@code-rag/core 0.1.0 → 0.1.1

package/dist/auth/saml-provider.test.js

@@ -1,422 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { createSign, generateKeyPairSync } from 'node:crypto';
-import { SAMLProvider } from './saml-provider.js';
-import { AuthError } from './types.js';
-// ---------------------------------------------------------------------------
-// RSA key pair for SAML signature testing
-// ---------------------------------------------------------------------------
-const { publicKey, privateKey } = generateKeyPairSync('rsa', {
-    modulusLength: 2048,
-});
-// For test purposes, extract the base64 public key as a stand-in certificate
-const publicKeyDer = publicKey.export({ type: 'spki', format: 'der' });
-const certBase64 = publicKeyDer.toString('base64');
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-function defaultConfig() {
-    return {
-        idpMetadataUrl: 'https://idp.example.com/metadata',
-        spEntityId: 'https://coderag.example.com',
-        spAcsUrl: 'https://coderag.example.com/sso/acs',
-        certificatePem: `-----BEGIN CERTIFICATE-----\n${certBase64}\n-----END CERTIFICATE-----`,
-        roleMapping: {
-            'coderag-admins': 'admin',
-            'coderag-devs': 'developer',
-            'coderag-readers': 'viewer',
-        },
-    };
-}
-function createIdpMetadataXml() {
-    return `<?xml version="1.0" encoding="UTF-8"?>
-<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
-  entityID="https://idp.example.com">
-  <md:IDPSSODescriptor>
-    <md:KeyDescriptor use="signing">
-      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-        <ds:X509Data>
-          <ds:X509Certificate>${certBase64}</ds:X509Certificate>
-        </ds:X509Data>
-      </ds:KeyInfo>
-    </md:KeyDescriptor>
-    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
-    <md:SingleSignOnService
-      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-      Location="https://idp.example.com/sso" />
-  </md:IDPSSODescriptor>
-</md:EntityDescriptor>`;
-}
-function createSamlResponse(options) {
-    const nameId = options?.nameId ?? 'user@example.com';
-    const email = options?.email ?? 'user@example.com';
-    const role = options?.role ?? 'developer';
-    const audience = options?.audience ?? 'https://coderag.example.com';
-    const now = new Date();
-    const notBefore = options?.notBefore ?? new Date(now.getTime() - 60000).toISOString();
-    const notOnOrAfter = options?.notOnOrAfter ?? new Date(now.getTime() + 3600000).toISOString();
-    // Create a simplified SAML assertion for testing
-    const assertion = `<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
-  <saml:Issuer>https://idp.example.com</saml:Issuer>
-  <saml:Subject>
-    <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">${nameId}</saml:NameID>
-  </saml:Subject>
-  <saml:Conditions NotBefore="${notBefore}" NotOnOrAfter="${notOnOrAfter}">
-    <saml:AudienceRestriction>
-      <saml:Audience>${audience}</saml:Audience>
-    </saml:AudienceRestriction>
-  </saml:Conditions>
-  <saml:AttributeStatement>
-    <saml:Attribute Name="email">
-      <saml:AttributeValue>${email}</saml:AttributeValue>
-    </saml:Attribute>
-    <saml:Attribute Name="role">
-      <saml:AttributeValue>${role}</saml:AttributeValue>
-    </saml:Attribute>
-    <saml:Attribute Name="displayName">
-      <saml:AttributeValue>Test User</saml:AttributeValue>
-    </saml:Attribute>
-  </saml:AttributeStatement>
-</saml:Assertion>`;
-    // Create SignedInfo and sign it.
-    // The provider extracts text between <ds:SignedInfo>...</ds:SignedInfo>,
-    // trims it, and wraps it: <SignedInfo xmlns="...">{trimmed}</SignedInfo>.
-    // We must sign exactly that reconstructed string.
