAqB,CAAA;AAE3E;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,gBAAgB,GAAG,GAAG,IAAI,qBAAqB,CAEvF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,qBAAqB,GAAG,oBAAoB,CAKxF"}

package/dist/cjs/ConditionKeys.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isConditionKeyArray = isConditionKeyArray;
+exports.getBaseConditionKeyType = getBaseConditionKeyType;
+/**
+ * Check if a condition key is an array types
+ *
+ * @param key the condition key type to check
+ * @returns true if the key is an array type, otherwise false
+ */
+function isConditionKeyArray(key) {
+    return key.startsWith('ArrayOf');
+}
+/**
+ * Get the BaseConditionKeyType from an ArrayConditionKeyType
+ *
+ * @param key the ArrayConditionKeyType to get the base type from
+ * @returns the base type of the array key
+ * @throws if the key is not an array type
+ */
+function getBaseConditionKeyType(key) {
+    if (!isConditionKeyArray(key)) {
+        throw new Error(`Expected ArrayConditionType, got ${key}`);
+    }
+    return key.slice(7);
+}
+//# sourceMappingURL=ConditionKeys.js.map

package/dist/cjs/ConditionKeys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ConditionKeys.js","sourceRoot":"","sources":["../../src/ConditionKeys.ts"],"names":[],"mappings":";;AAUA,kDAEC;AASD,0DAKC;AAtBD;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,GAAqB;IACvD,OAAO,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAA;AAClC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,GAA0B;IAChE,IAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAA;IAC5D,CAAC;IACD,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAyB,CAAA;AAC7C,CAAC"}

package/dist/cjs/SCPAnalysis.d.ts

@@ -0,0 +1,6 @@
+import { StatementAnalysis } from "./StatementAnalysis.js";
+export interface SCPAnalysis {
+    orgIdentifier: string;
+    statementAnalysis: StatementAnalysis[];
+}
+//# sourceMappingURL=SCPAnalysis.d.ts.map

package/dist/cjs/SCPAnalysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SCPAnalysis.d.ts","sourceRoot":"","sources":["../../src/SCPAnalysis.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;CACxC"}

package/dist/cjs/SCPAnalysis.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=SCPAnalysis.js.map

package/dist/cjs/SCPAnalysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SCPAnalysis.js","sourceRoot":"","sources":["../../src/SCPAnalysis.ts"],"names":[],"mappings":""}

package/dist/cjs/context_keys/findContextKeys.d.ts

@@ -0,0 +1,19 @@
+import { Policy } from "@cloud-copilot/iam-policy";
+/**
+ * Find all the context keys in a list of policies
+ *
+ * @param policies - The list of policies to search
+ * @returns The list of valid and invalid context keys found in the policies
+ */
+export declare function findContextKeys(policies: Policy[]): Promise<{
+    validKeys: string[];
+    invalidKeys: string[];
+}>;
+/**
+ * Get the context variables used in a policy
+ *
+ * @param policy - The policy to extract variables from
+ * @returns The list of variables used in the policy
+ */
+export declare function getContextKeysFromPolicy(policy: Policy): string[];
+//# sourceMappingURL=findContextKeys.d.ts.map

package/dist/cjs/context_keys/findContextKeys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"findContextKeys.d.ts","sourceRoot":"","sources":["../../../src/context_keys/findContextKeys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAGnD;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAqBjH;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBjE"}

