@frontmcp/auth 0.12.1 → 1.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cimd/cimd.cache.d.ts +0 -5
- package/cimd/cimd.cache.d.ts.map +1 -1
- package/cimd/index.d.ts +1 -2
- package/cimd/index.d.ts.map +1 -1
- package/consent/index.d.ts +2 -1
- package/consent/index.d.ts.map +1 -1
- package/detection/auth-provider-detection.d.ts +4 -2
- package/detection/auth-provider-detection.d.ts.map +1 -1
- package/esm/index.mjs +673 -768
- package/esm/package.json +4 -4
- package/index.d.ts +3 -3
- package/index.d.ts.map +1 -1
- package/index.js +745 -858
- package/jwks/index.d.ts +1 -12
- package/jwks/index.d.ts.map +1 -1
- package/jwks/jwks.service.d.ts +1 -6
- package/jwks/jwks.service.d.ts.map +1 -1
- package/jwks/jwks.types.d.ts +0 -7
- package/jwks/jwks.types.d.ts.map +1 -1
- package/machine-id/machine-id.d.ts.map +1 -1
- package/options/app-auth.schema.d.ts +29 -37
- package/options/app-auth.schema.d.ts.map +1 -1
- package/options/index.d.ts +6 -6
- package/options/index.d.ts.map +1 -1
- package/options/interfaces.d.ts +72 -32
- package/options/interfaces.d.ts.map +1 -1
- package/options/orchestrated.schema.d.ts +54 -56
- package/options/orchestrated.schema.d.ts.map +1 -1
- package/options/schema.d.ts +30 -38
- package/options/schema.d.ts.map +1 -1
- package/options/shared.schemas.d.ts +61 -9
- package/options/shared.schemas.d.ts.map +1 -1
- package/options/transparent.schema.d.ts +15 -15
- package/options/typecheck.d.ts.map +1 -1
- package/options/utils.d.ts +16 -7
- package/options/utils.d.ts.map +1 -1
- package/package.json +4 -4
- package/session/session-crypto.d.ts.map +1 -1
- package/session/session.transport.d.ts +3 -4
- package/session/session.transport.d.ts.map +1 -1
- package/session/utils/session-crypto.utils.d.ts.map +1 -1
- package/jwks/dev-key-persistence.d.ts +0 -70
- package/jwks/dev-key-persistence.d.ts.map +0 -1
package/jwks/index.d.ts
CHANGED
|
@@ -3,18 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* JSON Web Key Set management for JWT signing and verification.
|
|
5
5
|
*/
|
|
6
|
-
export type { JwksServiceOptions, ProviderVerifyRef, VerifyResult
|
|
6
|
+
export type { JwksServiceOptions, ProviderVerifyRef, VerifyResult } from './jwks.types';
|
|
7
7
|
export { JwksService } from './jwks.service';
|
|
8
8
|
export { trimSlash, normalizeIssuer, decodeJwtPayloadSafe } from './jwks.utils';
|
|
9
|
-
/**
|
|
10
|
-
* Dev Key Persistence (DEPRECATED)
|
|
11
|
-
*
|
|
12
|
-
* These exports are deprecated. Use `createKeyPersistence` from `@frontmcp/utils` instead.
|
|
13
|
-
* They are kept for backwards compatibility and will be removed in a future major version.
|
|
14
|
-
*
|
|
15
|
-
* @deprecated Use `createKeyPersistence` from `@frontmcp/utils` instead.
|
|
16
|
-
*/
|
|
17
|
-
export { isDevKeyPersistenceEnabled, resolveKeyPath, loadDevKey, saveDevKey, deleteDevKey, } from './dev-key-persistence';
|
|
18
|
-
/** @deprecated Use `AsymmetricKeyData` from `@frontmcp/utils` instead. */
|
|
19
|
-
export type { DevKeyData } from './dev-key-persistence';
|
|
20
9
|
//# sourceMappingURL=index.d.ts.map
|
package/jwks/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/jwks/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,YAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/jwks/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAGxF,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAG7C,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC"}
|
package/jwks/jwks.service.d.ts
CHANGED
|
@@ -10,14 +10,9 @@ export declare class JwksService {
|
|
|
10
10
|
private keyInitPromise;
|
|
11
11
|
private keyPersistence?;
|
|
12
12
|
constructor(opts?: JwksServiceOptions);
|
|
13
|
-
/**
|
|
14
|
-
* Check if key persistence should be enabled.
|
|
15
|
-
* Enabled in development by default, disabled in production unless forceEnable.
|
|
16
|
-
*/
|
|
17
|
-
private shouldEnablePersistence;
|
|
18
13
|
/**
|
|
19
14
|
* Get or create the KeyPersistence instance.
|
|
20
|
-
* Returns null if persistence is disabled.
|
|
15
|
+
* Returns null if persistence is disabled (production).
