@dwk/solid-pod 0.1.0-beta.0

package/dist/log.d.ts

@@ -0,0 +1,55 @@
+/**
+ * `@dwk/solid-pod` — structured observability event taxonomy.
+ *
+ * A Solid Pod authenticates DPoP-bound tokens at the edge and enforces WAC in
+ * the Durable Object; an auth/authz decision that is silently swallowed is an
+ * operational blind spot. Logging and metrics are opt-in via an injected
+ * {@link Logger} and {@link Metrics} (see `@dwk/log`) wired **once at the
+ * composition boundary** — the stateless front door. They **share this one
+ * vocabulary**: the same dotted event name is passed to the logger and the
+ * metrics sink so a log line and its counter line up.
+ *
+ * Because the Durable Object cannot receive injected functions across the
+ * isolate boundary, it signals its authorization outcomes back to the front door
+ * via an internal response header ({@link INTERNAL_HEADERS.outcome}); the front
+ * door — which holds the injected seams — emits the events and strips the header.
+ * This keeps the DO free of any logger and honors the composition contract.
+ *
+ * Fields follow the redaction policy: only machine-readable reason codes, HTTP
+ * method/status, and a sanitized agent host (`hostFromUrl`) — never tokens,
+ * proofs, resource paths, or bodies. See `spec/observability.md`.
+ *
+ * @packageDocumentation
+ */
+/** Stable event names emitted by `@dwk/solid-pod`. */
+export declare const SolidPodLogEvent: {
+    /**
+     * A presented credential failed edge authentication. Field: `reason` (an
+     * {@link AuthFailureReason}, e.g. `signature_invalid`, `dpop_invalid`).
+     */
+    readonly AuthRejected: "solid.auth.rejected";
+    /** A request authenticated successfully at the edge. Field: `agentHost`. */
+    readonly AuthAccepted: "solid.auth.accepted";
+    /** WAC refused the request in the Durable Object. Fields: `method`, `status` (401/403). */
+    readonly AccessDenied: "solid.wac.denied";
+    /** A proof-less write was refused (DPoP required). Field: `method`. */
+    readonly AnonymousWriteRefused: "solid.write.anonymous_refused";
+    /** A write's DPoP `jti` was replayed and the write was refused. Field: `method`. */
+    readonly ReplayRejected: "solid.dpop.replay_rejected";
+};
+/** Union of the event-name string literals in {@link SolidPodLogEvent}. */
+export type SolidPodLogEvent = (typeof SolidPodLogEvent)[keyof typeof SolidPodLogEvent];
+/**
+ * Machine-readable outcome values the Durable Object sets on
+ * {@link INTERNAL_HEADERS.outcome} so the front door can emit the matching
+ * {@link SolidPodLogEvent}. Internal to the DO↔front-door contract; stripped
+ * before the response reaches the client.
+ */
+export declare const PodOutcome: {
+    readonly WacDenied: "wac_denied";
+    readonly AnonymousWriteRefused: "anon_write_refused";
+    readonly Replay: "replay";
+};
+/** Union of the outcome string literals in {@link PodOutcome}. */
+export type PodOutcome = (typeof PodOutcome)[keyof typeof PodOutcome];
+//# sourceMappingURL=log.d.ts.map

package/dist/log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,sDAAsD;AACtD,eAAO,MAAM,gBAAgB;IAC3B;;;OAGG;;IAEH,4EAA4E;;IAE5E,2FAA2F;;IAE3F,uEAAuE;;IAEvE,oFAAoF;;CAE5E,CAAC;AAEX,2EAA2E;AAC3E,MAAM,MAAM,gBAAgB,GAC1B,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,OAAO,gBAAgB,CAAC,CAAC;AAE3D;;;;;GAKG;AACH,eAAO,MAAM,UAAU;;;;CAIb,CAAC;AAEX,kEAAkE;AAClE,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC"}

