@corvushold/guard-sdk 0.7.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +68 -68
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +91 -1
  4. package/dist/index.d.ts +91 -1
  5. package/dist/index.js +68 -68
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/errors.ts","../src/rateLimit.ts","../src/tokens.ts","../src/storage/inMemory.ts","../src/storage/webLocalStorage.ts","../src/storage/reactNative.ts","../src/http/interceptors.ts","../src/http/transport.ts","../package.json","../src/client.ts","../src/totp.ts"],"names":["ACCESS_KEY","REFRESH_KEY","ct"],"mappings":";;;AAEO,IAAM,QAAA,GAAN,cAAuB,KAAA,CAAM;AAAA,EAOlC,YAAY,MAAA,EAAsH;AAChI,IAAA,KAAA,CAAM,MAAA,CAAO,OAAA,IAAW,CAAA,KAAA,EAAQ,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AACZ,IAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA;AACrB,IAAA,IAAA,CAAK,OAAO,MAAA,CAAO,IAAA;AACnB,IAAA,IAAA,CAAK,YAAY,MAAA,CAAO,SAAA;AACxB,IAAA,IAAA,CAAK,MAAM,MAAA,CAAO,GAAA;AAClB,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AAAA,EACxB;AACF;AAEO,IAAM,cAAA,GAAN,cAA6B,QAAA,CAAS;AAAA,EAI3C,YAAY,MAAA,EAST;AACD,IAAA,KAAA,CAAM,MAAM,CAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,UAAA;AACzB,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,WAAA;AAAA,EAC5B;AACF;AAEO,SAAS,WAAW,CAAA,EAA2B;AACpD,EAAA,OAAO,CAAA,YAAa,QAAA;AACtB;AAEO,SAAS,iBAAiB,CAAA,EAAiC;AAChE,EAAA,OAAO,CAAA,YAAa,cAAA;AACtB;;;AC5CO,SAAS,gBAAgB,UAAA,EAAiF;AAC/G,EAAA,IAAI,CAAC,UAAA,EAAY,OAAO,EAAC;AACzB,EAAA,MAAM,OAAA,GAAU,WAAW,IAAA,EAAK;AAEhC,EAAA,MAAM,IAAA,GAAO,OAAO,OAAO,CAAA;AAC3B,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,EAAG;AACvB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,GAAO,CAAA,GAAI,IAAA,GAAO,QAAW,WAAA,EAAa,IAAA,GAAO,CAAA,GAAI,IAAI,KAAK,IAAA,CAAK,GAAA,KAAQ,IAAA,GAAO,GAAI,IAAI,MAAA,EAAU;AAAA,EACxH;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,OAAO,CAAA;AAC7B,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,CAAA,EAAG;AACjC,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AACrC,IAAA,MAAM,UAAU,EAAA,GAAK,CAAA,GAAI,KAAK,IAAA,CAAK,EAAA,GAAK,GAAI,CAAA,GAAI,MAAA;AAChD,IAAA,OAAO,EAAE,OAAA,EAAS,WAAA,EAAa,EAAA,GAAK,CAAA,GAAI,OAAO,MAAA,EAAU;AAAA,EAC3D;AACA,EAAA,OAAO,EAAC;AACV;AAEO,SAAS,aAAa,OAAA,EAA8B;AACzD,EAAA,MAAM,MAAkB,EAAC;AACzB,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,CAAA,EAAG,CAAA,KAAM;AACxB,IAAA,GAAA,CAAI,CAAC,CAAA,GAAI,CAAA;AAAA,EACX,CAAC,CAAA;AACD,EAAA,OAAO,GAAA;AACT;AAEO,SAAS,oBAAoB,IAAA,EAMjB;AACjB,EAAA,MAAM,EAAE,SAAS,WAAA,EAAY,GAAI,gBAAgB,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AAChF,EAAA,OAAO,IAAI,cAAA,CAAe;AAAA,IACxB,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,SAAS,IAAA,CAAK,OAAA;AAAA,IACd,WAAW,IAAA,CAAK,SAAA;AAAA,IAChB,OAAA,EAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAA,IAClC,UAAA,EAAY,OAAA;AAAA,IACZ,WAAA;AAAA,IACA,KAAK,IAAA,CAAK;AAAA,GACX,CAAA;AACH;;;ACjCO,IAAM,WAAA,GAA4B;AAAA,EACvC,gBAAgB,MAAM,IAAA;AAAA,EACtB,gBAAgB,MAAM;AAAA,EAAC,CAAA;AAAA,EACvB,iBAAiB,MAAM,IAAA;AAAA,EACvB,iBAAiB,MAAM;AAAA,EAAC,CAAA;AAAA,EACxB,OAAO,MAAM;AAAA,EAAC;AAChB;;;AChBO,IAAM,kBAAN,MAA8C;AAAA,EAA9C,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,WAAA,GAA6B,IAAA;AACrC,IAAA,IAAA,CAAQ,YAAA,GAA8B,IAAA;AAAA,EAAA;AAAA,EAEtC,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA,EACA,eAAe,KAAA,EAA4B;AACzC,IAAA,IAAA,CAAK,cAAc,KAAA,IAAS,IAAA;AAAA,EAC9B;AAAA,EACA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA,EACA,gBAAgB,KAAA,EAA4B;AAC1C,IAAA,IAAA,CAAK,eAAe,KAAA,IAAS,IAAA;AAAA,EAC/B;AAAA,EACA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AACnB,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,EACtB;AACF;;;ACpBA,IAAM,UAAA,GAAa,oBAAA;AACnB,IAAM,WAAA,GAAc,qBAAA;AAEpB,SAAS,SAAA,GAAqB;AAC5B,EAAA,OAAO,OAAO,MAAA,KAAW,WAAA,IAAe,OAAO,OAAO,YAAA,KAAiB,WAAA;AACzE;AAEO,IAAM,kBAAN,MAA8C;AAAA,EAGnD,WAAA,CAAY,SAAS,EAAA,EAAI;AACvB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,EACxC;AAAA,EAEQ,EAAE,GAAA,EAAqB;AAC7B,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,EAAG,GAAG,CAAA,CAAA;AAAA,EAC7B;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,IAAA;AACzB,IAAA,OAAO,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AAAA,EACvD;AAAA,EAEA,eAAe,KAAA,EAA4B;AACzC,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,IAAI,KAAA,IAAS,MAAM,MAAA,CAAO,YAAA,CAAa,WAAW,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AAAA,gBACxD,YAAA,CAAa,OAAA,CAAQ,KAAK,CAAA,CAAE,UAAU,GAAG,KAAK,CAAA;AAAA,EAC5D;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,IAAA;AACzB,IAAA,OAAO,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EACxD;AAAA,EAEA,gBAAgB,KAAA,EAA4B;AAC1C,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,IAAI,KAAA,IAAS,MAAM,MAAA,CAAO,YAAA,CAAa,WAAW,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,gBACzD,YAAA,CAAa,OAAA,CAAQ,KAAK,CAAA,CAAE,WAAW,GAAG,KAAK,CAAA;AAAA,EAC7D;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,MAAA,CAAO,YAAA,CAAa,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AACjD,IAAA,MAAA,CAAO,YAAA,CAAa,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EACpD;AACF;;;AC7CA,IAAMA,WAAAA,GAAa,oBAAA;AACnB,IAAMC,YAAAA,GAAc,qBAAA;AAQb,SAAS,yBAAA,CAA0B,YAAA,EAAgC,MAAA,GAAS,EAAA,EAAkB;AACnG,EAAA,MAAM,CAAA,GAAI,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,CAAA,GAAM,EAAA;AAClC,EAAA,MAAM,IAAI,CAAC,GAAA,KAAgB,CAAA,EAAG,CAAC,GAAG,GAAG,CAAA,CAAA;AAErC,EAAA,OAAO;AAAA,IACL,MAAM,cAAA,GAAiB;AACrB,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAED,WAAU,CAAC,CAAA;AAAA,IAC3C,CAAA;AAAA,IACA,MAAM,eAAe,KAAA,EAAsB;AACzC,MAAA,IAAI,SAAS,IAAA,EAAM,OAAO,aAAa,UAAA,CAAW,CAAA,CAAEA,WAAU,CAAC,CAAA;AAC/D,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEA,WAAU,GAAG,KAAK,CAAA;AAAA,IAClD,CAAA;AAAA,IACA,MAAM,eAAA,GAAkB;AACtB,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEC,YAAW,CAAC,CAAA;AAAA,IAC5C,CAAA;AAAA,IACA,MAAM,gBAAgB,KAAA,EAAsB;AAC1C,MAAA,IAAI,SAAS,IAAA,EAAM,OAAO,aAAa,UAAA,CAAW,CAAA,CAAEA,YAAW,CAAC,CAAA;AAChE,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEA,YAAW,GAAG,KAAK,CAAA;AAAA,IACnD,CAAA;AAAA,IACA,MAAM,KAAA,GAAQ;AACZ,MAAA,MAAM,YAAA,CAAa,UAAA,CAAW,CAAA,CAAED,WAAU,CAAC,CAAA;AAC3C,MAAA,MAAM,YAAA,CAAa,UAAA,CAAW,CAAA,CAAEC,YAAW,CAAC,CAAA;AAAA,IAC9C;AAAA,GACF;AACF;;;ACrBO,SAAS,wBAAA,CACd,KAAA,EACA,IAAA,EACA,YAAA,EAC8E;AAC9E,EAAA,IAAI,CAAC,gBAAgB,YAAA,CAAa,MAAA,KAAW,GAAG,OAAO,CAAC,OAAO,IAAI,CAAA;AACnE,EAAA,IAAI,QAAQ,OAAA,CAAQ,OAAA,CAA0C,CAAC,KAAA,EAAO,IAAI,CAAC,CAAA;AAC3E,EAAA,KAAA,MAAW,MAAM,YAAA,EAAc;AAC7B,IAAA,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,OAAA,CAAQ,OAAA,CAAQ,EAAA,CAAG,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,yBAAA,CACpB,UACA,YAAA,EACmB;AACnB,EAAA,IAAI,CAAC,YAAA,IAAgB,YAAA,CAAa,MAAA,KAAW,GAAG,OAAO,QAAA;AACvD,EAAA,IAAI,GAAA,GAAM,QAAA;AACV,EAAA,KAAA,MAAW,MAAM,YAAA,EAAc;AAI7B,IAAA,GAAA,GAAM,MAAM,OAAA,CAAQ,OAAA,CAAQ,EAAA,CAAG,GAAG,CAAC,CAAA;AAAA,EACrC;AACA,EAAA,OAAO,GAAA;AACT;;;AC1BO,IAAM,aAAN,MAAiB;AAAA,EAQtB,YAAY,IAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,IAAA,MAAM,KAAA,GAAS,IAAA,CAAK,SAAA,IAAc,UAAA,CAAW,KAAA;AAC7C,IAAA,IAAI,CAAC,KAAA,EAAO,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAE9F,IAAA,IAAA,CAAK,SAAA,IAAa,CAAC,KAAA,EAA0B,IAAA,KAAwB,MAAc,IAAA,CAAK,UAAA,EAAY,OAAO,IAAI,CAAA,CAAA;AAC/G,IAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,IAAA,IAAA,CAAK,YAAA,GAAe,KAAK,YAAA,IAAgB,QAAA;AACzC,IAAA,IAAA,CAAK,iBAAiB,EAAE,GAAI,IAAA,CAAK,cAAA,IAAkB,EAAC,EAAG;AACvD,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AAAA,EAC1B;AAAA,EAEQ,SAAS,IAAA,EAAsB;AACrC,IAAA,IAAI,eAAA,CAAgB,IAAA,CAAK,IAAI,CAAA,EAAG,OAAO,IAAA;AACvC,IAAA,IAAI,CAAC,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AAC1C,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,OAAA,CAAW,IAAA,EAAc,IAAA,GAAoB,EAAC,EAAgC;AAClF,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAE9B,IAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,cAAc,GAAG,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAChF,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,QAAQ,GAAG,OAAA,CAAQ,GAAA,CAAI,UAAU,kBAAkB,CAAA;AAEpE,IAAA,IAAI,KAAK,YAAA,IAAgB,CAAC,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA;AAAA,IACjD;AAEA,IAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAG;AACxD,MAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,CAAC,GAAG,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAA,GAAuB,EAAE,GAAG,IAAA,EAAM,OAAA,EAAQ;AAChD,IAAA,IAAI,EAAE,aAAA,IAAiB,OAAA,CAAA,IAAY,IAAA,CAAK,WAAA,EAAa;AACnD,MAAA,OAAA,CAAQ,cAAc,IAAA,CAAK,WAAA;AAAA,IAC7B;AACA,IAAA,MAAM,CAAC,QAAA,EAAU,SAAS,CAAA,GAAI,MAAM,yBAAyB,GAAA,EAAK,OAAA,EAAS,IAAA,CAAK,YAAA,EAAc,OAAc,CAAA;AAE5G,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,SAAS,CAAA;AACpD,IAAA,MAAM,OAAO,MAAM,yBAAA,CAA0B,GAAA,EAAK,IAAA,CAAK,cAAc,QAAQ,CAAA;AAE7E,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AACtD,IAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AAEpB,IAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,MAAA,IAAI,IAAA,GAAY,MAAA;AAChB,MAAA,IAAI;AACF,QAAA,MAAMC,GAAAA,GAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAIA,GAAAA,CAAG,SAAS,kBAAkB,CAAA,SAAU,MAAM,IAAA,CAAK,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,aAC/D,IAAA,GAAO,MAAM,IAAA,CAAK,KAAA,GAAQ,IAAA,EAAK;AAAA,MACtC,CAAA,CAAA,MAAQ;AAAA,MAAC;AAET,MAAA,IAAI,WAAW,GAAA,EAAK;AAClB,QAAA,MAAM,mBAAA,CAAoB,EAAE,MAAA,EAAQ,OAAA,EAAU,QAAQ,IAAA,CAAK,OAAA,IAAY,mBAAA,EAAqB,SAAA,EAAW,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,GAAA,EAAK,MAAM,CAAA;AAAA,MAC3I;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS;AAAA,QACjB,MAAA;AAAA,QACA,SAAU,IAAA,IAAQ,IAAA,CAAK,WAAY,IAAA,CAAK,UAAA,IAAc,QAAQ,MAAM,CAAA,CAAA;AAAA,QACpE,MAAM,IAAA,IAAQ,IAAA,CAAK,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAAA,QAC9C,SAAA;AAAA,QACA,OAAA,EAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAA,QAClC,GAAA,EAAK;AAAA,OACN,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,IAAA,GAAY,MAAA;AAChB,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAC/C,IAAA,IAAI,WAAW,GAAA,EAAK;AAClB,MAAA,IAAI,GAAG,QAAA,CAAS,kBAAkB,GAAG,IAAA,GAAO,MAAM,KAAK,IAAA,EAAK;AAAA,WACvD,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,EAAK;AAAA,IAC9B;AAEA,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,IAAA,EAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,SAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAE,KACjE;AAAA,EACF;AAAA;AAAA;AAAA,EAIA,MAAM,UAAA,CAAW,IAAA,EAAc,IAAA,GAAoB,EAAC,EAAsB;AACxE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAE9B,IAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,cAAc,GAAG,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAChF,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,QAAQ,GAAG,OAAA,CAAQ,GAAA,CAAI,UAAU,kBAAkB,CAAA;AAEpE,IAAA,IAAI,KAAK,YAAA,IAAgB,CAAC,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA;AAAA,IACjD;AAEA,IAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAG;AACxD,MAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,CAAC,GAAG,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAA,GAAuB,EAAE,GAAG,IAAA,EAAM,OAAA,EAAQ;AAChD,IAAA,IAAI,EAAE,aAAA,IAAiB,OAAA,CAAA,IAAY,IAAA,CAAK,WAAA,EAAa;AACnD,MAAA,OAAA,CAAQ,cAAc,IAAA,CAAK,WAAA;AAAA,IAC7B;AACA,IAAA,MAAM,CAAC,QAAA,EAAU,SAAS,CAAA,GAAI,MAAM,yBAAyB,GAAA,EAAK,OAAA,EAAS,IAAA,CAAK,YAAA,EAAc,OAAc,CAAA;AAE5G,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,SAAS,CAAA;AACpD,IAAA,MAAM,OAAO,MAAM,yBAAA,CAA0B,GAAA,EAAK,IAAA,CAAK,cAAc,QAAQ,CAAA;AAC7E,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;ACnIA,IAAA,eAAA,GAAA;AAAA,EAEE,OAAA,EAAW,OA2Eb,CAAA;;;ACzBO,SAAS,0BAA0B,IAAA,EAAoD;AAC5F,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,IACJ,CAAA,CAAE,KAAA,KAAU,2BAAA,IACZ,OAAO,CAAA,CAAE,OAAA,KAAY,QAAA,IACrB,KAAA,CAAM,OAAA,CAAQ,EAAE,OAAO,CAAA;AAC9B;AAQO,SAAS,aAAa,IAAA,EAAmC;AAC9D,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,KAAM,OAAO,EAAE,YAAA,KAAiB,QAAA,IAAY,OAAO,CAAA,CAAE,aAAA,KAAkB,QAAA,CAAA;AAClF;AAEO,SAAS,mBAAmB,IAAA,EAAyC;AAC1E,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,IAAK,OAAO,EAAE,eAAA,KAAoB,QAAA;AAC7C;AA6SO,IAAM,cAAN,MAAkB;AAAA,EAMvB,YAAY,IAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA,CAAK,OAAA,IAAW,IAAI,eAAA,EAAgB;AAEnD,IAAA,MAAM,IAAA,GAAO,KAAK,QAAA,IAAY,QAAA;AAC9B,IAAA,MAAM,qBAAA,GAA4C,OAAO,KAAA,EAA0B,IAAA,KAAsB;AACvG,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAC9C,MAAA,IAAI,SAAS,QAAA,EAAU;AAErB,QAAA,MAAM,QAAQ,MAAM,OAAA,CAAQ,QAAQ,IAAA,CAAK,OAAA,CAAQ,gBAAgB,CAAA;AACjE,QAAA,IAAI,KAAA,IAAS,CAAC,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,EAAG;AAC1C,UAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,QAChD;AAAA,MACF,CAAA,MAAA,IAAW,SAAS,QAAA,EAAU;AAE5B,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAe,QAAQ,CAAA;AAAA,MACrC;AACA,MAAA,OAAO,CAAC,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,IACrC,CAAA;AAEA,IAAA,MAAM,iBAAiB,EAAE,GAAI,IAAA,CAAK,cAAA,IAAkB,EAAC,EAAG;AAGxD,IAAA,MAAM,YAAA,GAAe,CAAA,OAAA,EAAW,eAAA,CAAY,OAAkB,CAAA,CAAA;AAG9D,IAAA,IAAI,cAAA,GAAiD,MAAA;AACrD,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,cAAA,GAAiB,SAAA;AAAA,IACnB;AAEA,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,UAAA,CAAW;AAAA,MACzB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,YAAA;AAAA,MACA,cAAA;AAAA,MACA,YAAA,EAAc,EAAE,OAAA,EAAS,CAAC,qBAAqB,CAAA,EAAE;AAAA,MACjD,WAAA,EAAa;AAAA,KACM,CAAA;AAAA,EACvB;AAAA;AAAA,EAGA,MAAgB,OAAA,CAAW,IAAA,EAAc,IAAA,EAAgD;AACvF,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,OAAA,CAAW,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA,EAEQ,kBAAkB,IAAA,EAAqB;AAC7C,IAAA,IAAI;AACF,MAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,QAAA,MAAM,MAAA,GAAS,KAAK,YAAA,IAAgB,IAAA;AACpC,QAAA,MAAM,OAAA,GAAU,KAAK,aAAA,IAAiB,IAAA;AACtC,QAAA,IAAI,WAAW,KAAA,CAAA,EAAW;AAExB,UAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,cAAA,CAAe,MAAM,CAAA;AAAA,QACzC;AACA,QAAA,IAAI,YAAY,KAAA,CAAA,EAAW;AACzB,UAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA;AAAA,QAC3C;AAAA,MACF;AAAA,IACF,SAAS,CAAA,EAAG;AAAA,IAEZ;AAAA,EACF;AAAA,EAEQ,WAAW,MAAA,EAA8E;AAC/F,IAAA,MAAM,GAAA,GAAM,IAAI,eAAA,EAAgB;AAChC,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,EAAG;AAC3C,MAAA,IAAI,CAAA,KAAM,MAAA,IAAa,CAAA,KAAM,IAAA,EAAM;AACnC,MAAA,GAAA,CAAI,GAAA,CAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IACtB;AACA,IAAA,MAAM,EAAA,GAAK,IAAI,QAAA,EAAS;AACxB,IAAA,OAAO,EAAA,GAAK,CAAA,CAAA,EAAI,EAAE,CAAA,CAAA,GAAK,EAAA;AAAA,EACzB;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAAmF;AACrG,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAuC,yBAAA,EAA2B;AAAA,MACvF,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAAiE;AACpF,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,0BAAA,EAA4B;AAAA,MACrE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AACD,IAAA,IAAI,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,EAAK,IAAA,CAAK,iBAAA,CAAkB,GAAA,CAAI,IAAI,CAAA;AACvF,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,UAAU,IAAA,EAA0D;AACxE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,qBAAA,EAAuB;AAAA,MAChE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,QAAQ,IAAA,EAAkE;AAC9E,IAAA,IAAI,YAAA,GAAe,MAAM,aAAA,IAAiB,IAAA;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc,YAAA,GAAgB,MAAM,OAAA,CAAQ,QAAQ,IAAA,CAAK,OAAA,CAAQ,eAAA,EAAiB,CAAA,IAAM,IAAA;AAC7F,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,kBAAA,EAAoB;AAAA,MAC7D,MAAA,EAAQ,MAAA;AAAA,MACR,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,aAAA,EAAe,cAAc;AAAA,KACrD,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,OAAO,IAAA,EAA6E;AACxF,IAAA,MAAM,CAAA,GAAI,QAAQ,EAAC;AACnB,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAiB,iBAAA,EAAmB;AAAA,MACzD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,CAAC;AAAA,KACvB,CAAA;AACD,IAAA,IAAI,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,EAAK;AAE3B,MAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,eAAA,CAAgB,IAAI,CAAA;AAAA,IACxC;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,EAAA,GAA4C;AAChD,IAAA,OAAO,KAAK,OAAA,CAAqB,aAAA,EAAe,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACnE;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAOhB;AACF,IAAA,MAAM,UAAkC,EAAC;AACzC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACnC,IAAA,IAAI,GAAA,EAAK,OAAA,CAAQ,aAAa,CAAA,GAAI,OAAO,GAAG,CAAA;AAC5C,IAAA,OAAO,IAAA,CAAK,QAAQ,CAAA,uBAAA,CAAA,EAA2B;AAAA,MAC7C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA;AAAA,MACA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,IAAA,CAAK,OAAO;AAAA,KAC3C,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAA,EAA6F;AACjH,IAAA,MAAM,GAAA,GAAM,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW,EAAE,OAAO,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,GAAA,EAAK,CAAA;AACnE,IAAA,OAAO,IAAA,CAAK,QAA0B,CAAA,sBAAA,EAAyB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,YAAA,GAAkF;AACtF,IAAA,OAAO,KAAK,OAAA,CAAiD,yBAAA,EAA2B,EAAE,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAC5G;AAAA,EAEA,MAAM,gBAAgB,IAAA,EAA2D;AAC/E,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,4BAAA,EAA8B,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG,CAAA;AAAA,EAC3G;AAAA,EAEA,MAAM,cAAA,GAAoD;AACxD,IAAA,OAAO,KAAK,OAAA,CAAiB,2BAAA,EAA6B,EAAE,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAC9E;AAAA,EAEA,MAAM,sBAAA,CAAuB,IAAA,GAA2B,EAAC,EAAkD;AACzG,IAAA,OAAO,KAAK,OAAA,CAA6B,8BAAA,EAAgC,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,IAAA,CAAK,KAAA,IAAS,CAAA,EAAG,GAAG,CAAA;AAAA,EAC/I;AAAA,EAEA,MAAM,mBAAA,GAAmE;AACvE,IAAA,OAAO,KAAK,OAAA,CAA2B,2BAAA,EAA6B,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACvF;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAA,EAA0E;AAC9F,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,KAAA,EAAO,MAAA,CAAO,OAAO,CAAA;AAClD,IAAA,OAAO,IAAA,CAAK,QAA6B,CAAA,gBAAA,EAAmB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACrF;AAAA;AAAA,EAGA,MAAM,aAAa,IAAA,EAA+I;AAChK,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,CAAA,QAAA,CAAA,EAAY,EAAE,QAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,GAAG,CAAA;AAAA,EAC/F;AAAA;AAAA,EAGA,MAAM,UAAU,EAAA,EAAgI;AAC9I,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,CAAA,SAAA,EAAY,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EAC7E;AAAA;AAAA,EAGA,MAAM,WAAA,CAAY,MAAA,GAAuF,EAAC,EAA8M;AACtT,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,GAAG,MAAA,CAAO,CAAA;AAAA,MACV,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA,KAAW,YAAa,MAAA,CAAO,MAAA,GAAS,CAAA,GAAI,CAAA,GAAK,MAAA,CAAO;AAAA,KAC/E,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,QAAQ,CAAA,QAAA,EAAW,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACxD;AAAA;AAAA,EAGA,MAAM,WAAW,IAAA,EAAoE;AACnF,IAAA,OAAO,IAAA,CAAK,QAAuB,qBAAA,EAAuB;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAA,IAAQ,EAAE;AAAA,KAChC,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAU,IAAA,EAAuD;AACrE,IAAA,OAAO,IAAA,CAAK,QAAiB,qBAAA,EAAuB;AAAA,MAClD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,WAAA,CAAY,MAAA,GAA6B,IAAI,IAAA,EAA6D;AAC9G,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA;AACjC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,CAAA,qBAAA,EAAwB,EAAE,CAAA,CAAA,EAAI;AAAA,MACvE,MAAA,EAAQ,KAAA;AAAA;AAAA,MAER,GAAI,OAAO,EAAE,IAAA,EAAM,KAAK,SAAA,CAAU,IAAI,CAAA,EAAE,GAAI;AAAC,KAC9C,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,qBAAqB,IAAA,EAAgF;AACzG,IAAA,OAAO,IAAA,CAAK,QAAiB,iCAAA,EAAmC;AAAA,MAC9D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,qBAAqB,IAAA,EAAsG;AAC/H,IAAA,OAAO,IAAA,CAAK,QAAiB,iCAAA,EAAmC;AAAA,MAC9D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6F;AAChH,IAAA,OAAO,IAAA,CAAK,QAAiB,0BAAA,EAA4B;AAAA,MACvD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAAsF;AACxG,IAAA,OAAO,IAAA,CAAK,QAAiB,kBAAA,EAAoB;AAAA,MAC/C,MAAA,EAAQ,OAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,SAAA,CAAU,MAAA,GAAiC,EAAC,EAA6C;AAC7F,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAwB,CAAA,oBAAA,EAAuB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,eAAA,CAAgB,EAAA,EAAY,IAAA,EAAsF;AACtH,IAAA,MAAM,UAAe,EAAC;AACtB,IAAA,IAAI,OAAO,IAAA,EAAM,UAAA,KAAe,QAAA,EAAU,OAAA,CAAQ,aAAa,IAAA,CAAK,UAAA;AACpE,IAAA,IAAI,OAAO,IAAA,EAAM,SAAA,KAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,IAAA,CAAK,SAAA;AAClE,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MAC7E,MAAA,EAAQ,OAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO;AAAA,KAC7B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAU,EAAA,EAA+C;AAC7D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EACzG;AAAA;AAAA,EAGA,MAAM,YAAY,EAAA,EAA+C;AAC/D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAC3G;AAAA;AAAA,EAGA,MAAM,gBAAgB,EAAA,EAA+C;AACnE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,aAAA,CAAA,EAAiB,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAChH;AAAA;AAAA,EAGA,MAAM,kBAAkB,EAAA,EAA+C;AACrE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,eAAA,CAAA,EAAmB,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAClH;AAAA;AAAA,EAGA,MAAM,YAAA,CAAa,OAAA,GAAoC,EAAC,EAA+C;AACrG,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAA0B,mBAAA,EAAqB,EAAE,MAAA,EAAQ,KAAA,EAAO,KAAA,EAAO,UAAA,EAAmB,CAAA;AACjH,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,IAAU,OAAO,GAAA,CAAI,IAAA,CAAK,SAAS,GAAA,EAAK;AACnD,MAAA,MAAM,UAAA,GAAa,CAAC,CAAC,OAAA,CAAQ,UAAA;AAC7B,MAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA,GAAI,GAAA,CAAI,IAAA,CAAK,QAAA,GAAW,EAAC;AAC1E,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,MAAA,CAAO,CAAC,CAAA,KAAmB;AACjD,UAAA,MAAM,OAAA,GAAU,CAAC,CAAC,CAAA,CAAE,OAAA;AACpB,UAAA,MAAM,QAAQ,CAAA,CAAE,UAAA,GAAa,KAAK,KAAA,CAAM,CAAA,CAAE,UAAU,CAAA,GAAI,CAAA;AACxD,UAAA,OAAO,CAAC,WAAW,KAAA,GAAQ,GAAA;AAAA,QAC7B,CAAC,CAAA;AACD,QAAA,OAAO,EAAE,MAAM,EAAE,QAAA,EAAU,QAAO,EAAG,IAAA,EAAM,IAAI,IAAA,EAAK;AAAA,MACtD;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,cAAc,EAAA,EAA+C;AACjE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,EAAE,CAAC,CAAA,OAAA,CAAA,EAAW,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EACvG;AAAA;AAAA,EAGA,MAAM,kBAAkB,QAAA,EAAqE;AAC3F,IAAA,MAAM,EAAA,GAAK,YAAY,IAAA,CAAK,QAAA;AAC5B,IAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAC/C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAgC,CAAA,YAAA,EAAe,kBAAA,CAAmB,EAAE,CAAC,CAAA,SAAA,CAAA,EAAa,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACjH;AAAA;AAAA,EAGA,MAAM,oBAAA,CAAqB,QAAA,EAAkB,QAAA,EAAuE;AAClH,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,YAAA,EAAe,kBAAA,CAAmB,QAAQ,CAAC,CAAA,SAAA,CAAA,EAAa;AAAA,MACnF,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,IAAY,EAAE;AAAA,KACpC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,QAAA,CAAS,YAAA,EAA2B,MAAA,GAKtC,EAAC,EAAuD;AAC1D,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,qEAAqE,CAAA;AAElG,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,aAAa,MAAA,CAAO;AAAA,KACrB,CAAA;AAGD,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,UAAA;AAAA,MAC1B,CAAA,YAAA,EAAe,mBAAmB,MAAM,CAAC,IAAI,kBAAA,CAAmB,YAAY,CAAC,CAAA,MAAA,EAAS,EAAE,CAAA,CAAA;AAAA,MACxF,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAA,EAAU,QAAA;AAAS,KACtC;AACA,IAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACtC,IAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AAGrD,IAAA,IAAI,GAAA,CAAI,UAAU,GAAA,EAAK;AACrB,MAAA,IAAI,QAAA,GAAW,CAAA,6BAAA,EAAgC,GAAA,CAAI,MAAM,CAAA,CAAA;AACzD,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,QAAA,IAAI,IAAA,EAAM,KAAA,EAAO,QAAA,IAAY,CAAA,EAAA,EAAK,KAAK,KAAK,CAAA,CAAA;AAAA,MAC9C,CAAA,CAAA,MAAQ;AAAA,MAA4B;AACpC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA,EAAG,YAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAE,CAAA,CAAE,CAAA;AAAA,IAC7E;AAEA,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,MAAM,EAAE,CAAA;AAAA,OACxF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,EAAE,YAAA,EAAc,GAAA,EAAI;AAAA,MAC1B,IAAA,EAAM,EAAE,MAAA,EAAQ,GAAA,CAAI,MAAA,EAAQ,WAAW,OAAA,EAAS,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAAE,KAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,iBAAA,CAAkB,YAAA,EAA2B,MAAA,EAIV;AACvC,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAErE,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,EAAE,IAAA,EAAM,OAAO,IAAA,EAAM,KAAA,EAAO,MAAA,CAAO,KAAA,EAAO,CAAA;AACrE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA;AAAA,MACrB,CAAA,YAAA,EAAe,mBAAmB,MAAM,CAAC,IAAI,kBAAA,CAAmB,YAAY,CAAC,CAAA,SAAA,EAAY,EAAE,CAAA,CAAA;AAAA,MAC3F,EAAE,QAAQ,KAAA;AAAM,KAClB;AACA,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,uBAAuB,GAAA,EAAgC;AACrD,IAAA,IAAI;AAEF,MAAA,IAAI,YAAA;AACJ,MAAA,IAAI,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,EAAG;AAEvB,QAAA,YAAA,GAAe,IAAI,eAAA,CAAgB,GAAA,CAAI,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,MACrD,CAAA,MAAA,IAAW,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAE/E,QAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,WAAW,GAAG,CAAA;AAC3D,QAAA,MAAM,SAAS,IAAI,GAAA,CAAI,YAAY,CAAA,QAAA,EAAW,GAAG,KAAK,GAAG,CAAA;AAEzD,QAAA,YAAA,GAAe,MAAA,CAAO,IAAA,GAClB,IAAI,eAAA,CAAgB,MAAA,CAAO,KAAK,SAAA,CAAU,CAAC,CAAC,CAAA,GAC5C,MAAA,CAAO,YAAA;AAAA,MACb,CAAA,MAAO;AACL,QAAA,YAAA,GAAe,IAAI,gBAAgB,GAAG,CAAA;AAAA,MACxC;AAEA,MAAA,MAAM,WAAA,GAAc,YAAA,CAAa,GAAA,CAAI,cAAc,CAAA;AACnD,MAAA,MAAM,YAAA,GAAe,YAAA,CAAa,GAAA,CAAI,eAAe,CAAA;AAGrD,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,MAAA,GAAqB;AAAA,QACzB,YAAA,EAAc,WAAA;AAAA,QACd,eAAe,YAAA,IAAgB,KAAA;AAAA,OACjC;AACA,MAAA,IAAA,CAAK,kBAAkB,MAAM,CAAA;AAC7B,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,4BAAA,CAA6B,QAAA,EAAuB,MAAA,EAIjB;AACvC,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,IAAI,CAAC,MAAA,EAAQ,eAAA,EAAiB,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAC3E,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,SAAA,EAAW,MAAA;AAAA,MACX,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,QAAQ,MAAA,CAAO;AAAA,KAChB,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAoB,CAAA,aAAA,EAAgB,QAAQ,CAAA,YAAA,EAAe,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EAChG;AAAA;AAAA,EAGA,MAAM,iBAAiB,KAAA,EAA+D;AACpF,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AACA,IAAA,OAAO,IAAA,CAAK,QAA8B,wBAAA,EAA0B;AAAA,MAClE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO;AAAA,KAC/B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,kBAAkB,KAAA,EAA0D;AAChF,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AACA,IAAA,MAAM,OAAA,GAAkC,EAAE,gBAAA,EAAkB,KAAA,EAAM;AAClE,IAAA,OAAO,IAAA,CAAK,QAAyB,yBAAA,EAA2B;AAAA,MAC9D,MAAA,EAAQ,KAAA;AAAA,MACR;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,qBAAqB,KAAA,EAA0C;AACnE,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,KAAK,CAAA;AACpD,IAAA,IAAI,WAAW,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,CAAC,WAAW,IAAA,EAAM;AACtD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,mBAAA,CAAoB,UAAA,CAAW,IAAI,CAAA;AAC5D,MAAA,MAAM,SAAA,GAAY,WAAW,IAAA,CAAK,SAAA;AAClC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAA,CAAK,MAAM,CAAA,CAAA,IAC1D,WAAA,GAAc,CAAA,EAAA,EAAK,WAAW,CAAA,CAAA,GAAK,EAAA,CAAA,IACnC,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,OAC5C;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AACtD,IAAA,IAAI,YAAY,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,CAAC,YAAY,IAAA,EAAM;AACxD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,mBAAA,CAAoB,WAAA,CAAY,IAAI,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,YAAY,IAAA,CAAK,SAAA;AACnC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,mCAAA,EAAsC,WAAA,CAAY,IAAA,CAAK,MAAM,CAAA,CAAA,IAC5D,WAAA,GAAc,CAAA,EAAA,EAAK,WAAW,CAAA,CAAA,GAAK,EAAA,CAAA,IACnC,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,OAC5C;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAS,UAAA,CAAW,IAAA,EAAM,QAAA,EAAU,YAAY,IAAA,EAAK;AAAA,EAChE;AAAA;AAAA,EAGQ,oBAAoB,IAAA,EAA8B;AACxD,IAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,UAAU,OAAO,IAAA;AAC9C,IAAA,MAAM,GAAA,GAAM,IAAA;AAEZ,IAAA,IAAI,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,SAAiB,GAAA,CAAI,KAAA;AAC9C,IAAA,IAAI,OAAO,GAAA,CAAI,OAAA,KAAY,QAAA,SAAiB,GAAA,CAAI,OAAA;AAChD,IAAA,IAAI,OAAO,GAAA,CAAI,WAAA,KAAgB,QAAA,SAAiB,GAAA,CAAI,WAAA;AACpD,IAAA,IAAI,OAAO,GAAA,CAAI,MAAA,KAAW,QAAA,SAAiB,GAAA,CAAI,MAAA;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAA,CAAiB,MAAA,GAAiC,EAAC,EAAmD;AAC1G,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAA8B,CAAA,iBAAA,EAAoB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACvF;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAuE;AAC7F,IAAA,OAAO,IAAA,CAAK,QAAyB,mBAAA,EAAqB;AAAA,MACxD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,eAAe,EAAA,EAAuD;AAC1E,IAAA,OAAO,KAAK,OAAA,CAAyB,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MAClF,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,EAAA,EAAY,IAAA,EAAuE;AACzG,IAAA,OAAO,KAAK,OAAA,CAAyB,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MAClF,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,kBAAkB,EAAA,EAA+C;AACrE,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MAC1E,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,gBAAgB,EAAA,EAA2D;AAC/E,IAAA,OAAO,KAAK,OAAA,CAA6B,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,EAAE,CAAC,CAAA,KAAA,CAAA,EAAS;AAAA,MAC3F,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,YAAA,CAAa,IAAA,EAAc,QAAA,EAA4D;AAC3F,IAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAC7C,IAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,QAAA;AAChC,IAAA,MAAM,MAAA,GAAiC,EAAE,IAAA,EAAK;AAC9C,IAAA,IAAI,MAAA,SAAe,SAAA,GAAY,MAAA;AAC/B,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA;AACjC,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,eAAA,EAAkB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC9E;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,mBAAA,GAAqE;AACzE,IAAA,OAAO,KAAK,OAAA,CAA6B,iCAAA,EAAmC,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/F;AAAA;AAAA,EAGA,MAAM,aAAA,CAAc,MAAA,GAAiC,EAAC,EAA4C;AAChG,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,yBAAA,EAA4B,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6G;AAChI,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAA6B,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAO,IAAA,CAAa,IAAA,EAAM,WAAA,EAAc,IAAA,CAAa,WAAA,EAAY;AACzH,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,2BAAA,EAA6B,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EAClH;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,IAAA,EAA6G;AAC5I,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAA6B,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAO,IAAA,CAAa,IAAA,EAAM,WAAA,EAAc,IAAA,CAAa,WAAA,EAAY;AACzH,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,SAAS,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EAC7I;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,MAAA,GAAiC,EAAC,EAAsC;AACvG,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,EAAE,CAAC,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAAA,EAC/G;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,MAAA,EAAgB,MAAA,GAAiC,EAAC,EAAgD;AACxH,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAA2B,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,EAAS,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EAChI;AAAA;AAAA,EAGA,MAAM,eAAA,CAAgB,MAAA,EAAgB,IAAA,EAA4G;AAChJ,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,UAAiC,EAAE,SAAA,EAAW,MAAA,EAAQ,OAAA,EAAU,KAAa,OAAA,EAAQ;AAC3F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACjJ;AAAA;AAAA,EAGA,MAAM,kBAAA,CAAmB,MAAA,EAAgB,IAAA,EAA4G;AACnJ,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,UAAiC,EAAE,SAAA,EAAW,MAAA,EAAQ,OAAA,EAAU,KAAa,OAAA,EAAQ;AAC3F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACnJ;AAAA;AAAA,EAGA,MAAM,wBAAA,CAAyB,MAAA,EAAgB,IAAA,EAAgE;AAC7G,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,YAAA,CAAA,EAAgB,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,GAAG,CAAA;AAAA,EACpJ;AAAA;AAAA,EAGA,MAAM,wBAAA,CAAyB,MAAA,EAAgB,IAAA,EAAgE;AAC7G,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,YAAA,CAAA,EAAgB,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,GAAG,CAAA;AAAA,EACtJ;AAAA;AAAA,EAGA,MAAM,0BAAA,CAA2B,MAAA,EAAgB,MAAA,EAAuF;AACtI,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAqC,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,MAAM,CAAC,CAAA,oBAAA,EAAuB,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACxJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,MAAA,EAAyE;AAC3F,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,yBAAA,EAA4B,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6G;AAChI,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,KAAK,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,WAAA,IAAe,IAAA,EAAK;AAC7F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAkB,CAAA,yBAAA,CAAA,EAA6B,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EAC9G;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,MAAA,EAAmE;AAClG,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,EAAE,CAAC,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAAA,EAC/G;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,OAAA,EAAiB,IAAA,EAA8D;AACrG,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AACxC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,OAAO,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EAClJ;AAAA;AAAA,EAGF,MAAM,oBAAA,CAAqB,OAAA,EAAiB,IAAA,EAA8D;AACxG,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AACxC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,0BAAA,EAA6B,kBAAA,CAAmB,OAAO,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACtJ;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAmN;AACzO,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,WAAW,MAAA,EAAO;AAC7C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAqB,CAAA,6BAAA,CAAA,EAAiC,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EACrH;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAmL;AACzM,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,WAAW,MAAA,EAAO;AAC7C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,6BAAA,CAAA,EAAiC,EAAE,MAAA,EAAQ,QAAA,EAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EACnH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,iBAAA,GAAkE;AACtE,IAAA,OAAO,KAAK,OAAA,CAA4B,yCAAA,EAA2C,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,aAAa,QAAA,CAAS,OAAA,EAAiB,SAAA,EAAoD;AACzF,IAAA,MAAM,KAAA,GAAQ,SAAA,KAAc,OAAO,MAAA,KAAW,WAAA,GAAc,OAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,GAAI,UAAA,CAAW,KAAA,CAAA;AACnG,IAAA,MAAM,GAAA,GAAM,GAAG,OAAO,CAAA,uCAAA,CAAA;AACtB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEnD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,MAAM,CAAA,kBAAA,EAAqB,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IAC/E;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AACF;AC1qCO,SAAS,iBAAiB,YAAA,EAA8B;AAC7D,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,QAAA,EAAU;AACrD,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AACA,EAAA,OAAO,aAAA,CAAc,SAAS,YAAY,CAAA;AAC5C","file":"index.js","sourcesContent":["import type { HeadersMap } from './types';\n\nexport class ApiError extends Error {\n readonly status: number;\n readonly code?: string;\n readonly requestId?: string;\n readonly raw?: unknown;\n readonly headers?: HeadersMap;\n\n constructor(params: { status: number; message?: string; code?: string; requestId?: string; raw?: unknown; headers?: HeadersMap }) {\n super(params.message || `HTTP ${params.status}`);\n this.name = 'ApiError';\n this.status = params.status;\n this.code = params.code;\n this.requestId = params.requestId;\n this.raw = params.raw;\n this.headers = params.headers;\n }\n}\n\nexport class RateLimitError extends ApiError {\n readonly retryAfter?: number; // seconds\n readonly nextRetryAt?: Date;\n\n constructor(params: {\n status: number;\n message?: string;\n code?: string;\n requestId?: string;\n raw?: unknown;\n headers?: HeadersMap;\n retryAfter?: number;\n nextRetryAt?: Date;\n }) {\n super(params);\n this.name = 'RateLimitError';\n this.retryAfter = params.retryAfter;\n this.nextRetryAt = params.nextRetryAt;\n }\n}\n\nexport function isApiError(e: unknown): e is ApiError {\n return e instanceof ApiError;\n}\n\nexport function isRateLimitError(e: unknown): e is RateLimitError {\n return e instanceof RateLimitError;\n}\n","import { RateLimitError } from './errors';\nimport type { HeadersMap } from './types';\n\nexport function parseRetryAfter(retryAfter: string | null | undefined): { seconds?: number; nextRetryAt?: Date } {\n if (!retryAfter) return {};\n const trimmed = retryAfter.trim();\n // Retry-After can be either seconds or HTTP date\n const secs = Number(trimmed);\n if (!Number.isNaN(secs)) {\n return { seconds: secs > 0 ? secs : undefined, nextRetryAt: secs > 0 ? new Date(Date.now() + secs * 1000) : undefined };\n }\n const date = new Date(trimmed);\n if (!Number.isNaN(date.getTime())) {\n const ms = date.getTime() - Date.now();\n const seconds = ms > 0 ? Math.ceil(ms / 1000) : undefined;\n return { seconds, nextRetryAt: ms > 0 ? date : undefined };\n }\n return {};\n}\n\nexport function toHeadersMap(headers: Headers): HeadersMap {\n const obj: HeadersMap = {};\n headers.forEach((v, k) => {\n obj[k] = v;\n });\n return obj;\n}\n\nexport function buildRateLimitError(args: {\n status: number;\n message?: string;\n requestId?: string;\n headers: Headers;\n raw?: unknown;\n}): RateLimitError {\n const { seconds, nextRetryAt } = parseRetryAfter(args.headers.get('retry-after'));\n return new RateLimitError({\n status: args.status,\n message: args.message,\n requestId: args.requestId,\n headers: toHeadersMap(args.headers),\n retryAfter: seconds,\n nextRetryAt,\n raw: args.raw,\n });\n}\n","export interface TokenStorage {\n getAccessToken(): Promise<string | null> | string | null;\n setAccessToken(token: string | null): Promise<void> | void;\n getRefreshToken(): Promise<string | null> | string | null;\n setRefreshToken(token: string | null): Promise<void> | void;\n clear(): Promise<void> | void;\n}\n\nexport interface TokenProvider {\n getAccessToken(): Promise<string | null> | string | null;\n}\n\nexport const noopStorage: TokenStorage = {\n getAccessToken: () => null,\n setAccessToken: () => {},\n getRefreshToken: () => null,\n setRefreshToken: () => {},\n clear: () => {},\n};\n","import type { TokenStorage } from '../tokens';\n\nexport class InMemoryStorage implements TokenStorage {\n private accessToken: string | null = null;\n private refreshToken: string | null = null;\n\n getAccessToken(): string | null {\n return this.accessToken;\n }\n setAccessToken(token: string | null): void {\n this.accessToken = token ?? null;\n }\n getRefreshToken(): string | null {\n return this.refreshToken;\n }\n setRefreshToken(token: string | null): void {\n this.refreshToken = token ?? null;\n }\n clear(): void {\n this.accessToken = null;\n this.refreshToken = null;\n }\n}\n","import type { TokenStorage } from '../tokens';\n\nconst ACCESS_KEY = 'guard_access_token';\nconst REFRESH_KEY = 'guard_refresh_token';\n\nfunction isBrowser(): boolean {\n return typeof window !== 'undefined' && typeof window.localStorage !== 'undefined';\n}\n\nexport class WebLocalStorage implements TokenStorage {\n private readonly prefix: string;\n\n constructor(prefix = '') {\n this.prefix = prefix ? `${prefix}:` : '';\n }\n\n private k(key: string): string {\n return `${this.prefix}${key}`;\n }\n\n getAccessToken(): string | null {\n if (!isBrowser()) return null;\n return window.localStorage.getItem(this.k(ACCESS_KEY));\n }\n\n setAccessToken(token: string | null): void {\n if (!isBrowser()) return;\n if (token == null) window.localStorage.removeItem(this.k(ACCESS_KEY));\n else window.localStorage.setItem(this.k(ACCESS_KEY), token);\n }\n\n getRefreshToken(): string | null {\n if (!isBrowser()) return null;\n return window.localStorage.getItem(this.k(REFRESH_KEY));\n }\n\n setRefreshToken(token: string | null): void {\n if (!isBrowser()) return;\n if (token == null) window.localStorage.removeItem(this.k(REFRESH_KEY));\n else window.localStorage.setItem(this.k(REFRESH_KEY), token);\n }\n\n clear(): void {\n if (!isBrowser()) return;\n window.localStorage.removeItem(this.k(ACCESS_KEY));\n window.localStorage.removeItem(this.k(REFRESH_KEY));\n }\n}\n","import type { TokenStorage } from '../tokens';\n\nconst ACCESS_KEY = 'guard_access_token';\nconst REFRESH_KEY = 'guard_refresh_token';\n\nexport interface AsyncStorageLike {\n getItem(key: string): Promise<string | null>;\n setItem(key: string, value: string): Promise<void>;\n removeItem(key: string): Promise<void>;\n}\n\nexport function reactNativeStorageAdapter(AsyncStorage: AsyncStorageLike, prefix = ''): TokenStorage {\n const p = prefix ? `${prefix}:` : '';\n const k = (key: string) => `${p}${key}`;\n\n return {\n async getAccessToken() {\n return AsyncStorage.getItem(k(ACCESS_KEY));\n },\n async setAccessToken(token: string | null) {\n if (token == null) return AsyncStorage.removeItem(k(ACCESS_KEY));\n return AsyncStorage.setItem(k(ACCESS_KEY), token);\n },\n async getRefreshToken() {\n return AsyncStorage.getItem(k(REFRESH_KEY));\n },\n async setRefreshToken(token: string | null) {\n if (token == null) return AsyncStorage.removeItem(k(REFRESH_KEY));\n return AsyncStorage.setItem(k(REFRESH_KEY), token);\n },\n async clear() {\n await AsyncStorage.removeItem(k(ACCESS_KEY));\n await AsyncStorage.removeItem(k(REFRESH_KEY));\n },\n };\n}\n","import type { FetchLike } from '../types';\n\nexport type RequestInterceptor = (\n input: RequestInfo | URL,\n init: RequestInit\n) => Promise<[RequestInfo | URL, RequestInit]> | [RequestInfo | URL, RequestInit];\n\nexport type ResponseInterceptor = (response: Response) => Promise<Response> | Response;\n\nexport interface Interceptors {\n request?: RequestInterceptor[];\n response?: ResponseInterceptor[];\n}\n\nexport function applyRequestInterceptors(\n input: RequestInfo | URL,\n init: RequestInit,\n interceptors?: RequestInterceptor[]\n): Promise<[RequestInfo | URL, RequestInit]> | [RequestInfo | URL, RequestInit] {\n if (!interceptors || interceptors.length === 0) return [input, init];\n let chain = Promise.resolve<[RequestInfo | URL, RequestInit]>([input, init]);\n for (const fn of interceptors) {\n chain = chain.then(([i, n]) => Promise.resolve(fn(i, n)));\n }\n return chain;\n}\n\nexport async function applyResponseInterceptors(\n response: Response,\n interceptors?: ResponseInterceptor[]\n): Promise<Response> {\n if (!interceptors || interceptors.length === 0) return response;\n let res = response;\n for (const fn of interceptors) {\n // Allow interceptor to clone/consume as needed\n // Always pass along the result for next interceptor\n // eslint-disable-next-line no-await-in-loop\n res = await Promise.resolve(fn(res));\n }\n return res;\n}\n","import { ApiError } from '../errors';\nimport { buildRateLimitError, toHeadersMap } from '../rateLimit';\nimport type { FetchLike, ResponseWrapper } from '../types';\nimport { applyRequestInterceptors, applyResponseInterceptors, type Interceptors } from './interceptors';\n\nexport interface TransportOptions {\n baseUrl: string;\n fetchImpl?: FetchLike;\n interceptors?: Interceptors;\n clientHeader?: string; // e.g., \"ts-sdk/<version>\"\n defaultHeaders?: Record<string, string>;\n credentials?: RequestCredentials; // e.g., 'include' for cookie-based auth\n}\n\nexport class HttpClient {\n private readonly baseUrl: string;\n private readonly fetchImpl: FetchLike;\n private readonly interceptors?: Interceptors;\n private readonly clientHeader?: string;\n private readonly defaultHeaders: Record<string, string>;\n private readonly credentials?: RequestCredentials;\n\n constructor(opts: TransportOptions) {\n this.baseUrl = opts.baseUrl.replace(/\\/$/, '');\n const fiRaw = (opts.fetchImpl ?? (globalThis.fetch as any));\n if (!fiRaw) throw new Error('No fetch implementation provided and global fetch is unavailable');\n // Bind fetch to globalThis to satisfy WebKit where unbound Window.fetch throws\n this.fetchImpl = ((input: RequestInfo | URL, init?: RequestInit) => (fiRaw as any).call(globalThis, input, init)) as FetchLike;\n this.interceptors = opts.interceptors;\n this.clientHeader = opts.clientHeader ?? 'ts-sdk';\n this.defaultHeaders = { ...(opts.defaultHeaders ?? {}) };\n this.credentials = opts.credentials;\n }\n\n private buildUrl(path: string): string {\n if (/^https?:\\/\\//i.test(path)) return path;\n if (!path.startsWith('/')) path = `/${path}`;\n return `${this.baseUrl}${path}`;\n }\n\n async request<T>(path: string, init: RequestInit = {}): Promise<ResponseWrapper<T>> {\n const url = this.buildUrl(path);\n\n const headers = new Headers(init.headers || {});\n // default JSON\n if (!headers.has('content-type')) headers.set('content-type', 'application/json');\n if (!headers.has('accept')) headers.set('accept', 'application/json');\n // client identification\n if (this.clientHeader && !headers.has('x-guard-client')) {\n headers.set('x-guard-client', this.clientHeader);\n }\n // default headers\n for (const [k, v] of Object.entries(this.defaultHeaders)) {\n if (!headers.has(k)) headers.set(k, v);\n }\n\n const reqInit: RequestInit = { ...init, headers };\n if (!('credentials' in reqInit) && this.credentials) {\n reqInit.credentials = this.credentials;\n }\n const [finalUrl, finalInit] = await applyRequestInterceptors(url, reqInit, this.interceptors?.request as any);\n\n const res = await this.fetchImpl(finalUrl, finalInit);\n const res2 = await applyResponseInterceptors(res, this.interceptors?.response);\n\n const requestId = res2.headers.get('x-request-id') || undefined;\n const status = res2.status;\n\n if (!res2.ok) {\n let body: any = undefined;\n try {\n const ct = res2.headers.get('content-type') || '';\n if (ct.includes('application/json')) body = await res2.clone().json();\n else body = await res2.clone().text();\n } catch {}\n\n if (status === 429) {\n throw buildRateLimitError({ status, message: (body && body.message) || 'Too Many Requests', requestId, headers: res2.headers, raw: body });\n }\n\n throw new ApiError({\n status,\n message: (body && body.message) || res2.statusText || `HTTP ${status}`,\n code: body && body.code ? String(body.code) : undefined,\n requestId,\n headers: toHeadersMap(res2.headers),\n raw: body,\n });\n }\n\n let data: any = undefined;\n const ct = res2.headers.get('content-type') || '';\n if (status !== 204) {\n if (ct.includes('application/json')) data = await res2.json();\n else data = await res2.text();\n }\n\n return {\n data: data as T,\n meta: { status, requestId, headers: toHeadersMap(res2.headers) },\n };\n }\n\n // Low-level raw request that returns the Response without throwing on non-2xx.