package/dist/cjs/context_keys/findContextKeys.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findContextKeys = findContextKeys;
+exports.getContextKeysFromPolicy = getContextKeysFromPolicy;
+const util_js_1 = require("../util.js");
+/**
+ * Find all the context keys in a list of policies
+ *
+ * @param policies - The list of policies to search
+ * @returns The list of valid and invalid context keys found in the policies
+ */
+async function findContextKeys(policies) {
+    const rawKeys = new Set();
+    for (const policy of policies) {
+        getContextKeysFromPolicy(policy).forEach(v => rawKeys.add(v));
+    }
+    const validKeys = new Set();
+    const invalidKeys = new Set();
+    for (const key of rawKeys) {
+        const valid = await (0, util_js_1.isActualContextKey)(key);
+        if (valid) {
+            const normalizedKey = await (0, util_js_1.normalizeContextKeyCase)(key);
+            validKeys.add(normalizedKey);
+        }
+        else {
+            invalidKeys.add(key);
+        }
+    }
+    return {
+        validKeys: Array.from(validKeys),
+        invalidKeys: Array.from(invalidKeys)
+    };
+}
+/**
+ * Get the context variables used in a policy
+ *
+ * @param policy - The policy to extract variables from
+ * @returns The list of variables used in the policy
+ */
+function getContextKeysFromPolicy(policy) {
+    const variables = [];
+    for (const statement of policy.statements()) {
+        if (statement.isResourceStatement()) {
+            statement.resources().forEach(r => {
+                variables.push(...(0, util_js_1.getVariablesFromString)(r.value()));
+            });
+            for (const condition of statement.conditions()) {
+                variables.push(condition.conditionKey());
+                condition.conditionValues().forEach(v => {
+                    variables.push(...(0, util_js_1.getVariablesFromString)(v));
+                });
+            }
+        }
+    }
+    return variables;
+}
+//# sourceMappingURL=findContextKeys.js.map

package/dist/cjs/context_keys/findContextKeys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"findContextKeys.js","sourceRoot":"","sources":["../../../src/context_keys/findContextKeys.ts"],"names":[],"mappings":";;AASA,0CAqBC;AAQD,4DAiBC;AAtDD,wCAAiG;AAEjG;;;;;GAKG;AACI,KAAK,UAAU,eAAe,CAAC,QAAkB;IACtD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAI,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC7B,wBAAwB,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IACpC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAI,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;QAC5C,IAAG,KAAK,EAAE,CAAC;YACT,MAAM,aAAa,GAAG,MAAM,IAAA,iCAAuB,EAAC,GAAG,CAAC,CAAC;YACzD,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;QAChC,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;KACrC,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,MAAc;IACrD,MAAM,SAAS,GAAa,EAAE,CAAA;IAC9B,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC3C,IAAG,SAAS,CAAC,mBAAmB,EAAE,EAAE,CAAC;YACnC,SAAS,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBAChC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAsB,EAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACtD,CAAC,CAAC,CAAA;YACF,KAAI,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC9C,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC,CAAC;gBACzC,SAAS,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;oBACtC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAA,gCAAsB,EAAC,CAAC,CAAC,CAAC,CAAC;gBAC/C,CAAC,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/cjs/core_engine/coreSimulatorEngine.d.ts

@@ -1,8 +1,22 @@
 import { Policy } from "@cloud-copilot/iam-policy";
 import { EvaluationResult } from "../evaluate.js";
 import { AwsRequest } from "../request/request.js";
+import { SCPAnalysis } from "../SCPAnalysis.js";
 import { ServiceAuthorizer } from "../services/ServiceAuthorizer.js";
 import { StatementAnalysis } from "../StatementAnalysis.js";
+/**
+ * A set of service control policies for each level of an organization tree
+ */
+export interface ServiceControlPolicies {
+    /**
+     * The organization identifier for the organizational unit these policies apply to.
+     */
+    orgIdentifier: string;
+    /**
+     * The policies that apply to this organizational unit.
+     */
+    policies: Policy[];
+}
 /**
  * A reqest to authorize a service action.
  */
@@ -15,6 +29,15 @@ export interface AuthorizationRequest {
      * The identity policies that are applicable to the principal making the request.
      */
     identityPolicies: Policy[];
+    /**
+     * The service control policies that apply to the principal making the request. In
+     * order of the orgnaization hierarchy. So the root ou SCPS should be first.
+     */
+    serviceControlPolicies: ServiceControlPolicies[];
+    /**
+     * The resource policy that applies to the resource being accessed.
+     */
+    resourcePolicy: Policy | undefined;
 }
 /**
  * Authorizes a request.
@@ -41,4 +64,20 @@ export declare function getServiceAuthorizer(request: AuthorizationRequest): Ser
  * @returns an array of statement analysis results
  */
 export declare function analyzeIdentityPolicies(identityPolicies: Policy[], request: AwsRequest): StatementAnalysis[];
+/**
+ * Analyzes a set of service control policies and the statements within them.
+ *
+ * @param serviceControlPolicies the service control policies to analyze
+ * @param request the request to analyze against
+ * @returns an array of SCP analysis results
+ */
+export declare function analyzeServiceControlPolicies(serviceControlPolicies: ServiceControlPolicies[], request: AwsRequest): SCPAnalysis[];
+/**
+ * Analyze a resource policy and return the results
+ *
+ * @param resourcePolicy the resource policy to analyze
+ * @param request the request to analyze against
+ * @returns an array of statement analysis results
+ */
+export declare function analyzeResourcePolicy(resourcePolicy: Policy, request: AwsRequest): StatementAnalysis[];
 //# sourceMappingURL=coreSimulatorEngine.d.ts.map

