@de-otio/trellis 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1249) hide show
  1. package/LICENSE +661 -0
  2. package/dist/db.js +10 -18
  3. package/dist/db.js.map +1 -1
  4. package/dist/env.d.ts +66 -6
  5. package/dist/env.d.ts.map +1 -1
  6. package/dist/env.js +89 -70
  7. package/dist/env.js.map +1 -1
  8. package/dist/extensions.js +3 -8
  9. package/dist/extensions.js.map +1 -1
  10. package/dist/index.d.ts +2 -2
  11. package/dist/index.d.ts.map +1 -1
  12. package/dist/index.js +2 -9
  13. package/dist/index.js.map +1 -1
  14. package/dist/lambda/cleanup-cron.d.ts.map +1 -1
  15. package/dist/lambda/cleanup-cron.js +20 -24
  16. package/dist/lambda/cleanup-cron.js.map +1 -1
  17. package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
  18. package/dist/lambda/create-auth-challenge.js +17 -19
  19. package/dist/lambda/create-auth-challenge.js.map +1 -1
  20. package/dist/lambda/custom-message.js +1 -5
  21. package/dist/lambda/custom-message.js.map +1 -1
  22. package/dist/lambda/define-auth-challenge.js +1 -5
  23. package/dist/lambda/define-auth-challenge.js.map +1 -1
  24. package/dist/lambda/delete-account-worker.d.ts.map +1 -1
  25. package/dist/lambda/delete-account-worker.js +25 -58
  26. package/dist/lambda/delete-account-worker.js.map +1 -1
  27. package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
  28. package/dist/lambda/diagnostics-proxy.js +14 -49
  29. package/dist/lambda/diagnostics-proxy.js.map +1 -1
  30. package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
  31. package/dist/lambda/e2e-sweeper.js +30 -38
  32. package/dist/lambda/e2e-sweeper.js.map +1 -1
  33. package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
  34. package/dist/lambda/federation-outbox-worker.js +4 -6
  35. package/dist/lambda/federation-outbox-worker.js.map +1 -1
  36. package/dist/lambda/followers-events-worker.d.ts.map +1 -1
  37. package/dist/lambda/followers-events-worker.js +4 -6
  38. package/dist/lambda/followers-events-worker.js.map +1 -1
  39. package/dist/lambda/hourly-cron.d.ts.map +1 -1
  40. package/dist/lambda/hourly-cron.js +100 -32
  41. package/dist/lambda/hourly-cron.js.map +1 -1
  42. package/dist/lambda/link-check-worker.d.ts.map +1 -1
  43. package/dist/lambda/link-check-worker.js +4 -6
  44. package/dist/lambda/link-check-worker.js.map +1 -1
  45. package/dist/lambda/maintenance-cron.d.ts.map +1 -1
  46. package/dist/lambda/maintenance-cron.js +30 -63
  47. package/dist/lambda/maintenance-cron.js.map +1 -1
  48. package/dist/lambda/media-processing-worker.d.ts.map +1 -1
  49. package/dist/lambda/media-processing-worker.js +11 -46
  50. package/dist/lambda/media-processing-worker.js.map +1 -1
  51. package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
  52. package/dist/lambda/media-reconciliation-worker.js +4 -6
  53. package/dist/lambda/media-reconciliation-worker.js.map +1 -1
  54. package/dist/lambda/nightly-cron.d.ts.map +1 -1
  55. package/dist/lambda/nightly-cron.js +67 -112
  56. package/dist/lambda/nightly-cron.js.map +1 -1
  57. package/dist/lambda/post-confirmation.d.ts.map +1 -1
  58. package/dist/lambda/post-confirmation.js +147 -45
  59. package/dist/lambda/post-confirmation.js.map +1 -1
  60. package/dist/lambda/pre-signup.js +7 -11
  61. package/dist/lambda/pre-signup.js.map +1 -1
  62. package/dist/lambda/pre-token-generation.d.ts.map +1 -1
  63. package/dist/lambda/pre-token-generation.js +27 -35
  64. package/dist/lambda/pre-token-generation.js.map +1 -1
  65. package/dist/lambda/tools/check-health.js +1 -5
  66. package/dist/lambda/tools/check-health.js.map +1 -1
  67. package/dist/lambda/tools/describe-services.js +4 -8
  68. package/dist/lambda/tools/describe-services.js.map +1 -1
  69. package/dist/lambda/tools/get-cost-report.js +4 -8
  70. package/dist/lambda/tools/get-cost-report.js.map +1 -1
  71. package/dist/lambda/tools/get-errors.js +5 -9
  72. package/dist/lambda/tools/get-errors.js.map +1 -1
  73. package/dist/lambda/tools/get-feature-flags.js +4 -8
  74. package/dist/lambda/tools/get-feature-flags.js.map +1 -1
  75. package/dist/lambda/tools/get-queue-status.js +5 -9
  76. package/dist/lambda/tools/get-queue-status.js.map +1 -1
  77. package/dist/lambda/tools/search-logs.js +5 -9
  78. package/dist/lambda/tools/search-logs.js.map +1 -1
  79. package/dist/lambda/tools/send-alert.js +4 -8
  80. package/dist/lambda/tools/send-alert.js.map +1 -1
  81. package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
  82. package/dist/lambda/verify-auth-challenge.js +10 -12
  83. package/dist/lambda/verify-auth-challenge.js.map +1 -1
  84. package/dist/lib/abuse-metrics.d.ts.map +1 -1
  85. package/dist/lib/abuse-metrics.js +10 -13
  86. package/dist/lib/abuse-metrics.js.map +1 -1
  87. package/dist/lib/activitypub/activity-processor.d.ts +1 -1
  88. package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
  89. package/dist/lib/activitypub/activity-processor.js +9 -43
  90. package/dist/lib/activitypub/activity-processor.js.map +1 -1
  91. package/dist/lib/activitypub/activity-service.js +1 -5
  92. package/dist/lib/activitypub/activity-service.js.map +1 -1
  93. package/dist/lib/activitypub/actor.d.ts +1 -1
  94. package/dist/lib/activitypub/actor.d.ts.map +1 -1
  95. package/dist/lib/activitypub/actor.js +1 -5
  96. package/dist/lib/activitypub/actor.js.map +1 -1
  97. package/dist/lib/activitypub/audience-service.d.ts +2 -2
  98. package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
  99. package/dist/lib/activitypub/audience-service.js +8 -12
  100. package/dist/lib/activitypub/audience-service.js.map +1 -1
  101. package/dist/lib/activitypub/crypto.d.ts +1 -1
  102. package/dist/lib/activitypub/crypto.d.ts.map +1 -1
  103. package/dist/lib/activitypub/crypto.js +3 -41
  104. package/dist/lib/activitypub/crypto.js.map +1 -1
  105. package/dist/lib/activitypub/delivery-service.d.ts +5 -5
  106. package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
  107. package/dist/lib/activitypub/delivery-service.js +10 -47
  108. package/dist/lib/activitypub/delivery-service.js.map +1 -1
  109. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
  110. package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
  111. package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
  112. package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
  113. package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
  114. package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
  115. package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
  116. package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
  117. package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
  118. package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
  119. package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
  120. package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
  121. package/dist/lib/activitypub/dm-service.js +1 -5
  122. package/dist/lib/activitypub/dm-service.js.map +1 -1
  123. package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
  124. package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
  125. package/dist/lib/activitypub/entity-profile-service.js +6 -10
  126. package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
  127. package/dist/lib/activitypub/fedify/config.d.ts +3 -3
  128. package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
  129. package/dist/lib/activitypub/fedify/config.js +5 -8
  130. package/dist/lib/activitypub/fedify/config.js.map +1 -1
  131. package/dist/lib/activitypub/fedify/context.d.ts +1 -1
  132. package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
  133. package/dist/lib/activitypub/fedify/context.js +8 -12
  134. package/dist/lib/activitypub/fedify/context.js.map +1 -1
  135. package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
  136. package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
  137. package/dist/lib/activitypub/fedify/runtime.js +3 -6
  138. package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
  139. package/dist/lib/activitypub/friendship-service.js +1 -5
  140. package/dist/lib/activitypub/friendship-service.js.map +1 -1
  141. package/dist/lib/activitypub/group-service.d.ts +1 -1
  142. package/dist/lib/activitypub/group-service.d.ts.map +1 -1
  143. package/dist/lib/activitypub/group-service.js +9 -46
  144. package/dist/lib/activitypub/group-service.js.map +1 -1
  145. package/dist/lib/activitypub/http-signatures.js +8 -45
  146. package/dist/lib/activitypub/http-signatures.js.map +1 -1
  147. package/dist/lib/activitypub/jsonld.d.ts +1 -1
  148. package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
  149. package/dist/lib/activitypub/jsonld.js +1 -5
  150. package/dist/lib/activitypub/jsonld.js.map +1 -1
  151. package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
  152. package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
  153. package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
  154. package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
  155. package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
  156. package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
  157. package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
  158. package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
  159. package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
  160. package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
  161. package/dist/lib/activitypub/listeners/inbox.js +31 -35
  162. package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
  163. package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
  164. package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
  165. package/dist/lib/activitypub/listeners/outbox.js +17 -20
  166. package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
  167. package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
  168. package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
  169. package/dist/lib/activitypub/remote-fetch-service.js +6 -10
  170. package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
  171. package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
  172. package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
  173. package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
  174. package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
  175. package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
  176. package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
  177. package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
  178. package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
  179. package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
  180. package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
  181. package/dist/lib/activitypub/services/fedify-converters.js +3 -8
  182. package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
  183. package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
  184. package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
  185. package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
  186. package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
  187. package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
  188. package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
  189. package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
  190. package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
  191. package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
  192. package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
  193. package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
  194. package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
  195. package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
  196. package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
  197. package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
  198. package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
  199. package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
  200. package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
  201. package/dist/lib/activitypub/standalone-mode.js +13 -50
  202. package/dist/lib/activitypub/standalone-mode.js.map +1 -1
  203. package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
  204. package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
  205. package/dist/lib/activitypub/webfinger/server.js +18 -54
  206. package/dist/lib/activitypub/webfinger/server.js.map +1 -1
  207. package/dist/lib/age-gate-middleware.d.ts +4 -4
  208. package/dist/lib/age-gate-middleware.d.ts.map +1 -1
  209. package/dist/lib/age-gate-middleware.js +3 -6
  210. package/dist/lib/age-gate-middleware.js.map +1 -1
  211. package/dist/lib/age-gate.js +3 -8
  212. package/dist/lib/age-gate.js.map +1 -1
  213. package/dist/lib/age-tier-transition.d.ts +1 -1
  214. package/dist/lib/age-tier-transition.d.ts.map +1 -1
  215. package/dist/lib/age-tier-transition.js +7 -44
  216. package/dist/lib/age-tier-transition.js.map +1 -1
  217. package/dist/lib/app.d.ts +76 -0
  218. package/dist/lib/app.d.ts.map +1 -0
  219. package/dist/lib/app.js +400 -0
  220. package/dist/lib/app.js.map +1 -0
  221. package/dist/lib/audit/csv-export.js +6 -13
  222. package/dist/lib/audit/csv-export.js.map +1 -1
  223. package/dist/lib/audit/pii-filter.d.ts +9 -0
  224. package/dist/lib/audit/pii-filter.d.ts.map +1 -1
  225. package/dist/lib/audit/pii-filter.js +57 -7
  226. package/dist/lib/audit/pii-filter.js.map +1 -1
  227. package/dist/lib/audit-actions.d.ts +94 -0
  228. package/dist/lib/audit-actions.d.ts.map +1 -0
  229. package/dist/lib/audit-actions.js +107 -0
  230. package/dist/lib/audit-actions.js.map +1 -0
  231. package/dist/lib/audit-composer.d.ts +174 -0
  232. package/dist/lib/audit-composer.d.ts.map +1 -0
  233. package/dist/lib/audit-composer.js +421 -0
  234. package/dist/lib/audit-composer.js.map +1 -0
  235. package/dist/lib/auth/auth-context.d.ts +1 -1
  236. package/dist/lib/auth/auth-context.js +1 -2
  237. package/dist/lib/auth/auth-context.js.map +1 -1
  238. package/dist/lib/auth/auth-middleware.d.ts +16 -2
  239. package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
  240. package/dist/lib/auth/auth-middleware.js +36 -45
  241. package/dist/lib/auth/auth-middleware.js.map +1 -1
