@contractspec/lib.identity-rbac 1.57.0 → 1.58.0

package/dist/node/policies/engine.js

@@ -0,0 +1,154 @@
+// src/policies/engine.ts
+var Permission = {
+  USER_CREATE: "user.create",
+  USER_READ: "user.read",
+  USER_UPDATE: "user.update",
+  USER_DELETE: "user.delete",
+  USER_LIST: "user.list",
+  USER_MANAGE: "user.manage",
+  ORG_CREATE: "org.create",
+  ORG_READ: "org.read",
+  ORG_UPDATE: "org.update",
+  ORG_DELETE: "org.delete",
+  ORG_LIST: "org.list",
+  MEMBER_INVITE: "member.invite",
+  MEMBER_REMOVE: "member.remove",
+  MEMBER_UPDATE_ROLE: "member.update_role",
+  MEMBER_LIST: "member.list",
+  MANAGE_MEMBERS: "org.manage_members",
+  TEAM_CREATE: "team.create",
+  TEAM_UPDATE: "team.update",
+  TEAM_DELETE: "team.delete",
+  TEAM_MANAGE: "team.manage",
+  ROLE_CREATE: "role.create",
+  ROLE_UPDATE: "role.update",
+  ROLE_DELETE: "role.delete",
+  ROLE_ASSIGN: "role.assign",
+  ROLE_REVOKE: "role.revoke",
+  BILLING_VIEW: "billing.view",
+  BILLING_MANAGE: "billing.manage",
+  PROJECT_CREATE: "project.create",
+  PROJECT_READ: "project.read",
+  PROJECT_UPDATE: "project.update",
+  PROJECT_DELETE: "project.delete",
+  PROJECT_MANAGE: "project.manage",
+  ADMIN_ACCESS: "admin.access",
+  ADMIN_IMPERSONATE: "admin.impersonate"
+};
+var StandardRole = {
+  OWNER: {
+    name: "owner",
+    description: "Organization owner with full access",
+    permissions: Object.values(Permission)
+  },
+  ADMIN: {
+    name: "admin",
+    description: "Administrator with most permissions",
+    permissions: [
+      Permission.USER_READ,
+      Permission.USER_LIST,
+      Permission.ORG_READ,
+      Permission.ORG_UPDATE,
+      Permission.MEMBER_INVITE,
+      Permission.MEMBER_REMOVE,
+      Permission.MEMBER_UPDATE_ROLE,
+      Permission.MEMBER_LIST,
+      Permission.MANAGE_MEMBERS,
+      Permission.TEAM_CREATE,
+      Permission.TEAM_UPDATE,
+      Permission.TEAM_DELETE,
+      Permission.TEAM_MANAGE,
+      Permission.PROJECT_CREATE,
+      Permission.PROJECT_READ,
+      Permission.PROJECT_UPDATE,
+      Permission.PROJECT_DELETE,
+      Permission.PROJECT_MANAGE,
+      Permission.BILLING_VIEW
+    ]
+  },
+  MEMBER: {
+    name: "member",
+    description: "Regular organization member",
+    permissions: [
+      Permission.USER_READ,
+      Permission.ORG_READ,
+      Permission.MEMBER_LIST,
+      Permission.PROJECT_READ,
+      Permission.PROJECT_CREATE
+    ]
+  },
+  VIEWER: {
+    name: "viewer",
+    description: "Read-only access",
+    permissions: [
+      Permission.USER_READ,
+      Permission.ORG_READ,
+      Permission.MEMBER_LIST,
+      Permission.PROJECT_READ
+    ]
+  }
+};
+
+class RBACPolicyEngine {
+  roleCache = new Map;
+  bindingCache = new Map;
+  async checkPermission(input, bindings) {
+    const { userId, orgId, permission } = input;
+    const now = new Date;
+    const userBindings = bindings.filter((b) => b.targetType === "user" && b.targetId === userId);
+    const orgBindings = orgId ? bindings.filter((b) => b.targetType === "organization" && b.targetId === orgId) : [];
+    const allBindings = [...userBindings, ...orgBindings];
+    const activeBindings = allBindings.filter((b) => !b.expiresAt || b.expiresAt > now);
+    if (activeBindings.length === 0) {
+      return {
+        allowed: false,
+        reason: "No active role bindings found"
+      };
+    }
