@enterprisestandard/react 0.0.5-beta.20260114.3 → 0.0.5-beta.20260115.2

package/dist/workload-server.d.ts

@@ -1,5 +1,6 @@
+import type { EnterpriseStandard } from '.';
 import type { TokenValidationResult } from './types/workload-schema';
-import type { ESConfig, WorkloadIdentity } from './workload';
+import type { WorkloadIdentity } from './workload';
 /**
  * Get the workload identity from an incoming request.
  * Returns undefined if no valid workload token is present.
@@ -24,7 +25,7 @@ import type { ESConfig, WorkloadIdentity } from './workload';
  * }
  * ```
  */
-export declare function getWorkload(request: Request, config?: ESConfig): Promise<WorkloadIdentity | undefined>;
+export declare function getWorkload(request: Request, es?: EnterpriseStandard): Promise<WorkloadIdentity | undefined>;
 /**
  * Get an access token for the configured workload identity.
  *
@@ -45,7 +46,7 @@ export declare function getWorkload(request: Request, config?: ESConfig): Promis
  * });
  * ```
  */
-export declare function getWorkloadToken(scope?: string, config?: ESConfig): Promise<string>;
+export declare function getWorkloadToken(scope?: string, es?: EnterpriseStandard): Promise<string>;
 /**
  * Validate a workload token from an incoming request.
  *
@@ -72,7 +73,7 @@ export declare function getWorkloadToken(scope?: string, config?: ESConfig): Pro
  * }
  * ```
  */
-export declare function validateWorkloadToken(request: Request, config?: ESConfig): Promise<TokenValidationResult>;
+export declare function validateWorkloadToken(request: Request, es?: EnterpriseStandard): Promise<TokenValidationResult>;
 /**
  * Revoke a workload access token.
  *
@@ -87,7 +88,7 @@ export declare function validateWorkloadToken(request: Request, config?: ESConfi
  * await revokeWorkloadToken(accessToken);
  * ```
  */
-export declare function revokeWorkloadToken(token: string, config?: ESConfig): Promise<void>;
+export declare function revokeWorkloadToken(token: string, es?: EnterpriseStandard): Promise<void>;
 /**
  * Framework-agnostic handler for workload authentication routes.
  *
@@ -122,5 +123,5 @@ export declare function revokeWorkloadToken(token: string, config?: ESConfig): P
  * });
  * ```
  */
-export declare function workloadHandler(request: Request, config?: ESConfig): Promise<Response>;
+export declare function workloadHandler(request: Request, es?: EnterpriseStandard): Promise<Response>;
 //# sourceMappingURL=workload-server.d.ts.map

package/dist/workload-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"workload-server.d.ts","sourceRoot":"","sources":["../src/workload-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAErE,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAmB7D;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAM5G;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAIzF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAa/G;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAIzF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAI5F"}
+{"version":3,"file":"workload-server.d.ts","sourceRoot":"","sources":["../src/workload-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAErE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAcnD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAMlH;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAI/F;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAarH;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAI/F;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAIlG"}

package/dist/workload-server.js

@@ -0,0 +1,167 @@
+import { getES } from './utils';
+/**
+ * Returns a 503 response indicating that the SSO is unavailable
+ */
+function unavailable(error) {
+    error = error ?? 'Workload authentication unavailable';
+    new Response(JSON.stringify({ error }), {
+        status: 503,
+        statusText: error,
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+/**
+ * Get the workload identity from an incoming request.
+ * Returns undefined if no valid workload token is present.
+ *
+ * @param request - Request with Authorization header
+ * @param config - Optional EnterpriseStandard configuration
+ * @returns WorkloadIdentity or undefined
+ *
+ * @example
+ * ```typescript
+ * import { getWorkload } from '@enterprisestandard/react';
+ *
+ * export async function handler(request: Request) {
+ *   const workload = await getWorkload(request);
+ *
+ *   if (!workload) {
+ *     return new Response('Unauthorized', { status: 401 });
+ *   }
+ *
+ *   console.log('Request from workload:', workload.workload_id);
+ *   // ... process authenticated request
+ * }
+ * ```
+ */
+export async function getWorkload(request, es) {
+    const workloadAuth = getES(es)?.workload;
+    if (!workloadAuth) {
+        return undefined;
+    }
+    return workloadAuth.getWorkload(request);
+}
+/**
+ * Get an access token for the configured workload identity.
