@enterprisestandard/esv 0.0.5-beta.20260115.1 → 0.0.5-beta.20260115.2

package/dist/server/vault.js

@@ -0,0 +1,92 @@
+/**
+ * Vault endpoint handlers for the ESV mock server
+ *
+ * Provides configuration secrets for SSO, IAM, and Workload services.
+ */
+/**
+ * Default ESV configuration returned by the vault
+ */
+function getEsvConfig(baseUrl = 'http://localhost:3555') {
+    return {
+        sso: {
+            authority: `${baseUrl}/sso`,
+            token_url: `${baseUrl}/sso/token`,
+            authorization_url: `${baseUrl}/sso/authorize`,
+            jwks_uri: `${baseUrl}/sso/certs`,
+            client_id: 'local-test-client',
+            client_secret: 'local-test-secret',
+            redirect_uri: 'http://localhost:3000/api/auth/callback',
+            scope: 'openid profile email',
+            revocation_endpoint: `${baseUrl}/sso/revoke`,
+            end_session_endpoint: `${baseUrl}/sso/logout`,
+        },
+        iam: {
+            url: `${baseUrl}/iam`,
+            // Note: The ESV server handles SCIM at /iam/Users and /iam/Groups
+            // The url should point to the base IAM endpoint, not /scim/v2
+        },
+        workload: {
+            token_url: `${baseUrl}/workload/token`,
+            jwks_uri: `${baseUrl}/workload/certs`,
+            client_id: 'local-workload-client',
+            client_secret: 'local-workload-secret',
+            issuer: `${baseUrl}/workload`,
+            audience: `${baseUrl}/workload`,
+        },
+    };
+}
+/**
+ * Handle vault requests
+ */
+export function handleVaultRequest(req, res, pathname) {
+    // Remove /vault prefix
+    const vaultPath = pathname.replace(/^\/vault/, '');
+    // Handle GET /vault/v1/secret/data/esv/config
+    if (req.method === 'GET' && vaultPath === '/v1/secret/data/esv/config') {
+        // Verify vault token
+        const token = req.headers['x-vault-token'];
+        if (token !== 'local-esv-token') {
+            res.writeHead(403, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ errors: ['permission denied'] }));
+            return;
+        }
+        const config = getEsvConfig();
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            request_id: 'local-esv-request',
+            lease_id: '',
+            renewable: false,
+            lease_duration: 0,
+            data: {
+                data: config,
+                metadata: {
+                    created_time: new Date().toISOString(),
+                    deletion_time: '',
+                    destroyed: false,
+                    version: 1,
+                },
+            },
+            wrap_info: null,
+            warnings: null,
+            auth: null,
+        }));
+        return;
+    }
+    // Handle GET /vault/v1/secret/data/* for other secrets
+    if (req.method === 'GET' && vaultPath.startsWith('/v1/secret/data/')) {
+        const token = req.headers['x-vault-token'];
+        if (token !== 'local-esv-token') {
+            res.writeHead(403, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ errors: ['permission denied'] }));
+            return;
+        }
+        // Return empty secret for unknown paths
+        res.writeHead(404, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ errors: ['secret not found'] }));
+        return;
+    }
+    // 404 for unknown vault paths
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ errors: ['path not found'] }));
+}
+//# sourceMappingURL=vault.js.map

package/dist/server/vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.js","sourceRoot":"","sources":["../../src/server/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,SAAS,YAAY,CAAC,UAAkB,uBAAuB;IAC7D,OAAO;QACL,GAAG,EAAE;YACH,SAAS,EAAE,GAAG,OAAO,MAAM;YAC3B,SAAS,EAAE,GAAG,OAAO,YAAY;YACjC,iBAAiB,EAAE,GAAG,OAAO,gBAAgB;YAC7C,QAAQ,EAAE,GAAG,OAAO,YAAY;YAChC,SAAS,EAAE,mBAAmB;YAC9B,aAAa,EAAE,mBAAmB;YAClC,YAAY,EAAE,yCAAyC;YACvD,KAAK,EAAE,sBAAsB;YAC7B,mBAAmB,EAAE,GAAG,OAAO,aAAa;YAC5C,oBAAoB,EAAE,GAAG,OAAO,aAAa;SAC9C;QACD,GAAG,EAAE;YACH,GAAG,EAAE,GAAG,OAAO,MAAM;YACrB,kEAAkE;YAClE,8DAA8D;SAC/D;QACD,QAAQ,EAAE;YACR,SAAS,EAAE,GAAG,OAAO,iBAAiB;YACtC,QAAQ,EAAE,GAAG,OAAO,iBAAiB;YACrC,SAAS,EAAE,uBAAuB;YAClC,aAAa,EAAE,uBAAuB;YACtC,MAAM,EAAE,GAAG,OAAO,WAAW;YAC7B,QAAQ,EAAE,GAAG,OAAO,WAAW;SAChC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAoB,EAAE,GAAmB,EAAE,QAAgB;IAC5F,uBAAuB;IACvB,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAEnD,8CAA8C;IAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,SAAS,KAAK,4BAA4B,EAAE,CAAC;QACvE,qBAAqB;QACrB,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC3C,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;YAChC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAE9B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,UAAU,EAAE,mBAAmB;YAC/B,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,KAAK;YAChB,cAAc,EAAE,CAAC;YACjB,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE;oBACR,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACtC,aAAa,EAAE,EAAE;oBACjB,SAAS,EAAE,KAAK;oBAChB,OAAO,EAAE,CAAC;iBACX;aACF;YACD,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,IAAI;SACX,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,uDAAuD;IACvD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,SAAS,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACrE,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC3C,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;YAChC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,wCAAwC;QACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,8BAA8B;IAC9B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC"}

