npm - @ezcoder.dev/sdk - Versions diffs - 1.5.0 → 1.6.0 - Mend

@ezcoder.dev/sdk 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/{DatabaseProvider-BtYMJRqh.d.ts → DatabaseProvider-DRnx_V_u.d.ts} +7 -0
package/dist/analytics/index.js +2 -2
package/dist/auth/index.d.ts +1 -1
package/dist/auth/index.js +2 -2
package/dist/{chunk-HX7IFB7C.js → chunk-L326T7UV.js} +35 -5
package/dist/chunk-L326T7UV.js.map +1 -0
package/dist/chunk-VHKTBOFU.js +124 -0
package/dist/chunk-VHKTBOFU.js.map +1 -0
package/dist/{chunk-RU2GHN7O.js → chunk-WFDQ4YUZ.js} +447 -124
package/dist/chunk-WFDQ4YUZ.js.map +1 -0
package/dist/database/index.d.ts +1 -1
package/dist/database/index.js +9 -8
package/dist/index.d.ts +3 -3
package/dist/index.js +7 -7
package/dist/notifications/index.js +2 -2
package/dist/payments/index.d.ts +1 -1
package/dist/payments/index.js +2 -2
package/dist/roles/index.js +34 -11
package/dist/roles/index.js.map +1 -1
package/dist/storage/index.d.ts +1 -1
package/dist/storage/index.js +2 -2
package/dist/{types-1uP3V_pe.d.ts → types-BET19sj2.d.ts} +1 -0
package/package.json +1 -1
package/dist/chunk-HX7IFB7C.js.map +0 -1
package/dist/chunk-OIAKVQGD.js +0 -389
package/dist/chunk-OIAKVQGD.js.map +0 -1
package/dist/chunk-RU2GHN7O.js.map +0 -1

package/dist/{DatabaseProvider-BtYMJRqh.d.ts → DatabaseProvider-DRnx_V_u.d.ts} RENAMED Viewed

@@ -168,6 +168,13 @@ declare class DatabaseClient {
      * server key → end-user session JWT → public/legacy token → none (origin).
      */
     private _authHeaders;
+    /**
+     * Return a fresh Neon Better Auth session JWT (cached in-memory until ~30s
+     * before its exp), or '' when logged out / unavailable. NEVER throws — a
+     * failure falls through to the anonymous data path. Browser-only by nature
+     * (relies on the HttpOnly session cookie via credentials:'include').
+     */
+    private _neonSessionJwt;
     /** Platform API base — runtime bootstrap wins over the baked value so an
      *  env-less build still reaches the right host. */
     private baseUrl;

package/dist/analytics/index.js CHANGED Viewed

@@ -1,10 +1,10 @@
 import {
   AuthContext
-} from "../chunk-HX7IFB7C.js";
+} from "../chunk-L326T7UV.js";
 import {
   ezcoder,
   ezcoderAuthIntegration
-} from "../chunk-OIAKVQGD.js";
+} from "../chunk-WFDQ4YUZ.js";
 import {
   isSupabaseConfigured,
   supabase

package/dist/auth/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import * as react from 'react';
 import { User, Session } from '@supabase/supabase-js';
-import { U as UserProfile, e as SubscriptionTier } from '../types-1uP3V_pe.js';
+import { U as UserProfile, e as SubscriptionTier } from '../types-BET19sj2.js';
 import { createAuthClient } from 'better-auth/react';
 export { a as isNeonAuthConfigured } from '../config-Cb4MMhGa.js';

package/dist/auth/index.js CHANGED Viewed

@@ -3,8 +3,8 @@ import {
   AuthProvider,
   getNeonAuthClient,
   useAuth
-} from "../chunk-HX7IFB7C.js";
-import "../chunk-OIAKVQGD.js";
+} from "../chunk-L326T7UV.js";
+import "../chunk-WFDQ4YUZ.js";
 import {
   supabase
 } from "../chunk-FPSSXTQG.js";

package/dist/{chunk-HX7IFB7C.js → chunk-L326T7UV.js} RENAMED Viewed

@@ -1,7 +1,9 @@
 import {
+  DatabaseClient,
   ezcoder,
-  ezcoderAuthIntegration
-} from "./chunk-OIAKVQGD.js";
+  ezcoderAuthIntegration,
+  getRuntimeConfig
+} from "./chunk-WFDQ4YUZ.js";
 import {
   isSupabaseConfigured,
   supabase
@@ -29,6 +31,7 @@ function getNeonAuthClient() {
 // src/auth/AuthProvider.tsx
 import { createContext, useContext, useState, useEffect, useCallback, useRef } from "react";
 import { jsx } from "react/jsx-runtime";
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 var NOT_CONFIGURED_MSG = "Authentication is not configured. Ensure EzCoder platform credentials are injected, or connect your own Supabase database in Settings \u2192 Databases.";
 function notConfiguredError() {
   return new Error(NOT_CONFIGURED_MSG);
@@ -107,6 +110,7 @@ function NeonAuthProvider({ children }) {
     if (currentId && currentId !== prevId) {
       ezcoderAuthIntegration.onLogin(mappedUser);
       previousUserIdRef.current = currentId;
+      void fetchProfile(currentId);
     } else if (!currentId && prevId) {
       ezcoderAuthIntegration.onLogout(prevId);
       previousUserIdRef.current = null;
@@ -235,8 +239,34 @@ function NeonAuthProvider({ children }) {
     }
     return { data: null, error: NEON_NOT_SUPPORTED("Updating the password without a reset token") };
   }, [authClient]);
-  const fetchProfile = useCallback(async (_userId) => {
-    return null;
+  const fetchProfile = useCallback(async (userId) => {
+    if (!userId || !UUID_RE.test(userId)) return null;
+    const projectId = env.EZC_PROJECT_ID || getRuntimeConfig()?.projectId || "";
+    if (!projectId) return null;
+    try {
+      const db = new DatabaseClient(supabase, projectId);
+      const result = await db.sql(
+        "SELECT * FROM ezc_ensure_user_setup()"
+      );
+      const row = result?.data?.[0];
+      if (!row) return null;
+      const mapped = {
+        id: String(row.id ?? userId),
+        user_id: row.user_id ?? userId,
+        email: row.email ?? void 0,
+        display_name: row.display_name ?? void 0,
+        avatar_url: row.avatar_url ?? void 0,
+        stripe_customer_id: row.stripe_customer_id ?? void 0,
+        subscription_tier: row.subscription_tier ?? void 0,
+        subscription_status: row.subscription_status ?? void 0,
+        subscription_period_end: row.subscription_period_end ?? void 0
+      };
+      setProfile(mapped);
+      return mapped;
+    } catch (err) {
+      console.warn("[EzCoder SDK] Neon profile fetch failed:", err instanceof Error ? err.message : err);
+      return null;
+    }
   }, []);
   const updateProfile = useCallback(async (_updates) => {
     if (!user) return { data: null, error: new Error("Not authenticated") };
@@ -553,4 +583,4 @@ export {
   AuthProvider,
   useAuth
 };
-//# sourceMappingURL=chunk-HX7IFB7C.js.map
+//# sourceMappingURL=chunk-L326T7UV.js.map

package/dist/chunk-L326T7UV.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/auth/neonAuthClient.ts","../src/auth/AuthProvider.tsx"],"sourcesContent":["import { createAuthClient } from 'better-auth/react';\nimport { env, isNeonAuthConfigured } from '../core/config';\n\n/**\n * Per-project Neon Auth (Better Auth) client.\n *\n * A project uses Neon Auth when `env.NEON_AUTH_URL` (the per-project Better Auth\n * `base_url`, e.g. `https://ep-xxx.neonauth.<region>.aws.neon.tech/neondb/auth`)\n * is injected as `VITE_NEON_AUTH_URL`. When present, the SDK authenticates the\n * generated app against its OWN isolated Neon Auth server rather than the shared\n * tenant Supabase.\n *\n * The client is created lazily so that:\n * - non-Neon projects never instantiate it (zero behavioural change), and\n * - SSR/build passes that import the SDK without a base URL don't throw.\n *\n * This is the official Better Auth React client (`createAuthClient` from\n * `better-auth/react`). It owns token storage and cross-origin session handling;\n * do NOT hand-roll fetch against the Better Auth endpoints.\n */\nexport type NeonAuthClient = ReturnType<typeof createAuthClient>;\n\nlet cachedClient: NeonAuthClient | null = null;\n\n/**\n * Returns the lazily-created Better Auth client, or `null` when Neon Auth is not\n * configured for this project. Callers on the Neon path should treat a `null`\n * return as \"not configured\" and surface a clear error.\n */\nexport function getNeonAuthClient(): NeonAuthClient | null {\n if (!isNeonAuthConfigured || !env.NEON_AUTH_URL) {\n return null;\n }\n if (!cachedClient) {\n cachedClient = createAuthClient({\n baseURL: env.NEON_AUTH_URL,\n });\n }\n return cachedClient;\n}\n\n/** True when this project ships its own per-project Neon Auth server. */\nexport { isNeonAuthConfigured };\n","import { createContext, useContext, useState, useEffect, useCallback, useRef } from 'react';\nimport type { User, Session } from '@supabase/supabase-js';\nimport { supabase, isSupabaseConfigured } from '../core/supabase';\nimport { env, isNeonAuthConfigured } from '../core/config';\nimport { ezcoder, ezcoderAuthIntegration } from '../core/platform';\nimport { getNeonAuthClient } from './neonAuthClient';\nimport { DatabaseClient } from '../database/DatabaseClient';\nimport { getRuntimeConfig } from '../core/bootstrap';\nimport type { UserProfile } from '../core/types';\n\n// Accept only a well-formed UUID before interpolating it into Neon SQL. The id\n// comes from a verified Better Auth session, but we still reject anything that\n// is not a canonical UUID to keep the data-path queries injection-proof.