|
|
21
16
|
*/
|
|
22
17
|
private getKeyPersistence;
|
|
23
18
|
/** Gateway's public JWKS (publish at /.well-known/jwks.json when orchestrated). */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks.service.d.ts","sourceRoot":"","sources":["../../src/jwks/jwks.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAuD,aAAa,EAAO,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"jwks.service.d.ts","sourceRoot":"","sources":["../../src/jwks/jwks.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAuD,aAAa,EAAO,MAAM,MAAM,CAAC;AAS/F,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAanF,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA+C;IAEpE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;IACpC,OAAO,CAAC,eAAe,CAAqB;IAG5C,OAAO,CAAC,eAAe,CAKrB;IAGF,OAAO,CAAC,YAAY,CAAiE;IAGrF,OAAO,CAAC,cAAc,CAAS;IAE/B,OAAO,CAAC,cAAc,CAA4B;IAElD,OAAO,CAAC,cAAc,CAAC,CAAiB;gBAE5B,IAAI,CAAC,EAAE,kBAAkB;IAcrC;;;OAGG;YACW,iBAAiB;IAc/B,mFAAmF;IAC7E,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC;IAQ7C,uEAAuE;IACjE,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAsCtF;;;OAGG;IACG,sBAAsB,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,iBAAiB,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAqDnG;;OAEG;IACH,OAAO,CAAC,cAAc;IAatB;;;OAGG;YACW,iBAAiB;IAiF/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAqBvB,kEAAkE;IAClE,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,aAAa;IAIvD;;;;;;OAMG;IACG,kBAAkB,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAmCpF,yEAAyE;IACnE,mBAAmB,IAAI,OAAO,CAAC,aAAa,CAAC;IAKnD,wEAAwE;IAClE,yBAAyB,IAAI,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,OAAO,aAAa,EAAE,SAAS,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;YAShG,YAAY;YAaZ,cAAc;YAQd,SAAS;YAgBT,qBAAqB;YAyBrB,yBAAyB;IA+DvC,OAAO,CAAC,WAAW;CAgBpB"}
|
package/jwks/jwks.types.d.ts
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import { JSONWebKeySet } from 'jose';
|
|
2
|
-
import { DevKeyPersistenceOptions } from './dev-key-persistence';
|
|
3
2
|
import type { AuthLogger } from '../common/auth-logger.interface';
|
|
4
3
|
export type JwksServiceOptions = {
|
|
5
4
|
orchestratorAlg?: 'RS256' | 'ES256';
|
|
@@ -8,15 +7,9 @@ export type JwksServiceOptions = {
|
|
|
8
7
|
providerJwksTtlMs?: number;
|
|
9
8
|
/** Timeout (ms) for network metadata/JWKS fetches. Default: 5s */
|
|
10
9
|
networkTimeoutMs?: number;
|
|
11
|
-
/**
|
|
12
|
-
* Options for dev key persistence (development mode only by default).
|
|
13
|
-
* When enabled, keys are saved to a file and reloaded on server restart.
|
|
14
|
-
*/
|
|
15
|
-
devKeyPersistence?: DevKeyPersistenceOptions;
|
|
16
10
|
/** Optional logger. If not provided, logging is disabled. */
|
|
17
11
|
logger?: AuthLogger;
|
|
18
12
|
};
|
|
19
|
-
export type { DevKeyPersistenceOptions };
|
|
20
13
|
/** Rich descriptor used by verification & fetching */
|
|
21
14
|
export type ProviderVerifyRef = {
|
|
22
15
|
id: string;
|
package/jwks/jwks.types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks.types.d.ts","sourceRoot":"","sources":["../../src/jwks/jwks.types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,
|
|
1
|
+
{"version":3,"file":"jwks.types.d.ts","sourceRoot":"","sources":["../../src/jwks/jwks.types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAElE,MAAM,MAAM,kBAAkB,GAAG;IAC/B,eAAe,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+EAA+E;IAC/E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,6DAA6D;IAC7D,MAAM,CAAC,EAAE,UAAU,CAAC;CACrB,CAAC;AAEF,sDAAsD;AACtD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,aAAa,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"machine-id.d.ts","sourceRoot":"","sources":["../../src/machine-id/machine-id.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;GAaG;
|
|
1
|
+
{"version":3,"file":"machine-id.d.ts","sourceRoot":"","sources":["../../src/machine-id/machine-id.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;GAaG;AAqHH;;;GAGG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAEjE"}
|
|
@@ -16,33 +16,33 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
16
16
|
standalone: z.ZodOptional<z.ZodBoolean>;
|
|
17
17
|
excludeFromParent: z.ZodOptional<z.ZodBoolean>;
|
|
18
18
|
}, z.core.$strip>, z.ZodObject<{