+    for (const binding of activeBindings) {
+      if (binding.role.permissions.includes(permission)) {
+        return {
+          allowed: true,
+          matchedRole: binding.role.name
+        };
+      }
+    }
+    return {
+      allowed: false,
+      reason: `No role grants the "${permission}" permission`
+    };
+  }
+  async getPermissions(userId, orgId, bindings) {
+    const now = new Date;
+    const userBindings = bindings.filter((b) => b.targetType === "user" && b.targetId === userId);
+    const orgBindings = orgId ? bindings.filter((b) => b.targetType === "organization" && b.targetId === orgId) : [];
+    const allBindings = [...userBindings, ...orgBindings];
+    const activeBindings = allBindings.filter((b) => !b.expiresAt || b.expiresAt > now);
+    const permissions = new Set;
+    const roles = [];
+    for (const binding of activeBindings) {
+      roles.push(binding.role);
+      for (const perm of binding.role.permissions) {
+        permissions.add(perm);
+      }
+    }
+    return { permissions, roles };
+  }
+  async hasAnyPermission(userId, orgId, permissions, bindings) {
+    const { permissions: userPerms } = await this.getPermissions(userId, orgId, bindings);
+    return permissions.some((p) => userPerms.has(p));
+  }
+  async hasAllPermissions(userId, orgId, permissions, bindings) {
+    const { permissions: userPerms } = await this.getPermissions(userId, orgId, bindings);
+    return permissions.every((p) => userPerms.has(p));
+  }
+}
+function createRBACEngine() {
+  return new RBACPolicyEngine;
+}
+export {
+  createRBACEngine,
+  StandardRole,
+  RBACPolicyEngine,
+  Permission
+};

package/dist/node/policies/index.js

@@ -0,0 +1,154 @@
+// src/policies/engine.ts
+var Permission = {
+  USER_CREATE: "user.create",
+  USER_READ: "user.read",
+  USER_UPDATE: "user.update",
+  USER_DELETE: "user.delete",
+  USER_LIST: "user.list",
+  USER_MANAGE: "user.manage",
+  ORG_CREATE: "org.create",
+  ORG_READ: "org.read",
+  ORG_UPDATE: "org.update",
+  ORG_DELETE: "org.delete",
+  ORG_LIST: "org.list",
+  MEMBER_INVITE: "member.invite",
+  MEMBER_REMOVE: "member.remove",
+  MEMBER_UPDATE_ROLE: "member.update_role",
+  MEMBER_LIST: "member.list",
+  MANAGE_MEMBERS: "org.manage_members",
+  TEAM_CREATE: "team.create",
+  TEAM_UPDATE: "team.update",
+  TEAM_DELETE: "team.delete",
+  TEAM_MANAGE: "team.manage",
+  ROLE_CREATE: "role.create",
+  ROLE_UPDATE: "role.update",
+  ROLE_DELETE: "role.delete",
+  ROLE_ASSIGN: "role.assign",
+  ROLE_REVOKE: "role.revoke",
+  BILLING_VIEW: "billing.view",
+  BILLING_MANAGE: "billing.manage",
+  PROJECT_CREATE: "project.create",
+  PROJECT_READ: "project.read",
+  PROJECT_UPDATE: "project.update",
+  PROJECT_DELETE: "project.delete",
+  PROJECT_MANAGE: "project.manage",
+  ADMIN_ACCESS: "admin.access",
+  ADMIN_IMPERSONATE: "admin.impersonate"
+};
+var StandardRole = {
+  OWNER: {
+    name: "owner",
+    description: "Organization owner with full access",
+    permissions: Object.values(Permission)
+  },
+  ADMIN: {
+    name: "admin",
+    description: "Administrator with most permissions",
+    permissions: [
+      Permission.USER_READ,
+      Permission.USER_LIST,
+      Permission.ORG_READ,
+      Permission.ORG_UPDATE,
+      Permission.MEMBER_INVITE,
+      Permission.MEMBER_REMOVE,
+      Permission.MEMBER_UPDATE_ROLE,
+      Permission.MEMBER_LIST,