  242. package/dist/lib/auth/capabilities.js +2 -5
  243. package/dist/lib/auth/capabilities.js.map +1 -1
  244. package/dist/lib/auth/claims-cache.d.ts +2 -2
  245. package/dist/lib/auth/claims-cache.js +19 -24
  246. package/dist/lib/auth/claims-cache.js.map +1 -1
  247. package/dist/lib/auth/cognito-jwt.d.ts +20 -2
  248. package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
  249. package/dist/lib/auth/cognito-jwt.js +83 -23
  250. package/dist/lib/auth/cognito-jwt.js.map +1 -1
  251. package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
  252. package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
  253. package/dist/lib/auth/idp-redirect-builder.js +4 -10
  254. package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
  255. package/dist/lib/auth/require.d.ts +4 -4
  256. package/dist/lib/auth/require.d.ts.map +1 -1
  257. package/dist/lib/auth/require.js +11 -18
  258. package/dist/lib/auth/require.js.map +1 -1
  259. package/dist/lib/auth/role-grants.d.ts +1 -1
  260. package/dist/lib/auth/role-grants.d.ts.map +1 -1
  261. package/dist/lib/auth/role-grants.js +28 -31
  262. package/dist/lib/auth/role-grants.js.map +1 -1
  263. package/dist/lib/auth-context-manager.js +1 -5
  264. package/dist/lib/auth-context-manager.js.map +1 -1
  265. package/dist/lib/auth-handler.d.ts +5 -5
  266. package/dist/lib/auth-handler.d.ts.map +1 -1
  267. package/dist/lib/auth-handler.js +5 -9
  268. package/dist/lib/auth-handler.js.map +1 -1
  269. package/dist/lib/badge-handler.d.ts +1 -1
  270. package/dist/lib/badge-handler.d.ts.map +1 -1
  271. package/dist/lib/badge-handler.js +14 -52
  272. package/dist/lib/badge-handler.js.map +1 -1
  273. package/dist/lib/circle-handler.d.ts +10 -10
  274. package/dist/lib/circle-handler.d.ts.map +1 -1
  275. package/dist/lib/circle-handler.js +10 -47
  276. package/dist/lib/circle-handler.js.map +1 -1
  277. package/dist/lib/cognito/idp-sdk.js +11 -18
  278. package/dist/lib/cognito/idp-sdk.js.map +1 -1
  279. package/dist/lib/cognito/issuer-probe.js +9 -14
  280. package/dist/lib/cognito/issuer-probe.js.map +1 -1
  281. package/dist/lib/comment-handler.d.ts +10 -10
  282. package/dist/lib/comment-handler.d.ts.map +1 -1
  283. package/dist/lib/comment-handler.js +61 -97
  284. package/dist/lib/comment-handler.js.map +1 -1
  285. package/dist/lib/compliance/baseline.d.ts +2 -2
  286. package/dist/lib/compliance/baseline.d.ts.map +1 -1
  287. package/dist/lib/compliance/baseline.js +15 -18
  288. package/dist/lib/compliance/baseline.js.map +1 -1
  289. package/dist/lib/compliance/tenant-merge.d.ts +1 -1
  290. package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
  291. package/dist/lib/compliance/tenant-merge.js +1 -4
  292. package/dist/lib/compliance/tenant-merge.js.map +1 -1
  293. package/dist/lib/compliance/types.d.ts +1 -1
  294. package/dist/lib/compliance/types.js +2 -3
  295. package/dist/lib/compliance/types.js.map +1 -1
  296. package/dist/lib/connection-code-handler.d.ts +7 -7
  297. package/dist/lib/connection-code-handler.d.ts.map +1 -1
  298. package/dist/lib/connection-code-handler.js +13 -50
  299. package/dist/lib/connection-code-handler.js.map +1 -1
  300. package/dist/lib/content-discovery.d.ts +1 -1
  301. package/dist/lib/content-discovery.d.ts.map +1 -1
  302. package/dist/lib/content-discovery.js +15 -52
  303. package/dist/lib/content-discovery.js.map +1 -1
  304. package/dist/lib/context-aware-data-access.d.ts +1 -1
  305. package/dist/lib/context-aware-data-access.d.ts.map +1 -1
  306. package/dist/lib/context-aware-data-access.js +1 -5
  307. package/dist/lib/context-aware-data-access.js.map +1 -1
  308. package/dist/lib/cors-handler.d.ts +1 -1
  309. package/dist/lib/cors-handler.d.ts.map +1 -1
  310. package/dist/lib/cors-handler.js +13 -17
  311. package/dist/lib/cors-handler.js.map +1 -1
  312. package/dist/lib/cost-accumulator.d.ts.map +1 -1
  313. package/dist/lib/cost-accumulator.js +7 -11
  314. package/dist/lib/cost-accumulator.js.map +1 -1
  315. package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
  316. package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
  317. package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
  318. package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
  319. package/dist/lib/crypto/voting/hash-utils.js +6 -12
  320. package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
  321. package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
  322. package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
  323. package/dist/lib/crypto/voting/index.js +4 -14
  324. package/dist/lib/crypto/voting/index.js.map +1 -1
  325. package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
  326. package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
  327. package/dist/lib/csrf.d.ts +2 -2
  328. package/dist/lib/csrf.d.ts.map +1 -1
  329. package/dist/lib/csrf.js +1 -5
  330. package/dist/lib/csrf.js.map +1 -1
  331. package/dist/lib/data-router.d.ts +5 -4
  332. package/dist/lib/data-router.d.ts.map +1 -1
  333. package/dist/lib/data-router.js +60 -90
  334. package/dist/lib/data-router.js.map +1 -1
  335. package/dist/lib/database-circuit-breaker.d.ts +61 -34
  336. package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
  337. package/dist/lib/database-circuit-breaker.js +102 -109
  338. package/dist/lib/database-circuit-breaker.js.map +1 -1
  339. package/dist/lib/database-config.js +1 -4
  340. package/dist/lib/database-config.js.map +1 -1
  341. package/dist/lib/database-connection-manager.d.ts +42 -2
  342. package/dist/lib/database-connection-manager.d.ts.map +1 -1
  343. package/dist/lib/database-connection-manager.js +178 -74
  344. package/dist/lib/database-connection-manager.js.map +1 -1
  345. package/dist/lib/database-monitor.d.ts +1 -1
  346. package/dist/lib/database-monitor.d.ts.map +1 -1
  347. package/dist/lib/database-monitor.js +5 -9
  348. package/dist/lib/database-monitor.js.map +1 -1
  349. package/dist/lib/database-rate-limiter.d.ts +1 -1
  350. package/dist/lib/database-rate-limiter.d.ts.map +1 -1
  351. package/dist/lib/database-rate-limiter.js +3 -7
  352. package/dist/lib/database-rate-limiter.js.map +1 -1
  353. package/dist/lib/database-wrapper-helper.d.ts +2 -2
  354. package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
  355. package/dist/lib/database-wrapper-helper.js +7 -11
  356. package/dist/lib/database-wrapper-helper.js.map +1 -1
  357. package/dist/lib/database-wrapper.d.ts +1 -1
  358. package/dist/lib/database-wrapper.d.ts.map +1 -1
  359. package/dist/lib/database-wrapper.js +5 -9
  360. package/dist/lib/database-wrapper.js.map +1 -1
  361. package/dist/lib/db-query-helper.d.ts +3 -3
  362. package/dist/lib/db-query-helper.d.ts.map +1 -1
  363. package/dist/lib/db-query-helper.js +4 -9
  364. package/dist/lib/db-query-helper.js.map +1 -1
  365. package/dist/lib/discovery-exposure.d.ts +42 -0
  366. package/dist/lib/discovery-exposure.d.ts.map +1 -0
  367. package/dist/lib/discovery-exposure.js +89 -0
  368. package/dist/lib/discovery-exposure.js.map +1 -0
  369. package/dist/lib/discovery-handler.d.ts +6 -6
  370. package/dist/lib/discovery-handler.d.ts.map +1 -1
  371. package/dist/lib/discovery-handler.js +10 -43
  372. package/dist/lib/discovery-handler.js.map +1 -1
  373. package/dist/lib/domain-reputation-service.d.ts +1 -1
  374. package/dist/lib/domain-reputation-service.d.ts.map +1 -1
  375. package/dist/lib/domain-reputation-service.js +12 -15
  376. package/dist/lib/domain-reputation-service.js.map +1 -1
  377. package/dist/lib/email-privacy.js +4 -8
  378. package/dist/lib/email-privacy.js.map +1 -1
  379. package/dist/lib/email-provider.d.ts +2 -2
  380. package/dist/lib/email-provider.d.ts.map +1 -1
  381. package/dist/lib/email-provider.js +8 -16
  382. package/dist/lib/email-provider.js.map +1 -1
  383. package/dist/lib/entity-handler.d.ts +5 -6
  384. package/dist/lib/entity-handler.d.ts.map +1 -1
  385. package/dist/lib/entity-handler.js +45 -80
  386. package/dist/lib/entity-handler.js.map +1 -1
  387. package/dist/lib/entity-relationship-handler.d.ts +9 -9
  388. package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
  389. package/dist/lib/entity-relationship-handler.js +14 -51
  390. package/dist/lib/entity-relationship-handler.js.map +1 -1
  391. package/dist/lib/entity-tagging-errors.js +4 -11
  392. package/dist/lib/entity-tagging-errors.js.map +1 -1
  393. package/dist/lib/entity-tagging-validator.d.ts +3 -3
  394. package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
  395. package/dist/lib/entity-tagging-validator.js +6 -11
  396. package/dist/lib/entity-tagging-validator.js.map +1 -1
  397. package/dist/lib/exif-stripper.js +1 -4
  398. package/dist/lib/exif-stripper.js.map +1 -1
  399. package/dist/lib/extension-context.d.ts +2 -2
  400. package/dist/lib/extension-context.d.ts.map +1 -1
  401. package/dist/lib/extension-context.js +1 -4
  402. package/dist/lib/extension-context.js.map +1 -1
  403. package/dist/lib/extension-route-wrapper.d.ts +1 -1
  404. package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
  405. package/dist/lib/extension-route-wrapper.js +17 -55
  406. package/dist/lib/extension-route-wrapper.js.map +1 -1
  407. package/dist/lib/extension-validator.js +3 -6
  408. package/dist/lib/extension-validator.js.map +1 -1
  409. package/dist/lib/feature-flags.d.ts +5 -2
  410. package/dist/lib/feature-flags.d.ts.map +1 -1
  411. package/dist/lib/feature-flags.js +15 -48
  412. package/dist/lib/feature-flags.js.map +1 -1
  413. package/dist/lib/feature-toggle-global-client.d.ts +6 -0
  414. package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
  415. package/dist/lib/feature-toggle-global-client.js +73 -0
  416. package/dist/lib/feature-toggle-global-client.js.map +1 -0
  417. package/dist/lib/feature-toggle-service.d.ts +137 -27
  418. package/dist/lib/feature-toggle-service.d.ts.map +1 -1
  419. package/dist/lib/feature-toggle-service.js +302 -119
  420. package/dist/lib/feature-toggle-service.js.map +1 -1
  421. package/dist/lib/feed-handler.d.ts +8 -8
  422. package/dist/lib/feed-handler.d.ts.map +1 -1
  423. package/dist/lib/feed-handler.js +33 -62
  424. package/dist/lib/feed-handler.js.map +1 -1
  425. package/dist/lib/feed-pagination.d.ts +26 -0
  426. package/dist/lib/feed-pagination.d.ts.map +1 -1
  427. package/dist/lib/feed-pagination.js +31 -11
  428. package/dist/lib/feed-pagination.js.map +1 -1
  429. package/dist/lib/feed-personalization.d.ts +1 -1
  430. package/dist/lib/feed-personalization.d.ts.map +1 -1
  431. package/dist/lib/feed-personalization.js +6 -43
  432. package/dist/lib/feed-personalization.js.map +1 -1
  433. package/dist/lib/followers-events.js +8 -13
  434. package/dist/lib/followers-events.js.map +1 -1
  435. package/dist/lib/friends-handler.d.ts +2 -2
  436. package/dist/lib/friends-handler.d.ts.map +1 -1
  437. package/dist/lib/friends-handler.js +9 -46
  438. package/dist/lib/friends-handler.js.map +1 -1
  439. package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
  440. package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
  441. package/dist/lib/geo/entity-geo-repository.js +91 -0
  442. package/dist/lib/geo/entity-geo-repository.js.map +1 -0
  443. package/dist/lib/graph/errors.d.ts.map +1 -1
  444. package/dist/lib/graph/errors.js +13 -18
  445. package/dist/lib/graph/errors.js.map +1 -1
  446. package/dist/lib/graph/graph-factory.d.ts +12 -53
  447. package/dist/lib/graph/graph-factory.d.ts.map +1 -1
  448. package/dist/lib/graph/graph-factory.js +67 -162
  449. package/dist/lib/graph/graph-factory.js.map +1 -1
  450. package/dist/lib/graph/graph-service.d.ts +1 -1
  451. package/dist/lib/graph/graph-service.d.ts.map +1 -1
  452. package/dist/lib/graph/graph-service.js +1 -2
  453. package/dist/lib/graph/graph-service.js.map +1 -1
  454. package/dist/lib/graph/index.d.ts +10 -14
  455. package/dist/lib/graph/index.d.ts.map +1 -1
  456. package/dist/lib/graph/index.js +12 -46
  457. package/dist/lib/graph/index.js.map +1 -1
  458. package/dist/lib/graph/postgres/_shared.d.ts +18 -0
  459. package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
  460. package/dist/lib/graph/postgres/_shared.js +24 -0
  461. package/dist/lib/graph/postgres/_shared.js.map +1 -0
  462. package/dist/lib/graph/postgres/circles.d.ts +66 -0
  463. package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
  464. package/dist/lib/graph/postgres/circles.js +513 -0
  465. package/dist/lib/graph/postgres/circles.js.map +1 -0
  466. package/dist/lib/graph/postgres/discovery.d.ts +165 -0
  467. package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
  468. package/dist/lib/graph/postgres/discovery.js +579 -0
  469. package/dist/lib/graph/postgres/discovery.js.map +1 -0
  470. package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
  471. package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
  472. package/dist/lib/graph/postgres/entity-relationships.js +304 -0
  473. package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
  474. package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
  475. package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
  476. package/dist/lib/graph/postgres/interaction-events.js +162 -0
  477. package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
  478. package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
  479. package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
  480. package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
  481. package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
  482. package/dist/lib/graph/postgres/relationships.d.ts +58 -0
  483. package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
  484. package/dist/lib/graph/postgres/relationships.js +314 -0
  485. package/dist/lib/graph/postgres/relationships.js.map +1 -0
  486. package/dist/lib/graph/postgres/scoring.d.ts +74 -0
  487. package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
  488. package/dist/lib/graph/postgres/scoring.js +297 -0
  489. package/dist/lib/graph/postgres/scoring.js.map +1 -0
  490. package/dist/lib/graph/postgres/sync.d.ts +149 -0
  491. package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
  492. package/dist/lib/graph/postgres/sync.js +269 -0
  493. package/dist/lib/graph/postgres/sync.js.map +1 -0