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
19
|
+
expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
20
|
+
requiredScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
21
|
+
allowAnonymous: z.ZodDefault<z.ZodBoolean>;
|
|
22
|
+
anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
23
|
+
publicAccess: z.ZodOptional<z.ZodObject<{
|
|
24
|
+
tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
|
|
25
|
+
prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
|
|
26
|
+
rateLimit: z.ZodDefault<z.ZodNumber>;
|
|
27
|
+
}, z.core.$strip>>;
|
|
28
|
+
provider: z.ZodString;
|
|
29
|
+
clientId: z.ZodOptional<z.ZodString>;
|
|
30
|
+
clientSecret: z.ZodOptional<z.ZodString>;
|
|
31
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
32
|
+
providerConfig: z.ZodOptional<z.ZodObject<{
|
|
22
33
|
name: z.ZodOptional<z.ZodString>;
|
|
23
34
|
id: z.ZodOptional<z.ZodString>;
|
|
24
35
|
jwks: z.ZodOptional<z.ZodObject<{
|
|
25
36
|
keys: z.ZodArray<z.ZodType<import("..").JWK, unknown, z.core.$ZodTypeInternals<import("..").JWK, unknown>>>;
|
|
26
37
|
}, z.core.$strip>>;
|
|
27
38
|
jwksUri: z.ZodOptional<z.ZodString>;
|
|
28
|
-
clientId: z.ZodOptional<z.ZodString>;
|
|
29
|
-
clientSecret: z.ZodOptional<z.ZodString>;
|
|
30
|
-
scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
31
39
|
dcrEnabled: z.ZodDefault<z.ZodBoolean>;
|
|
32
40
|
authEndpoint: z.ZodOptional<z.ZodString>;
|
|
33
41
|
tokenEndpoint: z.ZodOptional<z.ZodString>;
|
|
34
42
|
registrationEndpoint: z.ZodOptional<z.ZodString>;
|
|
35
43
|
userInfoEndpoint: z.ZodOptional<z.ZodString>;
|
|
36
|
-
}, z.core.$strip>;
|
|
37
|
-
expectedAudience: z.ZodOptional<z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>>;
|
|
38
|
-
requiredScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
39
|
-
allowAnonymous: z.ZodDefault<z.ZodBoolean>;
|
|
40
|
-
anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
41
|
-
publicAccess: z.ZodOptional<z.ZodObject<{
|
|
42
|
-
tools: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
|
|
43
|
-
prompts: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"all">, z.ZodArray<z.ZodString>]>>;
|
|
44
|
-
rateLimit: z.ZodDefault<z.ZodNumber>;
|
|
45
44
|
}, z.core.$strip>>;
|
|
45
|
+
mode: z.ZodLiteral<"transparent">;
|
|
46
46
|
standalone: z.ZodOptional<z.ZodBoolean>;
|
|
47
47
|
excludeFromParent: z.ZodOptional<z.ZodBoolean>;
|
|
48
48
|
}, z.core.$strip>, z.ZodObject<{
|
|
@@ -53,11 +53,8 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
53
53
|
}, z.core.$strip>>;
|
|
54
54
|
issuer: z.ZodOptional<z.ZodString>;
|
|
55
55
|
}, z.core.$strip>>;
|
|
56
|
-
tokenStorage: z.ZodDefault<z.
|
|
57
|
-
|
|
58
|
-
}, z.core.$strip>, z.ZodObject<{
|
|
59
|
-
type: z.ZodLiteral<"redis">;
|
|
60
|
-
config: z.ZodObject<{
|
|
56
|
+
tokenStorage: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"memory">, z.ZodObject<{
|
|
57
|
+
redis: z.ZodObject<{
|
|
61
58
|
host: z.ZodString;
|
|
62
59
|
port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
63
60
|
password: z.ZodOptional<z.ZodString>;
|
|
@@ -66,7 +63,7 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
66
63
|
keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
67
64
|
defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
68
65
|
}, z.core.$strip>;
|
|
69
|
-
}, z.core.$strip>]
|
|
66
|
+
}, z.core.$strip>]>>;
|
|
70
67
|
allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
|
|
71
68
|
anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
72
69
|
publicAccess: z.ZodOptional<z.ZodObject<{
|
|
@@ -143,8 +140,7 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
143
140
|
maxRedirects: z.ZodDefault<z.ZodNumber>;
|
|
144
141
|
}, z.core.$strip>>;
|
|
145
142
|
}, z.core.$strip>>;
|
|
146
|
-
mode: z.ZodLiteral<"
|
|
147
|
-
type: z.ZodLiteral<"local">;
|
|
143
|
+
mode: z.ZodLiteral<"local">;
|
|
148
144
|
standalone: z.ZodOptional<z.ZodBoolean>;
|
|
149
145
|
excludeFromParent: z.ZodOptional<z.ZodBoolean>;
|
|
150
146
|
}, z.core.$strip>, z.ZodObject<{
|
|
@@ -155,11 +151,8 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
155
151
|
}, z.core.$strip>>;
|
|
156
152
|
issuer: z.ZodOptional<z.ZodString>;
|
|
157
153
|
}, z.core.$strip>>;
|
|
158
|
-
tokenStorage: z.ZodDefault<z.