\n // Useful for endpoints like SSO start that intentionally return 3xx redirects.\n async requestRaw(path: string, init: RequestInit = {}): Promise<Response> {\n const url = this.buildUrl(path);\n\n const headers = new Headers(init.headers || {});\n // default JSON\n if (!headers.has('content-type')) headers.set('content-type', 'application/json');\n if (!headers.has('accept')) headers.set('accept', 'application/json');\n // client identification\n if (this.clientHeader && !headers.has('x-guard-client')) {\n headers.set('x-guard-client', this.clientHeader);\n }\n // default headers\n for (const [k, v] of Object.entries(this.defaultHeaders)) {\n if (!headers.has(k)) headers.set(k, v);\n }\n\n const reqInit: RequestInit = { ...init, headers };\n if (!('credentials' in reqInit) && this.credentials) {\n reqInit.credentials = this.credentials;\n }\n const [finalUrl, finalInit] = await applyRequestInterceptors(url, reqInit, this.interceptors?.request as any);\n\n const res = await this.fetchImpl(finalUrl, finalInit);\n const res2 = await applyResponseInterceptors(res, this.interceptors?.response);\n return res2;\n }\n}\n","{\n \"name\": \"@corvushold/guard-sdk\",\n \"version\": \"0.7.0\",\n \"description\": \"Guard CAS TypeScript SDK for Node.js, browsers, and React Native (beta)\",\n \"license\": \"Apache-2.0\",\n \"author\": {\n \"name\": \"CorvusHold\",\n \"url\": \"https://github.com/CorvusHold\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/CorvusHold/guard\",\n \"directory\": \"sdk/ts\"\n },\n \"homepage\": \"https://github.com/CorvusHold/guard/tree/main/sdk/ts#readme\",\n \"bugs\": {\n \"url\": \"https://github.com/CorvusHold/guard/issues\"\n },\n \"type\": \"module\",\n \"main\": \"./dist/index.cjs\",\n \"module\": \"./dist/index.js\",\n \"types\": \"./dist/index.d.ts\",\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.ts\",\n \"import\": \"./dist/index.js\",\n \"require\": \"./dist/index.cjs\"\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"publishConfig\": {\n \"access\": \"public\"\n },\n \"sideEffects\": false,\n \"engines\": {\n \"node\": \">=18\"\n },\n \"dependencies\": {\n \"otplib\": \"^12.0.1\"\n },\n \"peerDependencies\": {\n \"@react-native-async-storage/async-storage\": \">=1.19.0\"\n },\n \"peerDependenciesMeta\": {\n \"@react-native-async-storage/async-storage\": {\n \"optional\": true\n }\n },\n \"scripts\": {\n \"clean\": \"rimraf dist\",\n \"build\": \"npm run gen:openapi && tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev:test\": \"vitest\",\n \"lint\": \"eslint 'src/**/*.{ts,tsx}'\",\n \"lint:fix\": \"eslint --fix 'src/**/*.{ts,tsx}'\",\n \"fmt\": \"prettier --write .\",\n \"gen:openapi\": \"node scripts/gen-types.mjs\",\n \"conformance\": \"node scripts/run-conformance.mjs\",\n \"prepublishOnly\": \"npm run build && npm test\"\n },\n \"devDependencies\": {\n \"@types/node\": \"24.3.0\",\n \"@typescript-eslint/eslint-plugin\": \"8.40.0\",\n \"@typescript-eslint/parser\": \"8.40.0\",\n \"eslint\": \"^9.34.0\",\n \"eslint-plugin-vitest\": \"^0.5.4\",\n \"openapi-typescript\": \"^7.4.1\",\n \"prettier\": \"^3.3.3\",\n \"rimraf\": \"^6.0.1\",\n \"swagger2openapi\": \"^7.0.8\",\n \"tsup\": \"^8.2.4\",\n \"typescript\": \"^5.5.4\",\n \"vitest\": \"^3.2.4\"\n }\n}\n","import { HttpClient, type TransportOptions } from './http/transport';\nimport type { FetchLike, TenantId, ResponseWrapper, SsoProvider } from './types';\nimport type { components as OpenAPIComponents } from './generated/openapi';\nimport { InMemoryStorage } from './storage/inMemory';\nimport type { TokenStorage } from './tokens';\nimport type { RequestInterceptor } from './http/interceptors';\nimport pkg from '../package.json';\nimport { toHeadersMap } from './rateLimit';\n\nexport interface GuardClientOptions {\n baseUrl: string;\n tenantId?: TenantId;\n fetchImpl?: FetchLike;\n storage?: TokenStorage;\n defaultHeaders?: Record<string, string>;\n authMode?: 'bearer' | 'cookie';\n}\n\n// OpenAPI component schema aliases\n// Note: The current OpenAPI typings do not expose a dedicated tokens schema,\n// so we define the minimal surface we need here and keep other DTOs sourced\n// from the generated OpenAPI types.\ntype TokensResp = {\n access_token?: string | null;\n refresh_token?: string | null;\n success?: boolean;\n};\ntype MfaChallengeResp = OpenAPIComponents['schemas']['controller.mfaChallengeResp'];\ntype OAuth2MetadataResp = OpenAPIComponents['schemas']['controller.oauth2MetadataResp'];\n// Portal link DTO: base on OpenAPI, but enforce `link` is present at type-level for stricter SDK contract\ntype PortalLink = OpenAPIComponents['schemas']['domain.PortalLink'] & { link: string };\n\n// Portal session DTOs\nexport interface SsoPortalSessionResp {\n tenant_id: string;\n provider_slug: string;\n portal_token_id: string;\n intent: string;\n}\n\n// Password reset tenant selection response (when email exists in multiple tenants)\nexport interface TenantOption {\n tenant_id: string;\n tenant_name: string;\n}\n\nexport interface TenantSelectionRequiredResp {\n error: 'tenant_selection_required';\n message: string;\n tenants: TenantOption[];\n}\n\nexport function isTenantSelectionRequired(data: unknown): data is TenantSelectionRequiredResp {\n const d = data as any;\n return !!d\n && d.error === 'tenant_selection_required'\n && typeof d.message === 'string'\n && Array.isArray(d.tenants);\n}\n\nexport interface SsoPortalContext {\n session: SsoPortalSessionResp;\n provider: SsoProviderItem;\n}\n\n// Type guards to help narrow union results in consumers\nexport function isTokensResp(data: unknown): data is TokensResp {\n const d = data as any;\n return !!d && (typeof d.access_token === 'string' || typeof d.refresh_token === 'string');\n}\n\nexport function isMfaChallengeResp(data: unknown): data is MfaChallengeResp {\n const d = data as any;\n return !!d && typeof d.challenge_token === 'string';\n}\ntype MfaVerifyReq = OpenAPIComponents['schemas']['controller.mfaVerifyReq'];\ntype RefreshReq = OpenAPIComponents['schemas']['controller.refreshReq'];\n\n// RBAC v2 (admin) OpenAPI schema aliases\ntype RbacPermissionsResp = OpenAPIComponents['schemas']['controller.rbacPermissionsResp'];\ntype RbacRolesResp = OpenAPIComponents['schemas']['controller.rbacRolesResp'];\ntype RbacRoleItem = OpenAPIComponents['schemas']['controller.rbacRoleItem'];\ntype RbacCreateRoleReq = OpenAPIComponents['schemas']['controller.rbacCreateRoleReq'];\ntype RbacUpdateRoleReq = OpenAPIComponents['schemas']['controller.rbacUpdateRoleReq'];\ntype RbacRolePermissionReq = OpenAPIComponents['schemas']['controller.rbacRolePermissionReq'];\ntype RbacUserRolesResp = OpenAPIComponents['schemas']['controller.rbacUserRolesResp'];\ntype RbacModifyUserRoleReq = OpenAPIComponents['schemas']['controller.rbacModifyUserRoleReq'];\ntype RbacResolvedPermissionsResp = OpenAPIComponents['schemas']['controller.rbacResolvedPermissionsResp'];\n\n// FGA (admin) DTOs (controller uses snake_case JSON)\nexport type FgaGroup = {\n id: string;\n tenant_id: string;\n name: string;\n description?: string;\n created_at: string;\n updated_at: string;\n};\nexport type FgaGroupsResp = { groups: FgaGroup[] };\nexport type FgaAclTuple = {\n id: string;\n tenant_id: string;\n subject_type: string;\n subject_id: string;\n permission_key?: string;\n object_type: string;\n object_id?: string | null;\n created_by?: string | null;\n created_at: string;\n};\n\n// Minimal response types for tenant discovery\nexport interface TenantSummary { id: string; name?: string }\nexport interface DiscoverTenantsResp { tenants: TenantSummary[] }\ntype UserProfile = OpenAPIComponents['schemas']['domain.UserProfile'];\ntype Introspection = OpenAPIComponents['schemas']['domain.Introspection'];\ntype MagicSendReq = OpenAPIComponents['schemas']['controller.magicSendReq'];\ntype MagicVerifyReq = OpenAPIComponents['schemas']['controller.magicVerifyReq'];\ntype PasswordSignupInput = {\n email: string;\n password: string;\n tenant_id?: string;\n first_name?: string;\n last_name?: string;\n};\n\n// SDK-local DTOs (from server controllers)\nexport interface AdminUser {\n id: string;\n email_verified: boolean;\n is_active: boolean;\n first_name: string;\n last_name: string;\n roles: string[];\n created_at: string; // RFC3339\n updated_at: string; // RFC3339\n last_login_at?: string | null; // RFC3339 | null\n}\n\nexport interface AdminUsersResp {\n users: AdminUser[];\n}\n\n/** Auth method used to create a session */\nexport type AuthMethod = 'password' | 'sso' | 'magic_link';\n\nexport interface SessionItem {\n id: string;\n revoked: boolean;\n user_agent: string;\n ip: string;\n created_at: string; // RFC3339\n expires_at: string; // RFC3339\n auth_method: AuthMethod;\n sso_provider_id?: string;\n sso_provider_name?: string;\n sso_provider_slug?: string;\n}\n\nexport interface SessionsListResp {\n sessions: SessionItem[];\n}\n\nexport interface TenantSettingsResponse {\n sso_provider: string;\n workos_client_id: string;\n workos_client_secret?: string; // masked\n workos_api_key?: string; // masked\n workos_default_connection_id?: string;\n workos_default_organization_id?: string;\n sso_state_ttl: string;\n sso_redirect_allowlist: string;\n}\n\nexport interface TenantSettingsPutRequest {\n sso_provider?: string | null;\n workos_client_id?: string | null;\n workos_client_secret?: string | null;\n workos_api_key?: string | null;\n workos_default_connection_id?: string | null;\n workos_default_organization_id?: string | null;\n sso_state_ttl?: string | null; // Go validates time.ParseDuration strings\n sso_redirect_allowlist?: string | null; // comma-separated URLs\n}\n\n// SSO Provider Management Types\nexport type SsoProviderType = 'oidc' | 'saml';\nexport type SsoLinkingPolicy = 'never' | 'verified_email' | 'always';\n\nexport interface SsoProviderItem {\n id: string;\n tenant_id: string;\n name: string;\n slug: string;\n provider_type: SsoProviderType;\n enabled: boolean;\n allow_signup: boolean;\n trust_email_verified: boolean;\n domains: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string; // masked in responses\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string; // masked in responses\n sp_certificate_expires_at?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n\n created_at: string;\n updated_at: string;\n created_by?: string;\n updated_by?: string;\n}\n\nexport interface SsoProvidersListResp {\n providers: SsoProviderItem[];\n total: number;\n}\n\n// Login options response - available auth methods for a tenant/email\nexport interface SsoProviderOption {\n slug: string;\n name: string;\n provider_type: SsoProviderType;\n logo_url?: string;\n login_url: string;\n}\n\nexport interface LoginOptionsResp {\n password_enabled: boolean;\n magic_link_enabled: boolean;\n sso_providers: SsoProviderOption[];\n preferred_method: AuthMethod;\n sso_required: boolean;\n user_exists: boolean;\n tenant_id?: string;\n tenant_name?: string;\n domain_matched_sso?: SsoProviderOption;\n}\n\nexport interface CreateSsoProviderReq {\n tenant_id: string;\n name: string;\n slug: string;\n provider_type: SsoProviderType;\n enabled?: boolean;\n allow_signup?: boolean;\n trust_email_verified?: boolean;\n domains?: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string;\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n}\n\nexport interface UpdateSsoProviderReq {\n name?: string;\n enabled?: boolean;\n allow_signup?: boolean;\n trust_email_verified?: boolean;\n domains?: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string;\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n}\n\nexport interface SsoTestProviderResp {\n success: boolean;\n metadata?: Record<string, any>;\n error?: string;\n}\n\n// SP Info response - computed Service Provider URLs for SAML configuration\n// URLs use V2 tenant-scoped format: /auth/sso/t/{tenant_id}/{slug}/*\nexport interface SsoSPInfoResp {\n /** SP Entity ID / Issuer URL (also called \"Identifier\" in some IdPs) */\n entity_id: string;\n /** Assertion Consumer Service URL where the IdP sends SAML responses */\n acs_url: string;\n /** Single Logout URL (optional) */\n slo_url?: string;\n /** URL where SP metadata XML can be downloaded */\n metadata_url: string;\n /** URL to initiate SSO login */\n login_url: string;\n /** Public base URL of the Guard service */\n base_url: string;\n /** Tenant ID used in the URL paths */\n tenant_id: string;\n}\n\ntype PasswordLoginInput = { email: string; password: string; tenant_id?: string };\n\nexport class GuardClient {\n readonly baseUrl: string;\n private readonly tenantId?: TenantId;\n private readonly storage: TokenStorage;\n private readonly http: HttpClient;\n\n constructor(opts: GuardClientOptions) {\n this.baseUrl = opts.baseUrl;\n this.tenantId = opts.tenantId;\n this.storage = opts.storage ?? new InMemoryStorage();\n\n const mode = opts.authMode ?? 'bearer';\n const authHeaderInterceptor: RequestInterceptor = async (input: RequestInfo | URL, init: RequestInit) => {\n const headers = new Headers(init.headers || {});\n if (mode === 'bearer') {\n // Attach Authorization if present\n const token = await Promise.resolve(this.storage.getAccessToken());\n if (token && !headers.has('authorization')) {\n headers.set('authorization', `Bearer ${token}`);\n }\n } else if (mode === 'cookie') {\n // Set X-Auth-Mode header to signal cookie mode to backend\n headers.set('X-Auth-Mode', 'cookie');\n }\n return [input, { ...init, headers }];\n };\n\n const defaultHeaders = { ...(opts.defaultHeaders ?? {}) };\n // Tenancy today is via body/query. Header will be added later when server adopts it.\n\n const clientHeader = `ts-sdk/${(pkg as any).version ?? '0.0.0'}`;\n // In cookie mode, always include credentials (cookies) with requests.\n // This requires the backend to have proper CORS configuration with Access-Control-Allow-Credentials: true\n let credentialsOpt: RequestCredentials | undefined = undefined;\n if (mode === 'cookie') {\n credentialsOpt = 'include';\n }\n\n this.http = new HttpClient({\n baseUrl: opts.baseUrl,\n fetchImpl: opts.fetchImpl,\n clientHeader,\n defaultHeaders,\n interceptors: { request: [authHeaderInterceptor] },\n credentials: credentialsOpt,\n } as TransportOptions);\n }\n\n // Low-level request passthrough (internal usage by methods)\n protected async request<T>(path: string, init: RequestInit): Promise<ResponseWrapper<T>> {\n return this.http.request<T>(path, init);\n }\n\n private persistTokensFrom(data: unknown): void {\n try {\n if (isTokensResp(data)) {\n const access = data.access_token ?? null;\n const refresh = data.refresh_token ?? null;\n if (access !== undefined) {\n // allow null to clear\n void this.storage.setAccessToken(access);\n }\n if (refresh !== undefined) {\n void this.storage.setRefreshToken(refresh);\n }\n }\n } catch (_) {\n // best-effort; ignore\n }\n }\n\n private buildQuery(params: Record<string, string | number | boolean | undefined | null>): string {\n const usp = new URLSearchParams();\n for (const [k, v] of Object.entries(params)) {\n if (v === undefined || v === null) continue;\n usp.set(k, String(v));\n }\n const qs = usp.toString();\n return qs ? `?${qs}` : '';\n }\n\n // Auth: Password login -> returns tokens (200) or MFA challenge (202)\n async passwordLogin(body: PasswordLoginInput): Promise<ResponseWrapper<TokensResp | MfaChallengeResp>> {\n const res = await this.request<TokensResp | MfaChallengeResp>('/v1/auth/password/login', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Password signup -> returns tokens (201 Created)\n async passwordSignup(body: PasswordSignupInput): Promise<ResponseWrapper<TokensResp>> {\n const res = await this.request<TokensResp>('/v1/auth/password/signup', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n if (res.meta.status === 200 || res.meta.status === 201) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Verify MFA challenge -> tokens\n async mfaVerify(body: MfaVerifyReq): Promise<ResponseWrapper<TokensResp>> {\n const res = await this.request<TokensResp>('/v1/auth/mfa/verify', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Refresh tokens\n async refresh(body?: Partial<RefreshReq>): Promise<ResponseWrapper<TokensResp>> {\n let refreshToken = body?.refresh_token ?? null;\n if (!refreshToken) refreshToken = (await Promise.resolve(this.storage.getRefreshToken())) ?? null;\n const res = await this.request<TokensResp>('/v1/auth/refresh', {\n method: 'POST',\n body: JSON.stringify({ refresh_token: refreshToken }),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Logout (revoke refresh token) -> 204\n async logout(body?: { refresh_token?: string | null }): Promise<ResponseWrapper<unknown>> {\n const b = body ?? {};\n const res = await this.request<unknown>('/v1/auth/logout', {\n method: 'POST',\n body: JSON.stringify(b),\n });\n if (res.meta.status === 204) {\n // best-effort: clear stored refresh; leave access to naturally expire\n void this.storage.setRefreshToken(null);\n }\n return res;\n }\n\n // Auth: Current user profile\n async me(): Promise<ResponseWrapper<UserProfile>> {\n return this.request<UserProfile>('/v1/auth/me', { method: 'GET' });\n }\n\n // Auth: Email discovery (progressive login)\n async emailDiscover(body: { email: string; tenant_id?: string }): Promise<ResponseWrapper<{\n found: boolean;\n has_tenant: boolean;\n tenant_id?: string;\n tenant_name?: string;\n user_exists: boolean;\n suggestions?: string[];\n }>> {\n const headers: Record<string, string> = {};\n const tid = body.tenant_id ?? this.tenantId;\n if (tid) headers['X-Tenant-ID'] = String(tid);\n return this.request(`/v1/auth/email/discover`, {\n method: 'POST',\n headers,\n body: JSON.stringify({ email: body.email })\n });\n }\n\n // Auth: Get login options - returns available auth methods for a tenant/email\n async getLoginOptions(params?: { email?: string; tenant_id?: string }): Promise<ResponseWrapper<LoginOptionsResp>> {\n const tid = params?.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ email: params?.email, tenant_id: tid });\n return this.request<LoginOptionsResp>(`/v1/auth/login-options${qs}`, { method: 'GET' });\n }\n\n // --- MFA self-service ---\n async mfaStartTotp(): Promise<ResponseWrapper<{ secret: string; otpauth_url: string }>> {\n return this.request<{ secret: string; otpauth_url: string }>('/v1/auth/mfa/totp/start', { method: 'POST' });\n }\n\n async mfaActivateTotp(body: { code: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/mfa/totp/activate', { method: 'POST', body: JSON.stringify(body) });\n }\n\n async mfaDisableTotp(): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/mfa/totp/disable', { method: 'POST' });\n }\n\n async mfaGenerateBackupCodes(body: { count?: number } = {}): Promise<ResponseWrapper<{ codes: string[] }>> {\n return this.request<{ codes: string[] }>('/v1/auth/mfa/backup/generate', { method: 'POST', body: JSON.stringify({ count: body.count ?? 5 }) });\n }\n\n async mfaCountBackupCodes(): Promise<ResponseWrapper<{ count: number }>> {\n return this.request<{ count: number }>('/v1/auth/mfa/backup/count', { method: 'GET' });\n }\n\n // Tenants: Discover tenants for a given email (used by login tenant selection)\n async discoverTenants(params: { email: string }): Promise<ResponseWrapper<DiscoverTenantsResp>> {\n const qs = this.buildQuery({ email: params.email });\n return this.request<DiscoverTenantsResp>(`/v1/auth/tenants${qs}`, { method: 'GET' });\n }\n\n // Tenants: Create\n async createTenant(body: { name: string }): Promise<ResponseWrapper<{ id: string; name: string; is_active?: boolean; created_at?: string; updated_at?: string }>> {\n return this.request(`/tenants`, { method: 'POST', body: JSON.stringify({ name: body.name }) });\n }\n\n // Tenants: Get by ID\n async getTenant(id: string): Promise<ResponseWrapper<{ id: string; name: string; is_active: boolean; created_at: string; updated_at: string }>> {\n return this.request(`/tenants/${encodeURIComponent(id)}`, { method: 'GET' });\n }\n\n // Tenants: List (admin)\n async listTenants(params: { q?: string; page?: number; page_size?: number; active?: number | boolean } = {}): Promise<ResponseWrapper<{ items: Array<{ id: string; name: string; is_active: boolean; created_at: string; updated_at: string }>; total: number; page: number; page_size: number; total_pages: number }>> {\n const qs = this.buildQuery({\n q: params.q,\n page: params.page,\n page_size: params.page_size,\n active: typeof params.active === 'boolean' ? (params.active ? 1 : 0) : params.active\n });\n return this.request(`/tenants${qs}`, { method: 'GET' });\n }\n\n // Auth: Introspect token (from header or body)\n async introspect(body?: { token?: string }): Promise<ResponseWrapper<Introspection>> {\n return this.request<Introspection>('/v1/auth/introspect', {\n method: 'POST',\n body: JSON.stringify(body ?? {}),\n });\n }\n\n // Auth: Magic link send\n async magicSend(body: MagicSendReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/magic/send', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Auth: Magic verify (token in query preferred)\n async magicVerify(params: { token?: string } = {}, body?: MagicVerifyReq): Promise<ResponseWrapper<TokensResp>> {\n const qs = this.buildQuery(params);\n const res = await this.request<TokensResp>(`/v1/auth/magic/verify${qs}`, {\n method: 'GET',\n // Some servers accept body on GET per spec; include if provided\n ...(body ? { body: JSON.stringify(body) } : {}),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Request password reset -> 202 (always, to prevent email enumeration)\n async passwordResetRequest(body: { tenant_id?: string; email: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/password/reset/request', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n }\n\n // Auth: Confirm password reset -> 200 on success\n async passwordResetConfirm(body: { tenant_id?: string; token: string; new_password: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/password/reset/confirm', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n }\n\n // Auth: Change password (requires auth) -> 200 on success\n async changePassword(body: { current_password: string; new_password: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/password/change', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Auth: Update profile (first/last name) -> 200 on success\n async updateProfile(body: { first_name?: string; last_name?: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/v1/auth/profile', {\n method: 'PATCH',\n body: JSON.stringify(body),\n });\n }\n\n // Admin: List users (requires admin role). tenant_id from client or param.