package/dist/cjs/core_engine/coreSimulatorEngine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,OAAO,EAAE,UAAU,CAAC;IAEpB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAA;CAC3B;AAID;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,gBAAgB,CAOzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,GAAG,iBAAiB,CAMrF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU,GAAG,iBAAiB,EAAE,CAe5G"}
+{"version":3,"file":"coreSimulatorEngine.d.ts","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,OAAO,EAAE,UAAU,CAAC;IAEpB;;OAEG;IACH,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAE1B;;;OAGG;IACH,sBAAsB,EAAE,sBAAsB,EAAE,CAAA;IAEhD;;OAEG;IACH,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;CACpC;AAID;;;;;;;GAOG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,oBAAoB,GAAG,gBAAgB,CAYzE;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,oBAAoB,GAAG,iBAAiB,CAMrF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,gBAAgB,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,UAAU,GAAG,iBAAiB,EAAE,CAe5G;AAED;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAAC,sBAAsB,EAAE,sBAAsB,EAAE,EAAE,OAAO,EAAE,UAAU,GAAG,WAAW,EAAE,CAsBlI;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,iBAAiB,EAAE,CAatG"}

package/dist/cjs/core_engine/coreSimulatorEngine.js

@@ -3,8 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.authorize = authorize;
 exports.getServiceAuthorizer = getServiceAuthorizer;
 exports.analyzeIdentityPolicies = analyzeIdentityPolicies;
+exports.analyzeServiceControlPolicies = analyzeServiceControlPolicies;
+exports.analyzeResourcePolicy = analyzeResourcePolicy;
 const action_js_1 = require("../action/action.js");
 const condition_js_1 = require("../condition/condition.js");
+const principal_js_1 = require("../principal/principal.js");
 const resource_js_1 = require("../resource/resource.js");
 const DefaultServiceAuthorizer_js_1 = require("../services/DefaultServiceAuthorizer.js");
 const serviceEngines = {};
@@ -18,10 +21,14 @@ const serviceEngines = {};
  */
 function authorize(request) {
     const identityAnalysis = analyzeIdentityPolicies(request.identityPolicies, request.request);
+    const scpAnalysis = analyzeServiceControlPolicies(request.serviceControlPolicies, request.request);
     const serviceAuthorizer = getServiceAuthorizer(request);
+    const resourceAnalysis = request.resourcePolicy ? analyzeResourcePolicy(request.resourcePolicy, request.request) : [];
     return serviceAuthorizer.authorize({
         request: request.request,
         identityStatements: identityAnalysis,
+        scpAnalysis,
+        resourceAnalysis
     });
 }
 /**
@@ -60,4 +67,53 @@ function analyzeIdentityPolicies(identityPolicies, request) {
     }
     return analysis;
 }
+/**
+ * Analyzes a set of service control policies and the statements within them.
+ *
+ * @param serviceControlPolicies the service control policies to analyze
+ * @param request the request to analyze against
+ * @returns an array of SCP analysis results
+ */
+function analyzeServiceControlPolicies(serviceControlPolicies, request) {
+    const analysis = [];
+    for (const controlPolicy of serviceControlPolicies) {
+        const ouAnalysis = {
+            orgIdentifier: controlPolicy.orgIdentifier,
+            statementAnalysis: [],
+        };
+        for (const policy of controlPolicy.policies) {
+            for (const statement of policy.statements()) {
+                ouAnalysis.statementAnalysis.push({
+                    statement,
+                    resourceMatch: (0, resource_js_1.requestMatchesStatementResources)(request, statement),
+                    actionMatch: (0, action_js_1.requestMatchesStatementActions)(request, statement),
+                    conditionMatch: (0, condition_js_1.requestMatchesConditions)(request, statement.conditions()),
+                    principalMatch: 'Match',
+                });
+            }
+        }
+        analysis.push(ouAnalysis);
+    }
+    return analysis;
+}
+/**
+ * Analyze a resource policy and return the results
+ *
+ * @param resourcePolicy the resource policy to analyze
+ * @param request the request to analyze against
+ * @returns an array of statement analysis results
+ */
+function analyzeResourcePolicy(resourcePolicy, request) {