|
|
159
|
-
|
|
160
|
-
}, z.core.$strip>, z.ZodObject<{
|
|
161
|
-
type: z.ZodLiteral<"redis">;
|
|
162
|
-
config: z.ZodObject<{
|
|
154
|
+
tokenStorage: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"memory">, z.ZodObject<{
|
|
155
|
+
redis: z.ZodObject<{
|
|
163
156
|
host: z.ZodString;
|
|
164
157
|
port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
165
158
|
password: z.ZodOptional<z.ZodString>;
|
|
@@ -168,7 +161,7 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
168
161
|
keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
169
162
|
defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
170
163
|
}, z.core.$strip>;
|
|
171
|
-
}, z.core.$strip>]
|
|
164
|
+
}, z.core.$strip>]>>;
|
|
172
165
|
allowDefaultPublic: z.ZodDefault<z.ZodBoolean>;
|
|
173
166
|
anonymousScopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
174
167
|
publicAccess: z.ZodOptional<z.ZodObject<{
|
|
@@ -245,25 +238,24 @@ export declare const appAuthOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
|
|
|
245
238
|
maxRedirects: z.ZodDefault<z.ZodNumber>;
|
|
246
239
|
}, z.core.$strip>>;
|
|
247
240
|
}, z.core.$strip>>;
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
241
|
+
provider: z.ZodString;
|
|
242
|
+
clientId: z.ZodOptional<z.ZodString>;
|
|
243
|
+
clientSecret: z.ZodOptional<z.ZodString>;
|
|
244
|
+
scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
245
|
+
providerConfig: z.ZodOptional<z.ZodObject<{
|
|
252
246
|
name: z.ZodOptional<z.ZodString>;
|
|
253
247
|
id: z.ZodOptional<z.ZodString>;
|
|
254
248
|
jwks: z.ZodOptional<z.ZodObject<{
|
|
255
249
|
keys: z.ZodArray<z.ZodType<import("..").JWK, unknown, z.core.$ZodTypeInternals<import("..").JWK, unknown>>>;
|
|
256
250
|
}, z.core.$strip>>;
|
|
257
251
|
jwksUri: z.ZodOptional<z.ZodString>;
|
|
258
|
-
clientId: z.ZodOptional<z.ZodString>;
|
|
259
|
-
clientSecret: z.ZodOptional<z.ZodString>;
|
|
260
|
-
scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
261
252
|
dcrEnabled: z.ZodDefault<z.ZodBoolean>;
|
|
262
253
|
authEndpoint: z.ZodOptional<z.ZodString>;
|
|
263
254
|
tokenEndpoint: z.ZodOptional<z.ZodString>;
|
|
264
255
|
registrationEndpoint: z.ZodOptional<z.ZodString>;
|
|
265
256
|
userInfoEndpoint: z.ZodOptional<z.ZodString>;
|
|
266
|
-
}, z.core.$strip
|
|
257
|
+
}, z.core.$strip>>;
|
|
258
|
+
mode: z.ZodLiteral<"remote">;
|
|
267
259
|
standalone: z.ZodOptional<z.ZodBoolean>;
|
|
268
260
|
excludeFromParent: z.ZodOptional<z.ZodBoolean>;
|
|
269
261
|
}, z.core.$strip>]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app-auth.schema.d.ts","sourceRoot":"","sources":["../../src/options/app-auth.schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAoCxB,eAAO,MAAM,oBAAoB
|
|
1
|
+
{"version":3,"file":"app-auth.schema.d.ts","sourceRoot":"","sources":["../../src/options/app-auth.schema.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAoCxB,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAK/B,CAAC;AAMH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}
|
package/options/index.d.ts
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
|
-
export type { PublicAccessConfig, LocalSigningConfig, RemoteProviderConfig, TokenStorageConfig,
|
|
2
|
-
export { publicAccessConfigSchema, localSigningConfigSchema, remoteProviderConfigSchema, tokenStorageConfigSchema, tokenRefreshConfigSchema, skippedAppBehaviorSchema, consentConfigSchema, federatedAuthConfigSchema, incrementalAuthConfigSchema, } from './shared.schemas';
|
|
3
|
-
export type { PublicAccessConfig as PublicAccessConfigZod, PublicAccessConfigInput, LocalSigningConfig as LocalSigningConfigZod, LocalSigningConfigInput, RemoteProviderConfig as RemoteProviderConfigZod, RemoteProviderConfigInput, TokenStorageConfig as TokenStorageConfigZod, TokenStorageConfigInput, TokenRefreshConfig as TokenRefreshConfigZod, TokenRefreshConfigInput, SkippedAppBehavior as SkippedAppBehaviorZod, ConsentConfig as ConsentConfigZod, ConsentConfigInput, FederatedAuthConfig as FederatedAuthConfigZod, FederatedAuthConfigInput, IncrementalAuthConfig as IncrementalAuthConfigZod, IncrementalAuthConfigInput, RedisConfig, } from './shared.schemas';