\n async listUsers(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<AdminUsersResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<AdminUsersResp>(`/v1/auth/admin/users${qs}`, { method: 'GET' });\n }\n\n // Admin: Update user names\n async updateUserNames(id: string, body: { first_name?: string; last_name?: string }): Promise<ResponseWrapper<unknown>> {\n const payload: any = {};\n if (typeof body?.first_name === 'string') payload.first_name = body.first_name;\n if (typeof body?.last_name === 'string') payload.last_name = body.last_name;\n return this.request<unknown>(`/v1/auth/admin/users/${encodeURIComponent(id)}`, {\n method: 'PATCH',\n body: JSON.stringify(payload),\n });\n }\n\n // Admin: Block user\n async blockUser(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/users/${encodeURIComponent(id)}/block`, { method: 'POST' });\n }\n\n // Admin: Unblock user\n async unblockUser(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/users/${encodeURIComponent(id)}/unblock`, { method: 'POST' });\n }\n\n // Admin: Verify user email (set email_verified=true)\n async verifyUserEmail(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/users/${encodeURIComponent(id)}/verify-email`, { method: 'POST' });\n }\n\n // Admin: Unverify user email (set email_verified=false)\n async unverifyUserEmail(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/users/${encodeURIComponent(id)}/unverify-email`, { method: 'POST' });\n }\n\n // Sessions: List sessions. When includeAll=false, filter to active (non-revoked, not expired) client-side to match example app UX.\n async listSessions(options: { includeAll?: boolean } = {}): Promise<ResponseWrapper<SessionsListResp>> {\n const res = await this.request<SessionsListResp>('/v1/auth/sessions', { method: 'GET', cache: 'no-store' as any });\n if (res.meta.status >= 200 && res.meta.status < 300) {\n const includeAll = !!options.includeAll;\n const sessions = Array.isArray(res.data?.sessions) ? res.data.sessions : [];\n if (!includeAll) {\n const now = Date.now();\n const active = sessions.filter((s: SessionItem) => {\n const revoked = !!s.revoked;\n const expMs = s.expires_at ? Date.parse(s.expires_at) : 0;\n return !revoked && expMs > now;\n });\n return { data: { sessions: active }, meta: res.meta };\n }\n }\n return res;\n }\n\n // Sessions: Revoke session\n async revokeSession(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/sessions/${encodeURIComponent(id)}/revoke`, { method: 'POST' });\n }\n\n // Tenants: Get settings\n async getTenantSettings(tenantId?: string): Promise<ResponseWrapper<TenantSettingsResponse>> {\n const id = tenantId ?? this.tenantId;\n if (!id) throw new Error('tenantId is required');\n return this.request<TenantSettingsResponse>(`/v1/tenants/${encodeURIComponent(id)}/settings`, { method: 'GET' });\n }\n\n // Tenants: Update settings\n async updateTenantSettings(tenantId: string, settings: TenantSettingsPutRequest): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/tenants/${encodeURIComponent(tenantId)}/settings`, {\n method: 'PUT',\n body: JSON.stringify(settings ?? {}),\n });\n }\n\n /**\n * Start SSO flow with a provider slug.\n * Uses V2 tenant-scoped URLs: /auth/sso/t/{tenant_id}/{slug}/login\n * \n * @param providerSlug - The provider slug (e.g., 'okta', 'azure-ad', 'google-saml')\n * @param params - Optional parameters for the SSO flow\n * @returns The redirect URL to send the user to for authentication\n * \n * @example\n * ```ts\n * const result = await client.startSso('okta', { redirect_url: 'https://myapp.com/callback' });\n * window.location.href = result.data.redirect_url;\n * ```\n */\n async startSso(providerSlug: SsoProvider, params: {\n tenant_id?: string;\n redirect_url?: string;\n login_hint?: string;\n force_authn?: boolean;\n } = {}): Promise<ResponseWrapper<{ redirect_url: string }>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required for SSO; set via params or client constructor');\n \n const qs = this.buildQuery({\n redirect_url: params.redirect_url,\n login_hint: params.login_hint,\n force_authn: params.force_authn,\n });\n \n // Use V2 tenant-scoped URL format\n const res = await this.http.requestRaw(\n `/auth/sso/t/${encodeURIComponent(tenant)}/${encodeURIComponent(providerSlug)}/login${qs}`,\n { method: 'GET', redirect: 'manual' }\n );\n const loc = res.headers.get('location');\n const requestId = res.headers.get('x-request-id') || undefined;\n \n // Check for error response (non-redirect)\n if (res.status >= 400) {\n let errorMsg = `SSO start failed with status ${res.status}`;\n try {\n const body = await res.json();\n if (body?.error) errorMsg += `: ${body.error}`;\n } catch { /* ignore parse errors */ }\n throw new Error(`${errorMsg}${requestId ? ` (request: ${requestId})` : ''}`);\n }\n \n if (!loc) {\n throw new Error(\n `missing redirect location from SSO start${requestId ? ` (request: ${requestId})` : ''}`\n );\n }\n return {\n data: { redirect_url: loc },\n meta: { status: res.status, requestId, headers: toHeadersMap(res.headers) },\n };\n }\n\n /**\n * Handle SSO callback and exchange code for tokens.\n * Uses V2 tenant-scoped URLs: /auth/sso/t/{tenant_id}/{slug}/callback\n * \n * @param providerSlug - The provider slug used in startSso\n * @param params - Callback parameters (code, state from IdP redirect)\n * @returns Access and refresh tokens\n */\n async handleSsoCallback(providerSlug: SsoProvider, params: {\n tenant_id?: string;\n code: string;\n state?: string;\n }): Promise<ResponseWrapper<TokensResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required for SSO callback');\n \n const qs = this.buildQuery({ code: params.code, state: params.state });\n const res = await this.request<TokensResp>(\n `/auth/sso/t/${encodeURIComponent(tenant)}/${encodeURIComponent(providerSlug)}/callback${qs}`,\n { method: 'GET' }\n );\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n /**\n * Parse SSO callback tokens from URL query parameters or fragment.\n * Use this when Guard redirects to your app's callback URL with tokens.\n * \n * **Note:** This method has a side effect: when tokens are successfully parsed,\n * they are automatically persisted to the configured TokenStorage.\n * \n * @param url - The full callback URL or just the query/fragment string (e.g., window.location.search or window.location.hash)\n * @returns Tokens if access_token is present in URL, null otherwise\n * \n * @remarks\n * - access_token is required for a successful return\n * - refresh_token is optional (some flows don't provide it)\n * - When refresh_token is missing, token refresh via `refresh()` will not be available\n * - Tokens are persisted to storage on successful parse (side effect)\n */\n parseSsoCallbackTokens(url: string): TokensResp | null {\n try {\n // Handle both full URL and just query/fragment string\n let searchParams: URLSearchParams;\n if (url.startsWith('#')) {\n // Fragment-based tokens (e.g., from SSO redirect)\n searchParams = new URLSearchParams(url.substring(1));\n } else if (url.startsWith('?') || url.startsWith('/') || url.startsWith('http')) {\n // For query-only or path-only strings, prepend a dummy base URL for parsing\n const needsBase = url.startsWith('?') || url.startsWith('/');\n const parsed = new URL(needsBase ? `http://x${url}` : url);\n // Try fragment first (preferred for security), then query params\n searchParams = parsed.hash\n ? new URLSearchParams(parsed.hash.substring(1))\n : parsed.searchParams;\n } else {\n searchParams = new URLSearchParams(url);\n }\n \n const accessToken = searchParams.get('access_token');\n const refreshToken = searchParams.get('refresh_token');\n \n // Access token is required; refresh token is optional\n if (!accessToken) {\n return null;\n }\n \n const tokens: TokensResp = {\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n };\n this.persistTokensFrom(tokens);\n return tokens;\n } catch {\n return null;\n }\n }\n\n // SSO: WorkOS Organization Portal link (admin-only on server)\n async getSsoOrganizationPortalLink(provider: SsoProvider, params: {\n tenant_id?: string;\n organization_id: string;\n intent?: string;\n }): Promise<ResponseWrapper<PortalLink>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n if (!params?.organization_id) throw new Error('organization_id is required');\n const qs = this.buildQuery({\n tenant_id: tenant,\n organization_id: params.organization_id,\n intent: params.intent,\n });\n return this.request<PortalLink>(`/v1/auth/sso/${provider}/portal-link${qs}`, { method: 'GET' });\n }\n\n // SSO: Portal token session exchange (public, portal-token gated)\n async ssoPortalSession(token: string): Promise<ResponseWrapper<SsoPortalSessionResp>> {\n if (!token || typeof token !== 'string') {\n throw new Error('token is required');\n }\n return this.request<SsoPortalSessionResp>('/v1/sso/portal/session', {\n method: 'POST',\n body: JSON.stringify({ token }),\n });\n }\n\n // SSO: Portal provider config (public, portal-token gated)\n async ssoPortalProvider(token: string): Promise<ResponseWrapper<SsoProviderItem>> {\n if (!token || typeof token !== 'string') {\n throw new Error('token is required');\n }\n const headers: Record<string, string> = { 'X-Portal-Token': token };\n return this.request<SsoProviderItem>('/v1/sso/portal/provider', {\n method: 'GET',\n headers,\n });\n }\n\n // High-level helper: load portal session and provider in one call\n async loadSsoPortalContext(token: string): Promise<SsoPortalContext> {\n const sessionRes = await this.ssoPortalSession(token);\n if (sessionRes.meta.status !== 200 || !sessionRes.data) {\n const serverError = this.extractErrorDetails(sessionRes.data);\n const requestId = sessionRes.meta.requestId;\n throw new Error(\n `portal session failed with status ${sessionRes.meta.status}` +\n (serverError ? `: ${serverError}` : '') +\n (requestId ? ` (request: ${requestId})` : '')\n );\n }\n\n const providerRes = await this.ssoPortalProvider(token);\n if (providerRes.meta.status !== 200 || !providerRes.data) {\n const serverError = this.extractErrorDetails(providerRes.data);\n const requestId = providerRes.meta.requestId;\n throw new Error(\n `portal provider failed with status ${providerRes.meta.status}` +\n (serverError ? `: ${serverError}` : '') +\n (requestId ? ` (request: ${requestId})` : '')\n );\n }\n\n return { session: sessionRes.data, provider: providerRes.data };\n }\n\n // Helper to extract error details from server response\n private extractErrorDetails(data: unknown): string | null {\n if (!data || typeof data !== 'object') return null;\n const obj = data as Record<string, unknown>;\n // Try common error field names\n if (typeof obj.error === 'string') return obj.error;\n if (typeof obj.message === 'string') return obj.message;\n if (typeof obj.description === 'string') return obj.description;\n if (typeof obj.detail === 'string') return obj.detail;\n return null;\n }\n\n // ==============================\n // SSO Provider Management (Admin-only endpoints)\n // ==============================\n\n // List SSO providers for a tenant\n async ssoListProviders(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<SsoProvidersListResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<SsoProvidersListResp>(`/v1/sso/providers${qs}`, { method: 'GET' });\n }\n\n // Create a new SSO provider\n async ssoCreateProvider(body: CreateSsoProviderReq): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>('/v1/sso/providers', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Get a specific SSO provider by ID\n async ssoGetProvider(id: string): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>(`/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'GET',\n });\n }\n\n // Update an existing SSO provider\n async ssoUpdateProvider(id: string, body: UpdateSsoProviderReq): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>(`/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'PUT',\n body: JSON.stringify(body),\n });\n }\n\n // Delete an SSO provider\n async ssoDeleteProvider(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'DELETE',\n });\n }\n\n // Test SSO provider configuration\n async ssoTestProvider(id: string): Promise<ResponseWrapper<SsoTestProviderResp>> {\n return this.request<SsoTestProviderResp>(`/v1/sso/providers/${encodeURIComponent(id)}/test`, {\n method: 'POST',\n });\n }\n\n /**\n * Get computed Service Provider (SP) URLs for SAML configuration.\n * These URLs are needed by admins to configure their Identity Provider (IdP).\n * URLs use V2 tenant-scoped format: /auth/sso/t/{tenant_id}/{slug}/*\n * \n * @param slug - The provider slug (e.g. 'okta', 'azure-ad')\n * @param tenantId - Optional tenant ID (uses client's default if not provided)\n * @returns SP info including Entity ID, ACS URL, SLO URL, Metadata URL, Login URL, and Tenant ID\n * \n * @example\n * ```ts\n * const spInfo = await client.ssoGetSPInfo('okta');\n * console.log(spInfo.data.entity_id); // https://api.example.com/auth/sso/t/{tenant_id}/okta/metadata\n * console.log(spInfo.data.acs_url); // https://api.example.com/auth/sso/t/{tenant_id}/okta/callback\n * console.log(spInfo.data.tenant_id); // The tenant UUID used in the URLs\n * ```\n */\n async ssoGetSPInfo(slug: string, tenantId?: string): Promise<ResponseWrapper<SsoSPInfoResp>> {\n if (!slug) throw new Error('slug is required');\n const tenant = tenantId ?? this.tenantId;\n const params: Record<string, string> = { slug };\n if (tenant) params.tenant_id = tenant;\n const qs = this.buildQuery(params);\n return this.request<SsoSPInfoResp>(`/v1/sso/sp-info${qs}`, { method: 'GET' });\n }\n\n // ==============================\n // RBAC v2 (Admin-only endpoints)\n // ==============================\n\n // RBAC: List all permissions (admin-only)\n async rbacListPermissions(): Promise<ResponseWrapper<RbacPermissionsResp>> {\n return this.request<RbacPermissionsResp>('/v1/auth/admin/rbac/permissions', { method: 'GET' });\n }\n\n // RBAC: List roles for a tenant\n async rbacListRoles(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<RbacRolesResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacRolesResp>(`/v1/auth/admin/rbac/roles${qs}`, { method: 'GET' });\n }\n\n // RBAC: Create role\n async rbacCreateRole(body: Omit<RbacCreateRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<RbacRoleItem>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacCreateRoleReq = { tenant_id: tenant, name: (body as any).name, description: (body as any).description } as RbacCreateRoleReq;\n return this.request<RbacRoleItem>('/v1/auth/admin/rbac/roles', { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // RBAC: Update role\n async rbacUpdateRole(id: string, body: Omit<RbacUpdateRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<RbacRoleItem>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacUpdateRoleReq = { tenant_id: tenant, name: (body as any).name, description: (body as any).description } as RbacUpdateRoleReq;\n return this.request<RbacRoleItem>(`/v1/auth/admin/rbac/roles/${encodeURIComponent(id)}`, { method: 'PATCH', body: JSON.stringify(payload) });\n }\n\n // RBAC: Delete role\n async rbacDeleteRole(id: string, params: { tenant_id?: string } = {}): Promise<ResponseWrapper<unknown>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<unknown>(`/v1/auth/admin/rbac/roles/${encodeURIComponent(id)}${qs}`, { method: 'DELETE' });\n }\n\n // RBAC: List user roles\n async rbacListUserRoles(userId: string, params: { tenant_id?: string } = {}): Promise<ResponseWrapper<RbacUserRolesResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacUserRolesResp>(`/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles${qs}`, { method: 'GET' });\n }\n\n // RBAC: Add user role\n async rbacAddUserRole(userId: string, body: Omit<RbacModifyUserRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacModifyUserRoleReq = { tenant_id: tenant, role_id: (body as any).role_id } as RbacModifyUserRoleReq;\n return this.request<unknown>(`/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // RBAC: Remove user role\n async rbacRemoveUserRole(userId: string, body: Omit<RbacModifyUserRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacModifyUserRoleReq = { tenant_id: tenant, role_id: (body as any).role_id } as RbacModifyUserRoleReq;\n return this.request<unknown>(`/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // RBAC: Upsert role permission\n async rbacUpsertRolePermission(roleId: string, body: RbacRolePermissionReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/rbac/roles/${encodeURIComponent(roleId)}/permissions`, { method: 'POST', body: JSON.stringify(body) });\n }\n\n // RBAC: Delete role permission\n async rbacDeleteRolePermission(roleId: string, body: RbacRolePermissionReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/v1/auth/admin/rbac/roles/${encodeURIComponent(roleId)}/permissions`, { method: 'DELETE', body: JSON.stringify(body) });\n }\n\n // RBAC: Resolve user permissions\n async rbacResolveUserPermissions(userId: string, params: { tenant_id?: string }): Promise<ResponseWrapper<RbacResolvedPermissionsResp>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacResolvedPermissionsResp>(`/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/permissions/resolve${qs}`, { method: 'GET' });\n }\n\n // ==============================\n // FGA (Admin-only endpoints)\n // ==============================\n\n // Groups: list\n async fgaListGroups(params: { tenant_id?: string }): Promise<ResponseWrapper<FgaGroupsResp>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<FgaGroupsResp>(`/v1/auth/admin/fga/groups${qs}`, { method: 'GET' });\n }\n\n // Groups: create\n async fgaCreateGroup(body: { tenant_id?: string; name: string; description?: string | null }): Promise<ResponseWrapper<FgaGroup>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { tenant_id: tenant, name: body.name, description: body?.description ?? null } as any;\n return this.request<FgaGroup>(`/v1/auth/admin/fga/groups`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // Groups: delete\n async fgaDeleteGroup(id: string, params: { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<unknown>(`/v1/auth/admin/fga/groups/${encodeURIComponent(id)}${qs}`, { method: 'DELETE' });\n }\n\n // Group membership: add\n async fgaAddGroupMember(groupId: string, body: { user_id: string }): Promise<ResponseWrapper<unknown>> {\n const payload = { user_id: body.user_id } as any;\n return this.request<unknown>(`/v1/auth/admin/fga/groups/${encodeURIComponent(groupId)}/members`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // Group membership: remove\n async fgaRemoveGroupMember(groupId: string, body: { user_id: string }): Promise<ResponseWrapper<unknown>> {\n const payload = { user_id: body.user_id } as any;\n return this.request<unknown>(`/v1/auth/admin/fga/groups/${encodeURIComponent(groupId)}/members`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // ACL tuples: create\n async fgaCreateAclTuple(body: { tenant_id?: string; subject_type: string; subject_id: string; permission_key: string; object_type: string; object_id?: string | null; created_by?: string | null }): Promise<ResponseWrapper<FgaAclTuple>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { ...body, tenant_id: tenant } as any;\n return this.request<FgaAclTuple>(`/v1/auth/admin/fga/acl/tuples`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // ACL tuples: delete\n async fgaDeleteAclTuple(body: { tenant_id?: string; subject_type: string; subject_id: string; permission_key: string; object_type: string; object_id?: string | null }): Promise<ResponseWrapper<unknown>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { ...body, tenant_id: tenant } as any;\n return this.request<unknown>(`/v1/auth/admin/fga/acl/tuples`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // ==============================\n // OAuth2 Discovery (RFC 8414)\n // ==============================\n\n /**\n * Fetch OAuth 2.0 Authorization Server Metadata (RFC 8414)\n * Returns server capabilities including supported auth modes, endpoints, and grant types.\n * This endpoint is public and does not require authentication.\n */\n async getOAuth2Metadata(): Promise<ResponseWrapper<OAuth2MetadataResp>> {\n return this.request<OAuth2MetadataResp>('/.well-known/oauth-authorization-server', { method: 'GET' });\n }\n\n /**\n * Static helper to discover OAuth2 metadata from any Guard API base URL.\n * Useful for auto-configuration before creating a GuardClient instance.\n *\n * @example\n * ```ts\n * const metadata = await GuardClient.discover('https://api.example.com');\n * console.log(metadata.guard_auth_modes_supported); // ['bearer', 'cookie']\n * console.log(metadata.guard_auth_mode_default); // 'bearer'\n *\n * // Create client with discovered default auth mode\n * const client = new GuardClient({\n * baseUrl: 'https://api.example.com',\n * authMode: metadata.guard_auth_mode_default as 'bearer' | 'cookie'\n * });\n * ```\n */\n static async discover(baseUrl: string, fetchImpl?: FetchLike): Promise<OAuth2MetadataResp> {\n const fetch = fetchImpl ?? (typeof window !== 'undefined' ? window.fetch.bind(window) : globalThis.fetch);\n const url = `${baseUrl}/.well-known/oauth-authorization-server`;\n const response = await fetch(url, { method: 'GET' });\n\n if (!response.ok) {\n throw new Error(`Discovery failed: ${response.status} ${response.statusText}`);\n }\n\n return response.json();\n }\n}\n","import { authenticator } from 'otplib';\n\n// Generate a 6-digit TOTP code from a base32 secret.\n// Defaults: step=30s, digits=6, algorithm=SHA1 (industry standard for TOTP)\nexport function generateTOTPCode(base32Secret: string): string {\n if (!base32Secret || typeof base32Secret !== 'string') {\n throw new Error('TOTP secret must be a non-empty base32 string');\n }\n return authenticator.generate(base32Secret);\n}\n"]}
1