+ *
+ * @param scope - Optional OAuth2 scopes (space-delimited)
+ * @param config - Optional EnterpriseStandard configuration
+ * @returns Access token string
+ *
+ * @example
+ * ```typescript
+ * import { getWorkloadToken } from '@enterprisestandard/react/server';
+ *
+ * // Get token for API calls
+ * const token = await getWorkloadToken('api:read api:write');
+ *
+ * // Use in outbound requests
+ * const response = await fetch('https://api.example.com/data', {
+ *   headers: { 'Authorization': `Bearer ${token}` },
+ * });
+ * ```
+ */
+export async function getWorkloadToken(scope, es) {
+    const workloadAuth = getES(es)?.workload;
+    if (!workloadAuth)
+        throw unavailable();
+    return workloadAuth.getToken(scope);
+}
+/**
+ * Validate a workload token from an incoming request.
+ *
+ * @param request - Request with Authorization header
+ * @param config - Optional EnterpriseStandard configuration
+ * @returns Token validation result
+ *
+ * @example
+ * ```typescript
+ * import { validateWorkloadToken } from '@enterprisestandard/react/server';
+ *
+ * export async function handler(request: Request) {
+ *   const result = await validateWorkloadToken(request);
+ *
+ *   if (!result.valid) {
+ *     return new Response(
+ *       JSON.stringify({ error: result.error }),
+ *       { status: 401 }
+ *     );
+ *   }
+ *
+ *   const workloadId = result.claims?.iss;
+ *   // ... process authenticated request
+ * }
+ * ```
+ */
+export async function validateWorkloadToken(request, es) {
+    const workloadAuth = getES(es)?.workload;
+    if (!workloadAuth) {
+        return { valid: false, error: 'Workload authentication unavailable' };
+    }
+    const authHeader = request.headers.get('Authorization');
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return { valid: false, error: 'Missing or invalid Authorization header' };
+    }
+    const token = authHeader.substring(7);
+    return workloadAuth.validateToken(token);
+}
+/**
+ * Revoke a workload access token.
+ *
+ * @param token - The access token to revoke
+ * @param config - Optional EnterpriseStandard configuration
+ *
+ * @example
+ * ```typescript
+ * import { revokeWorkloadToken } from '@enterprisestandard/react/server';
+ *
+ * // Revoke token when workload is decommissioned
+ * await revokeWorkloadToken(accessToken);
+ * ```
+ */
+export async function revokeWorkloadToken(token, es) {
+    const workloadAuth = getES(es)?.workload;
+    if (!workloadAuth)
+        throw unavailable();
+    return workloadAuth.revokeToken(token);
+}
+/**
+ * Framework-agnostic handler for workload authentication routes.
+ *
+ * The handler reads configuration (handler URLs, validation) directly from the
+ * EnterpriseStandard instance, so no config parameter is needed.
+ *
+ * @param request - Incoming request
+ * @param config - Optional ESConfig to specify which EnterpriseStandard instance to use
+ * @returns Response
+ *
+ * @example
+ * ```typescript
+ * import { workloadHandler } from '@enterprisestandard/react/server';
+ *
+ * // TanStack Start example
+ * export const Route = createFileRoute('/api/workload/$')({
+ *   server: {
+ *     handlers: ({ createHandlers }) =>
+ *       createHandlers({
+ *         GET: {
+ *           handler: async ({ request }) => {
+ *             return workloadHandler(request);
+ *           },
+ *         },
+ *         POST: {
+ *           handler: async ({ request }) => {
+ *             return workloadHandler(request);
+ *           },
+ *         },
+ *       }),
+ *   },
+ * });
+ * ```
+ */
+export async function workloadHandler(request, es) {
+    const workloadAuth = getES(es)?.workload;
+    if (!workloadAuth)
+        throw unavailable();
+    return workloadAuth.handler(request);
+}

package/dist/workload-token-store.js

@@ -0,0 +1,95 @@
+/**
+ * Token caching for workload identity authentication.
+ *
+ * Token stores are optional but recommended for performance - they enable:
+ * - Token caching to avoid repeated token acquisition
+ * - Automatic token refresh before expiration
+ * - Reduced load on authorization servers
+ *
+ * ## Token Caching Strategy
+ *
+ * Unlike session stores for user authentication, workload token stores cache
+ * short-lived access tokens (typically 5 minutes) for service-to-service calls.