\nconst UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;\n\ninterface AuthResult<T = unknown> {\n data: T | null;\n error: Error | null;\n}\n\ninterface SignUpOptions {\n metadata?: Record<string, unknown>;\n}\n\ninterface SignInWithProviderOptions {\n redirectTo?: string;\n [key: string]: unknown;\n}\n\nexport interface AuthContextType {\n user: User | null;\n profile: UserProfile | null;\n session: Session | null;\n loading: boolean;\n isConfigured: boolean;\n signUp: (email: string, password: string, options?: SignUpOptions) => Promise<AuthResult>;\n signIn: (email: string, password: string) => Promise<AuthResult>;\n signInWithProvider: (provider: string, options?: SignInWithProviderOptions) => Promise<AuthResult>;\n signOut: () => Promise<{ error: Error | null }>;\n resetPassword: (email: string) => Promise<AuthResult>;\n updatePassword: (newPassword: string) => Promise<AuthResult>;\n updateProfile: (updates: Partial<UserProfile>) => Promise<AuthResult>;\n refetchProfile: (userId: string) => Promise<UserProfile | null>;\n}\n\nconst NOT_CONFIGURED_MSG = 'Authentication is not configured. Ensure EzCoder platform credentials are injected, or connect your own Supabase database in Settings → Databases.';\nfunction notConfiguredError() {\n return new Error(NOT_CONFIGURED_MSG);\n}\n\nexport const AuthContext = createContext<AuthContextType>({\n user: null,\n profile: null,\n session: null,\n loading: true,\n isConfigured: false,\n signUp: async () => ({ data: null, error: null }),\n signIn: async () => ({ data: null, error: null }),\n signInWithProvider: async () => ({ data: null, error: null }),\n signOut: async () => ({ error: null }),\n resetPassword: async () => ({ data: null, error: null }),\n updatePassword: async () => ({ data: null, error: null }),\n updateProfile: async () => ({ data: null, error: null }),\n refetchProfile: async () => null,\n});\n\n// ─── Path selector ──────────────────────────────────────────────────────────\n//\n// A project authenticates against its OWN per-project Neon Auth (Better Auth)\n// server when `VITE_NEON_AUTH_URL` is injected. Otherwise it falls back to the\n// existing shared-tenant Supabase path, which is behaviour-preserved verbatim\n// below in `SupabaseAuthProvider`.\nexport function AuthProvider({ children }: { children: React.ReactNode }) {\n if (isNeonAuthConfigured) {\n return <NeonAuthProvider>{children}</NeonAuthProvider>;\n }\n return <SupabaseAuthProvider>{children}</SupabaseAuthProvider>;\n}\n\n// ─── Neon Auth (Better Auth) path ────────────────────────────────────────────\n\n// The Better Auth user shape (subset we rely on). The full object also carries\n// emailVerified, image, role, banned, createdAt, updatedAt, etc.\ninterface BetterAuthUser {\n id?: string;\n email?: string;\n name?: string;\n image?: string | null;\n emailVerified?: boolean;\n role?: string;\n createdAt?: string;\n updatedAt?: string;\n [key: string]: unknown;\n}\n\n/**\n * Normalize a Better Auth user into the SDK's `user` shape. The context type\n * declares `User` (Supabase) for backwards compatibility, so we project the\n * Better Auth fields onto a Supabase-User-compatible object: `id`, `email`, and\n * a `user_metadata` carrying the display name + avatar. Consumers that read\n * `user.id`, `user.email`, or `user.user_metadata.full_name` keep working.\n */\nfunction mapNeonUser(u: BetterAuthUser | null | undefined): User | null {\n if (!u || !u.id) return null;\n const nowIso = new Date().toISOString();\n return {\n id: u.id,\n email: u.email,\n app_metadata: { provider: 'neon-auth', ...(u.role ? { role: u.role } : {}) },\n user_metadata: {\n full_name: u.name,\n name: u.name,\n avatar_url: u.image ?? undefined,\n email_verified: u.emailVerified,\n },\n aud: 'authenticated',\n created_at: u.createdAt || nowIso,\n updated_at: u.updatedAt || nowIso,\n role: u.role,\n } as unknown as User;\n}\n\n/**\n * Project the Better Auth session payload onto the SDK's `session` shape. Better\n * Auth manages the real token + cookie internally; this object exists only so\n * consumers reading `session.user` / truthiness keep working. The bearer token\n * (when exposed by useSession) is surfaced as `access_token` best-effort.\n */\nfunction mapNeonSession(rawSession: unknown, user: User | null): Session | null {\n if (!user) return null;\n const s = (rawSession || {}) as Record<string, unknown>;\n const token =\n (s.token as string | undefined) ||\n ((s.session as Record<string, unknown> | undefined)?.token as string | undefined) ||\n '';\n return {\n access_token: token,\n refresh_token: '',\n token_type: 'bearer',\n expires_in: 0,\n expires_at: undefined,\n user,\n } as unknown as Session;\n}\n\nconst NEON_NOT_SUPPORTED = (feature: string) =>\n new Error(`${feature} is not supported on the Neon Auth path yet.`);\n\nfunction NeonAuthProvider({ children }: { children: React.ReactNode }) {\n const authClient = getNeonAuthClient();\n const [user, setUser] = useState<User | null>(null);\n const [profile, setProfile] = useState<UserProfile | null>(null);\n const [session, setSession] = useState<Session | null>(null);\n const [loading, setLoading] = useState<boolean>(true);\n const previousUserIdRef = useRef<string | null>(null);\n\n // Drive user/session/loading off Better Auth's reactive session hook. The hook\n // is stable across renders and re-renders the provider on auth state changes.\n const sessionState = authClient?.useSession?.() as\n | { data?: { user?: BetterAuthUser; session?: unknown } | null; isPending?: boolean }\n | undefined;\n\n const rawUser = sessionState?.data?.user ?? null;\n const isPending = sessionState?.isPending ?? false;\n\n useEffect(() => {\n const mappedUser = mapNeonUser(rawUser);\n setUser(mappedUser);\n setSession(mapNeonSession(sessionState?.data?.session ?? sessionState?.data ?? null, mappedUser));\n setLoading(Boolean(isPending));\n\n // Fire login/logout analytics on transitions, mirroring the Supabase path.\n const currentId = mappedUser?.id ?? null;\n const prevId = previousUserIdRef.current;\n if (currentId && currentId !== prevId) {\n ezcoderAuthIntegration.onLogin(mappedUser as unknown as { id: string; email?: string });\n previousUserIdRef.current = currentId;\n // Load the profile (subscription_tier etc.) so useSubscription works.\n // Mirrors SupabaseAuthProvider, which calls fetchProfile on SIGNED_IN.\n void fetchProfile(currentId);\n } else if (!currentId && prevId) {\n ezcoderAuthIntegration.onLogout(prevId);\n previousUserIdRef.current = null;\n setProfile(null);\n }\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [rawUser, isPending]);\n\n const signUp = useCallback(async (email: string, password: string, options: SignUpOptions = {}): Promise<AuthResult> => {\n if (!authClient) return { data: null, error: notConfiguredError() };\n const { metadata = {} } = options;\n const name = (metadata.display_name as string | undefined) || (metadata.name as string | undefined) || email;\n try {\n const result = await authClient.signUp.email({ email, password, name });\n const error = (result as { error?: unknown })?.error;\n if (error) {\n return { data: null, error: toError(error, 'Sign up failed') };\n }\n const data = (result as { data?: unknown })?.data ?? result;\n const newUser = (data as { user?: BetterAuthUser })?.user;\n if (newUser?.id) {\n ezcoderAuthIntegration.onSignup({ id: newUser.id, email: newUser.email });\n }\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Sign up failed') };\n }\n }, [authClient]);\n\n const signIn = useCallback(async (email: string, password: string): Promise<AuthResult> => {\n if (!authClient) return { data: null, error: notConfiguredError() };\n try {\n const result = await authClient.signIn.email({ email, password });\n const error = (result as { error?: unknown })?.error;\n if (error) {\n return { data: null, error: toError(error, 'Sign in failed') };\n }\n const data = (result as { data?: unknown })?.data ?? result;\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Sign in failed') };\n }\n }, [authClient]);\n\n const signInWithProvider = useCallback(async (provider: string, options: SignInWithProviderOptions = {}): Promise<AuthResult> => {\n if (!authClient) return { data: null, error: notConfiguredError() };\n try {\n const origin = typeof window !