+ {"version":3,"sources":["../src/errors.ts","../src/rateLimit.ts","../src/tokens.ts","../src/storage/inMemory.ts","../src/storage/webLocalStorage.ts","../src/storage/reactNative.ts","../src/http/interceptors.ts","../src/http/transport.ts","../package.json","../src/client.ts","../src/totp.ts"],"names":["ACCESS_KEY","REFRESH_KEY","ct"],"mappings":";;;AAEO,IAAM,QAAA,GAAN,cAAuB,KAAA,CAAM;AAAA,EAOlC,YAAY,MAAA,EAAsH;AAChI,IAAA,KAAA,CAAM,MAAA,CAAO,OAAA,IAAW,CAAA,KAAA,EAAQ,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAC/C,IAAA,IAAA,CAAK,IAAA,GAAO,UAAA;AACZ,IAAA,IAAA,CAAK,SAAS,MAAA,CAAO,MAAA;AACrB,IAAA,IAAA,CAAK,OAAO,MAAA,CAAO,IAAA;AACnB,IAAA,IAAA,CAAK,YAAY,MAAA,CAAO,SAAA;AACxB,IAAA,IAAA,CAAK,MAAM,MAAA,CAAO,GAAA;AAClB,IAAA,IAAA,CAAK,UAAU,MAAA,CAAO,OAAA;AAAA,EACxB;AACF;AAEO,IAAM,cAAA,GAAN,cAA6B,QAAA,CAAS;AAAA,EAI3C,YAAY,MAAA,EAST;AACD,IAAA,KAAA,CAAM,MAAM,CAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,gBAAA;AACZ,IAAA,IAAA,CAAK,aAAa,MAAA,CAAO,UAAA;AACzB,IAAA,IAAA,CAAK,cAAc,MAAA,CAAO,WAAA;AAAA,EAC5B;AACF;AAEO,SAAS,WAAW,CAAA,EAA2B;AACpD,EAAA,OAAO,CAAA,YAAa,QAAA;AACtB;AAEO,SAAS,iBAAiB,CAAA,EAAiC;AAChE,EAAA,OAAO,CAAA,YAAa,cAAA;AACtB;;;AC5CO,SAAS,gBAAgB,UAAA,EAAiF;AAC/G,EAAA,IAAI,CAAC,UAAA,EAAY,OAAO,EAAC;AACzB,EAAA,MAAM,OAAA,GAAU,WAAW,IAAA,EAAK;AAEhC,EAAA,MAAM,IAAA,GAAO,OAAO,OAAO,CAAA;AAC3B,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,EAAG;AACvB,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,GAAO,CAAA,GAAI,IAAA,GAAO,QAAW,WAAA,EAAa,IAAA,GAAO,CAAA,GAAI,IAAI,KAAK,IAAA,CAAK,GAAA,KAAQ,IAAA,GAAO,GAAI,IAAI,MAAA,EAAU;AAAA,EACxH;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,IAAA,CAAK,OAAO,CAAA;AAC7B,EAAA,IAAI,CAAC,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAA,EAAS,CAAA,EAAG;AACjC,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,OAAA,EAAQ,GAAI,KAAK,GAAA,EAAI;AACrC,IAAA,MAAM,UAAU,EAAA,GAAK,CAAA,GAAI,KAAK,IAAA,CAAK,EAAA,GAAK,GAAI,CAAA,GAAI,MAAA;AAChD,IAAA,OAAO,EAAE,OAAA,EAAS,WAAA,EAAa,EAAA,GAAK,CAAA,GAAI,OAAO,MAAA,EAAU;AAAA,EAC3D;AACA,EAAA,OAAO,EAAC;AACV;AAEO,SAAS,aAAa,OAAA,EAA8B;AACzD,EAAA,MAAM,MAAkB,EAAC;AACzB,EAAA,OAAA,CAAQ,OAAA,CAAQ,CAAC,CAAA,EAAG,CAAA,KAAM;AACxB,IAAA,GAAA,CAAI,CAAC,CAAA,GAAI,CAAA;AAAA,EACX,CAAC,CAAA;AACD,EAAA,OAAO,GAAA;AACT;AAEO,SAAS,oBAAoB,IAAA,EAMjB;AACjB,EAAA,MAAM,EAAE,SAAS,WAAA,EAAY,GAAI,gBAAgB,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AAChF,EAAA,OAAO,IAAI,cAAA,CAAe;AAAA,IACxB,QAAQ,IAAA,CAAK,MAAA;AAAA,IACb,SAAS,IAAA,CAAK,OAAA;AAAA,IACd,WAAW,IAAA,CAAK,SAAA;AAAA,IAChB,OAAA,EAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAA,IAClC,UAAA,EAAY,OAAA;AAAA,IACZ,WAAA;AAAA,IACA,KAAK,IAAA,CAAK;AAAA,GACX,CAAA;AACH;;;ACjCO,IAAM,WAAA,GAA4B;AAAA,EACvC,gBAAgB,MAAM,IAAA;AAAA,EACtB,gBAAgB,MAAM;AAAA,EAAC,CAAA;AAAA,EACvB,iBAAiB,MAAM,IAAA;AAAA,EACvB,iBAAiB,MAAM;AAAA,EAAC,CAAA;AAAA,EACxB,OAAO,MAAM;AAAA,EAAC;AAChB;;;AChBO,IAAM,kBAAN,MAA8C;AAAA,EAA9C,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,WAAA,GAA6B,IAAA;AACrC,IAAA,IAAA,CAAQ,YAAA,GAA8B,IAAA;AAAA,EAAA;AAAA,EAEtC,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,WAAA;AAAA,EACd;AAAA,EACA,eAAe,KAAA,EAA4B;AACzC,IAAA,IAAA,CAAK,cAAc,KAAA,IAAS,IAAA;AAAA,EAC9B;AAAA,EACA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA,EACA,gBAAgB,KAAA,EAA4B;AAC1C,IAAA,IAAA,CAAK,eAAe,KAAA,IAAS,IAAA;AAAA,EAC/B;AAAA,EACA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,WAAA,GAAc,IAAA;AACnB,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AAAA,EACtB;AACF;;;ACpBA,IAAM,UAAA,GAAa,oBAAA;AACnB,IAAM,WAAA,GAAc,qBAAA;AAEpB,SAAS,SAAA,GAAqB;AAC5B,EAAA,OAAO,OAAO,MAAA,KAAW,WAAA,IAAe,OAAO,OAAO,YAAA,KAAiB,WAAA;AACzE;AAEO,IAAM,kBAAN,MAA8C;AAAA,EAGnD,WAAA,CAAY,SAAS,EAAA,EAAI;AACvB,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,EACxC;AAAA,EAEQ,EAAE,GAAA,EAAqB;AAC7B,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,EAAG,GAAG,CAAA,CAAA;AAAA,EAC7B;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,IAAA;AACzB,IAAA,OAAO,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AAAA,EACvD;AAAA,EAEA,eAAe,KAAA,EAA4B;AACzC,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,IAAI,KAAA,IAAS,MAAM,MAAA,CAAO,YAAA,CAAa,WAAW,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AAAA,gBACxD,YAAA,CAAa,OAAA,CAAQ,KAAK,CAAA,CAAE,UAAU,GAAG,KAAK,CAAA;AAAA,EAC5D;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,IAAI,CAAC,SAAA,EAAU,EAAG,OAAO,IAAA;AACzB,IAAA,OAAO,OAAO,YAAA,CAAa,OAAA,CAAQ,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EACxD;AAAA,EAEA,gBAAgB,KAAA,EAA4B;AAC1C,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,IAAI,KAAA,IAAS,MAAM,MAAA,CAAO,YAAA,CAAa,WAAW,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,gBACzD,YAAA,CAAa,OAAA,CAAQ,KAAK,CAAA,CAAE,WAAW,GAAG,KAAK,CAAA;AAAA,EAC7D;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAI,CAAC,WAAU,EAAG;AAClB,IAAA,MAAA,CAAO,YAAA,CAAa,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,UAAU,CAAC,CAAA;AACjD,IAAA,MAAA,CAAO,YAAA,CAAa,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,WAAW,CAAC,CAAA;AAAA,EACpD;AACF;;;AC7CA,IAAMA,WAAAA,GAAa,oBAAA;AACnB,IAAMC,YAAAA,GAAc,qBAAA;AAQb,SAAS,yBAAA,CAA0B,YAAA,EAAgC,MAAA,GAAS,EAAA,EAAkB;AACnG,EAAA,MAAM,CAAA,GAAI,MAAA,GAAS,CAAA,EAAG,MAAM,CAAA,CAAA,CAAA,GAAM,EAAA;AAClC,EAAA,MAAM,IAAI,CAAC,GAAA,KAAgB,CAAA,EAAG,CAAC,GAAG,GAAG,CAAA,CAAA;AAErC,EAAA,OAAO;AAAA,IACL,MAAM,cAAA,GAAiB;AACrB,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAED,WAAU,CAAC,CAAA;AAAA,IAC3C,CAAA;AAAA,IACA,MAAM,eAAe,KAAA,EAAsB;AACzC,MAAA,IAAI,SAAS,IAAA,EAAM,OAAO,aAAa,UAAA,CAAW,CAAA,CAAEA,WAAU,CAAC,CAAA;AAC/D,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEA,WAAU,GAAG,KAAK,CAAA;AAAA,IAClD,CAAA;AAAA,IACA,MAAM,eAAA,GAAkB;AACtB,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEC,YAAW,CAAC,CAAA;AAAA,IAC5C,CAAA;AAAA,IACA,MAAM,gBAAgB,KAAA,EAAsB;AAC1C,MAAA,IAAI,SAAS,IAAA,EAAM,OAAO,aAAa,UAAA,CAAW,CAAA,CAAEA,YAAW,CAAC,CAAA;AAChE,MAAA,OAAO,YAAA,CAAa,OAAA,CAAQ,CAAA,CAAEA,YAAW,GAAG,KAAK,CAAA;AAAA,IACnD,CAAA;AAAA,IACA,MAAM,KAAA,GAAQ;AACZ,MAAA,MAAM,YAAA,CAAa,UAAA,CAAW,CAAA,CAAED,WAAU,CAAC,CAAA;AAC3C,MAAA,MAAM,YAAA,CAAa,UAAA,CAAW,CAAA,CAAEC,YAAW,CAAC,CAAA;AAAA,IAC9C;AAAA,GACF;AACF;;;ACrBO,SAAS,wBAAA,CACd,KAAA,EACA,IAAA,EACA,YAAA,EAC8E;AAC9E,EAAA,IAAI,CAAC,gBAAgB,YAAA,CAAa,MAAA,KAAW,GAAG,OAAO,CAAC,OAAO,IAAI,CAAA;AACnE,EAAA,IAAI,QAAQ,OAAA,CAAQ,OAAA,CAA0C,CAAC,KAAA,EAAO,IAAI,CAAC,CAAA;AAC3E,EAAA,KAAA,MAAW,MAAM,YAAA,EAAc;AAC7B,IAAA,KAAA,GAAQ,KAAA,CAAM,IAAA,CAAK,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,OAAA,CAAQ,OAAA,CAAQ,EAAA,CAAG,CAAA,EAAG,CAAC,CAAC,CAAC,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,yBAAA,CACpB,UACA,YAAA,EACmB;AACnB,EAAA,IAAI,CAAC,YAAA,IAAgB,YAAA,CAAa,MAAA,KAAW,GAAG,OAAO,QAAA;AACvD,EAAA,IAAI,GAAA,GAAM,QAAA;AACV,EAAA,KAAA,MAAW,MAAM,YAAA,EAAc;AAI7B,IAAA,GAAA,GAAM,MAAM,OAAA,CAAQ,OAAA,CAAQ,EAAA,CAAG,GAAG,CAAC,CAAA;AAAA,EACrC;AACA,EAAA,OAAO,GAAA;AACT;;;AC1BO,IAAM,aAAN,MAAiB;AAAA,EAQtB,YAAY,IAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC7C,IAAA,MAAM,KAAA,GAAS,IAAA,CAAK,SAAA,IAAc,UAAA,CAAW,KAAA;AAC7C,IAAA,IAAI,CAAC,KAAA,EAAO,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAE9F,IAAA,IAAA,CAAK,SAAA,IAAa,CAAC,KAAA,EAA0B,IAAA,KAAwB,MAAc,IAAA,CAAK,UAAA,EAAY,OAAO,IAAI,CAAA,CAAA;AAC/G,IAAA,IAAA,CAAK,eAAe,IAAA,CAAK,YAAA;AACzB,IAAA,IAAA,CAAK,YAAA,GAAe,KAAK,YAAA,IAAgB,QAAA;AACzC,IAAA,IAAA,CAAK,iBAAiB,EAAE,GAAI,IAAA,CAAK,cAAA,IAAkB,EAAC,EAAG;AACvD,IAAA,IAAA,CAAK,cAAc,IAAA,CAAK,WAAA;AAAA,EAC1B;AAAA,EAEQ,SAAS,IAAA,EAAsB;AACrC,IAAA,IAAI,eAAA,CAAgB,IAAA,CAAK,IAAI,CAAA,EAAG,OAAO,IAAA;AACvC,IAAA,IAAI,CAAC,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,EAAG,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AAC1C,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA;AAAA,EAC/B;AAAA,EAEA,MAAM,OAAA,CAAW,IAAA,EAAc,IAAA,GAAoB,EAAC,EAAgC;AAClF,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAE9B,IAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,cAAc,GAAG,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAChF,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,QAAQ,GAAG,OAAA,CAAQ,GAAA,CAAI,UAAU,kBAAkB,CAAA;AAEpE,IAAA,IAAI,KAAK,YAAA,IAAgB,CAAC,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA;AAAA,IACjD;AAEA,IAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAG;AACxD,MAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,CAAC,GAAG,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAA,GAAuB,EAAE,GAAG,IAAA,EAAM,OAAA,EAAQ;AAChD,IAAA,IAAI,EAAE,aAAA,IAAiB,OAAA,CAAA,IAAY,IAAA,CAAK,WAAA,EAAa;AACnD,MAAA,OAAA,CAAQ,cAAc,IAAA,CAAK,WAAA;AAAA,IAC7B;AACA,IAAA,MAAM,CAAC,QAAA,EAAU,SAAS,CAAA,GAAI,MAAM,yBAAyB,GAAA,EAAK,OAAA,EAAS,IAAA,CAAK,YAAA,EAAc,OAAc,CAAA;AAE5G,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,SAAS,CAAA;AACpD,IAAA,MAAM,OAAO,MAAM,yBAAA,CAA0B,GAAA,EAAK,IAAA,CAAK,cAAc,QAAQ,CAAA;AAE7E,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AACtD,IAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AAEpB,IAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,MAAA,IAAI,IAAA,GAAY,MAAA;AAChB,MAAA,IAAI;AACF,QAAA,MAAMC,GAAAA,GAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAC/C,QAAA,IAAIA,GAAAA,CAAG,SAAS,kBAAkB,CAAA,SAAU,MAAM,IAAA,CAAK,KAAA,EAAM,CAAE,IAAA,EAAK;AAAA,aAC/D,IAAA,GAAO,MAAM,IAAA,CAAK,KAAA,GAAQ,IAAA,EAAK;AAAA,MACtC,CAAA,CAAA,MAAQ;AAAA,MAAC;AAET,MAAA,IAAI,WAAW,GAAA,EAAK;AAClB,QAAA,MAAM,oBAAoB,EAAE,MAAA,EAAQ,OAAA,EAAU,IAAA,KAAS,KAAK,OAAA,IAAW,IAAA,CAAK,KAAA,CAAA,IAAW,mBAAA,EAAqB,WAAW,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,GAAA,EAAK,MAAM,CAAA;AAAA,MAC3J;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS;AAAA,QACjB,MAAA;AAAA,QACA,OAAA,EAAU,SAAS,IAAA,CAAK,OAAA,IAAW,KAAK,KAAA,CAAA,IAAW,IAAA,CAAK,UAAA,IAAc,CAAA,KAAA,EAAQ,MAAM,CAAA,CAAA;AAAA,QACpF,MAAM,IAAA,IAAQ,IAAA,CAAK,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAAA,QAC9C,SAAA;AAAA,QACA,OAAA,EAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAA,QAClC,GAAA,EAAK;AAAA,OACN,CAAA;AAAA,IACH;AAEA,IAAA,IAAI,IAAA,GAAY,MAAA;AAChB,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,EAAA;AAC/C,IAAA,IAAI,WAAW,GAAA,EAAK;AAClB,MAAA,IAAI,GAAG,QAAA,CAAS,kBAAkB,GAAG,IAAA,GAAO,MAAM,KAAK,IAAA,EAAK;AAAA,WACvD,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,EAAK;AAAA,IAC9B;AAEA,IAAA,OAAO;AAAA,MACL,IAAA;AAAA,MACA,IAAA,EAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,SAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAE,KACjE;AAAA,EACF;AAAA;AAAA;AAAA,EAIA,MAAM,UAAA,CAAW,IAAA,EAAc,IAAA,GAAoB,EAAC,EAAsB;AACxE,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAE9B,IAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAE9C,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,cAAc,GAAG,OAAA,CAAQ,GAAA,CAAI,gBAAgB,kBAAkB,CAAA;AAChF,IAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,QAAQ,GAAG,OAAA,CAAQ,GAAA,CAAI,UAAU,kBAAkB,CAAA;AAEpE,IAAA,IAAI,KAAK,YAAA,IAAgB,CAAC,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA,EAAG;AACvD,MAAA,OAAA,CAAQ,GAAA,CAAI,gBAAA,EAAkB,IAAA,CAAK,YAAY,CAAA;AAAA,IACjD;AAEA,IAAA,KAAA,MAAW,CAAC,GAAG,CAAC,CAAA,IAAK,OAAO,OAAA,CAAQ,IAAA,CAAK,cAAc,CAAA,EAAG;AACxD,MAAA,IAAI,CAAC,QAAQ,GAAA,CAAI,CAAC,GAAG,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAC,CAAA;AAAA,IACvC;AAEA,IAAA,MAAM,OAAA,GAAuB,EAAE,GAAG,IAAA,EAAM,OAAA,EAAQ;AAChD,IAAA,IAAI,EAAE,aAAA,IAAiB,OAAA,CAAA,IAAY,IAAA,CAAK,WAAA,EAAa;AACnD,MAAA,OAAA,CAAQ,cAAc,IAAA,CAAK,WAAA;AAAA,IAC7B;AACA,IAAA,MAAM,CAAC,QAAA,EAAU,SAAS,CAAA,GAAI,MAAM,yBAAyB,GAAA,EAAK,OAAA,EAAS,IAAA,CAAK,YAAA,EAAc,OAAc,CAAA;AAE5G,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAAU,UAAU,SAAS,CAAA;AACpD,IAAA,MAAM,OAAO,MAAM,yBAAA,CAA0B,GAAA,EAAK,IAAA,CAAK,cAAc,QAAQ,CAAA;AAC7E,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;ACnIA,IAAA,eAAA,GAAA;AAAA,EAEE,OAAA,EAAW,OA2Eb,CAAA;;;ACzBO,SAAS,0BAA0B,IAAA,EAAoD;AAC5F,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,IACJ,CAAA,CAAE,KAAA,KAAU,2BAAA,IACZ,OAAO,CAAA,CAAE,OAAA,KAAY,QAAA,IACrB,KAAA,CAAM,OAAA,CAAQ,EAAE,OAAO,CAAA;AAC9B;AAQO,SAAS,aAAa,IAAA,EAAmC;AAC9D,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,KAAM,OAAO,EAAE,YAAA,KAAiB,QAAA,IAAY,OAAO,CAAA,CAAE,aAAA,KAAkB,QAAA,CAAA;AAClF;AAEO,SAAS,mBAAmB,IAAA,EAAyC;AAC1E,EAAA,MAAM,CAAA,GAAI,IAAA;AACV,EAAA,OAAO,CAAC,CAAC,CAAA,IAAK,OAAO,EAAE,eAAA,KAAoB,QAAA;AAC7C;AA6SO,IAAM,cAAN,MAAkB;AAAA,EAMvB,YAAY,IAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,WAAW,IAAA,CAAK,QAAA;AACrB,IAAA,IAAA,CAAK,OAAA,GAAU,IAAA,CAAK,OAAA,IAAW,IAAI,eAAA,EAAgB;AAEnD,IAAA,MAAM,IAAA,GAAO,KAAK,QAAA,IAAY,QAAA;AAC9B,IAAA,MAAM,qBAAA,GAA4C,OAAO,KAAA,EAA0B,IAAA,KAAsB;AACvG,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,IAAA,CAAK,OAAA,IAAW,EAAE,CAAA;AAC9C,MAAA,IAAI,SAAS,QAAA,EAAU;AAErB,QAAA,MAAM,QAAQ,MAAM,OAAA,CAAQ,QAAQ,IAAA,CAAK,OAAA,CAAQ,gBAAgB,CAAA;AACjE,QAAA,IAAI,KAAA,IAAS,CAAC,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,EAAG;AAC1C,UAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAAA,QAChD;AAAA,MACF,CAAA,MAAA,IAAW,SAAS,QAAA,EAAU;AAE5B,QAAA,OAAA,CAAQ,GAAA,CAAI,eAAe,QAAQ,CAAA;AAAA,MACrC;AACA,MAAA,OAAO,CAAC,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,SAAS,CAAA;AAAA,IACrC,CAAA;AAEA,IAAA,MAAM,iBAAiB,EAAE,GAAI,IAAA,CAAK,cAAA,IAAkB,EAAC,EAAG;AAGxD,IAAA,MAAM,YAAA,GAAe,CAAA,OAAA,EAAW,eAAA,CAAY,OAAkB,CAAA,CAAA;AAG9D,IAAA,IAAI,cAAA,GAAiD,MAAA;AACrD,IAAA,IAAI,SAAS,QAAA,EAAU;AACrB,MAAA,cAAA,GAAiB,SAAA;AAAA,IACnB;AAEA,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,UAAA,CAAW;AAAA,MACzB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,YAAA;AAAA,MACA,cAAA;AAAA,MACA,YAAA,EAAc,EAAE,OAAA,EAAS,CAAC,qBAAqB,CAAA,EAAE;AAAA,MACjD,WAAA,EAAa;AAAA,KACM,CAAA;AAAA,EACvB;AAAA;AAAA,EAGA,MAAgB,OAAA,CAAW,IAAA,EAAc,IAAA,EAAgD;AACvF,IAAA,OAAO,IAAA,CAAK,IAAA,CAAK,OAAA,CAAW,IAAA,EAAM,IAAI,CAAA;AAAA,EACxC;AAAA,EAEQ,kBAAkB,IAAA,EAAqB;AAC7C,IAAA,IAAI;AACF,MAAA,IAAI,YAAA,CAAa,IAAI,CAAA,EAAG;AACtB,QAAA,MAAM,MAAA,GAAS,KAAK,YAAA,IAAgB,IAAA;AACpC,QAAA,MAAM,OAAA,GAAU,KAAK,aAAA,IAAiB,IAAA;AACtC,QAAA,IAAI,WAAW,KAAA,CAAA,EAAW;AAExB,UAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,cAAA,CAAe,MAAM,CAAA;AAAA,QACzC;AACA,QAAA,IAAI,YAAY,KAAA,CAAA,EAAW;AACzB,UAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,eAAA,CAAgB,OAAO,CAAA;AAAA,QAC3C;AAAA,MACF;AAAA,IACF,SAAS,CAAA,EAAG;AAAA,IAEZ;AAAA,EACF;AAAA,EAEQ,WAAW,MAAA,EAA8E;AAC/F,IAAA,MAAM,GAAA,GAAM,IAAI,eAAA,EAAgB;AAChC,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,EAAG;AAC3C,MAAA,IAAI,CAAA,KAAM,MAAA,IAAa,CAAA,KAAM,IAAA,EAAM;AACnC,MAAA,GAAA,CAAI,GAAA,CAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IACtB;AACA,IAAA,MAAM,EAAA,GAAK,IAAI,QAAA,EAAS;AACxB,IAAA,OAAO,EAAA,GAAK,CAAA,CAAA,EAAI,EAAE,CAAA,CAAA,GAAK,EAAA;AAAA,EACzB;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAAmF;AACrG,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAuC,6BAAA,EAA+B;AAAA,MAC3F,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAAiE;AACpF,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,8BAAA,EAAgC;AAAA,MACzE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AACD,IAAA,IAAI,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,EAAK,IAAA,CAAK,iBAAA,CAAkB,GAAA,CAAI,IAAI,CAAA;AACvF,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,UAAU,IAAA,EAA0D;AACxE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,yBAAA,EAA2B;AAAA,MACpE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,QAAQ,IAAA,EAAkE;AAC9E,IAAA,IAAI,YAAA,GAAe,MAAM,aAAA,IAAiB,IAAA;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc,YAAA,GAAgB,MAAM,OAAA,CAAQ,QAAQ,IAAA,CAAK,OAAA,CAAQ,eAAA,EAAiB,CAAA,IAAM,IAAA;AAC7F,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,sBAAA,EAAwB;AAAA,MACjE,MAAA,EAAQ,MAAA;AAAA,MACR,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,aAAA,EAAe,cAAc;AAAA,KACrD,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,OAAO,IAAA,EAA6E;AACxF,IAAA,MAAM,CAAA,GAAI,QAAQ,EAAC;AACnB,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAiB,qBAAA,EAAuB;AAAA,MAC7D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,CAAC;AAAA,KACvB,CAAA;AACD,IAAA,IAAI,GAAA,CAAI,IAAA,CAAK,MAAA,KAAW,GAAA,EAAK;AAE3B,MAAA,KAAK,IAAA,CAAK,OAAA,CAAQ,eAAA,CAAgB,IAAI,CAAA;AAAA,IACxC;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,EAAA,GAA4C;AAChD,IAAA,OAAO,KAAK,OAAA,CAAqB,iBAAA,EAAmB,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACvE;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAOhB;AACF,IAAA,MAAM,UAAkC,EAAC;AACzC,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACnC,IAAA,IAAI,GAAA,EAAK,OAAA,CAAQ,aAAa,CAAA,GAAI,OAAO,GAAG,CAAA;AAC5C,IAAA,OAAO,IAAA,CAAK,QAAQ,CAAA,2BAAA,CAAA,EAA+B;AAAA,MACjD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA;AAAA,MACA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,IAAA,CAAK,OAAO;AAAA,KAC3C,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAA,EAA6F;AACjH,IAAA,MAAM,GAAA,GAAM,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW,EAAE,OAAO,MAAA,EAAQ,KAAA,EAAO,SAAA,EAAW,GAAA,EAAK,CAAA;AACnE,IAAA,OAAO,IAAA,CAAK,QAA0B,CAAA,0BAAA,EAA6B,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC5F;AAAA;AAAA,EAGA,MAAM,YAAA,GAAkF;AACtF,IAAA,OAAO,KAAK,OAAA,CAAiD,6BAAA,EAA+B,EAAE,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAChH;AAAA,EAEA,MAAM,gBAAgB,IAAA,EAA2D;AAC/E,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,gCAAA,EAAkC,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA,EAAG,CAAA;AAAA,EAC/G;AAAA,EAEA,MAAM,cAAA,GAAoD;AACxD,IAAA,OAAO,KAAK,OAAA,CAAiB,+BAAA,EAAiC,EAAE,MAAA,EAAQ,QAAQ,CAAA;AAAA,EAClF;AAAA,EAEA,MAAM,sBAAA,CAAuB,IAAA,GAA2B,EAAC,EAAkD;AACzG,IAAA,OAAO,KAAK,OAAA,CAA6B,kCAAA,EAAoC,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO,IAAA,CAAK,KAAA,IAAS,CAAA,EAAG,GAAG,CAAA;AAAA,EACnJ;AAAA,EAEA,MAAM,mBAAA,GAAmE;AACvE,IAAA,OAAO,KAAK,OAAA,CAA2B,+BAAA,EAAiC,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,gBAAgB,MAAA,EAA0E;AAC9F,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,KAAA,EAAO,MAAA,CAAO,OAAO,CAAA;AAClD,IAAA,OAAO,IAAA,CAAK,QAA6B,CAAA,oBAAA,EAAuB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACzF;AAAA;AAAA,EAGA,MAAM,aAAa,IAAA,EAA+I;AAChK,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,CAAA,eAAA,CAAA,EAAmB,EAAE,QAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,GAAG,CAAA;AAAA,EACtG;AAAA;AAAA,EAGA,MAAM,UAAU,EAAA,EAAgI;AAC9I,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,CAAA,gBAAA,EAAmB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,WAAA,CAAY,MAAA,GAAuF,EAAC,EAA8M;AACtT,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,GAAG,MAAA,CAAO,CAAA;AAAA,MACV,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,MAAA,EAAQ,OAAO,MAAA,CAAO,MAAA,KAAW,YAAa,MAAA,CAAO,MAAA,GAAS,CAAA,GAAI,CAAA,GAAK,MAAA,CAAO;AAAA,KAC/E,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,QAAQ,CAAA,eAAA,EAAkB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/D;AAAA;AAAA,EAGA,MAAM,WAAW,IAAA,EAAoE;AACnF,IAAA,OAAO,IAAA,CAAK,QAAuB,yBAAA,EAA2B;AAAA,MAC5D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAA,IAAQ,EAAE;AAAA,KAChC,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAU,IAAA,EAAuD;AACrE,IAAA,OAAO,IAAA,CAAK,QAAiB,yBAAA,EAA2B;AAAA,MACtD,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,WAAA,CAAY,MAAA,GAA6B,IAAI,IAAA,EAA6D;AAC9G,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA;AACjC,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,OAAA,CAAoB,CAAA,yBAAA,EAA4B,EAAE,CAAA,CAAA,EAAI;AAAA,MAC3E,MAAA,EAAQ,KAAA;AAAA;AAAA,MAER,GAAI,OAAO,EAAE,IAAA,EAAM,KAAK,SAAA,CAAU,IAAI,CAAA,EAAE,GAAI;AAAC,KAC9C,CAAA;AACD,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,qBAAqB,IAAA,EAAgF;AACzG,IAAA,OAAO,IAAA,CAAK,QAAiB,qCAAA,EAAuC;AAAA,MAClE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,qBAAqB,IAAA,EAAsG;AAC/H,IAAA,OAAO,IAAA,CAAK,QAAiB,qCAAA,EAAuC;AAAA,MAClE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,GAAG,IAAA,EAAM,SAAA,EAAW,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA,EAAU;AAAA,KAC7E,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6F;AAChH,IAAA,OAAO,IAAA,CAAK,QAAiB,8BAAA,EAAgC;AAAA,MAC3D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,cAAc,IAAA,EAAsF;AACxG,IAAA,OAAO,IAAA,CAAK,QAAiB,sBAAA,EAAwB;AAAA,MACnD,MAAA,EAAQ,OAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,SAAA,CAAU,MAAA,GAAiC,EAAC,EAA6C;AAC7F,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAwB,CAAA,wBAAA,EAA2B,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACxF;AAAA;AAAA,EAGA,MAAM,eAAA,CAAgB,EAAA,EAAY,IAAA,EAAsF;AACtH,IAAA,MAAM,UAAe,EAAC;AACtB,IAAA,IAAI,OAAO,IAAA,EAAM,UAAA,KAAe,QAAA,EAAU,OAAA,CAAQ,aAAa,IAAA,CAAK,UAAA;AACpE,IAAA,IAAI,OAAO,IAAA,EAAM,SAAA,KAAc,QAAA,EAAU,OAAA,CAAQ,YAAY,IAAA,CAAK,SAAA;AAClE,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MACjF,MAAA,EAAQ,OAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO;AAAA,KAC7B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAU,EAAA,EAA+C;AAC7D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,EAAE,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAC7G;AAAA;AAAA,EAGA,MAAM,YAAY,EAAA,EAA+C;AAC/D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,EAAE,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAC/G;AAAA;AAAA,EAGA,MAAM,gBAAgB,EAAA,EAA+C;AACnE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,EAAE,CAAC,CAAA,aAAA,CAAA,EAAiB,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EACpH;AAAA;AAAA,EAGA,MAAM,kBAAkB,EAAA,EAA+C;AACrE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,EAAE,CAAC,CAAA,eAAA,CAAA,EAAmB,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EACtH;AAAA;AAAA,EAGA,MAAM,YAAA,CAAa,OAAA,GAAoC,EAAC,EAA+C;AACrG,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAA0B,uBAAA,EAAyB,EAAE,MAAA,EAAQ,KAAA,EAAO,KAAA,EAAO,UAAA,EAAmB,CAAA;AACrH,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,IAAU,OAAO,GAAA,CAAI,IAAA,CAAK,SAAS,GAAA,EAAK;AACnD,MAAA,MAAM,UAAA,GAAa,CAAC,CAAC,OAAA,CAAQ,UAAA;AAC7B,MAAA,MAAM,QAAA,GAAW,KAAA,CAAM,OAAA,CAAQ,GAAA,CAAI,IAAA,EAAM,QAAQ,CAAA,GAAI,GAAA,CAAI,IAAA,CAAK,QAAA,GAAW,EAAC;AAC1E,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,QAAA,MAAM,MAAA,GAAS,QAAA,CAAS,MAAA,CAAO,CAAC,CAAA,KAAmB;AACjD,UAAA,MAAM,OAAA,GAAU,CAAC,CAAC,CAAA,CAAE,OAAA;AACpB,UAAA,MAAM,QAAQ,CAAA,CAAE,UAAA,GAAa,KAAK,KAAA,CAAM,CAAA,CAAE,UAAU,CAAA,GAAI,CAAA;AACxD,UAAA,OAAO,CAAC,WAAW,KAAA,GAAQ,GAAA;AAAA,QAC7B,CAAC,CAAA;AACD,QAAA,OAAO,EAAE,MAAM,EAAE,QAAA,EAAU,QAAO,EAAG,IAAA,EAAM,IAAI,IAAA,EAAK;AAAA,MACtD;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,cAAc,EAAA,EAA+C;AACjE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,EAAE,CAAC,CAAA,OAAA,CAAA,EAAW,EAAE,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAAA,EAC3G;AAAA;AAAA,EAGA,MAAM,kBAAkB,QAAA,EAAqE;AAC3F,IAAA,MAAM,EAAA,GAAK,YAAY,IAAA,CAAK,QAAA;AAC5B,IAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAC/C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAgC,CAAA,gBAAA,EAAmB,kBAAA,CAAmB,EAAE,CAAC,CAAA,SAAA,CAAA,EAAa,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACrH;AAAA;AAAA,EAGA,MAAM,oBAAA,CAAqB,QAAA,EAAkB,QAAA,EAAuE;AAClH,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,gBAAA,EAAmB,kBAAA,CAAmB,QAAQ,CAAC,CAAA,SAAA,CAAA,EAAa;AAAA,MACvF,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,QAAA,IAAY,EAAE;AAAA,KACpC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,QAAA,CAAS,YAAA,EAA2B,MAAA,GAKtC,EAAC,EAAuD;AAC1D,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,qEAAqE,CAAA;AAElG,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,cAAc,MAAA,CAAO,YAAA;AAAA,MACrB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,aAAa,MAAA,CAAO;AAAA,KACrB,CAAA;AAGD,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,UAAA;AAAA,MAC1B,CAAA,mBAAA,EAAsB,mBAAmB,MAAM,CAAC,IAAI,kBAAA,CAAmB,YAAY,CAAC,CAAA,MAAA,EAAS,EAAE,CAAA,CAAA;AAAA,MAC/F,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAA,EAAU,QAAA;AAAS,KACtC;AACA,IAAA,MAAM,GAAA,GAAM,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACtC,IAAA,MAAM,SAAA,GAAY,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,CAAA,IAAK,MAAA;AAGrD,IAAA,IAAI,GAAA,CAAI,UAAU,GAAA,EAAK;AACrB,MAAA,IAAI,QAAA,GAAW,CAAA,6BAAA,EAAgC,GAAA,CAAI,MAAM,CAAA,CAAA;AACzD,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,QAAA,IAAI,IAAA,EAAM,KAAA,EAAO,QAAA,IAAY,CAAA,EAAA,EAAK,KAAK,KAAK,CAAA,CAAA;AAAA,MAC9C,CAAA,CAAA,MAAQ;AAAA,MAA4B;AACpC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,QAAQ,CAAA,EAAG,YAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAE,CAAA,CAAE,CAAA;AAAA,IAC7E;AAEA,IAAA,IAAI,CAAC,GAAA,EAAK;AACR,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,MAAM,EAAE,CAAA;AAAA,OACxF;AAAA,IACF;AACA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,EAAE,YAAA,EAAc,GAAA,EAAI;AAAA,MAC1B,IAAA,EAAM,EAAE,MAAA,EAAQ,GAAA,CAAI,MAAA,EAAQ,WAAW,OAAA,EAAS,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AAAE,KAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,iBAAA,CAAkB,YAAA,EAA2B,MAAA,EAIV;AACvC,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,wCAAwC,CAAA;AAErE,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,EAAE,IAAA,EAAM,OAAO,IAAA,EAAM,KAAA,EAAO,MAAA,CAAO,KAAA,EAAO,CAAA;AACrE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA;AAAA,MACrB,CAAA,mBAAA,EAAsB,mBAAmB,MAAM,CAAC,IAAI,kBAAA,CAAmB,YAAY,CAAC,CAAA,SAAA,EAAY,EAAE,CAAA,CAAA;AAAA,MAClG,EAAE,QAAQ,KAAA;AAAM,KAClB;AACA,IAAA,IAAI,IAAI,IAAA,CAAK,MAAA,KAAW,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