package/dist/server/workload.js

@@ -0,0 +1,226 @@
+/**
+ * Workload Identity endpoint handlers for the ESV mock server
+ *
+ * Implements OAuth2 client credentials and JWT bearer grant for workload identity.
+ */
+import { getJwks, signJwt, verifyJwt } from './crypto.js';
+const ISSUER = 'http://localhost:3555/workload';
+const TOKEN_EXPIRY = 3600; // 1 hour
+// Valid client credentials for testing
+const VALID_CLIENTS = {
+    'local-workload-client': 'local-workload-secret',
+};
+/**
+ * Parse request body as URL-encoded form data
+ */
+async function parseFormBody(req) {
+    return new Promise((resolve, reject) => {
+        let body = '';
+        req.on('data', (chunk) => {
+            body += chunk.toString();
+        });
+        req.on('end', () => {
+            resolve(new URLSearchParams(body));
+        });
+        req.on('error', reject);
+    });
+}
+/**
+ * Handle workload requests
+ */
+export async function handleWorkloadRequest(req, res, pathname) {
+    // Remove /workload prefix
+    const workloadPath = pathname.replace(/^\/workload/, '');
+    // POST /workload/token - Token endpoint
+    if (req.method === 'POST' && workloadPath === '/token') {
+        await handleToken(req, res);
+        return;
+    }
+    // GET /workload/certs - JWKS endpoint
+    if (req.method === 'GET' && workloadPath === '/certs') {
+        handleCerts(res);
+        return;
+    }
+    // POST /workload/validate - Token validation endpoint (for testing)
+    if (req.method === 'POST' && workloadPath === '/validate') {
+        handleValidate(req, res);
+        return;
+    }
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'not_found' }));
+}
+/**
+ * Token endpoint - issues access tokens for client credentials or JWT bearer
+ */
+async function handleToken(req, res) {
+    const body = await parseFormBody(req);
+    const grantType = body.get('grant_type');
+    if (grantType === 'client_credentials') {
+        handleClientCredentials(body, res);
+    }
+    else if (grantType === 'urn:ietf:params:oauth:grant-type:jwt-bearer') {
+        handleJwtBearer(body, res);
+    }
+    else {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            error: 'unsupported_grant_type',
+            error_description: 'Only client_credentials and jwt-bearer are supported',
+        }));
+    }
+}
+/**
+ * Handle client credentials grant
+ */
+function handleClientCredentials(body, res) {
+    const clientId = body.get('client_id');
+    const clientSecret = body.get('client_secret');
+    const scope = body.get('scope') || '';
+    if (!clientId || !clientSecret) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            error: 'invalid_request',
+            error_description: 'Missing client_id or client_secret',
+        }));
+        return;
+    }
+    // Validate credentials
+    const expectedSecret = VALID_CLIENTS[clientId];
+    if (!expectedSecret || expectedSecret !== clientSecret) {
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            error: 'invalid_client',
+            error_description: 'Invalid client credentials',
+        }));
+        return;
+    }
+    // Generate access token
+    const accessTokenClaims = {
+        iss: ISSUER,
+        sub: clientId,
+        aud: ISSUER,
+        client_id: clientId,
+        scope,
+    };
+    const accessToken = signJwt(accessTokenClaims, TOKEN_EXPIRY);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+        access_token: accessToken,
+        token_type: 'Bearer',
+        expires_in: TOKEN_EXPIRY,
+        scope,
+    }));
+}
+/**
+ * Handle JWT bearer grant
+ */
+function handleJwtBearer(body, res) {
+    const assertion = body.get('assertion');
+    const scope = body.get('scope') || '';
+    if (!assertion) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            error: 'invalid_request',
+            error_description: 'Missing assertion',
+        }));
+        return;
+    }
+    // Verify the JWT assertion
+    const result = verifyJwt(assertion);
+    if (!result.valid) {
+        res.writeHead(400, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            error: 'invalid_grant',
+            error_description: result.error || 'Invalid JWT assertion',
+        }));
+        return;
+    }
+    // Extract workload ID from assertion
+    const workloadId = result.payload?.sub;
+    // Generate access token
+    const accessTokenClaims = {
+        iss: ISSUER,
+        sub: workloadId,
+        aud: ISSUER,
+        workload_id: workloadId,
+        scope: scope || result.payload?.scope || '',
+    };
+    const accessToken = signJwt(accessTokenClaims, TOKEN_EXPIRY);
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+        access_token: accessToken,
+        token_type: 'Bearer',
+        expires_in: TOKEN_EXPIRY,
+        scope: accessTokenClaims.scope,
+    }));
+}
+/**
+ * JWKS endpoint
+ */
+function handleCerts(res) {
+    const jwks = getJwks();
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify(jwks));
+}
+/**
+ * Token validation endpoint (for testing)
+ */
+function handleValidate(req, res) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            valid: false,
+            error: 'Missing Authorization header',
+        }));
+        return;
+    }
+    const token = authHeader.substring(7);
+    const result = verifyJwt(token);
+    if (!result.valid) {
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({
+            valid: false,
+            error: result.error,
+        }));
+        return;
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+        valid: true,
+        claims: result.payload,
+        expiresAt: result.payload?.exp ? new Date(result.payload.exp * 1000).toISOString() : undefined,
+    }));
+}
+/**
+ * Mock /api/whoami endpoint for testing workload authentication
+ *
+ * This endpoint validates workload tokens and returns the workload identity,
+ * allowing applications to be tested independently without requiring
+ * another application to be running.
+ */
+export function handleWhoamiRequest(req, res) {
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'Unauthorized' }));
+        return;
+    }
+    const token = authHeader.substring(7);
+    const result = verifyJwt(token);
+    if (!result.valid) {
+        res.writeHead(401, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify({ error: 'Invalid token', details: result.error }));
+        return;
+    }
+    res.writeHead(200, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+        user: null,
+        workload: {
+            workload_id: result.payload?.sub,
+            client_id: result.payload?.client_id,
+            scope: result.payload?.scope,
+        },
+    }));
+}
+//# sourceMappingURL=workload.js.map