+      Permission.MANAGE_MEMBERS,
+      Permission.TEAM_CREATE,
+      Permission.TEAM_UPDATE,
+      Permission.TEAM_DELETE,
+      Permission.TEAM_MANAGE,
+      Permission.PROJECT_CREATE,
+      Permission.PROJECT_READ,
+      Permission.PROJECT_UPDATE,
+      Permission.PROJECT_DELETE,
+      Permission.PROJECT_MANAGE,
+      Permission.BILLING_VIEW
+    ]
+  },
+  MEMBER: {
+    name: "member",
+    description: "Regular organization member",
+    permissions: [
+      Permission.USER_READ,
+      Permission.ORG_READ,
+      Permission.MEMBER_LIST,
+      Permission.PROJECT_READ,
+      Permission.PROJECT_CREATE
+    ]
+  },
+  VIEWER: {
+    name: "viewer",
+    description: "Read-only access",
+    permissions: [
+      Permission.USER_READ,
+      Permission.ORG_READ,
+      Permission.MEMBER_LIST,
+      Permission.PROJECT_READ
+    ]
+  }
+};
+
+class RBACPolicyEngine {
+  roleCache = new Map;
+  bindingCache = new Map;
+  async checkPermission(input, bindings) {
+    const { userId, orgId, permission } = input;
+    const now = new Date;
+    const userBindings = bindings.filter((b) => b.targetType === "user" && b.targetId === userId);
+    const orgBindings = orgId ? bindings.filter((b) => b.targetType === "organization" && b.targetId === orgId) : [];
+    const allBindings = [...userBindings, ...orgBindings];
+    const activeBindings = allBindings.filter((b) => !b.expiresAt || b.expiresAt > now);
+    if (activeBindings.length === 0) {
+      return {
+        allowed: false,
+        reason: "No active role bindings found"
+      };
+    }
+    for (const binding of activeBindings) {
+      if (binding.role.permissions.includes(permission)) {
+        return {
+          allowed: true,
+          matchedRole: binding.role.name
+        };
+      }
+    }
+    return {
+      allowed: false,
+      reason: `No role grants the "${permission}" permission`
+    };
+  }
+  async getPermissions(userId, orgId, bindings) {
+    const now = new Date;
+    const userBindings = bindings.filter((b) => b.targetType === "user" && b.targetId === userId);
+    const orgBindings = orgId ? bindings.filter((b) => b.targetType === "organization" && b.targetId === orgId) : [];
+    const allBindings = [...userBindings, ...orgBindings];
+    const activeBindings = allBindings.filter((b) => !b.expiresAt || b.expiresAt > now);
+    const permissions = new Set;
+    const roles = [];
+    for (const binding of activeBindings) {
+      roles.push(binding.role);
+      for (const perm of binding.role.permissions) {
+        permissions.add(perm);
+      }
+    }
+    return { permissions, roles };
+  }
+  async hasAnyPermission(userId, orgId, permissions, bindings) {
+    const { permissions: userPerms } = await this.getPermissions(userId, orgId, bindings);
+    return permissions.some((p) => userPerms.has(p));
+  }
+  async hasAllPermissions(userId, orgId, permissions, bindings) {
+    const { permissions: userPerms } = await this.getPermissions(userId, orgId, bindings);
+    return permissions.every((p) => userPerms.has(p));
+  }
+}
+function createRBACEngine() {
+  return new RBACPolicyEngine;
+}
+export {
+  createRBACEngine,
+  StandardRole,
+  RBACPolicyEngine,
+  Permission
+};

package/dist/policies/engine.d.ts

@@ -1,133 +1,130 @@
-//#region src/policies/engine.d.ts
 /**
  * Standard permissions for identity-rbac module.