|
|
1
|
+
export type { PublicAccessConfig, LocalSigningConfig, ProviderConfig, RemoteProviderConfig, TokenStorageConfig, TokenRefreshConfig, SkippedAppBehavior, ConsentConfig, FederatedAuthConfig, IncrementalAuthConfig, PublicAuthOptionsInterface, TransparentAuthOptionsInterface, LocalAuthOptionsInterface, RemoteAuthOptionsInterface, LocalOrRemoteAuthOptionsInterface, AuthOptionsInterface, AuthMode, OrchestratedLocalOptionsInterface, OrchestratedRemoteOptionsInterface, OrchestratedAuthOptionsInterface, OrchestratedType, } from './interfaces';
|
|
2
|
+
export { publicAccessConfigSchema, localSigningConfigSchema, providerConfigSchema, remoteProviderConfigSchema, flatRemoteProviderFields, tokenStorageConfigSchema, tokenRefreshConfigSchema, skippedAppBehaviorSchema, consentConfigSchema, federatedAuthConfigSchema, incrementalAuthConfigSchema, } from './shared.schemas';
|
|
3
|
+
export type { PublicAccessConfig as PublicAccessConfigZod, PublicAccessConfigInput, LocalSigningConfig as LocalSigningConfigZod, LocalSigningConfigInput, ProviderConfig as ProviderConfigZod, ProviderConfigInput, RemoteProviderConfig as RemoteProviderConfigZod, RemoteProviderConfigInput, TokenStorageConfig as TokenStorageConfigZod, TokenStorageConfigInput, TokenRefreshConfig as TokenRefreshConfigZod, TokenRefreshConfigInput, SkippedAppBehavior as SkippedAppBehaviorZod, ConsentConfig as ConsentConfigZod, ConsentConfigInput, FederatedAuthConfig as FederatedAuthConfigZod, FederatedAuthConfigInput, IncrementalAuthConfig as IncrementalAuthConfigZod, IncrementalAuthConfigInput, RedisConfig, } from './shared.schemas';
|
|
4
4
|
export { publicAuthOptionsSchema } from './public.schema';
|
|
5
5
|
export type { PublicAuthOptions, PublicAuthOptionsInput } from './public.schema';
|
|
6
6
|
export { transparentAuthOptionsSchema } from './transparent.schema';
|
|
7
7
|
export type { TransparentAuthOptions, TransparentAuthOptionsInput } from './transparent.schema';
|
|
8
|
-
export { orchestratedLocalSchema, orchestratedRemoteSchema,
|
|
9
|
-
export type { OrchestratedLocalOptions, OrchestratedLocalOptionsInput, OrchestratedRemoteOptions, OrchestratedRemoteOptionsInput, OrchestratedAuthOptions, OrchestratedAuthOptionsInput,
|
|
8
|
+
export { localAuthSchema, remoteAuthSchema, orchestratedLocalSchema, orchestratedRemoteSchema, } from './orchestrated.schema';
|
|
9
|
+
export type { LocalAuthOptions, LocalAuthOptionsInput, RemoteAuthOptions, RemoteAuthOptionsInput, LocalOrRemoteAuthOptions, LocalOrRemoteAuthOptionsInput, OrchestratedLocalOptions, OrchestratedLocalOptionsInput, OrchestratedRemoteOptions, OrchestratedRemoteOptionsInput, OrchestratedAuthOptions, OrchestratedAuthOptionsInput, } from './orchestrated.schema';
|
|
10
10
|
export { authOptionsSchema } from './schema';
|
|
11
11
|
export type { AuthOptions, AuthOptionsInput, AuthMode as AuthModeZod } from './schema';
|
|
12
12
|
export { appAuthOptionsSchema } from './app-auth.schema';
|
|
13
13
|
export type { AppAuthOptions, AppAuthOptionsInput } from './app-auth.schema';
|
|
14
|
-
export { parseAuthOptions, isPublicMode, isTransparentMode, isOrchestratedMode, isOrchestratedLocal, isOrchestratedRemote, allowsPublicAccess, } from './utils';
|
|
14
|
+
export { parseAuthOptions, isPublicMode, isTransparentMode, isLocalMode, isRemoteMode, isOrchestratedMode, isOrchestratedLocal, isOrchestratedRemote, allowsPublicAccess, } from './utils';
|
|
15
15
|
//# sourceMappingURL=index.d.ts.map
|