  494. package/dist/lib/graph/scoring-engine.d.ts +7 -1
  495. package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
  496. package/dist/lib/graph/scoring-engine.js +29 -35
  497. package/dist/lib/graph/scoring-engine.js.map +1 -1
  498. package/dist/lib/graph/types.d.ts +18 -1
  499. package/dist/lib/graph/types.d.ts.map +1 -1
  500. package/dist/lib/graph/types.js +1 -2
  501. package/dist/lib/graph/types.js.map +1 -1
  502. package/dist/lib/hook-dispatcher.d.ts +1 -1
  503. package/dist/lib/hook-dispatcher.d.ts.map +1 -1
  504. package/dist/lib/hook-dispatcher.js +8 -12
  505. package/dist/lib/hook-dispatcher.js.map +1 -1
  506. package/dist/lib/input-sanitizer.js +1 -5
  507. package/dist/lib/input-sanitizer.js.map +1 -1
  508. package/dist/lib/internal-docs-handler.d.ts +2 -2
  509. package/dist/lib/internal-docs-handler.d.ts.map +1 -1
  510. package/dist/lib/internal-docs-handler.js +20 -28
  511. package/dist/lib/internal-docs-handler.js.map +1 -1
  512. package/dist/lib/internal-docs-navigation.js +2 -6
  513. package/dist/lib/internal-docs-navigation.js.map +1 -1
  514. package/dist/lib/invitation-handler.d.ts +2 -2
  515. package/dist/lib/invitation-handler.d.ts.map +1 -1
  516. package/dist/lib/invitation-handler.js +41 -82
  517. package/dist/lib/invitation-handler.js.map +1 -1
  518. package/dist/lib/ip-scrubber.js +3 -8
  519. package/dist/lib/ip-scrubber.js.map +1 -1
  520. package/dist/lib/link-security-handler.d.ts +3 -2
  521. package/dist/lib/link-security-handler.d.ts.map +1 -1
  522. package/dist/lib/link-security-handler.js +8 -44
  523. package/dist/lib/link-security-handler.js.map +1 -1
  524. package/dist/lib/logger.d.ts +31 -82
  525. package/dist/lib/logger.d.ts.map +1 -1
  526. package/dist/lib/logger.js +43 -185
  527. package/dist/lib/logger.js.map +1 -1
  528. package/dist/lib/media-cleanup-handler.d.ts +2 -2
  529. package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
  530. package/dist/lib/media-cleanup-handler.js +7 -11
  531. package/dist/lib/media-cleanup-handler.js.map +1 -1
  532. package/dist/lib/media-handler.d.ts +1 -1
  533. package/dist/lib/media-handler.d.ts.map +1 -1
  534. package/dist/lib/media-handler.js +36 -73
  535. package/dist/lib/media-handler.js.map +1 -1
  536. package/dist/lib/media-metadata-extractor.d.ts +1 -1
  537. package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
  538. package/dist/lib/media-metadata-extractor.js +3 -7
  539. package/dist/lib/media-metadata-extractor.js.map +1 -1
  540. package/dist/lib/media-metrics.d.ts +2 -2
  541. package/dist/lib/media-metrics.d.ts.map +1 -1
  542. package/dist/lib/media-metrics.js +3 -7
  543. package/dist/lib/media-metrics.js.map +1 -1
  544. package/dist/lib/metadata/index.d.ts +5 -5
  545. package/dist/lib/metadata/index.d.ts.map +1 -1
  546. package/dist/lib/metadata/index.js +5 -21
  547. package/dist/lib/metadata/index.js.map +1 -1
  548. package/dist/lib/metadata/metadata-config.js +2 -5
  549. package/dist/lib/metadata/metadata-config.js.map +1 -1
  550. package/dist/lib/metadata/metadata-errors.js +2 -7
  551. package/dist/lib/metadata/metadata-errors.js.map +1 -1
  552. package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
  553. package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
  554. package/dist/lib/metadata/metadata-extractor.js +42 -82
  555. package/dist/lib/metadata/metadata-extractor.js.map +1 -1
  556. package/dist/lib/metadata/metadata-sanitizer.js +17 -24
  557. package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
  558. package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
  559. package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
  560. package/dist/lib/metadata/metadata-schemas.js +31 -34
  561. package/dist/lib/metadata/metadata-schemas.js.map +1 -1
  562. package/dist/lib/mfa/mfa-handler.d.ts +1 -1
  563. package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
  564. package/dist/lib/mfa/mfa-handler.js +13 -17
  565. package/dist/lib/mfa/mfa-handler.js.map +1 -1
  566. package/dist/lib/mfa/totp-service.js +8 -18
  567. package/dist/lib/mfa/totp-service.js.map +1 -1
  568. package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
  569. package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
  570. package/dist/lib/middleware/comment-rate-limit.js +7 -10
  571. package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
  572. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
  573. package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
  574. package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
  575. package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
  576. package/dist/lib/middleware/idempotency-store.js +20 -26
  577. package/dist/lib/middleware/idempotency-store.js.map +1 -1
  578. package/dist/lib/middleware/idempotency.d.ts +2 -2
  579. package/dist/lib/middleware/idempotency.d.ts.map +1 -1
  580. package/dist/lib/middleware/idempotency.js +12 -50
  581. package/dist/lib/middleware/idempotency.js.map +1 -1
  582. package/dist/lib/middleware.d.ts +22 -9
  583. package/dist/lib/middleware.d.ts.map +1 -1
  584. package/dist/lib/middleware.js +72 -153
  585. package/dist/lib/middleware.js.map +1 -1
  586. package/dist/lib/moderation-handler.d.ts +1 -1
  587. package/dist/lib/moderation-handler.d.ts.map +1 -1
  588. package/dist/lib/moderation-handler.js +15 -54
  589. package/dist/lib/moderation-handler.js.map +1 -1
  590. package/dist/lib/net/trusted-client-ip.d.ts +8 -30
  591. package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
  592. package/dist/lib/net/trusted-client-ip.js +13 -94
  593. package/dist/lib/net/trusted-client-ip.js.map +1 -1
  594. package/dist/lib/notification-handler.d.ts +1 -1
  595. package/dist/lib/notification-handler.d.ts.map +1 -1
  596. package/dist/lib/notification-handler.js +10 -15
  597. package/dist/lib/notification-handler.js.map +1 -1
  598. package/dist/lib/notification-preferences-handler.d.ts +1 -1
  599. package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
  600. package/dist/lib/notification-preferences-handler.js +7 -11
  601. package/dist/lib/notification-preferences-handler.js.map +1 -1
  602. package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
  603. package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
  604. package/dist/lib/oauth/cognito-issuer.js +5 -10
  605. package/dist/lib/oauth/cognito-issuer.js.map +1 -1
  606. package/dist/lib/oauth/device-authorization.d.ts +1 -1
  607. package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
  608. package/dist/lib/oauth/device-authorization.js +62 -77
  609. package/dist/lib/oauth/device-authorization.js.map +1 -1
  610. package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
  611. package/dist/lib/oauth/envelope-crypto.js +22 -34
  612. package/dist/lib/oauth/envelope-crypto.js.map +1 -1
  613. package/dist/lib/oauth/refresh-detection.js +42 -52
  614. package/dist/lib/oauth/refresh-detection.js.map +1 -1
  615. package/dist/lib/openai-budget.d.ts.map +1 -1
  616. package/dist/lib/openai-budget.js +7 -44
  617. package/dist/lib/openai-budget.js.map +1 -1
  618. package/dist/lib/openapi/generator.d.ts +1 -1
  619. package/dist/lib/openapi/generator.d.ts.map +1 -1
  620. package/dist/lib/openapi/generator.js +2 -6
  621. package/dist/lib/openapi/generator.js.map +1 -1
  622. package/dist/lib/orphaned-media-handler.d.ts +1 -1
  623. package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
  624. package/dist/lib/orphaned-media-handler.js +9 -46
  625. package/dist/lib/orphaned-media-handler.js.map +1 -1
  626. package/dist/lib/parental-control-handler.d.ts +2 -2
  627. package/dist/lib/parental-control-handler.d.ts.map +1 -1
  628. package/dist/lib/parental-control-handler.js +18 -55
  629. package/dist/lib/parental-control-handler.js.map +1 -1
  630. package/dist/lib/parental-link-handler.d.ts +8 -8
  631. package/dist/lib/parental-link-handler.d.ts.map +1 -1
  632. package/dist/lib/parental-link-handler.js +10 -14
  633. package/dist/lib/parental-link-handler.js.map +1 -1
  634. package/dist/lib/performance-metrics.d.ts +1 -1
  635. package/dist/lib/performance-metrics.d.ts.map +1 -1
  636. package/dist/lib/performance-metrics.js +3 -6
  637. package/dist/lib/performance-metrics.js.map +1 -1
  638. package/dist/lib/post-handler.d.ts +9 -9
  639. package/dist/lib/post-handler.d.ts.map +1 -1
  640. package/dist/lib/post-handler.js +67 -101
  641. package/dist/lib/post-handler.js.map +1 -1
  642. package/dist/lib/privacy-defaults.js +3 -8
  643. package/dist/lib/privacy-defaults.js.map +1 -1
  644. package/dist/lib/privacy-handler.d.ts +2 -2
  645. package/dist/lib/privacy-handler.d.ts.map +1 -1
  646. package/dist/lib/privacy-handler.js +6 -10
  647. package/dist/lib/privacy-handler.js.map +1 -1
  648. package/dist/lib/pseudonym.d.ts +56 -0
  649. package/dist/lib/pseudonym.d.ts.map +1 -0
  650. package/dist/lib/pseudonym.js +85 -0
  651. package/dist/lib/pseudonym.js.map +1 -0
  652. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
  653. package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
  654. package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
  655. package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
  656. package/dist/lib/quiet-hours.js +2 -6
  657. package/dist/lib/quiet-hours.js.map +1 -1
  658. package/dist/lib/rate-limit.d.ts +58 -47
  659. package/dist/lib/rate-limit.d.ts.map +1 -1
  660. package/dist/lib/rate-limit.js +168 -157
  661. package/dist/lib/rate-limit.js.map +1 -1
  662. package/dist/lib/reaction-handler.d.ts +10 -10
  663. package/dist/lib/reaction-handler.d.ts.map +1 -1
  664. package/dist/lib/reaction-handler.js +44 -80
  665. package/dist/lib/reaction-handler.js.map +1 -1
  666. package/dist/lib/recaptcha.js +6 -9
  667. package/dist/lib/recaptcha.js.map +1 -1
  668. package/dist/lib/redirect-resolver.d.ts +2 -2
  669. package/dist/lib/redirect-resolver.d.ts.map +1 -1
  670. package/dist/lib/redirect-resolver.js +5 -9
  671. package/dist/lib/redirect-resolver.js.map +1 -1
  672. package/dist/lib/region-config.d.ts +3 -3
  673. package/dist/lib/region-config.d.ts.map +1 -1
  674. package/dist/lib/region-config.js +15 -58
  675. package/dist/lib/region-config.js.map +1 -1
  676. package/dist/lib/region-detection.d.ts +55 -24
  677. package/dist/lib/region-detection.d.ts.map +1 -1
  678. package/dist/lib/region-detection.js +140 -199
  679. package/dist/lib/region-detection.js.map +1 -1
  680. package/dist/lib/region-registry.d.ts +49 -0
  681. package/dist/lib/region-registry.d.ts.map +1 -0
  682. package/dist/lib/region-registry.js +112 -0
  683. package/dist/lib/region-registry.js.map +1 -0
  684. package/dist/lib/relationship-handler.d.ts +9 -9
  685. package/dist/lib/relationship-handler.d.ts.map +1 -1
  686. package/dist/lib/relationship-handler.js +12 -49
  687. package/dist/lib/relationship-handler.js.map +1 -1
  688. package/dist/lib/request-context.d.ts +16 -16
  689. package/dist/lib/request-context.d.ts.map +1 -1
  690. package/dist/lib/request-context.js +14 -22
  691. package/dist/lib/request-context.js.map +1 -1
  692. package/dist/lib/route-helpers.d.ts +3 -4
  693. package/dist/lib/route-helpers.d.ts.map +1 -1
  694. package/dist/lib/route-helpers.js +20 -75
  695. package/dist/lib/route-helpers.js.map +1 -1
  696. package/dist/lib/routes/activitypub/actor.d.ts +1 -1
  697. package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
  698. package/dist/lib/routes/activitypub/actor.js +20 -23
  699. package/dist/lib/routes/activitypub/actor.js.map +1 -1
  700. package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
  701. package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
  702. package/dist/lib/routes/activitypub/audiences.js +76 -80
  703. package/dist/lib/routes/activitypub/audiences.js.map +1 -1
  704. package/dist/lib/routes/activitypub/collections.d.ts +1 -1
  705. package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
  706. package/dist/lib/routes/activitypub/collections.js +24 -26
  707. package/dist/lib/routes/activitypub/collections.js.map +1 -1
  708. package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
  709. package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
  710. package/dist/lib/routes/activitypub/entity-profile.js +36 -39
  711. package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
  712. package/dist/lib/routes/activitypub/friends.d.ts +1 -1
  713. package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
  714. package/dist/lib/routes/activitypub/friends.js +9 -12
  715. package/dist/lib/routes/activitypub/friends.js.map +1 -1
  716. package/dist/lib/routes/activitypub/group.d.ts +1 -1
  717. package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
  718. package/dist/lib/routes/activitypub/group.js +91 -94
  719. package/dist/lib/routes/activitypub/group.js.map +1 -1
  720. package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
  721. package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
  722. package/dist/lib/routes/activitypub/inbox.js +30 -33
  723. package/dist/lib/routes/activitypub/inbox.js.map +1 -1
  724. package/dist/lib/routes/activitypub/messages.d.ts +1 -1
  725. package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
  726. package/dist/lib/routes/activitypub/messages.js +79 -83
  727. package/dist/lib/routes/activitypub/messages.js.map +1 -1
  728. package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
  729. package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
  730. package/dist/lib/routes/activitypub/outbox.js +9 -12
  731. package/dist/lib/routes/activitypub/outbox.js.map +1 -1
  732. package/dist/lib/routes/activitypub/post.d.ts +1 -1
  733. package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
  734. package/dist/lib/routes/activitypub/post.js +32 -35
  735. package/dist/lib/routes/activitypub/post.js.map +1 -1
  736. package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
  737. package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
  738. package/dist/lib/routes/activitypub/webfinger.js +5 -8
  739. package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
  740. package/dist/lib/routes/admin-costs.d.ts +1 -1
  741. package/dist/lib/routes/admin-costs.d.ts.map +1 -1
  742. package/dist/lib/routes/admin-costs.js +22 -26