package/dist/log.js

@@ -0,0 +1,51 @@
+/**
+ * `@dwk/solid-pod` — structured observability event taxonomy.
+ *
+ * A Solid Pod authenticates DPoP-bound tokens at the edge and enforces WAC in
+ * the Durable Object; an auth/authz decision that is silently swallowed is an
+ * operational blind spot. Logging and metrics are opt-in via an injected
+ * {@link Logger} and {@link Metrics} (see `@dwk/log`) wired **once at the
+ * composition boundary** — the stateless front door. They **share this one
+ * vocabulary**: the same dotted event name is passed to the logger and the
+ * metrics sink so a log line and its counter line up.
+ *
+ * Because the Durable Object cannot receive injected functions across the
+ * isolate boundary, it signals its authorization outcomes back to the front door
+ * via an internal response header ({@link INTERNAL_HEADERS.outcome}); the front
+ * door — which holds the injected seams — emits the events and strips the header.
+ * This keeps the DO free of any logger and honors the composition contract.
+ *
+ * Fields follow the redaction policy: only machine-readable reason codes, HTTP
+ * method/status, and a sanitized agent host (`hostFromUrl`) — never tokens,
+ * proofs, resource paths, or bodies. See `spec/observability.md`.
+ *
+ * @packageDocumentation
+ */
+/** Stable event names emitted by `@dwk/solid-pod`. */
+export const SolidPodLogEvent = {
+    /**
+     * A presented credential failed edge authentication. Field: `reason` (an
+     * {@link AuthFailureReason}, e.g. `signature_invalid`, `dpop_invalid`).
+     */
+    AuthRejected: "solid.auth.rejected",
+    /** A request authenticated successfully at the edge. Field: `agentHost`. */
+    AuthAccepted: "solid.auth.accepted",
+    /** WAC refused the request in the Durable Object. Fields: `method`, `status` (401/403). */
+    AccessDenied: "solid.wac.denied",
+    /** A proof-less write was refused (DPoP required). Field: `method`. */
+    AnonymousWriteRefused: "solid.write.anonymous_refused",
+    /** A write's DPoP `jti` was replayed and the write was refused. Field: `method`. */
+    ReplayRejected: "solid.dpop.replay_rejected",
+};
+/**
+ * Machine-readable outcome values the Durable Object sets on
+ * {@link INTERNAL_HEADERS.outcome} so the front door can emit the matching
+ * {@link SolidPodLogEvent}. Internal to the DO↔front-door contract; stripped
+ * before the response reaches the client.
+ */
+export const PodOutcome = {
+    WacDenied: "wac_denied",
+    AnonymousWriteRefused: "anon_write_refused",
+    Replay: "replay",
+};
+//# sourceMappingURL=log.js.map

package/dist/log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"log.js","sourceRoot":"","sources":["../src/log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,sDAAsD;AACtD,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B;;;OAGG;IACH,YAAY,EAAE,qBAAqB;IACnC,4EAA4E;IAC5E,YAAY,EAAE,qBAAqB;IACnC,2FAA2F;IAC3F,YAAY,EAAE,kBAAkB;IAChC,uEAAuE;IACvE,qBAAqB,EAAE,+BAA+B;IACtD,oFAAoF;IACpF,cAAc,EAAE,4BAA4B;CACpC,CAAC;AAMX;;;;;GAKG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,SAAS,EAAE,YAAY;IACvB,qBAAqB,EAAE,oBAAoB;IAC3C,MAAM,EAAE,QAAQ;CACR,CAAC"}

package/dist/negotiation.d.ts

@@ -0,0 +1,23 @@
+/**
+ * RDF content negotiation for reads.
+ *
+ * Maps an `Accept` header to a concrete RDF serialization `@dwk/rdf` can write,
+ * preferring the client's highest-q acceptable type and falling back to Turtle
+ * (the Solid default). Turtle and JSON-LD are the guaranteed minimum; the other
+ * Turtle-family types `@dwk/rdf` supports are offered too.
+ */
+import { type RdfFormat } from "@dwk/rdf";
+/** A negotiated serialization: the concrete media type and `@dwk/rdf` format. */
+export interface Negotiated {
+    readonly mediaType: string;
+    readonly format: RdfFormat;
+}
+/**
+ * Choose the RDF serialization to write for an `Accept` header, or `null` when
+ * the header is present but lists nothing this server can serve (the caller MUST
+ * then answer `406 Not Acceptable`). An absent/empty `Accept` or a `*` `/` `*`
+ * wildcard yields the Turtle default; concrete RDF media types and family
+ * wildcards (`text/*`, `application/*`) negotiate to a supported type.
+ */
+export declare function negotiateMediaType(accept: string | null): Negotiated | null;
+//# sourceMappingURL=negotiation.d.ts.map