package/options/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/options/index.ts"],"names":[],"mappings":"AAMA,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/options/index.ts"],"names":[],"mappings":"AAMA,YAAY,EACV,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,aAAa,EACb,mBAAmB,EACnB,qBAAqB,EACrB,0BAA0B,EAC1B,+BAA+B,EAC/B,yBAAyB,EACzB,0BAA0B,EAC1B,iCAAiC,EACjC,oBAAoB,EACpB,QAAQ,EAER,iCAAiC,EACjC,kCAAkC,EAClC,gCAAgC,EAChC,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAKtB,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,oBAAoB,EACpB,0BAA0B,EAC1B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,yBAAyB,EACzB,2BAA2B,GAC5B,MAAM,kBAAkB,CAAC;AAE1B,YAAY,EACV,kBAAkB,IAAI,qBAAqB,EAC3C,uBAAuB,EACvB,kBAAkB,IAAI,qBAAqB,EAC3C,uBAAuB,EACvB,cAAc,IAAI,iBAAiB,EACnC,mBAAmB,EACnB,oBAAoB,IAAI,uBAAuB,EAC/C,yBAAyB,EACzB,kBAAkB,IAAI,qBAAqB,EAC3C,uBAAuB,EACvB,kBAAkB,IAAI,qBAAqB,EAC3C,uBAAuB,EACvB,kBAAkB,IAAI,qBAAqB,EAC3C,aAAa,IAAI,gBAAgB,EACjC,kBAAkB,EAClB,mBAAmB,IAAI,sBAAsB,EAC7C,wBAAwB,EACxB,qBAAqB,IAAI,wBAAwB,EACjD,0BAA0B,EAC1B,WAAW,GACZ,MAAM,kBAAkB,CAAC;AAK1B,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAKjF,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EAAE,sBAAsB,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AAKhG,OAAO,EACL,eAAe,EACf,gBAAgB,EAEhB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EACV,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,wBAAwB,EACxB,6BAA6B,EAE7B,wBAAwB,EACxB,6BAA6B,EAC7B,yBAAyB,EACzB,8BAA8B,EAC9B,uBAAuB,EACvB,4BAA4B,GAC7B,MAAM,uBAAuB,CAAC;AAK/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,QAAQ,IAAI,WAAW,EAAE,MAAM,UAAU,CAAC;AAKvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAK7E,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,SAAS,CAAC"}
|
package/options/interfaces.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { JSONWebKeySet, JWK } from '../common/jwt.types';
|
|
2
2
|
import type { RedisConfig } from '../session/transport-session.types';
|
|
3
|
+
import type { CimdConfigInput } from '../cimd';
|
|
3
4
|
/**
|
|
4
5
|
* Public access configuration for tools/prompts
|
|
5
6
|
*/
|
|
@@ -21,11 +22,11 @@ export interface PublicAccessConfig {
|
|
|
21
22
|
rateLimit?: number;
|
|
22
23
|
}
|
|
23
24
|
/**
|
|
24
|
-
* Local signing configuration
|
|
25
|
+
* Local signing configuration
|
|
25
26
|
*/
|
|
26
27
|
export interface LocalSigningConfig {
|
|
27
28
|
/**
|
|
28
|
-
* Private key for signing
|
|
29
|
+
* Private key for signing tokens
|
|
29
30
|
* @default auto-generated
|
|
30
31
|
*/
|
|
31
32
|
signKey?: JWK | Uint8Array;
|
|
@@ -35,13 +36,45 @@ export interface LocalSigningConfig {
|
|
|
35
36
|
*/
|
|
36
37
|
jwks?: JSONWebKeySet;
|
|
37
38
|
/**
|
|
38
|
-
* Issuer identifier for
|
|
39
|
+
* Issuer identifier for tokens
|
|
39
40
|
* @default auto-derived from server URL
|
|
40
41
|
*/
|
|
41
42
|
issuer?: string;
|
|
42
43
|
}
|
|
43
44
|
/**
|
|
44
|
-
*
|
|
45
|
+
* Advanced provider configuration (optional sub-object)
|
|
46
|
+
*/
|
|
47
|
+
export interface ProviderConfig {
|
|
48
|
+
/** Provider display name */
|
|
49
|
+
name?: string;
|
|
50
|
+
/**
|
|
51
|
+
* Unique identifier for this provider
|
|
52
|
+
* @default derived from provider URL
|
|
53
|
+
*/
|
|
54
|
+
id?: string;
|
|
55
|
+
/**
|
|
56
|
+
* Inline JWKS for offline token verification
|
|
57
|
+
* Falls back to fetching from provider's /.well-known/jwks.json
|
|
58
|
+
*/
|
|
59
|
+
jwks?: JSONWebKeySet;
|
|
60
|
+
/** Custom JWKS URI if not at standard path */
|
|
61
|
+
jwksUri?: string;
|
|
62
|
+
/**
|
|
63
|
+
* Enable Dynamic Client Registration (DCR)
|
|
64
|
+
* @default false
|
|
65
|
+
*/
|
|
66
|
+
dcrEnabled?: boolean;
|
|
67
|
+
/** Authorization endpoint override */
|
|
68
|
+
authEndpoint?: string;
|
|
69
|
+
/** Token endpoint override */
|
|
70
|
+
tokenEndpoint?: string;
|
|
71
|
+
/** Registration endpoint override (for DCR) */
|
|
72
|
+
registrationEndpoint?: string;
|
|
73
|
+
/** User info endpoint override */
|
|
74
|
+
userInfoEndpoint?: string;
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Remote OAuth provider configuration (legacy full shape, kept for internal use)