  743. package/dist/lib/routes/admin-costs.js.map +1 -1
  744. package/dist/lib/routes/admin.d.ts +1 -1
  745. package/dist/lib/routes/admin.d.ts.map +1 -1
  746. package/dist/lib/routes/admin.js +290 -269
  747. package/dist/lib/routes/admin.js.map +1 -1
  748. package/dist/lib/routes/agent-authorize.d.ts +5 -5
  749. package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
  750. package/dist/lib/routes/agent-authorize.js +68 -74
  751. package/dist/lib/routes/agent-authorize.js.map +1 -1
  752. package/dist/lib/routes/agent-sessions.d.ts +4 -4
  753. package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
  754. package/dist/lib/routes/agent-sessions.js +30 -35
  755. package/dist/lib/routes/agent-sessions.js.map +1 -1
  756. package/dist/lib/routes/agent-surface.d.ts +2 -2
  757. package/dist/lib/routes/agent-surface.d.ts.map +1 -1
  758. package/dist/lib/routes/agent-surface.js +20 -24
  759. package/dist/lib/routes/agent-surface.js.map +1 -1
  760. package/dist/lib/routes/auth-discover.d.ts +1 -1
  761. package/dist/lib/routes/auth-discover.d.ts.map +1 -1
  762. package/dist/lib/routes/auth-discover.js +20 -56
  763. package/dist/lib/routes/auth-discover.js.map +1 -1
  764. package/dist/lib/routes/auth.d.ts +1 -1
  765. package/dist/lib/routes/auth.d.ts.map +1 -1
  766. package/dist/lib/routes/auth.js +13 -16
  767. package/dist/lib/routes/auth.js.map +1 -1
  768. package/dist/lib/routes/badges.d.ts +1 -1
  769. package/dist/lib/routes/badges.d.ts.map +1 -1
  770. package/dist/lib/routes/badges.js +20 -23
  771. package/dist/lib/routes/badges.js.map +1 -1
  772. package/dist/lib/routes/circles.d.ts +1 -1
  773. package/dist/lib/routes/circles.d.ts.map +1 -1
  774. package/dist/lib/routes/circles.js +40 -44
  775. package/dist/lib/routes/circles.js.map +1 -1
  776. package/dist/lib/routes/comments.d.ts +1 -1
  777. package/dist/lib/routes/comments.d.ts.map +1 -1
  778. package/dist/lib/routes/comments.js +67 -71
  779. package/dist/lib/routes/comments.js.map +1 -1
  780. package/dist/lib/routes/connection-codes.d.ts +1 -1
  781. package/dist/lib/routes/connection-codes.d.ts.map +1 -1
  782. package/dist/lib/routes/connection-codes.js +30 -34
  783. package/dist/lib/routes/connection-codes.js.map +1 -1
  784. package/dist/lib/routes/content-discovery.d.ts +1 -1
  785. package/dist/lib/routes/content-discovery.d.ts.map +1 -1
  786. package/dist/lib/routes/content-discovery.js +31 -34
  787. package/dist/lib/routes/content-discovery.js.map +1 -1
  788. package/dist/lib/routes/dashboard.d.ts +1 -1
  789. package/dist/lib/routes/dashboard.d.ts.map +1 -1
  790. package/dist/lib/routes/dashboard.js +251 -288
  791. package/dist/lib/routes/dashboard.js.map +1 -1
  792. package/dist/lib/routes/deletion.d.ts +1 -1
  793. package/dist/lib/routes/deletion.d.ts.map +1 -1
  794. package/dist/lib/routes/deletion.js +37 -74
  795. package/dist/lib/routes/deletion.js.map +1 -1
  796. package/dist/lib/routes/discovery.d.ts +1 -1
  797. package/dist/lib/routes/discovery.d.ts.map +1 -1
  798. package/dist/lib/routes/discovery.js +20 -24
  799. package/dist/lib/routes/discovery.js.map +1 -1
  800. package/dist/lib/routes/employees.d.ts +1 -1
  801. package/dist/lib/routes/employees.d.ts.map +1 -1
  802. package/dist/lib/routes/employees.js +15 -52
  803. package/dist/lib/routes/employees.js.map +1 -1
  804. package/dist/lib/routes/entities.d.ts +1 -1
  805. package/dist/lib/routes/entities.d.ts.map +1 -1
  806. package/dist/lib/routes/entities.js +133 -137
  807. package/dist/lib/routes/entities.js.map +1 -1
  808. package/dist/lib/routes/entity-relationships.d.ts +1 -1
  809. package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
  810. package/dist/lib/routes/entity-relationships.js +35 -39
  811. package/dist/lib/routes/entity-relationships.js.map +1 -1
  812. package/dist/lib/routes/errors.d.ts +1 -1
  813. package/dist/lib/routes/errors.d.ts.map +1 -1
  814. package/dist/lib/routes/errors.js +4 -10
  815. package/dist/lib/routes/errors.js.map +1 -1
  816. package/dist/lib/routes/export.d.ts +1 -1
  817. package/dist/lib/routes/export.d.ts.map +1 -1
  818. package/dist/lib/routes/export.js +31 -35
  819. package/dist/lib/routes/export.js.map +1 -1
  820. package/dist/lib/routes/feature-flags.d.ts +1 -1
  821. package/dist/lib/routes/feature-flags.d.ts.map +1 -1
  822. package/dist/lib/routes/feature-flags.js +20 -23
  823. package/dist/lib/routes/feature-flags.js.map +1 -1
  824. package/dist/lib/routes/feeds.d.ts +1 -1
  825. package/dist/lib/routes/feeds.d.ts.map +1 -1
  826. package/dist/lib/routes/feeds.js +42 -46
  827. package/dist/lib/routes/feeds.js.map +1 -1
  828. package/dist/lib/routes/friends.d.ts +1 -1
  829. package/dist/lib/routes/friends.d.ts.map +1 -1
  830. package/dist/lib/routes/friends.js +35 -39
  831. package/dist/lib/routes/friends.js.map +1 -1
  832. package/dist/lib/routes/health.d.ts +1 -1
  833. package/dist/lib/routes/health.d.ts.map +1 -1
  834. package/dist/lib/routes/health.js +23 -27
  835. package/dist/lib/routes/health.js.map +1 -1
  836. package/dist/lib/routes/index.d.ts +2 -7
  837. package/dist/lib/routes/index.d.ts.map +1 -1
  838. package/dist/lib/routes/index.js +137 -158
  839. package/dist/lib/routes/index.js.map +1 -1
  840. package/dist/lib/routes/internal-docs.d.ts +1 -1
  841. package/dist/lib/routes/internal-docs.d.ts.map +1 -1
  842. package/dist/lib/routes/internal-docs.js +13 -16
  843. package/dist/lib/routes/internal-docs.js.map +1 -1
  844. package/dist/lib/routes/invitations.d.ts +1 -1
  845. package/dist/lib/routes/invitations.d.ts.map +1 -1
  846. package/dist/lib/routes/invitations.js +19 -22
  847. package/dist/lib/routes/invitations.js.map +1 -1
  848. package/dist/lib/routes/link-reports.d.ts +2 -2
  849. package/dist/lib/routes/link-reports.d.ts.map +1 -1
  850. package/dist/lib/routes/link-reports.js +86 -48
  851. package/dist/lib/routes/link-reports.js.map +1 -1
  852. package/dist/lib/routes/map.d.ts +1 -1
  853. package/dist/lib/routes/map.d.ts.map +1 -1
  854. package/dist/lib/routes/map.js +5 -8
  855. package/dist/lib/routes/map.js.map +1 -1
  856. package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
  857. package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
  858. package/dist/lib/routes/media-metadata-visibility.js +30 -67
  859. package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
  860. package/dist/lib/routes/media.d.ts +1 -1
  861. package/dist/lib/routes/media.d.ts.map +1 -1
  862. package/dist/lib/routes/media.js +156 -193
  863. package/dist/lib/routes/media.js.map +1 -1
  864. package/dist/lib/routes/mfa.d.ts +1 -1
  865. package/dist/lib/routes/mfa.d.ts.map +1 -1
  866. package/dist/lib/routes/mfa.js +60 -64
  867. package/dist/lib/routes/mfa.js.map +1 -1
  868. package/dist/lib/routes/notifications.d.ts +1 -1
  869. package/dist/lib/routes/notifications.d.ts.map +1 -1
  870. package/dist/lib/routes/notifications.js +68 -72
  871. package/dist/lib/routes/notifications.js.map +1 -1
  872. package/dist/lib/routes/oauth.d.ts +1 -1
  873. package/dist/lib/routes/oauth.d.ts.map +1 -1
  874. package/dist/lib/routes/oauth.js +20 -23
  875. package/dist/lib/routes/oauth.js.map +1 -1
  876. package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
  877. package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
  878. package/dist/lib/routes/orphaned-media-health.js +10 -13
  879. package/dist/lib/routes/orphaned-media-health.js.map +1 -1
  880. package/dist/lib/routes/orphaned-media.d.ts +1 -1
  881. package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
  882. package/dist/lib/routes/orphaned-media.js +20 -57
  883. package/dist/lib/routes/orphaned-media.js.map +1 -1
  884. package/dist/lib/routes/out.d.ts +1 -1
  885. package/dist/lib/routes/out.d.ts.map +1 -1
  886. package/dist/lib/routes/out.js +21 -24
  887. package/dist/lib/routes/out.js.map +1 -1
  888. package/dist/lib/routes/parental-controls.d.ts +1 -1
  889. package/dist/lib/routes/parental-controls.d.ts.map +1 -1
  890. package/dist/lib/routes/parental-controls.js +91 -95
  891. package/dist/lib/routes/parental-controls.js.map +1 -1
  892. package/dist/lib/routes/posts.d.ts +1 -1
  893. package/dist/lib/routes/posts.d.ts.map +1 -1
  894. package/dist/lib/routes/posts.js +101 -105
  895. package/dist/lib/routes/posts.js.map +1 -1
  896. package/dist/lib/routes/privacy.d.ts +1 -1
  897. package/dist/lib/routes/privacy.d.ts.map +1 -1
  898. package/dist/lib/routes/privacy.js +21 -25
  899. package/dist/lib/routes/privacy.js.map +1 -1
  900. package/dist/lib/routes/products.d.ts +1 -1
  901. package/dist/lib/routes/products.d.ts.map +1 -1
  902. package/dist/lib/routes/products.js +44 -48
  903. package/dist/lib/routes/products.js.map +1 -1
  904. package/dist/lib/routes/relationships.d.ts +1 -1
  905. package/dist/lib/routes/relationships.d.ts.map +1 -1
  906. package/dist/lib/routes/relationships.js +35 -39
  907. package/dist/lib/routes/relationships.js.map +1 -1
  908. package/dist/lib/routes/sentiments.d.ts +1 -1
  909. package/dist/lib/routes/sentiments.d.ts.map +1 -1
  910. package/dist/lib/routes/sentiments.js +71 -75
  911. package/dist/lib/routes/sentiments.js.map +1 -1
  912. package/dist/lib/routes/setup-status.d.ts +1 -1
  913. package/dist/lib/routes/setup-status.d.ts.map +1 -1
  914. package/dist/lib/routes/setup-status.js +17 -20
  915. package/dist/lib/routes/setup-status.js.map +1 -1
  916. package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
  917. package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
  918. package/dist/lib/routes/taxonomy-analytics.js +29 -33
  919. package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
  920. package/dist/lib/routes/taxonomy.d.ts +1 -1
  921. package/dist/lib/routes/taxonomy.d.ts.map +1 -1
  922. package/dist/lib/routes/taxonomy.js +48 -51
  923. package/dist/lib/routes/taxonomy.js.map +1 -1
  924. package/dist/lib/routes/tenant-audit.d.ts +1 -1
  925. package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
  926. package/dist/lib/routes/tenant-audit.js +35 -92
  927. package/dist/lib/routes/tenant-audit.js.map +1 -1
  928. package/dist/lib/routes/tenant-compliance.d.ts +1 -1
  929. package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
  930. package/dist/lib/routes/tenant-compliance.js +16 -52
  931. package/dist/lib/routes/tenant-compliance.js.map +1 -1
  932. package/dist/lib/routes/tenant-domains.d.ts +1 -1
  933. package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
  934. package/dist/lib/routes/tenant-domains.js +27 -30
  935. package/dist/lib/routes/tenant-domains.js.map +1 -1
  936. package/dist/lib/routes/tenant-idp.d.ts +1 -1
  937. package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
  938. package/dist/lib/routes/tenant-idp.js +27 -30
  939. package/dist/lib/routes/tenant-idp.js.map +1 -1
  940. package/dist/lib/routes/tenant-members.d.ts +1 -1
  941. package/dist/lib/routes/tenant-members.d.ts.map +1 -1
  942. package/dist/lib/routes/tenant-members.js +21 -24
  943. package/dist/lib/routes/tenant-members.js.map +1 -1
  944. package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
  945. package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
  946. package/dist/lib/routes/tenant-role-mappings.js +27 -30
  947. package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
  948. package/dist/lib/routes/tenants.d.ts +1 -1
  949. package/dist/lib/routes/tenants.d.ts.map +1 -1
  950. package/dist/lib/routes/tenants.js +37 -40
  951. package/dist/lib/routes/tenants.js.map +1 -1
  952. package/dist/lib/routes/types.d.ts +10 -5
  953. package/dist/lib/routes/types.d.ts.map +1 -1
  954. package/dist/lib/routes/types.js +1 -2
  955. package/dist/lib/routes/types.js.map +1 -1
  956. package/dist/lib/routes/upload-sessions.d.ts +1 -1
  957. package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
  958. package/dist/lib/routes/upload-sessions.js +57 -94
  959. package/dist/lib/routes/upload-sessions.js.map +1 -1
  960. package/dist/lib/routes/user.d.ts +1 -1
  961. package/dist/lib/routes/user.d.ts.map +1 -1
  962. package/dist/lib/routes/user.js +137 -85
  963. package/dist/lib/routes/user.js.map +1 -1
  964. package/dist/lib/routes.d.ts +2 -2
  965. package/dist/lib/routes.d.ts.map +1 -1
  966. package/dist/lib/routes.js +2 -7
  967. package/dist/lib/routes.js.map +1 -1
  968. package/dist/lib/scaling-health.d.ts.map +1 -1
  969. package/dist/lib/scaling-health.js +6 -9
  970. package/dist/lib/scaling-health.js.map +1 -1
  971. package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
  972. package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
  973. package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
  974. package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
  975. package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
  976. package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
  977. package/dist/lib/schemas.d.ts +85 -204
  978. package/dist/lib/schemas.d.ts.map +1 -1
  979. package/dist/lib/schemas.js +71 -74
  980. package/dist/lib/schemas.js.map +1 -1
  981. package/dist/lib/secrets/idp-secrets.d.ts +1 -1
  982. package/dist/lib/secrets/idp-secrets.js +13 -19
  983. package/dist/lib/secrets/idp-secrets.js.map +1 -1
  984. package/dist/lib/security-event-cleaner.js +1 -5
  985. package/dist/lib/security-event-cleaner.js.map +1 -1
  986. package/dist/lib/security-headers.js +1 -5
  987. package/dist/lib/security-headers.js.map +1 -1
  988. package/dist/lib/security-monitor.d.ts +4 -2
  989. package/dist/lib/security-monitor.d.ts.map +1 -1
  990. package/dist/lib/security-monitor.js +16 -18
  991. package/dist/lib/security-monitor.js.map +1 -1
  992. package/dist/lib/sentiment-digest.d.ts +1 -1
  993. package/dist/lib/sentiment-digest.d.ts.map +1 -1
  994. package/dist/lib/sentiment-digest.js +5 -8
  995. package/dist/lib/sentiment-digest.js.map +1 -1
  996. package/dist/lib/sentiment-display.js +3 -7
  997. package/dist/lib/sentiment-display.js.map +1 -1
  998. package/dist/lib/services/image-normalizer.js +1 -5
  999. package/dist/lib/services/image-normalizer.js.map +1 -1
  1000. package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
  1001. package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
  1002. package/dist/lib/services/media-reconciliation-service.js +7 -11