+    const analysis = [];
+    for (const statement of resourcePolicy.statements()) {
+        analysis.push({
+            statement,
+            resourceMatch: (0, resource_js_1.requestMatchesStatementResources)(request, statement),
+            actionMatch: (0, action_js_1.requestMatchesStatementActions)(request, statement),
+            conditionMatch: (0, condition_js_1.requestMatchesConditions)(request, statement.conditions()),
+            principalMatch: (0, principal_js_1.requestMatchesStatementPrincipals)(request, statement),
+        });
+    }
+    return analysis;
+}
 //# sourceMappingURL=coreSimulatorEngine.js.map

package/dist/cjs/core_engine/coreSimulatorEngine.js.map

@@ -1 +1 @@
-{"version":3,"file":"coreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":";;AAmCA,8BAOC;AASD,oDAMC;AASD,0DAeC;AAhFD,mDAAqE;AACrE,4DAAqE;AAGrE,yDAA2E;AAC3E,yFAAmF;AAmBnF,MAAM,cAAc,GAAgD,EAAE,CAAC;AAEvE;;;;;;;GAOG;AACH,SAAgB,SAAS,CAAC,OAA6B;IACrD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5F,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,iBAAiB,CAAC,SAAS,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,kBAAkB,EAAE,gBAAgB;KACrC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;IACnE,IAAG,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,sDAAwB,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,gBAA0B,EAAE,OAAmB;IACrF,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,KAAI,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACrC,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS;gBACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;gBACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;gBAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"coreSimulatorEngine.js","sourceRoot":"","sources":["../../../src/core_engine/coreSimulatorEngine.ts"],"names":[],"mappings":";;AA+DA,8BAYC;AASD,oDAMC;AASD,0DAeC;AASD,sEAsBC;AASD,sDAaC;AAtKD,mDAAqE;AACrE,4DAAqE;AAErE,4DAA8E;AAE9E,yDAA2E;AAE3E,yFAAmF;AA6CnF,MAAM,cAAc,GAAgD,EAAE,CAAC;AAEvE;;;;;;;GAOG;AACH,SAAgB,SAAS,CAAC,OAA6B;IACrD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5F,MAAM,WAAW,GAAG,6BAA6B,CAAC,OAAO,CAAC,sBAAsB,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACnG,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,qBAAqB,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEtH,OAAO,iBAAiB,CAAC,SAAS,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,kBAAkB,EAAE,gBAAgB;QACpC,WAAW;QACX,gBAAgB;KACjB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,oBAAoB,CAAC,OAA6B;IAChE,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;IACnE,IAAG,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,sDAAwB,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,gBAA0B,EAAE,OAAmB;IACrF,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,KAAI,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;QACrC,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS;gBACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;gBACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;gBAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;gBACzE,cAAc,EAAE,OAAO;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,6BAA6B,CAAC,sBAAgD,EAAE,OAAmB;IACjH,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,KAAI,MAAM,aAAa,IAAI,sBAAsB,EAAE,CAAC;QAClD,MAAM,UAAU,GAAgB;YAC9B,aAAa,EAAE,aAAa,CAAC,aAAa;YAC1C,iBAAiB,EAAE,EAAE;SACtB,CAAA;QACD,KAAI,MAAM,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;YAC3C,KAAI,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC3C,UAAU,CAAC,iBAAiB,CAAC,IAAI,CAAC;oBAChC,SAAS;oBACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;oBACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;oBAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;oBACzE,cAAc,EAAE,OAAO;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,cAAsB,EAAE,OAAmB;IAC/E,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,KAAI,MAAM,SAAS,IAAI,cAAc,CAAC,UAAU,EAAE,EAAE,CAAC;QACnD,QAAQ,CAAC,IAAI,CAAC;YACZ,SAAS;YACT,aAAa,EAAE,IAAA,8CAAgC,EAAC,OAAO,EAAE,SAAS,CAAC;YACnE,WAAW,EAAE,IAAA,0CAA8B,EAAC,OAAO,EAAE,SAAS,CAAC;YAC/D,cAAc,EAAE,IAAA,uCAAwB,EAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;YACzE,cAAc,EAAE,IAAA,gDAAiC,EAAC,OAAO,EAAE,SAAS,CAAC;SACtE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/cjs/evaluate.d.ts