== 'undefined' ? window.location.origin : '';\n const callbackURL = options.redirectTo || origin;\n const framed = typeof window !== 'undefined' && window.self !== window.top;\n const social = provider as 'google' | 'github';\n\n // ── Proxy path ────────────────────────────────────────────────────────\n // When APP_AUTH_PROXY is enabled AND we have the platform coordinates,\n // delegate social login to the central EzCoder auth proxy instead of\n // hitting the per-project Better Auth server directly. The proxy handles\n // the OAuth handshake and redirects back to <app>/auth/callback#code=<singleUse>.\n // AuthCallback.tsx picks up the fragment and completes the sign-in.\n if (env.APP_AUTH_PROXY && env.EZCODER_API_URL && env.EZC_PROJECT_ID) {\n const proxyStartUrl =\n `${env.EZCODER_API_URL.replace(/\\/$/, '')}/api/app-auth/start` +\n `?provider=${encodeURIComponent(provider)}` +\n `&projectId=${encodeURIComponent(env.EZC_PROJECT_ID)}` +\n `&returnUrl=${encodeURIComponent(origin + '/auth/callback')}`;\n\n if (framed && typeof window !== 'undefined') {\n // Open the proxy start URL in a popup so the framed editor preview\n // doesn't try to navigate inside the iframe.\n window.open(proxyStartUrl, 'ezc-auth', 'popup,width=500,height=680');\n return { data: null, error: null };\n }\n\n // Standalone (deployed app / own tab): full-page redirect to the proxy.\n if (typeof window !== 'undefined') {\n window.location.href = proxyStartUrl;\n }\n return { data: null, error: null };\n }\n\n // ── Direct Better Auth path (proxy disabled) ──────────────────────────\n if (framed && typeof window !== 'undefined') {\n // Provider login pages refuse to render inside an iframe (X-Frame-Options /\n // frame-ancestors). Ask Better Auth for the OAuth URL WITHOUT redirecting\n // (disableRedirect) and open it in a popup. The popup completes on the\n // app origin (callbackURL) and the session cookie is set; Better Auth's\n // useSession picks it up here on the next focus/poll. A small focus poke\n // nudges the hook to refetch promptly.\n const result = await authClient.signIn.social({\n provider: social,\n callbackURL,\n disableRedirect: true,\n });\n const error = (result as { error?: unknown })?.error;\n if (error) return { data: null, error: toError(error, 'OAuth sign in failed') };\n const data = (result as { data?: { url?: string } })?.data ?? null;\n const url = data?.url;\n if (url) window.open(url, 'ezc-auth', 'popup,width=500,height=680');\n return { data, error: null };\n }\n\n // Standalone (deployed app / own tab): let Better Auth do the full-page\n // redirect to the provider.\n const result = await authClient.signIn.social({ provider: social, callbackURL });\n const error = (result as { error?: unknown })?.error;\n if (error) return { data: null, error: toError(error, 'OAuth sign in failed') };\n const data = (result as { data?: unknown })?.data ?? null;\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('OAuth sign in failed') };\n }\n }, [authClient]);\n\n const signOut = useCallback(async (): Promise<{ error: Error | null }> => {\n if (!authClient) return { error: notConfiguredError() };\n const userId = user?.id;\n try {\n const result = await authClient.signOut();\n const error = (result as { error?: unknown })?.error;\n if (error) return { error: toError(error, 'Sign out failed') };\n if (userId) ezcoder.users.trackLogout(userId);\n return { error: null };\n } catch (err: unknown) {\n return { error: err instanceof Error ? err : new Error('Sign out failed') };\n }\n }, [authClient, user]);\n\n const resetPassword = useCallback(async (email: string): Promise<AuthResult> => {\n if (!authClient) return { data: null, error: notConfiguredError() };\n // Better Auth renamed `forgetPassword` → `requestPasswordReset`. Support both\n // so the SDK works regardless of the server's Better Auth version.\n const client = authClient as unknown as {\n requestPasswordReset?: (args: { email: string; redirectTo?: string }) => Promise<unknown>;\n forgetPassword?: (args: { email: string; redirectTo?: string }) => Promise<unknown>;\n };\n const redirectTo = `${typeof window !== 'undefined' ? window.location.origin : ''}/auth/reset-password`;\n const fn = client.requestPasswordReset || client.forgetPassword;\n if (!fn) {\n return { data: null, error: NEON_NOT_SUPPORTED('Password reset') };\n }\n try {\n const result = await fn({ email, redirectTo });\n const error = (result as { error?: unknown })?.error;\n if (error) return { data: null, error: toError(error, 'Password reset failed') };\n const data = (result as { data?: unknown })?.data ?? result;\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Password reset failed') };\n }\n }, [authClient]);\n\n const updatePassword = useCallback(async (newPassword: string): Promise<AuthResult> => {\n if (!authClient) return { data: null, error: notConfiguredError() };\n // Two distinct Better Auth operations land here:\n // - `resetPassword({ newPassword, token })` after a reset-email link (token in URL)\n // - `changePassword({ newPassword, currentPassword })` for a logged-in user\n // We only have the new password, so we use the token-based reset when a\n // reset token is present in the URL; otherwise there is no safe call to make\n // (changePassword requires the current password we don't have).\n const token = typeof window !== 'undefined'\n ? new URLSearchParams(window.location.search).get('token') ||\n new URLSearchParams(window.location.search).get('reset_token')\n : null;\n const client = authClient as unknown as {\n resetPassword?: (args: { newPassword: string; token: string }) => Promise<unknown>;\n };\n if (token && client.resetPassword) {\n try {\n const result = await client.resetPassword({ newPassword, token });\n const error = (result as { error?: unknown })?.error;\n if (error) return { data: null, error: toError(error, 'Password update failed') };\n const data = (result as { data?: unknown })?.data ?? result;\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Password update failed') };\n }\n }\n // TODO(neon-auth): wire changePassword once the UI can collect the current\n // password (Better Auth changePassword requires { newPassword, currentPassword }).\n return { data: null, error: NEON_NOT_SUPPORTED('Updating the password without a reset token') };\n }, [authClient]);\n\n // Read the end user's profile from the project's Neon `public.user_profiles`\n // via the platform DB path (DatabaseClient → /api/platform/db proxy). The\n // bearer is the Neon session JWT minted in DatabaseClient._authHeaders, so the\n // query runs under the end user's identity (RLS). We FIRST call\n // ezc_ensure_user_setup() (idempotent — creates the profile + default role on\n // first login), THEN read the row. Returns null gracefully on any error (the\n // Neon path never throws here — auth must not break if the DB read fails).\n const fetchProfile = useCallback(async (userId: string): Promise<UserProfile | null> => {\n if (!userId || !UUID_RE.test(userId)) return null;\n const projectId = env.EZC_PROJECT_ID || getRuntimeConfig()?.projectId || '';\n if (!projectId) return null;\n try {\n const db = new DatabaseClient(supabase, projectId);\n // ONE idempotent call: ezc_ensure_user_setup() creates the profile + default/owner role\n // on first login AND returns the caller's full profile row + role. NO user id is\n // interpolated and the client SQL never references the (forbidden) auth schema — the\n // function reads the current user from the server-set auth.user_id() GUC internally.\n const result = await db.sql<Record<string, unknown>>(\n 'SELECT * FROM ezc_ensure_user_setup()'\n );\n const row = result?.data?.