@enterprisestandard/react 0.0.5-beta.20260115.3 → 0.0.5-beta.20260115.4

package/dist/session-store.d.ts

@@ -1,179 +0,0 @@
-/**
- * Session management for tracking user sessions and enabling backchannel logout.
- *
- * Session stores are optional - the package works with JWT cookies alone.
- * Sessions are only required for backchannel logout functionality.
- *
- * ## Session Validation Strategies
- *
- * When using a session store, you can configure when sessions are validated:
- *
- * ### 'always' (default)
- * Validates session on every authenticated request.
- * - **Security**: Maximum - immediate session revocation
- * - **Performance**: InMemory ~0.00005ms, Redis ~1-2ms per request
- * - **Backchannel Logout**: Takes effect immediately
- * - **Use when**: Security is paramount, using InMemory or Redis backend
- *
- * ### 'refresh-only'
- * Validates session only during token refresh (typically every 5-15 minutes).
- * - **Security**: Good - 5-15 minute revocation window
- * - **Performance**: 99% reduction in session lookups
- * - **Backchannel Logout**: Takes effect within token TTL (5-15 min)
- * - **Use when**: Performance is critical AND delayed revocation is acceptable
- * - **WARNING**: Compromised sessions remain valid until next refresh
- *
- * ### 'disabled'
- * Never validates sessions against the store.
- * - **Security**: None - backchannel logout doesn't work
- * - **Performance**: No overhead
- * - **Use when**: Cookie-only mode without session store
- * - **WARNING**: Do not use with session_store configured
- *
- * ## Performance Characteristics
- *
- * | Backend      | Lookup Time | Impact on Request | Recommendation         |
- * |--------------|-------------|-------------------|------------------------|
- * | InMemory     | <0.00005ms  | Negligible        | Use 'always'           |
- * | Redis        | 1-2ms       | 2-4% increase     | Use 'always' or test   |
- * | Database     | 5-20ms      | 10-40% increase   | Use Redis cache layer  |
- *
- * ## Example Usage
- *
- * ```typescript
- * import { sso, InMemorySessionStore } from '@enterprisestandard/react/server';
- *
- * // Maximum security (default)
- * const secure = sso({
- *   // ... other config
- *   session_store: new InMemorySessionStore(),
- *   session_validation: 'always', // Immediate revocation
- * });
- *
- * // High performance
- * const fast = sso({
- *   // ... other config
- *   session_store: new InMemorySessionStore(),
- *   session_validation: {
- *     strategy: 'refresh-only' // 5-15 min revocation delay
- *   }
- * });
- * ```
- */
-/**
- * Core session data tracked for each authenticated user session.
- *
- * @template TExtended - Type-safe custom data that consumers can add to sessions
- */
-export type Session<TExtended = {}> = {
-    /**
-     * Session ID from the Identity Provider (from `sid` claim in ID token).
-     * This is the unique identifier for the session.
-     */
-    sid: string;
-    /**
-     * Subject identifier (user ID) from the Identity Provider.
-     * From the `sub` claim in the ID token.
-     */
-    sub: string;
-    /**
-     * Timestamp when the session was created.
-     */
-    createdAt: Date;