@@ -1,2 +1,3 @@
 export type EvaluationResult = 'Allowed' | 'ExplicitlyDenied' | 'AllowedWithConditions' | 'ImplicitlyDenied' | 'Unknown';
+export type ResourceEvaluationResult = 'NotApplicable' | 'Allowed' | 'ExplicitlyDenied' | 'AllowedForAccount' | 'DeniedForAccount' | 'ImplicityDenied';
 //# sourceMappingURL=evaluate.d.ts.map

package/dist/cjs/evaluate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,uBAAuB,GAAG,kBAAkB,GAAG,SAAS,CAAC"}
+{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/evaluate.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,kBAAkB,GAAG,uBAAuB,GAAG,kBAAkB,GAAG,SAAS,CAAC;AACzH,MAAM,MAAM,wBAAwB,GAAG,eAAe,GAAG,SAAS,GAAG,kBAAkB,GAAG,mBAAmB,GAAG,kBAAkB,GAAG,iBAAiB,CAAC"}

package/dist/cjs/global_conditions/globalConditionKeys.d.ts

@@ -0,0 +1,17 @@
+import { ConditionKeyType } from "../ConditionKeys.js";
+interface GlobalConditionKey {
+    key: string;
+    category: string;
+    dataType: ConditionKeyType;
+}
+export declare function getGlobalConditionKey(key: string): GlobalConditionKey | undefined;
+export declare function globalConditionKeyExists(key: string): boolean;
+export declare function getGlobalConditionKeysByCategory(category: string): GlobalConditionKey[];
+/**
+ * Get all the global condition keys as lower case strings
+ *
+ * @returns a list of all the global condition keys
+ */
+export declare function allGlobalConditionKeys(): string[];
+export {};
+//# sourceMappingURL=globalConditionKeys.d.ts.map

package/dist/cjs/global_conditions/globalConditionKeys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"globalConditionKeys.d.ts","sourceRoot":"","sources":["../../../src/global_conditions/globalConditionKeys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,UAAU,kBAAkB;IAC1B,GAAG,EAAE,MAAM,CAAA;IACX,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,gBAAgB,CAAA;CAC3B;AAyRD,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAEjF;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED,wBAAgB,gCAAgC,CAAC,QAAQ,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAEvF;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,EAAE,CAEjD"}