[0];\n if (!row) return null;\n const mapped: UserProfile = {\n id: String(row.id ?? userId),\n user_id: (row.user_id as string | undefined) ?? userId,\n email: (row.email as string | undefined) ?? undefined,\n display_name: (row.display_name as string | undefined) ?? undefined,\n avatar_url: (row.avatar_url as string | undefined) ?? undefined,\n stripe_customer_id: (row.stripe_customer_id as string | undefined) ?? undefined,\n subscription_tier: (row.subscription_tier as string | undefined) ?? undefined,\n subscription_status: (row.subscription_status as string | undefined) ?? undefined,\n subscription_period_end: (row.subscription_period_end as string | undefined) ?? undefined,\n };\n setProfile(mapped);\n return mapped;\n } catch (err: unknown) {\n console.warn('[EzCoder SDK] Neon profile fetch failed:', err instanceof Error ? err.message : err);\n return null;\n }\n }, []);\n\n const updateProfile = useCallback(async (_updates: Partial<UserProfile>): Promise<AuthResult> => {\n if (!user) return { data: null, error: new Error('Not authenticated') };\n return { data: null, error: NEON_NOT_SUPPORTED('Updating the profile') };\n }, [user]);\n\n const value: AuthContextType = {\n user,\n profile,\n session,\n loading,\n isConfigured: Boolean(authClient),\n signUp,\n signIn,\n signInWithProvider,\n signOut,\n resetPassword,\n updatePassword,\n updateProfile,\n refetchProfile: fetchProfile,\n };\n\n return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;\n}\n\nfunction toError(error: unknown, fallback: string): Error {\n if (error instanceof Error) return error;\n if (error && typeof error === 'object') {\n const msg = (error as { message?: string; statusText?: string }).message\n || (error as { statusText?: string }).statusText;\n if (msg) return new Error(msg);\n }\n if (typeof error === 'string') return new Error(error);\n return new Error(fallback);\n}\n\n// ─── Supabase path (UNCHANGED behaviour) ─────────────────────────────────────\n\nfunction SupabaseAuthProvider({ children }: { children: React.ReactNode }) {\n const [user, setUser] = useState<User | null>(null);\n const [profile, setProfile] = useState<UserProfile | null>(null);\n const [session, setSession] = useState<Session | null>(null);\n const [loading, setLoading] = useState<boolean>(true);\n const previousUserIdRef = useRef<string | null>(null);\n\n const fetchProfile = useCallback(async (userId: string): Promise<UserProfile | null> => {\n if (!userId) return null;\n\n try {\n let query = supabase\n .from('user_profiles')\n .select('*')\n .eq('id', userId);\n\n if (env.EZC_PROJECT_ID) {\n query = query.eq('project_id', env.EZC_PROJECT_ID);\n }\n\n const result = await query.single();\n\n const { data, error } = result || { data: null, error: null };\n\n if (error) {\n return null;\n }\n\n setProfile(data as UserProfile);\n return data as UserProfile;\n } catch {\n return null;\n }\n }, []);\n\n // SEC-1: bind the end-user to THIS project server-side (authoritative; app_metadata\n // is service-role-only). OAuth users have no signup metadata so the migration-226\n // trigger can't bind them — this is what stops migration 227 from locking them out.\n // No-ops if already bound. Non-blocking.\n const bindProjectIfNeeded = useCallback(async (currentUser: User | null): Promise<void> => {\n if (!currentUser || !env.EZC_PROJECT_ID || !env.EZCODER_API_URL) return;\n const appMeta = currentUser.app_metadata as Record<string, unknown> | undefined;\n if (appMeta?.bound_project_id) return;\n try {\n const { data } = await supabase.auth.getSession();\n const token = data?.session?.access_token;\n if (!token) return;\n const res = await fetch(`${env.EZCODER_API_URL.replace(/\\/$/, '')}/api/managed-auth/bind`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n ...(env.EZC_PROJECT_TOKEN_PUBLIC ? { Authorization: `Bearer ${env.EZC_PROJECT_TOKEN_PUBLIC}` } : {}),\n 'X-EZC-User-Token': token,\n },\n body: JSON.stringify({ projectId: env.EZC_PROJECT_ID }),\n });\n const j = await res.json().catch(() => ({}));\n if (j?.changed) {\n // The new bound_project_id claim only appears after a token refresh.\n await supabase.auth.refreshSession();\n }\n } catch {\n // non-blocking — login still works; binding reconciles on next load / via backfill\n }\n }, []);\n\n useEffect(() => {\n supabase.auth.getSession().then(async ({ data: { session: initialSession } }) => {\n setSession(initialSession);\n setUser(initialSession?.user ?? null);\n\n if (initialSession?.user) {\n await fetchProfile(initialSession.user.id);\n bindProjectIfNeeded(initialSession.user);\n }\n\n setLoading(false);\n });\n\n const {\n data: { subscription },\n } = supabase.auth.onAuthStateChange(async (event, currentSession) => {\n setSession(currentSession);\n setUser(currentSession?.user ?? null);\n\n if (event === 'SIGNED_IN' && currentSession?.user) {\n await fetchProfile(currentSession.user.id);\n bindProjectIfNeeded(currentSession.user);\n ezcoderAuthIntegration.onLogin(currentSession.user);\n previousUserIdRef.current = currentSession.user.id;\n } else if (event === 'SIGNED_OUT') {\n setProfile(null);\n if (previousUserIdRef.current) {\n ezcoderAuthIntegration.onLogout(previousUserIdRef.current);\n previousUserIdRef.current = null;\n }\n } else if (event === 'USER_UPDATED' && currentSession?.user) {\n ezcoder.analytics.identify(currentSession.user.id, {\n email: currentSession.user.email,\n name: currentSession.user.user_metadata?.full_name,\n });\n }\n });\n\n // In-editor popup sign-in: the /auth/callback popup postMessages on completion;\n // the storage event is a same-origin fallback for the popup's localStorage write.\n const refreshFromExternal = () => {\n supabase.auth.getSession().then(({ data }) => {\n const s = data?.session ?? null;\n setSession(s);\n setUser(s?.user ?? null);\n if (s?.user) { fetchProfile(s.user.id); bindProjectIfNeeded(s.user); }\n });\n };\n const onMsg = (e: MessageEvent) => { if (e?.data?.type === 'ezc-auth-complete') refreshFromExternal(); };\n const onStorage = (e: StorageEvent) => { if (e.key && /auth-token/.test(e.key)) refreshFromExternal(); };\n if (typeof window !== 'undefined') {\n window.addEventListener('message', onMsg);\n window.addEventListener('storage', onStorage);\n }\n\n return () => {\n subscription.unsubscribe();\n if (typeof window !== 'undefined') {\n window.removeEventListener('message', onMsg);\n window.removeEventListener('storage', onStorage);\n }\n };\n }, [fetchProfile, bindProjectIfNeeded]);\n\n const signUp = useCallback(async (email: string, password: string, options: SignUpOptions = {}): Promise<AuthResult> => {\n if (!isSupabaseConfigured) {\n return { data: null, error: notConfiguredError() };\n }\n const { metadata = {} } = options;\n\n try {\n const signUpMetadata = { ...metadata };\n if (env.EZC_PROJECT_ID) {\n signUpMetadata.project_id = env.EZC_PROJECT_ID;\n signUpMetadata.bound_project_id = env.EZC_PROJECT_ID;\n }\n\n const result = await supabase.auth.signUp({\n email,\n password,\n options: { data: signUpMetadata },\n });\n\n const { data, error } = result || { data: null, error: new Error('Sign up failed') };\n\n if (error) {\n return { data: null, error };\n }\n\n if (data?.user) {\n const profileData: Record<string, unknown> = {\n id: data.user.id,\n email,\n };\n if (metadata.display_name) {\n profileData.display_name = metadata.display_name;\n }\n if (env.EZC_PROJECT_ID) {\n profileData.project_id = env.EZC_PROJECT_ID;\n }\n if (metadata.display_name || env.EZC_PROJECT_ID) {\n await supabase.from('user_profiles').upsert(profileData);\n }\n try {\n await supabase.rpc('assign_default_role', { user_uuid: data.user.id });\n } catch {\n // Non-blocking — role tables may not exist in all projects\n }\n ezcoderAuthIntegration.onSignup(data.user);\n }\n\n return { data, error: null };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Sign up failed') };\n }\n }, []);\n\n const signIn = useCallback(async (email: string, password: string): Promise<AuthResult> => {\n if (!isSupabaseConfigured) {\n return { data: null, error: notConfiguredError() };\n }\n try {\n const result = await supabase.auth.signInWithPassword({ email, password });\n const { data, error } = result || { data: null, error: new Error('Sign in failed') };\n return { data, error };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Sign in failed') };\n }\n }, []);\n\n const signInWithProvider = useCallback(async (provider: string, options: SignInWithProviderOptions = {}): Promise<AuthResult> => {\n if (!isSupabaseConfigured) {\n return { data: null, error: notConfiguredError() };\n }\n try {\n const provider2 = provider as 'google' | 'github' | 'facebook' | 'apple' | 'twitter';\n const origin = typeof window !