-    const digestValue = Buffer.from('test-digest').toString('base64');
-    const signedInfoInner = `<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>${digestValue}</ds:DigestValue></ds:Reference>`;
-    // This is what the provider will reconstruct and verify against
-    const signedInfoXml = `<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">${signedInfoInner}</SignedInfo>`;
-    const signer = createSign('RSA-SHA256');
-    signer.update(signedInfoXml);
-    const signatureValue = signer.sign(privateKey).toString('base64');
-    return `<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-  ${assertion}
-  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-    <ds:SignedInfo>${signedInfoInner}</ds:SignedInfo>
-    <ds:SignatureValue>${signatureValue}</ds:SignatureValue>
-  </ds:Signature>
-</samlp:Response>`;
-}
-function createMockFetch(responses) {
-    return vi.fn(async (input) => {
-        const url = typeof input === 'string' ? input : input.toString();
-        const response = responses[url];
-        if (!response) {
-            return {
-                ok: false,
-                status: 404,
-                json: async () => ({}),
-                text: async () => '',
-            };
-        }
-        return {
-            ok: response.ok,
-            status: response.status,
-            json: async () => JSON.parse(response.body),
-            text: async () => response.body,
-        };
-    });
-}
-// ---------------------------------------------------------------------------
-// Tests
-// ---------------------------------------------------------------------------
-describe('SAMLProvider', () => {
-    let config;
-    beforeEach(() => {
-        config = defaultConfig();
-    });
-    // -----------------------------------------------------------------------
-    // Constructor
-    // -----------------------------------------------------------------------
-    describe('constructor', () => {
-        it('should have name set to saml', () => {
-            const provider = new SAMLProvider(config);
-            expect(provider.name).toBe('saml');
-        });
-    });
-    // -----------------------------------------------------------------------
-    // initialize
-    // -----------------------------------------------------------------------
-    describe('initialize', () => {
-        it('should fetch and parse IdP metadata', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: createIdpMetadataXml(),
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            const result = await provider.initialize();
-            expect(result.isOk()).toBe(true);
-        });
-        it('should return error when metadata fetch fails', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: false,
-                    status: 500,
-                    body: '',
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            const result = await provider.initialize();
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error).toBeInstanceOf(AuthError);
-                expect(result.error.message).toContain('metadata fetch failed');
-            }
-        });
-        it('should return error when metadata is missing required fields', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: '<EntityDescriptor></EntityDescriptor>',
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            const result = await provider.initialize();
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('missing required fields');
-            }
-        });
-        it('should return error on network failure', async () => {
-            const mockFetch = vi.fn(async () => {
-                throw new Error('DNS resolution failed');
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            const result = await provider.initialize();
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('DNS resolution failed');
-            }
-        });
-    });
-    // -----------------------------------------------------------------------
-    // generateAuthRequest
-    // -----------------------------------------------------------------------
-    describe('generateAuthRequest', () => {
-        it('should generate a valid SAML AuthnRequest URL', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: createIdpMetadataXml(),
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            await provider.initialize();
-            const result = provider.generateAuthRequest();
-            expect(result.isOk()).toBe(true);
-            if (result.isOk()) {
-                expect(result.value.url).toContain('https://idp.example.com/sso');
-                expect(result.value.url).toContain('SAMLRequest=');