|
|
45
78
|
*/
|
|
46
79
|
export interface RemoteProviderConfig {
|
|
47
80
|
/**
|
|
@@ -63,9 +96,9 @@ export interface RemoteProviderConfig {
|
|
|
63
96
|
jwks?: JSONWebKeySet;
|
|
64
97
|
/** Custom JWKS URI if not at standard path */
|
|
65
98
|
jwksUri?: string;
|
|
66
|
-
/** Client ID for this MCP server
|
|
99
|
+
/** Client ID for this MCP server */
|
|
67
100
|
clientId?: string;
|
|
68
|
-
/** Client secret (for confidential clients
|
|
101
|
+
/** Client secret (for confidential clients) */
|
|
69
102
|
clientSecret?: string;
|
|
70
103
|
/** Scopes to request from the upstream provider */
|
|
71
104
|
scopes?: string[];
|
|
@@ -84,22 +117,14 @@ export interface RemoteProviderConfig {
|
|
|
84
117
|
userInfoEndpoint?: string;
|
|
85
118
|
}
|
|
86
119
|
/**
|
|
87
|
-
* Token storage
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
}
|
|
92
|
-
/**
|
|
93
|
-
* Token storage - Redis
|
|
120
|
+
* Token storage configuration (simplified, BC-030)
|
|
121
|
+
*
|
|
122
|
+
* Either the string 'memory' for in-memory storage,
|
|
123
|
+
* or an object { redis: RedisConfig } for Redis storage.
|
|
94
124
|
*/
|
|
95
|
-
export
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
}
|
|
99
|
-
/**
|
|
100
|
-
* Token storage configuration for orchestrated mode
|
|
101
|
-
*/
|
|
102
|
-
export type TokenStorageConfig = TokenStorageMemory | TokenStorageRedis;
|
|
125
|
+
export type TokenStorageConfig = 'memory' | {
|
|
126
|
+
redis: RedisConfig;
|
|
127
|
+
};
|
|
103
128
|
/**
|
|
104
129
|
* Token refresh configuration
|
|
105
130
|
*/
|
|
@@ -207,16 +232,19 @@ export interface PublicAuthOptionsInterface {
|
|
|
207
232
|
}
|
|
208
233
|
export interface TransparentAuthOptionsInterface {
|
|
209
234
|
mode: 'transparent';
|
|
210
|
-
|
|
235
|
+
provider: string;
|
|
236
|
+
clientId?: string;
|
|
237
|
+
clientSecret?: string;
|
|
238
|
+
scopes?: string[];
|
|
239
|
+
providerConfig?: ProviderConfig;
|
|
211
240
|
expectedAudience?: string | string[];
|
|
212
241
|
requiredScopes?: string[];
|
|
213
242
|
allowAnonymous?: boolean;
|
|
214
243
|
anonymousScopes?: string[];
|
|
215
244
|
publicAccess?: PublicAccessConfig;
|
|
216
245
|
}
|
|
217
|
-
export interface
|
|
218
|
-
mode: '
|
|
219
|
-
type: 'local';
|
|
246
|
+
export interface LocalAuthOptionsInterface {
|
|
247
|
+
mode: 'local';
|
|
220
248
|
local?: LocalSigningConfig;
|
|
221
249
|
tokenStorage?: TokenStorageConfig;
|
|
222
250
|
allowDefaultPublic?: boolean;
|
|
@@ -227,11 +255,15 @@ export interface OrchestratedLocalOptionsInterface {
|
|
|
227
255
|
refresh?: TokenRefreshConfig;
|
|
228
256
|
expectedAudience?: string | string[];
|
|
229
257
|
incrementalAuth?: IncrementalAuthConfig;
|
|
258
|
+
cimd?: CimdConfigInput;
|
|
230
259
|
}
|
|
231
|
-
export interface
|
|
232
|
-
mode: '
|
|
233
|
-
|
|
234
|
-
|
|
260
|
+
export interface RemoteAuthOptionsInterface {
|
|
261
|
+
mode: 'remote';
|
|
262
|
+
provider: string;
|
|
263
|
+
clientId?: string;
|
|
264
|
+
clientSecret?: string;
|
|
265
|
+
scopes?: string[];
|
|
266
|
+
providerConfig?: ProviderConfig;
|
|
235
267
|
local?: LocalSigningConfig;
|
|
236
268
|
tokenStorage?: TokenStorageConfig;
|
|
237
269
|
allowDefaultPublic?: boolean;
|
|
@@ -242,9 +274,17 @@ export interface OrchestratedRemoteOptionsInterface {
|
|
|
242
274
|
refresh?: TokenRefreshConfig;
|
|
243
275
|
expectedAudience?: string | string[];
|
|
244
276
|
incrementalAuth?: IncrementalAuthConfig;
|
|
277
|
+
cimd?: CimdConfigInput;
|
|
245
278
|
}
|
|
246
|
-
export type AuthOptionsInterface = PublicAuthOptionsInterface | TransparentAuthOptionsInterface |
|
|
247
|
-
export type
|
|
248
|
-
export type AuthMode = 'public' | 'transparent' | '
|
|
279
|
+
export type AuthOptionsInterface = PublicAuthOptionsInterface | TransparentAuthOptionsInterface | LocalAuthOptionsInterface | RemoteAuthOptionsInterface;