== 'undefined' ? window.location.origin : '';\n const framed = typeof window !== 'undefined' && window.self !== window.top;\n\n if (framed && typeof window !== 'undefined') {\n // Provider login pages refuse to render inside an iframe (X-Frame-Options /\n // frame-ancestors), so we cannot do a full-page redirect in the editor preview.\n // Open the flow in a popup; the /auth/callback page completes PKCE and\n // postMessages back (storage event is the fallback). Land on the callback route.\n const redirectTo = options.redirectTo || (origin ? `${origin}/auth/callback` : '');\n const result = await supabase.auth.signInWithOAuth({\n provider: provider2,\n options: { redirectTo, skipBrowserRedirect: true, ...options },\n });\n if (result?.error) return { data: null, error: result.error };\n const url = (result?.data as { url?: string } | null)?.url;\n if (url) window.open(url, 'ezc-auth', 'popup,width=500,height=680');\n return { data: result?.data ?? null, error: null };\n }\n\n // Standalone (deployed app / own tab): full-page redirect. Default to the app\n // origin (root) so apps without a scaffolded callback route still complete via\n // detectSessionInUrl; new apps pass /auth/callback explicitly.\n const result = await supabase.auth.signInWithOAuth({\n provider: provider2,\n options: {\n redirectTo: options.redirectTo || origin,\n ...options,\n },\n });\n const { data, error } = result || { data: null, error: new Error('OAuth sign in failed') };\n return { data, error };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('OAuth sign in failed') };\n }\n }, []);\n\n const signOut = useCallback(async (): Promise<{ error: Error | null }> => {\n const userId = user?.id;\n try {\n const result = await supabase.auth.signOut();\n const { error } = result || { error: null };\n if (!error && userId) {\n ezcoder.users.trackLogout(userId);\n }\n return { error };\n } catch (err: unknown) {\n return { error: err instanceof Error ? err : new Error('Sign out failed') };\n }\n }, [user]);\n\n const resetPassword = useCallback(async (email: string): Promise<AuthResult> => {\n try {\n const result = await supabase.auth.resetPasswordForEmail(email, {\n redirectTo: `${typeof window !== 'undefined' ? window.location.origin : ''}/auth/reset-password`,\n });\n const { data, error } = result || { data: null, error: new Error('Password reset failed') };\n return { data, error };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Password reset failed') };\n }\n }, []);\n\n // Set a new password. Used on the /auth/reset-password landing page, where the\n // recovery link has already established a (recovery) session via detectSessionInUrl.\n const updatePassword = useCallback(async (newPassword: string): Promise<AuthResult> => {\n if (!isSupabaseConfigured) {\n return { data: null, error: notConfiguredError() };\n }\n try {\n const result = await supabase.auth.updateUser({ password: newPassword });\n const { data, error } = result || { data: null, error: new Error('Password update failed') };\n return { data, error };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Password update failed') };\n }\n }, []);\n\n const updateProfile = useCallback(\n async (updates: Partial<UserProfile>): Promise<AuthResult> => {\n if (!user) {\n return { data: null, error: new Error('Not authenticated') };\n }\n try {\n let query = supabase\n .from('user_profiles')\n .update(updates)\n .eq('id', user.id);\n\n if (env.EZC_PROJECT_ID) {\n query = query.eq('project_id', env.EZC_PROJECT_ID);\n }\n\n const result = await query.select().single();\n const { data, error } = result || { data: null, error: null };\n return { data, error };\n } catch (err: unknown) {\n return { data: null, error: err instanceof Error ? err : new Error('Update failed') };\n }\n },\n [user]\n );\n\n const value: AuthContextType = {\n user,\n profile,\n session,\n loading,\n isConfigured: isSupabaseConfigured,\n signUp,\n signIn,\n signInWithProvider,\n signOut,\n resetPassword,\n updatePassword,\n updateProfile,\n refetchProfile: fetchProfile,\n };\n\n return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;\n}\n\nexport function useAuth(): AuthContextType {\n const context = useContext(AuthContext);\n if (context === undefined) {\n throw new Error('useAuth must be used within an AuthProvider');\n }\n return context;\n}\n\nexport type { AuthResult, SignUpOptions, SignInWithProviderOptions };\n"],"mappings":";;;;;;;;;;;;;;;;AAAA,SAAS,wBAAwB;AAsBjC,IAAI,eAAsC;AAOnC,SAAS,oBAA2C;AACzD,MAAI,CAAC,wBAAwB,CAAC,IAAI,eAAe;AAC/C,WAAO;AAAA,EACT;AACA,MAAI,CAAC,cAAc;AACjB,mBAAe,iBAAiB;AAAA,MAC9B,SAAS,IAAI;AAAA,IACf,CAAC;AAAA,EACH;AACA,SAAO;AACT;;;ACvCA,SAAS,eAAe,YAAY,UAAU,WAAW,aAAa,cAAc;AA0EzE;AA7DX,IAAM,UAAU;AAgChB,IAAM,qBAAqB;AAC3B,SAAS,qBAAqB;AAC5B,SAAO,IAAI,MAAM,kBAAkB;AACrC;AAEO,IAAM,cAAc,cAA+B;AAAA,EACxD,MAAM;AAAA,EACN,SAAS;AAAA,EACT,SAAS;AAAA,EACT,SAAS;AAAA,EACT,cAAc;AAAA,EACd,QAAQ,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EAC/C,QAAQ,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EAC/C,oBAAoB,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EAC3D,SAAS,aAAa,EAAE,OAAO,KAAK;AAAA,EACpC,eAAe,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EACtD,gBAAgB,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EACvD,eAAe,aAAa,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,EACtD,gBAAgB,YAAY;AAC9B,CAAC;AAQM,SAAS,aAAa,EAAE,SAAS,GAAkC;AACxE,MAAI,sBAAsB;AACxB,WAAO,oBAAC,oBAAkB,UAAS;AAAA,EACrC;AACA,SAAO,oBAAC,wBAAsB,UAAS;AACzC;AAyBA,SAAS,YAAY,GAAmD;AACtE,MAAI,CAAC,KAAK,CAAC,EAAE,GAAI,QAAO;AACxB,QAAM,UAAS,oBAAI,KAAK,GAAE,YAAY;AACtC,SAAO;AAAA,IACL,IAAI,EAAE;AAAA,IACN,OAAO,EAAE;AAAA,IACT,cAAc,EAAE,UAAU,aAAa,GAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,CAAC,EAAG;AAAA,IAC3E,eAAe;AAAA,MACb,WAAW,EAAE;AAAA,MACb,MAAM,EAAE;AAAA,MACR,YAAY,EAAE,SAAS;AAAA,MACvB,gBAAgB,EAAE;AAAA,IACpB;AAAA,IACA,KAAK;AAAA,IACL,YAAY,EAAE,aAAa;AAAA,IAC3B,YAAY,EAAE,aAAa;AAAA,IAC3B,MAAM,EAAE;AAAA,EACV;AACF;AAQA,SAAS,eAAe,YAAqB,MAAmC;AAC9E,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,IAAK,cAAc,CAAC;AAC1B,QAAM,QACH,EAAE,SACD,EAAE,SAAiD,SACrD;AACF,SAAO;AAAA,IACL,cAAc;AAAA,IACd,eAAe;AAAA,IACf,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ,YAAY;AAAA,IACZ;AAAA,EACF;AACF;AAEA,IAAM,qBAAqB,CAAC,YAC1B,IAAI,MAAM,GAAG,OAAO,8CAA8C;AAEpE,SAAS,iBAAiB,EAAE,SAAS,GAAkC;AACrE,QAAM,aAAa,kBAAkB;AACrC,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAA6B,IAAI;AAC/D,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,SAAS,UAAU,IAAI,SAAkB,IAAI;AACpD,QAAM,oBAAoB,OAAsB,IAAI;AAIpD,QAAM,eAAe,YAAY,aAAa;AAI9C,QAAM,UAAU,cAAc,MAAM,QAAQ;AAC5C,QAAM,YAAY,cAAc,aAAa;AAE7C,YAAU,MAAM;AACd,UAAM,aAAa,YAAY,OAAO;AACtC,YAAQ,UAAU;AAClB,eAAW,eAAe,cAAc,MAAM,WAAW,cAAc,QAAQ,MAAM,UAAU,CAAC;AAChG,eAAW,QAAQ,SAAS,CAAC;AAG7B,UAAM,YAAY,YAAY,MAAM;AACpC,UAAM,SAAS,kBAAkB;AACjC,QAAI,aAAa,cAAc,QAAQ;AACrC,6BAAuB,QAAQ,UAAuD;AACtF,wBAAkB,UAAU;AAG5B,WAAK,aAAa,SAAS;AAAA,IAC7B,WAAW,CAAC,aAAa,QAAQ;AAC/B,6BAAuB,SAAS,MAAM;AACtC,wBAAkB,UAAU;AAC5B,iBAAW,IAAI;AAAA,IACjB;AAAA,EAEF,GAAG,CAAC,SAAS,SAAS,CAAC;AAEvB,QAAM,SAAS,YAAY,OAAO,OAAe,UAAkB,UAAyB,CAAC,MAA2B;AACtH,QAAI,CAAC,WAAY,QAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAClE,UAAM,EAAE,WAAW,CAAC,EAAE,IAAI;AAC1B,UAAM,OAAQ,SAAS,gBAAwC,SAAS,QAA+B;AACvG,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,OAAO,MAAM,EAAE,OAAO,UAAU,KAAK,CAAC;AACtE,YAAM,QAAS,QAAgC;AAC/C,UAAI,OAAO;AACT,eAAO,EAAE,MAAM,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE;AAAA,MAC/D;AACA,YAAM,OAAQ,QAA+B,QAAQ;AACrD,YAAM,UAAW,MAAoC;AACrD,UAAI,SAAS,IAAI;AACf,+BAAuB,SAAS,EAAE,IAAI,QAAQ,IAAI,OAAO,QAAQ,MAAM,CAAC;AAAA,MAC1E;AACA,aAAO,EAAE,MAAM,OAAO,KAAK;AAAA,IAC7B,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,gBAAgB,EAAE;AAAA,IACvF;AAAA,EACF,GAAG,CAAC,UAAU,CAAC;AAEf,QAAM,SAAS,YAAY,OAAO,OAAe,aAA0C;AACzF,QAAI,CAAC,WAAY,QAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAClE,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,OAAO,MAAM,EAAE,OAAO,SAAS,CAAC;AAChE,YAAM,QAAS,QAAgC;AAC/C,UAAI,OAAO;AACT,eAAO,EAAE,MAAM,MAAM,OAAO,QAAQ,OAAO,gBAAgB,EAAE;AAAA,MAC/D;AACA,YAAM,OAAQ,QAA+B,QAAQ;AACrD,aAAO,EAAE,MAAM,OAAO,KAAK;AAAA,IAC7B,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,gBAAgB,EAAE;AAAA,IACvF;AAAA,EACF,GAAG,CAAC,UAAU,CAAC;AAEf,QAAM,qBAAqB,YAAY,OAAO,UAAkB,UAAqC,CAAC,MAA2B;AAC/H,QAAI,CAAC,WAAY,QAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAClE,QAAI;AACF,YAAM,SAAS,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AACxE,YAAM,cAAc,QAAQ,cAAc;AAC1C,YAAM,SAAS,OAAO,WAAW,eAAe,OAAO,SAAS,OAAO;AACvE,YAAM,SAAS;AAQf,UAAI,IAAI,kBAAkB,IAAI,mBAAmB,IAAI,gBAAgB;AACnE,cAAM,gBACJ,GAAG,IAAI,gBAAgB,QAAQ,OAAO,EAAE,CAAC,gCAC5B,mBAAmB,QAAQ,CAAC,cAC3B,mBAAmB,IAAI,cAAc,CAAC,cACtC,mBAAmB,SAAS,gBAAgB,CAAC;AAE7D,YAAI,UAAU,OAAO,WAAW,aAAa;AAG3C,iBAAO,KAAK,eAAe,YAAY,4BAA4B;AACnE,iBAAO,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,QACnC;AAGA,YAAI,OAAO,WAAW,aAAa;AACjC,iBAAO,SAAS,OAAO;AAAA,QACzB;AACA,eAAO,EAAE,MAAM,MAAM,OAAO,KAAK;AAAA,MACnC;AAGA,UAAI,UAAU,OAAO,WAAW,aAAa;AAO3C,cAAMA,UAAS,MAAM,WAAW,OAAO,OAAO;AAAA,UAC5C,UAAU;AAAA,UACV;AAAA,UACA,iBAAiB;AAAA,QACnB,CAAC;AACD,cAAMC,SAASD,SAAgC;AAC/C,YAAIC,OAAO,QAAO,EAAE,MAAM,MAAM,OAAO,QAAQA,QAAO,sBAAsB,EAAE;AAC9E,cAAMC,QAAQF,SAAwC,QAAQ;AAC9D,cAAM,MAAME,OAAM;AAClB,YAAI,IAAK,QAAO,KAAK,KAAK,YAAY,4BAA4B;AAClE,eAAO,EAAE,MAAAA,OAAM,OAAO,KAAK;AAAA,MAC7B;AAIA,YAAM,SAAS,MAAM,WAAW,OAAO,OAAO,EAAE,UAAU,QAAQ,YAAY,CAAC;AAC/E,YAAM,QAAS,QAAgC;AAC/C,UAAI,MAAO,QAAO,EAAE,MAAM,MAAM,OAAO,QAAQ,OAAO,sBAAsB,EAAE;AAC9E,YAAM,OAAQ,QAA+B,QAAQ;AACrD,aAAO,EAAE,MAAM,OAAO,KAAK;AAAA,IAC7B,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,sBAAsB,EAAE;AAAA,IAC7F;AAAA,EACF,GAAG,CAAC,UAAU,CAAC;AAEf,QAAM,UAAU,YAAY,YAA8C;AACxE,QAAI,CAAC,WAAY,QAAO,EAAE,OAAO,mBAAmB,EAAE;AACtD,UAAM,SAAS,MAAM;AACrB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,QAAQ;AACxC,YAAM,QAAS,QAAgC;AAC/C,UAAI,MAAO,QAAO,EAAE,OAAO,QAAQ,OAAO,iBAAiB,EAAE;AAC7D,UAAI,OAAQ,SAAQ,MAAM,YAAY,MAAM;AAC5C,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB,SAAS,KAAc;AACrB,aAAO,EAAE,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,iBAAiB,EAAE;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,YAAY,IAAI,CAAC;AAErB,QAAM,gBAAgB,YAAY,OAAO,UAAuC;AAC9E,QAAI,CAAC,WAAY,QAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAGlE,UAAM,SAAS;AAIf,UAAM,aAAa,GAAG,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS,EAAE;AACjF,UAAM,KAAK,OAAO,wBAAwB,OAAO;AACjD,QAAI,CAAC,IAAI;AACP,aAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,gBAAgB,EAAE;AAAA,IACnE;AACA,QAAI;AACF,YAAM,SAAS,MAAM,GAAG,EAAE,OAAO,WAAW,CAAC;AAC7C,YAAM,QAAS,QAAgC;AAC/C,UAAI,MAAO,QAAO,EAAE,MAAM,MAAM,OAAO,QAAQ,OAAO,uBAAuB,EAAE;AAC/E,YAAM,OAAQ,QAA+B,QAAQ;AACrD,aAAO,EAAE,MAAM,OAAO,KAAK;AAAA,IAC7B,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,uBAAuB,EAAE;AAAA,IAC9F;AAAA,EACF,GAAG,CAAC,UAAU,CAAC;AAEf,QAAM,iBAAiB,YAAY,OAAO,gBAA6C;AACrF,QAAI,CAAC,WAAY,QAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAOlE,UAAM,QAAQ,OAAO,WAAW,cAC5B,IAAI,gBAAgB,OAAO,SAAS,MAAM,EAAE,IAAI,OAAO,KACvD,IAAI,gBAAgB,OAAO,SAAS,MAAM,EAAE,IAAI,aAAa,IAC7D;AACJ,UAAM,SAAS;AAGf,QAAI,SAAS,OAAO,eAAe;AACjC,UAAI;AACF,cAAM,SAAS,MAAM,OAAO,cAAc,EAAE,aAAa,MAAM,CAAC;AAChE,cAAM,QAAS,QAAgC;AAC/C,YAAI,MAAO,QAAO,EAAE,MAAM,MAAM,OAAO,QAAQ,OAAO,wBAAwB,EAAE;AAChF,cAAM,OAAQ,QAA+B,QAAQ;AACrD,eAAO,EAAE,MAAM,OAAO,KAAK;AAAA,MAC7B,SAAS,KAAc;AACrB,eAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,wBAAwB,EAAE;AAAA,MAC/F;AAAA,IACF;AAGA,WAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,6CAA6C,EAAE;AAAA,EAChG,GAAG,CAAC,UAAU,CAAC;AASf,QAAM,eAAe,YAAY,OAAO,WAAgD;AACtF,QAAI,CAAC,UAAU,CAAC,QAAQ,KAAK,MAAM,EAAG,QAAO;AAC7C,UAAM,YAAY,IAAI,kBAAkB,iBAAiB,GAAG,aAAa;AACzE,QAAI,CAAC,UAAW,QAAO;AACvB,QAAI;AACF,YAAM,KAAK,IAAI,eAAe,UAAU,SAAS;AAKjD,YAAM,SAAS,MAAM,GAAG;AAAA,QACtB;AAAA,MACF;AACA,YAAM,MAAM,QAAQ,OAAO,CAAC;AAC5B,UAAI,CAAC,IAAK,QAAO;AACjB,YAAM,SAAsB;AAAA,QAC1B,IAAI,OAAO,IAAI,MAAM,MAAM;AAAA,QAC3B,SAAU,IAAI,WAAkC;AAAA,QAChD,OAAQ,IAAI,SAAgC;AAAA,QAC5C,cAAe,IAAI,gBAAuC;AAAA,QAC1D,YAAa,IAAI,cAAqC;AAAA,QACtD,oBAAqB,IAAI,sBAA6C;AAAA,QACtE,mBAAoB,IAAI,qBAA4C;AAAA,QACpE,qBAAsB,IAAI,uBAA8C;AAAA,QACxE,yBAA0B,IAAI,2BAAkD;AAAA,MAClF;AACA,iBAAW,MAAM;AACjB,aAAO;AAAA,IACT,SAAS,KAAc;AACrB,cAAQ,KAAK,4CAA4C,eAAe,QAAQ,IAAI,UAAU,GAAG;AACjG,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB,YAAY,OAAO,aAAwD;AAC/F,QAAI,CAAC,KAAM,QAAO,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,mBAAmB,EAAE;AACtE,WAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,sBAAsB,EAAE;AAAA,EACzE,GAAG,CAAC,IAAI,CAAC;AAET,QAAM,QAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc,QAAQ,UAAU;AAAA,IAChC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,EAClB;AAEA,SAAO,oBAAC,YAAY,UAAZ,EAAqB,OAAe,UAAS;AACvD;AAEA,SAAS,QAAQ,OAAgB,UAAyB;AACxD,MAAI,iBAAiB,MAAO,QAAO;AACnC,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,UAAM,MAAO,MAAoD,WAC3D,MAAkC;AACxC,QAAI,IAAK,QAAO,IAAI,MAAM,GAAG;AAAA,EAC/B;AACA,MAAI,OAAO,UAAU,SAAU,QAAO,IAAI,MAAM,KAAK;AACrD,SAAO,IAAI,MAAM,QAAQ;AAC3B;AAIA,SAAS,qBAAqB,EAAE,SAAS,GAAkC;AACzE,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAA6B,IAAI;AAC/D,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,SAAS,UAAU,IAAI,SAAkB,IAAI;AACpD,QAAM,oBAAoB,OAAsB,IAAI;AAEpD,QAAM,eAAe,YAAY,OAAO,WAAgD;AACtF,QAAI,CAAC,OAAQ,QAAO;AAEpB,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,MAAM,MAAM;AAElB,UAAI,IAAI,gBAAgB;AACtB,gBAAQ,MAAM,GAAG,cAAc,IAAI,cAAc;AAAA,MACnD;AAEA,YAAM,SAAS,MAAM,MAAM,OAAO;AAElC,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,KAAK;AAE5D,UAAI,OAAO;AACT,eAAO;AAAA,MACT;AAEA,iBAAW,IAAmB;AAC9B,aAAO;AAAA,IACT,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,CAAC;AAML,QAAM,sBAAsB,YAAY,OAAO,gBAA4C;AACzF,QAAI,CAAC,eAAe,CAAC,IAAI,kBAAkB,CAAC,IAAI,gBAAiB;AACjE,UAAM,UAAU,YAAY;AAC5B,QAAI,SAAS,iBAAkB;AAC/B,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,SAAS,KAAK,WAAW;AAChD,YAAM,QAAQ,MAAM,SAAS;AAC7B,UAAI,CAAC,MAAO;AACZ,YAAM,MAAM,MAAM,MAAM,GAAG,IAAI,gBAAgB,QAAQ,OAAO,EAAE,CAAC,0BAA0B;AAAA,QACzF,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,GAAI,IAAI,2BAA2B,EAAE,eAAe,UAAU,IAAI,wBAAwB,GAAG,IAAI,CAAC;AAAA,UAClG,oBAAoB;AAAA,QACtB;AAAA,QACA,MAAM,KAAK,UAAU,EAAE,WAAW,IAAI,eAAe,CAAC;AAAA,MACxD,CAAC;AACD,YAAM,IAAI,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAC3C,UAAI,GAAG,SAAS;AAEd,cAAM,SAAS,KAAK,eAAe;AAAA,MACrC;AAAA,IACF,QAAQ;AAAA,IAER;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,YAAU,MAAM;AACd,aAAS,KAAK,WAAW,EAAE,KAAK,OAAO,EAAE,MAAM,EAAE,SAAS,eAAe,EAAE,MAAM;AAC/E,iBAAW,cAAc;AACzB,cAAQ,gBAAgB,QAAQ,IAAI;AAEpC,UAAI,gBAAgB,MAAM;AACxB,cAAM,aAAa,eAAe,KAAK,EAAE;AACzC,4BAAoB,eAAe,IAAI;AAAA,MACzC;AAEA,iBAAW,KAAK;AAAA,IAClB,CAAC;AAED,UAAM;AAAA,MACJ,MAAM,EAAE,aAAa;AAAA,IACvB,IAAI,SAAS,KAAK,kBAAkB,OAAO,OAAO,mBAAmB;AACnE,iBAAW,cAAc;AACzB,cAAQ,gBAAgB,QAAQ,IAAI;AAEpC,UAAI,UAAU,eAAe,gBAAgB,MAAM;AACjD,cAAM,aAAa,eAAe,KAAK,EAAE;AACzC,4BAAoB,eAAe,IAAI;AACvC,+BAAuB,QAAQ,eAAe,IAAI;AAClD,0BAAkB,UAAU,eAAe,KAAK;AAAA,MAClD,WAAW,UAAU,cAAc;AACjC,mBAAW,IAAI;AACf,YAAI,kBAAkB,SAAS;AAC7B,iCAAuB,SAAS,kBAAkB,OAAO;AACzD,4BAAkB,UAAU;AAAA,QAC9B;AAAA,MACF,WAAW,UAAU,kBAAkB,gBAAgB,MAAM;AAC3D,gBAAQ,UAAU,SAAS,eAAe,KAAK,IAAI;AAAA,UACjD,OAAO,eAAe,KAAK;AAAA,UAC3B,MAAM,eAAe,KAAK,eAAe;AAAA,QAC3C,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAID,UAAM,sBAAsB,MAAM;AAChC,eAAS,KAAK,WAAW,EAAE,KAAK,CAAC,EAAE,KAAK,MAAM;AAC5C,cAAM,IAAI,MAAM,WAAW;AAC3B,mBAAW,CAAC;AACZ,gBAAQ,GAAG,QAAQ,IAAI;AACvB,YAAI,GAAG,MAAM;AAAE,uBAAa,EAAE,KAAK,EAAE;AAAG,8BAAoB,EAAE,IAAI;AAAA,QAAG;AAAA,MACvE,CAAC;AAAA,IACH;AACA,UAAM,QAAQ,CAAC,MAAoB;AAAE,UAAI,GAAG,MAAM,SAAS,oBAAqB,qBAAoB;AAAA,IAAG;AACvG,UAAM,YAAY,CAAC,MAAoB;AAAE,UAAI,EAAE,OAAO,aAAa,KAAK,EAAE,GAAG,EAAG,qBAAoB;AAAA,IAAG;AACvG,QAAI,OAAO,WAAW,aAAa;AACjC,aAAO,iBAAiB,WAAW,KAAK;AACxC,aAAO,iBAAiB,WAAW,SAAS;AAAA,IAC9C;AAEA,WAAO,MAAM;AACX,mBAAa,YAAY;AACzB,UAAI,OAAO,WAAW,aAAa;AACjC,eAAO,oBAAoB,WAAW,KAAK;AAC3C,eAAO,oBAAoB,WAAW,SAAS;AAAA,MACjD;AAAA,IACF;AAAA,EACF,GAAG,CAAC,cAAc,mBAAmB,CAAC;AAEtC,QAAM,SAAS,YAAY,OAAO,OAAe,UAAkB,UAAyB,CAAC,MAA2B;AACtH,QAAI,CAAC,sBAAsB;AACzB,aAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACnD;AACA,UAAM,EAAE,WAAW,CAAC,EAAE,IAAI;AAE1B,QAAI;AACF,YAAM,iBAAiB,EAAE,GAAG,SAAS;AACrC,UAAI,IAAI,gBAAgB;AACtB,uBAAe,aAAa,IAAI;AAChC,uBAAe,mBAAmB,IAAI;AAAA,MACxC;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK,OAAO;AAAA,QACxC;AAAA,QACA;AAAA,QACA,SAAS,EAAE,MAAM,eAAe;AAAA,MAClC,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,gBAAgB,EAAE;AAEnF,UAAI,OAAO;AACT,eAAO,EAAE,MAAM,MAAM,MAAM;AAAA,MAC7B;AAEA,UAAI,MAAM,MAAM;AACd,cAAM,cAAuC;AAAA,UAC3C,IAAI,KAAK,KAAK;AAAA,UACd;AAAA,QACF;AACA,YAAI,SAAS,cAAc;AACzB,sBAAY,eAAe,SAAS;AAAA,QACtC;AACA,YAAI,IAAI,gBAAgB;AACtB,sBAAY,aAAa,IAAI;AAAA,QAC/B;AACA,YAAI,SAAS,gBAAgB,IAAI,gBAAgB;AAC/C,gBAAM,SAAS,KAAK,eAAe,EAAE,OAAO,WAAW;AAAA,QACzD;AACA,YAAI;AACF,gBAAM,SAAS,IAAI,uBAAuB,EAAE,WAAW,KAAK,KAAK,GAAG,CAAC;AAAA,QACvE,QAAQ;AAAA,QAER;AACA,+BAAuB,SAAS,KAAK,IAAI;AAAA,MAC3C;AAEA,aAAO,EAAE,MAAM,OAAO,KAAK;AAAA,IAC7B,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,gBAAgB,EAAE;AAAA,IACvF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,SAAS,YAAY,OAAO,OAAe,aAA0C;AACzF,QAAI,CAAC,sBAAsB;AACzB,aAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACnD;AACA,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,KAAK,mBAAmB,EAAE,OAAO,SAAS,CAAC;AACzE,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,gBAAgB,EAAE;AACnF,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,gBAAgB,EAAE;AAAA,IACvF;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,qBAAqB,YAAY,OAAO,UAAkB,UAAqC,CAAC,MAA2B;AAC/H,QAAI,CAAC,sBAAsB;AACzB,aAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACnD;AACA,QAAI;AACF,YAAM,YAAY;AAClB,YAAM,SAAS,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AACxE,YAAM,SAAS,OAAO,WAAW,eAAe,OAAO,SAAS,OAAO;AAEvE,UAAI,UAAU,OAAO,WAAW,aAAa;AAK3C,cAAM,aAAa,QAAQ,eAAe,SAAS,GAAG,MAAM,mBAAmB;AAC/E,cAAMF,UAAS,MAAM,SAAS,KAAK,gBAAgB;AAAA,UACjD,UAAU;AAAA,UACV,SAAS,EAAE,YAAY,qBAAqB,MAAM,GAAG,QAAQ;AAAA,QAC/D,CAAC;AACD,YAAIA,SAAQ,MAAO,QAAO,EAAE,MAAM,MAAM,OAAOA,QAAO,MAAM;AAC5D,cAAM,MAAOA,SAAQ,MAAkC;AACvD,YAAI,IAAK,QAAO,KAAK,KAAK,YAAY,4BAA4B;AAClE,eAAO,EAAE,MAAMA,SAAQ,QAAQ,MAAM,OAAO,KAAK;AAAA,MACnD;AAKA,YAAM,SAAS,MAAM,SAAS,KAAK,gBAAgB;AAAA,QACjD,UAAU;AAAA,QACV,SAAS;AAAA,UACP,YAAY,QAAQ,cAAc;AAAA,UAClC,GAAG;AAAA,QACL;AAAA,MACF,CAAC;AACD,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,sBAAsB,EAAE;AACzF,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,sBAAsB,EAAE;AAAA,IAC7F;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,UAAU,YAAY,YAA8C;AACxE,UAAM,SAAS,MAAM;AACrB,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,KAAK,QAAQ;AAC3C,YAAM,EAAE,MAAM,IAAI,UAAU,EAAE,OAAO,KAAK;AAC1C,UAAI,CAAC,SAAS,QAAQ;AACpB,gBAAQ,MAAM,YAAY,MAAM;AAAA,MAClC;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAc;AACrB,aAAO,EAAE,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,iBAAiB,EAAE;AAAA,IAC5E;AAAA,EACF,GAAG,CAAC,IAAI,CAAC;AAET,QAAM,gBAAgB,YAAY,OAAO,UAAuC;AAC9E,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,KAAK,sBAAsB,OAAO;AAAA,QAC9D,YAAY,GAAG,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS,EAAE;AAAA,MAC5E,CAAC;AACD,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,uBAAuB,EAAE;AAC1F,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,uBAAuB,EAAE;AAAA,IAC9F;AAAA,EACF,GAAG,CAAC,CAAC;AAIL,QAAM,iBAAiB,YAAY,OAAO,gBAA6C;AACrF,QAAI,CAAC,sBAAsB;AACzB,aAAO,EAAE,MAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACnD;AACA,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,KAAK,WAAW,EAAE,UAAU,YAAY,CAAC;AACvE,YAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,wBAAwB,EAAE;AAC3F,aAAO,EAAE,MAAM,MAAM;AAAA,IACvB,SAAS,KAAc;AACrB,aAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,wBAAwB,EAAE;AAAA,IAC/F;AAAA,EACF,GAAG,CAAC,CAAC;AAEL,QAAM,gBAAgB;AAAA,IACpB,OAAO,YAAuD;AAC5D,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,MAAM,MAAM,OAAO,IAAI,MAAM,mBAAmB,EAAE;AAAA,MAC7D;AACA,UAAI;AACF,YAAI,QAAQ,SACT,KAAK,eAAe,EACpB,OAAO,OAAO,EACd,GAAG,MAAM,KAAK,EAAE;AAEnB,YAAI,IAAI,gBAAgB;AACtB,kBAAQ,MAAM,GAAG,cAAc,IAAI,cAAc;AAAA,QACnD;AAEA,cAAM,SAAS,MAAM,MAAM,OAAO,EAAE,OAAO;AAC3C,cAAM,EAAE,MAAM,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,OAAO,KAAK;AAC5D,eAAO,EAAE,MAAM,MAAM;AAAA,MACvB,SAAS,KAAc;AACrB,eAAO,EAAE,MAAM,MAAM,OAAO,eAAe,QAAQ,MAAM,IAAI,MAAM,eAAe,EAAE;AAAA,MACtF;AAAA,IACF;AAAA,IACA,CAAC,IAAI;AAAA,EACP;AAEA,QAAM,QAAyB;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,EAClB;AAEA,SAAO,oBAAC,YAAY,UAAZ,EAAqB,OAAe,UAAS;AACvD;AAEO,SAAS,UAA2B;AACzC,QAAM,UAAU,WAAW,WAAW;AACtC,MAAI,YAAY,QAAW;AACzB,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,SAAO;AACT;","names":["result","error","data"]}

package/dist/chunk-VHKTBOFU.js ADDED Viewed

@@ -0,0 +1,124 @@
+import {
+  DatabaseClient,
+  getRuntimeConfig,
+  loadBootstrap
+} from "./chunk-WFDQ4YUZ.js";
+import {
+  isSupabaseConfigured,
+  supabase
+} from "./chunk-FPSSXTQG.js";
+import {
+  env
+} from "./chunk-KWR4PA5I.js";
+// src/database/DatabaseProvider.tsx
+import { createContext, useContext, useEffect, useMemo, useState } from "react";
+import { jsx } from "react/jsx-runtime";
+var DatabaseContext = createContext({
+  db: null,
+  isConfigured: false
+});
+function DatabaseProvider({ children, projectId }) {
+  const bakedProjectId = projectId || env.EZC_PROJECT_ID || "";
+  const [runtimeProjectId, setRuntimeProjectId] = useState(getRuntimeConfig()?.projectId || "");
+  const [bootstrapAttempted, setBootstrapAttempted] = useState(Boolean(getRuntimeConfig()));
+  useEffect(() => {
+    if (bakedProjectId) return;
+    let cancelled = false;
+    loadBootstrap().then((rc) => {
+      if (cancelled) return;
+      if (rc?.projectId) setRuntimeProjectId(rc.projectId);
+      setBootstrapAttempted(true);
+    });
+    return () => {
+      cancelled = true;
+    };
+  }, [bakedProjectId]);
+  const resolvedProjectId = bakedProjectId || runtimeProjectId;
+  const configured = Boolean(resolvedProjectId);
+  const db = useMemo(
+    () => configured ? new DatabaseClient(supabase, resolvedProjectId) : null,
+    [configured, resolvedProjectId]
+  );
+  const value = useMemo(() => ({ db, isConfigured: configured }), [db, configured]);
+  if (!bakedProjectId && !bootstrapAttempted && !runtimeProjectId) {
+    return null;
+  }
+  return /* @__PURE__ */ jsx(DatabaseContext.Provider, { value, children });
+}
+function useDatabase() {
+  const { db } = useContext(DatabaseContext);
+  if (!db) {
+    throw new Error(
+      "useDatabase() must be used within <DatabaseProvider>. Ensure the app is wrapped in <DatabaseProvider> and the project has a deployment origin or EZC_PROJECT_ID."
+    );
+  }
+  return db;
+}
+function useDatabaseOptional() {
+  const { db } = useContext(DatabaseContext);
+  return db;
+}
+function useIsDatabaseConfigured() {
+  const { isConfigured } = useContext(DatabaseContext);
+  return isConfigured;
+}
+// src/database/useRealtime.ts
+import { useEffect as useEffect2, useState as useState2, useRef } from "react";
+function useRealtime(table, options = {}) {
+  const [data, setData] = useState2([]);
+  const [status, setStatus] = useState2("connecting");
+  const optionsRef = useRef(options);
+  optionsRef.current = options;
+  const projectId = env.EZC_PROJECT_ID;
+  useEffect2(() => {
+    if (!isSupabaseConfigured || !projectId) {
+      setStatus("disabled");
+      return;
+    }
+    const schemaName = `proj_${projectId.replace(/-/g, "_")}`;
+    const channelName = `${schemaName}_${table}_${optionsRef.current.event || "all"}`;
+    const channel = supabase.channel(channelName).on(
+      "postgres_changes",
+      {
+        event: optionsRef.current.event || "*",
+        schema: schemaName,
+        table,
+        filter: optionsRef.current.filter
+      },
+      (payload) => {
+        if (payload.eventType === "INSERT") {
+          setData((prev) => [...prev, payload.new]);
+        } else if (payload.eventType === "UPDATE") {
+          setData(
+            (prev) => prev.map(
+              (item) => item.id === payload.new.id ? payload.new : item
+            )
+          );
+        } else if (payload.eventType === "DELETE") {
+          setData(
+            (prev) => prev.filter(
+              (item) => item.id !== payload.old.id
+            )
+          );
+        }
+      }
+    ).subscribe((subStatus) => {
+      setStatus(subStatus === "SUBSCRIBED" ? "connected" : "connecting");
+    });
+    return () => {
+      supabase.removeChannel(channel);
+    };
+  }, [projectId, table]);
+  return { data, status, setData };
+}
+export {
+  DatabaseProvider,
+  useDatabase,
+  useDatabaseOptional,
+  useIsDatabaseConfigured,
+  useRealtime