-    /**
-     * Timestamp of the last activity in this session.
-     * Can be updated to track session activity.
-     */
-    lastActivityAt: Date;
-    /**
-     * Allow consumers to add runtime data to sessions.
-     */
-    [key: string]: unknown;
-} & TExtended;
-/**
- * Abstract interface for session storage backends.
- *
- * Consumers can implement this interface to use different storage backends:
- * - Redis
- * - Database (PostgreSQL, MySQL, etc.)
- * - Distributed cache
- * - Custom solutions
- *
- * @template TExtended - Type-safe custom data that consumers can add to sessions
- *
- * @example
- * ```typescript
- * // Custom session data
- * type MySessionData = {
- *   ipAddress: string;
- *   userAgent: string;
- * };
- *
- * // Implement custom store
- * class RedisSessionStore implements SessionStore<MySessionData> {
- *   async create(session: Session<MySessionData>): Promise<void> {
- *     await redis.set(`session:${session.sid}`, JSON.stringify(session));
- *   }
- *   // ... other methods
- * }
- * ```
- */
-export interface SessionStore<TExtended = {}> {
-    /**
-     * Create a new session in the store.
-     *
-     * @param session - The session data to store
-     * @throws Error if session with same sid already exists
-     */
-    create(session: Session<TExtended>): Promise<void>;
-    /**
-     * Retrieve a session by its IdP session ID (sid).
-     *
-     * @param sid - The session.sid from the Identity Provider
-     * @returns The session if found, null otherwise
-     */
-    get(sid: string): Promise<Session<TExtended> | null>;
-    /**
-     * Update an existing session with partial data.
-     *
-     * Commonly used to update lastActivityAt or add custom fields.
-     *
-     * @param sid - The session.sid to update
-     * @param data - Partial session data to merge
-     * @throws Error if session not found
-     */
-    update(sid: string, data: Partial<Session<TExtended>>): Promise<void>;
-    /**
-     * Delete a session by its IdP session ID (sid).
-     *
-     * Used for both normal logout and backchannel logout flows.
-     *
-     * @param sid - The session.sid to delete
-     */
-    delete(sid: string): Promise<void>;
-}
-/**
- * In-memory session store implementation using Maps.
- *
- * Suitable for:
- * - Development and testing
- * - Single-server deployments
- * - Applications without high availability requirements
- *
- * NOT suitable for:
- * - Multi-server deployments (sessions not shared)
- * - High availability scenarios (sessions lost on restart)
- * - Production applications with distributed architecture
- *
- * For production, implement SessionStore with Redis or a database.
- *
- * @template TExtended - Type-safe custom data that consumers can add to sessions
- */
-export declare class InMemorySessionStore<TExtended = {}> implements SessionStore<TExtended> {
-    private sessions;
-    create(session: Session<TExtended>): Promise<void>;
-    get(sid: string): Promise<Session<TExtended> | null>;
-    update(sid: string, data: Partial<Session<TExtended>>): Promise<void>;
-    delete(sid: string): Promise<void>;
-}
-//# sourceMappingURL=session-store.d.ts.map