-                expect(result.value.id).toContain('_coderag_');
-            }
-        });
-        it('should generate unique IDs for each request', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: createIdpMetadataXml(),
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            await provider.initialize();
-            const result1 = provider.generateAuthRequest();
-            const result2 = provider.generateAuthRequest();
-            expect(result1.isOk() && result2.isOk()).toBe(true);
-            if (result1.isOk() && result2.isOk()) {
-                expect(result1.value.id).not.toBe(result2.value.id);
-            }
-        });
-        it('should return error when not initialized', () => {
-            const provider = new SAMLProvider(config);
-            const result = provider.generateAuthRequest();
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('not initialized');
-            }
-        });
-    });
-    // -----------------------------------------------------------------------
-    // validateResponse
-    // -----------------------------------------------------------------------
-    describe('validateResponse', () => {
-        async function createInitializedProvider() {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: createIdpMetadataXml(),
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            await provider.initialize();
-            return provider;
-        }
-        it('should validate a well-formed SAML response', async () => {
-            const provider = await createInitializedProvider();
-            const samlXml = createSamlResponse();
-            const samlB64 = Buffer.from(samlXml).toString('base64');
-            const result = await provider.validateResponse(samlB64);
-            expect(result.isOk()).toBe(true);
-            if (result.isOk()) {
-                expect(result.value.email).toBe('user@example.com');
-                expect(result.value.name).toBe('Test User');
-                expect(result.value.roles).toContain('developer');
-            }
-        });
-        it('should reject an expired SAML assertion', async () => {
-            const provider = await createInitializedProvider();
-            const pastDate = new Date(Date.now() - 7200000).toISOString();
-            const samlXml = createSamlResponse({
-                notBefore: new Date(Date.now() - 14400000).toISOString(),
-                notOnOrAfter: pastDate,
-            });
-            const samlB64 = Buffer.from(samlXml).toString('base64');
-            const result = await provider.validateResponse(samlB64);
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('expired');
-            }
-        });
-        it('should reject a SAML assertion not yet valid', async () => {
-            const provider = await createInitializedProvider();
-            const futureDate = new Date(Date.now() + 7200000).toISOString();
-            const farFuture = new Date(Date.now() + 14400000).toISOString();
-            const samlXml = createSamlResponse({
-                notBefore: futureDate,
-                notOnOrAfter: farFuture,
-            });
-            const samlB64 = Buffer.from(samlXml).toString('base64');
-            const result = await provider.validateResponse(samlB64);
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('not yet valid');
-            }
-        });
-        it('should reject a SAML assertion with wrong audience', async () => {
-            const provider = await createInitializedProvider();
-            const samlXml = createSamlResponse({
-                audience: 'https://wrong-audience.com',
-            });
-            const samlB64 = Buffer.from(samlXml).toString('base64');
-            const result = await provider.validateResponse(samlB64);
-            expect(result.isErr()).toBe(true);
-            if (result.isErr()) {
-                expect(result.error.message).toContain('audience mismatch');
-            }
-        });
-        it('should reject invalid Base64 input', async () => {
-            const provider = await createInitializedProvider();
-            // Provide valid base64 that decodes to non-XML
-            const result = await provider.validateResponse(Buffer.from('not-xml-at-all').toString('base64'));
-            expect(result.isErr()).toBe(true);
-        });
-    });
-    // -----------------------------------------------------------------------
-    // authenticate
-    // -----------------------------------------------------------------------
-    describe('authenticate', () => {
-        it('should return AuthToken for valid SAML response', async () => {
-            const mockFetch = createMockFetch({
-                'https://idp.example.com/metadata': {