  */
-declare const Permission: {
-  readonly USER_CREATE: "user.create";
-  readonly USER_READ: "user.read";
-  readonly USER_UPDATE: "user.update";
-  readonly USER_DELETE: "user.delete";
-  readonly USER_LIST: "user.list";
-  readonly USER_MANAGE: "user.manage";
-  readonly ORG_CREATE: "org.create";
-  readonly ORG_READ: "org.read";
-  readonly ORG_UPDATE: "org.update";
-  readonly ORG_DELETE: "org.delete";
-  readonly ORG_LIST: "org.list";
-  readonly MEMBER_INVITE: "member.invite";
-  readonly MEMBER_REMOVE: "member.remove";
-  readonly MEMBER_UPDATE_ROLE: "member.update_role";
-  readonly MEMBER_LIST: "member.list";
-  readonly MANAGE_MEMBERS: "org.manage_members";
-  readonly TEAM_CREATE: "team.create";
-  readonly TEAM_UPDATE: "team.update";
-  readonly TEAM_DELETE: "team.delete";
-  readonly TEAM_MANAGE: "team.manage";
-  readonly ROLE_CREATE: "role.create";
-  readonly ROLE_UPDATE: "role.update";
-  readonly ROLE_DELETE: "role.delete";
-  readonly ROLE_ASSIGN: "role.assign";
-  readonly ROLE_REVOKE: "role.revoke";
-  readonly BILLING_VIEW: "billing.view";
-  readonly BILLING_MANAGE: "billing.manage";
-  readonly PROJECT_CREATE: "project.create";
-  readonly PROJECT_READ: "project.read";
-  readonly PROJECT_UPDATE: "project.update";
-  readonly PROJECT_DELETE: "project.delete";
-  readonly PROJECT_MANAGE: "project.manage";
-  readonly ADMIN_ACCESS: "admin.access";
-  readonly ADMIN_IMPERSONATE: "admin.impersonate";
+export declare const Permission: {
+    readonly USER_CREATE: "user.create";
+    readonly USER_READ: "user.read";
+    readonly USER_UPDATE: "user.update";
+    readonly USER_DELETE: "user.delete";
+    readonly USER_LIST: "user.list";
+    readonly USER_MANAGE: "user.manage";
+    readonly ORG_CREATE: "org.create";
+    readonly ORG_READ: "org.read";
+    readonly ORG_UPDATE: "org.update";
+    readonly ORG_DELETE: "org.delete";
+    readonly ORG_LIST: "org.list";
+    readonly MEMBER_INVITE: "member.invite";
+    readonly MEMBER_REMOVE: "member.remove";
+    readonly MEMBER_UPDATE_ROLE: "member.update_role";
+    readonly MEMBER_LIST: "member.list";
+    readonly MANAGE_MEMBERS: "org.manage_members";
+    readonly TEAM_CREATE: "team.create";
+    readonly TEAM_UPDATE: "team.update";
+    readonly TEAM_DELETE: "team.delete";
+    readonly TEAM_MANAGE: "team.manage";
+    readonly ROLE_CREATE: "role.create";
+    readonly ROLE_UPDATE: "role.update";
+    readonly ROLE_DELETE: "role.delete";
+    readonly ROLE_ASSIGN: "role.assign";
+    readonly ROLE_REVOKE: "role.revoke";
+    readonly BILLING_VIEW: "billing.view";
+    readonly BILLING_MANAGE: "billing.manage";
+    readonly PROJECT_CREATE: "project.create";
+    readonly PROJECT_READ: "project.read";
+    readonly PROJECT_UPDATE: "project.update";
+    readonly PROJECT_DELETE: "project.delete";
+    readonly PROJECT_MANAGE: "project.manage";
+    readonly ADMIN_ACCESS: "admin.access";
+    readonly ADMIN_IMPERSONATE: "admin.impersonate";
 };
-type PermissionKey = (typeof Permission)[keyof typeof Permission];
+export type PermissionKey = (typeof Permission)[keyof typeof Permission];
 /**
  * Standard role definitions.