package/dist/cjs/global_conditions/globalConditionKeys.js

@@ -0,0 +1,296 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGlobalConditionKey = getGlobalConditionKey;
+exports.globalConditionKeyExists = globalConditionKeyExists;
+exports.getGlobalConditionKeysByCategory = getGlobalConditionKeysByCategory;
+exports.allGlobalConditionKeys = allGlobalConditionKeys;
+const globalConditionKeys = [
+    {
+        key: "aws:PrincipalArn",
+        category: "principal",
+        dataType: "ARN"
+    },
+    {
+        key: "aws:PrincipalAccount",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:PrincipalOrgPaths",
+        category: "principal",
+        dataType: "ArrayOfString"
+    },
+    {
+        key: "aws:PrincipalOrgID",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:PrincipalTag/tag-key",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:PrincipalIsAWSService",
+        category: "principal",
+        dataType: "Bool"
+    },
+    {
+        key: "aws:PrincipalServiceName",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:PrincipalServiceNamesList",
+        category: "principal",
+        dataType: "ArrayOfString"
+    },
+    {
+        key: "aws:PrincipalType",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:userid",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:username",
+        category: "principal",
+        dataType: "String"
+    },
+    {
+        key: "aws:AssumedRoot",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "aws:FederatedProvider",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "aws:TokenIssueTime",
+        category: "session",
+        dataType: "Date",
+    },
+    {
+        key: "aws:MultiFactorAuthAge",
+        category: "session",
+        dataType: "Numeric",
+    },
+    {
+        key: "aws:MultiFactorAuthPresent",
+        category: "session",
+        dataType: "Bool",
+    },
+    {
+        key: "aws:ChatbotSourceArn",
+        category: "session",
+        dataType: "ARN",
+    },
+    {
+        key: "aws:Ec2InstanceSourceVpc",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "aws:Ec2InstanceSourcePrivateIPv4",
+        category: "session",
+        dataType: "IPAddress",
+    },
+    {
+        key: "aws:SourceIdentity",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "ec2:RoleDelivery",
+        category: "session",
+        dataType: "Numeric",
+    },
+    {
+        key: "ec2:SourceInstanceArn",
+        category: "session",
+        dataType: "ARN",
+    },
+    {
+        key: "glue:RoleAssumedBy",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "glue:CredentialIssuingService",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "lambda:SourceFunctionArn",
+        category: "session",
+        dataType: "ARN",
+    },
+    {
+        key: "ssm:SourceInstanceArn",
+        category: "session",
+        dataType: "ARN",
+    },
+    {
+        key: "identitystore:UserId",
+        category: "session",
+        dataType: "String",
+    },
+    {
+        key: "aws:SourceIp",
+        category: "network",
+        dataType: "IPAddress",
+    },
+    {
+        key: "aws:SourceVpc",
+        category: "network",
+        dataType: "String",
+    },
+    {
+        key: "aws:SourceVpce",
+        category: "network",
+        dataType: "String",
+    },
+    {
+        key: "aws:VpcSourceIp  ",
+        category: "network",
+        dataType: "IPAddress",
+    },
+    {
+        key: "aws:ResourceAccount",
+        category: "resource",
+        dataType: "String",
+    },
+    {
+        key: "aws:ResourceOrgID",
+        category: "resource",
+        dataType: "String",
+    },
+    {
+        key: "aws:ResourceOrgPaths",
+        category: "resource",
+        dataType: "ArrayOfString",
+    },
+    {
+        key: "aws:ResourceTag/tag-key",
+        category: "resource",
+        dataType: "String",
+    },
+    {
+        key: "aws:CalledVia",
+        category: "request",
+        dataType: "ArrayOfString",
+    },
+    {
+        key: "aws:CalledViaFirst",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:CalledViaLast",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:ViaAWSService",
+        category: "request",
+        dataType: "Bool",
+    },
+    {
+        key: "aws:CurrentTime",
+        category: "request",
+        dataType: "Date",
+    },
+    {
+        key: "aws:EpochTime",
+        category: "request",
+        dataType: "Date", //Can Also be Numeric...
+    },
+    {
+        key: "aws:referer",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:RequestedRegion",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:RequestTag/tag-key",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:TagKeys",
+        category: "request",
+        dataType: "ArrayOfString",
+    },
+    {
+        key: "aws:SecureTransport",
+        category: "request",
+        dataType: "Bool",
+    },
+    {
+        key: "aws:SourceArn",
+        category: "request",
+        dataType: "ARN",
+    },
+    {
+        key: "aws:SourceAccount",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:SourceOwner",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:SourceOrgPaths",
+        category: "request",
+        dataType: "ArrayOfString",
+    },
+    {
+        key: "aws:SourceOrgID",
+        category: "request",
+        dataType: "String",
+    },
+    {
+        key: "aws:UserAgent",
+        category: "request",
+        dataType: "String",
+    }
+];
+const keysByName = globalConditionKeys.reduce((acc, key) => {
+    acc[key.key.toLowerCase()] = key;
+    return acc;
+}, {});
+const keysByCategory = globalConditionKeys.reduce((acc, key) => {
+    const lowerCategory = key.category.toLowerCase();
+    acc[lowerCategory] = acc[lowerCategory] || [];
+    acc[lowerCategory].push(key);
+    return acc;
+}, {});
+function getGlobalConditionKey(key) {
+    return keysByName[key.toLowerCase()];
+}
+function globalConditionKeyExists(key) {
+    return !!getGlobalConditionKey(key);
+}
+function getGlobalConditionKeysByCategory(category) {
+    return keysByCategory[category.toLowerCase()] || [];
+}
+/**
+ * Get all the global condition keys as lower case strings
+ *
+ * @returns a list of all the global condition keys
+ */
+function allGlobalConditionKeys() {
+    return Object.keys(keysByCategory);
+}
+//# sourceMappingURL=globalConditionKeys.js.map