  1003. package/dist/lib/services/media-reconciliation-service.js.map +1 -1
  1004. package/dist/lib/services/media-upload-service.d.ts +1 -1
  1005. package/dist/lib/services/media-upload-service.d.ts.map +1 -1
  1006. package/dist/lib/services/media-upload-service.js +4 -8
  1007. package/dist/lib/services/media-upload-service.js.map +1 -1
  1008. package/dist/lib/services/user-data-deletion.d.ts +45 -2
  1009. package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
  1010. package/dist/lib/services/user-data-deletion.js +87 -9
  1011. package/dist/lib/services/user-data-deletion.js.map +1 -1
  1012. package/dist/lib/session-awareness.js +2 -6
  1013. package/dist/lib/session-awareness.js.map +1 -1
  1014. package/dist/lib/session-config.js +8 -17
  1015. package/dist/lib/session-config.js.map +1 -1
  1016. package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
  1017. package/dist/lib/session-cookie.d.ts.map +1 -0
  1018. package/dist/lib/session-cookie.js +0 -0
  1019. package/dist/lib/session-cookie.js.map +1 -0
  1020. package/dist/lib/signup-metadata.d.ts +129 -0
  1021. package/dist/lib/signup-metadata.d.ts.map +1 -0
  1022. package/dist/lib/signup-metadata.js +127 -0
  1023. package/dist/lib/signup-metadata.js.map +1 -0
  1024. package/dist/lib/sso-auth-handler.js +1 -5
  1025. package/dist/lib/sso-auth-handler.js.map +1 -1
  1026. package/dist/lib/tag-suggestions-handler.d.ts +1 -1
  1027. package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
  1028. package/dist/lib/tag-suggestions-handler.js +1 -5
  1029. package/dist/lib/tag-suggestions-handler.js.map +1 -1
  1030. package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
  1031. package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
  1032. package/dist/lib/taxonomy-handler-factory.js +7 -10
  1033. package/dist/lib/taxonomy-handler-factory.js.map +1 -1
  1034. package/dist/lib/taxonomy-handler.d.ts +2 -2
  1035. package/dist/lib/taxonomy-handler.d.ts.map +1 -1
  1036. package/dist/lib/taxonomy-handler.js +8 -8
  1037. package/dist/lib/taxonomy-handler.js.map +1 -1
  1038. package/dist/lib/taxonomy-metrics.js +5 -9
  1039. package/dist/lib/taxonomy-metrics.js.map +1 -1
  1040. package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
  1041. package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
  1042. package/dist/lib/taxonomy-search-metrics.js +3 -7
  1043. package/dist/lib/taxonomy-search-metrics.js.map +1 -1
  1044. package/dist/lib/tenant/audit-emit.d.ts +18 -8
  1045. package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
  1046. package/dist/lib/tenant/audit-emit.js +50 -11
  1047. package/dist/lib/tenant/audit-emit.js.map +1 -1
  1048. package/dist/lib/tenant/derive-domain.js +1 -4
  1049. package/dist/lib/tenant/derive-domain.js.map +1 -1
  1050. package/dist/lib/tenant/domain-handler.d.ts +2 -2
  1051. package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
  1052. package/dist/lib/tenant/domain-handler.js +50 -62
  1053. package/dist/lib/tenant/domain-handler.js.map +1 -1
  1054. package/dist/lib/tenant/domain-validator.d.ts +1 -1
  1055. package/dist/lib/tenant/domain-validator.js +10 -13
  1056. package/dist/lib/tenant/domain-validator.js.map +1 -1
  1057. package/dist/lib/tenant/domain-verifier.d.ts +3 -3
  1058. package/dist/lib/tenant/domain-verifier.js +8 -11
  1059. package/dist/lib/tenant/domain-verifier.js.map +1 -1
  1060. package/dist/lib/tenant/idp-handler.d.ts +4 -4
  1061. package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
  1062. package/dist/lib/tenant/idp-handler.js +45 -82
  1063. package/dist/lib/tenant/idp-handler.js.map +1 -1
  1064. package/dist/lib/tenant/idp-name.js +1 -4
  1065. package/dist/lib/tenant/idp-name.js.map +1 -1
  1066. package/dist/lib/tenant/member-handler.d.ts +2 -2
  1067. package/dist/lib/tenant/member-handler.d.ts.map +1 -1
  1068. package/dist/lib/tenant/member-handler.js +30 -67
  1069. package/dist/lib/tenant/member-handler.js.map +1 -1
  1070. package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
  1071. package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
  1072. package/dist/lib/tenant/reserved-slugs.js +8 -14
  1073. package/dist/lib/tenant/reserved-slugs.js.map +1 -1
  1074. package/dist/lib/tenant/resolve-role.js +1 -4
  1075. package/dist/lib/tenant/resolve-role.js.map +1 -1
  1076. package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
  1077. package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
  1078. package/dist/lib/tenant/role-mapping-handler.js +24 -61
  1079. package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
  1080. package/dist/lib/tenant/setup-status.d.ts +1 -1
  1081. package/dist/lib/tenant/setup-status.d.ts.map +1 -1
  1082. package/dist/lib/tenant/setup-status.js +3 -40
  1083. package/dist/lib/tenant/setup-status.js.map +1 -1
  1084. package/dist/lib/tenant/slug-validator.js +3 -6
  1085. package/dist/lib/tenant/slug-validator.js.map +1 -1
  1086. package/dist/lib/tenant/tenant-handler.d.ts +2 -2
  1087. package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
  1088. package/dist/lib/tenant/tenant-handler.js +31 -68
  1089. package/dist/lib/tenant/tenant-handler.js.map +1 -1
  1090. package/dist/lib/tenant/transfer-ownership.js +2 -6
  1091. package/dist/lib/tenant/transfer-ownership.js.map +1 -1
  1092. package/dist/lib/tenant-scope.d.ts +97 -0
  1093. package/dist/lib/tenant-scope.d.ts.map +1 -0
  1094. package/dist/lib/tenant-scope.js +270 -0
  1095. package/dist/lib/tenant-scope.js.map +1 -0
  1096. package/dist/lib/terminology.d.ts.map +1 -1
  1097. package/dist/lib/terminology.js +7 -9
  1098. package/dist/lib/terminology.js.map +1 -1
  1099. package/dist/lib/theme.js +2 -6
  1100. package/dist/lib/theme.js.map +1 -1
  1101. package/dist/lib/threat-intel-service.d.ts +2 -2
  1102. package/dist/lib/threat-intel-service.d.ts.map +1 -1
  1103. package/dist/lib/threat-intel-service.js +3 -7
  1104. package/dist/lib/threat-intel-service.js.map +1 -1
  1105. package/dist/lib/types/media-reconciliation.js +1 -2
  1106. package/dist/lib/types/media-reconciliation.js.map +1 -1
  1107. package/dist/lib/upload-session-handler.d.ts +1 -1
  1108. package/dist/lib/upload-session-handler.d.ts.map +1 -1
  1109. package/dist/lib/upload-session-handler.js +13 -50
  1110. package/dist/lib/upload-session-handler.js.map +1 -1
  1111. package/dist/lib/user/derive-handle.js +2 -6
  1112. package/dist/lib/user/derive-handle.js.map +1 -1
  1113. package/dist/lib/user-badge.js +6 -14
  1114. package/dist/lib/user-badge.js.map +1 -1
  1115. package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
  1116. package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
  1117. package/dist/lib/user-deletion-handler-enhanced.js +16 -53
  1118. package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
  1119. package/dist/lib/user-deprovisioning.d.ts +1 -1
  1120. package/dist/lib/user-deprovisioning.d.ts.map +1 -1
  1121. package/dist/lib/user-deprovisioning.js +16 -20
  1122. package/dist/lib/user-deprovisioning.js.map +1 -1
  1123. package/dist/lib/user-export-handler.d.ts +4 -4
  1124. package/dist/lib/user-export-handler.d.ts.map +1 -1
  1125. package/dist/lib/user-export-handler.js +11 -15
  1126. package/dist/lib/user-export-handler.js.map +1 -1
  1127. package/dist/lib/validate-request.js +8 -13
  1128. package/dist/lib/validate-request.js.map +1 -1
  1129. package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
  1130. package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
  1131. package/dist/lib/validation/feature-toggle-schemas.js +50 -59
  1132. package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
  1133. package/dist/lib/validation/validate-request.d.ts.map +1 -1
  1134. package/dist/lib/validation/validate-request.js +12 -23
  1135. package/dist/lib/validation/validate-request.js.map +1 -1
  1136. package/dist/lib/validation.js +1 -5
  1137. package/dist/lib/validation.js.map +1 -1
  1138. package/dist/lib/version.js +3 -8
  1139. package/dist/lib/version.js.map +1 -1
  1140. package/dist/server.d.ts +1 -1
  1141. package/dist/server.d.ts.map +1 -1
  1142. package/dist/server.js +29 -69
  1143. package/dist/server.js.map +1 -1
  1144. package/dist/types/cloudflare-compat.d.ts +3 -93
  1145. package/dist/types/cloudflare-compat.d.ts.map +1 -1
  1146. package/dist/types/cloudflare-compat.js +1 -2
  1147. package/dist/types/cloudflare-compat.js.map +1 -1
  1148. package/dist/worker.d.ts +6 -6
  1149. package/dist/worker.d.ts.map +1 -1
  1150. package/dist/worker.js +6 -13
  1151. package/dist/worker.js.map +1 -1
  1152. package/package.json +30 -17
  1153. package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
  1154. package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
  1155. package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
  1156. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
  1157. package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
  1158. package/prisma/schema.prisma +419 -68
  1159. package/src/lambda/cleanup-cron.ts +10 -7
  1160. package/src/lambda/create-auth-challenge.ts +6 -3
  1161. package/src/lambda/delete-account-worker.ts +17 -12
  1162. package/src/lambda/diagnostics-proxy.ts +9 -6
  1163. package/src/lambda/e2e-sweeper.ts +17 -23
  1164. package/src/lambda/federation-outbox-worker.ts +4 -1
  1165. package/src/lambda/followers-events-worker.ts +4 -1
  1166. package/src/lambda/hourly-cron.ts +112 -20
  1167. package/src/lambda/link-check-worker.ts +4 -1
  1168. package/src/lambda/maintenance-cron.ts +24 -13
  1169. package/src/lambda/media-processing-worker.ts +5 -2
  1170. package/src/lambda/media-reconciliation-worker.ts +4 -1
  1171. package/src/lambda/nightly-cron.ts +53 -54
  1172. package/src/lambda/post-confirmation.ts +188 -62
  1173. package/src/lambda/pre-token-generation.ts +39 -44
  1174. package/src/lambda/verify-auth-challenge.ts +4 -1
  1175. package/dist/lib/audit/emit.d.ts +0 -56
  1176. package/dist/lib/audit/emit.d.ts.map +0 -1
  1177. package/dist/lib/audit/emit.js +0 -124
  1178. package/dist/lib/audit/emit.js.map +0 -1
  1179. package/dist/lib/audit/event-types.d.ts +0 -36
  1180. package/dist/lib/audit/event-types.d.ts.map +0 -1
  1181. package/dist/lib/audit/event-types.js +0 -69
  1182. package/dist/lib/audit/event-types.js.map +0 -1
  1183. package/dist/lib/audit-logger.d.ts +0 -142
  1184. package/dist/lib/audit-logger.d.ts.map +0 -1
  1185. package/dist/lib/audit-logger.js +0 -326
  1186. package/dist/lib/audit-logger.js.map +0 -1
  1187. package/dist/lib/circuit-breaker.d.ts +0 -27
  1188. package/dist/lib/circuit-breaker.d.ts.map +0 -1
  1189. package/dist/lib/circuit-breaker.js +0 -63
  1190. package/dist/lib/circuit-breaker.js.map +0 -1
  1191. package/dist/lib/graph/dual-write-service.d.ts +0 -116
  1192. package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
  1193. package/dist/lib/graph/dual-write-service.js +0 -332
  1194. package/dist/lib/graph/dual-write-service.js.map +0 -1
  1195. package/dist/lib/graph/dual-write.d.ts +0 -396
  1196. package/dist/lib/graph/dual-write.d.ts.map +0 -1
  1197. package/dist/lib/graph/dual-write.js +0 -53
  1198. package/dist/lib/graph/dual-write.js.map +0 -1
  1199. package/dist/lib/graph/graph-schema-init.d.ts +0 -31
  1200. package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
  1201. package/dist/lib/graph/graph-schema-init.js +0 -105
  1202. package/dist/lib/graph/graph-schema-init.js.map +0 -1
  1203. package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
  1204. package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
  1205. package/dist/lib/graph/neo4j-graph-service.js +0 -1625
  1206. package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
  1207. package/dist/lib/graph/reconciliation-service.d.ts +0 -113
  1208. package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
  1209. package/dist/lib/graph/reconciliation-service.js +0 -533
  1210. package/dist/lib/graph/reconciliation-service.js.map +0 -1
  1211. package/dist/lib/id-generator.d.ts +0 -29
  1212. package/dist/lib/id-generator.d.ts.map +0 -1
  1213. package/dist/lib/id-generator.js +0 -51
  1214. package/dist/lib/id-generator.js.map +0 -1
  1215. package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
  1216. package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
  1217. package/dist/lib/kv/dynamodb-kv.js +0 -239
  1218. package/dist/lib/kv/dynamodb-kv.js.map +0 -1
  1219. package/dist/lib/queue/sqs-queue.d.ts +0 -16
  1220. package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
  1221. package/dist/lib/queue/sqs-queue.js +0 -39
  1222. package/dist/lib/queue/sqs-queue.js.map +0 -1
  1223. package/dist/lib/route-matcher.d.ts +0 -24
  1224. package/dist/lib/route-matcher.d.ts.map +0 -1
  1225. package/dist/lib/route-matcher.js +0 -96
  1226. package/dist/lib/route-matcher.js.map +0 -1
  1227. package/dist/lib/router.d.ts +0 -26
  1228. package/dist/lib/router.d.ts.map +0 -1
  1229. package/dist/lib/router.js +0 -90
  1230. package/dist/lib/router.js.map +0 -1
  1231. package/dist/lib/routes-all.d.ts +0 -9
  1232. package/dist/lib/routes-all.d.ts.map +0 -1
  1233. package/dist/lib/routes-all.js +0 -170
  1234. package/dist/lib/routes-all.js.map +0 -1
  1235. package/dist/lib/secret-resolver.d.ts +0 -88
  1236. package/dist/lib/secret-resolver.d.ts.map +0 -1
  1237. package/dist/lib/secret-resolver.js +0 -183
  1238. package/dist/lib/secret-resolver.js.map +0 -1
  1239. package/dist/lib/session-manager.d.ts.map +0 -1
  1240. package/dist/lib/session-manager.js +0 -492
  1241. package/dist/lib/session-manager.js.map +0 -1
  1242. package/dist/lib/storage/s3-storage.d.ts +0 -29
  1243. package/dist/lib/storage/s3-storage.d.ts.map +0 -1
  1244. package/dist/lib/storage/s3-storage.js +0 -135
  1245. package/dist/lib/storage/s3-storage.js.map +0 -1
  1246. package/dist/lib/tenant-context.d.ts +0 -35
  1247. package/dist/lib/tenant-context.d.ts.map +0 -1
  1248. package/dist/lib/tenant-context.js +0 -54
  1249. package/dist/lib/tenant-context.js.map +0 -1
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  /**
3
2
  * RFC 8628 device authorization grant adapter (T9b-d).
4
3
  *
@@ -22,37 +21,23 @@
22
21
  * within 60s the row evaporates (read-once short-window).
23
22
  * - successful poll deletes the row before returning (read-once strict).