  */
-declare const StandardRole: {
-  readonly OWNER: {
-    readonly name: "owner";
-    readonly description: "Organization owner with full access";
-    readonly permissions: ("user.create" | "user.read" | "user.update" | "user.delete" | "user.list" | "user.manage" | "org.create" | "org.read" | "org.update" | "org.delete" | "org.list" | "member.invite" | "member.remove" | "member.update_role" | "member.list" | "org.manage_members" | "team.create" | "team.update" | "team.delete" | "team.manage" | "role.create" | "role.update" | "role.delete" | "role.assign" | "role.revoke" | "billing.view" | "billing.manage" | "project.create" | "project.read" | "project.update" | "project.delete" | "project.manage" | "admin.access" | "admin.impersonate")[];
-  };
-  readonly ADMIN: {
-    readonly name: "admin";
-    readonly description: "Administrator with most permissions";
-    readonly permissions: readonly ["user.read", "user.list", "org.read", "org.update", "member.invite", "member.remove", "member.update_role", "member.list", "org.manage_members", "team.create", "team.update", "team.delete", "team.manage", "project.create", "project.read", "project.update", "project.delete", "project.manage", "billing.view"];
-  };
-  readonly MEMBER: {
-    readonly name: "member";
-    readonly description: "Regular organization member";
-    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read", "project.create"];
-  };
-  readonly VIEWER: {
-    readonly name: "viewer";
-    readonly description: "Read-only access";
-    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read"];
-  };
+export declare const StandardRole: {
+    readonly OWNER: {
+        readonly name: "owner";
+        readonly description: "Organization owner with full access";
+        readonly permissions: ("user.create" | "user.read" | "user.update" | "user.delete" | "user.list" | "user.manage" | "org.create" | "org.read" | "org.update" | "org.delete" | "org.list" | "member.invite" | "member.remove" | "member.update_role" | "member.list" | "org.manage_members" | "team.create" | "team.update" | "team.delete" | "team.manage" | "role.create" | "role.update" | "role.delete" | "role.assign" | "role.revoke" | "billing.view" | "billing.manage" | "project.create" | "project.read" | "project.update" | "project.delete" | "project.manage" | "admin.access" | "admin.impersonate")[];
+    };
+    readonly ADMIN: {
+        readonly name: "admin";
+        readonly description: "Administrator with most permissions";
+        readonly permissions: readonly ["user.read", "user.list", "org.read", "org.update", "member.invite", "member.remove", "member.update_role", "member.list", "org.manage_members", "team.create", "team.update", "team.delete", "team.manage", "project.create", "project.read", "project.update", "project.delete", "project.manage", "billing.view"];
+    };
+    readonly MEMBER: {
+        readonly name: "member";
+        readonly description: "Regular organization member";
+        readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read", "project.create"];
+    };
+    readonly VIEWER: {
+        readonly name: "viewer";
+        readonly description: "Read-only access";
+        readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read"];
+    };
 };
 /**
  * Permission check input.
  */
-interface PermissionCheckInput {
-  userId: string;
-  orgId?: string;
-  permission: PermissionKey | string;
+export interface PermissionCheckInput {
+    userId: string;
+    orgId?: string;
+    permission: PermissionKey | string;
 }
 /**
  * Permission check result.
  */
-interface PermissionCheckResult {
-  allowed: boolean;
-  reason?: string;
-  matchedRole?: string;
+export interface PermissionCheckResult {
+    allowed: boolean;
+    reason?: string;
+    matchedRole?: string;
 }
 /**
  * Role with permissions.
  */
-interface RoleWithPermissions {
-  id: string;
-  name: string;
-  permissions: string[];
+export interface RoleWithPermissions {
+    id: string;
+    name: string;
+    permissions: string[];
 }
 /**
  * Policy binding for permission evaluation.
  */
-interface PolicyBindingForEval {
-  roleId: string;
-  role: RoleWithPermissions;
-  targetType: 'user' | 'organization';
-  targetId: string;
-  expiresAt?: Date | null;
+export interface PolicyBindingForEval {
+    roleId: string;
+    role: RoleWithPermissions;
+    targetType: 'user' | 'organization';
+    targetId: string;
+    expiresAt?: Date | null;
 }
 /**
  * RBAC Policy Engine for permission checks.
  */
-declare class RBACPolicyEngine {
-  private roleCache;
-  private bindingCache;
-  /**
-   * Check if a user has a specific permission.
-   */
-  checkPermission(input: PermissionCheckInput, bindings: PolicyBindingForEval[]): Promise<PermissionCheckResult>;
-  /**
-   * Get all permissions for a user in a context.
-   */
-  getPermissions(userId: string, orgId: string | undefined, bindings: PolicyBindingForEval[]): Promise<{
-    permissions: Set<string>;
-    roles: RoleWithPermissions[];
-  }>;
-  /**
-   * Check if user has any of the specified permissions.
-   */
-  hasAnyPermission(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
-  /**
-   * Check if user has all of the specified permissions.
-   */
-  hasAllPermissions(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
+export declare class RBACPolicyEngine {
+    private roleCache;
+    private bindingCache;
+    /**
+     * Check if a user has a specific permission.