package/dist/negotiation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"negotiation.d.ts","sourceRoot":"","sources":["../src/negotiation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAsB,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAE9D,iFAAiF;AACjF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;CAC5B;AAsCD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,UAAU,GAAG,IAAI,CAoC3E"}

package/dist/negotiation.js

@@ -0,0 +1,80 @@
+/**
+ * RDF content negotiation for reads.
+ *
+ * Maps an `Accept` header to a concrete RDF serialization `@dwk/rdf` can write,
+ * preferring the client's highest-q acceptable type and falling back to Turtle
+ * (the Solid default). Turtle and JSON-LD are the guaranteed minimum; the other
+ * Turtle-family types `@dwk/rdf` supports are offered too.
+ */
+import { formatForMediaType } from "@dwk/rdf";
+/** Canonical media types offered on read, in server-preference order. */
+const OFFERED = [
+    "text/turtle",
+    "application/ld+json",
+    "application/n-triples",
+    "application/trig",
+    "application/n-quads",
+];
+const DEFAULT = { mediaType: "text/turtle", format: "Turtle" };
+/** Parse an `Accept` header into entries sorted by descending q-value. */
+function parseAccept(accept) {
+    return accept
+        .split(",")
+        .map((part) => {
+        const [type, ...params] = part.split(";").map((s) => s.trim());
+        let q = 1;
+        for (const param of params) {
+            const m = /^q=([0-9.]+)$/.exec(param);
+            if (m)
+                q = Number.parseFloat(m[1]);
+        }
+        return {
+            type: (type ?? "").toLowerCase(),
+            q: Number.isFinite(q) ? q : 0,
+        };
+    })
+        .filter((e) => e.type.length > 0)
+        .sort((a, b) => b.q - a.q);
+}
+/**
+ * Choose the RDF serialization to write for an `Accept` header, or `null` when
+ * the header is present but lists nothing this server can serve (the caller MUST
+ * then answer `406 Not Acceptable`). An absent/empty `Accept` or a `*` `/` `*`
+ * wildcard yields the Turtle default; concrete RDF media types and family
+ * wildcards (`text/*`, `application/*`) negotiate to a supported type.
+ */
+export function negotiateMediaType(accept) {
+    if (!accept || accept.trim() === "")
+        return DEFAULT;
+    for (const entry of parseAccept(accept)) {
+        if (entry.q === 0)
+            continue;
+        if (entry.type === "*/*")
+            return DEFAULT;
+        const essence = entry.type.split(";")[0]?.trim() ?? "";
+        // Read-only opt-in: a client asking for `application/json` gets JSON-LD.
+        // This alias lives here, not in `@dwk/rdf`'s RDF media-type registry, so an
+        // incoming `application/json` *request body* is never misparsed as RDF.
+        if (essence === "application/json") {
+            return { mediaType: "application/ld+json", format: "JSON-LD" };
+        }
+        const format = formatForMediaType(entry.type);
+        if (format) {
+            return { mediaType: essence || "text/turtle", format };
+        }
+        // Wildcard subtypes (`text/*`, `application/*`): pick the first offered
+        // type in that family.
+        const slash = entry.type.indexOf("/");
+        if (slash > 0 && entry.type.endsWith("/*")) {
+            const family = entry.type.slice(0, slash);
+            const offered = OFFERED.find((m) => m.startsWith(`${family}/`));
+            if (offered) {
+                return { mediaType: offered, format: formatForMediaType(offered) };
+            }
+        }
+    }
+    // An `Accept` was supplied but nothing in it is acceptable: signal 406 rather
+    // than silently serving Turtle the client said it could not handle.
+    return null;
+}
+//# sourceMappingURL=negotiation.js.map