24
23
  */
25
- Object.defineProperty(exports, "__esModule", { value: true });
26
- exports.USER_CODE_FAILURE_LIMIT = exports.POST_APPROVAL_TTL_SECONDS = exports.DEFAULT_INTERVAL = exports.DEFAULT_EXPIRES_IN = exports.USER_CODE_LEN = exports.USER_CODE_ALPHABET = void 0;
27
- exports.formatUserCode = formatUserCode;
28
- exports.normaliseUserCode = normaliseUserCode;
29
- exports.hashUserCode = hashUserCode;
30
- exports.generateUserCode = generateUserCode;
31
- exports.generateDeviceCode = generateDeviceCode;
32
- exports.startDeviceAuthorization = startDeviceAuthorization;
33
- exports.loadByDeviceCode = loadByDeviceCode;
34
- exports.lookupDeviceCodeByUserCode = lookupDeviceCodeByUserCode;
35
- exports.incrementFailedLookup = incrementFailedLookup;
36
- exports.invalidateDeviceCode = invalidateDeviceCode;
37
- exports.approveDeviceAuth = approveDeviceAuth;
38
- exports.pollDeviceAuth = pollDeviceAuth;
39
- const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
40
- const util_dynamodb_1 = require("@aws-sdk/util-dynamodb");
41
- const node_crypto_1 = require("node:crypto");
42
- const envelope_crypto_1 = require("./envelope-crypto");
24
+ import { DynamoDBClient, GetItemCommand, PutItemCommand, DeleteItemCommand, UpdateItemCommand, ConditionalCheckFailedException, } from "@aws-sdk/client-dynamodb";
25
+ import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
26
+ import { randomBytes, createHash } from "node:crypto";
27
+ import { open, resolveKek, seal } from "./envelope-crypto.js";
43
28
  /** Unambiguous user-code alphabet — no 0/O, 1/I/L, 2/Z, U/V, A/H, S/5, etc. */
44
- exports.USER_CODE_ALPHABET = "BCDFGHJKLMNPQRSTVWXZ";
29
+ export const USER_CODE_ALPHABET = "BCDFGHJKLMNPQRSTVWXZ";
45
30
  /** 8-character user codes, displayed as `XXXX-XXXX` to humans. */
46
- exports.USER_CODE_LEN = 8;
31
+ export const USER_CODE_LEN = 8;
47
32
  /** Default RFC 8628 expires_in. */
48
- exports.DEFAULT_EXPIRES_IN = 600;
33
+ export const DEFAULT_EXPIRES_IN = 600;
49
34
  /** Default RFC 8628 polling interval. */
50
- exports.DEFAULT_INTERVAL = 5;
35
+ export const DEFAULT_INTERVAL = 5;
51
36
  /** TTL for the post-approval window — agents must poll within this. */
52
- exports.POST_APPROVAL_TTL_SECONDS = 60;
37
+ export const POST_APPROVAL_TTL_SECONDS = 60;
53
38
  /** Failure lockout threshold for user_code lookups against a single device_code. */
54
- exports.USER_CODE_FAILURE_LIMIT = 10;
55
- const ddb = new client_dynamodb_1.DynamoDBClient({
39
+ export const USER_CODE_FAILURE_LIMIT = 10;
40
+ const ddb = new DynamoDBClient({
56
41
  region: process.env.AWS_REGION || "us-east-1",
57
42
  ...(process.env.DYNAMODB_ENDPOINT ? { endpoint: process.env.DYNAMODB_ENDPOINT } : {}),
58
43
  });
@@ -61,50 +46,50 @@ function tableName() {
61
46
  `${process.env.STAGE || "dev"}-trellis-device-auth`);
62
47
  }
63
48
  /** Format a 4-char-grouped human display: `BCDF-GHJK`. */
64
- function formatUserCode(raw) {
65
- if (raw.length !== exports.USER_CODE_LEN)
49
+ export function formatUserCode(raw) {
50
+ if (raw.length !== USER_CODE_LEN)
66
51
  return raw;
67
52
  return `${raw.slice(0, 4)}-${raw.slice(4)}`;
68
53
  }
69
54
  /** Strip the dash so callers can match the canonical alphabet. */
70
- function normaliseUserCode(input) {
55
+ export function normaliseUserCode(input) {
71
56
  return input.replace(/[\s-]/g, "").toUpperCase();
72
57
  }
73
58
  /** SHA-256 hex; used as the secondary lookup key for user_code. */
74
- function hashUserCode(userCode) {
75
- return (0, node_crypto_1.createHash)("sha256").update(userCode).digest("hex");
59
+ export function hashUserCode(userCode) {
60
+ return createHash("sha256").update(userCode).digest("hex");
76
61
  }
77
62
  /**
78
63
  * Generate a cryptographically random user_code from the unambiguous alphabet.
79
64
  * Uniformly samples by rejecting bytes that would bias the modulo (alphabet
80
65
  * length 20 doesn't divide 256 evenly).
81
66
  */
82
- function generateUserCode(rng = node_crypto_1.randomBytes) {
83
- const alphaLen = exports.USER_CODE_ALPHABET.length; // 20
67
+ export function generateUserCode(rng = randomBytes) {
68
+ const alphaLen = USER_CODE_ALPHABET.length; // 20
84
69
  const cutoff = Math.floor(256 / alphaLen) * alphaLen; // 240; reject 240..255
85
70
  const out = [];
86
- while (out.length < exports.USER_CODE_LEN) {
87
- const buf = rng(exports.USER_CODE_LEN * 2); // oversample
88
- for (let i = 0; i < buf.length && out.length < exports.USER_CODE_LEN; i++) {
71
+ while (out.length < USER_CODE_LEN) {
72
+ const buf = rng(USER_CODE_LEN * 2); // oversample
73
+ for (let i = 0; i < buf.length && out.length < USER_CODE_LEN; i++) {
89
74
  const b = buf[i];
90
75
  if (b >= cutoff)
91
76
  continue;
92
- out.push(exports.USER_CODE_ALPHABET[b % alphaLen]);
77
+ out.push(USER_CODE_ALPHABET[b % alphaLen]);
93
78
  }
94
79
  }
95
80
  return out.join("");
96
81
  }
97
82
  /** 256-bit URL-safe random device_code. */
98
- function generateDeviceCode(rng = node_crypto_1.randomBytes) {
83
+ export function generateDeviceCode(rng = randomBytes) {
99
84
  return rng(32).toString("base64url");
100
85
  }
101
86
  /**
102
87
  * Issue a new device-authorization request. Stores a `pending` record with
103
88
  * TTL = expires_in seconds, plus a secondary index row keyed by user_code hash.
104
89
  */
105
- async function startDeviceAuthorization(input) {
106
- const expiresIn = input.expiresIn ?? exports.DEFAULT_EXPIRES_IN;
107
- const interval = input.interval ?? exports.DEFAULT_INTERVAL;
90
+ export async function startDeviceAuthorization(input) {
91
+ const expiresIn = input.expiresIn ?? DEFAULT_EXPIRES_IN;
92
+ const interval = input.interval ?? DEFAULT_INTERVAL;
108
93
  const now = Math.floor(Date.now() / 1000);
109
94
  const expiresAt = now + expiresIn;
110
95
  const deviceCode = generateDeviceCode();
@@ -122,9 +107,9 @@ async function startDeviceAuthorization(input) {
122
107
  agentLabel: input.agentLabel,
123
108
  sourceIp: input.sourceIp,
124
109
  };
125
- await ddb.send(new client_dynamodb_1.PutItemCommand({
110
+ await ddb.send(new PutItemCommand({
126
111
  TableName: tableName(),
127
- Item: (0, util_dynamodb_1.marshall)({
112
+ Item: marshall({
128
113
  pk: `dc#${deviceCode}`,
129
114
  sk: "rec",
130
115
  ...record,
@@ -133,9 +118,9 @@ async function startDeviceAuthorization(input) {
133
118
  }, { removeUndefinedValues: true }),
134
119
  ConditionExpression: "attribute_not_exists(pk)",
135
120
  }));
136
- await ddb.send(new client_dynamodb_1.PutItemCommand({
121
+ await ddb.send(new PutItemCommand({
137
122
  TableName: tableName(),
138
- Item: (0, util_dynamodb_1.marshall)({
123
+ Item: marshall({
139
124
  pk: `uc#${userCodeHash}`,
140
125
  sk: "idx",
141
126
  deviceCode,
@@ -153,28 +138,28 @@ async function startDeviceAuthorization(input) {
153
138
  };
154
139
  }
155
140
  /** Internal helper — load a record by device_code or return null. */
156
- async function loadByDeviceCode(deviceCode) {
157
- const out = await ddb.send(new client_dynamodb_1.GetItemCommand({
141
+ export async function loadByDeviceCode(deviceCode) {
142
+ const out = await ddb.send(new GetItemCommand({
158
143
  TableName: tableName(),
159
- Key: (0, util_dynamodb_1.marshall)({ pk: `dc#${deviceCode}`, sk: "rec" }),
144
+ Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
160
145
  }));
161
146
  if (!out.Item)
162
147
  return null;
163
- const raw = (0, util_dynamodb_1.unmarshall)(out.Item);
148
+ const raw = unmarshall(out.Item);
164
149
  if (raw.ttl && raw.ttl < Math.floor(Date.now() / 1000))
165
150
  return null;
166
151
  return rawToRecord(raw);
167
152
  }
168
153
  /** Internal helper — resolve user_code to a device_code via the secondary key. */
169
- async function lookupDeviceCodeByUserCode(userCode) {
154
+ export async function lookupDeviceCodeByUserCode(userCode) {
170
155
  const userCodeHash = hashUserCode(normaliseUserCode(userCode));
171
- const out = await ddb.send(new client_dynamodb_1.GetItemCommand({
156
+ const out = await ddb.send(new GetItemCommand({
172
157
  TableName: tableName(),
173
- Key: (0, util_dynamodb_1.marshall)({ pk: `uc#${userCodeHash}`, sk: "idx" }),
158
+ Key: marshall({ pk: `uc#${userCodeHash}`, sk: "idx" }),
174
159
  }));
175
160
  if (!out.Item)
176
161
  return null;
177
- const raw = (0, util_dynamodb_1.unmarshall)(out.Item);
162
+ const raw = unmarshall(out.Item);
178
163
  if (raw.ttl && raw.ttl < Math.floor(Date.now() / 1000))
179
164
  return null;
180
165
  return raw.deviceCode || null;
@@ -183,56 +168,56 @@ async function lookupDeviceCodeByUserCode(userCode) {
183
168
  * Increment the failed-lookup counter on a device_code. Returns the new count.
184
169
  * Once the count exceeds USER_CODE_FAILURE_LIMIT the record is deleted (lockout).
185
170
  */
186
- async function incrementFailedLookup(deviceCode) {
171
+ export async function incrementFailedLookup(deviceCode) {
187
172
  try {
188
- const out = await ddb.send(new client_dynamodb_1.UpdateItemCommand({
173
+ const out = await ddb.send(new UpdateItemCommand({
189
174
  TableName: tableName(),
190
- Key: (0, util_dynamodb_1.marshall)({ pk: `dc#${deviceCode}`, sk: "rec" }),
175
+ Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
191
176
  UpdateExpression: "ADD failedLookups :one",
192
- ExpressionAttributeValues: (0, util_dynamodb_1.marshall)({ ":one": 1 }),
177
+ ExpressionAttributeValues: marshall({ ":one": 1 }),
193
178
  ConditionExpression: "attribute_exists(pk)",
194
179
  ReturnValues: "ALL_NEW",
195
180
  }));
196
181
  if (!out.Attributes)
197
182
  return 0;
198
- const updated = (0, util_dynamodb_1.unmarshall)(out.Attributes);
183
+ const updated = unmarshall(out.Attributes);
199
184
  const newCount = updated.failedLookups ?? 0;
200
- if (newCount >= exports.USER_CODE_FAILURE_LIMIT) {
185
+ if (newCount >= USER_CODE_FAILURE_LIMIT) {
201
186
  await invalidateDeviceCode(deviceCode);
202
187
  }
203
188
  return newCount;
204
189
  }
205
190
  catch (err) {
206
- if (err instanceof client_dynamodb_1.ConditionalCheckFailedException)
191
+ if (err instanceof ConditionalCheckFailedException)
207
192
  return 0;
208
193
  throw err;
209
194
  }
210
195
  }
211
196
  /** Delete a device-auth record (e.g. on lockout or successful poll). */
212
- async function invalidateDeviceCode(deviceCode) {
213
- await ddb.send(new client_dynamodb_1.DeleteItemCommand({
197
+ export async function invalidateDeviceCode(deviceCode) {
198
+ await ddb.send(new DeleteItemCommand({
214
199
  TableName: tableName(),
215
- Key: (0, util_dynamodb_1.marshall)({ pk: `dc#${deviceCode}`, sk: "rec" }),
200
+ Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
216
201
  }));
217
202
  }
218
203
  /**
219
204
  * Mark a device-auth record approved and stash the encrypted token blob.
220
205
  * Re-keys the record's TTL to NOW + POST_APPROVAL_TTL_SECONDS.
221
206
  */
222
- async function approveDeviceAuth(ctx) {
223
- const kek = await (0, envelope_crypto_1.resolveKek)();
224
- const envelope = (0, envelope_crypto_1.seal)(JSON.stringify(ctx.tokens), ctx.deviceCode, kek);
225
- const newTtl = Math.floor(Date.now() / 1000) + exports.POST_APPROVAL_TTL_SECONDS;
226
- await ddb.send(new client_dynamodb_1.UpdateItemCommand({
207
+ export async function approveDeviceAuth(ctx) {
208
+ const kek = await resolveKek();
209
+ const envelope = seal(JSON.stringify(ctx.tokens), ctx.deviceCode, kek);
210
+ const newTtl = Math.floor(Date.now() / 1000) + POST_APPROVAL_TTL_SECONDS;
211
+ await ddb.send(new UpdateItemCommand({
227
212
  TableName: tableName(),
228
- Key: (0, util_dynamodb_1.marshall)({ pk: `dc#${ctx.deviceCode}`, sk: "rec" }),
213
+ Key: marshall({ pk: `dc#${ctx.deviceCode}`, sk: "rec" }),
229
214
  UpdateExpression: "SET #status = :approved, envelope = :env, approvedByUserId = :u, cognitoSub = :s, tenantId = :t, sessionId = :sid, expiresAt = :ttl, #ttlAttr = :ttl REMOVE userCode",
230
215
  ConditionExpression: "attribute_exists(pk) AND #status = :pending",
231
216
  ExpressionAttributeNames: {
232
217
  "#status": "status",
233
218
  "#ttlAttr": "ttl",
234
219
  },
235
- ExpressionAttributeValues: (0, util_dynamodb_1.marshall)({
220
+ ExpressionAttributeValues: marshall({
236
221
  ":approved": "approved",
237
222
  ":pending": "pending",
238
223
  ":env": JSON.stringify(envelope),
@@ -249,7 +234,7 @@ async function approveDeviceAuth(ctx) {
249
234
  * outcomes: pending, slow_down, ok, expired, denied. On success the
250
235
  * record is deleted before tokens return (read-once).