package/dist/session-store.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session-store.d.ts","sourceRoot":"","sources":["../src/session-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6DG;AAEH;;;;GAIG;AACH,MAAM,MAAM,OAAO,CAAC,SAAS,GAAG,EAAE,IAAI;IACpC;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,SAAS,EAAE,IAAI,CAAC;IAEhB;;;OAGG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,GAAG,SAAS,CAAC;AAEd;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,WAAW,YAAY,CAAC,SAAS,GAAG,EAAE;IAC1C;;;;;OAKG;IACH,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnD;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;IAErD;;;;;;;;OAQG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtE;;;;;;OAMG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,oBAAoB,CAAC,SAAS,GAAG,EAAE,CAAE,YAAW,YAAY,CAAC,SAAS,CAAC;IAClF,OAAO,CAAC,QAAQ,CAAyC;IAEnD,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAQlD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;IAIpD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAWrE,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGzC"}

package/dist/session-store.js

@@ -1,105 +0,0 @@
-/**
- * Session management for tracking user sessions and enabling backchannel logout.
- *
- * Session stores are optional - the package works with JWT cookies alone.
- * Sessions are only required for backchannel logout functionality.
- *
- * ## Session Validation Strategies
- *
- * When using a session store, you can configure when sessions are validated:
- *
- * ### 'always' (default)
- * Validates session on every authenticated request.
- * - **Security**: Maximum - immediate session revocation
- * - **Performance**: InMemory ~0.00005ms, Redis ~1-2ms per request
- * - **Backchannel Logout**: Takes effect immediately
- * - **Use when**: Security is paramount, using InMemory or Redis backend
- *
- * ### 'refresh-only'
- * Validates session only during token refresh (typically every 5-15 minutes).
- * - **Security**: Good - 5-15 minute revocation window
- * - **Performance**: 99% reduction in session lookups
- * - **Backchannel Logout**: Takes effect within token TTL (5-15 min)
- * - **Use when**: Performance is critical AND delayed revocation is acceptable
- * - **WARNING**: Compromised sessions remain valid until next refresh
- *
- * ### 'disabled'
- * Never validates sessions against the store.
- * - **Security**: None - backchannel logout doesn't work
- * - **Performance**: No overhead
- * - **Use when**: Cookie-only mode without session store
- * - **WARNING**: Do not use with session_store configured
- *
- * ## Performance Characteristics
- *
- * | Backend      | Lookup Time | Impact on Request | Recommendation         |
- * |--------------|-------------|-------------------|------------------------|
- * | InMemory     | <0.00005ms  | Negligible        | Use 'always'           |
- * | Redis        | 1-2ms       | 2-4% increase     | Use 'always' or test   |
- * | Database     | 5-20ms      | 10-40% increase   | Use Redis cache layer  |
- *
- * ## Example Usage
- *
- * ```typescript
- * import { sso, InMemorySessionStore } from '@enterprisestandard/react/server';
- *
- * // Maximum security (default)
- * const secure = sso({
- *   // ... other config
- *   session_store: new InMemorySessionStore(),
- *   session_validation: 'always', // Immediate revocation
- * });
- *
- * // High performance
- * const fast = sso({
- *   // ... other config
- *   session_store: new InMemorySessionStore(),
- *   session_validation: {
- *     strategy: 'refresh-only' // 5-15 min revocation delay
- *   }
- * });
- * ```
- */
-/**
- * In-memory session store implementation using Maps.
- *
- * Suitable for:
- * - Development and testing
- * - Single-server deployments
- * - Applications without high availability requirements
- *
- * NOT suitable for:
- * - Multi-server deployments (sessions not shared)
- * - High availability scenarios (sessions lost on restart)
- * - Production applications with distributed architecture
- *
- * For production, implement SessionStore with Redis or a database.
- *
- * @template TExtended - Type-safe custom data that consumers can add to sessions
- */
-export class InMemorySessionStore {
-    constructor() {
-        this.sessions = new Map();
-    }
-    async create(session) {
-        if (this.sessions.has(session.sid)) {
-            throw new Error(`Session with sid ${session.sid} already exists`);
-        }
-        this.sessions.set(session.sid, session);
-    }
-    async get(sid) {
-        return this.sessions.get(sid) ?? null;
-    }
-    async update(sid, data) {
-        const session = this.sessions.get(sid);
-        if (!session) {
-            throw new Error(`Session with sid ${sid} not found`);
-        }
-        // Merge the update data
-        const updated = { ...session, ...data };
-        this.sessions.set(sid, updated);
-    }
-    async delete(sid) {
-        this.sessions.delete(sid);
-    }
-}

package/dist/sso-server.d.ts

@@ -1,13 +0,0 @@
-import type { EnterpriseStandard } from '.';
-import type { LoginConfig } from './sso';
-/**
- * Helper gets the user from the Request using the supplied EnterpriseStandard or the default instance
- */
-export declare function getUser(request: Request, es?: EnterpriseStandard): Promise<import(".").User | undefined>;
-export declare function getRequiredUser(request: Request, es?: EnterpriseStandard): Promise<import(".").User>;
-export declare function initiateLogin(config: LoginConfig, es?: EnterpriseStandard): Promise<Response>;
-export declare function callback(request: Request, es?: EnterpriseStandard): Promise<Response>;
-export declare function handler(request: Request, es?: EnterpriseStandard): Promise<Response>;
-export * from './tenant-server';
-export * from './workload-server';
-//# sourceMappingURL=sso-server.d.ts.map