package/dist/negotiation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"negotiation.js","sourceRoot":"","sources":["../src/negotiation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,kBAAkB,EAAkB,MAAM,UAAU,CAAC;AAQ9D,yEAAyE;AACzE,MAAM,OAAO,GAAsB;IACjC,aAAa;IACb,qBAAqB;IACrB,uBAAuB;IACvB,kBAAkB;IAClB,qBAAqB;CACtB,CAAC;AAEF,MAAM,OAAO,GAAe,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAO3E,0EAA0E;AAC1E,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,MAAM;SACV,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACZ,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/D,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtC,IAAI,CAAC;gBAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAW,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO;YACL,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;YAChC,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC9B,CAAC;IACJ,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;SAChC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAqB;IACtD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,OAAO,CAAC;IAEpD,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC;QACxC,IAAI,KAAK,CAAC,CAAC,KAAK,CAAC;YAAE,SAAS;QAC5B,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,OAAO,OAAO,CAAC;QAEzC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAEvD,yEAAyE;QACzE,4EAA4E;QAC5E,wEAAwE;QACxE,IAAI,OAAO,KAAK,kBAAkB,EAAE,CAAC;YACnC,OAAO,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QACjE,CAAC;QAED,MAAM,MAAM,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,EAAE,SAAS,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,EAAE,CAAC;QACzD,CAAC;QAED,wEAAwE;QACxE,uBAAuB;QACvB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC;YAChE,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAE,EAAE,CAAC;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,oEAAoE;IACpE,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/patch.d.ts

@@ -0,0 +1,80 @@
+/**
+ * N3 Patch (`text/n3`) and a minimal `application/sparql-update` parser, plus
+ * the deliberately-small `solid:where` matcher.
+ *
+ * This is **not** a SPARQL engine. `solid:where` is a conjunctive basic graph
+ * pattern matched against the resource's current triples; the patch applies
+ * only when the pattern binds to **exactly one** solution (per the Solid
+ * Protocol's N3 Patch rules). Variables in `solid:deletes` / `solid:inserts`
+ * are then instantiated from that single binding. Anything richer (`OPTIONAL`,
+ * `FILTER`, property paths, multiple solutions) is out of scope and surfaces as
+ * a `409`.
+ */
+import { type StoredQuad, type StoredTerm } from "@dwk/rdf";
+/** A term in a patch template/pattern: a variable, or a concrete RDF term. */
+type PatchTerm = {
+    readonly kind: "var";
+    readonly name: string;
+} | {
+    readonly kind: "term";
+    readonly term: StoredTerm;
+};
+/** A triple pattern (subject/predicate/object) from a patch graph. */
+interface PatchTriple {
+    readonly subject: PatchTerm;
+    readonly predicate: PatchTerm;
+    readonly object: PatchTerm;
+}
+/** A parsed patch: the `where` pattern and the `deletes`/`inserts` templates. */
+export interface Patch {
+    readonly where: readonly PatchTriple[];
+    readonly deletes: readonly PatchTriple[];
+    readonly inserts: readonly PatchTriple[];
+}
+/** A concrete delete/insert pair ready to hand to `@dwk/store`. */
+export interface ResolvedPatch {
+    readonly deletes: readonly StoredQuad[];
+    readonly inserts: readonly StoredQuad[];
+    /** True when the patch only inserts (authorizable with `acl:Append`). */
+    readonly insertOnly: boolean;
+}
+/** A stable failure code from parsing or applying a patch. */
+export type PatchError = "parse_error" | "unsupported_media_type" | "no_match" | "ambiguous_match" | "delete_not_found" | "where_too_complex";
+export declare class PatchProblem extends Error {
+    readonly code: PatchError;
+    constructor(code: PatchError);
+}
+/**
+ * A stable failure code for a violation of the N3 Patch *document constraints*
+ * (Solid Protocol §5.3.1) — as distinct from a binding/state outcome. These all
+ * mean the patch document is itself malformed or ill-formed per the spec, and
+ * MUST be answered with `422 Unprocessable Entity` (`#server-patch-n3-invalid`).
+ */
+export type PatchConstraint = "parse_error" | "missing_type" | "duplicate_predicate" | "blank_node_in_template" | "unbound_template_variable";
+/**
+ * Thrown when a patch document does not satisfy the N3 Patch document
+ * constraints. Kept distinct from {@link PatchProblem} so the handler can map it
+ * to `422` while binding/state failures stay `409`.
+ */
+export declare class PatchConstraintError extends Error {
+    readonly code: PatchConstraint;
+    constructor(code: PatchConstraint);
+}
+/** Parse a patch body by its `Content-Type`. */
+export declare function parsePatch(body: string, contentType: string, baseIRI: string): Patch;
+/**
+ * Resolve a parsed {@link Patch} against the resource's `current` quads into a
+ * concrete delete/insert pair.
+ *
+ * @throws {PatchProblem}
+ *  - `no_match` when `where` binds to no solution;
+ *  - `ambiguous_match` when it binds to more than one;
+ *  - `delete_not_found` when a resolved delete triple is absent;
+ *  - `where_too_complex` when the `where` pattern exceeds the solver's bounds.
+ * @throws {PatchConstraintError}
+ *  - `unbound_template_variable` when a template uses an unbound variable
+ *    (backstop for the SPARQL path; N3 patches are checked at parse time).
+ */
+export declare function resolvePatch(patch: Patch, current: readonly StoredQuad[]): ResolvedPatch;
+export {};
+//# sourceMappingURL=patch.d.ts.map