,IAAI,CAAA;AAC5D,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,uBAAuB,GAAA,EAAgC;AACrD,IAAA,IAAI;AAEF,MAAA,IAAI,YAAA;AACJ,MAAA,IAAI,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,EAAG;AAEvB,QAAA,YAAA,GAAe,IAAI,eAAA,CAAgB,GAAA,CAAI,SAAA,CAAU,CAAC,CAAC,CAAA;AAAA,MACrD,CAAA,MAAA,IAAW,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AAE/E,QAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,IAAK,GAAA,CAAI,WAAW,GAAG,CAAA;AAC3D,QAAA,MAAM,SAAS,IAAI,GAAA,CAAI,YAAY,CAAA,QAAA,EAAW,GAAG,KAAK,GAAG,CAAA;AAEzD,QAAA,YAAA,GAAe,MAAA,CAAO,IAAA,GAClB,IAAI,eAAA,CAAgB,MAAA,CAAO,KAAK,SAAA,CAAU,CAAC,CAAC,CAAA,GAC5C,MAAA,CAAO,YAAA;AAAA,MACb,CAAA,MAAO;AACL,QAAA,YAAA,GAAe,IAAI,gBAAgB,GAAG,CAAA;AAAA,MACxC;AAEA,MAAA,MAAM,WAAA,GAAc,YAAA,CAAa,GAAA,CAAI,cAAc,CAAA;AACnD,MAAA,MAAM,YAAA,GAAe,YAAA,CAAa,GAAA,CAAI,eAAe,CAAA;AAGrD,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,MAAA,GAAqB;AAAA,QACzB,YAAA,EAAc,WAAA;AAAA,QACd,eAAe,YAAA,IAAgB,KAAA;AAAA,OACjC;AACA,MAAA,IAAA,CAAK,kBAAkB,MAAM,CAAA;AAC7B,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,4BAAA,CAA6B,QAAA,EAAuB,MAAA,EAIjB;AACvC,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,IAAI,QAAA,KAAa,YAAY,CAAC,MAAA,EAAQ,iBAAiB,MAAM,IAAI,MAAM,6BAA6B,CAAA;AACpG,IAAA,MAAM,EAAA,GAAK,KAAK,UAAA,CAAW;AAAA,MACzB,SAAA,EAAW,MAAA;AAAA,MACX,iBAAiB,MAAA,CAAO,eAAA;AAAA,MACxB,QAAQ,MAAA,CAAO;AAAA,KAChB,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAoB,CAAA,iBAAA,EAAoB,QAAQ,CAAA,YAAA,EAAe,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACpG;AAAA;AAAA,EAGA,MAAM,iBAAiB,KAAA,EAA+D;AACpF,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AACA,IAAA,OAAO,IAAA,CAAK,QAA8B,4BAAA,EAA8B;AAAA,MACtE,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAO;AAAA,KAC/B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,kBAAkB,KAAA,EAA0D;AAChF,IAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AACA,IAAA,MAAM,OAAA,GAAkC,EAAE,gBAAA,EAAkB,KAAA,EAAM;AAClE,IAAA,OAAO,IAAA,CAAK,QAAyB,6BAAA,EAA+B;AAAA,MAClE,MAAA,EAAQ,KAAA;AAAA,MACR;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,qBAAqB,KAAA,EAA0C;AACnE,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,gBAAA,CAAiB,KAAK,CAAA;AACpD,IAAA,IAAI,WAAW,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,CAAC,WAAW,IAAA,EAAM;AACtD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,mBAAA,CAAoB,UAAA,CAAW,IAAI,CAAA;AAC5D,MAAA,MAAM,SAAA,GAAY,WAAW,IAAA,CAAK,SAAA;AAClC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAA,CAAK,MAAM,CAAA,CAAA,IAC1D,WAAA,GAAc,CAAA,EAAA,EAAK,WAAW,CAAA,CAAA,GAAK,EAAA,CAAA,IACnC,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,OAC5C;AAAA,IACF;AAEA,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,iBAAA,CAAkB,KAAK,CAAA;AACtD,IAAA,IAAI,YAAY,IAAA,CAAK,MAAA,KAAW,GAAA,IAAO,CAAC,YAAY,IAAA,EAAM;AACxD,MAAA,MAAM,WAAA,GAAc,IAAA,CAAK,mBAAA,CAAoB,WAAA,CAAY,IAAI,CAAA;AAC7D,MAAA,MAAM,SAAA,GAAY,YAAY,IAAA,CAAK,SAAA;AACnC,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,mCAAA,EAAsC,WAAA,CAAY,IAAA,CAAK,MAAM,CAAA,CAAA,IAC5D,WAAA,GAAc,CAAA,EAAA,EAAK,WAAW,CAAA,CAAA,GAAK,EAAA,CAAA,IACnC,SAAA,GAAY,CAAA,WAAA,EAAc,SAAS,CAAA,CAAA,CAAA,GAAM,EAAA;AAAA,OAC5C;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,OAAA,EAAS,UAAA,CAAW,IAAA,EAAM,QAAA,EAAU,YAAY,IAAA,EAAK;AAAA,EAChE;AAAA;AAAA,EAGQ,oBAAoB,IAAA,EAA8B;AACxD,IAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,UAAU,OAAO,IAAA;AAC9C,IAAA,MAAM,GAAA,GAAM,IAAA;AAEZ,IAAA,IAAI,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,SAAiB,GAAA,CAAI,KAAA;AAC9C,IAAA,IAAI,OAAO,GAAA,CAAI,OAAA,KAAY,QAAA,SAAiB,GAAA,CAAI,OAAA;AAChD,IAAA,IAAI,OAAO,GAAA,CAAI,WAAA,KAAgB,QAAA,SAAiB,GAAA,CAAI,WAAA;AACpD,IAAA,IAAI,OAAO,GAAA,CAAI,MAAA,KAAW,QAAA,SAAiB,GAAA,CAAI,MAAA;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,gBAAA,CAAiB,MAAA,GAAiC,EAAC,EAAmD;AAC1G,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAA8B,CAAA,qBAAA,EAAwB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC3F;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAuE;AAC7F,IAAA,OAAO,IAAA,CAAK,QAAyB,uBAAA,EAAyB;AAAA,MAC5D,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,eAAe,EAAA,EAAuD;AAC1E,IAAA,OAAO,KAAK,OAAA,CAAyB,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MACtF,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,EAAA,EAAY,IAAA,EAAuE;AACzG,IAAA,OAAO,KAAK,OAAA,CAAyB,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MACtF,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,kBAAkB,EAAA,EAA+C;AACrE,IAAA,OAAO,KAAK,OAAA,CAAiB,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI;AAAA,MAC9E,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,gBAAgB,EAAA,EAA2D;AAC/E,IAAA,OAAO,KAAK,OAAA,CAA6B,CAAA,sBAAA,EAAyB,kBAAA,CAAmB,EAAE,CAAC,CAAA,KAAA,CAAA,EAAS;AAAA,MAC/F,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,YAAA,CAAa,IAAA,EAAc,QAAA,EAA4D;AAC3F,IAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAC7C,IAAA,MAAM,MAAA,GAAS,YAAY,IAAA,CAAK,QAAA;AAChC,IAAA,MAAM,MAAA,GAAiC,EAAE,IAAA,EAAK;AAC9C,IAAA,IAAI,MAAA,SAAe,SAAA,GAAY,MAAA;AAC/B,IAAA,MAAM,EAAA,GAAK,IAAA,CAAK,UAAA,CAAW,MAAM,CAAA;AACjC,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,mBAAA,EAAsB,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAClF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,mBAAA,GAAqE;AACzE,IAAA,OAAO,KAAK,OAAA,CAA6B,qCAAA,EAAuC,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACnG;AAAA;AAAA,EAGA,MAAM,aAAA,CAAc,MAAA,GAAiC,EAAC,EAA4C;AAChG,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,6BAAA,EAAgC,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC5F;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6G;AAChI,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAA6B,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAO,IAAA,CAAa,IAAA,EAAM,WAAA,EAAc,IAAA,CAAa,WAAA,EAAY;AACzH,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,+BAAA,EAAiC,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EACtH;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,IAAA,EAA6G;AAC5I,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAA6B,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAO,IAAA,CAAa,IAAA,EAAM,WAAA,EAAc,IAAA,CAAa,WAAA,EAAY;AACzH,IAAA,OAAO,IAAA,CAAK,OAAA,CAAsB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,SAAS,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACjJ;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,MAAA,GAAiC,EAAC,EAAsC;AACvG,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,EAAE,CAAC,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAAA,EACnH;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,MAAA,EAAgB,MAAA,GAAiC,EAAC,EAAgD;AACxH,IAAA,MAAM,MAAA,GAAS,MAAA,CAAO,SAAA,IAAa,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAA2B,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,EAAS,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EACpI;AAAA;AAAA,EAGA,MAAM,eAAA,CAAgB,MAAA,EAAgB,IAAA,EAA4G;AAChJ,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,UAAiC,EAAE,SAAA,EAAW,MAAA,EAAQ,OAAA,EAAU,KAAa,OAAA,EAAQ;AAC3F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACrJ;AAAA;AAAA,EAGA,MAAM,kBAAA,CAAmB,MAAA,EAAgB,IAAA,EAA4G;AACnJ,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAA;AACtC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,UAAiC,EAAE,SAAA,EAAW,MAAA,EAAQ,OAAA,EAAU,KAAa,OAAA,EAAQ;AAC3F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,MAAA,CAAA,EAAU,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACvJ;AAAA;AAAA,EAGA,MAAM,wBAAA,CAAyB,MAAA,EAAgB,IAAA,EAAgE;AAC7G,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,YAAA,CAAA,EAAgB,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,GAAG,CAAA;AAAA,EACxJ;AAAA;AAAA,EAGA,MAAM,wBAAA,CAAyB,MAAA,EAAgB,IAAA,EAAgE;AAC7G,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,YAAA,CAAA,EAAgB,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,GAAG,CAAA;AAAA,EAC1J;AAAA;AAAA,EAGA,MAAM,0BAAA,CAA2B,MAAA,EAAgB,MAAA,EAAuF;AACtI,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAqC,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,MAAM,CAAC,CAAA,oBAAA,EAAuB,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA;AAAA,EAC5J;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,MAAA,EAAyE;AAC3F,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,QAAuB,CAAA,6BAAA,EAAgC,EAAE,IAAI,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC5F;AAAA;AAAA,EAGA,MAAM,eAAe,IAAA,EAA6G;AAChI,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,SAAA,EAAW,MAAA,EAAQ,IAAA,EAAM,KAAK,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,WAAA,IAAe,IAAA,EAAK;AAC7F,IAAA,OAAO,IAAA,CAAK,OAAA,CAAkB,CAAA,6BAAA,CAAA,EAAiC,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EAClH;AAAA;AAAA,EAGA,MAAM,cAAA,CAAe,EAAA,EAAY,MAAA,EAAmE;AAClG,IAAA,MAAM,MAAA,GAAS,MAAA,EAAQ,SAAA,IAAa,IAAA,CAAK,QAAA;AACzC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,EAAE,SAAA,EAAW,QAAQ,CAAA;AAChD,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,EAAE,CAAC,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,EAAE,MAAA,EAAQ,QAAA,EAAU,CAAA;AAAA,EACnH;AAAA;AAAA,EAGA,MAAM,iBAAA,CAAkB,OAAA,EAAiB,IAAA,EAA8D;AACrG,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AACxC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,OAAO,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,QAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EACtJ;AAAA;AAAA,EAGF,MAAM,oBAAA,CAAqB,OAAA,EAAiB,IAAA,EAA8D;AACxG,IAAA,MAAM,OAAA,GAAU,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AACxC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,8BAAA,EAAiC,kBAAA,CAAmB,OAAO,CAAC,CAAA,QAAA,CAAA,EAAY,EAAE,MAAA,EAAQ,UAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,GAAG,CAAA;AAAA,EAC1J;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAmN;AACzO,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,WAAW,MAAA,EAAO;AAC7C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAqB,CAAA,iCAAA,CAAA,EAAqC,EAAE,MAAA,EAAQ,MAAA,EAAQ,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EACzH;AAAA;AAAA,EAGA,MAAM,kBAAkB,IAAA,EAAmL;AACzM,IAAA,MAAM,MAAA,GAAS,IAAA,EAAM,SAAA,IAAa,IAAA,CAAK,QAAA;AACvC,IAAA,IAAI,CAAC,MAAA,EAAQ,MAAM,IAAI,MAAM,uBAAuB,CAAA;AACpD,IAAA,MAAM,OAAA,GAAU,EAAE,GAAG,IAAA,EAAM,WAAW,MAAA,EAAO;AAC7C,IAAA,OAAO,IAAA,CAAK,OAAA,CAAiB,CAAA,iCAAA,CAAA,EAAqC,EAAE,MAAA,EAAQ,QAAA,EAAU,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,OAAO,CAAA,EAAG,CAAA;AAAA,EACvH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,iBAAA,GAAkE;AACtE,IAAA,OAAO,KAAK,OAAA,CAA4B,yCAAA,EAA2C,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,aAAa,QAAA,CAAS,OAAA,EAAiB,SAAA,EAAoD;AACzF,IAAA,MAAM,KAAA,GAAQ,SAAA,KAAc,OAAO,MAAA,KAAW,WAAA,GAAc,OAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,GAAI,UAAA,CAAW,KAAA,CAAA;AACnG,IAAA,MAAM,GAAA,GAAM,GAAG,OAAO,CAAA,uCAAA,CAAA;AACtB,IAAA,MAAM,WAAW,MAAM,KAAA,CAAM,KAAK,EAAE,MAAA,EAAQ,OAAO,CAAA;AAEnD,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,MAAM,CAAA,kBAAA,EAAqB,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,IAC/E;AAEA,IAAA,OAAO,SAAS,IAAA,EAAK;AAAA,EACvB;AACF;AC1qCO,SAAS,iBAAiB,YAAA,EAA8B;AAC7D,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,QAAA,EAAU;AACrD,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACjE;AACA,EAAA,OAAO,aAAA,CAAc,SAAS,YAAY,CAAA;AAC5C","file":"index.js","sourcesContent":["import type { HeadersMap } from './types';\n\nexport class ApiError extends Error {\n readonly status: number;\n readonly code?: string;\n readonly requestId?: string;\n readonly raw?: unknown;\n readonly headers?: HeadersMap;\n\n constructor(params: { status: number; message?: string; code?: string; requestId?: string; raw?: unknown; headers?: HeadersMap }) {\n super(params.message || `HTTP ${params.status}`);\n this.name = 'ApiError';\n this.status = params.status;\n this.code = params.code;\n this.requestId = params.requestId;\n this.raw = params.raw;\n this.headers = params.headers;\n }\n}\n\nexport class RateLimitError extends ApiError {\n readonly retryAfter?: number; // seconds\n readonly nextRetryAt?: Date;\n\n constructor(params: {\n status: number;\n message?: string;\n code?: string;\n requestId?: string;\n raw?: unknown;\n headers?: HeadersMap;\n retryAfter?: number;\n nextRetryAt?: Date;\n }) {\n super(params);\n this.name = 'RateLimitError';\n this.retryAfter = params.retryAfter;\n this.nextRetryAt = params.nextRetryAt;\n }\n}\n\nexport function isApiError(e: unknown): e is ApiError {\n return e instanceof ApiError;\n}\n\nexport function isRateLimitError(e: unknown): e is RateLimitError {\n return e instanceof RateLimitError;\n}\n","import { RateLimitError } from './errors';\nimport type { HeadersMap } from './types';\n\nexport function parseRetryAfter(retryAfter: string | null | undefined): { seconds?: number; nextRetryAt?: Date } {\n if (!retryAfter) return {};\n const trimmed = retryAfter.trim();\n // Retry-After can be either seconds or HTTP date\n const secs = Number(trimmed);\n if (!Number.isNaN(secs)) {\n return { seconds: secs > 0 ? secs : undefined, nextRetryAt: secs > 0 ? new Date(Date.now() + secs * 1000) : undefined };\n }\n const date = new Date(trimmed);\n if (!Number.isNaN(date.getTime())) {\n const ms = date.getTime() - Date.now();\n const seconds = ms > 0 ? Math.ceil(ms / 1000) : undefined;\n return { seconds, nextRetryAt: ms > 0 ? date : undefined };\n }\n return {};\n}\n\nexport function toHeadersMap(headers: Headers): HeadersMap {\n const obj: HeadersMap = {};\n headers.forEach((v, k) => {\n obj[k] = v;\n });\n return obj;\n}\n\nexport function buildRateLimitError(args: {\n status: number;\n message?: string;\n requestId?: string;\n headers: Headers;\n raw?: unknown;\n}): RateLimitError {\n const { seconds, nextRetryAt } = parseRetryAfter(args.headers.get('retry-after'));\n return new RateLimitError({\n status: args.status,\n message: args.message,\n requestId: args.requestId,\n headers: toHeadersMap(args.headers),\n retryAfter: seconds,\n nextRetryAt,\n raw: args.raw,\n });\n}\n","export interface TokenStorage {\n getAccessToken(): Promise<string | null> | string | null;\n setAccessToken(token: string | null): Promise<void> | void;\n getRefreshToken(): Promise<string | null> | string | null;\n setRefreshToken(token: string | null): Promise<void> | void;\n clear(): Promise<void> | void;\n}\n\nexport interface TokenProvider {\n getAccessToken(): Promise<string | null> | string | null;\n}\n\nexport const noopStorage: TokenStorage = {\n getAccessToken: () => null,\n setAccessToken: () => {},\n getRefreshToken: () => null,\n setRefreshToken: () => {},\n clear: () => {},\n};\n","import type { TokenStorage } from '../tokens';\n\nexport class InMemoryStorage implements TokenStorage {\n private accessToken: string | null = null;\n private refreshToken: string | null = null;\n\n getAccessToken(): string | null {\n return this.accessToken;\n }\n setAccessToken(token: string | null): void {\n this.accessToken = token ?? null;\n }\n getRefreshToken(): string | null {\n return this.refreshToken;\n }\n setRefreshToken(token: string | null): void {\n this.refreshToken = token ?? null;\n }\n clear(): void {\n this.accessToken = null;\n this.refreshToken = null;\n }\n}\n","import type { TokenStorage } from '../tokens';\n\nconst ACCESS_KEY = 'guard_access_token';\nconst REFRESH_KEY = 'guard_refresh_token';\n\nfunction isBrowser(): boolean {\n return typeof window !== 'undefined' && typeof window.localStorage !== 'undefined';\n}\n\nexport class WebLocalStorage implements TokenStorage {\n private readonly prefix: string;\n\n constructor(prefix = '') {\n this.prefix = prefix ? `${prefix}:` : '';\n }\n\n private k(key: string): string {\n return `${this.prefix}${key}`;\n }\n\n getAccessToken(): string | null {\n if (!isBrowser()) return null;\n return window.localStorage.getItem(this.k(ACCESS_KEY));\n }\n\n setAccessToken(token: string | null): void {\n if (!isBrowser()) return;\n if (token == null) window.localStorage.removeItem(this.k(ACCESS_KEY));\n else window.localStorage.setItem(this.k(ACCESS_KEY), token);\n }\n\n getRefreshToken(): string | null {\n if (!isBrowser()) return null;\n return window.localStorage.getItem(this.k(REFRESH_KEY));\n }\n\n setRefreshToken(token: string | null): void {\n if (!isBrowser()) return;\n if (token == null) window.localStorage.removeItem(this.k(REFRESH_KEY));\n else window.localStorage.setItem(this.k(REFRESH_KEY), token);\n }\n\n clear(): void {\n if (!isBrowser()) return;\n window.localStorage.removeItem(this.k(ACCESS_KEY));\n window.localStorage.removeItem(this.k(REFRESH_KEY));\n }\n}\n","import type { TokenStorage } from '../tokens';\n\nconst ACCESS_KEY = 'guard_access_token';\nconst REFRESH_KEY = 'guard_refresh_token';\n\nexport interface AsyncStorageLike {\n getItem(key: string): Promise<string | null>;\n setItem(key: string, value: string): Promise<void>;\n removeItem(key: string): Promise<void>;\n}\n\nexport function reactNativeStorageAdapter(AsyncStorage: AsyncStorageLike, prefix = ''): TokenStorage {\n const p = prefix ? `${prefix}:` : '';\n const k = (key: string) => `${p}${key}`;\n\n return {\n async getAccessToken() {\n return AsyncStorage.getItem(k(ACCESS_KEY));\n },\n async setAccessToken(token: string | null) {\n if (token == null) return AsyncStorage.removeItem(k(ACCESS_KEY));\n return AsyncStorage.setItem(k(ACCESS_KEY), token);\n },\n async getRefreshToken() {\n return AsyncStorage.getItem(k(REFRESH_KEY));\n },\n async setRefreshToken(token: string | null) {\n if (token == null) return AsyncStorage.removeItem(k(REFRESH_KEY));\n return AsyncStorage.setItem(k(REFRESH_KEY), token);\n },\n async clear() {\n await AsyncStorage.removeItem(k(ACCESS_KEY));\n await AsyncStorage.removeItem(k(REFRESH_KEY));\n },\n };\n}\n","import type { FetchLike } from '../types';\n\nexport type RequestInterceptor = (\n input: RequestInfo | URL,\n init: RequestInit\n) => Promise<[RequestInfo | URL, RequestInit]> | [RequestInfo | URL, RequestInit];\n\nexport type ResponseInterceptor = (response: Response) => Promise<Response> | Response;\n\nexport interface Interceptors {\n request?: RequestInterceptor[];\n response?: ResponseInterceptor[];\n}\n\nexport function applyRequestInterceptors(\n input: RequestInfo | URL,\n init: RequestInit,\n interceptors?: RequestInterceptor[]\n): Promise<[RequestInfo | URL, RequestInit]> | [RequestInfo | URL, RequestInit] {\n if (!interceptors || interceptors.length === 0) return [input, init];\n let chain = Promise.resolve<[RequestInfo | URL, RequestInit]>([input, init]);\n for (const fn of interceptors) {\n chain = chain.then(([i, n]) => Promise.resolve(fn(i, n)));\n }\n return chain;\n}\n\nexport async function applyResponseInterceptors(\n response: Response,\n interceptors?: ResponseInterceptor[]\n): Promise<Response> {\n if (!interceptors || interceptors.length === 0) return response;\n let res = response;\n for (const fn of interceptors) {\n // Allow interceptor to clone/consume as needed\n // Always pass along the result for next interceptor\n // eslint-disable-next-line no-await-in-loop\n res = await Promise.resolve(fn(res));\n }\n return res;\n}\n","import { ApiError } from '../errors';\nimport { buildRateLimitError, toHeadersMap } from '../rateLimit';\nimport type { FetchLike, ResponseWrapper } from '../types';\nimport { applyRequestInterceptors, applyResponseInterceptors, type Interceptors } from './interceptors';\n\nexport interface TransportOptions {\n baseUrl: string;\n fetchImpl?: FetchLike;\n interceptors?: Interceptors;\n clientHeader?: string; // e.g., \"ts-sdk/<version>\"\n defaultHeaders?: Record<string, string>;\n credentials?: RequestCredentials; // e.g., 'include' for cookie-based auth\n}\n\nexport class HttpClient {\n private readonly baseUrl: string;\n private readonly fetchImpl: FetchLike;\n private readonly interceptors?: Interceptors;\n private readonly clientHeader?: string;\n private readonly defaultHeaders: Record<string, string>;\n private readonly credentials?: RequestCredentials;\n\n constructor(opts: TransportOptions) {\n this.baseUrl = opts.baseUrl.replace(/\\/$/, '');\n const fiRaw = (opts.fetchImpl ?? (globalThis.fetch as any));\n if (!fiRaw) throw new Error('No fetch implementation provided and global fetch is unavailable');\n // Bind fetch to globalThis to satisfy WebKit where unbound Window.fetch throws\n this.fetchImpl = ((input: RequestInfo | URL, init?: RequestInit) => (fiRaw as any).call(globalThis, input, init)) as FetchLike;\n this.interceptors = opts.interceptors;\n this.clientHeader = opts.clientHeader ?? 'ts-sdk';\n this.defaultHeaders = { ...(opts.defaultHeaders ?? {}) };\n this.credentials = opts.credentials;\n }\n\n private buildUrl(path: string): string {\n if (/^https?:\\/\\//i.test(path)) return path;\n if (!path.startsWith('/')) path = `/${path}`;\n return `${this.baseUrl}${path}`;\n }\n\n async request<T>(path: string, init: RequestInit = {}): Promise<ResponseWrapper<T>> {\n const url = this.buildUrl(path);\n\n const headers = new Headers(init.headers || {});\n // default JSON\n if (!headers.has('content-type')) headers.set('content-type', 'application/json');\n if (!headers.has('accept')) headers.set('accept', 'application/json');\n // client identification\n if (this.clientHeader && !headers.has('x-guard-client')) {\n headers.set('x-guard-client', this.clientHeader);\n }\n // default headers\n for (const [k, v] of Object.entries(this.defaultHeaders)) {\n if (!headers.has(k)) headers.set(k, v);\n }\n\n const reqInit: RequestInit = { ...init, headers };\n if (!('credentials' in reqInit) && this.credentials) {\n reqInit.credentials = this.credentials;\n }\n const [finalUrl, finalInit] = await applyRequestInterceptors(url, reqInit, this.interceptors?.request as any);\n\n const res = await this.fetchImpl(finalUrl, finalInit);\n const res2 = await applyResponseInterceptors(res, this.interceptors?.response);\n\n const requestId = res2.headers.get('x-request-id') || undefined;\n const status = res2.status;\n\n if (!res2.ok) {\n let body: any = undefined;\n try {\n const ct = res2.headers.get('content-type') || '';\n if (ct.includes('application/json')) body = await res2.clone().json();\n else body = await res2.clone().text();\n } catch {}\n\n if (status === 429) {\n throw buildRateLimitError({ status, message: (body && (body.message || body.error)) || 'Too Many Requests', requestId, headers: res2.headers, raw: body });\n }\n\n throw new ApiError({\n status,\n message: (body && (body.message || body.error)) || res2.statusText || `HTTP ${status}`,\n code: body && body.code ? String(body.code) : undefined,\n requestId,\n headers: toHeadersMap(res2.headers),\n raw: body,\n });\n }\n\n let data: any = undefined;\n const ct = res2.headers.get('content-type') || '';\n if (status !== 204) {\n if (ct.includes('application/json')) data = await res2.json();\n else data = await res2.text();\n }\n\n return {\n data: data as T,\n meta: { status, requestId, headers: toHeadersMap(res2.headers) },\n };\n }\n\n // Low-level raw request that returns the Response without throwing on non-2xx.\n // Useful for endpoints like SSO start that intentionally return 3xx redirects.