package/dist/sso-server.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sso-server.d.ts","sourceRoot":"","sources":["../src/sso-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAezC;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,yCAEtE;AAED,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,6BAI9E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAI/E;AAED,wBAAsB,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAIvE;AAED,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAItE;AAGD,cAAc,iBAAiB,CAAC;AAEhC,cAAc,mBAAmB,CAAC"}

package/dist/sso-server.js

@@ -1,46 +0,0 @@
-import { getES } from './utils.js';
-/**
- * Returns a 503 response indicating that the SSO is unavailable
- */
-function unavailable(error) {
-    error = error ?? 'SSO Unavailable';
-    new Response(JSON.stringify({ error }), {
-        status: 503,
-        statusText: error,
-        headers: { 'Content-Type': 'application/json' },
-    });
-}
-/**
- * Helper gets the user from the Request using the supplied EnterpriseStandard or the default instance
- */
-export async function getUser(request, es) {
-    return getES(es)?.sso.getUser(request);
-}
-export async function getRequiredUser(request, es) {
-    const sso = getES(es)?.sso;
-    if (!sso)
-        throw unavailable();
-    return sso.getRequiredUser(request);
-}
-export async function initiateLogin(config, es) {
-    const sso = getES(es)?.sso;
-    if (!sso)
-        throw unavailable();
-    return sso.initiateLogin(config);
-}
-export async function callback(request, es) {
-    const sso = getES(es)?.sso;
-    if (!sso)
-        throw unavailable();
-    return sso.callbackHandler(request);
-}
-export async function handler(request, es) {
-    es = getES(es);
-    if (!es)
-        throw unavailable();
-    return es.sso.handler(request, es);
-}
-// Tenant server helpers
-export * from './tenant-server.js';
-// Workload server helpers
-export * from './workload-server.js';