-                    ok: true,
-                    status: 200,
-                    body: createIdpMetadataXml(),
-                },
-            });
-            const provider = new SAMLProvider(config, mockFetch);
-            await provider.initialize();
-            const samlXml = createSamlResponse();
-            const samlB64 = Buffer.from(samlXml).toString('base64');
-            const result = await provider.authenticate(samlB64);
-            expect(result.isOk()).toBe(true);
-            if (result.isOk()) {
-                expect(result.value.email).toBe('user@example.com');
-                expect(result.value.roles).toContain('developer');
-                expect(result.value.exp).toBeGreaterThan(result.value.iat);
-            }
-        });
-    });
-    // -----------------------------------------------------------------------
-    // mapAttributes
-    // -----------------------------------------------------------------------
-    describe('mapAttributes', () => {
-        it('should map standard email attribute', () => {
-            const provider = new SAMLProvider(config);
-            const user = provider.mapAttributes({
-                email: 'test@example.com',
-                displayName: 'Test User',
-                role: 'admin',
-            });
-            expect(user.email).toBe('test@example.com');
-            expect(user.name).toBe('Test User');
-            expect(user.roles).toContain('admin');
-        });
-        it('should map Microsoft claims-style attributes', () => {
-            const provider = new SAMLProvider(config);
-            const user = provider.mapAttributes({
-                'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'ms@example.com',
-                'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'MS User',
-                'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': 'coderag-admins',
-            });
-            expect(user.email).toBe('ms@example.com');
-            expect(user.name).toBe('MS User');
-            expect(user.roles).toContain('admin');
-        });
-        it('should default to viewer when no role matches', () => {
-            const provider = new SAMLProvider(config);
-            const user = provider.mapAttributes({
-                email: 'test@example.com',
-            });
-            expect(user.roles).toEqual(['viewer']);
-        });
-        it('should use email as fallback for name', () => {
-            const provider = new SAMLProvider(config);
-            const user = provider.mapAttributes({
-                email: 'test@example.com',
-            });
-            expect(user.name).toBe('test@example.com');
-        });
-        it('should extract NameID from XML as user id', () => {
-            const provider = new SAMLProvider(config);
-            const xml = '<saml:NameID>unique-id-123</saml:NameID>';
-            const user = provider.mapAttributes({ email: 'test@example.com' }, xml);
-            expect(user.id).toBe('unique-id-123');
-        });
-        it('should use email as fallback for id when no NameID', () => {
-            const provider = new SAMLProvider(config);
-            const user = provider.mapAttributes({
-                email: 'fallback@example.com',
-            });
-            expect(user.id).toBe('fallback@example.com');
-        });
-    });
-    // -----------------------------------------------------------------------
-    // getUserRoles / getUserRepos (cache)
-    // -----------------------------------------------------------------------
-    describe('getUserRoles', () => {
-        it('should return viewer for unknown user', async () => {
-            const provider = new SAMLProvider(config);
-            const result = await provider.getUserRoles('unknown');
-            expect(result.isOk()).toBe(true);
-            if (result.isOk()) {
-                expect(result.value).toEqual(['viewer']);
-            }
-        });
-    });
-    describe('getUserRepos', () => {
-        it('should return empty array for unknown user', async () => {
-            const provider = new SAMLProvider(config);
-            const result = await provider.getUserRepos('unknown');
-            expect(result.isOk()).toBe(true);
-            if (result.isOk()) {
-                expect(result.value).toEqual([]);
-            }
-        });
-    });
-});
-//# sourceMappingURL=saml-provider.test.js.map