+};
+//# sourceMappingURL=chunk-VHKTBOFU.js.map

package/dist/chunk-VHKTBOFU.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/database/DatabaseProvider.tsx","../src/database/useRealtime.ts"],"sourcesContent":["import { createContext, useContext, useEffect, useMemo, useState, type ReactNode } from 'react';\nimport { supabase } from '../core/supabase';\nimport { env } from '../core/config';\nimport { loadBootstrap, getRuntimeConfig } from '../core/bootstrap';\nimport { DatabaseClient } from './DatabaseClient';\n\ninterface DatabaseContextValue {\n db: DatabaseClient | null;\n isConfigured: boolean;\n}\n\nconst DatabaseContext = createContext<DatabaseContextValue>({\n db: null,\n isConfigured: false,\n});\n\ninterface DatabaseProviderProps {\n children: ReactNode;\n projectId?: string;\n}\n\n/**\n * Parity Doctrine W2: the database is configured as soon as we know the\n * projectId — from the prop, the build-time env, OR the runtime bootstrap.\n * Crucially, a build that baked NO env (the herdmark \"useDatabase must be used\n * within <DatabaseProvider>\" boot crash) is no longer broken: we fetch the\n * config live and resolve the projectId at runtime. The DatabaseClient reaches\n * the DB through the platform proxy, so a configured Supabase client is NOT\n * required for data access — anonymous reads authorize by deployment origin.\n */\nexport function DatabaseProvider({ children, projectId }: DatabaseProviderProps) {\n const bakedProjectId = projectId || env.EZC_PROJECT_ID || '';\n const [runtimeProjectId, setRuntimeProjectId] = useState<string>(getRuntimeConfig()?.projectId || '');\n const [bootstrapAttempted, setBootstrapAttempted] = useState<boolean>(Boolean(getRuntimeConfig()));\n\n useEffect(() => {\n if (bakedProjectId) return; // already configured from build-time env/prop\n let cancelled = false;\n loadBootstrap().then((rc) => {\n if (cancelled) return;\n if (rc?.projectId) setRuntimeProjectId(rc.projectId);\n setBootstrapAttempted(true);\n });\n return () => { cancelled = true; };\n }, [bakedProjectId]);\n\n const resolvedProjectId = bakedProjectId || runtimeProjectId;\n const configured = Boolean(resolvedProjectId);\n\n const db = useMemo(\n () => (configured ? new DatabaseClient(supabase, resolvedProjectId) : null),\n [configured, resolvedProjectId],\n );\n\n const value = useMemo(() => ({ db, isConfigured: configured }), [db, configured]);\n\n // Env-less build ONLY: hold render until the runtime bootstrap resolves the\n // projectId, converting the old hard crash into a sub-second gate. A normally\n // configured build (projectId baked) never enters this branch.\n if (!bakedProjectId && !bootstrapAttempted && !runtimeProjectId) {\n return null;\n }\n\n return <DatabaseContext.Provider value={value}>{children}</DatabaseContext.Provider>;\n}\n\nexport function useDatabase(): DatabaseClient {\n const { db } = useContext(DatabaseContext);\n if (!db) {\n throw new Error(\n 'useDatabase() must be used within <DatabaseProvider>. ' +\n 'Ensure the app is wrapped in <DatabaseProvider> and the project has a deployment origin or EZC_PROJECT_ID.',\n );\n }\n return db;\n}\n\nexport function useDatabaseOptional(): DatabaseClient | null {\n const { db } = useContext(DatabaseContext);\n return db;\n}\n\nexport function useIsDatabaseConfigured(): boolean {\n const { isConfigured } = useContext(DatabaseContext);\n return isConfigured;\n}\n","import { useEffect, useState, useRef } from 'react';\r\nimport { supabase, isSupabaseConfigured } from '../core/supabase';\r\nimport { env } from '../core/config';\r\n\r\ntype RealtimeEvent = 'INSERT' | 'UPDATE' | 'DELETE' | '*';\r\n\r\ninterface RealtimeOptions {\r\n event?: RealtimeEvent;\r\n filter?: string;\r\n}\r\n\r\ninterface UseRealtimeReturn<T> {\r\n data: T[];\r\n status: 'connecting' | 'connected' | 'error' | 'disabled';\r\n setData: React.Dispatch<React.SetStateAction<T[]>>;\r\n}\r\n\r\nexport function useRealtime<T extends Record<string, unknown> = Record<string, unknown>>(\r\n table: string,\r\n options: RealtimeOptions = {},\r\n): UseRealtimeReturn<T> {\r\n const [data, setData] = useState<T[]>([]);\r\n const [status, setStatus] = useState<UseRealtimeReturn<T>['status']>('connecting');\r\n const optionsRef = useRef(options);\r\n optionsRef.current = options;\r\n\r\n const projectId = env.EZC_PROJECT_ID;\r\n\r\n useEffect(() => {\r\n if (!isSupabaseConfigured || !projectId) {\r\n setStatus('disabled');\r\n return;\r\n }\r\n\r\n const schemaName = `proj_${projectId.replace(/-/g, '_')}`;\r\n const channelName = `${schemaName}_${table}_${optionsRef.current.event || 'all'}`;\r\n\r\n const channel = supabase\r\n .channel(channelName)\r\n .on(\r\n 'postgres_changes' as never,\r\n {\r\n event: optionsRef.current.event || '*',\r\n schema: schemaName,\r\n table,\r\n filter: optionsRef.current.filter,\r\n } as never,\r\n (payload: { eventType: string; new: Record<string, unknown>; old: Record<string, unknown> }) => {\r\n if (payload.eventType === 'INSERT') {\r\n setData((prev) => [...prev, payload.new as T]);\r\n } else if (payload.eventType === 'UPDATE') {\r\n setData((prev) =>\r\n prev.map((item) =>\r\n (item as Record<string, unknown>).id === (payload.new as Record<string, unknown>).id\r\n ? (payload.new as T)\r\n : item,\r\n ),\r\n );\r\n } else if (payload.eventType === 'DELETE') {\r\n setData((prev) =>\r\n prev.filter(\r\n (item) =>\r\n (item as Record<string, unknown>).id !== (payload.old as Record<string, unknown>).id,\r\n ),\r\n );\r\n }\r\n },\r\n )\r\n .subscribe((subStatus: string) => {\r\n setStatus(subStatus === 'SUBSCRIBED' ? 'connected' : 'connecting');\r\n });\r\n\r\n return () => {\r\n supabase.removeChannel(channel);\r\n };\r\n }, [projectId, table]);\r\n\r\n return { data, status, setData };\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;AAAA,SAAS,eAAe,YAAY,WAAW,SAAS,gBAAgC;AA+D/E;AApDT,IAAM,kBAAkB,cAAoC;AAAA,EAC1D,IAAI;AAAA,EACJ,cAAc;AAChB,CAAC;AAgBM,SAAS,iBAAiB,EAAE,UAAU,UAAU,GAA0B;AAC/E,QAAM,iBAAiB,aAAa,IAAI,kBAAkB;AAC1D,QAAM,CAAC,kBAAkB,mBAAmB,IAAI,SAAiB,iBAAiB,GAAG,aAAa,EAAE;AACpG,QAAM,CAAC,oBAAoB,qBAAqB,IAAI,SAAkB,QAAQ,iBAAiB,CAAC,CAAC;AAEjG,YAAU,MAAM;AACd,QAAI,eAAgB;AACpB,QAAI,YAAY;AAChB,kBAAc,EAAE,KAAK,CAAC,OAAO;AAC3B,UAAI,UAAW;AACf,UAAI,IAAI,UAAW,qBAAoB,GAAG,SAAS;AACnD,4BAAsB,IAAI;AAAA,IAC5B,CAAC;AACD,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAM;AAAA,EACnC,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,oBAAoB,kBAAkB;AAC5C,QAAM,aAAa,QAAQ,iBAAiB;AAE5C,QAAM,KAAK;AAAA,IACT,MAAO,aAAa,IAAI,eAAe,UAAU,iBAAiB,IAAI;AAAA,IACtE,CAAC,YAAY,iBAAiB;AAAA,EAChC;AAEA,QAAM,QAAQ,QAAQ,OAAO,EAAE,IAAI,cAAc,WAAW,IAAI,CAAC,IAAI,UAAU,CAAC;AAKhF,MAAI,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,kBAAkB;AAC/D,WAAO;AAAA,EACT;AAEA,SAAO,oBAAC,gBAAgB,UAAhB,EAAyB,OAAe,UAAS;AAC3D;AAEO,SAAS,cAA8B;AAC5C,QAAM,EAAE,GAAG,IAAI,WAAW,eAAe;AACzC,MAAI,CAAC,IAAI;AACP,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,sBAA6C;AAC3D,QAAM,EAAE,GAAG,IAAI,WAAW,eAAe;AACzC,SAAO;AACT;AAEO,SAAS,0BAAmC;AACjD,QAAM,EAAE,aAAa,IAAI,WAAW,eAAe;AACnD,SAAO;AACT;;;ACrFA,SAAS,aAAAA,YAAW,YAAAC,WAAU,cAAc;AAiBrC,SAAS,YACd,OACA,UAA2B,CAAC,GACN;AACtB,QAAM,CAAC,MAAM,OAAO,IAAIC,UAAc,CAAC,CAAC;AACxC,QAAM,CAAC,QAAQ,SAAS,IAAIA,UAAyC,YAAY;AACjF,QAAM,aAAa,OAAO,OAAO;AACjC,aAAW,UAAU;AAErB,QAAM,YAAY,IAAI;AAEtB,EAAAC,WAAU,MAAM;AACd,QAAI,CAAC,wBAAwB,CAAC,WAAW;AACvC,gBAAU,UAAU;AACpB;AAAA,IACF;AAEA,UAAM,aAAa,QAAQ,UAAU,QAAQ,MAAM,GAAG,CAAC;AACvD,UAAM,cAAc,GAAG,UAAU,IAAI,KAAK,IAAI,WAAW,QAAQ,SAAS,KAAK;AAE/E,UAAM,UAAU,SACb,QAAQ,WAAW,EACnB;AAAA,MACC;AAAA,MACA;AAAA,QACE,OAAO,WAAW,QAAQ,SAAS;AAAA,QACnC,QAAQ;AAAA,QACR;AAAA,QACA,QAAQ,WAAW,QAAQ;AAAA,MAC7B;AAAA,MACA,CAAC,YAA+F;AAC9F,YAAI,QAAQ,cAAc,UAAU;AAClC,kBAAQ,CAAC,SAAS,CAAC,GAAG,MAAM,QAAQ,GAAQ,CAAC;AAAA,QAC/C,WAAW,QAAQ,cAAc,UAAU;AACzC;AAAA,YAAQ,CAAC,SACP,KAAK;AAAA,cAAI,CAAC,SACP,KAAiC,OAAQ,QAAQ,IAAgC,KAC7E,QAAQ,MACT;AAAA,YACN;AAAA,UACF;AAAA,QACF,WAAW,QAAQ,cAAc,UAAU;AACzC;AAAA,YAAQ,CAAC,SACP,KAAK;AAAA,cACH,CAAC,SACE,KAAiC,OAAQ,QAAQ,IAAgC;AAAA,YACtF;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF,EACC,UAAU,CAAC,cAAsB;AAChC,gBAAU,cAAc,eAAe,cAAc,YAAY;AAAA,IACnE,CAAC;AAEH,WAAO,MAAM;AACX,eAAS,cAAc,OAAO;AAAA,IAChC;AAAA,EACF,GAAG,CAAC,WAAW,KAAK,CAAC;AAErB,SAAO,EAAE,MAAM,QAAQ,QAAQ;AACjC;","names":["useEffect","useState","useState","useEffect"]}