251
236
  */
252
- async function pollDeviceAuth(deviceCode) {
237
+ export async function pollDeviceAuth(deviceCode) {
253
238
  const record = await loadByDeviceCode(deviceCode);
254
239
  if (!record)
255
240
  return { outcome: "gone" };
@@ -265,17 +250,17 @@ async function pollDeviceAuth(deviceCode) {
265
250
  if (record.status === "pending") {
266
251
  // Best-effort lastPolledAt update so subsequent fast polls hit slow_down.
267
252
  try {
268
- await ddb.send(new client_dynamodb_1.UpdateItemCommand({
253
+ await ddb.send(new UpdateItemCommand({
269
254
  TableName: tableName(),
270
- Key: (0, util_dynamodb_1.marshall)({ pk: `dc#${deviceCode}`, sk: "rec" }),
255
+ Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
271
256
  UpdateExpression: "SET lastPolledAt = :n",
272
257
  ConditionExpression: "attribute_exists(pk) AND #status = :pending",
273
258
  ExpressionAttributeNames: { "#status": "status" },
274
- ExpressionAttributeValues: (0, util_dynamodb_1.marshall)({ ":n": nowSec, ":pending": "pending" }),
259
+ ExpressionAttributeValues: marshall({ ":n": nowSec, ":pending": "pending" }),
275
260
  }));
276
261
  }
277
262
  catch (err) {
278
- if (!(err instanceof client_dynamodb_1.ConditionalCheckFailedException))
263
+ if (!(err instanceof ConditionalCheckFailedException))
279
264
  throw err;
280
265
  }
281
266
  return { outcome: "pending" };
@@ -283,8 +268,8 @@ async function pollDeviceAuth(deviceCode) {
283
268
  // status === approved. Decrypt, then delete the row before returning.
284
269
  if (!record.envelope)
285
270
  return { outcome: "expired" };
286
- const kek = await (0, envelope_crypto_1.resolveKek)();
287
- const plaintext = (0, envelope_crypto_1.open)(record.envelope, deviceCode, kek);
271
+ const kek = await resolveKek();
272
+ const plaintext = open(record.envelope, deviceCode, kek);
288
273
  const tokens = JSON.parse(plaintext);
289
274
  await invalidateDeviceCode(deviceCode);
290
275
  return { outcome: "ok", tokens };
@@ -1 +1 @@
1
- {"version":3,"file":"device-authorization.js","sourceRoot":"","sources":["../../../src/lib/oauth/device-authorization.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;;;AAgGH,wCAGC;AAGD,8CAEC;AAGD,oCAEC;AAOD,4CAaC;AAGD,gDAEC;AAMD,4DAsEC;AAGD,4CAWC;AAGD,gEAYC;AAMD,sDAuBC;AAGD,oDAOC;AAgBD,8CA4BC;AAOD,wCAyCC;AAhXD,8DAOkC;AAClC,0DAA8D;AAC9D,6CAAsD;AACtD,uDAAgF;AAEhF,+EAA+E;AAClE,QAAA,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,kEAAkE;AACrD,QAAA,aAAa,GAAG,CAAC,CAAC;AAC/B,mCAAmC;AACtB,QAAA,kBAAkB,GAAG,GAAG,CAAC;AACtC,yCAAyC;AAC5B,QAAA,gBAAgB,GAAG,CAAC,CAAC;AAClC,uEAAuE;AAC1D,QAAA,yBAAyB,GAAG,EAAE,CAAC;AAC5C,oFAAoF;AACvE,QAAA,uBAAuB,GAAG,EAAE,CAAC;AA0D1C,MAAM,GAAG,GAAG,IAAI,gCAAc,CAAC;IAC7B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;IAC7C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;CACtF,CAAC,CAAC;AAEH,SAAS,SAAS;IAChB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,sBAAsB,CACpD,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,SAAgB,cAAc,CAAC,GAAW;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,qBAAa;QAAE,OAAO,GAAG,CAAC;IAC7C,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,kEAAkE;AAClE,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACnD,CAAC;AAED,mEAAmE;AACnE,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,SAAgB,gBAAgB,CAAC,MAA6B,yBAAW;IACvE,MAAM,QAAQ,GAAG,0BAAkB,CAAC,MAAM,CAAC,CAAC,KAAK;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,uBAAuB;IAC7E,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,OAAO,GAAG,CAAC,MAAM,GAAG,qBAAa,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,GAAG,CAAC,qBAAa,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,qBAAa,EAAE,CAAC,EAAE,EAAE,CAAC;YAClE,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;YAClB,IAAI,CAAC,IAAI,MAAM;gBAAE,SAAS;YAC1B,GAAG,CAAC,IAAI,CAAC,0BAAkB,CAAC,CAAC,GAAG,QAAQ,CAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED,2CAA2C;AAC3C,SAAgB,kBAAkB,CAAC,MAA6B,yBAAW;IACzE,OAAO,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,wBAAwB,CAAC,KAM9C;IACC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,0BAAkB,CAAC;IACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,wBAAgB,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC;IAElC,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAqB;QAC/B,UAAU;QACV,YAAY;QACZ,QAAQ;QACR,MAAM,EAAE,SAAS;QACjB,SAAS;QACT,SAAS,EAAE,GAAG;QACd,QAAQ;QACR,aAAa,EAAE,CAAC;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,gCAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,IAAA,wBAAQ,EACZ;YACE,EAAE,EAAE,MAAM,UAAU,EAAE;YACtB,EAAE,EAAE,KAAK;YACT,GAAG,MAAM;YACT,gDAAgD;YAChD,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;QACD,mBAAmB,EAAE,0BAA0B;KAChD,CAAC,CACH,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,gCAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,IAAA,wBAAQ,EACZ;YACE,EAAE,EAAE,MAAM,YAAY,EAAE;YACxB,EAAE,EAAE,KAAK;YACT,UAAU;YACV,SAAS,EAAE,GAAG;YACd,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;KACF,CAAC,CACH,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC;QACnC,gBAAgB,EAAE,KAAK,CAAC,mBAAmB;QAC3C,yBAAyB,EAAE,GAAG,KAAK,CAAC,mBAAmB,cAAc,cAAc,CAAC,QAAQ,CAAC,EAAE;QAC/F,UAAU,EAAE,SAAS;QACrB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,qEAAqE;AAC9D,KAAK,UAAU,gBAAgB,CAAC,UAAkB;IACvD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,gCAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAA,0BAAU,EAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,kFAAkF;AAC3E,KAAK,UAAU,0BAA0B,CAAC,QAAgB;IAC/D,MAAM,YAAY,GAAG,YAAY,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,gCAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,YAAY,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACvD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAA,0BAAU,EAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAQ,GAAG,CAAC,UAAqB,IAAI,IAAI,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IAC5D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,mCAAiB,CAAC;YACpB,SAAS,EAAE,SAAS,EAAE;YACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;YACpD,gBAAgB,EAAE,wBAAwB;YAC1C,yBAAyB,EAAE,IAAA,wBAAQ,EAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YAClD,mBAAmB,EAAE,sBAAsB;YAC3C,YAAY,EAAE,SAAS;SACxB,CAAC,CACH,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,UAAU;YAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAA,0BAAU,EAAC,GAAG,CAAC,UAAU,CAA+B,CAAC;QACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC;QAC5C,IAAI,QAAQ,IAAI,+BAAuB,EAAE,CAAC;YACxC,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,iDAA+B;YAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,wEAAwE;AACjE,KAAK,UAAU,oBAAoB,CAAC,UAAkB;IAC3D,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,mCAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;AACJ,CAAC;AAYD;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CAAC,GAAoB;IAC1D,MAAM,GAAG,GAAG,MAAM,IAAA,4BAAU,GAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,IAAA,sBAAI,EAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,iCAAyB,CAAC;IAEzE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,mCAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QACxD,gBAAgB,EACd,sKAAsK;QACxK,mBAAmB,EAAE,6CAA6C;QAClE,wBAAwB,EAAE;YACxB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,KAAK;SAClB;QACD,yBAAyB,EAAE,IAAA,wBAAQ,EAAC;YAClC,WAAW,EAAE,UAAU;YACvB,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,GAAG,CAAC,gBAAgB;YAC1B,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,MAAM,EAAE,MAAM;SACf,CAAC;KACH,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAE7D,uDAAuD;IACvD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,0EAA0E;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,mCAAiB,CAAC;gBACpB,SAAS,EAAE,SAAS,EAAE;gBACtB,GAAG,EAAE,IAAA,wBAAQ,EAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;gBACpD,gBAAgB,EAAE,uBAAuB;gBACzC,mBAAmB,EAAE,6CAA6C;gBAClE,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;gBACjD,yBAAyB,EAAE,IAAA,wBAAQ,EAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;aAC7E,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,GAAG,YAAY,iDAA+B,CAAC;gBAAE,MAAM,GAAG,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAChC,CAAC;IAED,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,IAAA,4BAAU,GAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAA,sBAAI,EAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAa,CAAC;IAEjD,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B;IAC/C,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,UAAoB;QACpC,YAAY,EAAE,GAAG,CAAC,YAAsB;QACxC,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,MAAM,EAAE,GAAG,CAAC,MAA2C;QACvD,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,QAAQ,EAAE,GAAG,CAAC,QAAkB;QAChC,aAAa,EAAG,GAAG,CAAC,aAAwB,IAAI,CAAC;QACjD,YAAY,EAAE,GAAG,CAAC,YAAkC;QACpD,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAoB,CAAC,CAAC,CAAC,SAAS;QAC3F,gBAAgB,EAAE,GAAG,CAAC,gBAAsC;QAC5D,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,SAAS,EAAE,GAAG,CAAC,SAA+B;KAC/C,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"device-authorization.js","sourceRoot":"","sources":["../../../src/lib/oauth/device-authorization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EACL,cAAc,EACd,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAuB,MAAM,sBAAsB,CAAC;AAEnF,+EAA+E;AAC/E,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,kEAAkE;AAClE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,mCAAmC;AACnC,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,yCAAyC;AACzC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAClC,uEAAuE;AACvE,MAAM,CAAC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAC5C,oFAAoF;AACpF,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC;AA0D1C,MAAM,GAAG,GAAG,IAAI,cAAc,CAAC;IAC7B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;IAC7C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;CACtF,CAAC,CAAC;AAEH,SAAS,SAAS;IAChB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,sBAAsB,CACpD,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,aAAa;QAAE,OAAO,GAAG,CAAC;IAC7C,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACnD,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAA6B,WAAW;IACvE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,KAAK;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,uBAAuB;IAC7E,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,OAAO,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;YAClE,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;YAClB,IAAI,CAAC,IAAI,MAAM;gBAAE,SAAS;YAC1B,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,QAAQ,CAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,kBAAkB,CAAC,MAA6B,WAAW;IACzE,OAAO,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,KAM9C;IACC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,gBAAgB,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC;IAElC,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAqB;QAC/B,UAAU;QACV,YAAY;QACZ,QAAQ;QACR,MAAM,EAAE,SAAS;QACjB,SAAS;QACT,SAAS,EAAE,GAAG;QACd,QAAQ;QACR,aAAa,EAAE,CAAC;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,QAAQ,CACZ;YACE,EAAE,EAAE,MAAM,UAAU,EAAE;YACtB,EAAE,EAAE,KAAK;YACT,GAAG,MAAM;YACT,gDAAgD;YAChD,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;QACD,mBAAmB,EAAE,0BAA0B;KAChD,CAAC,CACH,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,QAAQ,CACZ;YACE,EAAE,EAAE,MAAM,YAAY,EAAE;YACxB,EAAE,EAAE,KAAK;YACT,UAAU;YACV,SAAS,EAAE,GAAG;YACd,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;KACF,CAAC,CACH,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC;QACnC,gBAAgB,EAAE,KAAK,CAAC,mBAAmB;QAC3C,yBAAyB,EAAE,GAAG,KAAK,CAAC,mBAAmB,cAAc,cAAc,CAAC,QAAQ,CAAC,EAAE;QAC/F,UAAU,EAAE,SAAS;QACrB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAkB;IACvD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAgB;IAC/D,MAAM,YAAY,GAAG,YAAY,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,YAAY,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACvD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAQ,GAAG,CAAC,UAAqB,IAAI,IAAI,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IAC5D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,iBAAiB,CAAC;YACpB,SAAS,EAAE,SAAS,EAAE;YACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;YACpD,gBAAgB,EAAE,wBAAwB;YAC1C,yBAAyB,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YAClD,mBAAmB,EAAE,sBAAsB;YAC3C,YAAY,EAAE,SAAS;SACxB,CAAC,CACH,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,UAAU;YAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAA+B,CAAC;QACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC;QAC5C,IAAI,QAAQ,IAAI,uBAAuB,EAAE,CAAC;YACxC,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,+BAA+B;YAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,UAAkB;IAC3D,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;AACJ,CAAC;AAYD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAoB;IAC1D,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,yBAAyB,CAAC;IAEzE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QACxD,gBAAgB,EACd,sKAAsK;QACxK,mBAAmB,EAAE,6CAA6C;QAClE,wBAAwB,EAAE;YACxB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,KAAK;SAClB;QACD,yBAAyB,EAAE,QAAQ,CAAC;YAClC,WAAW,EAAE,UAAU;YACvB,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,GAAG,CAAC,gBAAgB;YAC1B,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,MAAM,EAAE,MAAM;SACf,CAAC;KACH,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAE7D,uDAAuD;IACvD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,0EAA0E;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;gBACpB,SAAS,EAAE,SAAS,EAAE;gBACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;gBACpD,gBAAgB,EAAE,uBAAuB;gBACzC,mBAAmB,EAAE,6CAA6C;gBAClE,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;gBACjD,yBAAyB,EAAE,QAAQ,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;aAC7E,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,GAAG,YAAY,+BAA+B,CAAC;gBAAE,MAAM,GAAG,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAChC,CAAC;IAED,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAa,CAAC;IAEjD,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B;IAC/C,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,UAAoB;QACpC,YAAY,EAAE,GAAG,CAAC,YAAsB;QACxC,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,MAAM,EAAE,GAAG,CAAC,MAA2C;QACvD,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,QAAQ,EAAE,GAAG,CAAC,QAAkB;QAChC,aAAa,EAAG,GAAG,CAAC,aAAwB,IAAI,CAAC;QACjD,YAAY,EAAE,GAAG,CAAC,YAAkC;QACpD,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAoB,CAAC,CAAC,CAAC,SAAS;QAC3F,gBAAgB,EAAE,GAAG,CAAC,gBAAsC;QAC5D,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,SAAS,EAAE,GAAG,CAAC,SAA+B;KAC/C,CAAC;AACJ,CAAC"}
@@ -87,11 +87,11 @@ export declare function safeEqual(a: string, b: string): boolean;
87
87
  /**
88
88
  * Hook for tests + production wiring. Defaults to a stub that throws,
89
89
  * directing callers to install `@aws-sdk/client-kms` and override via
90
- * `setKmsKekFetcher`. The skybber CDK wires the AWS-SDK-backed fetcher
90
+ * `setKmsKekFetcher`. The trellis CDK wires the AWS-SDK-backed fetcher
91
91
  * during process bootstrap.