\n async requestRaw(path: string, init: RequestInit = {}): Promise<Response> {\n const url = this.buildUrl(path);\n\n const headers = new Headers(init.headers || {});\n // default JSON\n if (!headers.has('content-type')) headers.set('content-type', 'application/json');\n if (!headers.has('accept')) headers.set('accept', 'application/json');\n // client identification\n if (this.clientHeader && !headers.has('x-guard-client')) {\n headers.set('x-guard-client', this.clientHeader);\n }\n // default headers\n for (const [k, v] of Object.entries(this.defaultHeaders)) {\n if (!headers.has(k)) headers.set(k, v);\n }\n\n const reqInit: RequestInit = { ...init, headers };\n if (!('credentials' in reqInit) && this.credentials) {\n reqInit.credentials = this.credentials;\n }\n const [finalUrl, finalInit] = await applyRequestInterceptors(url, reqInit, this.interceptors?.request as any);\n\n const res = await this.fetchImpl(finalUrl, finalInit);\n const res2 = await applyResponseInterceptors(res, this.interceptors?.response);\n return res2;\n }\n}\n","{\n \"name\": \"@corvushold/guard-sdk\",\n \"version\": \"0.8.1\",\n \"description\": \"Guard CAS TypeScript SDK for Node.js, browsers, and React Native (beta)\",\n \"license\": \"Apache-2.0\",\n \"author\": {\n \"name\": \"CorvusHold\",\n \"url\": \"https://github.com/CorvusHold\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"https://github.com/CorvusHold/guard\",\n \"directory\": \"sdk/ts\"\n },\n \"homepage\": \"https://github.com/CorvusHold/guard/tree/main/sdk/ts#readme\",\n \"bugs\": {\n \"url\": \"https://github.com/CorvusHold/guard/issues\"\n },\n \"type\": \"module\",\n \"main\": \"./dist/index.cjs\",\n \"module\": \"./dist/index.js\",\n \"types\": \"./dist/index.d.ts\",\n \"exports\": {\n \".\": {\n \"types\": \"./dist/index.d.ts\",\n \"import\": \"./dist/index.js\",\n \"require\": \"./dist/index.cjs\"\n }\n },\n \"files\": [\n \"dist\"\n ],\n \"publishConfig\": {\n \"access\": \"public\"\n },\n \"sideEffects\": false,\n \"engines\": {\n \"node\": \">=18\"\n },\n \"dependencies\": {\n \"otplib\": \"^12.0.1\"\n },\n \"peerDependencies\": {\n \"@react-native-async-storage/async-storage\": \">=1.19.0\"\n },\n \"peerDependenciesMeta\": {\n \"@react-native-async-storage/async-storage\": {\n \"optional\": true\n }\n },\n \"scripts\": {\n \"clean\": \"rimraf dist\",\n \"build\": \"npm run gen:openapi && tsup\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"dev:test\": \"vitest\",\n \"lint\": \"eslint 'src/**/*.{ts,tsx}'\",\n \"lint:fix\": \"eslint --fix 'src/**/*.{ts,tsx}'\",\n \"fmt\": \"prettier --write .\",\n \"gen:openapi\": \"node scripts/gen-types.mjs\",\n \"conformance\": \"node scripts/run-conformance.mjs\",\n \"prepublishOnly\": \"npm run build && npm test\"\n },\n \"devDependencies\": {\n \"@types/node\": \"24.3.0\",\n \"@typescript-eslint/eslint-plugin\": \"8.40.0\",\n \"@typescript-eslint/parser\": \"8.40.0\",\n \"eslint\": \"^9.34.0\",\n \"eslint-plugin-vitest\": \"^0.5.4\",\n \"openapi-typescript\": \"^7.4.1\",\n \"prettier\": \"^3.3.3\",\n \"rimraf\": \"^6.0.1\",\n \"swagger2openapi\": \"^7.0.8\",\n \"tsup\": \"^8.2.4\",\n \"typescript\": \"^5.5.4\",\n \"vitest\": \"^3.2.4\"\n }\n}\n","import { HttpClient, type TransportOptions } from './http/transport';\nimport type { FetchLike, TenantId, ResponseWrapper, SsoProvider } from './types';\nimport type { components as OpenAPIComponents } from './generated/openapi';\nimport { InMemoryStorage } from './storage/inMemory';\nimport type { TokenStorage } from './tokens';\nimport type { RequestInterceptor } from './http/interceptors';\nimport pkg from '../package.json';\nimport { toHeadersMap } from './rateLimit';\n\nexport interface GuardClientOptions {\n baseUrl: string;\n tenantId?: TenantId;\n fetchImpl?: FetchLike;\n storage?: TokenStorage;\n defaultHeaders?: Record<string, string>;\n authMode?: 'bearer' | 'cookie';\n}\n\n// OpenAPI component schema aliases\n// Note: The current OpenAPI typings do not expose a dedicated tokens schema,\n// so we define the minimal surface we need here and keep other DTOs sourced\n// from the generated OpenAPI types.\ntype TokensResp = {\n access_token?: string | null;\n refresh_token?: string | null;\n success?: boolean;\n};\ntype MfaChallengeResp = OpenAPIComponents['schemas']['controller.mfaChallengeResp'];\ntype OAuth2MetadataResp = OpenAPIComponents['schemas']['controller.oauth2MetadataResp'];\n// Portal link DTO: base on OpenAPI, but enforce `link` is present at type-level for stricter SDK contract\ntype PortalLink = OpenAPIComponents['schemas']['domain.PortalLink'] & { link: string };\n\n// Portal session DTOs\nexport interface SsoPortalSessionResp {\n tenant_id: string;\n provider_slug: string;\n portal_token_id: string;\n intent: string;\n}\n\n// Password reset tenant selection response (when email exists in multiple tenants)\nexport interface TenantOption {\n tenant_id: string;\n tenant_name: string;\n}\n\nexport interface TenantSelectionRequiredResp {\n error: 'tenant_selection_required';\n message: string;\n tenants: TenantOption[];\n}\n\nexport function isTenantSelectionRequired(data: unknown): data is TenantSelectionRequiredResp {\n const d = data as any;\n return !!d\n && d.error === 'tenant_selection_required'\n && typeof d.message === 'string'\n && Array.isArray(d.tenants);\n}\n\nexport interface SsoPortalContext {\n session: SsoPortalSessionResp;\n provider: SsoProviderItem;\n}\n\n// Type guards to help narrow union results in consumers\nexport function isTokensResp(data: unknown): data is TokensResp {\n const d = data as any;\n return !!d && (typeof d.access_token === 'string' || typeof d.refresh_token === 'string');\n}\n\nexport function isMfaChallengeResp(data: unknown): data is MfaChallengeResp {\n const d = data as any;\n return !!d && typeof d.challenge_token === 'string';\n}\ntype MfaVerifyReq = OpenAPIComponents['schemas']['controller.mfaVerifyReq'];\ntype RefreshReq = OpenAPIComponents['schemas']['controller.refreshReq'];\n\n// RBAC v2 (admin) OpenAPI schema aliases\ntype RbacPermissionsResp = OpenAPIComponents['schemas']['controller.rbacPermissionsResp'];\ntype RbacRolesResp = OpenAPIComponents['schemas']['controller.rbacRolesResp'];\ntype RbacRoleItem = OpenAPIComponents['schemas']['controller.rbacRoleItem'];\ntype RbacCreateRoleReq = OpenAPIComponents['schemas']['controller.rbacCreateRoleReq'];\ntype RbacUpdateRoleReq = OpenAPIComponents['schemas']['controller.rbacUpdateRoleReq'];\ntype RbacRolePermissionReq = OpenAPIComponents['schemas']['controller.rbacRolePermissionReq'];\ntype RbacUserRolesResp = OpenAPIComponents['schemas']['controller.rbacUserRolesResp'];\ntype RbacModifyUserRoleReq = OpenAPIComponents['schemas']['controller.rbacModifyUserRoleReq'];\ntype RbacResolvedPermissionsResp = OpenAPIComponents['schemas']['controller.rbacResolvedPermissionsResp'];\n\n// FGA (admin) DTOs (controller uses snake_case JSON)\nexport type FgaGroup = {\n id: string;\n tenant_id: string;\n name: string;\n description?: string;\n created_at: string;\n updated_at: string;\n};\nexport type FgaGroupsResp = { groups: FgaGroup[] };\nexport type FgaAclTuple = {\n id: string;\n tenant_id: string;\n subject_type: string;\n subject_id: string;\n permission_key?: string;\n object_type: string;\n object_id?: string | null;\n created_by?: string | null;\n created_at: string;\n};\n\n// Minimal response types for tenant discovery\nexport interface TenantSummary { id: string; name?: string }\nexport interface DiscoverTenantsResp { tenants: TenantSummary[] }\ntype UserProfile = OpenAPIComponents['schemas']['domain.UserProfile'];\ntype Introspection = OpenAPIComponents['schemas']['domain.Introspection'];\ntype MagicSendReq = OpenAPIComponents['schemas']['controller.magicSendReq'];\ntype MagicVerifyReq = OpenAPIComponents['schemas']['controller.magicVerifyReq'];\ntype PasswordSignupInput = {\n email: string;\n password: string;\n tenant_id?: string;\n first_name?: string;\n last_name?: string;\n};\n\n// SDK-local DTOs (from server controllers)\nexport interface AdminUser {\n id: string;\n email_verified: boolean;\n is_active: boolean;\n first_name: string;\n last_name: string;\n roles: string[];\n created_at: string; // RFC3339\n updated_at: string; // RFC3339\n last_login_at?: string | null; // RFC3339 | null\n}\n\nexport interface AdminUsersResp {\n users: AdminUser[];\n}\n\n/** Auth method used to create a session */\nexport type AuthMethod = 'password' | 'sso' | 'magic_link';\n\nexport interface SessionItem {\n id: string;\n revoked: boolean;\n user_agent: string;\n ip: string;\n created_at: string; // RFC3339\n expires_at: string; // RFC3339\n auth_method: AuthMethod;\n sso_provider_id?: string;\n sso_provider_name?: string;\n sso_provider_slug?: string;\n}\n\nexport interface SessionsListResp {\n sessions: SessionItem[];\n}\n\nexport interface TenantSettingsResponse {\n sso_provider: string;\n workos_client_id: string;\n workos_client_secret?: string; // masked\n workos_api_key?: string; // masked\n workos_default_connection_id?: string;\n workos_default_organization_id?: string;\n sso_state_ttl: string;\n sso_redirect_allowlist: string;\n}\n\nexport interface TenantSettingsPutRequest {\n sso_provider?: string | null;\n workos_client_id?: string | null;\n workos_client_secret?: string | null;\n workos_api_key?: string | null;\n workos_default_connection_id?: string | null;\n workos_default_organization_id?: string | null;\n sso_state_ttl?: string | null; // Go validates time.ParseDuration strings\n sso_redirect_allowlist?: string | null; // comma-separated URLs\n}\n\n// SSO Provider Management Types\nexport type SsoProviderType = 'oidc' | 'saml';\nexport type SsoLinkingPolicy = 'never' | 'verified_email' | 'always';\n\nexport interface SsoProviderItem {\n id: string;\n tenant_id: string;\n name: string;\n slug: string;\n provider_type: SsoProviderType;\n enabled: boolean;\n allow_signup: boolean;\n trust_email_verified: boolean;\n domains: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string; // masked in responses\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string; // masked in responses\n sp_certificate_expires_at?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n\n created_at: string;\n updated_at: string;\n created_by?: string;\n updated_by?: string;\n}\n\nexport interface SsoProvidersListResp {\n providers: SsoProviderItem[];\n total: number;\n}\n\n// Login options response - available auth methods for a tenant/email\nexport interface SsoProviderOption {\n slug: string;\n name: string;\n provider_type: SsoProviderType;\n logo_url?: string;\n login_url: string;\n}\n\nexport interface LoginOptionsResp {\n password_enabled: boolean;\n magic_link_enabled: boolean;\n sso_providers: SsoProviderOption[];\n preferred_method: AuthMethod;\n sso_required: boolean;\n user_exists: boolean;\n tenant_id?: string;\n tenant_name?: string;\n domain_matched_sso?: SsoProviderOption;\n}\n\nexport interface CreateSsoProviderReq {\n tenant_id: string;\n name: string;\n slug: string;\n provider_type: SsoProviderType;\n enabled?: boolean;\n allow_signup?: boolean;\n trust_email_verified?: boolean;\n domains?: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string;\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n}\n\nexport interface UpdateSsoProviderReq {\n name?: string;\n enabled?: boolean;\n allow_signup?: boolean;\n trust_email_verified?: boolean;\n domains?: string[];\n attribute_mapping?: Record<string, any>;\n\n // OIDC fields\n issuer?: string;\n authorization_endpoint?: string;\n token_endpoint?: string;\n userinfo_endpoint?: string;\n jwks_uri?: string;\n client_id?: string;\n client_secret?: string;\n scopes?: string[];\n response_type?: string;\n response_mode?: string;\n\n // SAML fields\n entity_id?: string;\n acs_url?: string;\n slo_url?: string;\n idp_metadata_url?: string;\n idp_metadata_xml?: string;\n idp_entity_id?: string;\n idp_sso_url?: string;\n idp_slo_url?: string;\n idp_certificate?: string;\n sp_certificate?: string;\n sp_private_key?: string;\n want_assertions_signed?: boolean;\n want_response_signed?: boolean;\n sign_requests?: boolean;\n force_authn?: boolean;\n allow_idp_initiated?: boolean;\n linking_policy?: SsoLinkingPolicy;\n}\n\nexport interface SsoTestProviderResp {\n success: boolean;\n metadata?: Record<string, any>;\n error?: string;\n}\n\n// SP Info response - computed Service Provider URLs for SAML configuration\n// URLs use V2 tenant-scoped format: /auth/sso/t/{tenant_id}/{slug}/*\nexport interface SsoSPInfoResp {\n /** SP Entity ID / Issuer URL (also called \"Identifier\" in some IdPs) */\n entity_id: string;\n /** Assertion Consumer Service URL where the IdP sends SAML responses */\n acs_url: string;\n /** Single Logout URL (optional) */\n slo_url?: string;\n /** URL where SP metadata XML can be downloaded */\n metadata_url: string;\n /** URL to initiate SSO login */\n login_url: string;\n /** Public base URL of the Guard service */\n base_url: string;\n /** Tenant ID used in the URL paths */\n tenant_id: string;\n}\n\ntype PasswordLoginInput = { email: string; password: string; tenant_id?: string };\n\nexport class GuardClient {\n readonly baseUrl: string;\n private readonly tenantId?: TenantId;\n private readonly storage: TokenStorage;\n private readonly http: HttpClient;\n\n constructor(opts: GuardClientOptions) {\n this.baseUrl = opts.baseUrl;\n this.tenantId = opts.tenantId;\n this.storage = opts.storage ?? new InMemoryStorage();\n\n const mode = opts.authMode ?? 'bearer';\n const authHeaderInterceptor: RequestInterceptor = async (input: RequestInfo | URL, init: RequestInit) => {\n const headers = new Headers(init.headers || {});\n if (mode === 'bearer') {\n // Attach Authorization if present\n const token = await Promise.resolve(this.storage.getAccessToken());\n if (token && !headers.has('authorization')) {\n headers.set('authorization', `Bearer ${token}`);\n }\n } else if (mode === 'cookie') {\n // Set X-Auth-Mode header to signal cookie mode to backend\n headers.set('X-Auth-Mode', 'cookie');\n }\n return [input, { ...init, headers }];\n };\n\n const defaultHeaders = { ...(opts.defaultHeaders ?? {}) };\n // Tenancy today is via body/query. Header will be added later when server adopts it.\n\n const clientHeader = `ts-sdk/${(pkg as any).version ?? '0.0.0'}`;\n // In cookie mode, always include credentials (cookies) with requests.\n // This requires the backend to have proper CORS configuration with Access-Control-Allow-Credentials: true\n let credentialsOpt: RequestCredentials | undefined = undefined;\n if (mode === 'cookie') {\n credentialsOpt = 'include';\n }\n\n this.http = new HttpClient({\n baseUrl: opts.baseUrl,\n fetchImpl: opts.fetchImpl,\n clientHeader,\n defaultHeaders,\n interceptors: { request: [authHeaderInterceptor] },\n credentials: credentialsOpt,\n } as TransportOptions);\n }\n\n // Low-level request passthrough (internal usage by methods)\n protected async request<T>(path: string, init: RequestInit): Promise<ResponseWrapper<T>> {\n return this.http.request<T>(path, init);\n }\n\n private persistTokensFrom(data: unknown): void {\n try {\n if (isTokensResp(data)) {\n const access = data.access_token ?? null;\n const refresh = data.refresh_token ?? null;\n if (access !== undefined) {\n // allow null to clear\n void this.storage.setAccessToken(access);\n }\n if (refresh !== undefined) {\n void this.storage.setRefreshToken(refresh);\n }\n }\n } catch (_) {\n // best-effort; ignore\n }\n }\n\n private buildQuery(params: Record<string, string | number | boolean | undefined | null>): string {\n const usp = new URLSearchParams();\n for (const [k, v] of Object.entries(params)) {\n if (v === undefined || v === null) continue;\n usp.set(k, String(v));\n }\n const qs = usp.toString();\n return qs ? `?${qs}` : '';\n }\n\n // Auth: Password login -> returns tokens (200) or MFA challenge (202)\n async passwordLogin(body: PasswordLoginInput): Promise<ResponseWrapper<TokensResp | MfaChallengeResp>> {\n const res = await this.request<TokensResp | MfaChallengeResp>('/api/v1/auth/password/login', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Password signup -> returns tokens (201 Created)\n async passwordSignup(body: PasswordSignupInput): Promise<ResponseWrapper<TokensResp>> {\n const res = await this.request<TokensResp>('/api/v1/auth/password/signup', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n if (res.meta.status === 200 || res.meta.status === 201) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Verify MFA challenge -> tokens\n async mfaVerify(body: MfaVerifyReq): Promise<ResponseWrapper<TokensResp>> {\n const res = await this.request<TokensResp>('/api/v1/auth/mfa/verify', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Refresh tokens\n async refresh(body?: Partial<RefreshReq>): Promise<ResponseWrapper<TokensResp>> {\n let refreshToken = body?.refresh_token ?? null;\n if (!refreshToken) refreshToken = (await Promise.resolve(this.storage.getRefreshToken())) ?? null;\n const res = await this.request<TokensResp>('/api/v1/auth/refresh', {\n method: 'POST',\n body: JSON.stringify({ refresh_token: refreshToken }),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Logout (revoke refresh token) -> 204\n async logout(body?: { refresh_token?: string | null }): Promise<ResponseWrapper<unknown>> {\n const b = body ?? {};\n const res = await this.request<unknown>('/api/v1/auth/logout', {\n method: 'POST',\n body: JSON.stringify(b),\n });\n if (res.meta.status === 204) {\n // best-effort: clear stored refresh; leave access to naturally expire\n void this.storage.setRefreshToken(null);\n }\n return res;\n }\n\n // Auth: Current user profile\n async me(): Promise<ResponseWrapper<UserProfile>> {\n return this.request<UserProfile>('/api/v1/auth/me', { method: 'GET' });\n }\n\n // Auth: Email discovery (progressive login)\n async emailDiscover(body: { email: string; tenant_id?: string }): Promise<ResponseWrapper<{\n found: boolean;\n has_tenant: boolean;\n tenant_id?: string;\n tenant_name?: string;\n user_exists: boolean;\n suggestions?: string[];\n }>> {\n const headers: Record<string, string> = {};\n const tid = body.tenant_id ?? this.tenantId;\n if (tid) headers['X-Tenant-ID'] = String(tid);\n return this.request(`/api/v1/auth/email/discover`, {\n method: 'POST',\n headers,\n body: JSON.stringify({ email: body.email })\n });\n }\n\n // Auth: Get login options - returns available auth methods for a tenant/email\n async getLoginOptions(params?: { email?: string; tenant_id?: string }): Promise<ResponseWrapper<LoginOptionsResp>> {\n const tid = params?.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ email: params?.email, tenant_id: tid });\n return this.request<LoginOptionsResp>(`/api/v1/auth/login-options${qs}`, { method: 'GET' });\n }\n\n // --- MFA self-service ---\n async mfaStartTotp(): Promise<ResponseWrapper<{ secret: string; otpauth_url: string }>> {\n return this.request<{ secret: string; otpauth_url: string }>('/api/v1/auth/mfa/totp/start', { method: 'POST' });\n }\n\n async mfaActivateTotp(body: { code: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/mfa/totp/activate', { method: 'POST', body: JSON.stringify(body) });\n }\n\n async mfaDisableTotp(): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/mfa/totp/disable', { method: 'POST' });\n }\n\n async mfaGenerateBackupCodes(body: { count?: number } = {}): Promise<ResponseWrapper<{ codes: string[] }>> {\n return this.request<{ codes: string[] }>('/api/v1/auth/mfa/backup/generate', { method: 'POST', body: JSON.stringify({ count: body.count ?? 5 }) });\n }\n\n async mfaCountBackupCodes(): Promise<ResponseWrapper<{ count: number }>> {\n return this.request<{ count: number }>('/api/v1/auth/mfa/backup/count', { method: 'GET' });\n }\n\n // Tenants: Discover tenants for a given email (used by login tenant selection)\n async discoverTenants(params: { email: string }): Promise<ResponseWrapper<DiscoverTenantsResp>> {\n const qs = this.buildQuery({ email: params.email });\n return this.request<DiscoverTenantsResp>(`/api/v1/auth/tenants${qs}`, { method: 'GET' });\n }\n\n // Tenants: Create\n async createTenant(body: { name: string }): Promise<ResponseWrapper<{ id: string; name: string; is_active?: boolean; created_at?: string; updated_at?: string }>> {\n return this.request(`/api/v1/tenants`, { method: 'POST', body: JSON.stringify({ name: body.name }) });\n }\n\n // Tenants: Get by ID\n async getTenant(id: string): Promise<ResponseWrapper<{ id: string; name: string; is_active: boolean; created_at: string; updated_at: string }>> {\n return this.request(`/api/v1/tenants/${encodeURIComponent(id)}`, { method: 'GET' });\n }\n\n // Tenants: List (admin)\n async listTenants(params: { q?: string; page?: number; page_size?: number; active?: number | boolean } = {}): Promise<ResponseWrapper<{ items: Array<{ id: string; name: string; is_active: boolean; created_at: string; updated_at: string }>; total: number; page: number; page_size: number; total_pages: number }>> {\n const qs = this.buildQuery({\n q: params.q,\n page: params.page,\n page_size: params.page_size,\n active: typeof params.active === 'boolean' ? (params.active ? 1 : 0) : params.active\n });\n return this.request(`/api/v1/tenants${qs}`, { method: 'GET' });\n }\n\n // Auth: Introspect token (from header or body)\n async introspect(body?: { token?: string }): Promise<ResponseWrapper<Introspection>> {\n return this.request<Introspection>('/api/v1/auth/introspect', {\n method: 'POST',\n body: JSON.stringify(body ?? {}),\n });\n }\n\n // Auth: Magic link send\n async magicSend(body: MagicSendReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/magic/send', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Auth: Magic verify (token in query preferred)\n async magicVerify(params: { token?: string } = {}, body?: MagicVerifyReq): Promise<ResponseWrapper<TokensResp>> {\n const qs = this.buildQuery(params);\n const res = await this.request<TokensResp>(`/api/v1/auth/magic/verify${qs}`, {\n method: 'GET',\n // Some servers accept body on GET per spec; include if provided\n ...(body ? { body: JSON.stringify(body) } : {}),\n });\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n // Auth: Request password reset -> 202 (always, to prevent email enumeration)\n async passwordResetRequest(body: { tenant_id?: string; email: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/password/reset/request', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n }\n\n // Auth: Confirm password reset -> 200 on success\n async passwordResetConfirm(body: { tenant_id?: string; token: string; new_password: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/password/reset/confirm', {\n method: 'POST',\n body: JSON.stringify({ ...body, tenant_id: body.tenant_id ?? this.tenantId }),\n });\n }\n\n // Auth: Change password (requires auth) -> 200 on success\n async changePassword(body: { current_password: string; new_password: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/password/change', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Auth: Update profile (first/last name) -> 200 on success\n async updateProfile(body: { first_name?: string; last_name?: string }): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>('/api/v1/auth/profile', {\n method: 'PATCH',\n body: JSON.stringify(body),\n });\n }\n\n // Admin: List users (requires admin role). tenant_id from client or param.