package/dist/auth/saml-provider.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"saml-provider.test.js","sourceRoot":"","sources":["../../src/auth/saml-provider.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;IAC3D,aAAa,EAAE,IAAI;CACpB,CAAC,CAAC;AAEH,6EAA6E;AAC7E,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACjF,MAAM,UAAU,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAEnD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,aAAa;IACpB,OAAO;QACL,cAAc,EAAE,kCAAkC;QAClD,UAAU,EAAE,6BAA6B;QACzC,QAAQ,EAAE,qCAAqC;QAC/C,cAAc,EAAE,gCAAgC,UAAU,6BAA6B;QACvF,WAAW,EAAE;YACX,gBAAgB,EAAE,OAAO;YACzB,cAAc,EAAE,WAAW;YAC3B,iBAAiB,EAAE,QAAQ;SAC5B;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO;;;;;;;gCAOuB,UAAU;;;;;;;;;uBASnB,CAAC;AACxB,CAAC;AAED,SAAS,kBAAkB,CAAC,OAO3B;IACC,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,kBAAkB,CAAC;IACrD,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,kBAAkB,CAAC;IACnD,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,WAAW,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,6BAA6B,CAAC;IACpE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACtF,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;IAE9F,iDAAiD;IACjD,MAAM,SAAS,GAAG;;;mFAG+D,MAAM;;gCAEzD,SAAS,mBAAmB,YAAY;;uBAEjD,QAAQ;;;;;6BAKF,KAAK;;;6BAGL,IAAI;;;;;;kBAMf,CAAC;IAEjB,iCAAiC;IACjC,yEAAyE;IACzE,0EAA0E;IAC1E,kDAAkD;IAClD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClE,MAAM,eAAe,GAAG,iRAAiR,WAAW,kCAAkC,CAAC;IAEvV,gEAAgE;IAChE,MAAM,aAAa,GAAG,0DAA0D,eAAe,eAAe,CAAC;IAE/G,MAAM,MAAM,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC7B,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAElE,OAAO;IACL,SAAS;;qBAEQ,eAAe;yBACX,cAAc;;kBAErB,CAAC;AACnB,CAAC;AAED,SAAS,eAAe,CACtB,SAAwE;IAExE,OAAO,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,KAAwB,EAAE,EAAE;QAC9C,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjE,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;gBACtB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;aACT,CAAC;QAChB,CAAC;QACD,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC3C,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,QAAQ,CAAC,IAAI;SACpB,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,IAAI,MAAkB,CAAC;IAEvB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,aAAa,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,cAAc;IACd,0EAA0E;IAE1E,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,aAAa;IACb,0EAA0E;IAE1E,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,EAAE;iBACT;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;gBAC/C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;YAC5E,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,uCAAuC;iBAC9C;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;YACpE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE;gBACjC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC3C,CAAC,CAA4B,CAAC;YAE9B,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,sBAAsB;IACtB,0EAA0E;IAE1E,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;gBAClE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;gBACnD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,OAAO,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAE/C,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,IAAI,OAAO,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;gBACrC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,mBAAmB;IACnB,0EAA0E;IAE1E,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,KAAK,UAAU,yBAAyB;YACtC,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC5C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAC9D,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;gBACxD,YAAY,EAAE,QAAQ;aACvB,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACpD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;YAChE,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,SAAS,EAAE,UAAU;gBACrB,YAAY,EAAE,SAAS;aACxB,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,kBAAkB,CAAC;gBACjC,QAAQ,EAAE,4BAA4B;aACvC,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;gBACnB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAC;YACnD,+CAA+C;YAC/C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,eAAe;IACf,0EAA0E;IAE1E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,SAAS,GAAG,eAAe,CAAC;gBAChC,kCAAkC,EAAE;oBAClC,EAAE,EAAE,IAAI;oBACR,MAAM,EAAE,GAAG;oBACX,IAAI,EAAE,oBAAoB,EAAE;iBAC7B;aACF,CAAC,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;YACrD,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAE5B,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAEpD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBACpD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;gBAClD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;gBACzB,WAAW,EAAE,WAAW;gBACxB,IAAI,EAAE,OAAO;aACd,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,oEAAoE,EAAE,gBAAgB;gBACtF,4DAA4D,EAAE,SAAS;gBACvE,8DAA8D,EAAE,gBAAgB;aACjF,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;aAC1B