+ *
+ * **Default Behavior:**
+ * - Tokens cached with 5-minute TTL
+ * - Auto-refresh 60 seconds before expiration
+ * - Expired tokens automatically removed
+ *
+ * ## Performance Characteristics
+ *
+ * | Backend      | Lookup Time | Use Case                    |
+ * |--------------|-------------|----------------------------|
+ * | InMemory     | <0.00005ms  | Single-server deployments  |
+ * | Redis        | 1-2ms       | Multi-server deployments   |
+ * | Database     | 5-20ms      | Persistent token storage   |
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import { workload, InMemoryWorkloadTokenStore } from '@enterprisestandard/react/server';
+ *
+ * // With token caching
+ * const workloadAuth = workload({
+ *   // ... other config
+ *   token_store: new InMemoryWorkloadTokenStore(),
+ *   auto_refresh: true,  // Refresh before expiry
+ * });
+ *
+ * // Without token caching (fetch new token each time)
+ * const workloadAuth = workload({
+ *   // ... config without token_store
+ * });
+ * ```
+ */
+/**
+ * In-memory workload token store implementation using Maps.
+ *
+ * Suitable for:
+ * - Development and testing
+ * - Single-server deployments
+ * - Applications without high availability requirements
+ *
+ * NOT suitable for:
+ * - Multi-server deployments (tokens not shared across instances)
+ * - High availability scenarios (tokens lost on restart)
+ * - Production applications with distributed architecture
+ *
+ * For production multi-server deployments, implement WorkloadTokenStore with Redis.
+ *
+ * @template TExtended - Type-safe custom data that consumers can add to cached tokens
+ */
+export class InMemoryWorkloadTokenStore {
+    constructor() {
+        this.tokens = new Map();
+    }
+    async set(token) {
+        this.tokens.set(token.workload_id, token);
+    }
+    async get(workload_id) {
+        const token = this.tokens.get(workload_id);
+        if (!token)
+            return null;
+        // Check if token is expired
+        if (Date.now() > token.expires_at.getTime()) {
+            this.tokens.delete(workload_id);
+            return null;
+        }
+        return token;
+    }
+    async delete(workload_id) {
+        this.tokens.delete(workload_id);
+    }
+    async isValid(workload_id) {
+        const token = await this.get(workload_id);
+        return token !== null;
+    }
+    async cleanup() {
+        const now = Date.now();
+        for (const [workload_id, token] of this.tokens.entries()) {
+            if (now > token.expires_at.getTime()) {
+                this.tokens.delete(workload_id);
+            }
+        }
+    }
+}

package/dist/workload.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"workload.d.ts","sourceRoot":"","sources":["../src/workload.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAGhH,OAAO,EAA8B,KAAK,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE7F;;GAEG;AACH,KAAK,kBAAkB,GAAG;IACxB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IAEjC;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE;QACX,kBAAkB,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnE,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;KAClE,CAAC;CACH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,uBAAuB,GAAG,kBAAkB,GAAG;IACzD;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;CACvE,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,+BAA+B,GAAG,kBAAkB,GAAG;IACjE;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,cAAc,GAAG,uBAAuB,GAAG,+BAA+B,GAAG,wBAAwB,CAAC;AA2BlH,MAAM,MAAM,QAAQ,GAAG;IACrB,EAAE,CAAC,EAAE,kBAAkB,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,MAAM,EAAE,kBAAkB,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG;IAEtC,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,YAAY,EAAE,MAAM,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACnD,oBAAoB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1D,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAG9C,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC5G,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAAC;IACzE,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAGpG,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CAClD,CAAC;AA6DF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,QAAQ,CAAC,MAAM,CAAC,EAAE,cAAc,GAAG,QAAQ,CAouB1D"}
+{"version":3,"file":"workload.d.ts","sourceRoot":"","sources":["../src/workload.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAGhH,OAAO,EAA8B,KAAK,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE7F;;GAEG;AACH,KAAK,kBAAkB,GAAG;IACxB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,WAAW,CAAC,EAAE,kBAAkB,CAAC;IAEjC;;;OAGG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE;QACX,kBAAkB,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACnE,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;KAClE,CAAC;CACH,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,uBAAuB,GAAG,kBAAkB,GAAG;IACzD;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,CAAC;CACvE,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,+BAA+B,GAAG,kBAAkB,GAAG;IACjE;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,wBAAwB,GAAG,kBAAkB,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,cAAc,GAAG,uBAAuB,GAAG,+BAA+B,GAAG,wBAAwB,CAAC;AA2BlH,MAAM,MAAM,QAAQ,GAAG;IACrB,EAAE,CAAC,EAAE,kBAAkB,CAAC;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,MAAM,EAAE,kBAAkB,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,cAAc,GAAG;IAEtC,QAAQ,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9C,YAAY,EAAE,MAAM,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACnD,oBAAoB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1D,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAG9C,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC5G,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC,CAAC;IACzE,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,cAAc,CAAC,YAAY,CAAC,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAGpG,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CAClD,CAAC;AA6DF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,QAAQ,CAAC,MAAM,CAAC,EAAE,cAAc,GAAG,QAAQ,CAiuB1D"}