92
92
  */
93
93
  export type KmsKekFetcher = (kmsKeyId: string, region: string) => Promise<Buffer>;
94
- /** Wire the production KMS path. Skybber CDK calls this during bootstrap. */
94
+ /** Wire the production KMS path. Trellis CDK calls this during bootstrap. */
95
95
  export declare function setKmsKekFetcher(fn: KmsKekFetcher): void;
96
96
  export declare function resolveKek(): Promise<Buffer>;
97
97
  /** Reset the cached KEK. Test-only. */
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  /**
3
2
  * Envelope encryption helpers for OAuth device-authorization records.
4
3
  *
@@ -21,20 +20,9 @@
21
20
  * decrypt time fails with an authentication error rather than returning
22
21
  * silently truncated plaintext.
23
22
  */
24
- Object.defineProperty(exports, "__esModule", { value: true });
25
- exports.CURRENT_KEK_VERSION = exports.DEK_INFO = void 0;
26
- exports.deriveDek = deriveDek;
27
- exports.seal = seal;
28
- exports.open = open;
29
- exports.resolveKekForVersion = resolveKekForVersion;
30
- exports.safeEqual = safeEqual;
31
- exports.setKmsKekFetcher = setKmsKekFetcher;
32
- exports.resolveKek = resolveKek;
33
- exports._resetKekCacheForTest = _resetKekCacheForTest;
34
- exports._resetKmsKekFetcherForTest = _resetKmsKekFetcherForTest;
35
- const node_crypto_1 = require("node:crypto");
23
+ import { createCipheriv, createDecipheriv, hkdfSync, randomBytes, timingSafeEqual, } from "node:crypto";
36
24
  /** HKDF info string. Versioned so future schema changes are detectable. */
37
- exports.DEK_INFO = "trellis-device-auth-dek-v1";
25
+ export const DEK_INFO = "trellis-device-auth-dek-v1";
38
26
  /** Length of the AES-256 DEK in bytes. */
39
27
  const DEK_LEN = 32;
40
28
  /** Length of the HKDF salt stored alongside the ciphertext. */
@@ -44,7 +32,7 @@ const IV_LEN = 12;
44
32
  /** AES-GCM authentication tag length (16 bytes / 128 bits). */
45
33
  const TAG_LEN = 16;
46
34
  /** Current KEK version written by `seal`. */
47
- exports.CURRENT_KEK_VERSION = 1;
35
+ export const CURRENT_KEK_VERSION = 1;
48
36
  function b64url(b) {
49
37
  return b.toString("base64url");
50
38
  }
@@ -56,7 +44,7 @@ function fromB64url(s) {
56
44
  * The device_code is the IKM; the KEK is mixed in as part of the salt so a
57
45
  * stolen DynamoDB row alone cannot derive the DEK.
58
46
  */
59
- function deriveDek(deviceCode, kek, salt) {
47
+ export function deriveDek(deviceCode, kek, salt) {
60
48
  if (!deviceCode || deviceCode.length < 16) {
61
49
  throw new Error("device_code too short");
62
50
  }
@@ -69,7 +57,7 @@ function deriveDek(deviceCode, kek, salt) {
69
57
  // HKDF: ikm = device_code; salt = (kek || salt); info = DEK_INFO.
70
58
  // Mixing KEK into the salt means the DEK depends on both pieces.
71
59
  const combinedSalt = Buffer.concat([kek, salt]);
72
- const dek = (0, node_crypto_1.hkdfSync)("sha256", deviceCode, combinedSalt, exports.DEK_INFO, DEK_LEN);
60
+ const dek = hkdfSync("sha256", deviceCode, combinedSalt, DEK_INFO, DEK_LEN);
73
61
  return Buffer.from(dek);
74
62
  }
75
63
  /**
@@ -77,11 +65,11 @@ function deriveDek(deviceCode, kek, salt) {
77
65
  * Returns the storable envelope; ciphertext + iv + tag are sufficient for
78
66
  * decryption only when device_code is supplied at open time.
79
67
  */
80
- function seal(plaintext, deviceCode, kek) {
81
- const salt = (0, node_crypto_1.randomBytes)(SALT_LEN);
82
- const iv = (0, node_crypto_1.randomBytes)(IV_LEN);
68
+ export function seal(plaintext, deviceCode, kek) {
69
+ const salt = randomBytes(SALT_LEN);
70
+ const iv = randomBytes(IV_LEN);
83
71
  const dek = deriveDek(deviceCode, kek, salt);
84
- const cipher = (0, node_crypto_1.createCipheriv)("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
72
+ const cipher = createCipheriv("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
85
73
  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
86
74
  const tag = cipher.getAuthTag();
87
75
  // Wipe the DEK from our reference. (V8 doesn't guarantee wipe, but at
@@ -93,8 +81,8 @@ function seal(plaintext, deviceCode, kek) {
93
81
  tag: b64url(tag),
94
82
  ciphertext: b64url(ct),
95
83
  alg: "AES-256-GCM+HKDF-SHA256",
96
- info: exports.DEK_INFO,
97
- keyVersion: exports.CURRENT_KEK_VERSION,
84
+ info: DEK_INFO,
85
+ keyVersion: CURRENT_KEK_VERSION,
98
86
  };
99
87
  }
100
88
  /**
@@ -107,11 +95,11 @@ function seal(plaintext, deviceCode, kek) {
107
95
  * The MVP runs version 1 only; this signature stays compatible for
108
96
  * forward-rotation scenarios (G4 MEDIUM-1).
109
97
  */
110
- function open(envelope, deviceCode, kek) {
98
+ export function open(envelope, deviceCode, kek) {
111
99
  if (envelope.alg !== "AES-256-GCM+HKDF-SHA256") {
112
100
  throw new Error(`unsupported envelope alg: ${envelope.alg}`);
113
101
  }
114
- if (envelope.info !== exports.DEK_INFO) {
102
+ if (envelope.info !== DEK_INFO) {
115
103
  throw new Error(`unsupported envelope info: ${envelope.info}`);
116
104
  }
117
105
  // Reject envelopes from versions we don't yet know how to dispatch.
@@ -133,7 +121,7 @@ function open(envelope, deviceCode, kek) {
133
121
  if (tag.length !== TAG_LEN)
134
122
  throw new Error("envelope tag length");
135
123
  const dek = deriveDek(deviceCode, kek, salt);
136
- const decipher = (0, node_crypto_1.createDecipheriv)("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
124
+ const decipher = createDecipheriv("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
137
125
  decipher.setAuthTag(tag);
138
126
  let pt;
139
127
  try {
@@ -151,7 +139,7 @@ function open(envelope, deviceCode, kek) {
151
139
  * sealed envelope should call this rather than `resolveKek()` directly
152
140
  * (G4 MEDIUM-1).
153
141
  */
154
- async function resolveKekForVersion(version) {
142
+ export async function resolveKekForVersion(version) {
155
143
  if (version !== 1) {
156
144
  throw new Error(`unsupported envelope keyVersion: ${version}`);
157
145
  }
@@ -163,12 +151,12 @@ async function resolveKekForVersion(version) {
163
151
  * stored hash (we don't store the device_code itself, so this is reserved
164
152
  * for refresh-jti comparisons).
165
153
  */
166
- function safeEqual(a, b) {
154
+ export function safeEqual(a, b) {
167
155
  const ab = Buffer.from(a, "utf8");
168
156
  const bb = Buffer.from(b, "utf8");
169
157
  if (ab.length !== bb.length)
170
158
  return false;
171
- return (0, node_crypto_1.timingSafeEqual)(ab, bb);
159
+ return timingSafeEqual(ab, bb);
172
160
  }
173
161
  /**
174
162
  * Resolve the KEK at runtime. Two paths:
@@ -182,11 +170,11 @@ let cachedKek;
182
170
  let kmsKekFetcher = async () => {
183
171
  throw new Error("KMS KEK fetcher not configured; call setKmsKekFetcher() at startup or set DEVICE_AUTH_KEK_BASE64");
184
172
  };
185
- /** Wire the production KMS path. Skybber CDK calls this during bootstrap. */
186
- function setKmsKekFetcher(fn) {
173
+ /** Wire the production KMS path. Trellis CDK calls this during bootstrap. */
174
+ export function setKmsKekFetcher(fn) {
187
175
  kmsKekFetcher = fn;
188
176
  }
189
- async function resolveKek() {
177
+ export async function resolveKek() {
190
178
  if (cachedKek)
191
179
  return cachedKek;
192
180
  const inline = process.env.DEVICE_AUTH_KEK_BASE64;
@@ -211,11 +199,11 @@ async function resolveKek() {
211
199
  return cachedKek;
212
200
  }
213
201
  /** Reset the cached KEK. Test-only. */
214
- function _resetKekCacheForTest() {
202
+ export function _resetKekCacheForTest() {
215
203
  cachedKek = undefined;
216
204
  }
217
205
  /** Reset the KMS fetcher to its default (test-only). */
218
- function _resetKmsKekFetcherForTest() {
206
+ export function _resetKmsKekFetcherForTest() {
219
207
  kmsKekFetcher = async () => {
220
208
  throw new Error("KMS KEK fetcher not configured; call setKmsKekFetcher() at startup or set DEVICE_AUTH_KEK_BASE64");
221
209
  };
@@ -1 +1 @@
1
- {"version":3,"file":"envelope-crypto.js","sourceRoot":"","sources":["../../../src/lib/oauth/envelope-crypto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AA6DH,8BAmBC;AAOD,oBA0BC;AAYD,oBAuCC;AASD,oDAKC;AAQD,8BAKC;AA2BD,4CAEC;AAED,gCA2BC;AAGD,sDAEC;AAGD,gEAMC;AArQD,6CAMqB;AAErB,2EAA2E;AAC9D,QAAA,QAAQ,GAAG,4BAA4B,CAAC;AAErD,0CAA0C;AAC1C,MAAM,OAAO,GAAG,EAAE,CAAC;AACnB,+DAA+D;AAC/D,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,gEAAgE;AAChE,MAAM,MAAM,GAAG,EAAE,CAAC;AAClB,+DAA+D;AAC/D,MAAM,OAAO,GAAG,EAAE,CAAC;AAyBnB,6CAA6C;AAChC,QAAA,mBAAmB,GAAG,CAAC,CAAC;AAErC,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAgB,SAAS,CACvB,UAAkB,EAClB,GAAW,EACX,IAAY;IAEZ,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,QAAQ,CAAC,CAAC;IACpD,CAAC;IACD,kEAAkE;IAClE,iEAAiE;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,IAAA,sBAAQ,EAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,gBAAQ,EAAE,OAAO,CAAC,CAAC;IAC5E,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,SAAgB,IAAI,CAClB,SAAiB,EACjB,UAAkB,EAClB,GAAW;IAEX,MAAM,IAAI,GAAG,IAAA,yBAAW,EAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,IAAA,yBAAW,EAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,sEAAsE;IACtE,4DAA4D;IAC5D,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;QAClB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;QACd,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QACtB,GAAG,EAAE,yBAAyB;QAC9B,IAAI,EAAE,gBAAQ;QACd,UAAU,EAAE,2BAAmB;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,IAAI,CAClB,QAAwB,EACxB,UAAkB,EAClB,GAAW;IAEX,IAAI,QAAQ,CAAC,GAAG,KAAK,yBAAyB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,gBAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,oEAAoE;IACpE,8DAA8D;IAC9D,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,eAAe,GAAG,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;IACjD,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,oCAAoC,eAAe,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACtE,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEnE,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IACtF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,IAAI,EAAU,CAAC;IACf,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,oBAAoB,CAAC,OAAe;IACxD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,CAAS,EAAE,CAAS;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,IAAA,6BAAe,EAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;GAOG;AACH,IAAI,SAA6B,CAAC;AAUlC,IAAI,aAAa,GAAkB,KAAK,IAAI,EAAE;IAC5C,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;AACJ,CAAC,CAAC;AAEF,6EAA6E;AAC7E,SAAgB,gBAAgB,CAAC,EAAiB;IAChD,aAAa,GAAG,EAAE,CAAC;AACrB,CAAC;AAEM,KAAK,UAAU,UAAU;IAC9B,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAClD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,SAAS,GAAG,CAAC,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACrD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,SAAS,GAAG,KAAK,CAAC;IAClB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,uCAAuC;AACvC,SAAgB,qBAAqB;IACnC,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC;AAED,wDAAwD;AACxD,SAAgB,0BAA0B;IACxC,aAAa,GAAG,KAAK,IAAI,EAAE;QACzB,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"envelope-crypto.js","sourceRoot":"","sources":["../../../src/lib/oauth/envelope-crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,WAAW,EACX,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,2EAA2E;AAC3E,MAAM,CAAC,MAAM,QAAQ,GAAG,4BAA4B,CAAC;AAErD,0CAA0C;AAC1C,MAAM,OAAO,GAAG,EAAE,CAAC;AACnB,+DAA+D;AAC/D,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,gEAAgE;AAChE,MAAM,MAAM,GAAG,EAAE,CAAC;AAClB,+DAA+D;AAC/D,MAAM,OAAO,GAAG,EAAE,CAAC;AAyBnB,6CAA6C;AAC7C,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,UAAkB,EAClB,GAAW,EACX,IAAY;IAEZ,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,QAAQ,CAAC,CAAC;IACpD,CAAC;IACD,kEAAkE;IAClE,iEAAiE;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5E,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,IAAI,CAClB,SAAiB,EACjB,UAAkB,EAClB,GAAW;IAEX,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,sEAAsE;IACtE,4DAA4D;IAC5D,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;QAClB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;QACd,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QACtB,GAAG,EAAE,yBAAyB;QAC9B,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE,mBAAmB;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,IAAI,CAClB,QAAwB,EACxB,UAAkB,EAClB,GAAW;IAEX,IAAI,QAAQ,CAAC,GAAG,KAAK,yBAAyB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,oEAAoE;IACpE,8DAA8D;IAC9D,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,eAAe,GAAG,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;IACjD,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,oCAAoC,eAAe,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACtE,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEnE,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IACtF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,IAAI,EAAU,CAAC;IACf,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAe;IACxD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,CAAS,EAAE,CAAS;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;GAOG;AACH,IAAI,SAA6B,CAAC;AAUlC,IAAI,aAAa,GAAkB,KAAK,IAAI,EAAE;IAC5C,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;AACJ,CAAC,CAAC;AAEF,6EAA6E;AAC7E,MAAM,UAAU,gBAAgB,CAAC,EAAiB;IAChD,aAAa,GAAG,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAClD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,SAAS,GAAG,CAAC,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACrD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,SAAS,GAAG,KAAK,CAAC;IAClB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,qBAAqB;IACnC,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,0BAA0B;IACxC,aAAa,GAAG,KAAK,IAAI,EAAE;QACzB,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}