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,kBAAkB;aAC1B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,GAAG,GAAG,0CAA0C,CAAC;YACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CACjC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAC7B,GAAG,CACJ,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,aAAa,CAAC;gBAClC,KAAK,EAAE,sBAAsB;aAC9B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0EAA0E;IAC1E,sCAAsC;IACtC,0EAA0E;IAE1E,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC5B,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YACnC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AASA,8EAA8E;AAC9E,MAAM,CAAC,MAAM,cAAc,GAAoB,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAU,CAAC;AA6DzF,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,OAAO,SAAU,SAAQ,KAAK;IAClC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF"}

package/dist/auth/types.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/auth/types.test.js

@@ -1,147 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { AuthError, ROLE_HIERARCHY } from './types.js';
-// ---------------------------------------------------------------------------
-// AuthError
-// ---------------------------------------------------------------------------
-describe('AuthError', () => {
-    it('should have name set to AuthError', () => {
-        const error = new AuthError('something failed');
-        expect(error.name).toBe('AuthError');
-    });
-    it('should preserve the error message', () => {
-        const error = new AuthError('invalid token');
-        expect(error.message).toBe('invalid token');
-    });
-    it('should be an instance of Error', () => {
-        const error = new AuthError('test');
-        expect(error).toBeInstanceOf(Error);
-    });
-    it('should be an instance of AuthError', () => {
-        const error = new AuthError('test');
-        expect(error).toBeInstanceOf(AuthError);
-    });
-});
-// ---------------------------------------------------------------------------
-// ROLE_HIERARCHY
-// ---------------------------------------------------------------------------
-describe('ROLE_HIERARCHY', () => {
-    it('should contain all three roles', () => {
-        expect(ROLE_HIERARCHY).toHaveLength(3);
-        expect(ROLE_HIERARCHY).toContain('viewer');
-        expect(ROLE_HIERARCHY).toContain('developer');
-        expect(ROLE_HIERARCHY).toContain('admin');
-    });
-    it('should be ordered from lowest to highest privilege', () => {
-        expect(ROLE_HIERARCHY[0]).toBe('viewer');
-        expect(ROLE_HIERARCHY[1]).toBe('developer');
-        expect(ROLE_HIERARCHY[2]).toBe('admin');
-    });
-    it('should be readonly', () => {
-        // TypeScript enforces this, but verify at runtime
-        expect(Object.isFrozen(ROLE_HIERARCHY)).toBe(false); // `as const` doesn't freeze
-        expect(Array.isArray(ROLE_HIERARCHY)).toBe(true);
-    });
-});
-// ---------------------------------------------------------------------------
-// Type shape validation (compile-time + runtime)
-// ---------------------------------------------------------------------------
-describe('Type shapes', () => {
-    it('should accept valid Role values', () => {
-        const roles = ['admin', 'developer', 'viewer'];
-        expect(roles).toHaveLength(3);
-    });
-    it('should accept valid Action values', () => {
-        const actions = [
-            'search', 'context', 'status', 'explain', 'docs', 'index', 'configure',
-        ];
-        expect(actions).toHaveLength(7);
-    });
-    it('should accept valid RepoAccessLevel values', () => {
-        const levels = ['read', 'write', 'admin'];
-        expect(levels).toHaveLength(3);
-    });
-    it('should create a valid RepoPermission', () => {
-        const perm = {
-            repoName: 'my-repo',
-            access: 'write',
-        };
-        expect(perm.repoName).toBe('my-repo');
-        expect(perm.access).toBe('write');
-    });
-    it('should create a valid User', () => {
-        const user = {
-            id: 'user-1',
-            email: 'user@example.com',
-            name: 'Test User',
-            roles: ['developer'],
-            allowedRepos: ['repo-a', 'repo-b'],
-        };
-        expect(user.id).toBe('user-1');
-        expect(user.roles).toContain('developer');
-        expect(user.allowedRepos).toHaveLength(2);
-    });
-    it('should create a valid AuthToken', () => {
-        const token = {
-            userId: 'user-1',
-            email: 'user@example.com',
-            roles: ['admin'],
-            exp: 1700000000,
-            iat: 1699996400,
-        };
-        expect(token.exp).toBeGreaterThan(token.iat);
-    });
-    it('should create a valid AuditEntry', () => {