package/dist/sso.d.ts

@@ -1,104 +0,0 @@
-import type { EnterpriseStandard } from '.';
-import type { SessionStore } from './session-store';
-import type { IdTokenClaims, OidcCallbackParams, TokenResponse } from './types/oidc-schema';
-import type { StandardSchemaV1 } from './types/standard-schema';
-import type { User } from './types/user';
-import type { UserStore } from './user-store';
-export type SSOConfig<TSessionData = {}, TUserData = {}> = {
-    authority?: string;
-    token_url?: string;
-    authorization_url?: string;
-    client_id?: string;
-    client_secret?: string;
-    redirect_uri?: string;
-    response_type?: 'code';
-    scope?: string;
-    silent_redirect_uri?: string;
-    jwks_uri?: string;
-    cookies_prefix?: string;
-    cookies_path?: string;
-    cookies_secure?: boolean;
-    cookies_same_site?: 'Strict' | 'Lax';
-    end_session_endpoint?: string;
-    revocation_endpoint?: string;
-    session_store?: SessionStore<TSessionData>;
-    /**
-     * Optional handler defaults. These are merged with per-call overrides in
-     * `sso.handler`, with per-call values taking precedence.
-     */
-    loginUrl?: string;
-    userUrl?: string;
-    errorUrl?: string;
-    landingUrl?: string;
-    tokenUrl?: string;
-    refreshUrl?: string;
-    jwksUrl?: string;
-    logoutUrl?: string;
-    logoutBackChannelUrl?: string;
-    validation?: {
-        callbackParams?: StandardSchemaV1<unknown, OidcCallbackParams>;
-        idTokenClaims?: StandardSchemaV1<unknown, IdTokenClaims>;
-        tokenResponse?: StandardSchemaV1<unknown, TokenResponse>;
-    };
-    /**
-     * Optional user store for persisting user profiles from SSO authentication.
-     * When configured, users are automatically stored/updated on each login.
-     */
-    user_store?: UserStore<TUserData>;
-    /**
-     * Enable Just-In-Time (JIT) user provisioning.
-     * When enabled, new users are automatically created in the user_store on their first login.
-     * When disabled (default), only existing users in the user_store are updated on login.
-     * Requires user_store to be configured.
-     * @default false
-     */
-    enable_jit_user_provisioning?: boolean;
-};
-type SSOConfigWithDefaults<TSessionData = {}, TUserData = {}> = SSOConfig<TSessionData, TUserData> & {
-    authority: string;
-    token_url: string;
-    authorization_url: string;
-    client_id: string;
-    redirect_uri: string;
-    response_type: 'code';
-    scope: string;
-    cookies_secure: boolean;
-    cookies_same_site: string;
-    cookies_prefix: string;
-    cookies_path: string;
-};
-export type ESConfig = {
-    es?: EnterpriseStandard;
-};
-export type LoginConfig = {
-    landingUrl: string;
-    errorUrl?: string;
-} & ESConfig;
-export type SSOHandlerConfig = {
-    loginUrl?: string;
-    userUrl?: string;
-    errorUrl?: string;
-    landingUrl?: string;
-    tokenUrl?: string;
-    refreshUrl?: string;
-    jwksUrl?: string;
-    logoutUrl?: string;
-    logoutBackChannelUrl?: string;
-    validation?: {
-        callbackParams?: StandardSchemaV1<unknown, OidcCallbackParams>;
-        idTokenClaims?: StandardSchemaV1<unknown, IdTokenClaims>;
-        tokenResponse?: StandardSchemaV1<unknown, TokenResponse>;
-    };
-} & ESConfig;
-export type SSO<TSessionData = {}, TUserData = {}> = SSOConfigWithDefaults<TSessionData, TUserData> & {
-    getUser: (request: Request) => Promise<User | undefined>;
-    getRequiredUser: (request: Request) => Promise<User>;
-    getJwt: (request: Request) => Promise<string | undefined>;
-    initiateLogin: (config: LoginConfig, requestUrl?: string) => Promise<Response>;
-    logout: (request: Request, config?: LoginConfig) => Promise<Response>;
-    callbackHandler: (request: Request) => Promise<Response>;
-    handler: (request: Request, es?: EnterpriseStandard) => Promise<Response>;
-};
-export declare function sso<TSessionData = {}, TUserData = {}>(config?: SSOConfig<TSessionData, TUserData>): SSO<TSessionData, TUserData>;
-export {};
-//# sourceMappingURL=sso.d.ts.map

package/dist/sso.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sso.d.ts","sourceRoot":"","sources":["../src/sso.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAW,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAE5F,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAc,SAAS,EAAE,MAAM,cAAc,CAAC;AAG1D,MAAM,MAAM,SAAS,CAAC,YAAY,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,IAAI;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,iBAAiB,CAAC,EAAE,QAAQ,GAAG,KAAK,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,aAAa,CAAC,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;IAC3C;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,UAAU,CAAC,EAAE;QACX,cAAc,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAC/D,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzD,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;KAC1D,CAAC;IACF;;;OAGG;IACH,UAAU,CAAC,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IAClC;;;;;;OAMG;IACH,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC,CAAC;AA0BF,KAAK,qBAAqB,CAAC,YAAY,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,IAAI,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG;IACnG,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,EAAE,CAAC,EAAE,kBAAkB,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,QAAQ,CAAC;AAEb,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,UAAU,CAAC,EAAE;QACX,cAAc,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAC/D,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzD,aAAa,CAAC,EAAE,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;KAC1D,CAAC;CACH,GAAG,QAAQ,CAAC;AAEb,MAAM,MAAM,GAAG,CAAC,YAAY,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,IAAI,qBAAqB,CAAC,YAAY,EAAE,SAAS,CAAC,GAAG;IACpG,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC;IACzD,eAAe,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IAC1D,aAAa,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC/E,MAAM,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtE,eAAe,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACzD,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC3E,CAAC;AAIF,wBAAgB,GAAG,CAAC,YAAY,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,EACnD,MAAM,CAAC,EAAE,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,GAC1C,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAk8B9B"}