package/dist/cjs/global_conditions/globalConditionKeys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"globalConditionKeys.js","sourceRoot":"","sources":["../../../src/global_conditions/globalConditionKeys.ts"],"names":[],"mappings":";;AA+RA,sDAEC;AAED,4DAEC;AAED,4EAEC;AAOD,wDAEC;AA1SD,MAAM,mBAAmB,GAAyB;IAChD;QACE,GAAG,EAAE,kBAAkB;QACvB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,2BAA2B;QAChC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,+BAA+B;QACpC,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,YAAY;QACjB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,GAAG,EAAE,4BAA4B;QACjC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,kCAAkC;QACvC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,kBAAkB;QACvB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,SAAS;KACpB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,+BAA+B;QACpC,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,0BAA0B;QAC/B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,uBAAuB;QAC5B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,cAAc;QACnB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,gBAAgB;QACrB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,WAAW;KACtB;IAED;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,sBAAsB;QAC3B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,yBAAyB;QAC9B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;KACnB;IAED;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM,EAAE,wBAAwB;KAC3C;IACD;QACE,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,wBAAwB;QAC7B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,aAAa;QAClB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,qBAAqB;QAC1B,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,KAAK;KAChB;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,oBAAoB;QACzB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,eAAe;KAC1B;IACD;QACE,GAAG,EAAE,iBAAiB;QACtB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,GAAG,EAAE,eAAe;QACpB,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAA;AAED,MAAM,UAAU,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACzD,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,GAAG,CAAC;IACjC,OAAO,GAAG,CAAC;AACb,CAAC,EAAE,EAAwC,CAAC,CAAC;AAE7C,MAAM,cAAc,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7D,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjD,GAAG,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IAC9C,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC,EAAE,EAA0C,CAAC,CAAC;AAE/C,SAAgB,qBAAqB,CAAC,GAAW;IAC/C,OAAO,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAgB,wBAAwB,CAAC,GAAW;IAClD,OAAO,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,gCAAgC,CAAC,QAAgB;IAC/D,OAAO,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;AACtD,CAAC;AAED;;;;GAIG;AACH,SAAgB,sBAAsB;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACrC,CAAC"}