\n async listUsers(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<AdminUsersResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<AdminUsersResp>(`/api/v1/auth/admin/users${qs}`, { method: 'GET' });\n }\n\n // Admin: Update user names\n async updateUserNames(id: string, body: { first_name?: string; last_name?: string }): Promise<ResponseWrapper<unknown>> {\n const payload: any = {};\n if (typeof body?.first_name === 'string') payload.first_name = body.first_name;\n if (typeof body?.last_name === 'string') payload.last_name = body.last_name;\n return this.request<unknown>(`/api/v1/auth/admin/users/${encodeURIComponent(id)}`, {\n method: 'PATCH',\n body: JSON.stringify(payload),\n });\n }\n\n // Admin: Block user\n async blockUser(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/users/${encodeURIComponent(id)}/block`, { method: 'POST' });\n }\n\n // Admin: Unblock user\n async unblockUser(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/users/${encodeURIComponent(id)}/unblock`, { method: 'POST' });\n }\n\n // Admin: Verify user email (set email_verified=true)\n async verifyUserEmail(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/users/${encodeURIComponent(id)}/verify-email`, { method: 'POST' });\n }\n\n // Admin: Unverify user email (set email_verified=false)\n async unverifyUserEmail(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/users/${encodeURIComponent(id)}/unverify-email`, { method: 'POST' });\n }\n\n // Sessions: List sessions. When includeAll=false, filter to active (non-revoked, not expired) client-side to match example app UX.\n async listSessions(options: { includeAll?: boolean } = {}): Promise<ResponseWrapper<SessionsListResp>> {\n const res = await this.request<SessionsListResp>('/api/v1/auth/sessions', { method: 'GET', cache: 'no-store' as any });\n if (res.meta.status >= 200 && res.meta.status < 300) {\n const includeAll = !!options.includeAll;\n const sessions = Array.isArray(res.data?.sessions) ? res.data.sessions : [];\n if (!includeAll) {\n const now = Date.now();\n const active = sessions.filter((s: SessionItem) => {\n const revoked = !!s.revoked;\n const expMs = s.expires_at ? Date.parse(s.expires_at) : 0;\n return !revoked && expMs > now;\n });\n return { data: { sessions: active }, meta: res.meta };\n }\n }\n return res;\n }\n\n // Sessions: Revoke session\n async revokeSession(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/sessions/${encodeURIComponent(id)}/revoke`, { method: 'POST' });\n }\n\n // Tenants: Get settings\n async getTenantSettings(tenantId?: string): Promise<ResponseWrapper<TenantSettingsResponse>> {\n const id = tenantId ?? this.tenantId;\n if (!id) throw new Error('tenantId is required');\n return this.request<TenantSettingsResponse>(`/api/v1/tenants/${encodeURIComponent(id)}/settings`, { method: 'GET' });\n }\n\n // Tenants: Update settings\n async updateTenantSettings(tenantId: string, settings: TenantSettingsPutRequest): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/tenants/${encodeURIComponent(tenantId)}/settings`, {\n method: 'PUT',\n body: JSON.stringify(settings ?? {}),\n });\n }\n\n /**\n * Start SSO flow with a provider slug.\n * Uses V2 tenant-scoped URLs: /auth/sso/t/{tenant_id}/{slug}/login\n * \n * @param providerSlug - The provider slug (e.g., 'okta', 'azure-ad', 'google-saml')\n * @param params - Optional parameters for the SSO flow\n * @returns The redirect URL to send the user to for authentication\n * \n * @example\n * ```ts\n * const result = await client.startSso('okta', { redirect_url: 'https://myapp.com/callback' });\n * window.location.href = result.data.redirect_url;\n * ```\n */\n async startSso(providerSlug: SsoProvider, params: {\n tenant_id?: string;\n redirect_url?: string;\n login_hint?: string;\n force_authn?: boolean;\n } = {}): Promise<ResponseWrapper<{ redirect_url: string }>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required for SSO; set via params or client constructor');\n \n const qs = this.buildQuery({\n redirect_url: params.redirect_url,\n login_hint: params.login_hint,\n force_authn: params.force_authn,\n });\n \n // Use V2 tenant-scoped URL format\n const res = await this.http.requestRaw(\n `/api/v1/auth/sso/t/${encodeURIComponent(tenant)}/${encodeURIComponent(providerSlug)}/login${qs}`,\n { method: 'GET', redirect: 'manual' }\n );\n const loc = res.headers.get('location');\n const requestId = res.headers.get('x-request-id') || undefined;\n \n // Check for error response (non-redirect)\n if (res.status >= 400) {\n let errorMsg = `SSO start failed with status ${res.status}`;\n try {\n const body = await res.json();\n if (body?.error) errorMsg += `: ${body.error}`;\n } catch { /* ignore parse errors */ }\n throw new Error(`${errorMsg}${requestId ? ` (request: ${requestId})` : ''}`);\n }\n \n if (!loc) {\n throw new Error(\n `missing redirect location from SSO start${requestId ? ` (request: ${requestId})` : ''}`\n );\n }\n return {\n data: { redirect_url: loc },\n meta: { status: res.status, requestId, headers: toHeadersMap(res.headers) },\n };\n }\n\n /**\n * Handle SSO callback and exchange code for tokens.\n * Uses V2 tenant-scoped URLs: /auth/sso/t/{tenant_id}/{slug}/callback\n * \n * @param providerSlug - The provider slug used in startSso\n * @param params - Callback parameters (code, state from IdP redirect)\n * @returns Access and refresh tokens\n */\n async handleSsoCallback(providerSlug: SsoProvider, params: {\n tenant_id?: string;\n code: string;\n state?: string;\n }): Promise<ResponseWrapper<TokensResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required for SSO callback');\n \n const qs = this.buildQuery({ code: params.code, state: params.state });\n const res = await this.request<TokensResp>(\n `/api/v1/auth/sso/t/${encodeURIComponent(tenant)}/${encodeURIComponent(providerSlug)}/callback${qs}`,\n { method: 'GET' }\n );\n if (res.meta.status === 200) this.persistTokensFrom(res.data);\n return res;\n }\n\n /**\n * Parse SSO callback tokens from URL query parameters or fragment.\n * Use this when Guard redirects to your app's callback URL with tokens.\n * \n * **Note:** This method has a side effect: when tokens are successfully parsed,\n * they are automatically persisted to the configured TokenStorage.\n * \n * @param url - The full callback URL or just the query/fragment string (e.g., window.location.search or window.location.hash)\n * @returns Tokens if access_token is present in URL, null otherwise\n * \n * @remarks\n * - access_token is required for a successful return\n * - refresh_token is optional (some flows don't provide it)\n * - When refresh_token is missing, token refresh via `refresh()` will not be available\n * - Tokens are persisted to storage on successful parse (side effect)\n */\n parseSsoCallbackTokens(url: string): TokensResp | null {\n try {\n // Handle both full URL and just query/fragment string\n let searchParams: URLSearchParams;\n if (url.startsWith('#')) {\n // Fragment-based tokens (e.g., from SSO redirect)\n searchParams = new URLSearchParams(url.substring(1));\n } else if (url.startsWith('?') || url.startsWith('/') || url.startsWith('http')) {\n // For query-only or path-only strings, prepend a dummy base URL for parsing\n const needsBase = url.startsWith('?') || url.startsWith('/');\n const parsed = new URL(needsBase ? `http://x${url}` : url);\n // Try fragment first (preferred for security), then query params\n searchParams = parsed.hash\n ? new URLSearchParams(parsed.hash.substring(1))\n : parsed.searchParams;\n } else {\n searchParams = new URLSearchParams(url);\n }\n \n const accessToken = searchParams.get('access_token');\n const refreshToken = searchParams.get('refresh_token');\n \n // Access token is required; refresh token is optional\n if (!accessToken) {\n return null;\n }\n \n const tokens: TokensResp = {\n access_token: accessToken,\n refresh_token: refreshToken ?? undefined,\n };\n this.persistTokensFrom(tokens);\n return tokens;\n } catch {\n return null;\n }\n }\n\n // SSO: WorkOS Organization Portal link (admin-only on server)\n async getSsoOrganizationPortalLink(provider: SsoProvider, params: {\n tenant_id?: string;\n organization_id?: string;\n intent?: string;\n }): Promise<ResponseWrapper<PortalLink>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n if (provider === 'workos' && !params?.organization_id) throw new Error('organization_id is required');\n const qs = this.buildQuery({\n tenant_id: tenant,\n organization_id: params.organization_id,\n intent: params.intent,\n });\n return this.request<PortalLink>(`/api/v1/auth/sso/${provider}/portal-link${qs}`, { method: 'GET' });\n }\n\n // SSO: Portal token session exchange (public, portal-token gated)\n async ssoPortalSession(token: string): Promise<ResponseWrapper<SsoPortalSessionResp>> {\n if (!token || typeof token !== 'string') {\n throw new Error('token is required');\n }\n return this.request<SsoPortalSessionResp>('/api/v1/sso/portal/session', {\n method: 'POST',\n body: JSON.stringify({ token }),\n });\n }\n\n // SSO: Portal provider config (public, portal-token gated)\n async ssoPortalProvider(token: string): Promise<ResponseWrapper<SsoProviderItem>> {\n if (!token || typeof token !== 'string') {\n throw new Error('token is required');\n }\n const headers: Record<string, string> = { 'X-Portal-Token': token };\n return this.request<SsoProviderItem>('/api/v1/sso/portal/provider', {\n method: 'GET',\n headers,\n });\n }\n\n // High-level helper: load portal session and provider in one call\n async loadSsoPortalContext(token: string): Promise<SsoPortalContext> {\n const sessionRes = await this.ssoPortalSession(token);\n if (sessionRes.meta.status !== 200 || !sessionRes.data) {\n const serverError = this.extractErrorDetails(sessionRes.data);\n const requestId = sessionRes.meta.requestId;\n throw new Error(\n `portal session failed with status ${sessionRes.meta.status}` +\n (serverError ? `: ${serverError}` : '') +\n (requestId ? ` (request: ${requestId})` : '')\n );\n }\n\n const providerRes = await this.ssoPortalProvider(token);\n if (providerRes.meta.status !== 200 || !providerRes.data) {\n const serverError = this.extractErrorDetails(providerRes.data);\n const requestId = providerRes.meta.requestId;\n throw new Error(\n `portal provider failed with status ${providerRes.meta.status}` +\n (serverError ? `: ${serverError}` : '') +\n (requestId ? ` (request: ${requestId})` : '')\n );\n }\n\n return { session: sessionRes.data, provider: providerRes.data };\n }\n\n // Helper to extract error details from server response\n private extractErrorDetails(data: unknown): string | null {\n if (!data || typeof data !== 'object') return null;\n const obj = data as Record<string, unknown>;\n // Try common error field names\n if (typeof obj.error === 'string') return obj.error;\n if (typeof obj.message === 'string') return obj.message;\n if (typeof obj.description === 'string') return obj.description;\n if (typeof obj.detail === 'string') return obj.detail;\n return null;\n }\n\n // ==============================\n // SSO Provider Management (Admin-only endpoints)\n // ==============================\n\n // List SSO providers for a tenant\n async ssoListProviders(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<SsoProvidersListResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<SsoProvidersListResp>(`/api/v1/sso/providers${qs}`, { method: 'GET' });\n }\n\n // Create a new SSO provider\n async ssoCreateProvider(body: CreateSsoProviderReq): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>('/api/v1/sso/providers', {\n method: 'POST',\n body: JSON.stringify(body),\n });\n }\n\n // Get a specific SSO provider by ID\n async ssoGetProvider(id: string): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>(`/api/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'GET',\n });\n }\n\n // Update an existing SSO provider\n async ssoUpdateProvider(id: string, body: UpdateSsoProviderReq): Promise<ResponseWrapper<SsoProviderItem>> {\n return this.request<SsoProviderItem>(`/api/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'PUT',\n body: JSON.stringify(body),\n });\n }\n\n // Delete an SSO provider\n async ssoDeleteProvider(id: string): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/sso/providers/${encodeURIComponent(id)}`, {\n method: 'DELETE',\n });\n }\n\n // Test SSO provider configuration\n async ssoTestProvider(id: string): Promise<ResponseWrapper<SsoTestProviderResp>> {\n return this.request<SsoTestProviderResp>(`/api/v1/sso/providers/${encodeURIComponent(id)}/test`, {\n method: 'POST',\n });\n }\n\n /**\n * Get computed Service Provider (SP) URLs for SAML configuration.\n * These URLs are needed by admins to configure their Identity Provider (IdP).\n * URLs use V2 tenant-scoped format: /auth/sso/t/{tenant_id}/{slug}/*\n * \n * @param slug - The provider slug (e.g. 'okta', 'azure-ad')\n * @param tenantId - Optional tenant ID (uses client's default if not provided)\n * @returns SP info including Entity ID, ACS URL, SLO URL, Metadata URL, Login URL, and Tenant ID\n * \n * @example\n * ```ts\n * const spInfo = await client.ssoGetSPInfo('okta');\n * console.log(spInfo.data.entity_id); // https://api.example.com/auth/sso/t/{tenant_id}/okta/metadata\n * console.log(spInfo.data.acs_url); // https://api.example.com/auth/sso/t/{tenant_id}/okta/callback\n * console.log(spInfo.data.tenant_id); // The tenant UUID used in the URLs\n * ```\n */\n async ssoGetSPInfo(slug: string, tenantId?: string): Promise<ResponseWrapper<SsoSPInfoResp>> {\n if (!slug) throw new Error('slug is required');\n const tenant = tenantId ?? this.tenantId;\n const params: Record<string, string> = { slug };\n if (tenant) params.tenant_id = tenant;\n const qs = this.buildQuery(params);\n return this.request<SsoSPInfoResp>(`/api/v1/sso/sp-info${qs}`, { method: 'GET' });\n }\n\n // ==============================\n // RBAC v2 (Admin-only endpoints)\n // ==============================\n\n // RBAC: List all permissions (admin-only)\n async rbacListPermissions(): Promise<ResponseWrapper<RbacPermissionsResp>> {\n return this.request<RbacPermissionsResp>('/api/v1/auth/admin/rbac/permissions', { method: 'GET' });\n }\n\n // RBAC: List roles for a tenant\n async rbacListRoles(params: { tenant_id?: string } = {}): Promise<ResponseWrapper<RbacRolesResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacRolesResp>(`/api/v1/auth/admin/rbac/roles${qs}`, { method: 'GET' });\n }\n\n // RBAC: Create role\n async rbacCreateRole(body: Omit<RbacCreateRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<RbacRoleItem>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacCreateRoleReq = { tenant_id: tenant, name: (body as any).name, description: (body as any).description } as RbacCreateRoleReq;\n return this.request<RbacRoleItem>('/api/v1/auth/admin/rbac/roles', { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // RBAC: Update role\n async rbacUpdateRole(id: string, body: Omit<RbacUpdateRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<RbacRoleItem>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacUpdateRoleReq = { tenant_id: tenant, name: (body as any).name, description: (body as any).description } as RbacUpdateRoleReq;\n return this.request<RbacRoleItem>(`/api/v1/auth/admin/rbac/roles/${encodeURIComponent(id)}`, { method: 'PATCH', body: JSON.stringify(payload) });\n }\n\n // RBAC: Delete role\n async rbacDeleteRole(id: string, params: { tenant_id?: string } = {}): Promise<ResponseWrapper<unknown>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<unknown>(`/api/v1/auth/admin/rbac/roles/${encodeURIComponent(id)}${qs}`, { method: 'DELETE' });\n }\n\n // RBAC: List user roles\n async rbacListUserRoles(userId: string, params: { tenant_id?: string } = {}): Promise<ResponseWrapper<RbacUserRolesResp>> {\n const tenant = params.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacUserRolesResp>(`/api/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles${qs}`, { method: 'GET' });\n }\n\n // RBAC: Add user role\n async rbacAddUserRole(userId: string, body: Omit<RbacModifyUserRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacModifyUserRoleReq = { tenant_id: tenant, role_id: (body as any).role_id } as RbacModifyUserRoleReq;\n return this.request<unknown>(`/api/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // RBAC: Remove user role\n async rbacRemoveUserRole(userId: string, body: Omit<RbacModifyUserRoleReq, 'tenant_id'> & { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = body.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload: RbacModifyUserRoleReq = { tenant_id: tenant, role_id: (body as any).role_id } as RbacModifyUserRoleReq;\n return this.request<unknown>(`/api/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/roles`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // RBAC: Upsert role permission\n async rbacUpsertRolePermission(roleId: string, body: RbacRolePermissionReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/rbac/roles/${encodeURIComponent(roleId)}/permissions`, { method: 'POST', body: JSON.stringify(body) });\n }\n\n // RBAC: Delete role permission\n async rbacDeleteRolePermission(roleId: string, body: RbacRolePermissionReq): Promise<ResponseWrapper<unknown>> {\n return this.request<unknown>(`/api/v1/auth/admin/rbac/roles/${encodeURIComponent(roleId)}/permissions`, { method: 'DELETE', body: JSON.stringify(body) });\n }\n\n // RBAC: Resolve user permissions\n async rbacResolveUserPermissions(userId: string, params: { tenant_id?: string }): Promise<ResponseWrapper<RbacResolvedPermissionsResp>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<RbacResolvedPermissionsResp>(`/api/v1/auth/admin/rbac/users/${encodeURIComponent(userId)}/permissions/resolve${qs}`, { method: 'GET' });\n }\n\n // ==============================\n // FGA (Admin-only endpoints)\n // ==============================\n\n // Groups: list\n async fgaListGroups(params: { tenant_id?: string }): Promise<ResponseWrapper<FgaGroupsResp>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<FgaGroupsResp>(`/api/v1/auth/admin/fga/groups${qs}`, { method: 'GET' });\n }\n\n // Groups: create\n async fgaCreateGroup(body: { tenant_id?: string; name: string; description?: string | null }): Promise<ResponseWrapper<FgaGroup>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { tenant_id: tenant, name: body.name, description: body?.description ?? null } as any;\n return this.request<FgaGroup>(`/api/v1/auth/admin/fga/groups`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // Groups: delete\n async fgaDeleteGroup(id: string, params: { tenant_id?: string }): Promise<ResponseWrapper<unknown>> {\n const tenant = params?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const qs = this.buildQuery({ tenant_id: tenant });\n return this.request<unknown>(`/api/v1/auth/admin/fga/groups/${encodeURIComponent(id)}${qs}`, { method: 'DELETE' });\n }\n\n // Group membership: add\n async fgaAddGroupMember(groupId: string, body: { user_id: string }): Promise<ResponseWrapper<unknown>> {\n const payload = { user_id: body.user_id } as any;\n return this.request<unknown>(`/api/v1/auth/admin/fga/groups/${encodeURIComponent(groupId)}/members`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // Group membership: remove\n async fgaRemoveGroupMember(groupId: string, body: { user_id: string }): Promise<ResponseWrapper<unknown>> {\n const payload = { user_id: body.user_id } as any;\n return this.request<unknown>(`/api/v1/auth/admin/fga/groups/${encodeURIComponent(groupId)}/members`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // ACL tuples: create\n async fgaCreateAclTuple(body: { tenant_id?: string; subject_type: string; subject_id: string; permission_key: string; object_type: string; object_id?: string | null; created_by?: string | null }): Promise<ResponseWrapper<FgaAclTuple>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { ...body, tenant_id: tenant } as any;\n return this.request<FgaAclTuple>(`/api/v1/auth/admin/fga/acl/tuples`, { method: 'POST', body: JSON.stringify(payload) });\n }\n\n // ACL tuples: delete\n async fgaDeleteAclTuple(body: { tenant_id?: string; subject_type: string; subject_id: string; permission_key: string; object_type: string; object_id?: string | null }): Promise<ResponseWrapper<unknown>> {\n const tenant = body?.tenant_id ?? this.tenantId;\n if (!tenant) throw new Error('tenant_id is required');\n const payload = { ...body, tenant_id: tenant } as any;\n return this.request<unknown>(`/api/v1/auth/admin/fga/acl/tuples`, { method: 'DELETE', body: JSON.stringify(payload) });\n }\n\n // ==============================\n // OAuth2 Discovery (RFC 8414)\n // ==============================\n\n /**\n * Fetch OAuth 2.0 Authorization Server Metadata (RFC 8414)\n * Returns server capabilities including supported auth modes, endpoints, and grant types.\n * This endpoint is public and does not require authentication.\n */\n async getOAuth2Metadata(): Promise<ResponseWrapper<OAuth2MetadataResp>> {\n return this.request<OAuth2MetadataResp>('/.well-known/oauth-authorization-server', { method: 'GET' });\n }\n\n /**\n * Static helper to discover OAuth2 metadata from any Guard API base URL.\n * Useful for auto-configuration before creating a GuardClient instance.\n *\n * @example\n * ```ts\n * const metadata = await GuardClient.discover('https://api.example.com');\n * console.log(metadata.guard_auth_modes_supported); // ['bearer', 'cookie']\n * console.log(metadata.guard_auth_mode_default); // 'bearer'\n *\n * // Create client with discovered default auth mode\n * const client = new GuardClient({\n * baseUrl: 'https://api.example.com',\n * authMode: metadata.guard_auth_mode_default as 'bearer' | 'cookie'\n * });\n * ```\n */\n static async discover(baseUrl: string, fetchImpl?: FetchLike): Promise<OAuth2MetadataResp> {\n const fetch = fetchImpl ?? (typeof window !== 'undefined' ? window.fetch.bind(window) : globalThis.fetch);\n const url = `${baseUrl}/.well-known/oauth-authorization-server`;\n const response = await fetch(url, { method: 'GET' });\n\n if (!response.ok) {\n throw new Error(`Discovery failed: ${response.status} ${response.statusText}`);\n }\n\n return response.json();\n }\n}\n","import { authenticator } from 'otplib';\n\n// Generate a 6-digit TOTP code from a base32 secret.\n// Defaults: step=30s, digits=6, algorithm=SHA1 (industry standard for TOTP)\nexport function generateTOTPCode(base32Secret: string): string {\n if (!base32Secret || typeof base32Secret !== 'string') {\n throw new Error('TOTP secret must be a non-empty base32 string');\n }\n return authenticator.generate(base32Secret);\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@corvushold/guard-sdk",
3
- "version": "0.7.0",
3
+ "version": "0.8.1",
4
4
  "description": "Guard CAS TypeScript SDK for Node.js, browsers, and React Native (beta)",
5
5
  "license": "Apache-2.0",
6
6
  "author": {