|
|
280
|
+
export type LocalOrRemoteAuthOptionsInterface = LocalAuthOptionsInterface | RemoteAuthOptionsInterface;
|
|
281
|
+
export type AuthMode = 'public' | 'transparent' | 'local' | 'remote';
|
|
282
|
+
/** @deprecated Use LocalAuthOptionsInterface */
|
|
283
|
+
export type OrchestratedLocalOptionsInterface = LocalAuthOptionsInterface;
|
|
284
|
+
/** @deprecated Use RemoteAuthOptionsInterface */
|
|
285
|
+
export type OrchestratedRemoteOptionsInterface = RemoteAuthOptionsInterface;
|
|
286
|
+
/** @deprecated Use LocalOrRemoteAuthOptionsInterface */
|
|
287
|
+
export type OrchestratedAuthOptionsInterface = LocalOrRemoteAuthOptionsInterface;
|
|
288
|
+
/** @deprecated Removed - modes are now 'local' | 'remote' */
|
|
249
289
|
export type OrchestratedType = 'local' | 'remote';
|
|
250
290
|
//# sourceMappingURL=interfaces.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/options/interfaces.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"interfaces.d.ts","sourceRoot":"","sources":["../../src/options/interfaces.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAM/C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAC;IAEzB;;;OAGG;IACH,OAAO,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAC;IAE3B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,OAAO,CAAC,EAAE,GAAG,GAAG,UAAU,CAAC;IAE3B;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,CAAC;IAErB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,CAAC;IAErB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,8BAA8B;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,kCAAkC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB,4BAA4B;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,EAAE,CAAC,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,CAAC;IAErB,8CAA8C;IAC9C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,8BAA8B;IAC9B,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+CAA+C;IAC/C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAE9B,kCAAkC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG,QAAQ,GAAG;IAAE,KAAK,EAAE,WAAW,CAAA;CAAE,CAAC;AAEnE;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,cAAc,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAE3B,gDAAgD;IAChD,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B,uDAAuD;IACvD,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB,wDAAwD;IACxD,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;;OAIG;IACH,eAAe,EAAE,QAAQ,GAAG,QAAQ,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IAExC;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAMD,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,QAAQ,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,IAAI,CAAC,EAAE,aAAa,CAAC;IACrB,OAAO,CAAC,EAAE,GAAG,GAAG,UAAU,CAAC;CAC5B;AAED,MAAM,WAAW,+BAA+B;IAC9C,IAAI,EAAE,aAAa,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,gBAAgB,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACrC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;CACnC;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACrC,eAAe,CAAC,EAAE,qBAAqB,CAAC;IACxC,IAAI,CAAC,EAAE,eAAe,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,QAAQ,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAClC,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,mBAAmB,CAAC;IACpC,OAAO,CAAC,EAAE,kBAAkB,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACrC,eAAe,CAAC,EAAE,qBAAqB,CAAC;IACxC,IAAI,CAAC,EAAE,eAAe,CAAC;CACxB;AAMD,MAAM,MAAM,oBAAoB,GAC5B,0BAA0B,GAC1B,+BAA+B,GAC/B,yBAAyB,GACzB,0BAA0B,CAAC;AAE/B,MAAM,MAAM,iCAAiC,GAAG,yBAAyB,GAAG,0BAA0B,CAAC;AAEvG,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,aAAa,GAAG,OAAO,GAAG,QAAQ,CAAC;AAMrE,gDAAgD;AAChD,MAAM,MAAM,iCAAiC,GAAG,yBAAyB,CAAC;AAC1E,iDAAiD;AACjD,MAAM,MAAM,kCAAkC,GAAG,0BAA0B,CAAC;AAC5E,wDAAwD;AACxD,MAAM,MAAM,gCAAgC,GAAG,iCAAiC,CAAC;AACjF,6DAA6D;AAC7D,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,QAAQ,CAAC"}
|