-        const entry = {
-            timestamp: new Date(),
-            userId: 'user-1',
-            action: 'search',
-            resource: 'repo-a',
-            details: 'searched for foo',
-            ip: '192.168.1.1',
-        };
-        expect(entry.timestamp).toBeInstanceOf(Date);
-        expect(typeof entry.userId).toBe('string');
-    });
-    it('should create a valid AuditQuery with all optional fields', () => {
-        const query = {
-            userId: 'user-1',
-            action: 'search',
-            startDate: new Date('2026-01-01'),
-            endDate: new Date('2026-12-31'),
-            limit: 100,
-        };
-        expect(query.limit).toBe(100);
-    });
-    it('should create a valid AuditQuery with no fields', () => {
-        const query = {};
-        expect(query.userId).toBeUndefined();
-        expect(query.action).toBeUndefined();
-    });
-    it('should create a valid OIDCConfig', () => {
-        const config = {
-            issuerUrl: 'https://idp.example.com',
-            clientId: 'client-id',
-            clientSecret: 'secret',
-            audience: 'api',
-            roleMapping: {
-                'admin-group': 'admin',
-            },
-        };
-        expect(config.issuerUrl).toBe('https://idp.example.com');
-        expect(config.roleMapping?.['admin-group']).toBe('admin');
-    });
-    it('should create a valid SAMLConfig', () => {
-        const config = {
-            idpMetadataUrl: 'https://idp.example.com/metadata',
-            spEntityId: 'https://sp.example.com',
-            spAcsUrl: 'https://sp.example.com/acs',
-            certificatePem: '-----BEGIN CERTIFICATE-----\nMIIBxTCCA...\n-----END CERTIFICATE-----',
-            roleMapping: {
-                admins: 'admin',
-            },
-        };
-        expect(config.spEntityId).toBe('https://sp.example.com');
-        expect(config.roleMapping?.['admins']).toBe('admin');
-    });
-});
-//# sourceMappingURL=types.test.js.map

package/dist/auth/types.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.test.js","sourceRoot":"","sources":["../../src/auth/types.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAcvD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,eAAe,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,KAAK,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,CAAC,cAAc,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,kDAAkD;QAClD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,4BAA4B;QACjF,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,KAAK,GAAW,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,OAAO,GAAa;YACxB,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW;SACvE,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,MAAM,GAAsB,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,IAAI,GAAmB;YAC3B,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,OAAO;SAChB,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAS;YACjB,EAAE,EAAE,QAAQ;YACZ,KAAK,EAAE,kBAAkB;YACzB,IAAI,EAAE,WAAW;YACjB,KAAK,EAAE,CAAC,WAAW,CAAC;YACpB,YAAY,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;SACnC,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,KAAK,GAAc;YACvB,MAAM,EAAE,QAAQ;YAChB,KAAK,EAAE,kBAAkB;YACzB,KAAK,EAAE,CAAC,OAAO,CAAC;YAChB,GAAG,EAAE,UAAU;YACf,GAAG,EAAE,UAAU;SAChB,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,KAAK,GAAe;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,kBAAkB;YAC3B,EAAE,EAAE,aAAa;SAClB,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,CAAC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,MAAM,KAAK,GAAe;YACxB,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC;YACjC,OAAO,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC;YAC/B,KAAK,EAAE,GAAG;SACX,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,KAAK,GAAe,EAAE,CAAC;QAC7B,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,MAAM,GAAe;YACzB,SAAS,EAAE,yBAAyB;YACpC,QAAQ,EAAE,WAAW;YACrB,YAAY,EAAE,QAAQ;YACtB,QAAQ,EAAE,KAAK;YACf,WAAW,EAAE;gBACX,aAAa,EAAE,OAAO;aACvB;SACF,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,MAAM,GAAe;YACzB,cAAc,EAAE,kCAAkC;YAClD,UAAU,EAAE,wBAAwB;YACpC,QAAQ,EAAE,4BAA4B;YACtC,cAAc,EAAE,sEAAsE;YACtF,WAAW,EAAE;gBACX,MAAM,EAAE,OAAO;aAChB;SACF,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/backlog/ab-reference-scanner.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"ab-reference-scanner.js","sourceRoot":"","sources":["../../src/backlog/ab-reference-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,OAAO,GAAG,WAAW,CAAC;IAC5B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACrB,2DAA2D;QAC3D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/backlog/ab-reference-scanner.test.d.ts

@@ -1 +0,0 @@
-export {};