package/dist/patch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patch.d.ts","sourceRoot":"","sources":["../src/patch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAGL,KAAK,UAAU,EACf,KAAK,UAAU,EAChB,MAAM,UAAU,CAAC;AAQlB,8EAA8E;AAC9E,KAAK,SAAS,GACV;IAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC/C;IAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAAC;AAEzD,sEAAsE;AACtE,UAAU,WAAW;IACnB,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;CAC5B;AAED,iFAAiF;AACjF,MAAM,WAAW,KAAK;IACpB,QAAQ,CAAC,KAAK,EAAE,SAAS,WAAW,EAAE,CAAC;IACvC,QAAQ,CAAC,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;IACzC,QAAQ,CAAC,OAAO,EAAE,SAAS,WAAW,EAAE,CAAC;CAC1C;AAED,mEAAmE;AACnE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,SAAS,UAAU,EAAE,CAAC;IACxC,QAAQ,CAAC,OAAO,EAAE,SAAS,UAAU,EAAE,CAAC;IACxC,yEAAyE;IACzE,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;CAC9B;AAED,8DAA8D;AAC9D,MAAM,MAAM,UAAU,GAClB,aAAa,GACb,wBAAwB,GACxB,UAAU,GACV,iBAAiB,GACjB,kBAAkB,GAClB,mBAAmB,CAAC;AAExB,qBAAa,YAAa,SAAQ,KAAK;IACzB,QAAQ,CAAC,IAAI,EAAE,UAAU;gBAAhB,IAAI,EAAE,UAAU;CAItC;AAED;;;;;GAKG;AACH,MAAM,MAAM,eAAe,GACvB,aAAa,GACb,cAAc,GACd,qBAAqB,GACrB,wBAAwB,GACxB,2BAA2B,CAAC;AAEhC;;;;GAIG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;IACjC,QAAQ,CAAC,IAAI,EAAE,eAAe;gBAArB,IAAI,EAAE,eAAe;CAI3C;AAsPD,gDAAgD;AAChD,wBAAgB,UAAU,CACxB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,KAAK,CAYP;AAyJD;;;;;;;;;;;;GAYG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,KAAK,EACZ,OAAO,EAAE,SAAS,UAAU,EAAE,GAC7B,aAAa,CAcf"}