+     */
+    checkPermission(input: PermissionCheckInput, bindings: PolicyBindingForEval[]): Promise<PermissionCheckResult>;
+    /**
+     * Get all permissions for a user in a context.
+     */
+    getPermissions(userId: string, orgId: string | undefined, bindings: PolicyBindingForEval[]): Promise<{
+        permissions: Set<string>;
+        roles: RoleWithPermissions[];
+    }>;
+    /**
+     * Check if user has any of the specified permissions.
+     */
+    hasAnyPermission(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
+    /**
+     * Check if user has all of the specified permissions.
+     */
+    hasAllPermissions(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
 }
 /**
  * Create a new RBAC policy engine instance.
  */
-declare function createRBACEngine(): RBACPolicyEngine;
-//#endregion
-export { Permission, PermissionCheckInput, PermissionCheckResult, PermissionKey, PolicyBindingForEval, RBACPolicyEngine, RoleWithPermissions, StandardRole, createRBACEngine };
+export declare function createRBACEngine(): RBACPolicyEngine;
 //# sourceMappingURL=engine.d.ts.map

package/dist/policies/engine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"engine.d.ts","names":[],"sources":["../../src/policies/engine.ts"],"mappings":";;AAGA;;cAAa,UAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoDD,aAAA,WAAwB,UAAA,eAAyB,UAAA;;AAA7D;;cAKa,YAAA;EAAA;;;;;;;;;;;;;;;;;;;;;;;;UAyDI,oBAAA;EACf,MAAA;EACA,KAAA;EACA,UAAA,EAAY,aAAA;AAAA;;;;UAMG,qBAAA;EACf,OAAA;EACA,MAAA;EACA,WAAA;AAAA;;;;UAMe,mBAAA;EACf,EAAA;EACA,IAAA;EACA,WAAA;AAAA;;;;UAMe,oBAAA;EACf,MAAA;EACA,IAAA,EAAM,mBAAA;EACN,UAAA;EACA,QAAA;EACA,SAAA,GAAY,IAAA;AAAA;;;;cAMD,gBAAA;EAAA,QACH,SAAA;EAAA,QACA,YAAA;EARR;;;EAaM,eAAA,CACJ,KAAA,EAAO,oBAAA,EACP,QAAA,EAAU,oBAAA,KACT,OAAA,CAAQ,qBAAA;EAVA;;;EA0DL,cAAA,CACJ,MAAA,UACA,KAAA,sBACA,QAAA,EAAU,oBAAA,KACT,OAAA;IACD,WAAA,EAAa,GAAA;IACb,KAAA,EAAO,mBAAA;EAAA;EAHG;;;EAyCN,gBAAA,CACJ,MAAA,UACA,KAAA,sBACA,WAAA,YACA,QAAA,EAAU,oBAAA,KACT,OAAA;EADS;;;EAcN,iBAAA,CACJ,MAAA,UACA,KAAA,sBACA,WAAA,YACA,QAAA,EAAU,oBAAA,KACT,OAAA;AAAA;;;;iBAcW,gBAAA,CAAA,GAAoB,gBAAA"}
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/policies/engine.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDb,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;CAoDf,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,aAAa,GAAG,MAAM,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,mBAAmB,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,cAAc,CAAC;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,SAAS,CAA0C;IAC3D,OAAO,CAAC,YAAY,CAA6C;IAEjE;;OAEG;IACG,eAAe,CACnB,KAAK,EAAE,oBAAoB,EAC3B,QAAQ,EAAE,oBAAoB,EAAE,GAC/B,OAAO,CAAC,qBAAqB,CAAC;IA6CjC;;OAEG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,QAAQ,EAAE,oBAAoB,EAAE,GAC/B,OAAO,CAAC;QACT,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;QACzB,KAAK,EAAE,mBAAmB,EAAE,CAAC;KAC9B,CAAC;IAkCF;;OAEG;IACG,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,WAAW,EAAE,MAAM,EAAE,EACrB,QAAQ,EAAE,oBAAoB,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC;IAUnB;;OAEG;IACG,iBAAiB,CACrB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,WAAW,EAAE,MAAM,EAAE,EACrB,QAAQ,EAAE,oBAAoB,EAAE,GAC/B,OAAO,CAAC,OAAO,CAAC;CASpB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,gBAAgB,CAEnD"}