package/dist/server/workload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workload.js","sourceRoot":"","sources":["../../src/server/workload.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAE1D,MAAM,MAAM,GAAG,gCAAgC,CAAC;AAChD,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,SAAS;AAEpC,uCAAuC;AACvC,MAAM,aAAa,GAA2B;IAC5C,uBAAuB,EAAE,uBAAuB;CACjD,CAAC;AAEF;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,GAAoB;IAC/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YACvB,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,OAAO,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAoB,EACpB,GAAmB,EACnB,QAAgB;IAEhB,0BAA0B;IAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAEzD,wCAAwC;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QACvD,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,sCAAsC;IACtC,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QACtD,WAAW,CAAC,GAAG,CAAC,CAAC;QACjB,OAAO;IACT,CAAC;IAED,oEAAoE;IACpE,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,YAAY,KAAK,WAAW,EAAE,CAAC;QAC1D,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACzB,OAAO;IACT,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,GAAoB,EAAE,GAAmB;IAClE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAEzC,IAAI,SAAS,KAAK,oBAAoB,EAAE,CAAC;QACvC,uBAAuB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrC,CAAC;SAAM,IAAI,SAAS,KAAK,6CAA6C,EAAE,CAAC;QACvE,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,wBAAwB;YAC/B,iBAAiB,EAAE,sDAAsD;SAC1E,CAAC,CACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,IAAqB,EAAE,GAAmB;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAEtC,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,oCAAoC;SACxD,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,uBAAuB;IACvB,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC,cAAc,IAAI,cAAc,KAAK,YAAY,EAAE,CAAC;QACvD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,gBAAgB;YACvB,iBAAiB,EAAE,4BAA4B;SAChD,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,wBAAwB;IACxB,MAAM,iBAAiB,GAAG;QACxB,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,MAAM;QACX,SAAS,EAAE,QAAQ;QACnB,KAAK;KACN,CAAC;IAEF,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAE7D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,YAAY;QACxB,KAAK;KACN,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,IAAqB,EAAE,GAAmB;IACjE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAEtC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,iBAAiB;YACxB,iBAAiB,EAAE,mBAAmB;SACvC,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;IAEpC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,MAAM,CAAC,KAAK,IAAI,uBAAuB;SAC3D,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,qCAAqC;IACrC,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,EAAE,GAAa,CAAC;IAEjD,wBAAwB;IACxB,MAAM,iBAAiB,GAAG;QACxB,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,MAAM;QACX,WAAW,EAAE,UAAU;QACvB,KAAK,EAAE,KAAK,IAAK,MAAM,CAAC,OAAO,EAAE,KAAgB,IAAI,EAAE;KACxD,CAAC;IAEF,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAE7D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,YAAY;QACxB,KAAK,EAAE,iBAAiB,CAAC,KAAK;KAC/B,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAmB;IACtC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAoB,EAAE,GAAmB;IAC/D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAE7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,8BAA8B;SACtC,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,MAAM,CAAC,OAAO;QACtB,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAE,MAAM,CAAC,OAAO,CAAC,GAAc,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;KAC3G,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAoB,EAAE,GAAmB;IAC3E,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAE7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAEhC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;QACb,IAAI,EAAE,IAAI;QACV,QAAQ,EAAE;YACR,WAAW,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG;YAChC,SAAS,EAAE,MAAM,CAAC,OAAO,EAAE,SAAS;YACpC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,KAAK;SAC7B;KACF,CAAC,CACH,CAAC;AACJ,CAAC"}